mirror of
https://github.com/bunkerity/bunkerized-nginx
synced 2023-12-13 21:30:18 +01:00
FPM Linux/Ansible Doc
This commit is contained in:
parent
4d61e96e47
commit
eca010231c
1 changed files with 455 additions and 75 deletions
|
@ -1822,53 +1822,178 @@ The following settings can be used :
|
||||||
|
|
||||||
We will assume that you already have the [Linux integration](/1.4/integrations/#linux) stack running on your machine.
|
We will assume that you already have the [Linux integration](/1.4/integrations/#linux) stack running on your machine.
|
||||||
|
|
||||||
You have to install php-fpm
|
|
||||||
```shell
|
|
||||||
apt install php-fpm
|
|
||||||
```
|
|
||||||
|
|
||||||
Configuration of BunkerWeb is done by editing the `/opt/bunkerweb/variables.env` file :
|
Configuration of BunkerWeb is done by editing the `/opt/bunkerweb/variables.env` file :
|
||||||
```conf
|
Depanding of your system, you may need to change ```LOCAL_PHP_PATH```.
|
||||||
SERVER_NAME=www.example.com
|
|
||||||
HTTP_PORT=80
|
=== "Ubuntu"
|
||||||
HTTPS_PORT=443
|
```conf
|
||||||
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
SERVER_NAME=www.example.com
|
||||||
USE_REVERSE_PROXY=yes
|
HTTP_PORT=80
|
||||||
REVERSE_PROXY_URL=/
|
HTTPS_PORT=443
|
||||||
REVERSE_PROXY_HOST=http://127.0.0.1:8000
|
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||||
```
|
DISABLE_DEFAULT_SERVER=no
|
||||||
|
USE_CLIENT_CACHE=yes
|
||||||
|
USE_GZIP=yes
|
||||||
|
LOCAL_PHP=/run/php/php-fpm.sock
|
||||||
|
LOCAL_PHP_PATH=/opt/bunkerweb/www/
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "Debian"
|
||||||
|
```conf
|
||||||
|
SERVER_NAME=www.example.com
|
||||||
|
HTTP_PORT=80
|
||||||
|
HTTPS_PORT=443
|
||||||
|
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||||
|
DISABLE_DEFAULT_SERVER=no
|
||||||
|
USE_CLIENT_CACHE=yes
|
||||||
|
USE_GZIP=yes
|
||||||
|
LOCAL_PHP=/run/php/php-fpm.sock
|
||||||
|
LOCAL_PHP_PATH=/opt/bunkerweb/www/
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "CentOs"
|
||||||
|
```conf
|
||||||
|
SERVER_NAME=www.example.com
|
||||||
|
HTTP_PORT=80
|
||||||
|
HTTPS_PORT=443
|
||||||
|
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||||
|
DISABLE_DEFAULT_SERVER=no
|
||||||
|
USE_CLIENT_CACHE=yes
|
||||||
|
USE_GZIP=yes
|
||||||
|
LOCAL_PHP=/run/php-fpm/www.sock
|
||||||
|
LOCAL_PHP_PATH=/opt/bunkerweb/www/
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "Fedora"
|
||||||
|
```conf
|
||||||
|
SERVER_NAME=www.example.com
|
||||||
|
HTTP_PORT=80
|
||||||
|
HTTPS_PORT=443
|
||||||
|
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||||
|
DISABLE_DEFAULT_SERVER=no
|
||||||
|
USE_CLIENT_CACHE=yes
|
||||||
|
USE_GZIP=yes
|
||||||
|
LOCAL_PHP=/run/php-fpm/www.sock
|
||||||
|
LOCAL_PHP_PATH=/opt/bunkerweb/www/
|
||||||
|
```
|
||||||
|
|
||||||
Let's check the status of BunkerWeb :
|
Let's check the status of BunkerWeb :
|
||||||
```shell
|
```shell
|
||||||
systemctl status bunkerweb
|
systemctl status bunkerweb
|
||||||
```
|
```
|
||||||
|
|
||||||
If it's already running we can just reload it :
|
If it's already running we can just reload it :
|
||||||
```shell
|
```shell
|
||||||
systemctl reload bunkerweb
|
systemctl reload bunkerweb
|
||||||
```
|
```
|
||||||
|
|
||||||
Otherwise, we will need to start it :
|
Then you will have to install php-fpm
|
||||||
```shell
|
```shell
|
||||||
systemctl start bunkerweb
|
apt install php-fpm
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Depending on your system, the configuration of the php-fpm service may change:
|
||||||
|
=== "Ubuntu"
|
||||||
|
By default, the user and the group of the php-fpm service is "www-data".
|
||||||
|
```conf
|
||||||
|
[www]
|
||||||
|
user = nginx
|
||||||
|
group = nginx
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "Debian"
|
||||||
|
By default, the user and the group of the php-fpm service is "www-data".
|
||||||
|
```conf
|
||||||
|
[www]
|
||||||
|
user = nginx
|
||||||
|
group = nginx
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "CentOs"
|
||||||
|
By default, the user and the group of the php-fpm service is "apache".
|
||||||
|
```conf
|
||||||
|
[www]
|
||||||
|
user = nginx
|
||||||
|
group = nginx
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "Fedora"
|
||||||
|
By default, the user and the group of the php-fpm service is "apache".
|
||||||
|
```conf
|
||||||
|
[www]
|
||||||
|
user = nginx
|
||||||
|
group = nginx
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
Reload the php-fpm service :
|
||||||
|
```shell
|
||||||
|
systemctl reload php-fpm
|
||||||
|
```
|
||||||
|
|
||||||
=== "Ansible"
|
=== "Ansible"
|
||||||
|
|
||||||
When the variable `custom_configs` is set to "true" , you could use the
|
You will need to add the settings to your `variables.env` file accordingly to your system :
|
||||||
`custom_configs_path[]` variable to write the configs to the /opt/bunkerweb/configs folder.
|
|
||||||
|
|
||||||
Here is an example for server-http/hello-world.conf :
|
=== "Ubuntu"
|
||||||
```conf
|
```conf
|
||||||
location /hello {
|
SERVER_NAME=www.example.com
|
||||||
default_type 'text/plain';
|
HTTP_PORT=80
|
||||||
content_by_lua_block {
|
HTTPS_PORT=443
|
||||||
ngx.say('world')
|
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||||
}
|
DISABLE_DEFAULT_SERVER=no
|
||||||
}
|
USE_CLIENT_CACHE=yes
|
||||||
```
|
USE_GZIP=yes
|
||||||
|
LOCAL_PHP=/run/php/php-fpm.sock
|
||||||
|
LOCAL_PHP_PATH=/opt/bunkerweb/www/
|
||||||
|
```
|
||||||
|
|
||||||
In your Ansible inventory, you can use the `variables_env` variable to configure BunkerWeb :
|
=== "Debian"
|
||||||
|
```conf
|
||||||
|
SERVER_NAME=www.example.com
|
||||||
|
HTTP_PORT=80
|
||||||
|
HTTPS_PORT=443
|
||||||
|
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||||
|
DISABLE_DEFAULT_SERVER=no
|
||||||
|
USE_CLIENT_CACHE=yes
|
||||||
|
USE_GZIP=yes
|
||||||
|
LOCAL_PHP=/run/php/php-fpm.sock
|
||||||
|
LOCAL_PHP_PATH=/opt/bunkerweb/www/
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "CentOs"
|
||||||
|
```conf
|
||||||
|
SERVER_NAME=www.example.com
|
||||||
|
HTTP_PORT=80
|
||||||
|
HTTPS_PORT=443
|
||||||
|
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||||
|
DISABLE_DEFAULT_SERVER=no
|
||||||
|
USE_CLIENT_CACHE=yes
|
||||||
|
USE_GZIP=yes
|
||||||
|
LOCAL_PHP=/run/php-fpm/www.sock
|
||||||
|
LOCAL_PHP_PATH=/opt/bunkerweb/www/
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "Fedora"
|
||||||
|
```conf
|
||||||
|
SERVER_NAME=www.example.com
|
||||||
|
HTTP_PORT=80
|
||||||
|
HTTPS_PORT=443
|
||||||
|
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||||
|
DISABLE_DEFAULT_SERVER=no
|
||||||
|
USE_CLIENT_CACHE=yes
|
||||||
|
USE_GZIP=yes
|
||||||
|
LOCAL_PHP=/run/php-fpm/www.sock
|
||||||
|
LOCAL_PHP_PATH=/opt/bunkerweb/www/
|
||||||
|
```
|
||||||
|
|
||||||
|
In your Ansible inventory, you can use the `variables_env` variable to configure BunkerWeb and `custom_site` to add your own site configuration :
|
||||||
```yaml
|
```yaml
|
||||||
all:
|
all:
|
||||||
children:
|
children:
|
||||||
|
@ -1876,14 +2001,8 @@ The following settings can be used :
|
||||||
hosts:
|
hosts:
|
||||||
"Your_IP_Address":
|
"Your_IP_Address":
|
||||||
vars:
|
vars:
|
||||||
custom_configs: true
|
variables_env: ../variables.env,
|
||||||
custom_configs_path: {
|
custom_site=../site
|
||||||
server-http: ../hello-world.conf,
|
|
||||||
#http: ../http.conf,
|
|
||||||
#default-server-http: ../default-server-http.conf,
|
|
||||||
#modsec-crs: ../modsec-crs,
|
|
||||||
#modsec: ../modsec
|
|
||||||
}
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Or in INI format :
|
Or in INI format :
|
||||||
|
@ -1892,8 +2011,8 @@ The following settings can be used :
|
||||||
host
|
host
|
||||||
|
|
||||||
[all:vars]
|
[all:vars]
|
||||||
custom_configs=true
|
variables_env = ../variables.env
|
||||||
custom_configs_path={'server-http': '../hello-world.conf', 'http': '../http.conf', 'default-server-http': '../default-server-http.conf', 'modsec-crs': '../modsec-crs', 'modsec': '../modsec'}
|
custom_site = ../site
|
||||||
```
|
```
|
||||||
|
|
||||||
Run the playbook :
|
Run the playbook :
|
||||||
|
@ -1901,6 +2020,57 @@ The following settings can be used :
|
||||||
ansible-playbook -i inventory.yml playbook.yml
|
ansible-playbook -i inventory.yml playbook.yml
|
||||||
```
|
```
|
||||||
|
|
||||||
|
Then you will have to install php-fpm
|
||||||
|
```shell
|
||||||
|
apt install php-fpm
|
||||||
|
```
|
||||||
|
|
||||||
|
Depending on your system, the configuration of the php-fpm service may change:
|
||||||
|
=== "Ubuntu"
|
||||||
|
By default, the user and the group of the php-fpm service is "www-data".
|
||||||
|
```conf
|
||||||
|
[www]
|
||||||
|
user = nginx
|
||||||
|
group = nginx
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "Debian"
|
||||||
|
By default, the user and the group of the php-fpm service is "www-data".
|
||||||
|
```conf
|
||||||
|
[www]
|
||||||
|
user = nginx
|
||||||
|
group = nginx
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "CentOs"
|
||||||
|
By default, the user and the group of the php-fpm service is "apache".
|
||||||
|
```conf
|
||||||
|
[www]
|
||||||
|
user = nginx
|
||||||
|
group = nginx
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "Fedora"
|
||||||
|
By default, the user and the group of the php-fpm service is "apache".
|
||||||
|
```conf
|
||||||
|
[www]
|
||||||
|
user = nginx
|
||||||
|
group = nginx
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
Reload the php-fpm service :
|
||||||
|
```shell
|
||||||
|
systemctl reload php-fpm
|
||||||
|
```
|
||||||
|
|
||||||
### Multiple applications
|
### Multiple applications
|
||||||
|
|
||||||
=== "Docker"
|
=== "Docker"
|
||||||
|
@ -2124,42 +2294,207 @@ The following settings can be used :
|
||||||
|
|
||||||
=== "Linux"
|
=== "Linux"
|
||||||
|
|
||||||
When using the [Linux integration](/1.4/integrations/#linux), custom configurations must be written to the /opt/bunkerweb/configs folder.
|
We will assume that you already have the [Linux integration](/1.4/integrations/#linux) stack running on your machine.
|
||||||
|
|
||||||
Here is an example for server-http/hello-world.conf :
|
If you have multiple services to protect, the easiest way to do it is by enabling the “multisite” mode. When using multisite, bunkerized-nginx will create one server block per server defined in the SERVER_NAME environment variable. You can configure each servers independently by adding the server name as a prefix.
|
||||||
```conf
|
|
||||||
location /hello {
|
|
||||||
default_type 'text/plain';
|
|
||||||
content_by_lua_block {
|
|
||||||
ngx.say('world')
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
Because BunkerWeb runs as an unprivileged user (nginx:nginx), you will need to edit the permissions :
|
=== "Ubuntu"
|
||||||
|
```conf
|
||||||
|
SERVER_NAME=app1.example.com app2.example.com
|
||||||
|
MULTISITE=yes
|
||||||
|
HTTP_PORT=80
|
||||||
|
HTTPS_PORT=443
|
||||||
|
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||||
|
DISABLE_DEFAULT_SERVER=no
|
||||||
|
USE_CLIENT_CACHE=yes
|
||||||
|
USE_GZIP=yes
|
||||||
|
app1.example.com_LOCAL_PHP=/run/php/php-fpm.sock
|
||||||
|
app2.example.com_LOCAL_PHP=/run/php/php-fpm.sock
|
||||||
|
app1.example.com_LOCAL_PHP_PATH=/opt/bunkerweb/www/app1.example.com
|
||||||
|
app2.example.com_LOCAL_PHP_PATH=/opt/bunkerweb/www/app2.example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "Debian"
|
||||||
|
```conf
|
||||||
|
SERVER_NAME=app1.example.com app2.example.com
|
||||||
|
MULTISITE=yes
|
||||||
|
HTTP_PORT=80
|
||||||
|
HTTPS_PORT=443
|
||||||
|
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||||
|
DISABLE_DEFAULT_SERVER=no
|
||||||
|
USE_CLIENT_CACHE=yes
|
||||||
|
USE_GZIP=yes
|
||||||
|
app1.example.com_LOCAL_PHP=/run/php/php-fpm.sock
|
||||||
|
app2.example.com_LOCAL_PHP=/run/php/php-fpm.sock
|
||||||
|
app1.example.com_LOCAL_PHP_PATH=/opt/bunkerweb/www/app1.example.com
|
||||||
|
app2.example.com_LOCAL_PHP_PATH=/opt/bunkerweb/www/app2.example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "CentOs"
|
||||||
|
```conf
|
||||||
|
SERVER_NAME=app1.example.com app2.example.com
|
||||||
|
MULTISITE=yes
|
||||||
|
HTTP_PORT=80
|
||||||
|
HTTPS_PORT=443
|
||||||
|
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||||
|
DISABLE_DEFAULT_SERVER=no
|
||||||
|
USE_CLIENT_CACHE=yes
|
||||||
|
USE_GZIP=yes
|
||||||
|
app1.example.com_LOCAL_PHP=/run/php-fpm/www.sock
|
||||||
|
app2.example.com_LOCAL_PHP=/run/php-fpm/www.sock
|
||||||
|
app1.example.com_LOCAL_PHP_PATH=/opt/bunkerweb/www/app1.example.com
|
||||||
|
app2.example.com_LOCAL_PHP_PATH=/opt/bunkerweb/www/app2.example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "Fedora"
|
||||||
|
```conf
|
||||||
|
SERVER_NAME=app1.example.com app2.example.com
|
||||||
|
MULTISITE=yes
|
||||||
|
HTTP_PORT=80
|
||||||
|
HTTPS_PORT=443
|
||||||
|
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||||
|
DISABLE_DEFAULT_SERVER=no
|
||||||
|
USE_CLIENT_CACHE=yes
|
||||||
|
USE_GZIP=yes
|
||||||
|
app1.example.com_LOCAL_PHP=/run/php-fpm/www.sock
|
||||||
|
app2.example.com_LOCAL_PHP=/run/php-fpm/www.sock
|
||||||
|
app1.example.com_LOCAL_PHP_PATH=/opt/bunkerweb/www/app1.example.com
|
||||||
|
app2.example.com_LOCAL_PHP_PATH=/opt/bunkerweb/www/app2.example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
When using the multisite mode, some special folders must have a specific structure with subfolders named the same as the servers defined in the `SERVER_NAME` environment variable. Let’s take the app2.example.com as an example : if some static files need to be served by nginx, you need to place them under www/app2.example.com.
|
||||||
|
|
||||||
|
Let's check the status of BunkerWeb :
|
||||||
```shell
|
```shell
|
||||||
chown -R root:nginx /opt/bunkerweb/configs && \
|
systemctl status bunkerweb
|
||||||
chmod -R 770 /opt/bunkerweb/configs
|
```
|
||||||
|
If it's already running we can just reload it :
|
||||||
|
```shell
|
||||||
|
systemctl reload bunkerweb
|
||||||
```
|
```
|
||||||
|
|
||||||
Don't forget to reload the bunkerweb service once it's done.
|
Then you will have to install php-fpm
|
||||||
|
```shell
|
||||||
|
apt install php-fpm
|
||||||
|
```
|
||||||
|
|
||||||
|
Depending on your system, the configuration of the php-fpm service may change:
|
||||||
|
=== "Ubuntu"
|
||||||
|
By default, the user and the group of the php-fpm service is "www-data".
|
||||||
|
```conf
|
||||||
|
[www]
|
||||||
|
user = nginx
|
||||||
|
group = nginx
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "Debian"
|
||||||
|
By default, the user and the group of the php-fpm service is "www-data".
|
||||||
|
```conf
|
||||||
|
[www]
|
||||||
|
user = nginx
|
||||||
|
group = nginx
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "CentOs"
|
||||||
|
By default, the user and the group of the php-fpm service is "apache".
|
||||||
|
```conf
|
||||||
|
[www]
|
||||||
|
user = nginx
|
||||||
|
group = nginx
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "Fedora"
|
||||||
|
By default, the user and the group of the php-fpm service is "apache".
|
||||||
|
```conf
|
||||||
|
[www]
|
||||||
|
user = nginx
|
||||||
|
group = nginx
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
Reload the php-fpm service :
|
||||||
|
```shell
|
||||||
|
systemctl reload php-fpm
|
||||||
|
```
|
||||||
|
|
||||||
=== "Ansible"
|
=== "Ansible"
|
||||||
|
|
||||||
When the variable `custom_configs` is set to "true" , you could use the
|
You will need to add the settings to your `variables.env` file accordingly to your system :
|
||||||
`custom_configs_path[]` variable to write the configs to the /opt/bunkerweb/configs folder.
|
|
||||||
|
|
||||||
Here is an example for server-http/hello-world.conf :
|
=== "Ubuntu"
|
||||||
```conf
|
```conf
|
||||||
location /hello {
|
SERVER_NAME=app1.example.com app2.example.com
|
||||||
default_type 'text/plain';
|
MULTISITE=yes
|
||||||
content_by_lua_block {
|
HTTP_PORT=80
|
||||||
ngx.say('world')
|
HTTPS_PORT=443
|
||||||
}
|
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||||
}
|
DISABLE_DEFAULT_SERVER=no
|
||||||
```
|
USE_CLIENT_CACHE=yes
|
||||||
|
USE_GZIP=yes
|
||||||
|
app1.example.com_LOCAL_PHP=/run/php/php-fpm.sock
|
||||||
|
app2.example.com_LOCAL_PHP=/run/php/php-fpm.sock
|
||||||
|
app1.example.com_LOCAL_PHP_PATH=/opt/bunkerweb/www/app1.example.com
|
||||||
|
app2.example.com_LOCAL_PHP_PATH=/opt/bunkerweb/www/app2.example.com
|
||||||
|
```
|
||||||
|
|
||||||
In your Ansible inventory, you can use the `variables_env` variable to configure BunkerWeb :
|
=== "Debian"
|
||||||
|
```conf
|
||||||
|
SERVER_NAME=app1.example.com app2.example.com
|
||||||
|
MULTISITE=yes
|
||||||
|
HTTP_PORT=80
|
||||||
|
HTTPS_PORT=443
|
||||||
|
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||||
|
DISABLE_DEFAULT_SERVER=no
|
||||||
|
USE_CLIENT_CACHE=yes
|
||||||
|
USE_GZIP=yes
|
||||||
|
app1.example.com_LOCAL_PHP=/run/php/php-fpm.sock
|
||||||
|
app2.example.com_LOCAL_PHP=/run/php/php-fpm.sock
|
||||||
|
app1.example.com_LOCAL_PHP_PATH=/opt/bunkerweb/www/app1.example.com
|
||||||
|
app2.example.com_LOCAL_PHP_PATH=/opt/bunkerweb/www/app2.example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "CentOs"
|
||||||
|
```conf
|
||||||
|
SERVER_NAME=app1.example.com app2.example.com
|
||||||
|
MULTISITE=yes
|
||||||
|
HTTP_PORT=80
|
||||||
|
HTTPS_PORT=443
|
||||||
|
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||||
|
DISABLE_DEFAULT_SERVER=no
|
||||||
|
USE_CLIENT_CACHE=yes
|
||||||
|
USE_GZIP=yes
|
||||||
|
app1.example.com_LOCAL_PHP=/run/php-fpm/www.sock
|
||||||
|
app2.example.com_LOCAL_PHP=/run/php-fpm/www.sock
|
||||||
|
app1.example.com_LOCAL_PHP_PATH=/opt/bunkerweb/www/app1.example.com
|
||||||
|
app2.example.com_LOCAL_PHP_PATH=/opt/bunkerweb/www/app2.example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "Fedora"
|
||||||
|
```conf
|
||||||
|
SERVER_NAME=app1.example.com app2.example.com
|
||||||
|
MULTISITE=yes
|
||||||
|
HTTP_PORT=80
|
||||||
|
HTTPS_PORT=443
|
||||||
|
DNS_RESOLVERS=8.8.8.8 8.8.4.4
|
||||||
|
DISABLE_DEFAULT_SERVER=no
|
||||||
|
USE_CLIENT_CACHE=yes
|
||||||
|
USE_GZIP=yes
|
||||||
|
app1.example.com_LOCAL_PHP=/run/php-fpm/www.sock
|
||||||
|
app2.example.com_LOCAL_PHP=/run/php-fpm/www.sock
|
||||||
|
app1.example.com_LOCAL_PHP_PATH=/opt/bunkerweb/www/app1.example.com
|
||||||
|
app2.example.com_LOCAL_PHP_PATH=/opt/bunkerweb/www/app2.example.com
|
||||||
|
```
|
||||||
|
|
||||||
|
When using the multisite mode, some special folders must have a specific structure with subfolders named the same as the servers defined in the `SERVER_NAME` environment variable. Let’s take the app2.example.com as an example : if some static files need to be served by nginx, you need to place them under www/app2.example.com.
|
||||||
|
|
||||||
|
In your Ansible inventory, you can use the `variables_env` variable to configure BunkerWeb and `custom_site` to add your own site configuration :
|
||||||
```yaml
|
```yaml
|
||||||
all:
|
all:
|
||||||
children:
|
children:
|
||||||
|
@ -2167,14 +2502,8 @@ The following settings can be used :
|
||||||
hosts:
|
hosts:
|
||||||
"Your_IP_Address":
|
"Your_IP_Address":
|
||||||
vars:
|
vars:
|
||||||
custom_configs: true
|
variables_env: ../variables.env,
|
||||||
custom_configs_path: {
|
custom_site=../site
|
||||||
server-http: ../hello-world.conf,
|
|
||||||
#http: ../http.conf,
|
|
||||||
#default-server-http: ../default-server-http.conf,
|
|
||||||
#modsec-crs: ../modsec-crs,
|
|
||||||
#modsec: ../modsec
|
|
||||||
}
|
|
||||||
```
|
```
|
||||||
|
|
||||||
Or in INI format :
|
Or in INI format :
|
||||||
|
@ -2183,11 +2512,62 @@ The following settings can be used :
|
||||||
host
|
host
|
||||||
|
|
||||||
[all:vars]
|
[all:vars]
|
||||||
custom_configs=true
|
variables_env = ../variables.env
|
||||||
custom_configs_path={'server-http': '../hello-world.conf', 'http': '../http.conf', 'default-server-http': '../default-server-http.conf', 'modsec-crs': '../modsec-crs', 'modsec': '../modsec'}
|
custom_site = ../site
|
||||||
```
|
```
|
||||||
|
|
||||||
Run the playbook :
|
Run the playbook :
|
||||||
```shell
|
```shell
|
||||||
ansible-playbook -i inventory.yml playbook.yml
|
ansible-playbook -i inventory.yml playbook.yml
|
||||||
|
```
|
||||||
|
|
||||||
|
Then you will have to install php-fpm
|
||||||
|
```shell
|
||||||
|
apt install php-fpm
|
||||||
|
```
|
||||||
|
|
||||||
|
Depending on your system, the configuration of the php-fpm service may change:
|
||||||
|
=== "Ubuntu"
|
||||||
|
By default, the user and the group of the php-fpm service is "www-data".
|
||||||
|
```conf
|
||||||
|
[www]
|
||||||
|
user = nginx
|
||||||
|
group = nginx
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "Debian"
|
||||||
|
By default, the user and the group of the php-fpm service is "www-data".
|
||||||
|
```conf
|
||||||
|
[www]
|
||||||
|
user = nginx
|
||||||
|
group = nginx
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "CentOs"
|
||||||
|
By default, the user and the group of the php-fpm service is "apache".
|
||||||
|
```conf
|
||||||
|
[www]
|
||||||
|
user = nginx
|
||||||
|
group = nginx
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
=== "Fedora"
|
||||||
|
By default, the user and the group of the php-fpm service is "apache".
|
||||||
|
```conf
|
||||||
|
[www]
|
||||||
|
user = nginx
|
||||||
|
group = nginx
|
||||||
|
listen.owner = nginx
|
||||||
|
listen.group = nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
Reload the php-fpm service :
|
||||||
|
```shell
|
||||||
|
systemctl reload php-fpm
|
||||||
```
|
```
|
Loading…
Reference in a new issue