jpp/ansible-roles
1
0
Fork 0
mirror of https://git.lapiole.org/dani/ansible-roles.git synced 2025-07-27 00:05:44 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to 2023-04-13 10:00

Browse Source
This commit is contained in:
Daniel Berteaud
2023-04-13 10:00:14 +02:00
parent 138c0bf3b2
commit 67ff12777e
9 changed files with 31 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
roles/glpi/templates/httpd.conf.j2
View File

@@ -1,10 +1,10 @@
{% if glpi_alias is defined %}
Alias /{{ glpi_alias }} {{ glpi_root_dir }}/web
Alias /{{ glpi_alias }} {{ glpi_root_dir }}/web/public
{% else %}
# No alias defined, create a vhost to access it
{% endif %}
<Directory {{ glpi_root_dir }}/web>
<Directory {{ glpi_root_dir }}/web/public>
AllowOverride All
Options FollowSymLinks
{% if glpi_src_ip is defined %}
@@ -12,18 +12,16 @@ Alias /{{ glpi_alias }} {{ glpi_root_dir }}/web
{% else %}
Require all granted
{% endif %}
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L,QSA]
<FilesMatch \.php$>
# For some (unknown) reason, files at the root like apirest.php won't be handled by the rewrite rule
# So force SCRIPT_NAME here (except for sso.php which is in the public subdir)
ProxyFCGISetEnvIf "reqenv('Request_URI') !~ m/sso\.php$/" SCRIPT_FILENAME "{{ glpi_root_dir }}/web/public/index.php"
SetHandler "proxy:unix:/run/php-fpm/{{ glpi_php_fpm_pool | default('glpi_' + glpi_id | string) }}.sock|fcgi://localhost"
</FilesMatch>
<FilesMatch "(.ansible_version|.git.*|(CONTRIBUTING|SUPPORT|CHANGELOG|COPYING)\.(md|txt))">
Require all denied
</FilesMatch>
</Directory>
{% for dir in [ 'scripts', 'locales', 'config', 'inc', 'vendor', '.github', 'bin' ] %}
<Directory {{ glpi_root_dir }}/web/{{ dir }}>
Require all denied
</Directory>
{% endfor %}

6
roles/glpi/templates/php.conf.j2
View File

@@ -27,10 +27,12 @@ php_admin_value[sys_temp_dir] = {{ glpi_root_dir }}/tmp
php_admin_value[post_max_size] = 100M
php_admin_value[upload_max_filesize] = 100M
php_admin_value[disable_functions] = system, show_source, symlink, exec, dl, shell_exec, passthru, phpinfo, escapeshellarg, escapeshellcmd
php_admin_value[open_basedir] = {{ glpi_root_dir }}:/usr/share/pear/:/usr/share/php/
php_admin_value[max_execution_time] = 60
php_admin_value[open_basedir] = {{ glpi_root_dir }}:/usr/share/pear/:/usr/share/php/:/etc/redhat-release
php_admin_value[max_execution_time] = 600
php_admin_value[max_input_time] = 60
php_admin_value[session.use_trans_sid] = 0
php_admin_flag[allow_url_include] = off
php_admin_flag[allow_url_fopen] = off
php_admin_flag[file_uploads] = on
php_admin_flag[session.cookie_httponly] = on
php_admin_flag[session.auto_start] = off