From 50c3a330c3dda321b0e5ce1bb0eed6719d90d17f Mon Sep 17 00:00:00 2001 From: br0tkasten Date: Sat, 16 Mar 2019 19:54:32 +0100 Subject: [PATCH] initial import --- files/lighttpd-grav.conf | 39 +++++++++++++++++++++++ files/lighttpd-php-cgi.conf | 9 ++++++ files/lighttpd.conf | 28 +++++++++++++++++ tasks/main.yml | 63 +++++++++++++++++++++++++++++++++++++ vars/main.yml | 21 +++++++++++++ 5 files changed, 160 insertions(+) create mode 100644 files/lighttpd-grav.conf create mode 100644 files/lighttpd-php-cgi.conf create mode 100644 files/lighttpd.conf create mode 100644 tasks/main.yml create mode 100644 vars/main.yml diff --git a/files/lighttpd-grav.conf b/files/lighttpd-grav.conf new file mode 100644 index 0000000..9ba7b23 --- /dev/null +++ b/files/lighttpd-grav.conf @@ -0,0 +1,39 @@ +##PREVENTING EXPLOITS +#$HTTP["querystring"] =~ "base64_encode[^(]*\([^)]*\)" { +# url.redirect = (".*" => "/index.php" ) +#} +#$HTTP["querystring"] =~ "(<|%3C)([^s]*s)+cript.*(>|%3E)" { +# url.redirect = (".*" => "/index.php" ) +#} +#$HTTP["querystring"] =~ "GLOBALS(=|\[|\%[0-9A-Z])" { +# url.redirect = (".*" => "/index.php" ) +#} +#$HTTP["querystring"] =~ "_REQUEST(=|\[|\%[0-9A-Z])" { +# url.redirect = (".*" => "/index.php" ) +#} + +#REROUTING TO THE INDEX PAGE +url.rewrite-if-not-file = ( + "^/(.*)$" => "/index.php/$1" +) + +##IMPROVING SECURITY +#$HTTP["url"] =~ "^/(LICENSE.txt|composer.json|composer.lock|nginx.conf|web.config)$" { +# url.access-deny = ("") +#} +#$HTTP["url"] =~ "^/(.git|cache|bin|logs|backup|tests)/(.*)" { +# url.access-deny = ("") +#} +#$HTTP["url"] =~ "^/(system|user|vendor)/(.*)\.(txt|md|html|yaml|php|twig|sh|bat)$" { +# url.access-deny = ("") +#} +#$HTTP["url"] =~ "^/(\.(.*))" { +# url.access-deny = ("") +#} +#url.access-deny = (".md","~",".inc") + +#PREVENT BROWSING AND SET INDEXES +$HTTP["url"] =~ "^/($|/)" { + dir-listing.activate = "disable" + index-file.names = ( "index.php", "index.html" , "index.htm" ) +} diff --git a/files/lighttpd-php-cgi.conf b/files/lighttpd-php-cgi.conf new file mode 100644 index 0000000..0da143b --- /dev/null +++ b/files/lighttpd-php-cgi.conf @@ -0,0 +1,9 @@ +server.modules += ("mod_fastcgi") +fastcgi.server = ( ".php" => + ( "localhost" => + ( + "socket" => "/run/lighttpd/lighttpd-fastcgi-php-" + PID + ".socket", + "bin-path" => "/usr/bin/php-cgi" + ) + ) +) diff --git a/files/lighttpd.conf b/files/lighttpd.conf new file mode 100644 index 0000000..449e611 --- /dev/null +++ b/files/lighttpd.conf @@ -0,0 +1,28 @@ +var.basedir = "/var/www/localhost" +var.logdir = "/var/log/lighttpd" +var.statedir = "/var/lib/lighttpd" +server.modules = ( + "mod_rewrite", + "mod_access", + "mod_accesslog" +) + +include "mime-types.conf" +include "php-cgi.conf" +include "grav.conf" + +server.username = "lighttpd" +server.groupname = "lighttpd" + +server.document-root = var.basedir + "/htdocs" +server.pid-file = "/run/lighttpd.pid" +server.errorlog = var.logdir + "/error.log" +server.indexfiles = ("index.php", "index.html", + "index.htm", "default.htm") + +server.follow-symlink = "enable" +static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi") +accesslog.filename = var.logdir + "/access.log" + + +# vim: set ft=conf foldmethod=marker et : diff --git a/tasks/main.yml b/tasks/main.yml new file mode 100644 index 0000000..a044f9d --- /dev/null +++ b/tasks/main.yml @@ -0,0 +1,63 @@ +--- +- name: install packages + apk: "name={{ item }} state=latest" + with_items: "{{ install_packages }}" + +- name: symlink /usr/bin/php + file: + src: /usr/bin/php7 + dest: /usr/bin/php + state: link + +- name: download grav + get_url: + url: https://getgrav.org/download/core/grav-admin/1.5.6 + dest: /var/www/localhost/grav-cms.zip + +- name: extract grav + unarchive: + src: /var/www/localhost/grav-cms.zip + dest: /var/www/localhost + remote_src: yes + owner: lighttpd + group: lighttpd + mode: 0750 + +- name: remove old htdocs + file: + path: /var/www/localhost/htdocs + state: absent + +- name: link to htdocs + file: + src: /var/www/localhost/grav-admin + dest: /var/www/localhost/htdocs + state: link + +- name: install lighttpd config + copy: + src: lighttpd.conf + dest: /etc/lighttpd/lighttpd.conf + +- name: install grav config + copy: + src: lighttpd-grav.conf + dest: /etc/lighttpd/grav.conf + +- name: install php-cgi config + copy: + src: lighttpd-php-cgi.conf + dest: /etc/lighttpd/php-cgi.conf + +- name: add php-cgi.conf to lighttpd config + lineinfile: + path: /etc/lighttpd/lighttpd.conf + line: 'include "php-cgi.conf"' + +- name: add grav.conf to lighttpd config + lineinfile: + path: /etc/lighttpd/lighttpd.conf + line: 'include "grav.conf"' + +- name: restart lighttpd + command: rc-service lighttpd restart diff --git a/vars/main.yml b/vars/main.yml new file mode 100644 index 0000000..461e9eb --- /dev/null +++ b/vars/main.yml @@ -0,0 +1,21 @@ +--- +install_packages: + - unzip + - php7 + - php7-cgi + - php7-dom + - php7-gd + - php7-curl + - php7-openssl + - php7-zip + - php7-xml + - php7-apcu + - php7-opcache + - php7-ctype + - php7-json + - php7-phar + - php7-mbstring + - php7-session + - yaml + - php7-simplexml + - php7-pecl-redis