initial import
This commit is contained in:
parent
e046b22d31
commit
50c3a330c3
39
files/lighttpd-grav.conf
Normal file
39
files/lighttpd-grav.conf
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
##PREVENTING EXPLOITS
|
||||||
|
#$HTTP["querystring"] =~ "base64_encode[^(]*\([^)]*\)" {
|
||||||
|
# url.redirect = (".*" => "/index.php" )
|
||||||
|
#}
|
||||||
|
#$HTTP["querystring"] =~ "(<|%3C)([^s]*s)+cript.*(>|%3E)" {
|
||||||
|
# url.redirect = (".*" => "/index.php" )
|
||||||
|
#}
|
||||||
|
#$HTTP["querystring"] =~ "GLOBALS(=|\[|\%[0-9A-Z])" {
|
||||||
|
# url.redirect = (".*" => "/index.php" )
|
||||||
|
#}
|
||||||
|
#$HTTP["querystring"] =~ "_REQUEST(=|\[|\%[0-9A-Z])" {
|
||||||
|
# url.redirect = (".*" => "/index.php" )
|
||||||
|
#}
|
||||||
|
|
||||||
|
#REROUTING TO THE INDEX PAGE
|
||||||
|
url.rewrite-if-not-file = (
|
||||||
|
"^/(.*)$" => "/index.php/$1"
|
||||||
|
)
|
||||||
|
|
||||||
|
##IMPROVING SECURITY
|
||||||
|
#$HTTP["url"] =~ "^/(LICENSE.txt|composer.json|composer.lock|nginx.conf|web.config)$" {
|
||||||
|
# url.access-deny = ("")
|
||||||
|
#}
|
||||||
|
#$HTTP["url"] =~ "^/(.git|cache|bin|logs|backup|tests)/(.*)" {
|
||||||
|
# url.access-deny = ("")
|
||||||
|
#}
|
||||||
|
#$HTTP["url"] =~ "^/(system|user|vendor)/(.*)\.(txt|md|html|yaml|php|twig|sh|bat)$" {
|
||||||
|
# url.access-deny = ("")
|
||||||
|
#}
|
||||||
|
#$HTTP["url"] =~ "^/(\.(.*))" {
|
||||||
|
# url.access-deny = ("")
|
||||||
|
#}
|
||||||
|
#url.access-deny = (".md","~",".inc")
|
||||||
|
|
||||||
|
#PREVENT BROWSING AND SET INDEXES
|
||||||
|
$HTTP["url"] =~ "^/($|/)" {
|
||||||
|
dir-listing.activate = "disable"
|
||||||
|
index-file.names = ( "index.php", "index.html" , "index.htm" )
|
||||||
|
}
|
||||||
9
files/lighttpd-php-cgi.conf
Normal file
9
files/lighttpd-php-cgi.conf
Normal file
@ -0,0 +1,9 @@
|
|||||||
|
server.modules += ("mod_fastcgi")
|
||||||
|
fastcgi.server = ( ".php" =>
|
||||||
|
( "localhost" =>
|
||||||
|
(
|
||||||
|
"socket" => "/run/lighttpd/lighttpd-fastcgi-php-" + PID + ".socket",
|
||||||
|
"bin-path" => "/usr/bin/php-cgi"
|
||||||
|
)
|
||||||
|
)
|
||||||
|
)
|
||||||
28
files/lighttpd.conf
Normal file
28
files/lighttpd.conf
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
var.basedir = "/var/www/localhost"
|
||||||
|
var.logdir = "/var/log/lighttpd"
|
||||||
|
var.statedir = "/var/lib/lighttpd"
|
||||||
|
server.modules = (
|
||||||
|
"mod_rewrite",
|
||||||
|
"mod_access",
|
||||||
|
"mod_accesslog"
|
||||||
|
)
|
||||||
|
|
||||||
|
include "mime-types.conf"
|
||||||
|
include "php-cgi.conf"
|
||||||
|
include "grav.conf"
|
||||||
|
|
||||||
|
server.username = "lighttpd"
|
||||||
|
server.groupname = "lighttpd"
|
||||||
|
|
||||||
|
server.document-root = var.basedir + "/htdocs"
|
||||||
|
server.pid-file = "/run/lighttpd.pid"
|
||||||
|
server.errorlog = var.logdir + "/error.log"
|
||||||
|
server.indexfiles = ("index.php", "index.html",
|
||||||
|
"index.htm", "default.htm")
|
||||||
|
|
||||||
|
server.follow-symlink = "enable"
|
||||||
|
static-file.exclude-extensions = (".php", ".pl", ".cgi", ".fcgi")
|
||||||
|
accesslog.filename = var.logdir + "/access.log"
|
||||||
|
|
||||||
|
|
||||||
|
# vim: set ft=conf foldmethod=marker et :
|
||||||
63
tasks/main.yml
Normal file
63
tasks/main.yml
Normal file
@ -0,0 +1,63 @@
|
|||||||
|
---
|
||||||
|
- name: install packages
|
||||||
|
apk: "name={{ item }} state=latest"
|
||||||
|
with_items: "{{ install_packages }}"
|
||||||
|
|
||||||
|
- name: symlink /usr/bin/php
|
||||||
|
file:
|
||||||
|
src: /usr/bin/php7
|
||||||
|
dest: /usr/bin/php
|
||||||
|
state: link
|
||||||
|
|
||||||
|
- name: download grav
|
||||||
|
get_url:
|
||||||
|
url: https://getgrav.org/download/core/grav-admin/1.5.6
|
||||||
|
dest: /var/www/localhost/grav-cms.zip
|
||||||
|
|
||||||
|
- name: extract grav
|
||||||
|
unarchive:
|
||||||
|
src: /var/www/localhost/grav-cms.zip
|
||||||
|
dest: /var/www/localhost
|
||||||
|
remote_src: yes
|
||||||
|
owner: lighttpd
|
||||||
|
group: lighttpd
|
||||||
|
mode: 0750
|
||||||
|
|
||||||
|
- name: remove old htdocs
|
||||||
|
file:
|
||||||
|
path: /var/www/localhost/htdocs
|
||||||
|
state: absent
|
||||||
|
|
||||||
|
- name: link to htdocs
|
||||||
|
file:
|
||||||
|
src: /var/www/localhost/grav-admin
|
||||||
|
dest: /var/www/localhost/htdocs
|
||||||
|
state: link
|
||||||
|
|
||||||
|
- name: install lighttpd config
|
||||||
|
copy:
|
||||||
|
src: lighttpd.conf
|
||||||
|
dest: /etc/lighttpd/lighttpd.conf
|
||||||
|
|
||||||
|
- name: install grav config
|
||||||
|
copy:
|
||||||
|
src: lighttpd-grav.conf
|
||||||
|
dest: /etc/lighttpd/grav.conf
|
||||||
|
|
||||||
|
- name: install php-cgi config
|
||||||
|
copy:
|
||||||
|
src: lighttpd-php-cgi.conf
|
||||||
|
dest: /etc/lighttpd/php-cgi.conf
|
||||||
|
|
||||||
|
- name: add php-cgi.conf to lighttpd config
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/lighttpd/lighttpd.conf
|
||||||
|
line: 'include "php-cgi.conf"'
|
||||||
|
|
||||||
|
- name: add grav.conf to lighttpd config
|
||||||
|
lineinfile:
|
||||||
|
path: /etc/lighttpd/lighttpd.conf
|
||||||
|
line: 'include "grav.conf"'
|
||||||
|
|
||||||
|
- name: restart lighttpd
|
||||||
|
command: rc-service lighttpd restart
|
||||||
21
vars/main.yml
Normal file
21
vars/main.yml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
---
|
||||||
|
install_packages:
|
||||||
|
- unzip
|
||||||
|
- php7
|
||||||
|
- php7-cgi
|
||||||
|
- php7-dom
|
||||||
|
- php7-gd
|
||||||
|
- php7-curl
|
||||||
|
- php7-openssl
|
||||||
|
- php7-zip
|
||||||
|
- php7-xml
|
||||||
|
- php7-apcu
|
||||||
|
- php7-opcache
|
||||||
|
- php7-ctype
|
||||||
|
- php7-json
|
||||||
|
- php7-phar
|
||||||
|
- php7-mbstring
|
||||||
|
- php7-session
|
||||||
|
- yaml
|
||||||
|
- php7-simplexml
|
||||||
|
- php7-pecl-redis
|
||||||
Loading…
x
Reference in New Issue
Block a user