br0tkasten/ansible-role-gravcms
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix: update settings for new grav and php82

Browse Source
This commit is contained in:
arne 2025-03-23 11:50:38 +01:00
parent 1ae0700a8c
commit 572a5ab0d0
5 changed files with 71 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
files/lighttpd-grav.conf
View File

@ -1,39 +1,40 @@
##PREVENTING EXPLOITS server.modules += ( "mod_redirect" )
#$HTTP["querystring"] =~ "base64_encode[^(]*\([^)]*\)" {
# url.redirect = (".*" => "/index.php" ) #PREVENTING EXPLOITS
#} $HTTP["querystring"] =~ "base64_encode[^(]*\([^)]*\)" {
#$HTTP["querystring"] =~ "(<|%3C)([^s]*s)+cript.*(>|%3E)" { url.redirect = (".*" => "/index.php" )
# url.redirect = (".*" => "/index.php" ) }
#} $HTTP["querystring"] =~ "(<|%3C)([^s]*s)+cript.*(>|%3E)" {
#$HTTP["querystring"] =~ "GLOBALS(=|\[|\%[0-9A-Z])" { url.redirect = (".*" => "/index.php" )
# url.redirect = (".*" => "/index.php" ) }
#} $HTTP["querystring"] =~ "GLOBALS(=|\[|\%[0-9A-Z])" {
#$HTTP["querystring"] =~ "_REQUEST(=|\[|\%[0-9A-Z])" { url.redirect = (".*" => "/index.php" )
# url.redirect = (".*" => "/index.php" ) }
#} $HTTP["querystring"] =~ "_REQUEST(=|\[|\%[0-9A-Z])" {
url.redirect = (".*" => "/index.php" )
}
#REROUTING TO THE INDEX PAGE #REROUTING TO THE INDEX PAGE
url.rewrite-if-not-file = ( url.rewrite-if-not-file = (
"^/(.*)$" => "/index.php/$1" "^/(.*)$" => "/index.php?$1"
) )
##IMPROVING SECURITY #IMPROVING SECURITY
#$HTTP["url"] =~ "^/(LICENSE.txt|composer.json|composer.lock|nginx.conf|web.config)$" { $HTTP["url"] =~ "^/(LICENSE\.txt|composer\.json|composer\.lock|nginx\.conf|web\.config)$" {
# url.access-deny = ("") url.access-deny = ("")
#} }
#$HTTP["url"] =~ "^/(.git|cache|bin|logs|backup|tests)/(.*)" { $HTTP["url"] =~ "^/(\.git|cache|bin|logs|backup|tests)/(.*)" {
# url.access-deny = ("") url.access-deny = ("")
#} }
#$HTTP["url"] =~ "^/(system|user|vendor)/(.*)\.(txt|md|html|yaml|php|twig|sh|bat)$" { $HTTP["url"] =~ "^/(system|user|vendor)/(.*)\.(txt|md|html|htm|shtml|shtm|json|yaml|yml|php|php2|php3|php4|php5|phar|phtml|twig|sh|bat)$" {
# url.access-deny = ("") url.access-deny = ("")
#} }
#$HTTP["url"] =~ "^/(\.(.*))" { $HTTP["url"] =~ "^/(\.(.*))" {
# url.access-deny = ("") url.access-deny = ("")
#} }
#url.access-deny = (".md","~",".inc") url.access-deny += (".md","~",".inc")
#PREVENT BROWSING AND SET INDEXES #PREVENT BROWSING AND SET INDEXES
$HTTP["url"] =~ "^/($|/)" { $HTTP["url"] =~ "^/grav_path($|/)" {
dir-listing.activate = "disable"
index-file.names = ( "index.php", "index.html" , "index.htm" ) index-file.names = ( "index.php", "index.html" , "index.htm" )
} }

2
files/lighttpd-php-cgi.conf
View File

@ -3,7 +3,7 @@ fastcgi.server = ( ".php" =>
( "localhost" => ( "localhost" =>
( (
"socket" => "/run/lighttpd/lighttpd-fastcgi-php-" + PID + ".socket", "socket" => "/run/lighttpd/lighttpd-fastcgi-php-" + PID + ".socket",
"bin-path" => "/usr/bin/php-cgi" "bin-path" => "/usr/bin/php-cgi82"
) )
) )
) )

7
files/update-grav Normal file
View File

@ -0,0 +1,7 @@
#!/bin/ash
HTDOC="/var/www/localhost/htdocs"
cd $HTDOC
sudo -u lighttpd ./bin/gpm selfupgrade -q -n -y
sudo -u lighttpd ./bin/gpm update -q -n -y

26
tasks/main.yml
View File

@ -1,17 +1,19 @@
--- ---
- name: install packages - name: install packages
apk: "name={{ item }} state=latest" apk:
with_items: "{{ install_packages }}" name: "{{ install_packages }}"
state: latest
# with_items: "{{ install_packages }}"
- name: symlink /usr/bin/php - name: symlink /usr/bin/php
file: file:
src: /usr/bin/php7 src: /usr/bin/php82
dest: /usr/bin/php dest: /usr/bin/php
state: link state: link
- name: download grav - name: download grav
get_url: get_url:
url: https://getgrav.org/download/core/grav-admin/1.7.12 url: https://getgrav.org/download/core/grav-admin/1.7.48
dest: /var/www/localhost/grav-cms.zip dest: /var/www/localhost/grav-cms.zip
- name: extract grav - name: extract grav
@ -49,15 +51,13 @@
src: lighttpd-php-cgi.conf src: lighttpd-php-cgi.conf
dest: /etc/lighttpd/php-cgi.conf dest: /etc/lighttpd/php-cgi.conf
- name: add php-cgi.conf to lighttpd config - name: add update scripts
lineinfile: copy:
path: /etc/lighttpd/lighttpd.conf src: update-grav
line: 'include "php-cgi.conf"' dest: /etc/periodic/daily/update-grav
owner: root
- name: add grav.conf to lighttpd config group: root
lineinfile: mode: 0750
path: /etc/lighttpd/lighttpd.conf
line: 'include "grav.conf"'
- name: restart lighttpd - name: restart lighttpd
service: service:

36
vars/main.yml
View File

@ -1,21 +1,23 @@
--- ---
install_packages: install_packages:
- unzip - unzip
- php7
- php7-cgi
- php7-dom
- php7-gd
- php7-curl
- php7-openssl
- php7-zip
- php7-xml
- php7-apcu
- php7-opcache
- php7-ctype
- php7-json
- php7-phar
- php7-mbstring
- php7-session
- yaml - yaml
- php7-simplexml - sudo
- php7-pecl-redis - php82
- php82-apcu
- php82-cgi
- php82-curl
- php82-ctype
- php82-dom
- php82-gd
- php82-intl
- php82-json
- php82-mbstring
- php82-opcache
- php82-openssl
- php82-pecl-redis
- php82-phar
- php82-session
- php82-simplexml
- php82-xml
- php82-zip