From 7e86de7eea744b112a380e441c09afd05c4642c8 Mon Sep 17 00:00:00 2001 From: Julian Rother Date: Sun, 4 Dec 2022 00:25:08 +0100 Subject: [PATCH 1/9] Add session_gc_maxlifetime php.ini option --- defaults/main.yml | 1 + templates/php-fpm/php.ini.j2 | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 6234341..3888a98 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -78,3 +78,4 @@ phpinidefault: upload_max_filesize: 64M memory_limit: 128M date_timezone: UTC + session_gc_maxlifetime: 1440 diff --git a/templates/php-fpm/php.ini.j2 b/templates/php-fpm/php.ini.j2 index 9430046..7fc9093 100644 --- a/templates/php-fpm/php.ini.j2 +++ b/templates/php-fpm/php.ini.j2 @@ -1422,7 +1422,7 @@ session.gc_divisor = 1000 ; After this number of seconds, stored data will be seen as 'garbage' and ; cleaned up by the garbage collection process. ; http://php.net/session.gc-maxlifetime -session.gc_maxlifetime = 1440 +session.gc_maxlifetime = {{ phpini.session_gc_maxlifetime }} ; NOTE: If you are using the subdirectory option for storing session files ; (see session.save_path above), then garbage collection does *not* From 6c057142a2bfdc8a444da1fdc0c9f5bb1a24974e Mon Sep 17 00:00:00 2001 From: Julian Rother Date: Sun, 4 Dec 2022 01:06:25 +0100 Subject: [PATCH 2/9] Add nginx.php.fpm_process_count option --- README.md | 2 ++ templates/php-fpm/www.conf.j2 | 6 +++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 8c1d5a7..a605126 100644 --- a/README.md +++ b/README.md @@ -151,6 +151,8 @@ data: {} **phpconfig**: ``` +# If set, fpm forks exactly the number of worker processes specified (pm=static, pm.max_children=COUNT) +fpm_process_count: 5 ini: post_max_size: 64M upload_max_filesize: 64M diff --git a/templates/php-fpm/www.conf.j2 b/templates/php-fpm/www.conf.j2 index b9b3411..e16b2ce 100644 --- a/templates/php-fpm/www.conf.j2 +++ b/templates/php-fpm/www.conf.j2 @@ -99,7 +99,11 @@ listen.group = www-data ; pm.process_idle_timeout - The number of seconds after which ; an idle process will be killed. ; Note: This value is mandatory. +{% if nginx.php.fpm_process_count|d(False) %} +pm = static +{% else %} pm = dynamic +{% endif %} ; The number of child processes to be created when pm is set to 'static' and the ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. @@ -110,7 +114,7 @@ pm = dynamic ; forget to tweak pm.* to fit your needs. ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -pm.max_children = 50 +pm.max_children = {{ nginx.php.fpm_process_count|d(50) }} ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' From f69308332ac85002b193c65a8d0dd86e29a56e4a Mon Sep 17 00:00:00 2001 From: Julian Rother Date: Fri, 16 Dec 2022 02:09:38 +0100 Subject: [PATCH 3/9] Add SVG support for php-imagick --- tasks/php-fpm.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tasks/php-fpm.yml b/tasks/php-fpm.yml index 20afac5..9e06655 100644 --- a/tasks/php-fpm.yml +++ b/tasks/php-fpm.yml @@ -8,6 +8,7 @@ - php-ldap - php-gd - php-imagick + - libmagickcore-6.q16-6-extra # SVG support for php-imagick - php-xml - php-mbstring - php-opcache From d641af6347ac264253d234ec1076de6a304907fa Mon Sep 17 00:00:00 2001 From: psy Date: Fri, 30 Dec 2022 12:32:50 +0100 Subject: [PATCH 4/9] log to syslog by default --- defaults/main.yml | 1 + templates/php-fpm/php.ini.j2 | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 3888a98..4cae7d4 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -79,3 +79,4 @@ phpinidefault: memory_limit: 128M date_timezone: UTC session_gc_maxlifetime: 1440 + syslog: true diff --git a/templates/php-fpm/php.ini.j2 b/templates/php-fpm/php.ini.j2 index 7fc9093..8e4d931 100644 --- a/templates/php-fpm/php.ini.j2 +++ b/templates/php-fpm/php.ini.j2 @@ -571,7 +571,9 @@ html_errors = On ; Example: ;error_log = php_errors.log ; Log errors to syslog (Event Log on Windows). -;error_log = syslog +{% if phpini.syslog %} +error_log = syslog +{% endif %} ;windows.show_crt_warning ; Default value: 0 From 128fbc825881b9e150dd1adaedb2072603f9e655 Mon Sep 17 00:00:00 2001 From: psy Date: Mon, 12 Jun 2023 21:45:23 +0200 Subject: [PATCH 5/9] add caching feature --- defaults/main.yml | 6 ++++++ tasks/main.yml | 10 ++++++++++ templates/caches.conf.j2 | 6 ++++++ 3 files changed, 22 insertions(+) create mode 100644 templates/caches.conf.j2 diff --git a/defaults/main.yml b/defaults/main.yml index 4cae7d4..2ddaf20 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -12,6 +12,7 @@ nginx: vhosts: {} streams: {} maps: {} + caches: {} resolver: - 8.8.8.8 - 8.8.4.4 @@ -57,6 +58,11 @@ nginx_streams_defaults: proxy_connect_timeout: "2s" proxy_next_upstream_tries: 2 +nginx_caches_defaults: + keys_zone_size: "10m" + cache_size: "1g" + inactive_time: "10m" + nginx_forcessl_vhost: "https-redirect": listen: diff --git a/tasks/main.yml b/tasks/main.yml index 3f3dd30..043be4c 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -42,6 +42,15 @@ notify: - restart nginx +- name: create cache directories + with_dict: "{{ nginx.caches }}" + file: + path: "/var/cache/nginx/{{ item.key }}" + state: directory + mode: '0755' + owner: www-data + recurse: True + - name: execute ssl template template: src: ssl_files.conf.j2 @@ -58,6 +67,7 @@ - upstreams.conf - proxy.conf - maps.conf + - caches.conf template: src: "{{ item }}.j2" dest: "/etc/nginx/conf.d/{{ item }}" diff --git a/templates/caches.conf.j2 b/templates/caches.conf.j2 new file mode 100644 index 0000000..12dee17 --- /dev/null +++ b/templates/caches.conf.j2 @@ -0,0 +1,6 @@ +{% for cache in nginx.caches %} +{% set c = {}|combine(nginx_caches_defaults, nginx.caches[cache], recursive=True) %} +# {{ cache }} +proxy_cache_path /var/cache/nginx/{{ cache }} levels=1:2 keys_zone={{ cache }}:{{ c.keys_zone_size }} max_size={{ c.cache_size }} inactive={{ c.inactive_time }} use_temp_path=off; + +{% endfor %} \ No newline at end of file From daef88d92f5521bb541a0f6202c9c1b89f3a0a40 Mon Sep 17 00:00:00 2001 From: psy Date: Mon, 12 Jun 2023 21:47:20 +0200 Subject: [PATCH 6/9] update readme --- README.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/README.md b/README.md index a605126..b63f39b 100644 --- a/README.md +++ b/README.md @@ -26,6 +26,9 @@ vhosts: {} # name: *mapsconfig*, see below for definition maps: {} +# name: *cacheconfig*, see below for definition +caches: {} + # force all traffic on ssl, except letsencrypt challenges force_ssl: True @@ -157,3 +160,10 @@ ini: post_max_size: 64M upload_max_filesize: 64M ``` + +**cacheconfig**: +``` +keys_zone_size: "10m" +cache_size: "1g" +inactive_time: "10m" +``` \ No newline at end of file From 040a5e8f5845a8d608d2c5f8e569e542f36a27be Mon Sep 17 00:00:00 2001 From: psy Date: Sun, 16 Jul 2023 17:16:58 +0200 Subject: [PATCH 7/9] add cache config --- README.md | 3 +++ templates/vhost.conf.j2 | 10 ++++++++++ 2 files changed, 13 insertions(+) diff --git a/README.md b/README.md index b63f39b..5683832 100644 --- a/README.md +++ b/README.md @@ -120,6 +120,9 @@ alias: None # Array of custom config strings to add to the vhost config, the ";" is added after every entry custom: [] + +# name of the cache to use, only set if not none +cache: None ``` **authconfig** diff --git a/templates/vhost.conf.j2 b/templates/vhost.conf.j2 index 9b968a8..d11c55c 100644 --- a/templates/vhost.conf.j2 +++ b/templates/vhost.conf.j2 @@ -47,7 +47,17 @@ server { {% if location.backend|d(False) %} proxy_pass {{ location.backend }}; + {% if location.cache|d(False) %} + proxy_cache {{ location.cache }}; + proxy_cache_revalidate on; + proxy_cache_lock on; + proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; + proxy_cache_background_update on; + # for debugging purposes, add the following header + #add_header X-Cache-Status $upstream_cache_status; + {% else %} proxy_buffering off; + {% endif %} # add proxy headers proxy_set_header Host {{ location.host|d(vhost.host) }}; From 2771c35518ba60e7ccf3aa4129a57d4269542f21 Mon Sep 17 00:00:00 2001 From: psy Date: Sun, 16 Jul 2023 20:42:28 +0200 Subject: [PATCH 8/9] set default inactive time to 60 minutes --- defaults/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 2ddaf20..0b79c71 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -61,7 +61,7 @@ nginx_streams_defaults: nginx_caches_defaults: keys_zone_size: "10m" cache_size: "1g" - inactive_time: "10m" + inactive_time: "60m" nginx_forcessl_vhost: "https-redirect": From 48bfecda7e0d10300ed9f070f436bd18aa0f5100 Mon Sep 17 00:00:00 2001 From: psy Date: Sun, 16 Jul 2023 21:02:17 +0200 Subject: [PATCH 9/9] add proxy_cache_key --- templates/vhost.conf.j2 | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/vhost.conf.j2 b/templates/vhost.conf.j2 index d11c55c..0d5614b 100644 --- a/templates/vhost.conf.j2 +++ b/templates/vhost.conf.j2 @@ -53,6 +53,8 @@ server { proxy_cache_lock on; proxy_cache_use_stale error timeout http_500 http_502 http_503 http_504; proxy_cache_background_update on; + # use actual host instead of proxy host for cache key + proxy_cache_key $scheme$host$uri$is_args$args; # for debugging purposes, add the following header #add_header X-Cache-Status $upstream_cache_status; {% else %}