From 8e28bcb0ec8d59be20b9029652247fa20a68ffb6 Mon Sep 17 00:00:00 2001
From: Felix Stupp <felix.stupp@outlook.com>
Date: Fri, 6 Sep 2019 20:23:16 +0200
Subject: [PATCH] Added role nginx/php

---
 roles/nginx/php/defaults/main.yml     |  8 +++++++
 roles/nginx/php/meta/main.yml         | 13 +++++++++++
 roles/nginx/php/tasks/main.yml        | 10 +++++++++
 roles/nginx/php/templates/server.conf | 31 +++++++++++++++++++++++++++
 4 files changed, 62 insertions(+)
 create mode 100644 roles/nginx/php/defaults/main.yml
 create mode 100644 roles/nginx/php/meta/main.yml
 create mode 100644 roles/nginx/php/tasks/main.yml
 create mode 100644 roles/nginx/php/templates/server.conf

diff --git a/roles/nginx/php/defaults/main.yml b/roles/nginx/php/defaults/main.yml
new file mode 100644
index 0000000..383469e
--- /dev/null
+++ b/roles/nginx/php/defaults/main.yml
@@ -0,0 +1,8 @@
+---
+
+# domain: "example.com"
+# system_user: "www-data"
+# src: "/of/php/files"
+# pool_name from nginx/php-pool
+# includes: ...
+# env_vars: ...
diff --git a/roles/nginx/php/meta/main.yml b/roles/nginx/php/meta/main.yml
new file mode 100644
index 0000000..84cd275
--- /dev/null
+++ b/roles/nginx/php/meta/main.yml
@@ -0,0 +1,13 @@
+---
+
+allow_duplicates: yes
+
+dependencies:
+  - role: nginx/application
+  - role: acme/certificate
+    # domain
+  - role: nginx/php-pool
+    # system_user
+    # src
+    # pool_name
+    # includes
diff --git a/roles/nginx/php/tasks/main.yml b/roles/nginx/php/tasks/main.yml
new file mode 100644
index 0000000..eba56f1
--- /dev/null
+++ b/roles/nginx/php/tasks/main.yml
@@ -0,0 +1,10 @@
+---
+
+- name: Configure forward in nginx
+  template:
+    src: server.conf
+    dest: "{{ nginx_sites_directory }}/{{ domain }}"
+    owner: root
+    group: root
+    mode: "u=rw,g=r,o="
+  notify: reload nginx
diff --git a/roles/nginx/php/templates/server.conf b/roles/nginx/php/templates/server.conf
new file mode 100644
index 0000000..6593acf
--- /dev/null
+++ b/roles/nginx/php/templates/server.conf
@@ -0,0 +1,31 @@
+server {
+  listen 443 ssl http2;
+  listen [::]:443 ssl http2;
+  server_name {{ domain }};
+
+  ssl on;
+  ssl_certificate {{ acme_certificate_location }};
+  ssl_certificate_key {{ acme_key_location }};
+
+  include {{ nginx_snippets_directory }}/https;
+  include {{ nginx_snippets_directory }}/global;
+
+  index index.php index.html index.htm index.nginx-debian.html;
+  root {{ src }};
+  fastcgi_hide_header X-Powered-By;
+
+  location ~\.php$ {
+    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+    try_files $uri =404;
+    fastcgi_index index.php;
+    include fastcgi_params;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    fastcgi_param PATH_INFO $fastcgi_path_info;
+    fastcgi_param HTTPS on;
+    fastcgi_param modHeadersAvailable true;
+    fastcgi_param front_controller_active true;
+    fastcgi_pass {{ pool_name }};
+    fastcgi_intercept_errors on;
+    fastcgi_request_buffering off;
+  }
+}