Beginne Nextcloud-Rolle

templates/nginx_site.j2

@@ -0,0 +1,27 @@
+server {
+        listen 80;
+        server_name {{ nextcloud_domain }};
+        include snippets/letsencrypt.conf;
+        location / { return 301 https://$http_host$request_uri; }
+}
+
+server {
+        server_name {{ nextcloud_domain }};
+        listen 443 ssl http2;
+        ssl_certificate /var/lib/dehydrated/certs/{{ nextcloud_domain }}/fullchain.pem;
+        ssl_certificate_key /var/lib/dehydrated/certs/{{ nextcloud_domain }}/privkey.pem;
+        include /etc/nginx/proxy_params;
+        add_header Referrer-Policy $referrerpolicy;
+        add_header Strict-Transport-Security $sts;
+        add_header X-Content-Type-Options $xcontentoptions;
+        add_header X-XSS-Protection $xxssprotection;
+#        include /etc/nginx/snippets/hpkp.conf;
+
+        location ~ /.well-known/(carddav|caldav) {
+                return 301 $scheme://$host/remote.php/dav;
+        }
+
+        location ~ \.* {
+                proxy_pass http://{{ inventory_hostname }}:80;
+        }
+}

templates/php_fpm_pool.j2

@@ -0,0 +1,46 @@
+[{{ common_name }}]
+;prefix = /path/to/pools/$pool
+user = $pool
+group = www-data
+listen = /run/php/php-fpm-$pool.sock
+;listen.backlog = 65535
+listen.owner =  $pool
+listen.group = www-data
+listen.mode = 0660
+;listen.acl_users =
+;listen.acl_groups =
+listen.allowed_clients = 127.0.0.1
+pm = ondemand
+pm.max_children = 5
+pm.start_servers = 2
+;pm.min_spare_servers = 2
+;pm.max_spare_servers = 5
+pm.process_idle_timeout = 10s;
+pm.max_requests = 100
+;pm.status_path = /status
+;ping.path = /ping
+;ping.response = pong
+;access.log = log/$pool.access.log
+;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
+;slowlog = log/$pool.log.slow
+;request_slowlog_timeout = 0
+;request_terminate_timeout = 0
+;rlimit_files = 1024
+;rlimit_core = 0
+;chroot =
+chdir = /
+;catch_workers_output = yes
+;clear_env = no
+security.limit_extensions = .php .php3 .php4 .php5
+;env[HOSTNAME] = $HOSTNAME
+;env[PATH] = /usr/local/bin:/usr/bin:/bin
+;env[TMP] = /tmp
+;env[TMPDIR] = /tmp
+;env[TEMP] = /tmp
+;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
+;php_flag[display_errors] = off
+;php_admin_value[error_log] = /var/log/fpm-php.www.log
+;php_admin_flag[log_errors] = on
+;php_admin_value[memory_limit] = 32M
+php_admin_value[open_basedir] = {{ nextcloud_install_path }}:/tmp:/dev/urandom:/proc/meminfo:/var/log
+;php_admin_value[disable_functions] = mail,pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_exec,passthru,system,proc_get_status,proc_close,proc_nice,proc_terminate,proc_open,curl_ini,parse_ini_file,show_source,dl,symlink,system_exec,exec,shell_exec,phpinfo