From f64cadd81fbaebeb8496f3cd9053764fec06a64e Mon Sep 17 00:00:00 2001
From: Patrick Spek <p.spek@tyil.nl>
Date: Mon, 18 Apr 2022 08:53:56 +0200
Subject: Various fixes to make the webserver playbook work

---
 playbooks.d/webserver/share/snippets.d/fcgi.conf  | 27 +++++++++++++++++++++++
 playbooks.d/webserver/share/snippets.d/uwsgi.conf | 20 +++++++++++++++++
 2 files changed, 47 insertions(+)
 create mode 100644 playbooks.d/webserver/share/snippets.d/fcgi.conf
 create mode 100644 playbooks.d/webserver/share/snippets.d/uwsgi.conf

(limited to 'playbooks.d/webserver/share/snippets.d')

diff --git a/playbooks.d/webserver/share/snippets.d/fcgi.conf b/playbooks.d/webserver/share/snippets.d/fcgi.conf
new file mode 100644
index 0000000..bc235bf
--- /dev/null
+++ b/playbooks.d/webserver/share/snippets.d/fcgi.conf
@@ -0,0 +1,27 @@
+fastcgi_param  QUERY_STRING       $query_string;
+fastcgi_param  REQUEST_METHOD     $request_method;
+fastcgi_param  CONTENT_TYPE       $content_type;
+fastcgi_param  CONTENT_LENGTH     $content_length;
+
+fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+fastcgi_param  REQUEST_URI        $request_uri;
+fastcgi_param  DOCUMENT_URI       $document_uri;
+fastcgi_param  DOCUMENT_ROOT      $document_root;
+fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+fastcgi_param  REQUEST_SCHEME     $scheme;
+fastcgi_param  HTTPS              $https if_not_empty;
+
+fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
+
+fastcgi_param  REMOTE_ADDR        $remote_addr;
+fastcgi_param  REMOTE_PORT        $remote_port;
+fastcgi_param  SERVER_ADDR        $server_addr;
+fastcgi_param  SERVER_PORT        $server_port;
+fastcgi_param  SERVER_NAME        $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param  REDIRECT_STATUS    200;
+
+# httpoxy mitigation (https://httpoxy.org/ https://www.nginx.com/blog/?p=41962)
+fastcgi_param  HTTP_PROXY         "";
diff --git a/playbooks.d/webserver/share/snippets.d/uwsgi.conf b/playbooks.d/webserver/share/snippets.d/uwsgi.conf
new file mode 100644
index 0000000..9d67d3d
--- /dev/null
+++ b/playbooks.d/webserver/share/snippets.d/uwsgi.conf
@@ -0,0 +1,20 @@
+
+uwsgi_param  QUERY_STRING       $query_string;
+uwsgi_param  REQUEST_METHOD     $request_method;
+uwsgi_param  CONTENT_TYPE       $content_type;
+uwsgi_param  CONTENT_LENGTH     $content_length;
+
+uwsgi_param  REQUEST_URI        $request_uri;
+uwsgi_param  PATH_INFO          $document_uri;
+uwsgi_param  DOCUMENT_ROOT      $document_root;
+uwsgi_param  SERVER_PROTOCOL    $server_protocol;
+uwsgi_param  REQUEST_SCHEME     $scheme;
+uwsgi_param  HTTPS              $https if_not_empty;
+
+uwsgi_param  REMOTE_ADDR        $remote_addr;
+uwsgi_param  REMOTE_PORT        $remote_port;
+uwsgi_param  SERVER_PORT        $server_port;
+uwsgi_param  SERVER_NAME        $server_name;
+
+# httpoxy mitigation (https://httpoxy.org/ https://www.nginx.com/blog/?p=41962)
+uwsgi_param  HTTP_PROXY         "";
-- 
cgit v1.1