From f64cadd81fbaebeb8496f3cd9053764fec06a64e Mon Sep 17 00:00:00 2001
From: Patrick Spek
Date: Mon, 18 Apr 2022 08:53:56 +0200
Subject: Various fixes to make the webserver playbook work
---
playbooks.d/webserver/share/snippets.d/fcgi.conf | 27 +++++++++++++++++++++++
playbooks.d/webserver/share/snippets.d/uwsgi.conf | 20 +++++++++++++++++
2 files changed, 47 insertions(+)
create mode 100644 playbooks.d/webserver/share/snippets.d/fcgi.conf
create mode 100644 playbooks.d/webserver/share/snippets.d/uwsgi.conf
(limited to 'playbooks.d/webserver/share/snippets.d')
diff --git a/playbooks.d/webserver/share/snippets.d/fcgi.conf b/playbooks.d/webserver/share/snippets.d/fcgi.conf
new file mode 100644
index 0000000..bc235bf
--- /dev/null
+++ b/playbooks.d/webserver/share/snippets.d/fcgi.conf
@@ -0,0 +1,27 @@
+fastcgi_param QUERY_STRING $query_string;
+fastcgi_param REQUEST_METHOD $request_method;
+fastcgi_param CONTENT_TYPE $content_type;
+fastcgi_param CONTENT_LENGTH $content_length;
+
+fastcgi_param SCRIPT_NAME $fastcgi_script_name;
+fastcgi_param REQUEST_URI $request_uri;
+fastcgi_param DOCUMENT_URI $document_uri;
+fastcgi_param DOCUMENT_ROOT $document_root;
+fastcgi_param SERVER_PROTOCOL $server_protocol;
+fastcgi_param REQUEST_SCHEME $scheme;
+fastcgi_param HTTPS $https if_not_empty;
+
+fastcgi_param GATEWAY_INTERFACE CGI/1.1;
+fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
+
+fastcgi_param REMOTE_ADDR $remote_addr;
+fastcgi_param REMOTE_PORT $remote_port;
+fastcgi_param SERVER_ADDR $server_addr;
+fastcgi_param SERVER_PORT $server_port;
+fastcgi_param SERVER_NAME $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param REDIRECT_STATUS 200;
+
+# httpoxy mitigation (https://httpoxy.org/ https://www.nginx.com/blog/?p=41962)
+fastcgi_param HTTP_PROXY "";
diff --git a/playbooks.d/webserver/share/snippets.d/uwsgi.conf b/playbooks.d/webserver/share/snippets.d/uwsgi.conf
new file mode 100644
index 0000000..9d67d3d
--- /dev/null
+++ b/playbooks.d/webserver/share/snippets.d/uwsgi.conf
@@ -0,0 +1,20 @@
+
+uwsgi_param QUERY_STRING $query_string;
+uwsgi_param REQUEST_METHOD $request_method;
+uwsgi_param CONTENT_TYPE $content_type;
+uwsgi_param CONTENT_LENGTH $content_length;
+
+uwsgi_param REQUEST_URI $request_uri;
+uwsgi_param PATH_INFO $document_uri;
+uwsgi_param DOCUMENT_ROOT $document_root;
+uwsgi_param SERVER_PROTOCOL $server_protocol;
+uwsgi_param REQUEST_SCHEME $scheme;
+uwsgi_param HTTPS $https if_not_empty;
+
+uwsgi_param REMOTE_ADDR $remote_addr;
+uwsgi_param REMOTE_PORT $remote_port;
+uwsgi_param SERVER_PORT $server_port;
+uwsgi_param SERVER_NAME $server_name;
+
+# httpoxy mitigation (https://httpoxy.org/ https://www.nginx.com/blog/?p=41962)
+uwsgi_param HTTP_PROXY "";
--
cgit v1.1