templates/etc-imagemagick-policy.xml

-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE policymap [
-<!ELEMENT policymap (policy)+>
-<!ELEMENT policy (#PCDATA)>
-<!ATTLIST policy domain (delegate|coder|filter|path|resource) #IMPLIED>
-<!ATTLIST policy name CDATA #IMPLIED>
-<!ATTLIST policy rights CDATA #IMPLIED>
-<!ATTLIST policy pattern CDATA #IMPLIED>
-<!ATTLIST policy value CDATA #IMPLIED>
-]>
-<!--
-  Configure ImageMagick policies.
-
-  Domains include system, delegate, coder, filter, path, or resource.
-
-  Rights include none, read, write, and execute.  Use | to combine them,
-  for example: "read | write" to permit read from, or write to, a path.
-
-  Use a glob expression as a pattern.
-
-  Suppose we do not want users to process MPEG video images:
-
-    <policy domain="delegate" rights="none" pattern="mpeg:decode" />
-
-  Here we do not want users reading images from HTTP:
-
-    <policy domain="coder" rights="none" pattern="HTTP" />
-
-  Lets prevent users from executing any image filters:
-
-    <policy domain="filter" rights="none" pattern="*" />
-
-  The /repository file system is restricted to read only.  We use a glob
-  expression to match all paths that start with /repository:
-
-    <policy domain="path" rights="read" pattern="/repository/*" />
-
-  Any large image is cached to disk rather than memory:
-
-    <policy domain="resource" name="area" value="1GB"/>
-
-  Define arguments for the memory, map, area, and disk resources with
-  SI prefixes (.e.g 100MB).  In addition, resource policies are maximums for
-  each instance of ImageMagick (e.g. policy memory limit 1GB, -limit 2GB
-  exceeds policy maximum so memory limit is 1GB).
--->
-<policymap>
-  <!-- <policy domain="system" name="precision" value="6"/> -->
-  <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
-  <!-- <policy domain="resource" name="memory" value="2GiB"/> -->
-  <!-- <policy domain="resource" name="map" value="4GiB"/> -->
-  <!-- <policy domain="resource" name="area" value="1GB"/> -->
-  <!-- <policy domain="resource" name="disk" value="16EB"/> -->
-  <!-- <policy domain="resource" name="file" value="768"/> -->
-  <!-- <policy domain="resource" name="thread" value="4"/> -->
-  <!-- <policy domain="resource" name="throttle" value="0"/> -->
-  <!-- <policy domain="resource" name="time" value="3600"/> -->
-  <policy domain="coder" rights="none" pattern="EPHEMERAL" />
-  <policy domain="coder" rights="none" pattern="HTTPS" />
-  <policy domain="coder" rights="none" pattern="MVG" />
-  <policy domain="coder" rights="none" pattern="MSL" />
-  <policy domain="coder" rights="none" pattern="TEXT" />
-  <policy domain="coder" rights="none" pattern="SHOW" />
-  <policy domain="coder" rights="none" pattern="WIN" />
-  <policy domain="coder" rights="none" pattern="PLT" />
-</policymap>

templates/etc-ld-oracle

+/opt/oracle/instantclient_18_5

templates/etc-logrotate-php

+/var/log/php{{ phpLogRotatePrefix }}-fpm.log {
+  daily
+  rotate 7
+  missingok
+  notifempty
+  create 644 root root
+  compress
+  delaycompress
+  postrotate
+    /usr/lib{{ phpLibPrefix }}/php/php{{ phpLogRotatePrefix }}-fpm-reopenlogs
+  endscript
+}

templates/etc-php5-apache2-php.ini

@@ -257,7 +257,7 @@ precision = 14
 ; Development Value: 4096
 ; Production Value: 4096
 ; http://php.net/output-buffering
-output_buffering = 4096
+output_buffering = {{ php_output_buffering }}
 
 ; You can redirect all of the output of your scripts to a function.  For
 ; example, if you set output_handler to "mb_output_handler", character
@@ -384,8 +384,6 @@ zend.enable_gc = On
 ; Default: ""
 ;zend.script_encoding =
 
-zend.assertions = {{ php_zend_assertions }}
-
 ;;;;;;;;;;;;;;;;;
 ; Miscellaneous ;
 ;;;;;;;;;;;;;;;;;
@@ -414,7 +412,7 @@ max_execution_time = {{ php_max_execution_time }}
 ; Development Value: 60 (60 seconds)
 ; Production Value: 60 (60 seconds)
 ; http://php.net/max-input-time
-max_input_time = 60
+max_input_time = {{ php_max_input_time }}
 
 ; Maximum input variable nesting level
 ; http://php.net/max-input-nesting-level
@@ -718,7 +716,7 @@ default_mimetype = "text/html"
 ; to disable this feature. If post reading is disabled through
 ; enable_post_data_reading, $HTTP_RAW_POST_DATA is *NOT* populated.
 ; http://php.net/always-populate-raw-post-data
-;always_populate_raw_post_data = On
+always_populate_raw_post_data = -1
 
 ;;;;;;;;;;;;;;;;;;;;;;;;;
 ; Paths and Directories ;
@@ -835,7 +833,7 @@ upload_tmp_dir = {{ jailroot }}/{{ item.jail.name }}/tmp
 upload_max_filesize = {{ php_upload_max_filesize }}
 
 ; Maximum number of files that can be uploaded via a single request
-max_file_uploads = 20
+max_file_uploads = {{ php_max_file_uploads }}
 
 ;;;;;;;;;;;;;;;;;;
 ; Fopen wrappers ;
@@ -1677,6 +1675,9 @@ mssql.secure_connection = Off
 ;mssql.charset = "ISO-8859-1"
 
 [Assertion]
+
+zend.assertions = {{ php_zend_assertions }}
+
 ; Assert(expr); active by default.
 ; http://php.net/assert.active
 ;assert.active = On
@@ -1737,11 +1738,17 @@ mssql.secure_connection = Off
 ; http input encoding.
 ; http://php.net/mbstring.http-input
 ;mbstring.http_input = UTF-8
+{% if php_mbstring_http_input is defined %}
+mbstring.http_input = {{ php_mbstring_http_input }}
+{% endif %}
 
 ; http output encoding. mb_output_handler must be
 ; registered as output buffer to function
 ; http://php.net/mbstring.http-output
 ;mbstring.http_output = pass
+{% if php_mbstring_http_output is defined %}
+mbstring.http_output = {{ php_mbstring_http_output }}
+{% endif %}
 
 ; enable automatic encoding translation according to
 ; mbstring.internal_encoding setting. Input chars are
@@ -1969,7 +1976,7 @@ ldap.max_links = -1
 [Syslog]
 define_syslog_variables  = Off
 
-{% if php_version|default('5.5') == '5.3' %}
+{% if php_version|default(5.5) == 5.3 %}
 [apc]
 extension = apc.so
 apc.rfc1867 = {{ apc_rfc1867 }}
@@ -1986,3 +1993,8 @@ extension=imagick.so
 [xmlrpc]
 extension=xmlrpc.so
 {% endif %}
+
+{% if php_version_main|default(7) == 7 %}
+[oauth]
+extension=oauth.so
+{% endif %}

templates/etc-php5-conf-d-apcu.ini

+extension=apcu.so
+apc.shm_size={{ apc_shm_size }}

templates/etc-php5-conf-d-opcache.ini

+; priority=10
 zend_extension=opcache.so
 opcache.enable=1
+opcache.enable_cli=1
+opcache.save_comments=1
 opcache.memory_consumption={{ opcache_memory_consumption }}
 opcache.max_accelerated_files={{ opcache_max_accelerated_files }}
 opcache.revalidate_freq={{ opcache_revalidate_freq }}

templates/php_pool.conf

+[default]
+user = www-data
+group = www-data
+;chroot = /var/www{{apache_server_default_root|default('')}}
+chdir = /
+{% if php_fpm_socket %}
+listen = /var/run/php{{ php_version_main }}-fpm.sock
+{% else %}
+listen = 127.0.0.1:{{ php_fpm_port|default(9999) }}
+{% endif %}
+
+; Process manager
+pm = dynamic
+pm.max_children = 10
+pm.start_servers = 4
+pm.min_spare_servers = 2
+pm.max_spare_servers = 6
+pm.max_requests = 2000
+pm.status_path = /fpm-status
+
+; Environment variables
+env[HOSTNAME] = {{ inventory_hostname }}
+env[PATH] = /usr/local/bin:/usr/sbin:/usr/bin:/bin
+env[TMP] = /tmp
+env[TMPDIR] = /tmp
+env[TEMP] = /tmp
+
+; PHP settings
+php_admin_value[doc_root] = /var/www{{apache_server_default_root|default('')}}
+php_admin_value[upload_tmp_dir] = /tmp
+php_admin_value[browscap] = {{ php_browscap }}
+php_admin_value[conf_dir] = {{ php_conf_dir }}
+php_admin_value[date_timezone] = {{ php_date_timezone }}
+php_admin_value[display_errors] = {{ php_display_errors }}
+php_admin_value[display_startup_errors] = {{ php_display_startup_errors }}
+php_admin_value[error_reporting] = {{ php_error_reporting }}
+php_admin_value[expose_php] = {{ php_expose_php }}
+php_admin_value[filter.default] = {{ php_filter_default }}
+php_admin_value[html_errors] = {{ php_html_errors }}
+php_admin_value[log_errors] = {{ php_log_errors }}
+php_admin_value[magic_quotes_gpc] = {{ php_magic_quotes_gpc }}
+php_admin_value[max_execution_time] = {{ php_max_execution_time }}
+php_admin_value[max_input_time] = {{ php_max_input_time }}
+php_admin_value[max_input_vars] = {{ php_max_input_vars }}
+php_admin_value[needs_oci8] = {{ php_needs_oci8 }}
+php_admin_value[register_globals] = {{ php_register_globals }}
+php_admin_value[register_long_arrays] = {{ php_register_long_arrays }}
+php_admin_value[sendmail_path] = {{ php_sendmail_path }}
+php_admin_value[session_cache_expire] = {{ php_session_cache_expire }}
+php_admin_value[session_cookie_lifetime] = {{ php_session_cookie_lifetime }}
+php_admin_value[session_gc_divisor] = {{ php_session_gc_divisor }}
+php_admin_value[session_gc_maxlifetime] = {{ php_session_gc_maxlifetime }}
+php_admin_value[short_open_tag] = {{ php_short_open_tag }}
+
+php_admin_value[max_file_uploads] = {{ php_max_file_uploads }}
+php_admin_value[memory_limit] = {{ php_memory_limit }}
+php_admin_value[post_max_size] = {{ php_post_max_size }}
+php_admin_value[upload_max_filesize] = {{ php_upload_max_filesize }}