From cb38c04cb54fe38f2a8b8c329b2886ddcfae96ad Mon Sep 17 00:00:00 2001 From: root Date: Thu, 24 Mar 2022 20:07:59 -0400 Subject: [PATCH 1/3] Remove 500M restriction on file uploads. Use 10G instead. --- roles/moodle/templates/moodle-nginx.conf.j2 | 2 +- .../nextcloud/templates/nextcloud-nginx.conf.j2 | 2 +- roles/nginx/templates/server.conf.j2 | 6 +++--- roles/www_options/tasks/main.yml | 16 ++++++++-------- vars/default_vars.yml | 2 +- vars/local_vars_large.yml | 2 +- vars/local_vars_medium.yml | 2 +- vars/local_vars_small.yml | 2 +- vars/local_vars_unittest.yml | 2 +- 9 files changed, 18 insertions(+), 18 deletions(-) diff --git a/roles/moodle/templates/moodle-nginx.conf.j2 b/roles/moodle/templates/moodle-nginx.conf.j2 index 135096c5b..f6077f50c 100644 --- a/roles/moodle/templates/moodle-nginx.conf.j2 +++ b/roles/moodle/templates/moodle-nginx.conf.j2 @@ -29,7 +29,7 @@ location ~ ^/moodle(.*)\.php(.*)$ { # Uncomment to override /etc/php//fpm/php.ini -- FYI Stage 4's # roles/www_options/tasks/main.yml FORCES these same settings and more # (equivalent to 'nginx_high_php_limits: True') when 'moodle_install: True' - #fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=500M\n post_max_size=500M\n max_input_vars=5000"; + #fastcgi_param PHP_VALUE "max_execution_time=300\n upload_max_filesize=10000M\n post_max_size=10000M\n max_input_vars=5000"; } location ~ ^/moodle { diff --git a/roles/nextcloud/templates/nextcloud-nginx.conf.j2 b/roles/nextcloud/templates/nextcloud-nginx.conf.j2 index a1d1a53b3..ab726c69d 100644 --- a/roles/nextcloud/templates/nextcloud-nginx.conf.j2 +++ b/roles/nextcloud/templates/nextcloud-nginx.conf.j2 @@ -59,7 +59,7 @@ location ^~ {{ nextcloud_url }} { } # set max upload size - client_max_body_size 512M; + client_max_body_size 10000M; fastcgi_buffers 64 4K; # Enable gzip but do not remove ETag headers diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 84413f4e7..5cb5cffd7 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -8,13 +8,13 @@ server { index index.php index.html index.htm; # NGINX's 1MB default is far too low for Calibre-Web and LMS-like apps. - # So IIAB sets this to 500M, roughly aligning with similar settings... - # 1. 'upload_max_filesize = 500M' and 'post_max_size = 500M' are SOMETIMES set in: + # So IIAB sets this to 10000M, roughly aligning with similar settings... + # 1. 'upload_max_filesize = 10000M' and 'post_max_size = 10000M' are SOMETIMES set in: # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L106-L107 # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L120-L121 # 2. 'client_max_body_size 512M;' is set in: # https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud-nginx.conf.j2#L62 - client_max_body_size 500M; + client_max_body_size 10000M; # let individual services drop location blocks in conf.d include {{ nginx_conf_dir }}/*; diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index b2c1afbc5..03c1a11db 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -57,7 +57,7 @@ # roles/nginx has installed pkg 'php{{ php_version }}-fpm' in 3-base-server - - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" + - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow file size up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -71,7 +71,7 @@ - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: not nginx_high_php_limits and not moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install - - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" + - name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for lightweight use of WordPress/Nextcloud/PBX (allow file size up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -97,28 +97,28 @@ # regular operation it uses: .../fpm/php.ini # And in the past it used: .../apache2/php.ini - - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" + - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow file size up to 10000MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 10000M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 10000M ; default is 8M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: nginx_high_php_limits or moodle_install # REMINDER: THIS ENTIRE 5-STANZA BLOCK IS ONLY INVOKED... when: moodle_install or nextcloud_install or pbx_install or wordpress_install - - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" + - name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for schools that use WordPress/Moodle/Nextcloud/PBX intensively (allow file size up to 10000MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 10000M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 10000M ; default is 8M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } diff --git a/vars/default_vars.yml b/vars/default_vars.yml index 50a976851..2622aa833 100644 --- a/vars/default_vars.yml +++ b/vars/default_vars.yml @@ -323,7 +323,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf +# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False diff --git a/vars/local_vars_large.yml b/vars/local_vars_large.yml index ca5870c64..a97d24d2b 100644 --- a/vars/local_vars_large.yml +++ b/vars/local_vars_large.yml @@ -203,7 +203,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf +# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False diff --git a/vars/local_vars_medium.yml b/vars/local_vars_medium.yml index 03dfaeffd..8334247a3 100644 --- a/vars/local_vars_medium.yml +++ b/vars/local_vars_medium.yml @@ -203,7 +203,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf +# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False diff --git a/vars/local_vars_small.yml b/vars/local_vars_small.yml index 9d547b31a..6d32bc85b 100644 --- a/vars/local_vars_small.yml +++ b/vars/local_vars_small.yml @@ -203,7 +203,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf +# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False diff --git a/vars/local_vars_unittest.yml b/vars/local_vars_unittest.yml index 9b2c2a2ac..b4413c8c9 100644 --- a/vars/local_vars_unittest.yml +++ b/vars/local_vars_unittest.yml @@ -203,7 +203,7 @@ nginx_high_php_limits: False # REGARDLESS: AFTER INSTALLING IIAB, PLEASE VERIFY THESE 6 SETTINGS... # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L133 # ...ARE SUITABLE FOR YOUR HARDWARE, as saved in: /etc/php//*/php.ini -# ALSO: ADJUST "client_max_body_size 500M;" AS NEC, IN: /etc/nginx/server.conf +# ALSO: ADJUST "client_max_body_size 10000M;" AS NEC, IN: /etc/nginx/server.conf # Make this True to enable http://box/js-menu/menu-files/services/power_off.php apache_allow_sudo: False From 9c0e24ac5c6b4c01f23020786fcd24010a27c182 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 24 Mar 2022 20:13:52 -0400 Subject: [PATCH 2/3] nginx/templates/server.conf.j2: Clarify nextcloud-nginx.conf.j2 --- roles/nginx/templates/server.conf.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/nginx/templates/server.conf.j2 b/roles/nginx/templates/server.conf.j2 index 5cb5cffd7..13cbefcd4 100644 --- a/roles/nginx/templates/server.conf.j2 +++ b/roles/nginx/templates/server.conf.j2 @@ -12,7 +12,7 @@ server { # 1. 'upload_max_filesize = 10000M' and 'post_max_size = 10000M' are SOMETIMES set in: # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L106-L107 # https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L120-L121 - # 2. 'client_max_body_size 512M;' is set in: + # 2. 'client_max_body_size 10000M;' is set in: # https://github.com/iiab/iiab/blob/master/roles/nextcloud/templates/nextcloud-nginx.conf.j2#L62 client_max_body_size 10000M; From a7ed9f7dcd152b185944ce24d14ba1805f1820f2 Mon Sep 17 00:00:00 2001 From: A Holt Date: Thu, 21 Dec 2023 11:28:38 -0500 Subject: [PATCH 3/3] www_options/tasks/php-settings.yml: Set 2 vars to 10000M when nginx_high_php_limits or moodle_install or nextcloud_install --- roles/www_options/tasks/php-settings.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/roles/www_options/tasks/php-settings.yml b/roles/www_options/tasks/php-settings.yml index 3cdd2b887..46955cf16 100644 --- a/roles/www_options/tasks/php-settings.yml +++ b/roles/www_options/tasks/php-settings.yml @@ -52,7 +52,7 @@ # And in the past it used: .../apache2/php.ini -- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" +- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/fpm/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow file size up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -66,7 +66,7 @@ - { regexp: '^max_input_vars', line: 'max_input_vars = 1000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: not nginx_high_php_limits and not moodle_install and not nextcloud_install -- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow photos/docs up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" +- name: "Enact 'nginx_high_php_limits: False' in /etc/php/{{ php_version }}/cli/php.ini for LIGHTWEIGHT use of Matomo/Nextcloud/PBX/WordPress (allow file size up to 100MB, 100s timeouts, with 2 PHP system defaults: memory_limit = 128M, max_input_vars = 1000)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" @@ -81,28 +81,28 @@ when: not nginx_high_php_limits and not moodle_install and not nextcloud_install -- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" +- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/fpm/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow file size up to 10000MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/fpm/php.ini # COMPARE /etc/php/{{ php_version }}/cli/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 10000M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 10000M ; default is 8M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is 128M / Nextcloud requests 512M' } - { regexp: '^max_input_vars', line: 'max_input_vars = 5000 ; default is 1000 / Moodle 3.11+ requires 5000+ with PHP 8+' } when: nginx_high_php_limits or moodle_install or nextcloud_install -- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow photos/docs up to 500MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" +- name: "Enact 'nginx_high_php_limits: True' in /etc/php/{{ php_version }}/cli/php.ini for Moodle/Nextcloud or INTENSIVE use of Matomo/PBX/WordPress (allow file size up to 10000MB, 300s timeouts, memory_limit = 512M for Nextcloud, max_input_vars = 5000 for Moodle)" lineinfile: path: /etc/php/{{ php_version }}/cli/php.ini # COMPARE /etc/php/{{ php_version }}/fpm/php.ini AND /etc/php/{{ php_version }}/apache2/php.ini regexp: "{{ item.regexp }}" line: "{{ item.line }}" with_items: - - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M ; default is 2M' } - - { regexp: '^post_max_size', line: 'post_max_size = 500M ; default is 8M' } + - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 10000M ; default is 2M' } + - { regexp: '^post_max_size', line: 'post_max_size = 10000M ; default is 8M' } - { regexp: '^max_execution_time', line: 'max_execution_time = 300 ; default is 30' } - { regexp: '^max_input_time', line: 'max_input_time = 300 ; default is 60' } - { regexp: '^memory_limit', line: 'memory_limit = 512M ; default is -1 (i.e. no limit) / Nextcloud requests 512M' }