Merge branch 'holta-wordpress-fixes'

roles/3-base-server/tasks/main.yml

@@ -8,10 +8,10 @@
     name: mysql
   when: mysql_install | bool
 
-- name: WWW_BACK_END (WWW_FRONT_END should be installed later)
+- name: WWW_BASE (WWW_OPTIONS should be installed later)
   include_role:
-    name: www_back_end
-  #when: www_back_end_install | bool
+    name: www_base
+  #when: www_base_install | bool
   #when: apache_install or nginx_install
 
 - name: HTTPD (Apache)

roles/4-server-options/tasks/main.yml

@@ -37,15 +37,15 @@
     name: samba
   when: samba_install | bool
 
-# 2020-02-12: what was roles/homepage lives in roles/www_back_end &
-# roles/www_front_end for now.  Eventually softcoding of iiab_home_url
+# 2020-02-12: what was roles/homepage lives in roles/www_base &
+# roles/www_options for now.  Eventually softcoding of iiab_home_url
 # should happen everywhere (incl Admin Console) to allow more field
 # options, e.g. changing /library/www/html/home even when offline...
 
-- name: WWW_FRONT_END (WWW_BACK_END should have been installed earlier)
+- name: WWW_OPTIONS (WWW_BASE should have been installed earlier)
   include_role:
-    name: www_front_end
-  #when: www_front_end_install | bool
+    name: www_options
+  #when: www_options_install | bool
   #when: apache_install or nginx_install
 
 - name: Recording STAGE 4 HAS COMPLETED ==================

roles/httpd/tasks/homepage.yml

@@ -1,4 +1,4 @@
-# Both invoked in 4-SERVER-OPTIONS, by roles/www_front_end/tasks/main.yml:
+# Both invoked in 4-SERVER-OPTIONS, by roles/www_options/tasks/main.yml:
 #
 # httpd/tasks/homepage.yml
 # nginx/tasks/homepage.yml

roles/httpd/tasks/install.yml

@@ -157,7 +157,7 @@
 #   when: not apache_enabled
 
 - debug:
-    msg: roles/httpd/tasks/homepage.yml will run LATER (invoked by roles/www_front_end/tasks/main.yml) SO THAT APACHE CAN REDIRECT http://box TO http://box{{ iiab_home_url }} (based on var iiab_home_url)
+    msg: roles/httpd/tasks/homepage.yml will run LATER (invoked by roles/www_options/tasks/main.yml) SO THAT APACHE CAN REDIRECT http://box TO http://box{{ iiab_home_url }} (based on var iiab_home_url)
 # - include_tasks: roles/httpd/tasks/homepage.yml
 
 # - name: Enable & Stop '{{ apache_service }}' systemd service

roles/nextcloud/README.md

@@ -33,7 +33,7 @@ To further refine Nextcloud access controls based on IPv4 addresses, you can edi
 - max_execution_time
 - max_input_time
 
-Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_front_end/tasks/main.yml#L47-L51](../www_front_end/tasks/main.yml#L47-L51)
+Useful PHP recommendations for these settings (while largely tailored to WordPress, and aimed at very low-end hardware) can be found here: [/opt/iiab/iiab/roles/www_options/tasks/main.yml#L47-L51](../www_options/tasks/main.yml#L47-L51)
 
 ## Using It
 

roles/nextcloud/tasks/install.yml

@@ -52,7 +52,7 @@
       #- php-cli         # NOT REQUESTED by Nextcloud
       #- php-common      # NOT REQUESTED by Nextcloud
       - php-curl
-      - php-fpm          # ALSO INSTALLED IN roles/www_back_end (Stage 3) for nginx_high_php_limits
+      - php-fpm          # ALSO INSTALLED IN roles/www_options (Stage 4) for nginx_high_php_limits
       - php-gd
       - php-gmp          # Optional (for SFTP storage)
       - php-imagick      # Optional (for preview generation)

roles/nginx/tasks/homepage.yml

@@ -1,4 +1,4 @@
-# Both invoked in 4-SERVER-OPTIONS, by roles/www_front_end/tasks/main.yml:
+# Both invoked in 4-SERVER-OPTIONS, by roles/www_options/tasks/main.yml:
 #
 # httpd/tasks/homepage.yml
 # nginx/tasks/homepage.yml

roles/nginx/tasks/install.yml

@@ -46,10 +46,10 @@
     #- { src: 'iiab.conf.j2', dest: "{{ nginx_conf_dir }}/iiab.conf" }    # Moved into homepage.yml below
 
 - debug:
-    msg: roles/nginx/tasks/homepage.yml will run LATER (invoked by roles/www_front_end/tasks/main.yml) SO THAT NGINX CAN REDIRECT http://box TO http://box{{ iiab_home_url }} (based on var iiab_home_url)
+    msg: roles/nginx/tasks/homepage.yml will run LATER (invoked by roles/www_options/tasks/main.yml) SO THAT NGINX CAN REDIRECT http://box TO http://box{{ iiab_home_url }} (based on var iiab_home_url)
 # - include_tasks: roles/nginx/tasks/homepage.yml
 
-# php-stem extension installed by roles/www_back_end/tasks/php-stem.yml
+# php-stem extension installed by roles/www_base/tasks/php-stem.yml
 # here it is linked to php-fpm
 - name: Symlink /etc/php/{{ php_version }}/fpm/conf.d/20-stem.ini -> /etc/php/{{ php_version }}/mods-available/stem.ini
   file:

roles/wordpress/templates/wordpress-nginx.conf.j2

@@ -1,6 +1,7 @@
 location {{ wp_url }} { 
     #rewrite_log on;
     root {{ content_base }};
+    try_files $uri $uri/ /wordpress/index.php$is_args$args;
     
     location ~ .*\.php$ {
           

roles/www_base/tasks/main.yml

@@ -1,5 +1,5 @@
-# Role "www_back_end" runs here, probably in 3-BASE-SERVER.
-# Role "www_front_end" runs later, likely in 4-SERVER-OPTIONS.
+# Role "www_base" runs here, probably in 3-BASE-SERVER.
+# Role "www_options" runs later, likely in 4-SERVER-OPTIONS.
 #
 # (Don't take either name too literally!)
 
@@ -7,7 +7,7 @@
 - include_tasks: html.yml
 - include_tasks: php-stem.yml
 
-- name: Create dir {{ doc_root }}/home -- if you customized var iiab_home_url e.g. in /etc/iiab/local_vars.yml, that dir is created later -- by www_front_end/tasks/main.yml
+- name: Create dir {{ doc_root }}/home -- if you customized var iiab_home_url e.g. in /etc/iiab/local_vars.yml, that dir is created later -- by www_options/tasks/main.yml
   file:
     state: directory
     path: "{{ doc_root }}/home"    # /library/www/html
@@ -30,14 +30,14 @@
     mode: '0755'
 
 
-# RECORD www_back_end AS INSTALLED
+# RECORD www_base AS INSTALLED
 
-- name: "Set 'www_back_end_installed: True'"
+- name: "Set 'www_base_installed: True'"
   set_fact:
-    www_back_end_installed: True
+    www_base_installed: True
 
-- name: "Add 'www_back_end_installed: True' to {{ iiab_state_file }}"
+- name: "Add 'www_base_installed: True' to {{ iiab_state_file }}"
   lineinfile:
     path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
-    regexp: '^www_back_end_installed'
-    line: 'www_back_end_installed: True'
+    regexp: '^www_base_installed'
+    line: 'www_base_installed: True'

roles/www_options/tasks/main.yml

@@ -1,5 +1,5 @@
-# Role "www_back_end" runs earlier, likely in 3-BASE-SERVER.
-# Role "www_front_end" runs here, probably in 4-SERVER-OPTIONS.
+# Role "www_base" runs earlier, likely in 3-BASE-SERVER.
+# Role "www_options" runs here, probably in 4-SERVER-OPTIONS.
 #
 # (Don't take either name too literally!)
 
@@ -24,20 +24,35 @@
   include_tasks: roles/nginx/tasks/homepage.yml
   when: nginx_install | bool
 
+- debug:
+    msg: 'THE 3 ANSIBLE STANZAS BELOW ONLY RUN... when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled'
 
 - block:    # 3-STANZA BLOCK BEGINS
 
-  # Also installed by roles/nextcloud/tasks/install.yml in case './runrole nextcloud' bypasses this role here.  (Possibly make php-fpm mandatory in nginx/tasks/install.yml in future?)
-  - name: Install php-fpm (FastCGI Process Manager) as nec
-    package:
-      name: php-fpm
+  # FYI roles/nginx has already installed package php-fpm, in 3-base-server
 
-  # For schools that use WordPress/Nextcloud/Moodle intensively.
-  # WARNING: Enabling this might cause excess use of RAM/disk or other resources!
+  - name: Raise 2+2 PHP default values in /etc/php/{{ php_version }}/fpm/php.ini for lightweight use of WordPress/Nextcloud/Moodle/PBX (allow photos/docs up to 100MB, 100s timeouts, but preserve PHP's 128MB RAM limit)
+    lineinfile:
+      path: "/etc/php/{{ php_version }}/fpm/php.ini"
+      #path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini"
+      regexp: "{{ item.regexp }}"
+      line: "{{ item.line }}"
+    with_items:
+      - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 100M    ; default is 2M' }
+      - { regexp: '^post_max_size', line: 'post_max_size = 100M    ; default is 8M' }
+      - { regexp: '^max_execution_time', line: 'max_execution_time = 100    ; default is 30' }
+      - { regexp: '^max_input_time', line: 'max_input_time = 100    ; default is 60' }
+      - { regexp: '^memory_limit', line: 'memory_limit = 128M    ; default is 128M / Nextcloud requests 512M' }
+    when: not nginx_high_php_limits    # REMINDER: THIS ENTIRE 4-STANZA BLOCK IS ONLY INVOKED... when: (wordpress_install or nextcloud_install or moodle_install or pbx_install) and nginx_enabled
+
+  # 2020-03-08: IIAB does not support uninstalling apps, so a 3rd clause
+  # (to reset/restore PHP's defaults) is not necessary at this time.
 
   # COMPARE apache_allow_sudo further below.
 
-  - name: Enact high limits in /etc/php/{{ php_version }}/fpm/php.ini if using WordPress/Nextcloud/Moodle intensively, as nec
+  # WARNING: This might cause excess use of RAM/disk or other resources!
+  # The 5 values below were chosen by @ericnitschke and @kananigit in ~2018.
+  - name: Enact nginx_high_php_limits in /etc/php/{{ php_version }}/fpm/php.ini for schools that use WordPress/Nextcloud/Moodle/PBX intensively (allow photos/docs up to 500MB, 300s timeouts, 512MB RAM limit)
     lineinfile:
       path: "/etc/php/{{ php_version }}/fpm/php.ini"
       #path: "/etc/php/{{ php_version }}/{{ apache_service }}/php.ini"
@@ -46,17 +61,17 @@
     with_items:
       - { regexp: '^upload_max_filesize', line: 'upload_max_filesize = 500M    ; default is 2M' }
       - { regexp: '^post_max_size', line: 'post_max_size = 500M    ; default is 8M' }
-      - { regexp: '^memory_limit', line: 'memory_limit = 512M    ; default is 128M / Nextcloud requests 512M' }
       - { regexp: '^max_execution_time', line: 'max_execution_time = 300    ; default is 30' }
       - { regexp: '^max_input_time', line: 'max_input_time = 300    ; default is 60' }
-    when: nginx_high_php_limits
+      - { regexp: '^memory_limit', line: 'memory_limit = 512M    ; default is 128M / Nextcloud requests 512M' }
+    when: nginx_high_php_limits | bool
 
-  - name: Restart 'php{{ php_version }}-fpm' systemd services, as nec
+  - name: Restart 'php{{ php_version }}-fpm' systemd service
     systemd:
       name: "php{{ php_version }}-fpm"
       state: restarted
 
-  when: (nextcloud_install or pbx_install) and nginx_enabled    # 3-STANZA BLOCK ENDS
+  when: (moodle_install or nextcloud_install or pbx_install or wordpress_install) and nginx_enabled    # 3-STANZA BLOCK ENDS
 
 
 # 'Is a "Rapid Power Off" button possible for low-electricity environments?'
@@ -64,7 +79,9 @@
 
 # COMPARE nginx_high_php_limits further above.
 
-# 2020-02-12: DOES THE FLAG BELOW (apache_allow_sudo) WORK WITH NGINX TOO ?
+# 2020-03-08: DOES THE FLAG BELOW (apache_allow_sudo) PRESUMABLY WORK
+# WITH NGINX TOO ?  (The single-click poweroff button on IIAB's home
+# page certainly does still work with NGINX.)
 
 - name: Give {{ apache_user }} (per variable apache_user) permission to poweroff, installing /etc/sudoers.d/020_apache_poweroff from template
   template:
@@ -80,7 +97,7 @@
   when: not apache_allow_sudo
 
 
-- name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation.  (This script was installed in Stage 3 = roles/3-base-server/tasks/main.yml, which ran roles/www_back_end/tasks/main.yml)
+- name: Run /usr/bin/iiab-refresh-wiki-docs (scraper script) to create http://box/info offline documentation.  (This script was installed in Stage 3 = roles/3-base-server/tasks/main.yml, which ran roles/www_base/tasks/main.yml)
   command: /usr/bin/iiab-refresh-wiki-docs
   when: internet_available and not nodocs
 
@@ -98,14 +115,14 @@
   when: nginx_enabled | bool
 
 
-# RECORD www_front_end AS INSTALLED
+# RECORD www_options AS INSTALLED
 
-- name: "Set 'www_front_end_installed: True'"
+- name: "Set 'www_options_installed: True'"
   set_fact:
-    www_front_end_installed: True
+    www_options_installed: True
 
-- name: "Add 'www_front_end_installed: True' to {{ iiab_state_file }}"
+- name: "Add 'www_options_installed: True' to {{ iiab_state_file }}"
   lineinfile:
     path: "{{ iiab_state_file }}"    # /etc/iiab/iiab_state.yml
-    regexp: '^www_front_end_installed'
-    line: 'www_front_end_installed: True'
+    regexp: '^www_options_installed'
+    line: 'www_options_installed: True'

tests/test.yml

@@ -73,8 +73,8 @@
     - { role: usb_lib }
     - { role: vnstat }
     - { role: wordpress }
-    - { role: www_back_end }
-    - { role: www_front_end }
+    - { role: www_base }
+    - { role: www_options }
     - { role: yarn }
     #- { roles: xovis }
 

vars/default_vars.yml

@@ -251,11 +251,11 @@ nginx_interface: 0.0.0.0
 nginx_conf_dir: /etc/nginx/conf.d
 nginx_log_dir: /var/log/nginx
 #
-# For schools that use WordPress/Nextcloud/Moodle intensively:
+# For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
 nginx_high_php_limits: False
 # WARNING: Enabling this might cause excess use of RAM/disk or other resources!
 # SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS...
-# https://github.com/iiab/iiab/blob/master/roles/www_back_end/tasks/main.yml#L23-L27
+# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L67
 # ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini
 
 # See also Apache vars {default_language, language_priority} @ top of this file

vars/local_vars_big.yml

@@ -138,11 +138,11 @@ pi_swap_file_size: 1024
 
 # roles/mysql runs here (mandatory)
 
-# For schools that use WordPress/Nextcloud/Moodle intensively:
+# For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
 nginx_high_php_limits: False
 # WARNING: Enabling this might cause excess use of RAM/disk or other resources!
 # SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS...
-# https://github.com/iiab/iiab/blob/master/roles/www_back_end/tasks/main.yml#L23-L27
+# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L67
 # ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini
 
 # See also Apache vars {default_language, language_priority} @ top of this file

vars/local_vars_medium.yml

@@ -138,11 +138,11 @@ pi_swap_file_size: 1024
 
 # roles/mysql runs here (mandatory)
 
-# For schools that use WordPress/Nextcloud/Moodle intensively:
+# For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
 nginx_high_php_limits: False
 # WARNING: Enabling this might cause excess use of RAM/disk or other resources!
 # SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS...
-# https://github.com/iiab/iiab/blob/master/roles/www_back_end/tasks/main.yml#L23-L27
+# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L67
 # ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini
 
 # See also Apache vars {default_language, language_priority} @ top of this file

vars/local_vars_min.yml

@@ -138,11 +138,11 @@ pi_swap_file_size: 1024
 
 # roles/mysql runs here (mandatory)
 
-# For schools that use WordPress/Nextcloud/Moodle intensively:
+# For schools that use WordPress/Nextcloud/Moodle/PBX intensively:
 nginx_high_php_limits: False
 # WARNING: Enabling this might cause excess use of RAM/disk or other resources!
 # SO AFTER INSTALLING IIAB, VERIFY THAT THESE 5 SETTINGS...
-# https://github.com/iiab/iiab/blob/master/roles/www_back_end/tasks/main.yml#L23-L27
+# https://github.com/iiab/iiab/blob/master/roles/www_options/tasks/main.yml#L53-L67
 # ...ARE SUITABLE FOR YOUR HARDWARE, for: /etc/php/<VERSION>/fpm/php.ini
 
 # See also Apache vars {default_language, language_priority} @ top of this file