Page MenuHomeDevCentral

D3037.id7759.diff
No OneTemporary

D3037.id7759.diff

diff --git a/roles/webserver-core/nginx/config.sls b/roles/webserver-core/nginx/config.sls
--- a/roles/webserver-core/nginx/config.sls
+++ b/roles/webserver-core/nginx/config.sls
@@ -8,6 +8,8 @@
{% from "map.jinja" import dirs with context %}
{% from "roles/webserver-core/map.jinja" import options, certbot_dir with context %}
+{% set has_selinux = salt['grains.get']('selinux:enabled', False) %}
+
# -------------------------------------------------------------
# Accounts - web group
#
@@ -85,6 +87,27 @@
- makedirs: True
- mode: 644
+# -------------------------------------------------------------
+# Logs
+# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+
+/var/log/www:
+ file.directory:
+ - user: {{ options["www_user"] }}
+ - group: web
+ - dir_mode: 711
+
+{% if has_selinux %}
+selinux_context_nginx_logs:
+ selinux.fcontext_policy_present:
+ - name: /var/log/www
+ - sel_type: httpd_log_t
+
+selinux_context_nginx_logs_applied:
+ selinux.fcontext_policy_applied:
+ - name: /var/log/www
+{% endif %}
+
# -------------------------------------------------------------
# vhost folder
#
diff --git a/roles/webserver-core/nginx/files/nginx.conf b/roles/webserver-core/nginx/files/nginx.conf
--- a/roles/webserver-core/nginx/files/nginx.conf
+++ b/roles/webserver-core/nginx/files/nginx.conf
@@ -14,7 +14,7 @@
user {{ nginx_options["www_user"] }} web;
worker_processes auto;
-error_log /var/log/nginx/error.log;
+error_log /var/log/www/error.log;
{% if "pid_path" in nginx_options -%}
pid {{ nginx_options["pid_path"] }};
@@ -28,7 +28,7 @@
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
- access_log /var/log/nginx/access.log main;
+ access_log /var/log/www/access.log main;
# Optimizing how packets are sent
# Reference: https://thoughts.t37.net/nginx-optimization-understanding-sendfile-tcp-nodelay-and-tcp-nopush-c55cdd276765
diff --git a/roles/webserver-legacy/directories/init.sls b/roles/webserver-legacy/directories/init.sls
--- a/roles/webserver-legacy/directories/init.sls
+++ b/roles/webserver-legacy/directories/init.sls
@@ -12,11 +12,6 @@
- group: web
- dir_mode: 711
-/var/log/www:
- file.directory:
- - group: web
- - dir_mode: 711
-
{% for domains_group in pillar['web_domains'] %}
{% for domain in pillar['web_domains'][domains_group] %}
webserver_directory_{{ domain }}:
@@ -33,8 +28,3 @@
- dir_mode: 711
{% endfor %}
{% endfor %}
-
-/var/run/web:
- file.directory:
- - group: web
- - dir_mode: 711
diff --git a/roles/webserver-legacy/php-sites/php-fpm.sls b/roles/webserver-legacy/php-sites/php-fpm.sls
--- a/roles/webserver-legacy/php-sites/php-fpm.sls
+++ b/roles/webserver-legacy/php-sites/php-fpm.sls
@@ -28,8 +28,15 @@
# -------------------------------------------------------------
# Configuration : pools
+#
+# Sockets are created in /var/run/web/<site user>/php-fpm.sock
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
+/var/run/web:
+ file.directory:
+ - group: web
+ - dir_mode: 711
+
{% for fqdn, site in pillar['web_php_sites'].items() %}
php-fpm_pool_{{ site['user'] }}:

File Metadata

Mime Type
text/plain
Expires
Tue, Dec 24, 04:59 (19 h, 44 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
2313522
Default Alt Text
D3037.id7759.diff (3 KB)

Event Timeline