Improve Nginx/PHP-FPM configuration

roles/webserver/defaults/main.yml

@@ -9,7 +9,6 @@ with_nginx: False
 nginx_workers: 2
 nginx_ssl_strengthened: False
 
-
 with_modphp5: False
 
 with_fpm: False
@@ -37,7 +36,6 @@ php_config_web:
   display_startup_errors: 'off'
   log_errors: 'on'
   html_errors: 'off'
-  cgi.fix_pathinfo: '0'
 # Set with /etc/default/php5-fpm (see https://bugs.php.net/bug.php?id=66239)
 #  error_log: 'syslog'
 

roles/webserver/templates/fpm/nginx/fastcgi_pass_fpm.j2

@@ -1,12 +1,40 @@
-# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
+{% if ansible_prolog -%}
+{% from 'templates/ansible/prolog.j2' import prolog with context %}
+{{ prolog() }}
+{% endif -%}
+#
+# fastcgi configuration for Nginx and PHP-FPM
+#
 fastcgi_split_path_info ^(.+\.php)(/.+)$;
+fastcgi_param   PATH_INFO           $fastcgi_path_info;
+fastcgi_param   PATH_TRANSLATED     $document_root$fastcgi_path_info;
 
-include fastcgi_params;
-fastcgi_param SCRIPT_FILENAME $request_filename;
+fastcgi_param   QUERY_STRING        $query_string;
+fastcgi_param   REQUEST_METHOD      $request_method;
+fastcgi_param   CONTENT_TYPE        $content_type;
+fastcgi_param   CONTENT_LENGTH      $content_length;
 
-fastcgi_pass fpm-backend;
+fastcgi_param   SCRIPT_NAME         $fastcgi_script_name;
+fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
+fastcgi_param   REQUEST_URI         $request_uri;
+fastcgi_param   DOCUMENT_URI        $document_uri;
+fastcgi_param   DOCUMENT_ROOT       $document_root;
+fastcgi_param   SERVER_PROTOCOL     $server_protocol;
+fastcgi_param   HTTPS               $https if_not_empty;
 
-fastcgi_index index.php;
+fastcgi_param   GATEWAY_INTERFACE   CGI/1.1;
+fastcgi_param   SERVER_SOFTWARE     nginx/$nginx_version;
+
+fastcgi_param   REMOTE_ADDR         $remote_addr;
+fastcgi_param   REMOTE_PORT         $remote_port;
+fastcgi_param   SERVER_ADDR         $server_addr;
+fastcgi_param   SERVER_PORT         $server_port;
+fastcgi_param   SERVER_NAME         $server_name;
+
+fastcgi_param   REDIRECT_STATUS     200;
+
+fastcgi_pass    fpm-backend;
+fastcgi_index   index.php;
 
 fastcgi_buffer_size 8m;
 fastcgi_buffers 8 8m;

roles/webserver/templates/fpm/php-fpm-pools.conf.j2

@@ -398,6 +398,7 @@ catch_workers_output = yes
 ;php_admin_value[error_log] = /var/log/fpm-php.www.log
 ;php_admin_flag[log_errors] = on
 ;php_admin_value[memory_limit] = 32M
+php_admin_flag[cgi.fix_pathinfo] = on
 {% if ansible_lsb.major_release|int < 8 %}
 {% if php_local_config_web is defined %}
 {% set _dummy = php_config_web.update(php_local_config_web) %}

roles/webserver/templates/nginx/pma_vhost.j2

@@ -19,7 +19,7 @@ server {
 
     client_max_body_size 32m;
 
-    location ~ \.php$ {
+    location ~ \.php(/|$) {
         include fastcgi_pass_fpm;
     }
 }

roles/webserver/templates/nginx/sys_vhost.j2

@@ -17,7 +17,7 @@ server {
     auth_basic "Restricted Access";
     auth_basic_user_file /etc/nginx/auth_admin;
 
-    location ~ \.php$ {
+    location ~ \.php(/|$) {
         include fastcgi_pass_fpm;
     }
 }