Fix PHP-FPM configiration: add sane default settings, fix socket mode for security reasons

roles/webserver/defaults/main.yml

@@ -14,9 +14,10 @@ fpm_pool_count: 1
 fpm_user: www-data
 fpm_group: www-data
 # fpm_max_children ~= (total RAM - RAM used by other process) / (average amount of RAM used by a PHP process)
-fpm_max_children: 42
-fpm_min_spare_servers: 10
-fpm_max_spare_servers: 20
+fpm_start_servers: 2
+fpm_max_children: 5
+fpm_min_spare_servers: 1
+fpm_max_spare_servers: 3
 
 with_php: False
 with_php_lt_54: False

roles/webserver/templates/fpm/php-fpm-custom.conf.j2

@@ -152,9 +152,9 @@ listen.backlog = 8192
 ; BSD-derived systems allow connections regardless of permissions. 
 ; Default Values: user and group are set as the running user
 ;                 mode is set to 0666
-;listen.owner = www-data
-;listen.group = www-data
-;listen.mode = 0666
+listen.owner = www-data
+listen.group = www-data
+listen.mode = 0660
  
 ; List of ipv4 addresses of FastCGI clients which are allowed to connect.
 ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
@@ -204,7 +204,7 @@ pm.max_children = {{ fpm_max_children }}
 ; The number of child processes created on startup.
 ; Note: Used only when pm is set to 'dynamic'
 ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
-; pm.start_servers =
+pm.start_servers = {{ fpm_start_servers }}
 
 ; The desired minimum number of idle server processes.
 ; Note: Used only when pm is set to 'dynamic'