From 22c56e55a0fde97621ef0e8b86b5be2122ae02a2 Mon Sep 17 00:00:00 2001
From: Grant Slater <git@firefishy.com>
Date: Sun, 14 Aug 2022 02:12:51 +0300
Subject: [PATCH] Name php-fpm socket to work with apparmor-profiles

apparmor-profiles provides a default php-fpm profile.
The socket is expected with name: @{run}/php{,-fpm}/php*-fpm.sock
---
 cookbooks/dev/templates/default/apache.phppgadmin.erb | 6 +++---
 cookbooks/dev/templates/default/apache.user.erb       | 2 +-
 cookbooks/dmca/templates/default/apache.erb           | 2 +-
 cookbooks/donate/templates/default/apache.erb         | 2 +-
 cookbooks/forum/templates/default/apache.erb          | 2 +-
 cookbooks/matomo/templates/default/apache.erb         | 2 +-
 cookbooks/mediawiki/templates/default/apache.erb      | 2 +-
 cookbooks/nominatim/templates/default/nginx.erb       | 2 +-
 cookbooks/php/resources/fpm.rb                        | 2 +-
 cookbooks/php/templates/default/pool.conf.erb         | 2 +-
 cookbooks/wordpress/templates/default/apache.erb      | 2 +-
 11 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/cookbooks/dev/templates/default/apache.phppgadmin.erb b/cookbooks/dev/templates/default/apache.phppgadmin.erb
index 2965946e2..fba255781 100644
--- a/cookbooks/dev/templates/default/apache.phppgadmin.erb
+++ b/cookbooks/dev/templates/default/apache.phppgadmin.erb
@@ -16,9 +16,9 @@
 	# Remove Proxy request header to mitigate https://httpoxy.org/
 	RequestHeader unset Proxy early
 
-	ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/run/php/default.sock|fcgi://127.0.0.1
-	ProxyPassMatch ^/(.*\.phpx(/.*)?)$ unix:/run/php/default.sock|fcgi://127.0.0.1
-	ProxyPassMatch ^/(.*\.phpj(/.*)?)$ unix:/run/php/default.sock|fcgi://127.0.0.1
+	ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/run/php/php-default-fpm.sock|fcgi://127.0.0.1
+	ProxyPassMatch ^/(.*\.phpx(/.*)?)$ unix:/run/php/php-default-fpm.sock|fcgi://127.0.0.1
+	ProxyPassMatch ^/(.*\.phpj(/.*)?)$ unix:/run/php/php-default-fpm.sock|fcgi://127.0.0.1
 </VirtualHost>
 
 <VirtualHost *:80>
diff --git a/cookbooks/dev/templates/default/apache.user.erb b/cookbooks/dev/templates/default/apache.user.erb
index 258f120d3..fb03b6487 100644
--- a/cookbooks/dev/templates/default/apache.user.erb
+++ b/cookbooks/dev/templates/default/apache.user.erb
@@ -30,7 +30,7 @@ WSGIDaemonProcess <%= @user %>.dev.openstreetmap.org user=<%= @user %> processes
 	RewriteRule ^/cgi-bin/(.*)$ /~<%= @user %>/cgi-bin/$1 [PT,L]
 
 	<FilesMatch ".+\.ph(p|ps|p3|tml)$">
-		SetHandler "proxy:unix:/run/php/<%= @user %>.sock|fcgi://127.0.0.1"
+		SetHandler "proxy:unix:/run/php/php-<%= @user %>-fpm.sock|fcgi://127.0.0.1"
 	</FilesMatch>
 </VirtualHost>
 
diff --git a/cookbooks/dmca/templates/default/apache.erb b/cookbooks/dmca/templates/default/apache.erb
index 41d06aa1c..5b2e320d6 100644
--- a/cookbooks/dmca/templates/default/apache.erb
+++ b/cookbooks/dmca/templates/default/apache.erb
@@ -53,6 +53,6 @@
   Require all granted
 
   <FilesMatch ".+\.ph(ar|p|tml)$">
-    SetHandler "proxy:unix:/run/php/<%= @name %>.sock|fcgi://127.0.0.1"
+    SetHandler "proxy:unix:/run/php/php-<%= @name %>-fpm.sock|fcgi://127.0.0.1"
   </FilesMatch>
 </Directory>
diff --git a/cookbooks/donate/templates/default/apache.erb b/cookbooks/donate/templates/default/apache.erb
index 329dc12bd..8bf3dad45 100644
--- a/cookbooks/donate/templates/default/apache.erb
+++ b/cookbooks/donate/templates/default/apache.erb
@@ -42,7 +42,7 @@
     Require all granted
 
     <FilesMatch ".+\.ph(ar|p|tml)$">
-      SetHandler "proxy:unix:/run/php/donate.openstreetmap.org.sock|fcgi://127.0.0.1"
+      SetHandler "proxy:unix:/run/php/php-donate.openstreetmap.org-fpm.sock|fcgi://127.0.0.1"
     </FilesMatch>
   </Directory>
 
diff --git a/cookbooks/forum/templates/default/apache.erb b/cookbooks/forum/templates/default/apache.erb
index d51786b26..5235ee1f8 100644
--- a/cookbooks/forum/templates/default/apache.erb
+++ b/cookbooks/forum/templates/default/apache.erb
@@ -40,7 +40,7 @@
 	DocumentRoot /srv/forum.openstreetmap.org/html
 
 	<FilesMatch ".+\.ph(ar|p|tml)$">
-		SetHandler "proxy:unix:/run/php/forum.openstreetmap.org.sock|fcgi://127.0.0.1"
+		SetHandler "proxy:unix:/run/php/php-forum.openstreetmap.org-fpm.sock|fcgi://127.0.0.1"
 	</FilesMatch>
 </VirtualHost>
 
diff --git a/cookbooks/matomo/templates/default/apache.erb b/cookbooks/matomo/templates/default/apache.erb
index 5b503cae6..5fd21d602 100644
--- a/cookbooks/matomo/templates/default/apache.erb
+++ b/cookbooks/matomo/templates/default/apache.erb
@@ -83,6 +83,6 @@
 	</FilesMatch>
 
         <FilesMatch ".+\.ph(ar|p|tml)$">
-                SetHandler "proxy:unix:/run/php/matomo.openstreetmap.org.sock|fcgi://127.0.0.1"
+                SetHandler "proxy:unix:/run/php/php-matomo.openstreetmap.org-fpm.sock|fcgi://127.0.0.1"
         </FilesMatch>
 </Directory>
diff --git a/cookbooks/mediawiki/templates/default/apache.erb b/cookbooks/mediawiki/templates/default/apache.erb
index dc3dc5eb0..fd23a5341 100644
--- a/cookbooks/mediawiki/templates/default/apache.erb
+++ b/cookbooks/mediawiki/templates/default/apache.erb
@@ -96,7 +96,7 @@
     Require all granted
 
     <FilesMatch ".+\.ph(ar|p|tml)$">
-      SetHandler "proxy:unix:/run/php/<%= @name %>.sock|fcgi://127.0.0.1"
+      SetHandler "proxy:unix:/run/php/php-<%= @name %>-fpm.sock|fcgi://127.0.0.1"
     </FilesMatch>
   </Directory>
 
diff --git a/cookbooks/nominatim/templates/default/nginx.erb b/cookbooks/nominatim/templates/default/nginx.erb
index 998fcdfaa..af639e8d0 100644
--- a/cookbooks/nominatim/templates/default/nginx.erb
+++ b/cookbooks/nominatim/templates/default/nginx.erb
@@ -1,5 +1,5 @@
 upstream nominatim_service {
-  server unix:/run/php/nominatim.openstreetmap.org.sock;
+  server unix:/run/php/php-nominatim.openstreetmap.org-fpm.sock;
 }
 
 map $uri $nominatim_script_name {
diff --git a/cookbooks/php/resources/fpm.rb b/cookbooks/php/resources/fpm.rb
index 657f3b51b..49df4effe 100644
--- a/cookbooks/php/resources/fpm.rb
+++ b/cookbooks/php/resources/fpm.rb
@@ -93,7 +93,7 @@ action_class do
     if new_resource.port
       "tcp://127.0.0.1:#{new_resource.port}/status"
     else
-      "unix:///run/php/#{new_resource.pool}.sock;/status"
+      "unix:///run/php/php-#{new_resource.pool}-fpm.sock;/status"
     end
   end
 end
diff --git a/cookbooks/php/templates/default/pool.conf.erb b/cookbooks/php/templates/default/pool.conf.erb
index 1877b7bef..cec611ade 100644
--- a/cookbooks/php/templates/default/pool.conf.erb
+++ b/cookbooks/php/templates/default/pool.conf.erb
@@ -5,7 +5,7 @@
 listen = 127.0.0.1:<%= @port %>
 listen.backlog = 256
 <% else -%>
-listen = /run/php/<%= @pool %>.sock
+listen = /run/php/php-<%= @pool %>-fpm.sock
 listen.owner = www-data
 listen.group = www-data
 <% end -%>
diff --git a/cookbooks/wordpress/templates/default/apache.erb b/cookbooks/wordpress/templates/default/apache.erb
index a1187818a..0e0790fdb 100644
--- a/cookbooks/wordpress/templates/default/apache.erb
+++ b/cookbooks/wordpress/templates/default/apache.erb
@@ -61,7 +61,7 @@
     Require all granted
 
     <FilesMatch ".+\.ph(ar|p|tml)$">
-      SetHandler "proxy:unix:/run/php/<%= @name %>.sock|fcgi://127.0.0.1"
+      SetHandler "proxy:unix:/run/php/php-<%= @name %>-fpm.sock|fcgi://127.0.0.1"
     </FilesMatch>
   </Directory>
 
-- 
2.39.5