From 9da2371f202d49b61dc48c36c9fc4aa5c87d25fe Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Mon, 13 Jul 2020 17:07:45 +0100
Subject: [PATCH] Pass PHP options to FPM from apache

---
 cookbooks/forum/attributes/default.rb        | 6 ------
 cookbooks/forum/recipes/default.rb           | 1 +
 cookbooks/forum/templates/default/apache.erb | 9 +++++++++
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/cookbooks/forum/attributes/default.rb b/cookbooks/forum/attributes/default.rb
index b4982d65c..9f4114f80 100644
--- a/cookbooks/forum/attributes/default.rb
+++ b/cookbooks/forum/attributes/default.rb
@@ -1,8 +1,2 @@
 # Enable the "forum" role
 default[:accounts][:users][:forum][:status] = :role
-
-# Configure PHP options
-default[:php][:fpm][:options][:open_basedir] = "/srv/forum.openstreetmap.org/html/:/usr/share/php/:/tmp/"
-default[:php][:fpm][:options][:disable_functions] = "exec,shell_exec,system,passthru,popen,proc_open"
-default[:php][:fpm][:options][:upload_max_filesize] = "70M"
-default[:php][:fpm][:options][:post_max_size] = "100M"
diff --git a/cookbooks/forum/recipes/default.rb b/cookbooks/forum/recipes/default.rb
index 9128f73de..06929ec3e 100644
--- a/cookbooks/forum/recipes/default.rb
+++ b/cookbooks/forum/recipes/default.rb
@@ -35,6 +35,7 @@ package %w[
   unzip
 ]
 
+apache_module "env"
 apache_module "rewrite"
 
 ssl_certificate "forum.openstreetmap.org" do
diff --git a/cookbooks/forum/templates/default/apache.erb b/cookbooks/forum/templates/default/apache.erb
index 915035659..82942001b 100644
--- a/cookbooks/forum/templates/default/apache.erb
+++ b/cookbooks/forum/templates/default/apache.erb
@@ -38,6 +38,9 @@
 	ErrorLog /var/log/apache2/forum.openstreetmap.org-error.log
 
 	DocumentRoot /srv/forum.openstreetmap.org/html
+
+	ProxyFCGISetEnvIf "true" PHP_ADMIN_VALUE "open_basedir=/srv/forum.openstreetmap.org/html/:/usr/share/php/:/tmp/\ndisable_functions=exec,shell_exec,system,passthru,popen,proc_open"
+	ProxyFCGISetEnvIf "true" PHP_VALUE "upload_max_filesize=70M\npost_max_size=100M"
 </VirtualHost>
 
 <Directory /srv/forum.openstreetmap.org/html>
@@ -48,3 +51,9 @@
 
 	Require all granted
 </Directory>
+
+<Directory /srv/forum.openstreetmap.org/html/img>
+	<FilesMatch ".+\.ph(ar|p|tml)$">
+		SetHandler None
+	</FilesMatch>
+</Directory>
-- 
2.39.5