--- security_ssh_permit_root_login: 'yes' php_default_version_debian: '{{ php_version }}' php_enable_php_fpm: true php_version: 7.4 php_webserver_daemon: nginx php_packages: - 'php{{ php_version }}-cli' - 'php{{ php_version }}-common' - 'php{{ php_version }}-fpm' - 'php{{ php_version }}-gd' - 'php{{ php_version }}-mbstring' - 'php{{ php_version }}-mysql' - 'php{{ php_version }}-pdo' - 'php{{ php_version }}-xml' app_mysql_user: '{{ vault_app_mysql_user }}' app_mysql_password: '{{ vault_app_mysql_password }}' mysql_packages: - mariadb-client - mariadb-server - python-mysqldb mysql_databases: - name: oliverdavies_uk nginx_remove_default_vhost: true nginx_server_tokens: 'off' nginx_vhosts: - listen: 80 server_name: d8.oliverdavies.uk return: 301 https://d8.oliverdavies.uk$request_uri filename: d8.oliverdavies.uk.80.conf - listen: 443 ssl server_name: d8.oliverdavies.uk root: '{{ project_root_path }}/{{ ansistrano_current_dir }}/{{ project_web_dir }}' index: index.php extra_parameters: | rewrite /about / permanent; rewrite /blog/2010/04/05/style-drupal-6s-taxonomy-lists-php-css-and-jquery /blog/style-drupal-6s-taxonomy-lists-php-css-and-jquery permanent; rewrite /blog/2010/04/28/using-imagecache-and-imagecrop-my-portfolio /blog/using-imagecache-and-imagecrop-my-portfolio permanent; rewrite /blog/2010/05/06/conditional-email-addresses-webform /blog/conditional-email-addresses-webform permanent; rewrite /blog/2010/05/10/quickly-create-zen-subthemes-using-zenophile /blog/quickly-create-zen-subthemes-using-zenophile permanent; rewrite /blog/2010/05/25/create-slideshow-multiple-images-using-fancy-slide /blog/create-slideshow-multiple-images-using-fancy-slide permanent; rewrite /blog/2010/05/29/quickly-import-multiples-images-using-imagefieldimport-module /blog/quickly-import-multiples-images-using-imagefieldimport-module permanent; rewrite /blog/2010/06/02/improve-jpg-quality-imagecache-and-imageapi /blog/improve-jpg-quality-imagecache-and-imageapi permanent; rewrite /blog/2010/06/23/create-block-social-media-icons-using-cck-views-and-nodequeue /blog/create-block-social-media-icons-using-cck-views-and-nodequeue permanent; rewrite /blog/2010/06/25/10-useful-drupal-6-modules /blog/10-useful-drupal-6-modules permanent; rewrite /blog/2010/06/28/create-flickr-photo-gallery-using-feeds-cck-and-views /blog/create-flickr-photo-gallery-using-feeds-cck-and-views permanent; rewrite /blog/2010/07/01/change-content-type-multiple-nodes-using-sql /blog/change-content-type-multiple-nodes-using-sql permanent; rewrite /blog/2010/07/02/create-virtual-hosts-mac-os-x-using-virtualhostx /blog/create-virtual-hosts-mac-os-x-using-virtualhostx permanent; rewrite /blog/2010/07/07/add-taxonomy-term-multiple-nodes-using-sql /blog/add-taxonomy-term-multiple-nodes-using-sql permanent; rewrite /blog/2010/07/12/review-teleport-module /blog/review-teleport-module permanent; rewrite /blog/2010/08/10/review-adminhover-module /blog/review-adminhover-module permanent; rewrite /blog/2010/08/11/create-better-photo-gallery-drupal-part-1 /blog/create-better-photo-gallery-drupal-part-1 permanent; rewrite /blog/2010/08/17/create-better-photo-gallery-drupal-part-2 /blog/create-better-photo-gallery-drupal-part-2 permanent; rewrite /blog/2010/08/20/review-image-caption-module /blog/review-image-caption-module permanent; rewrite /blog/2010/09/26/south-wales-drupal-user-group /blog/south-wales-drupal-user-group permanent; rewrite /blog/2010/10/10/create-and-apply-patches /blog/create-and-apply-patches permanent; rewrite /blog/2010/10/13/create-better-photo-gallery-drupal-part-3 /blog/create-better-photo-gallery-drupal-part-3 permanent; rewrite /blog/2010/10/22/create-better-photo-gallery-drupal-part-21 /blog/create-better-photo-gallery-drupal-part-21 permanent; rewrite /blog/2010/11/04/use-regular-expressions-search-and-replace-coda-or-textmate /blog/use-regular-expressions-search-and-replace-coda-or-textmate permanent; rewrite /blog/2011/02/14/easily-embed-typekit-fonts-your-drupal-website /blog/easily-embed-typekit-fonts-your-drupal-website permanent; rewrite /blog/2011/03/15/display-number-facebook-fans-php /blog/display-number-facebook-fans-php permanent; rewrite /blog/2011/03/31/proctor-stevenson /blog/proctor-stevenson permanent; rewrite /blog/2011/05/20/proctors-hosting-next-drupal-meetup /blog/proctors-hosting-next-drupal-meetup permanent; rewrite /blog/2011/05/23/imagefield-import-archive /blog/imagefield-import-archive permanent; rewrite /blog/2011/08/28/create-multigroups-drupal-7-using-field-collections /blog/create-multigroups-drupal-7-using-field-collections permanent; rewrite /blog/2011/10/19/install-and-configure-subversion-svn-server-ubuntu /blog/install-and-configure-subversion-svn-server-ubuntu permanent; rewrite /blog/2012/01/04/site-upgraded-drupal-7 /blog/site-upgraded-drupal-7 permanent; rewrite /blog/2012/02/01/use-authorized-keys-create-passwordless-ssh-connection /blog/use-authorized-keys-create-passwordless-ssh-connection permanent; rewrite /blog/2012/04/16/create-omega-subtheme-less-css-preprocessor-using-omega-tools-and-drush /blog/create-omega-subtheme-less-css-preprocessor-using-omega-tools-and-drush permanent; rewrite /blog/2012/04/17/installing-nagios-centos /blog/installing-nagios-centos permanent; rewrite /blog/2012/04/19/adding-custom-theme-templates-drupal-7 /blog/adding-custom-theme-templates-drupal-7 permanent; rewrite /blog/2012/05/23/add-date-popup-calendar-custom-form /blog/add-date-popup-calendar-custom-form permanent; rewrite /blog/2012/05/23/checkout-specific-revision-svn-command-line /blog/checkout-specific-revision-svn-command-line permanent; rewrite /blog/2012/05/23/forward-one-domain-another-using-mod-rewrite-and-htaccess /blog/forward-one-domain-another-using-mod-rewrite-and-htaccess permanent; rewrite /blog/2012/05/23/prevent-apache-displaying-text-files-within-web-browser /blog/prevent-apache-displaying-text-files-within-web-browser permanent; rewrite /blog/2012/05/23/writing-info-file-drupal-7-theme /blog/writing-info-file-drupal-7-theme permanent; rewrite /blog/2012/05/24/dividing-drupals-process-and-preprocess-functions-separate-files /blog/dividing-drupals-process-and-preprocess-functions-separate-files permanent; rewrite /blog/2012/07/12/my-new-drupal-modules /blog/my-new-drupal-modules permanent; rewrite /blog/2012/07/14/install-nomensa-media-player-drupal /blog/install-nomensa-media-player-drupal permanent; rewrite /blog/2012/07/27/writing-article-linux-journal /blog/writing-article-linux-journal permanent; rewrite /blog/2012/08/18/display-custom-menu-drupal-7-theme-template-file /blog/display-custom-menu-drupal-7-theme-template-file permanent; rewrite /blog/2012/09/06/reflections-speaking-unifieddiff /blog/reflections-speaking-unifieddiff permanent; rewrite /blog/2012/10/25/my-sublime-text-2-settings /blog/my-sublime-text-2-settings permanent; rewrite /blog/2012/11/15/accessible-bristol-site-launched /blog/accessible-bristol-site-launched permanent; rewrite /blog/2012/11/17/open-sublime-text-2-mac-os-x-command-line /blog/open-sublime-text-2-mac-os-x-command-line permanent; rewrite /blog/2012/12/06/use-sass-and-compass-drupal-7-using-sassy /blog/use-sass-and-compass-drupal-7-using-sassy permanent; rewrite /blog/2013/01/09/checking-if-user-logged-drupal-right-way /blog/checking-if-user-logged-drupal-right-way permanent; rewrite /blog/2013/02/16/creating-and-using-custom-tokens-drupal-7 /blog/creating-and-using-custom-tokens-drupal-7 permanent; rewrite /blog/2013/03/02/quickest-way-install-sublime-text-2-ubuntu /blog/quickest-way-install-sublime-text-2-ubuntu permanent; rewrite /blog/2013/04/20/leaving-nomensa-joining-precedent /blog/leaving-nomensa-joining-precedent permanent; rewrite /blog/2013/04/27/display-git-branch-or-tag-names-your-bash-prompt /blog/display-git-branch-or-tag-names-your-bash-prompt permanent; rewrite /blog/2013/06/13/some-useful-links-using-simpletest-drupal /blog/some-useful-links-using-simpletest-drupal permanent; rewrite /blog/2013/07/17/creating-local-and-staging-sites-drupals-domain-module-enabled /blog/creating-local-and-staging-sites-drupals-domain-module-enabled permanent; rewrite /blog/2013/07/26/going-drupalcon /blog/going-drupalcon permanent; rewrite /blog/2013/09/06/create-a-zen-sub-theme-using-drush /blog/create-a-zen-sub-theme-using-drush permanent; rewrite /blog/2013/11/19/dont-bootstrap-drupal-use-drush /blog/dont-bootstrap-drupal-use-drush permanent; rewrite /blog/2013/11/27/useful-vagrant-commands /blog/useful-vagrant-commands permanent; rewrite /blog/2013/12/24/quickly-apply-patches-using-git-and-curl-or-wget /blog/quickly-apply-patches-using-git-and-curl-or-wget permanent; rewrite /blog/2013/12/31/download-different-versions-drupal-drush /blog/download-different-versions-drupal-drush permanent; rewrite /blog/2014/01/15/some-useful-git-aliases /blog/some-useful-git-aliases permanent; rewrite /blog/2014/02/09/drupalcamp-london-2014 /blog/drupalcamp-london-2014 permanent; rewrite /blog/2014/03/03/what-git-flow /blog/what-git-flow permanent; rewrite /blog/2014/05/03/drupal-association /blog/drupal-association permanent; rewrite /blog/2014/05/06/thanks /blog/thanks permanent; rewrite /blog/2014/05/21/git-format-patch /blog/git-format-patch permanent; rewrite /blog/2014/07/02/drush-make-drupalbristol /blog/drush-make-drupalbristol permanent; rewrite /blog/2014/10/06/fix-vagrant-loading-wrong-virtual-machine /blog/fix-vagrant-loading-wrong-virtual-machine permanent; rewrite /blog/2014/10/21/updating-features-and-adding-components-using-drush /blog/updating-features-and-adding-components-using-drush permanent; rewrite /blog/2014/11/18/include-css-fonts-using-sass-each-loop /blog/include-css-fonts-using-sass-each-loop permanent; rewrite /blog/2014/11/20/using-remote-files-when-developing-locally-with-stage-file-proxy-module /blog/using-remote-files-when-developing-locally-with-stage-file-proxy-module permanent; rewrite /blog/2014/11/27/pantheon-settings-files /blog/pantheon-settings-files permanent; rewrite /blog/2014/12/20/include-local-drupal-settings-file-environment-configuration-and-overrides /blog/include-local-drupal-settings-file-environment-configuration-and-overrides permanent; rewrite /blog/2015/04/03/how-to-define-a-minimum-drupal-core-version /blog/how-to-define-a-minimum-drupal-core-version permanent; rewrite /blog/2015/06/18/updating-forked-repositories-on-github /blog/updating-forked-repositories-on-github permanent; rewrite /blog/2015/07/19/sculpin-twig-resources /blog/sculpin-twig-resources permanent; rewrite /blog/2015/07/21/automating-sculpin-jenkins /blog/automating-sculpin-jenkins permanent; rewrite /blog/2015/12/22/programmatically-load-an-entityform-in-drupal-7 /blog/programmatically-load-an-entityform-in-drupal-7 permanent; rewrite /blog/2016/02/15/announcing-the-drupal-vm-generator /blog/announcing-the-drupal-vm-generator permanent; rewrite /blog/2016/05/03/simplifying-drupal-migrations-with-xautoload /blog/simplifying-drupal-migrations-with-xautoload permanent; rewrite /blog/2016/07/15/building-gmail-filters-with-php /blog/building-gmail-filters-with-php permanent; rewrite /blog/2016/12/30/drupal-vm-generator-291-released /blog/drupal-vm-generator-291-released permanent; rewrite /blog/2017/01/07/easier-sculpin-commands-with-composer-and-npm-scripts /blog/easier-sculpin-commands-with-composer-and-npm-scripts permanent; rewrite /blog/2017/01/31/nginx-redirects-with-query-string-arguments /blog/nginx-redirects-with-query-string-arguments permanent; rewrite /blog/2017/05/05/fixing-drupal-simpletest-docker /blog/2017/05/05/fixing-drupal-simpletest-issues-inside-docker-containers permanent; rewrite /blog/2017/05/05/fixing-drupal-simpletest-issues-inside-docker-containers /blog/fixing-drupal-simpletest-issues-inside-docker-containers permanent; rewrite /blog/2017/06/09/introducing-the-drupal-meetups-twitterbot /blog/introducing-the-drupal-meetups-twitterbot permanent; rewrite /blog/2017/11/07/tdd-test-driven-drupal /blog/tdd-test-driven-drupal permanent; rewrite /blog/2017/11/07/writing-drupal-module-test-driven-development-tdd /blog/2017/11/07/tdd-test-driven-drupal permanent; rewrite /blog/2018/01/30/drupalcamp-bristol-2018 /blog/drupalcamp-bristol-2018 permanent; rewrite /blog/2018/02/05/using-tailwind-css-in-your-drupal-theme /blog/using-tailwind-css-in-your-drupal-theme permanent; rewrite /blog/2018/02/27/looking-forward-to-drupalcamp-london /blog/looking-forward-to-drupalcamp-london permanent; rewrite /blog/2018/02/27/queuing-private-messages-in-drupal-8 /blog/queuing-private-messages-in-drupal-8 permanent; rewrite /blog/2018/02/28/building-the-new-phpsw-website /blog/building-the-new-phpsw-website permanent; rewrite /blog/2018/03/02/yay-the-mediacurrent-contrib-half-hour-is-back /blog/yay-the-mediacurrent-contrib-half-hour-is-back permanent; rewrite /blog/2018/03/04/tweets-from-drupalcamp-london /blog/tweets-from-drupalcamp-london permanent; rewrite /blog/2018/05/06/creating-a-custom-phpunit-command-for-docksal /blog/creating-a-custom-phpunit-command-for-docksal permanent; rewrite /blog/announcing-the-drupal-vm-config-generator /blog/announcing-the-drupal-vm-generator permanent; rewrite /blog/drush-make-drupalbristol /talks/drush-make-drupalbristol permanent; rewrite /blog/system-users-null-users /blog/null-users-and-system-users-in-drupal permanent; rewrite /blog/tweets-from-drupalcamp-london /blog/tweets-drupalcamp-london permanent; rewrite /blog /articles permanent; rewrite /blog.xml /feed permanent; rewrite /blog/* /blog/:splat permanent; rewrite /book /test-driven-drupal permanent; rewrite /consulting / permanent; rewrite /cv https://cv.oliverdavies.uk permanent; rewrite /drupal https://www.drupal.org/u/opdavies permanent; rewrite /drupalgive https://www.drupal.org/u/opdavies permanent; rewrite /experience https://cv.oliverdavies.uk permanent; rewrite /git-flow /talks/git-flow permanent; rewrite /github https://github.com/opdavies permanent; rewrite /joindin https://joind.in/user/opdavies permanent; rewrite /linkedin https://www.linkedin.com/in/opdavies permanent; rewrite /packagist https://packagist.org/packages/opdavies permanent; rewrite /services /experience permanent; rewrite /slides/bristol-dug/drupal-vm-generator http://opdavies.github.io/slides-drupal-vm-generator permanent; rewrite /slides/phpsw/building-static-websites-with-sculpin https://opdavies.github.io/slides-phpsw-sculpin permanent; rewrite /speakerdeck https://speakerdeck.com/opdavies permanent; rewrite /speaking /talks permanent; rewrite /talks/2012/09/05/what-is-this-drupal-thing-unified-diff /talks/what-is-this-drupal-thing permanent; rewrite /talks/2013/07/10/drupal-ldap-swdug /talks/drupal-ldap permanent; rewrite /talks/2014/03/01/git-flow-drupalcamp-london-2014 /talks/git-flow permanent; rewrite /talks/2014/07/02/drush-make-drupalbristol-drupal-bristol /talks/drush-make-drupalbristol permanent; rewrite /talks/2014/08/19/drupal-association-swdug /talks/drupal-association permanent; rewrite /talks/2015/01/18/drupalorg-2015-drupalcamp-brighton-2015 /talks/drupalorg-in-2015-whats-coming-next permanent; rewrite /talks/2015/02/28/drupalorg-2015-drupalcamp-london-2015 /talks/drupalorg-in-2015-whats-coming-next permanent; rewrite /talks/2015/04/08/drupal-8-phpsw /talks/drupal-8 permanent; rewrite /talks/2015/07/25/test-drive-twig-with-sculpin-drupalcamp-north-2015 /talks/test-drive-twig-with-sculpin permanent; rewrite /talks/2015/08/25/dancing-for-drupal-umbristol /talks/dancing-for-drupal permanent; rewrite /talks/2015/10/14/sculpin-phpsw /talks/sculpin permanent; rewrite /talks/2016/03/05/drupal-8-module-development-drupalcamp-london-2016 /talks/getting-started-with-drupal-8-module-development permanent; rewrite /talks/2016/03/09/drupal-vm-generator-nwdug /talks/drupal-vm-generator permanent; rewrite /talks/2016/04/02/drupal-vm-generator-drupal-bristol /talks/drupal-vm-generator permanent; rewrite /talks/2016/06/11/drupal-8-rejoining-the-herd-php-south-coast-2016 /talks/drupal-8-rejoining-the-herd permanent; rewrite /talks/2016/07/23/drupal-vm-meet-symfony-console-drupalcamp-bristol-2016 /talks/drupal-vm-meet-symfony-console permanent; rewrite /talks/2016/11/09/drupal-development-with-composer-phpsw /talks/drupal-development-with-composer permanent; rewrite /talks/2016/11/17/goodbye-drush-make-hello-composer-drupal-bristol /talks/goodbye-drush-make-hello-composer permanent; rewrite /talks/2017/01/18/getting-your-data-into-drupal-8-drupal-bristol /talks/getting-your-data-into-drupal-8 permanent; rewrite /talks/2017/03/04/getting-your-data-into-drupal-8-drupalcamp-london-2017 /talks/getting-your-data-into-drupal-8 permanent; rewrite /talks/archive /talks permanent; rewrite /talks/deploying-php-applications-with-fabric /talks/deploying-php-fabric permanent; rewrite /talks/drupal-vm-generator-2 /talks/drupal-vm-generator permanent; rewrite /talks/drupalorg-2015-2 /talks/drupalorg-2015 permanent; rewrite /talks/drupalorg-in-2015-whats-coming-next /talks/drupalorg-2015 permanent; rewrite /talks/getting-started-with-drupal-8-module-development /drupal-8-module-development permanent; rewrite /talks/sculpin /talks/building-static-websites-sculpin permanent; rewrite /talks/using-laravel-collections-outside-laravel /talks/using-illuminate-collections-outside-laravel permanent; rewrite /terms-and-conditions /terms permanent; rewrite /twitter https://twitter.com/opdavies permanent; rewrite /work /experience permanent; rewrite /youtube https://www.youtube.com/channel/UCkeK0qF9HHUPQH_fvn4ghqQ permanent; ssl_certificate /etc/letsencrypt/live/d8.oliverdavies.uk/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/d8.oliverdavies.uk/privkey.pem; location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } # Very rarely should these ever be accessed outside of your lan location ~* \.(txt|log)$ { allow 192.168.0.0/16; deny all; } location ~ \..*/.*\.php$ { return 403; } location ~ ^/sites/.*/private/ { return 403; } # Block access to scripts in site files directory location ~ ^/sites/[^/]+/files/.*\.php$ { deny all; } # Allow "Well-Known URIs" as per RFC 5785 location ~* ^/.well-known/ { allow all; } # Block access to "hidden" files and directories whose names begin with a # period. This includes directories used by version control systems such # as Subversion or Git to store control files. location ~ (^|/)\. { return 403; } location / { try_files $uri /index.php?$query_string; # For Drupal >= 7 } location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } # Don't allow direct access to PHP files in the vendor directory. location ~ /vendor/.*\.php$ { deny all; return 404; } location ~ '\.php$|^/update.php' { try_files $uri =404; fastcgi_split_path_info ^(.+?\.php)(|/.*)$; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param QUERY_STRING $query_string; fastcgi_intercept_errors on; fastcgi_pass localhost:9000; } # Fighting with Styles? This little gem is amazing. # location ~ ^/sites/.*/files/imagecache/ { # For Drupal <= 6 location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7 try_files $uri @rewrite; } # Handle private files through Drupal. location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7 try_files $uri /index.php?$query_string; } location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ { try_files $uri @rewrite; expires max; log_not_found off; } # Enforce clean URLs if ($request_uri ~* "^(.*/)index\.php(.*)") { return 307 $1$2; } certbot_create_if_missing: true certbot_create_method: standalone certbot_admin_email: oliver+certbot@oliverdavies.uk certbot_certs: - domains: [d8.oliverdavies.uk]