3 files changed, 37 insertions, 1 deletions

diff --git a/tasks/main.yml b/tasks/main.yml
index 66c7848..d197923 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -82,6 +82,22 @@
     group: root
   notify: restart nginx
 
+- name: Verify nginx configuration
+  command: nginx -t
+  changed_when: false
+
+# php-fpm
+
+- name: Install php-fpm pool configuration file
+  template:
+    src: templates/php-fpm.conf
+    dest: /etc/php/7.0/fpm/pool.d/ttrss.conf
+  notify: restart php-fpm
+
+- name: Verify php-fpm configuration
+  command: php-fpm7.0 --test
+  changed_when: false
+
 # Install update feed systemd service
 
 - name: Install systemd update service
diff --git a/templates/nginx.j2 b/templates/nginx.j2
index 2046c35..8a9732d 100644
--- a/templates/nginx.j2
+++ b/templates/nginx.j2
@@ -60,7 +60,7 @@ server {
 		fastcgi_split_path_info ^(.+\.php)(/.+)$;
 
 		# filter and proxy PHP requests to PHP-FPM
-		fastcgi_pass   unix:/var/run/php/php7.0-fpm.sock;
+		fastcgi_pass   unix:/var/run/php/php7.0-fpm-ttrss.sock;
 		fastcgi_index  index.php;
 		include        fastcgi.conf;
 	}
diff --git a/templates/php-fpm.conf b/templates/php-fpm.conf
new file mode 100644
index 0000000..a17ef22
--- /dev/null
+++ b/templates/php-fpm.conf
@@ -0,0 +1,20 @@
+[ttrss]
+user = {{ ttrss_user }}
+group = {{ ttrss_group }}
+
+listen = /var/run/php/php7.0-fpm-ttrss.sock
+listen.owner = www-data
+listen.group = www-data
+
+; Disable possible remote exploit commands
+php_admin_value[disable_functions] = exec,passthru,shell_exec,system
+php_admin_flag[allow_url_fopen] = off
+
+; Pool configuration
+pm = dynamic
+pm.max_children = 5
+pm.start_servers = 2
+pm.min_spare_servers = 1
+pm.max_spare_servers = 3
+
+chdir = /