Add rudimentary support for Laravel

@todo to support laravel, php also write access to:
  ../bootstrap/cache
  ../storage
dirs (relative to "public" web dir)

defaults/main.yml

@@ -26,6 +26,7 @@ vhost_default_location_try_files_defaults:
   drupal8: "{{ vhost_try_files_rewrite_file_only }}"
   mediawiki: "{{ vhost_try_files_rewrite_file_or_dir }}"
   moodle: "{{ vhost_try_files_rewrite_file_or_dir }}"
+  laravel: "{{ vhost_try_files_rewrite_file_or_dir }}"
   wordpress: "{{ vhost_try_files_rewrite_file_or_dir }}"
   php: "{{ vhost_try_files_rewrite_none }}"
   proxy_pass: "{{ vhost_try_files_rewrite_none }}"

tasks/main.yml

@@ -29,6 +29,7 @@
           or web_application == 'wordpress'
           or web_application == 'mediawiki'
           or web_application == 'moodle'
+          or web_application == 'laravel'
     fail_msg: "ERROR: Value for web_application is not supported: {{ web_application }}"
 
 - name: Make sure linux_owner is not the same as php_service_user

templates/etc/nginx/includes/ACCOUNT-PROJECT.core.conf.j2

@@ -326,6 +326,35 @@
     {{ nginx_proxy_pass_blob }}
   }
 
+{% elif web_application == 'laravel' %}
+
+  # Dont allow requests for PHP files in parent directories
+  location ~ \..*/.*\.php$ {
+    return 403;
+  }
+
+  # Dont serve any filename ending with a tilde ... these are almost always backup files
+  location ~* /*~$ {
+    return 403;
+  }
+
+  # Block access to "hidden" files and directories whose names begin with a
+  # period. This includes directories used by version control systems such
+  # as Subversion or Git to store control files.
+  location ~ (^|/)\. {
+    return 403;
+  }
+
+  location / {
+    # try_files $uri $uri/ @rewrite;
+    {{ vhost_try_files_rewrite_conf | indent(4, false) }}
+  }
+
+  location @rewrite {
+    # rewrite ^ /index.php$is_args$args;
+    rewrite ^ {{ rewrite_target }};
+  }
+
 {% elif web_application == 'php' %}
 
   # Generic PHP website