├── etc
├── container.ini
├── httpd
│ ├── conf.modules.d
│ │ ├── 00-lua.conf
│ │ ├── 00-systemd.conf
│ │ ├── 00-dav.conf
│ │ ├── 10-php.conf
│ │ ├── 01-cgi.conf
│ │ ├── 00-mpm.conf
│ │ ├── 00-proxy.conf
│ │ └── 00-base.conf
│ ├── conf.d
│ │ ├── README
│ │ ├── php.conf
│ │ ├── welcome.conf
│ │ ├── userdir.conf
│ │ ├── autoindex.conf
│ │ └── ssl.conf
│ └── conf
│ │ ├── httpd.conf
│ │ └── magic
├── root
│ ├── avantfax-3.3.7.tgz
│ ├── avantfax_modems.sh
│ └── avantfax_config.php
├── yum.repos.d
│ ├── commercial-addons.repo
│ ├── webmin.repo
│ ├── Sangoma-fasttrack.repo
│ ├── Sangoma-Commercial.repo
│ └── Sangoma-Base.repo
├── shorewall
│ ├── interfaces
│ ├── zones
│ ├── policy
│ └── rules
├── iaxmodem
│ └── ttyIAX0
├── systemd
│ └── system
│ │ ├── freepbx.service
│ │ └── containerstartup.service
├── asterisk
│ ├── iax_custom.conf
│ └── extensions_custom.conf
├── fail2ban
│ ├── filter.d
│ │ ├── wordpress.conf
│ │ ├── sshd-ddos.conf
│ │ ├── asterisk_manager.conf
│ │ ├── wordpress-soft.conf
│ │ ├── mor_ddos.conf
│ │ ├── wordpress-hard.conf
│ │ ├── asterisk_cli.conf
│ │ └── asterisk.conf
│ └── jail.local
├── webmin
│ ├── mysql
│ │ └── config
│ ├── postfix
│ │ └── config
│ ├── mailboxes
│ │ └── config
│ └── bind8
│ │ └── config
├── yum.conf
├── rc.d
│ └── init.d
│ │ └── iaxmodem
├── containerstartup.sh
├── mysql
│ └── my.cnf
└── php.ini
├── pics
├── obiata.jpg
├── obigv.jpg
├── obiata1.jpg
├── obiata2.jpg
├── obiata-gv.jpg
├── obiatpbx1.jpg
├── obiatpbx2.jpg
├── obiatpbx3.jpg
├── obiatpbx4.jpg
├── obiatpbx5.jpg
├── obiatpbx6.jpg
├── obiatpbx7.jpg
├── obiatpbxIn.jpg
├── obiatpbxOut.jpg
├── obisetup1.jpg
├── obisetup2.jpg
├── obisetup3.jpg
├── obisetup4.jpg
├── obisetup5.jpg
└── obisetup6.jpg
├── README.md
└── Dockerfile
/etc/container.ini:
--------------------------------------------------------------------------------
1 | SSH=2122
2 | SHOREWALL=eth0
3 | HTTP=80
4 | SSL=443
5 |
--------------------------------------------------------------------------------
/etc/httpd/conf.modules.d/00-lua.conf:
--------------------------------------------------------------------------------
1 | LoadModule lua_module modules/mod_lua.so
2 |
--------------------------------------------------------------------------------
/pics/obiata.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/pics/obiata.jpg
--------------------------------------------------------------------------------
/pics/obigv.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/pics/obigv.jpg
--------------------------------------------------------------------------------
/pics/obiata1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/pics/obiata1.jpg
--------------------------------------------------------------------------------
/pics/obiata2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/pics/obiata2.jpg
--------------------------------------------------------------------------------
/pics/obiata-gv.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/pics/obiata-gv.jpg
--------------------------------------------------------------------------------
/pics/obiatpbx1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/pics/obiatpbx1.jpg
--------------------------------------------------------------------------------
/pics/obiatpbx2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/pics/obiatpbx2.jpg
--------------------------------------------------------------------------------
/pics/obiatpbx3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/pics/obiatpbx3.jpg
--------------------------------------------------------------------------------
/pics/obiatpbx4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/pics/obiatpbx4.jpg
--------------------------------------------------------------------------------
/pics/obiatpbx5.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/pics/obiatpbx5.jpg
--------------------------------------------------------------------------------
/pics/obiatpbx6.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/pics/obiatpbx6.jpg
--------------------------------------------------------------------------------
/pics/obiatpbx7.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/pics/obiatpbx7.jpg
--------------------------------------------------------------------------------
/pics/obiatpbxIn.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/pics/obiatpbxIn.jpg
--------------------------------------------------------------------------------
/pics/obiatpbxOut.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/pics/obiatpbxOut.jpg
--------------------------------------------------------------------------------
/pics/obisetup1.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/pics/obisetup1.jpg
--------------------------------------------------------------------------------
/pics/obisetup2.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/pics/obisetup2.jpg
--------------------------------------------------------------------------------
/pics/obisetup3.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/pics/obisetup3.jpg
--------------------------------------------------------------------------------
/pics/obisetup4.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/pics/obisetup4.jpg
--------------------------------------------------------------------------------
/pics/obisetup5.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/pics/obisetup5.jpg
--------------------------------------------------------------------------------
/pics/obisetup6.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/pics/obisetup6.jpg
--------------------------------------------------------------------------------
/etc/root/avantfax-3.3.7.tgz:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/TheTechsTech/freepbx/master/etc/root/avantfax-3.3.7.tgz
--------------------------------------------------------------------------------
/etc/httpd/conf.modules.d/00-systemd.conf:
--------------------------------------------------------------------------------
1 | # This file configures systemd module:
2 | LoadModule systemd_module modules/mod_systemd.so
3 |
--------------------------------------------------------------------------------
/etc/yum.repos.d/commercial-addons.repo:
--------------------------------------------------------------------------------
1 | [commercial-addons]
2 | name=Loway Research Yum Repository
3 | baseurl=http://yum.loway.ch/RPMS
4 | gpgcheck=0
5 | enabled=1
6 |
--------------------------------------------------------------------------------
/etc/shorewall/interfaces:
--------------------------------------------------------------------------------
1 | #ZONE INTERFACE BROADCAST OPTIONS
2 | net docker0 detect bridge,routefilter,tcpflags,logmartians,nosmurfs
3 |
4 |
--------------------------------------------------------------------------------
/etc/httpd/conf.modules.d/00-dav.conf:
--------------------------------------------------------------------------------
1 | LoadModule dav_module modules/mod_dav.so
2 | LoadModule dav_fs_module modules/mod_dav_fs.so
3 | LoadModule dav_lock_module modules/mod_dav_lock.so
4 |
--------------------------------------------------------------------------------
/etc/shorewall/zones:
--------------------------------------------------------------------------------
1 | #ZONE TYPE OPTIONS IN OUT
2 | # OPTIONS OPTIONS
3 | fw firewall
4 | net ipv4
5 |
6 |
--------------------------------------------------------------------------------
/etc/yum.repos.d/webmin.repo:
--------------------------------------------------------------------------------
1 | [Webmin]
2 | name=Webmin Distribution Neutral
3 | #baseurl=http://download.webmin.com/download/yum
4 | mirrorlist=http://download.webmin.com/download/yum/mirrorlist
5 | enabled=1
6 |
7 |
--------------------------------------------------------------------------------
/etc/iaxmodem/ttyIAX0:
--------------------------------------------------------------------------------
1 | device /dev/ttyIAX0
2 | owner uucp:uucp
3 | mode 660
4 | port 4570
5 | refresh 60
6 | server 127.0.0.1
7 | peername 19999
8 | secret CLEARTEXT_PASSWORD
9 | cidname Fax System
10 | cidnumber 9999999999
11 | codec ulaw
--------------------------------------------------------------------------------
/etc/shorewall/policy:
--------------------------------------------------------------------------------
1 | #SOURCE DEST POLICY LOG LEVEL LIMIT:BURST
2 | $FW all ACCEPT
3 | net all DROP info
4 | # The FOLLOWING POLICY MUST BE LAST
5 | all all REJECT info
6 |
--------------------------------------------------------------------------------
/etc/systemd/system/freepbx.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=FreePBX VoIP Server
3 | After=mariadb.service
4 |
5 | [Service]
6 | Type=oneshot
7 | RemainAfterExit=yes
8 | ExecStart=/usr/sbin/fwconsole start -q
9 | ExecStop=/usr/sbin/fwconsole stop -q
10 |
11 | [Install]
12 | WantedBy=multi-user.target
13 |
--------------------------------------------------------------------------------
/etc/yum.repos.d/Sangoma-fasttrack.repo:
--------------------------------------------------------------------------------
1 | [fasttrack-sangoma]
2 | name=Sangoma-7 - fasttrack
3 | mirrorlist=http://mirrorlist.sangoma.net/?release=$releasever&arch=$basearch&repo=fasttrack&dist=$dist
4 | #baseurl=http:/package1.sangoma.net/sng7/$releasever/fasttrack/$basearch/
5 | gpgcheck=1
6 | enabled=1
7 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
8 |
--------------------------------------------------------------------------------
/etc/yum.repos.d/Sangoma-Commercial.repo:
--------------------------------------------------------------------------------
1 | [sng-commercial]
2 | name=Sangoma-$releasever - Commercial Modules
3 | mirrorlist=http://mirrorlist.sangoma.net/?release=$releasever&arch=$basearch&repo=commercial&dist=$dist
4 | #baseurl=http:/package1.sangoma.net/sng7/$releasever/commercial/$basearch/
5 | gpgcheck=0
6 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Sangoma-7
7 | enabled=0
8 |
--------------------------------------------------------------------------------
/etc/httpd/conf.modules.d/10-php.conf:
--------------------------------------------------------------------------------
1 | #
2 | # PHP is an HTML-embedded scripting language which attempts to make it
3 | # easy for developers to write dynamically generated webpages.
4 | #
5 |
6 | LoadModule php5_module modules/libphp5.so
7 |
8 |
9 |
10 | LoadModule php5_module modules/libphp5-zts.so
11 |
12 |
13 |
--------------------------------------------------------------------------------
/etc/asterisk/iax_custom.conf:
--------------------------------------------------------------------------------
1 | [19999]
2 | deny=0.0.0.0/0.0.0.0
3 | secret=CLEARTEXT_PASSWORD
4 | transfer=yes
5 | host=dynamic
6 | type=friend
7 | port=4570
8 | qualify=yes
9 | dial=IAX2/19999
10 | accountcode=
11 | permit=0.0.0.0/0.0.0.0
12 | requirecalltoken=no
13 | context=from-internal
14 | secret_origional=CLEARTEXT_PASSWORD
15 | callerid=Fax System <19999>
16 | setvar=REALCALLERIDNUM=
17 |
--------------------------------------------------------------------------------
/etc/httpd/conf.d/README:
--------------------------------------------------------------------------------
1 |
2 | This directory holds configuration files for the Apache HTTP Server;
3 | any files in this directory which have the ".conf" extension will be
4 | processed as httpd configuration files. The directory is used in
5 | addition to the directory /etc/httpd/conf.modules.d/, which contains
6 | configuration files necessary to load modules.
7 |
8 | Files are processed in alphabetical order.
9 |
10 |
--------------------------------------------------------------------------------
/etc/systemd/system/containerstartup.service:
--------------------------------------------------------------------------------
1 | [Unit]
2 | Description=Check docker's 'ENV' on container startup
3 | After=iptables.service, denyhosts.service, shorewall.service, fail2ban.service, mariadb.service, asterisk.service, httpd.service, postfix.service, freepbx.service, crond.service, rsyslog.service, iaxmodem.service, webmin.service
4 |
5 | [Service]
6 | Type=oneshot
7 | RemainAfterExit=no
8 | ExecStart=/containerstartup.sh
9 |
10 | [Install]
11 | WantedBy=multi-user.target
12 |
--------------------------------------------------------------------------------
/etc/asterisk/extensions_custom.conf:
--------------------------------------------------------------------------------
1 |
2 | [custom-fax-iaxmodem]
3 | exten => s,1,Answer
4 | exten => s,n,Wait(1)
5 | exten => s,n,SendDTMF(1)
6 | exten => s,n,Dial(IAX2/19999/${EXTEN})
7 | exten => s,n,Busy
8 | exten => s,n,Hangup
9 |
10 | [from-fax]
11 | exten => _x.,1,Dial(local/${EXTEN}@from-internal)
12 | exten => _x.,n,Goto(outbound-allroutes,${EXTEN},1)
13 | exten => _x.,n,Hangup
14 |
15 | [ext-did-custom]
16 | exten => fax,1,Noop(Fax detected!)
17 | exten => fax,2,Goto(custom-fax-iaxmodem,s,1)
18 |
--------------------------------------------------------------------------------
/etc/fail2ban/filter.d/wordpress.conf:
--------------------------------------------------------------------------------
1 | # WordPress fail2ban protection from The Digital FAQ (digitalFAQ.com)
2 |
3 | [INCLUDES]
4 | before = common.conf
5 |
6 | [Definition]
7 | _daemon = wordpress
8 | failregex = ^%(__prefix_line)sAuthentication failure for .* from $
9 | ignoreregex =
10 |
11 | ##########################################
12 |
13 | # Option: ignoreregex
14 | # Notes.: regex to ignore. If this regex matches, the line is ignored.
15 | # Values: TEXT
16 | # ^ ignore blog owner IP addresses!
--------------------------------------------------------------------------------
/etc/httpd/conf.modules.d/01-cgi.conf:
--------------------------------------------------------------------------------
1 | # This configuration file loads a CGI module appropriate to the MPM
2 | # which has been configured in 00-mpm.conf. mod_cgid should be used
3 | # with a threaded MPM; mod_cgi with the prefork MPM.
4 |
5 |
6 | LoadModule cgid_module modules/mod_cgid.so
7 |
8 |
9 | LoadModule cgid_module modules/mod_cgid.so
10 |
11 |
12 | LoadModule cgi_module modules/mod_cgi.so
13 |
14 |
15 |
--------------------------------------------------------------------------------
/etc/webmin/mysql/config:
--------------------------------------------------------------------------------
1 | date_subs=0
2 | max_text=1000
3 | perpage=25
4 | stop_cmd=service mariadb stop
5 | mysqldump=/usr/bin/mysqldump
6 | nodbi=0
7 | mysql_libs=
8 | sock=
9 | encoding=
10 | max_dbs=50
11 | start_cmd=service mariadb start
12 | mysql_data=/var/lib/mysql
13 | mysqlimport=/usr/bin/mysqlimport
14 | access=*: *
15 | webmin_subs=0
16 | style=0
17 | charset=
18 | port=
19 | mysqld=
20 | my_cnf=/etc/my.cnf
21 | host=
22 | login=root
23 | mysqlshow=/usr/bin/mysqlshow
24 | mysql=/usr/bin/mysql
25 | nopwd=1
26 | add_mode=1
27 | passwd_mode=0
28 | blob_mode=0
29 | mysqladmin=/usr/bin/mysqladmin
30 | pass=CLEARTEXT_PASSWORD
31 |
--------------------------------------------------------------------------------
/etc/fail2ban/filter.d/sshd-ddos.conf:
--------------------------------------------------------------------------------
1 | # Fail2Ban configuration file
2 | #
3 | # Author: Yaroslav Halchenko
4 | #
5 | # $Revision$
6 | #
7 |
8 | [Definition]
9 |
10 | # Option: failregex
11 | # Notes.: regex to match the password failures messages in the logfile. The
12 | # host must be matched by a group named "host". The tag "" can
13 | # be used for standard IP/hostname matching and is only an alias for
14 | # (?:::f{4,6}:)?(?P[\w\-.^_]+)
15 | # Values: TEXT
16 | #
17 | failregex = sshd(?:\[\d+\])?: Did not receive identification string from $
18 |
19 | # Option: ignoreregex
20 | # Notes.: regex to ignore. If this regex matches, the line is ignored.
21 | # Values: TEXT
22 | #
23 | ignoreregex =
24 |
--------------------------------------------------------------------------------
/etc/httpd/conf.d/php.conf:
--------------------------------------------------------------------------------
1 | #
2 | # Cause the PHP interpreter to handle files with a .php extension.
3 | #
4 | AddHandler php5-script .php
5 | AddType text/html .php
6 |
7 | #
8 | # Add index.php to the list of files that will be served as directory
9 | # indexes.
10 | #
11 | DirectoryIndex index.php
12 |
13 | #
14 | # Uncomment the following line to allow PHP to pretty-print .phps
15 | # files as PHP source code:
16 | #
17 | #AddType application/x-httpd-php-source .phps
18 |
19 | #
20 | # Apache specific PHP configuration options
21 | # those can be override in each configured vhost
22 | #
23 | php_value session.save_handler "files"
24 | php_value session.save_path "/var/lib/php/session"
25 | php_value soap.wsdl_cache_dir "/var/lib/php/wsdlcache"
26 |
--------------------------------------------------------------------------------
/etc/webmin/postfix/config:
--------------------------------------------------------------------------------
1 | mailq_cmd=postqueue -p
2 | postfix_config_file=/etc/postfix/main.cf
3 | mailq_sort=0
4 | postfix_config_command=/usr/sbin/postconf
5 | mailq_count=0
6 | postfix_control_command=/usr/sbin/postfix
7 | perpage=20
8 | ldap_doms=0
9 | delete_warn=1
10 | fwd_mode=0
11 | wrap_width=80
12 | postfix_aliases_table_command=/usr/sbin/postalias
13 | delete_confirm=1
14 | sort_mode=0
15 | show_cmts=0
16 | check_config=1
17 | mailq_dir=/var/spool/postfix
18 | max_maps=100
19 | postfix_queue_command=postqueue
20 | prefix_cmts=0
21 | postcat_cmd=/usr/sbin/postcat
22 | index_check=1
23 | postfix_super_command=/usr/sbin/postsuper
24 | postfix_master=/etc/postfix/master.cf
25 | top_buttons=1
26 | max_records=200
27 | columns=2
28 | postfix_newaliases_command=/usr/bin/newaliases
29 | postfix_lookup_table_command=/usr/sbin/postmap
30 |
--------------------------------------------------------------------------------
/etc/httpd/conf.modules.d/00-mpm.conf:
--------------------------------------------------------------------------------
1 | # Select the MPM module which should be used by uncommenting exactly
2 | # one of the following LoadModule lines:
3 |
4 | # prefork MPM: Implements a non-threaded, pre-forking web server
5 | # See: http://httpd.apache.org/docs/2.4/mod/prefork.html
6 | LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
7 |
8 | # worker MPM: Multi-Processing Module implementing a hybrid
9 | # multi-threaded multi-process web server
10 | # See: http://httpd.apache.org/docs/2.4/mod/worker.html
11 | #
12 | #LoadModule mpm_worker_module modules/mod_mpm_worker.so
13 |
14 | # event MPM: A variant of the worker MPM with the goal of consuming
15 | # threads only for connections with active processing
16 | # See: http://httpd.apache.org/docs/2.4/mod/event.html
17 | #
18 | #LoadModule mpm_event_module modules/mod_mpm_event.so
19 |
20 |
--------------------------------------------------------------------------------
/etc/fail2ban/filter.d/asterisk_manager.conf:
--------------------------------------------------------------------------------
1 | # Fail2Ban configuration file
2 | #
3 | #
4 | # $Revision: 250 $
5 | #
6 |
7 | [INCLUDES]
8 |
9 | # Read common prefixes. If any customizations available -- read them from
10 | # common.local
11 | #before = common.conf
12 |
13 |
14 | [Definition]
15 |
16 | #_daemon = asterisk
17 |
18 | # Option: failregex
19 | # Notes.: regex to match the password failures messages in the logfile. The
20 | # host must be matched by a group named "host". The tag ""can
21 | # be used for standard IP/hostname matching and is only an aliasfor
22 | # (?:::f{4,6}:)?(?P\S+)
23 | # Values: TEXT
24 | #
25 |
26 | failregex = .*NOTICE.* tried to authenticate with nonexistent user.*
27 |
28 |
29 | # Option: ignoreregex
30 | # Notes.: regex to ignore. If this regex matches, the line is ignored.
31 | # Values: TEXT
32 | #
33 | ignoreregex =
34 |
--------------------------------------------------------------------------------
/etc/httpd/conf.d/welcome.conf:
--------------------------------------------------------------------------------
1 | #
2 | # This configuration file enables the default "Welcome" page if there
3 | # is no default index page present for the root URL. To disable the
4 | # Welcome page, comment out all the lines below.
5 | #
6 | # NOTE: if this file is removed, it will be restored on upgrades.
7 | #
8 |
9 | Options -Indexes
10 | ErrorDocument 403 /.noindex.html
11 |
12 |
13 |
14 | AllowOverride None
15 | Require all granted
16 |
17 |
18 | Alias /.noindex.html /usr/share/httpd/noindex/index.html
19 | Alias /noindex/css/bootstrap.min.css /usr/share/httpd/noindex/css/bootstrap.min.css
20 | Alias /noindex/css/open-sans.css /usr/share/httpd/noindex/css/open-sans.css
21 | Alias /images/apache_pb.gif /usr/share/httpd/noindex/images/apache_pb.gif
22 | Alias /images/poweredby.png /usr/share/httpd/noindex/images/poweredby.png
23 |
--------------------------------------------------------------------------------
/etc/root/avantfax_modems.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # ADD MODEMS TO AvantFax DATABASE
3 |
4 | for i in `ls /var/spool/hylafax/etc/config.*`; do
5 | if [ "$i" != "/var/spool/hylafax/etc/config.sav" ]; then
6 | if [ "$i" != "/var/spool/hylafax/etc/config.devid" ]; then
7 | tilde=`echo $i | grep '~'`
8 | if [ "$?" -eq "1" ]; then
9 | if [ -f $i ]; then
10 | modem=`echo $i | awk -F'/' '{print $6}' | awk -F'.' '{print $2}'`
11 | exists=`mysql --user=root --password=CLEARTEXT_PASSWORD avantfax -sNe "select count(*) existe from Modems where device='$modem'"`
12 | if [ "$exists" -eq "0" ]; then
13 | mysql --user=root --password=CLEARTEXT_PASSWORD -e "INSERT INTO Modems SET device='$modem', alias ='$modem'" avantfax
14 | fi
15 | fi
16 | fi
17 | fi
18 | fi
19 | done
20 |
21 | if [ -f /etc/mail/trusted-users ]; then
22 | grep ^asterisk$ /etc/mail/trusted-users || \
23 | echo asterisk >> /etc/mail/trusted-users
24 | fi
25 |
--------------------------------------------------------------------------------
/etc/fail2ban/filter.d/wordpress-soft.conf:
--------------------------------------------------------------------------------
1 | # Fail2Ban configuration file
2 | #
3 | # Author: Charles Lecklider
4 | #
5 |
6 | [INCLUDES]
7 |
8 | # Read common prefixes. If any customizations available -- read them from
9 | # common.local
10 | before = common.conf
11 |
12 |
13 | [Definition]
14 |
15 | _daemon = (?:wordpress|wp)
16 |
17 | # Option: failregex
18 | # Notes.: regex to match the password failures messages in the logfile. The
19 | # host must be matched by a group named "host". The tag "" can
20 | # be used for standard IP/hostname matching and is only an alias for
21 | # (?:::f{4,6}:)?(?P[\w\-.^_]+)
22 | # Values: TEXT
23 | #
24 | failregex = ^%(__prefix_line)sAuthentication failure for .* from $
25 | ^%(__prefix_line)sXML-RPC authentication failure from $
26 |
27 | # Option: ignoreregex
28 | # Notes.: regex to ignore. If this regex matches, the line is ignored.
29 | # Values: TEXT
30 | #
31 | ignoreregex =
32 |
--------------------------------------------------------------------------------
/etc/fail2ban/filter.d/mor_ddos.conf:
--------------------------------------------------------------------------------
1 | # MOR custom attacks configuration file
2 | #
3 | #
4 | # $Revision: 250 $
5 | #
6 |
7 | [INCLUDES]
8 |
9 | # Read common prefixes. If any customizations available -- read them from
10 | # common.local
11 | #before = common.conf
12 |
13 |
14 | [Definition]
15 |
16 | #_daemon = httpd
17 |
18 | # Option: failregex
19 | # Notes.: regex to match the password failures messages in the logfile. The
20 | # host must be matched by a group named "host". The tag ""can
21 | # be used for standard IP/hostname matching and is only an aliasfor
22 | # (?:::f{4,6}:)?(?P\S+)
23 | # Values: TEXT
24 | #
25 |
26 | failregex = .*client \].*request failed: URI too long.*
27 | .*client \].*request failed: error reading the headers
28 | # .*client \].*File does not exist.*
29 |
30 |
31 |
32 |
33 | # Option: ignoreregex
34 | # Notes.: regex to ignore. If this regex matches, the line is ignored.
35 | # Values: TEXT
36 | #
37 | ignoreregex =
38 |
--------------------------------------------------------------------------------
/etc/httpd/conf.modules.d/00-proxy.conf:
--------------------------------------------------------------------------------
1 | # This file configures all the proxy modules:
2 | LoadModule proxy_module modules/mod_proxy.so
3 | LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
4 | LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
5 | LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
6 | LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
7 | LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
8 | LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
9 | LoadModule proxy_connect_module modules/mod_proxy_connect.so
10 | LoadModule proxy_express_module modules/mod_proxy_express.so
11 | LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
12 | LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
13 | LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
14 | LoadModule proxy_http_module modules/mod_proxy_http.so
15 | LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
16 | LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
17 |
--------------------------------------------------------------------------------
/etc/shorewall/rules:
--------------------------------------------------------------------------------
1 | ##############################################################################################################################################################
2 | #ACTION SOURCE DEST PROTO DPORT SPORT ORIGDEST RATE USER MARK CONNLIMIT TIME HEADERS SWITCH HELPER
3 | # Permit all ICMP traffic FROM the firewall TO the net zone
4 | #Allow incoming TCP ports
5 | ACCEPT net $FW tcp 25,80,443,465,2122,5060,5061,5062,5063,8001,8003,8088,8089,9000,10000:10100
6 | ACCEPT net $FW icmp 8 - - 1/sec
7 | ACCEPT net $FW icmp 0 - - 1/sec
8 | ACCEPT net $FW icmp 11
9 | ACCEPT net $FW icmp 3
10 | #Allow incoming UDP ports
11 | ACCEPT net $FW udp 500,4500,5060,5061,5062,5063,9000,10000:10100
12 | #ssh on port 2122
13 | DROP:info:TRAP net $FW tcp 22
14 | #Commonly blocked ports
15 | DROP net $FW udp 67,68,111,113,135,139,445,513,520
16 | DROP net $FW tcp 67,68,111,113,135,139,445,513,520
17 | LOG:notice:TCP_IN net $FW tcp - - - 30/min
18 | LOG:notice:UDP_IN net $FW udp - - - 30/min
19 | LOG:notice:ICMP_IN net $FW icmp - - - 30/min
--------------------------------------------------------------------------------
/etc/fail2ban/filter.d/wordpress-hard.conf:
--------------------------------------------------------------------------------
1 | # Fail2Ban configuration file
2 | #
3 | # Author: Charles Lecklider
4 | #
5 |
6 | [INCLUDES]
7 |
8 | # Read common prefixes. If any customizations available -- read them from
9 | # common.local
10 | before = common.conf
11 |
12 |
13 | [Definition]
14 |
15 | _daemon = (?:wordpress|wp)
16 |
17 | # Option: failregex
18 | # Notes.: regex to match the password failures messages in the logfile. The
19 | # host must be matched by a group named "host". The tag "" can
20 | # be used for standard IP/hostname matching and is only an alias for
21 | # (?:::f{4,6}:)?(?P[\w\-.^_]+)
22 | # Values: TEXT
23 | #
24 | failregex = ^%(__prefix_line)sAuthentication attempt for unknown user .* from $
25 | ^%(__prefix_line)sBlocked authentication attempt for .* from $
26 | ^%(__prefix_line)sBlocked user enumeration attempt from $
27 | ^%(__prefix_line)sPingback error .* generated from $
28 |
29 | # Option: ignoreregex
30 | # Notes.: regex to ignore. If this regex matches, the line is ignored.
31 | # Values: TEXT
32 | #
33 | ignoreregex =
34 |
--------------------------------------------------------------------------------
/etc/yum.conf:
--------------------------------------------------------------------------------
1 | [main]
2 | cachedir=/var/cache/yum/$basearch/$releasever
3 | keepcache=0
4 | debuglevel=2
5 | logfile=/var/log/yum.log
6 | exactarch=1
7 | obsoletes=1
8 | gpgcheck=1
9 | plugins=1
10 | installonly_limit=5
11 | bugtracker_url=http://bugs.centos.org/set_project.php?project_id=23&ref=http://bugs.centos.org/bug_report_page.php?category=yum
12 | distroverpkg=centos-release
13 | override_install_langs=en_US.utf8
14 | tsflags=nodocs
15 | exclude=libical* libresample*
16 |
17 | # This is the default, if you make this bigger yum won't see if the metadata
18 | # is newer on the remote and so you'll "gain" the bandwidth of not having to
19 | # download the new metadata and "pay" for it by yum not having correct
20 | # information.
21 | # It is esp. important, to have correct metadata, for distributions like
22 | # Fedora which don't keep old packages around. If you don't like this checking
23 | # interupting your command line usage, it's much better to have something
24 | # manually check the metadata once an hour (yum-updatesd will do this).
25 | # metadata_expire=90m
26 |
27 | # PUT YOUR REPOS HERE OR IN separate files named file.repo
28 | # in /etc/yum.repos.d
29 |
--------------------------------------------------------------------------------
/etc/webmin/mailboxes/config:
--------------------------------------------------------------------------------
1 | show_mail=1
2 | show_body=0
3 | check_mod=1
4 | mail_usermin=mail
5 | maildir_deleted=0
6 | sync_create=1
7 | mail_system=0
8 | date_fmt=dmy
9 | delete_warn=y
10 | mail_file=Mailbox
11 | noindex_hostname=0
12 | mail_dir=Maildir
13 | show_to=0
14 | html_edit=1
15 | mailbox_user=.usermin/mailbox
16 | mail_style=0
17 | show_sent=1
18 | top_buttons=2
19 | spam_del=0
20 | show_size=1
21 | column_count=4
22 | track_read=0
23 | link_mode=0
24 | size_mode=1
25 | show_size_below=0
26 | sig_file=*
27 | vpopmail_dir=/home/vpopmail
28 | no_crlf=0
29 | perpage=20
30 | view_html=2
31 | fwd_mode=0
32 | sync_modify=1
33 | log_read=0
34 | spam_report=
35 | ignore_users_enabled=0
36 | wrap_width=80
37 | sort_mode=1
38 | sync_perms=0700
39 | spam_buttons=mail
40 | ignore_users=
41 | show_delall=1
42 | sync_delete=1
43 | no_mailer=0
44 | from_virtualmin=1
45 | show_count=1
46 | max_records=200
47 | auto=1
48 | html_quote=0
49 | open_mode=0
50 | arrows=1
51 | no_orig_ip=0
52 | show_unread=0
53 | ldap_base=
54 | date_tz=
55 | bcc_to=
56 | download=
57 | mail_sub=
58 | wrap_compose=
59 | ldap_port=
60 | from_dom=
61 | smtp_auth=
62 | from_addr=
63 | ldap_login=
64 | ldap_host=
65 | helo_name=
66 | ldap_pass=
67 |
--------------------------------------------------------------------------------
/etc/httpd/conf.d/userdir.conf:
--------------------------------------------------------------------------------
1 | #
2 | # UserDir: The name of the directory that is appended onto a user's home
3 | # directory if a ~user request is received.
4 | #
5 | # The path to the end user account 'public_html' directory must be
6 | # accessible to the webserver userid. This usually means that ~userid
7 | # must have permissions of 711, ~userid/public_html must have permissions
8 | # of 755, and documents contained therein must be world-readable.
9 | # Otherwise, the client will only receive a "403 Forbidden" message.
10 | #
11 |
12 | #
13 | # UserDir is disabled by default since it can confirm the presence
14 | # of a username on the system (depending on home directory
15 | # permissions).
16 | #
17 | UserDir disabled
18 |
19 | #
20 | # To enable requests to /~user/ to serve the user's public_html
21 | # directory, remove the "UserDir disabled" line above, and uncomment
22 | # the following line instead:
23 | #
24 | #UserDir public_html
25 |
26 |
27 | #
28 | # Control access to UserDir directories. The following is an example
29 | # for a site where these directories are restricted to read-only.
30 | #
31 |
32 | AllowOverride FileInfo AuthConfig Limit Indexes
33 | Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
34 | Require method GET POST OPTIONS
35 |
36 |
37 |
--------------------------------------------------------------------------------
/etc/rc.d/init.d/iaxmodem:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # Startup script for iaxmodem
3 | #
4 | # chkconfig: 2345 95 05
5 | # description: IAXModem for asterisk <-> Hylafax gateway
6 |
7 | # Source function library.
8 | . /etc/rc.d/init.d/functions
9 |
10 | [ -f /usr/sbin/iaxmodem ] || exit 0
11 |
12 | prog="IAXmodem"
13 |
14 | start() {
15 | echo -n $"Starting $prog: "
16 | daemon /usr/sbin/iaxmodem
17 | RETVAL=$?
18 | echo
19 | return $RETVAL
20 | }
21 |
22 | stop() {
23 | if test "x`pidof iaxmodem`" != x; then
24 | echo -n $"Stopping $prog: "
25 | killproc iaxmodem
26 | echo
27 | fi
28 | RETVAL=$?
29 | return $RETVAL
30 | }
31 |
32 | reload() {
33 | if test "x`pidof iaxmodem`" != x; then
34 | echo $"Reloading $prog"
35 | kill -HUP `head -1 /var/run/iaxmodem.pid`
36 | fi
37 | }
38 |
39 | case "$1" in
40 | start)
41 | start
42 | ;;
43 |
44 | stop)
45 | stop
46 | ;;
47 |
48 | status)
49 | status iaxmodem
50 | ;;
51 | reload)
52 | reload
53 | ;;
54 | restart)
55 | stop
56 | start
57 | ;;
58 | condrestart)
59 | if test "x`pidof iaxmodem`" != x; then
60 | stop
61 | start
62 | fi
63 | ;;
64 |
65 | *)
66 | echo $"Usage: $0 {start|stop|reload|restart|condrestart|status}"
67 | exit 1
68 |
69 | esac
70 |
71 | exit $RETVAL
72 |
--------------------------------------------------------------------------------
/etc/webmin/bind8/config:
--------------------------------------------------------------------------------
1 | updserial_man=1
2 | keygen=dnssec-keygen
3 | checkconf=named-checkconf
4 | updserial_def=0
5 | pid_file=/var/run/named/named.pid
6 | named_conf=/etc/named.conf
7 | relative_paths=0
8 | rev_must=0
9 | soa_start=0
10 | records_order=0
11 | reversezonefilename_format=ZONE.rev
12 | no_pid_chroot=0
13 | short_names=0
14 | master_ttl=1
15 | allow_comments=0
16 | no_chroot=0
17 | force_random=0
18 | updserial_on=1
19 | named_path=/usr/sbin/named
20 | whois_cmd=whois
21 | ndc_cmd=ndc
22 | allow_long=0
23 | checkzone=named-checkzone
24 | allow_wild=1
25 | spf_record=0
26 | show_list=1
27 | rev_def=0
28 | stop_cmd=systemctl stop named.service
29 | confirm_zone=1
30 | forwardzonefilename_format=ZONE.hosts
31 | by_view=0
32 | rndcconf_cmd=rndc-confgen
33 | start_cmd=systemctl start named.service
34 | rndc_conf=/etc/rndc.conf
35 | signzone=dnssec-signzone
36 | support_aaaa=1
37 | ipv6_mode=1
38 | confirm_rec=0
39 | soa_style=0
40 | max_zones=50
41 | largezones=0
42 | allow_underscore=1
43 | rndc_cmd=rndc
44 | other_slaves=1
45 | tmpl_dnssec=1
46 | tmpl_email=
47 | tmpl_dnssecsizedef=2
48 | tmpl_dnssecsize=
49 | tmpl_dnssec_dt=
50 | tmpl_dnssecalg=RSASHA256
51 | tmpl_dnssecsingle=0
52 | restart_cmd=restart
53 | file_perms=
54 | extra_reverse=
55 | master_dir=
56 | file_owner=
57 | named_group=
58 | dnssectools_conf=
59 | default_view=
60 | dnssectools_rollrec=
61 | extra_forward=
62 | slave_file_perms=
63 | slave_dir=
64 | keys_dir=
65 | dnssectools_keydir=
66 | auto_chroot=
67 | default_master=
68 | chroot=
69 | dnssectools_rollmgr_pidfile=
70 | this_ip=
71 | named_user=
72 | free_nets=
73 | zones_file=
74 | extra_slaves=
75 | dnssec_period=21
76 |
--------------------------------------------------------------------------------
/etc/yum.repos.d/Sangoma-Base.repo:
--------------------------------------------------------------------------------
1 | # This is the standard Sangoma Yum Repository
2 |
3 | [sng-base]
4 | name=Sangoma-$releasever - Base
5 | mirrorlist=http://mirrorlist.sangoma.net/?release=$releasever&arch=$basearch&repo=os&dist=$dist&staging=$staging
6 | #baseurl=http://package1.sangoma.net/os/$releasever/os/x86_64/
7 | gpgcheck=0
8 | enabled=1
9 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Sangoma-7
10 |
11 | [sng-updates]
12 | name=Sangoma-$releasever - Updates
13 | mirrorlist=http://mirrorlist.sangoma.net/?release=$releasever&arch=$basearch&repo=updates&dist=$dist&staging=$staging
14 | #baseurl=http://package1.sangoma.net/os/$releasever/updates/x86_64/
15 | gpgcheck=0
16 | enabled=1
17 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Sangoma-7
18 |
19 | [sng-extras]
20 | name=Sangoma-$releasever - Extras
21 | mirrorlist=http://mirrorlist.sangoma.net/?release=$releasever&arch=$basearch&repo=extras&dist=$dist&staging=$staging
22 | #baseurl=http://package1.sangoma.net/os/$releasever/extras/x86_64/
23 | gpgcheck=0
24 | enabled=1
25 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Sangoma-7
26 |
27 | [sng-pkgs]
28 | name=Sangoma-$releasever - Sangoma Open Source Packages
29 | mirrorlist=http://mirrorlist.sangoma.net/?release=$releasever&arch=$basearch&repo=sng7&dist=$dist&staging=$staging
30 | #baseurl=http://package1.sangoma.net/sng7/sng7
31 | gpgcheck=0
32 | enabled=1
33 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Sangoma-7
34 |
35 | [sng-epel]
36 | name=Sangoma-$releasever - Sangoma Epel mirror
37 | mirrorlist=http://mirrorlist.sangoma.net/?release=$releasever&arch=$basearch&repo=epel&dist=$dist&staging=$staging
38 | #baseurl=http://package1.sangoma.net/sng7/epel
39 | gpgcheck=0
40 | enabled=1
41 | gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
42 |
--------------------------------------------------------------------------------
/etc/fail2ban/filter.d/asterisk_cli.conf:
--------------------------------------------------------------------------------
1 | # Fail2Ban configuration file
2 | #
3 | #
4 | # $Revision: 250 $
5 | #
6 |
7 | [INCLUDES]
8 |
9 | # Read common prefixes. If any customizations available -- read them from
10 | # common.local
11 | #before = common.conf
12 |
13 |
14 | [Definition]
15 |
16 | #_daemon = asterisk
17 |
18 | # Option: failregex
19 | # Notes.: regex to match the password failures messages in the logfile. The
20 | # host must be matched by a group named "host". The tag ""can
21 | # be used for standard IP/hostname matching and is only an aliasfor
22 | # (?:::f{4,6}:)?(?P\S+)
23 | # Values: TEXT
24 | #
25 |
26 | failregex = NOTICE.* .*: Useragent: sipcli.*\[\]
27 | NOTICE.* .*: Useragent: sip-scan.*\[\]
28 | NOTICE.* .*: Useragent: sipsak.*\[\]
29 | NOTICE.* .*: Useragent: sundayddr.*\[\]
30 | NOTICE.* .*: Useragent: friendly-scanner.*\[\]
31 | NOTICE.* .*: Useragent: iWar.*\[\]
32 | NOTICE.* .*: Useragent: CSipSimple.*\[\]
33 | NOTICE.* .*: Useragent: SIVuS.*\[\]
34 | NOTICE.* .*: Useragent: Gulp.*\[\]
35 | NOTICE.* .*: Useragent: sipv.*\[\]
36 | NOTICE.* .*: Useragent: smap.*\[\]
37 | NOTICE.* .*: Useragent: friendly-request.*\[\]
38 | NOTICE.* .*: Useragent: VaxIPUserAgent.*\[\]
39 | NOTICE.* .*: Useragent: VaxSIPUserAgent.*\[\]
40 | NOTICE.* .*: Useragent: siparmyknife.*\[\]
41 | NOTICE.* .*: Useragent: Test Agent.*\[\]
42 |
43 |
44 | # Option: ignoreregex
45 | # Notes.: regex to ignore. If this regex matches, the line is ignored.
46 | # Values: TEXT
47 | #
48 | ignoreregex =
49 |
--------------------------------------------------------------------------------
/etc/httpd/conf.d/autoindex.conf:
--------------------------------------------------------------------------------
1 | #
2 | # Directives controlling the display of server-generated directory listings.
3 | #
4 | # Required modules: mod_authz_core, mod_authz_host,
5 | # mod_autoindex, mod_alias
6 | #
7 | # To see the listing of a directory, the Options directive for the
8 | # directory must include "Indexes", and the directory must not contain
9 | # a file matching those listed in the DirectoryIndex directive.
10 | #
11 |
12 | #
13 | # IndexOptions: Controls the appearance of server-generated directory
14 | # listings.
15 | #
16 | IndexOptions FancyIndexing HTMLTable VersionSort
17 |
18 | # We include the /icons/ alias for FancyIndexed directory listings. If
19 | # you do not use FancyIndexing, you may comment this out.
20 | #
21 | Alias /icons/ "/usr/share/httpd/icons/"
22 |
23 |
24 | Options Indexes MultiViews FollowSymlinks
25 | AllowOverride None
26 | Require all granted
27 |
28 |
29 | #
30 | # AddIcon* directives tell the server which icon to show for different
31 | # files or filename extensions. These are only displayed for
32 | # FancyIndexed directories.
33 | #
34 | AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
35 |
36 | AddIconByType (TXT,/icons/text.gif) text/*
37 | AddIconByType (IMG,/icons/image2.gif) image/*
38 | AddIconByType (SND,/icons/sound2.gif) audio/*
39 | AddIconByType (VID,/icons/movie.gif) video/*
40 |
41 | AddIcon /icons/binary.gif .bin .exe
42 | AddIcon /icons/binhex.gif .hqx
43 | AddIcon /icons/tar.gif .tar
44 | AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
45 | AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
46 | AddIcon /icons/a.gif .ps .ai .eps
47 | AddIcon /icons/layout.gif .html .shtml .htm .pdf
48 | AddIcon /icons/text.gif .txt
49 | AddIcon /icons/c.gif .c
50 | AddIcon /icons/p.gif .pl .py
51 | AddIcon /icons/f.gif .for
52 | AddIcon /icons/dvi.gif .dvi
53 | AddIcon /icons/uuencoded.gif .uu
54 | AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
55 | AddIcon /icons/tex.gif .tex
56 | AddIcon /icons/bomb.gif /core
57 | AddIcon /icons/bomb.gif */core.*
58 |
59 | AddIcon /icons/back.gif ..
60 | AddIcon /icons/hand.right.gif README
61 | AddIcon /icons/folder.gif ^^DIRECTORY^^
62 | AddIcon /icons/blank.gif ^^BLANKICON^^
63 |
64 | #
65 | # DefaultIcon is which icon to show for files which do not have an icon
66 | # explicitly set.
67 | #
68 | DefaultIcon /icons/unknown.gif
69 |
70 | #
71 | # AddDescription allows you to place a short description after a file in
72 | # server-generated indexes. These are only displayed for FancyIndexed
73 | # directories.
74 | # Format: AddDescription "description" filename
75 | #
76 | #AddDescription "GZIP compressed document" .gz
77 | #AddDescription "tar archive" .tar
78 | #AddDescription "GZIP compressed tar archive" .tgz
79 |
80 | #
81 | # ReadmeName is the name of the README file the server will look for by
82 | # default, and append to directory listings.
83 | #
84 | # HeaderName is the name of a file which should be prepended to
85 | # directory indexes.
86 | ReadmeName README.html
87 | HeaderName HEADER.html
88 |
89 | #
90 | # IndexIgnore is a set of filenames which directory indexing should ignore
91 | # and not include in the listing. Shell-style wildcarding is permitted.
92 | #
93 | IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t
94 |
95 |
--------------------------------------------------------------------------------
/etc/containerstartup.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | export SSHPORT
3 | export WEBMINPORT
4 | export INTERFACE
5 | export HTTPPORT
6 | export SSLPORT
7 |
8 | if [ -f "/etc/letsencrypt/archive/$HOSTNAME/cert1.pem" ]
9 | then
10 | ln -sf "/etc/letsencrypt/archive/$HOSTNAME/cert1.pem" /etc/pki/tls/certs/localhost.crt
11 | ln -sf "/etc/letsencrypt/archive/$HOSTNAME/privkey1.pem" /etc/pki/tls/private/localhost.key
12 | cat "/etc/letsencrypt/archive/$HOSTNAME/privkey1.pem" "/etc/letsencrypt/archive/$HOSTNAME/cert1.pem" > /etc/webmin/miniserv.pem
13 | fi
14 |
15 | source /etc/container.ini
16 | if [[ $SSLPORT =~ ^[0-9]+$ ]] && [ "$SSL" != "$SSLPORT" ]
17 | then
18 | sed -i "s#Listen $SSL#Listen $SSLPORT#" /etc/httpd/conf.d/ssl.conf
19 | sed -i "s#_:$SSL#_:$SSLPORT#" /etc/httpd/conf.d/ssl.conf
20 | sed -i "s#SSL=$SSL#SSL=$SSLPORT#" /etc/container.ini
21 | systemctl restart httpd
22 | fi
23 | if [[ $HTTPPORT =~ ^[0-9]+$ ]] && [ "$HTTP" != "$HTTPPORT" ]
24 | then
25 | sed -i "s#Listen $HTTP#Listen $HTTPPORT#" /etc/httpd/conf/httpd.conf
26 | sed -i "s#HTTP=$HTTP#HTTP=$HTTPPORT#" /etc/container.ini
27 | systemctl restart httpd
28 | fi
29 |
30 | if [[ $SSHPORT =~ ^[0-9]+$ ]] && [ "$SSH" != "$SSHPORT" ]
31 | then
32 | service sshd stop
33 | sed -i "s#Port $SSH#Port $SSHPORT#" /etc/ssh/sshd_config
34 | sed -i "s#$SSH#$SSHPORT#" /etc/container.ini
35 | service sshd start
36 | elif [ "$SSHPORT" == "off" ]
37 | then
38 | systemctl.original disable sshd-keygen.service sshd.service
39 | service sshd stop
40 | systemctl stop sshd-keygen
41 | elif [[ $SSHPORT =~ ^[0-9]+$ ]] && ! pgrep -x "sshd" >/dev/null
42 | then
43 | systemctl.original enable sshd-keygen.service sshd.service
44 | systemctl start sshd-keygen
45 | service sshd start
46 | fi
47 |
48 | source <( grep listen /etc/webmin/miniserv.conf )
49 | if [[ $WEBMINPORT =~ ^[0-9]+$ ]] && [ "$WEBMINPORT" != "$listen" ]
50 | then
51 | systemctl stop webmin
52 | sed -i "s#$listen#$WEBMINPORT#" /etc/webmin/miniserv.conf
53 | systemctl start webmin
54 | elif [ "$WEBMINPORT" == "off" ]
55 | then
56 | systemctl.original disable webmin.service
57 | systemctl stop webmin
58 | elif [[ $WEBMINPORT =~ ^[0-9]+$ ]] && ! pgrep -x "miniserv.pl" > /dev/null
59 | then
60 | systemctl.original enable webmin.service
61 | systemctl start webmin
62 | fi
63 |
64 | if [ "$INTERFACE" != "$SHOREWALL" ]
65 | then
66 | systemctl clear shorewall
67 | sed -i "s#$SHOREWALL#$INTERFACE#" /etc/shorewall/interfaces
68 | sed -i "s#$SHOREWALL#$INTERFACE#" /etc/container.ini
69 | fi
70 |
71 | if ! pgrep -x "postfix" > /dev/null
72 | then
73 | service postfix start
74 | fi
75 |
76 | if [ ! -f "/etc/postfix/email_faxing_ready" ]
77 | then
78 | service postfix stop
79 | adduser faxmail -M -s "/sbin/nologin" -c "Email 2 Fax User"\
80 | echo -e "$HOSTNAME\tfax:localhost" >> /etc/postfix/transport
81 | echo -e "fax unix - n n - 1 pipe\n flags= user=faxmail argv=/usr/bin/faxmail -d -n -NT \${user}\n" >> /etc/postfix/master.cf
82 | echo -e "transport_maps = hash:/etc/postfix/transport\nfax_destination_recipient_limit = 1" >> /etc/postfix/main.cf
83 | postmap /etc/postfix/transport
84 | service postfix start
85 | touch /etc/postfix/email_faxing_ready
86 | fi
87 |
88 | systemctl restart shorewall
89 |
--------------------------------------------------------------------------------
/etc/fail2ban/filter.d/asterisk.conf:
--------------------------------------------------------------------------------
1 | # Fail2Ban filter for asterisk authentication failures
2 | #
3 |
4 | [INCLUDES]
5 |
6 | # Read common prefixes. If any customizations available -- read them from
7 | # common.local
8 | before = common.conf
9 |
10 | [Definition]
11 |
12 | _daemon = asterisk
13 |
14 | __pid_re = (?:\[\d+\])
15 |
16 | iso8601 = \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}\.\d+[+-]\d{4}
17 |
18 | # All Asterisk log messages begin like this:
19 | log_prefix= (?:NOTICE|SECURITY|WARNING)%(__pid_re)s:?(?:\[C-[\da-f]*\])? [^:]+:\d*(?:(?: in)? \w+:)?
20 |
21 | failregex = ^%(__prefix_line)s%(log_prefix)s Registration from '[^']*' failed for '(:\d+)?' - (Wrong password|Username/auth name mismatch|No matching peer found|Not a local domain|Device does not match ACL|Peer is not supposed to register|ACL error \(permit/deny\)|Not a local domain)$
22 | ^%(__prefix_line)s%(log_prefix)s Call from '[^']*' \(:\d+\) to extension '[^']*' rejected because extension not found in context
23 | ^%(__prefix_line)s%(log_prefix)s Host failed to authenticate as '[^']*'$
24 | ^%(__prefix_line)s%(log_prefix)s No registration for peer '[^']*' \(from \)$
25 | ^%(__prefix_line)s%(log_prefix)s Host failed MD5 authentication for '[^']*' \([^)]+\)$
26 | ^%(__prefix_line)s%(log_prefix)s Failed to authenticate (user|device) [^@]+@\S*$
27 | ^%(__prefix_line)s%(log_prefix)s hacking attempt detected ''$
28 | ^%(__prefix_line)s%(log_prefix)s SecurityEvent="(FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPassword)",EventTV="([\d-]+|%(iso8601)s)",Severity="[\w]+",Service="[\w]+",EventVersion="\d+",AccountID="(\d*|)",SessionID=".+",LocalAddress="IPV[46]/(UDP|TCP|WS)/[\da-fA-F:.]+/\d+",RemoteAddress="IPV[46]/(UDP|TCP|WS)//\d+"(,Challenge="[\w/]+")?(,ReceivedChallenge="\w+")?(,Response="\w+",ExpectedResponse="\w*")?(,ReceivedHash="[\da-f]+")?(,ACLName="\w+")?$
29 | ^%(__prefix_line)s%(log_prefix)s "Rejecting unknown SIP connection from "$
30 | ^%(__prefix_line)s%(log_prefix)s Request (?:'[^']*' )?from '[^']*' failed for '(?::\d+)?'\s\(callid: [^\)]*\) - (?:No matching endpoint found|Not match Endpoint(?: Contact)? ACL|(?:Failed|Error) to authenticate)\s*$
31 | NOTICE.* .*: Registration from '.*' failed for '.*' - Wrong password
32 | NOTICE.* .*: Registration from '.*' failed for '' - Peer is not supposed to register
33 | NOTICE.* .*: Registration from '.*' failed for '' - No matching peer found
34 | NOTICE.* .*: Registration from '.*' failed for '.*' - No matching peer found
35 | NOTICE.* .*: Registration from '.*' failed for '' - Username/auth name mismatch
36 | NOTICE.* .*: Registration from '.*' failed for '' - Device does not match ACL
37 | NOTICE.* failed to authenticate as '.*'$
38 | NOTICE.* .*: No registration for peer '.*' \(from \)
39 | NOTICE.* .*: Host failed MD5 authentication for '.*' (.*)
40 | NOTICE.* .*: Failed to authenticate user .*@.*
41 |
42 | ignoreregex =
43 |
44 |
45 | # Author: Xavier Devlamynck / Daniel Black
46 | #
47 | # General log format - main/logger.c:ast_log
48 | # Address format - ast_sockaddr_stringify
49 | #
50 | # First regex: channels/chan_sip.c
51 | #
52 | # main/logger.c:ast_log_vsyslog - "in {functionname}:" only occurs in syslog
53 |
--------------------------------------------------------------------------------
/etc/mysql/my.cnf:
--------------------------------------------------------------------------------
1 | # Example MySQL config file for small systems.
2 | #
3 | # This is for a system with little memory (<= 64M) where MySQL is only used
4 | # from time to time and it's important that the mysqld daemon
5 | # doesn't use much resources.
6 | #
7 | # MySQL programs look for option files in a set of
8 | # locations which depend on the deployment platform.
9 | # You can copy this option file to one of those
10 | # locations. For information about these locations, see:
11 | # http://dev.mysql.com/doc/mysql/en/option-files.html
12 | #
13 | # In this file, you can use all long options that a program supports.
14 | # If you want to know which options a program supports, run the program
15 | # with the "--help" option.
16 |
17 | # The following options will be passed to all MySQL clients
18 | [client]
19 | #password = your_password
20 | port = 3306
21 | socket = /var/lib/mysql/mysql.sock
22 |
23 | # Here follows entries for some specific programs
24 |
25 | # The MySQL server
26 | [mysqld]
27 | user = mysql
28 | pid-file = /var/run/mariadb/mariadb.pid
29 | socket = /var/lib/mysql/mysql.sock
30 | port = 3306
31 | basedir = /usr
32 | datadir = /var/lib/mysql
33 | tmpdir = /tmp
34 | lc-messages-dir = /usr/share/mysql
35 |
36 | skip-external-locking
37 | key_buffer_size = 16K
38 | max_allowed_packet = 1M
39 | table_open_cache = 4
40 | sort_buffer_size = 64K
41 | read_buffer_size = 256K
42 | read_rnd_buffer_size = 256K
43 | net_buffer_length = 2K
44 | thread_stack = 128K
45 | max_connections = 151
46 |
47 | # Don't listen on a TCP/IP port at all. This can be a security enhancement,
48 | # if all processes that need to connect to mysqld run on the same host.
49 | # All interaction with mysqld must be made via Unix sockets or named pipes.
50 | # Note that using this option without enabling named pipes on Windows
51 | # (using the "enable-named-pipe" option) will render mysqld useless!
52 | #
53 | #skip-networking
54 | server-id = 1
55 |
56 | # Uncomment the following if you want to log updates
57 | #log-bin=mysql-bin
58 |
59 | # binary logging format - mixed recommended
60 | #binlog_format=mixed
61 |
62 | # Causes updates to non-transactional engines using statement format to be
63 | # written directly to binary log. Before using this option make sure that
64 | # there are no dependencies between transactional and non-transactional
65 | # tables such as in the statement INSERT INTO t_myisam SELECT * FROM
66 | # t_innodb; otherwise, slaves may diverge from the master.
67 | #binlog_direct_non_transactional_updates=TRUE
68 |
69 | # Uncomment the following if you are using InnoDB tables
70 | innodb_data_home_dir = /var/lib/mysql
71 | innodb_data_file_path = ibdata1:10M:autoextend
72 | innodb_log_group_home_dir = /var/lib/mysql
73 | # You can set .._buffer_pool_size up to 50 - 80 %
74 | # of RAM but beware of setting memory usage too high
75 | innodb_buffer_pool_size = 16M
76 | innodb_additional_mem_pool_size = 2M
77 | # Set .._log_file_size to 25 % of buffer pool size
78 | innodb_log_file_size = 5M
79 | innodb_log_buffer_size = 8M
80 | innodb_flush_log_at_trx_commit = 1
81 | innodb_lock_wait_timeout = 50
82 |
83 | [mysqldump]
84 | quick
85 | max_allowed_packet = 16M
86 |
87 | [mysql]
88 | no-auto-rehash
89 | # Remove the next comment character if you are not familiar with SQL
90 | #safe-updates
91 |
92 | [myisamchk]
93 | key_buffer_size = 8M
94 | sort_buffer_size = 8M
95 |
96 | [mysqlhotcopy]
97 | interactive-timeout
98 |
--------------------------------------------------------------------------------
/etc/httpd/conf.modules.d/00-base.conf:
--------------------------------------------------------------------------------
1 | #
2 | # This file loads most of the modules included with the Apache HTTP
3 | # Server itself.
4 | #
5 |
6 | LoadModule access_compat_module modules/mod_access_compat.so
7 | LoadModule actions_module modules/mod_actions.so
8 | LoadModule alias_module modules/mod_alias.so
9 | LoadModule allowmethods_module modules/mod_allowmethods.so
10 | LoadModule auth_basic_module modules/mod_auth_basic.so
11 | LoadModule auth_digest_module modules/mod_auth_digest.so
12 | LoadModule authn_anon_module modules/mod_authn_anon.so
13 | LoadModule authn_core_module modules/mod_authn_core.so
14 | LoadModule authn_dbd_module modules/mod_authn_dbd.so
15 | LoadModule authn_dbm_module modules/mod_authn_dbm.so
16 | LoadModule authn_file_module modules/mod_authn_file.so
17 | LoadModule authn_socache_module modules/mod_authn_socache.so
18 | LoadModule authz_core_module modules/mod_authz_core.so
19 | LoadModule authz_dbd_module modules/mod_authz_dbd.so
20 | LoadModule authz_dbm_module modules/mod_authz_dbm.so
21 | LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
22 | LoadModule authz_host_module modules/mod_authz_host.so
23 | LoadModule authz_owner_module modules/mod_authz_owner.so
24 | LoadModule authz_user_module modules/mod_authz_user.so
25 | LoadModule autoindex_module modules/mod_autoindex.so
26 | LoadModule cache_module modules/mod_cache.so
27 | LoadModule cache_disk_module modules/mod_cache_disk.so
28 | LoadModule data_module modules/mod_data.so
29 | LoadModule dbd_module modules/mod_dbd.so
30 | LoadModule deflate_module modules/mod_deflate.so
31 | LoadModule dir_module modules/mod_dir.so
32 | LoadModule dumpio_module modules/mod_dumpio.so
33 | LoadModule echo_module modules/mod_echo.so
34 | LoadModule env_module modules/mod_env.so
35 | LoadModule expires_module modules/mod_expires.so
36 | LoadModule ext_filter_module modules/mod_ext_filter.so
37 | LoadModule filter_module modules/mod_filter.so
38 | LoadModule headers_module modules/mod_headers.so
39 | LoadModule include_module modules/mod_include.so
40 | LoadModule info_module modules/mod_info.so
41 | LoadModule log_config_module modules/mod_log_config.so
42 | LoadModule logio_module modules/mod_logio.so
43 | LoadModule mime_magic_module modules/mod_mime_magic.so
44 | LoadModule mime_module modules/mod_mime.so
45 | LoadModule negotiation_module modules/mod_negotiation.so
46 | LoadModule remoteip_module modules/mod_remoteip.so
47 | LoadModule reqtimeout_module modules/mod_reqtimeout.so
48 | LoadModule rewrite_module modules/mod_rewrite.so
49 | LoadModule setenvif_module modules/mod_setenvif.so
50 | LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
51 | LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
52 | LoadModule socache_dbm_module modules/mod_socache_dbm.so
53 | LoadModule socache_memcache_module modules/mod_socache_memcache.so
54 | LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
55 | LoadModule status_module modules/mod_status.so
56 | LoadModule substitute_module modules/mod_substitute.so
57 | LoadModule suexec_module modules/mod_suexec.so
58 | LoadModule unique_id_module modules/mod_unique_id.so
59 | LoadModule unixd_module modules/mod_unixd.so
60 | LoadModule userdir_module modules/mod_userdir.so
61 | LoadModule version_module modules/mod_version.so
62 | LoadModule vhost_alias_module modules/mod_vhost_alias.so
63 |
64 | #LoadModule buffer_module modules/mod_buffer.so
65 | #LoadModule watchdog_module modules/mod_watchdog.so
66 | #LoadModule heartbeat_module modules/mod_heartbeat.so
67 | #LoadModule heartmonitor_module modules/mod_heartmonitor.so
68 | #LoadModule usertrack_module modules/mod_usertrack.so
69 | #LoadModule dialup_module modules/mod_dialup.so
70 | #LoadModule charset_lite_module modules/mod_charset_lite.so
71 | #LoadModule log_debug_module modules/mod_log_debug.so
72 | #LoadModule ratelimit_module modules/mod_ratelimit.so
73 | #LoadModule reflector_module modules/mod_reflector.so
74 | #LoadModule request_module modules/mod_request.so
75 | #LoadModule sed_module modules/mod_sed.so
76 | #LoadModule speling_module modules/mod_speling.so
77 |
78 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # FreePBX on Docker
2 |
3 | ## Image includes mostly RPM binaries of
4 |
5 | * **CentOS** 7.8.2003
6 | * LAMP stack (**apache2, mariadb, php**)
7 | * **Shorewall** Firewall and **Fail2ban**
8 | * **Webmin** UI for System Administration on Port 9990, change on `docker run` by passing:
9 |
10 | `-e WEBMINPORT=xxxx`
11 | * **SSH** on Port 2122, can be changed or turned off on `docker run` by passing:
12 |
13 | `-e SSHPORT="off"` or `-e SSHPORT=xxxx`
14 | * **Asterisk 16**
15 | * **FreePBX 15** - downloaded and complied in from source
16 | * [AvantFax 3.3.7](http://www.avantfax.com/) - file embedded in this repo, [Hylafax](https://www.hylafax.org/)
17 | * Using **Postfix** instead of *SendMail*.
18 |
19 | ## Running FreePBX
20 |
21 | [Docker Hub] (https://hub.docker.com/r/technoexpress/freepbx/builds/) automatically builds the latest changes into images which can easily be pulled and ran with a simple `docker run` command.
22 |
23 | I found for best results and since I have more than one public IP, i'm using **mac vlan** network bridge set up:
24 |
25 | ```bash
26 | docker network create -d macvlan \
27 | -o macvlan_mode=bridge \
28 | --subnet=111.222.333.443/29 \
29 | --gateway=111.222.333.444 \
30 | -o parent=eth1 macvlan_bridge
31 | ```
32 |
33 | For the firewall to work adding `--cap-add=NET_ADMIN` is necessary.
34 | For best performance use `--net=host` or custom networking.
35 |
36 | ```bash
37 | docker run --name freepbx \
38 | -v freepbx-etc:/etc \
39 | -v freepbx-www:/var/www \
40 | -v freepbx-log:/var/log \
41 | -v freepbx-lib:/var/lib \
42 | -v freepbx-home:/home \
43 | -v /etc/resolv.conf:/etc/resolv.conf:ro \
44 | --cap-add=NET_ADMIN --net=macvlan_bridge \
45 | --mac-address=00:00:00:00:00:00 --ip=111.222.333.446 --hostname=free.pbx.host \
46 | --restart=always -itd technoexpress/freepbx
47 | ```
48 |
49 | ## Setup Tips
50 |
51 | Using the Webmin UI visit: `https://ip_or_hostname:9990`
52 |
53 | Change *Linux* root password from default 'freepbx':
54 |
55 | "System -> Change Passwords -> root"
56 |
57 | Setup automatic software updating:
58 |
59 | "System -> Software Package Updates -> check for update - every day, - Install any updates"
60 |
61 | Create SSL certificate:
62 |
63 | "Webmin -> Webmin Configuration -> SSL Encryption -> Let's Encrypt -> Website root directory for validation file -> Other directory `/var/www/html`"
64 |
65 | Add Let's Encrypt SSL certicate to Apache default:
66 |
67 | "Servers -> Apache Webserver -> select 443 virtual host -> uncheck -> SSLv2 SSLv3 TLSv1 -> SSL Options
68 |
69 | * Certificate/private key file `/etc/webmin/letsencrypt-cert.pem`
70 | * Private key file `/etc/webmin/letsencrypt-key.pem`
71 | * Certificate authorities file `/etc/webmin/letsencrypt-ca.pem`"
72 |
73 | Change *MariaDB* database root password from default 'CLEARTEXT_PASSWORD':
74 |
75 | "Servers -> MySQL Database Server -> Change Administration Password"
76 |
77 | Add public IP addresses you will be accessing this FreePBX installation to Fail2ban to prevent lockout/banning:
78 |
79 | "Networking -> Fail2Ban Intrusion Detector -> Filter Action Jails -> Default Jail Options -> IP addresses to never ban"
80 |
81 | ## Faxing Setup with Avantfax combining IAXModem/Hylafax
82 |
83 | This installation has an menu link pointing to: `https://ip_or_hostname/avantfax`
84 |
85 | **Avantfax** is password-protected. Default is:
86 |
87 | username: admin
88 | password: password
89 |
90 | **IAXModem** default fax modem configuration:
91 |
92 | `vim /etc/iaxmodem/ttyIAX0`
93 |
94 | ```bash
95 | device /dev/ttyIAX0
96 | owner uucp:uucp
97 | mode 660
98 | port 4570
99 | refresh 60
100 | server 127.0.0.1
101 | peername 19999
102 | secret CLEARTEXT_PASSWORD
103 | cidname Fax System
104 | cidnumber 9999999999
105 | codec ulaw
106 | ```
107 |
108 | `vim /etc/asterisk/iax_custom.conf`
109 |
110 | ```bash
111 | [19999]
112 | deny=0.0.0.0/0.0.0.0
113 | secret=CLEARTEXT_PASSWORD
114 | transfer=yes
115 | host=dynamic
116 | type=friend
117 | port=4570
118 | qualify=yes
119 | dial=IAX2/19999
120 | accountcode=
121 | permit=0.0.0.0/0.0.0.0
122 | requirecalltoken=no
123 | context=from-internal
124 | secret_origional=CLEARTEXT_PASSWORD
125 | callerid=Fax System <19999>
126 | setvar=REALCALLERIDNUM=
127 | ```
128 |
129 | After editing run **Hylafax**:
130 |
131 | faxsetup
132 |
133 | Which will also run `faxaddmodem`, use **ttyIAX0**
134 | for "Serial port of modem".
135 |
136 | In FreePBX GUI, add the following Custom Destination:
137 |
138 | Fax(Hylafax) => custom-fax-iaxmodem,s,1
139 |
140 | Incoming fax support requires a dedicated DID, and point the DID to the new Custom Destination.
141 |
142 | Outbound faxing will go out via the normal trunks as configured.
143 |
144 | Before visiting `https://ip_or_hostname/avantfax`, update/change root password to access Avantfax Database to the one that was set using **Webmin** UI `Servers -> MySQL Database Server -> Change Administration Password`.
145 |
146 | vim /var/www/html/avantfax/includes/local_config.php
147 |
148 | ## Your now ready to config FreePBX by visiting
149 |
150 | * https://host_ip
151 | * https://host_name
152 |
153 | ## For better security
154 |
155 | Make sure to turn off:
156 |
157 | Allow Anonymous Inbound SIP Calls and Allow SIP Guests
158 |
159 | Under `Settings -> Asterisk SIP Settings -> Security Settings`.
160 |
161 | ----------
162 |
163 | ## For Free **SIP** *VoIP* service using [Google Voice](http://www.google.com/voice) and [obitalk.com](https://www.obitalk.com) with **Obihai** [devices](https://www.obitalk.com/info/products)
164 |
165 | Modified setup configurations from https://cboh.org/voip/obi/OBi_As_ITSP.html
166 |
167 | **Add your Google Voice number**
168 | 
169 | 
170 |
171 | **Add your public ip address of your obi ATA device/router**
172 |
173 | **Add SIP Credentials that was set on the obi ATA device/router**
174 | 
175 | 
176 | 
177 | 
178 | 
179 |
180 | 
181 | 
182 |
183 | Insure you have all items in red **"!"** are changed/edited to match.
184 | 
185 |
186 | **Add your FreePBX Server IP address/URI and create SIP Credentials**
187 | 
188 | 
189 | 
190 | 
191 | 
192 |
193 | **Additional setting need to be set using Obi device built-in webserver**
194 | 
195 | 
196 | 
197 | 
198 |
199 | **Test calling out before making this final change. Adding your Google Voice number**
200 | 
201 |
202 | >Make sure to change setting at Google Voice website to have calls going only to your Obi ATA device, not to any other phone or device.
203 |
--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM centos:7.8.2003
2 |
3 | LABEL maintainer="technoexpressnet@gmail.com"
4 |
5 | # Install Required Dependencies
6 | RUN yum install http://mirror.centos.org/centos/7/os/x86_64/Packages/libical-3.0.3-2.el7.x86_64.rpm -y \
7 | && yum install http://yum.freepbxdistro.org/pbx/10.13.66/x86_64/RPMS/digium/libresample/0.1.3/libresample-0.1.3-11_centos6.x86_64.rpm -y \
8 | && yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm -y \
9 | && rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm \
10 | && yum -y install https://ftp.tu-chemnitz.de/pub/linux/dag/redhat/el7/en/x86_64/rpmforge/RPMS/denyhosts-2.6-5.el7.rf.noarch.rpm \
11 | && yum -y --enablerepo=epel install sudo icu gcc-c++ lynx tftp-server unixODBC mariadb-devel \
12 | mariadb-server mariadb mysql-connector-odbc httpd mod_ssl ncurses curl perl fail2ban \
13 | fail2ban-hostsdeny openssh-server openssh-server-sysvinit sendmail sendmail-cf \
14 | sox newt libxml2 libtiff iptables-utils iptables-services initscripts postfix mailx \
15 | audiofile gtk2 subversion unzip rsyslog git crontabs cronie cronie-anacron wget vim \
16 | uuid sqlite net-tools texinfo icu libicu-devel sysvinit-tools bind bind-utils gnutls gnutls-devel perl-devel whois at \
17 | && yum -y install http://mirror.centos.org/centos/7/os/x86_64/Packages/perl-URI-1.60-9.el7.noarch.rpm \
18 | && yum -y install perl-DBI perl-DBD-MySQL perl-Crypt-SSLeay perl-LWP-Protocol-https perl-libwww-perl
19 |
20 | # Install Shorewall and the fail2ban action
21 | # Install php 5.6 repositories and php5.6w
22 | # Install nodejs
23 | RUN yum install http://www.shorewall.net/pub/shorewall/5.1/shorewall-5.1.9/shorewall-core-5.1.9-0base.noarch.rpm -y \
24 | && yum install http://www.shorewall.net/pub/shorewall/5.1/shorewall-5.1.9/shorewall-5.1.9-0base.noarch.rpm -y \
25 | && yum install http://www.shorewall.net/pub/shorewall/5.1/shorewall-5.1.9/shorewall-init-5.1.9-0base.noarch.rpm -y \
26 | && yum install http://www.shorewall.net/pub/shorewall/5.1/shorewall-5.1.9/shorewall6-5.1.9-0base.noarch.rpm -y \
27 | && yum install fail2ban-shorewall -y \
28 | && yum -y install php56w php56w-pdo php56w-mysql php56w-mbstring php56w-pear php56w-process php56w-xml php56w-gd php56w-opcache php56w-ldap php56w-intl php56w-soap php56w-zip php56w-devel php-pecl-Fileinfo ImageMagick-devel perl-CGI php-pear-Net-Socket php-pear-Auth-SASL \
29 | && curl -sL https://rpm.nodesource.com/setup_11.x | bash - && yum install -y nodejs
30 |
31 | # Asterisk and FreePBX Repositorie
32 | # Install lame jansson iksemel and pjproject
33 | # Copy configs and set Asterisk ownership permissions
34 | COPY etc /etc/
35 |
36 | RUN yum update -y \
37 | && yum -y install lame jansson pjproject iksemel \
38 | && yum -y install http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm \
39 | && yum -y install mpg123 ffmpeg libde265 x265 libdvdcss gstreamer-plugins-bad-nonfree gstreamer1-plugins-bad-freeworld netpbm libungif ghostscript-fonts sharutils expect \
40 | && pear channel-update pear.php.net \
41 | && pear install Mail Net_SMTP Mail_mime MDB2_driver_mysql
42 |
43 | # Install Asterisk, Add Asterisk user, Download extra sounds
44 | RUN adduser asterisk -m -c "Asterisk User" \
45 | && yum install asterisk16 asterisk16-flite asterisk16-doc asterisk16-voicemail asterisk16-configs asterisk16-odbc asterisk16-resample -y \
46 | && yum install asterisk-sounds-core-* asterisk-sounds-extra-* asterisk-sounds-moh-* -y \
47 | && chown asterisk. /var/run/asterisk \
48 | && chown -R asterisk. /var/lib/asterisk \
49 | && chown -R asterisk. /var/log/asterisk \
50 | && chown -R asterisk. /var/spool/asterisk \
51 | && chown -R asterisk. /usr/lib64/asterisk \
52 | && chown -R asterisk. /var/www/ \
53 | && chown -R asterisk. /etc/asterisk \
54 | && chmod 775 /etc/asterisk/cdr_adaptive_odbc.conf
55 |
56 | # Fixes issue with running systemD inside docker builds
57 | # From https://github.com/gdraheim/docker-systemctl-replacement
58 | COPY systemctl.py /usr/bin/systemctl.py
59 |
60 | RUN cp -f /usr/bin/systemctl /usr/bin/systemctl.original \
61 | && chmod +x /usr/bin/systemctl.py \
62 | && cp -f /usr/bin/systemctl.py /usr/bin/systemctl
63 |
64 | RUN systemctl stop firewalld \
65 | && systemctl disable dbus firewalld \
66 | && (cd /lib/systemd/system/sysinit.target.wants/; for i in *; do [ $i == \
67 | systemd-tmpfiles-setup.service ] || rm -f $i; done); \
68 | rm -f /lib/systemd/system/multi-user.target.wants/*; \
69 | rm -f /lib/systemd/system/local-fs.target.wants/*; \
70 | rm -f /lib/systemd/system/sockets.target.wants/*udev*; \
71 | rm -f /lib/systemd/system/sockets.target.wants/*initctl*; \
72 | rm -f /lib/systemd/system/basic.target.wants/*; \
73 | rm -f /lib/systemd/system/anaconda.target.wants/*; \
74 | rm -f /etc/dbus-1/system.d/*; \
75 | rm -f /etc/systemd/system/sockets.target.wants/*;
76 |
77 | # Install FreePBX
78 | RUN sed -i 's@ulimit @#ulimit @' /usr/sbin/safe_asterisk \
79 | && systemctl start mariadb \
80 | && mkdir -p /var/www/html/admin/modules/pm2/node/logs \
81 | && mkdir -p /var/www/html/admin/modules/ucp/node/logs \
82 | && chmod -R 775 /var/www/html/admin/modules/pm2/node \
83 | && chmod -R 775 /var/www/html/admin/modules/ucp/node \
84 | && chown -R asterisk:asterisk /var/www/html/admin/modules/pm2 \
85 | && chown -R asterisk:asterisk /var/www/html/admin/modules/ucp \
86 | && cd /usr/src \
87 | && wget -q https://mirror.freepbx.org/modules/packages/freepbx/freepbx-15.0-latest.tgz \
88 | && tar xfz freepbx-15.0-latest.tgz \
89 | && rm -f freepbx-15.0-latest.tgz \
90 | && cd freepbx \
91 | && ./start_asterisk start \
92 | && ./install -n \
93 | && rm -rf /usr/src/freepbx \
94 | && fwconsole ma downloadinstall ttsengines \
95 | && fwconsole ma downloadinstall ucp \
96 | && fwconsole ma downloadinstall ivr \
97 | && fwconsole ma downloadinstall filestore \
98 | && fwconsole ma downloadinstall backup \
99 | && fwconsole ma downloadinstall arimanager \
100 | && fwconsole ma downloadinstall asteriskinfo \
101 | && fwconsole ma downloadinstall pm2 \
102 | && fwconsole ma upgradeall \
103 | && mysql -e "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('CLEARTEXT_PASSWORD')" \
104 | && mysql -uroot -pCLEARTEXT_PASSWORD -e "GRANT ALL PRIVILEGES ON asterisk.* TO freepbxuser@localhost;" \
105 | && mysql -uroot -pCLEARTEXT_PASSWORD -e "GRANT ALL PRIVILEGES ON asteriskcdrdb.* TO freepbxuser@localhost;" \
106 | && mysql -uroot -pCLEARTEXT_PASSWORD -e "DELETE FROM mysql.user WHERE User=''; DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1'); DROP DATABASE IF EXISTS test; DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'; FLUSH PRIVILEGES;"
107 |
108 | # Install Webmin repositorie and Webmin
109 | RUN wget http://www.webmin.com/jcameron-key.asc -q && rpm --import jcameron-key.asc \
110 | && yum install webmin yum-versionlock -y && yum versionlock systemd && rm jcameron-key.asc
111 |
112 | RUN chmod 777 /tftpboot \
113 | && chmod 6711 /usr/bin/procmail \
114 | && chown root:root /usr/bin/procmail \
115 | && chown -R postfix:postdrop /var/spool/postfix \
116 | && touch /var/log/asterisk/full /var/log/secure /var/log/maillog /var/log/httpd/access_log /etc/httpd/logs/error_log /var/log/fail2ban.log /etc/postfix/dependent.db \
117 | && echo "" > /etc/postfix/transport \
118 | && echo "mailbox_command = /bin/procmail" >> /etc/postfix/main.cf \
119 | && sed -i "s@#Port 22@Port 2122@" /etc/ssh/sshd_config \
120 | && sed -i "s#10000#9990#" /etc/webmin/miniserv.conf \
121 | && sed -i "s#9000,#9990,#" /etc/shorewall/rules \
122 | && sed -i "s#STARTUP_ENABLED=No#STARTUP_ENABLED=Yes#" /etc/shorewall/shorewall.conf \
123 | && sed -i "s#DOCKER=No#DOCKER=Yes#" /etc/shorewall/shorewall.conf \
124 | && sed -i "s#docker0#eth0#" /etc/shorewall/interfaces \
125 | && sed -i 's#, #\nAfter=#' /etc/systemd/system/containerstartup.service \
126 | && sed -i 's#/etc/pki/tls/private/localhost.key#/etc/webmin/letsencrypt-key.pem#' /etc/httpd/conf.d/ssl.conf \
127 | && sed -i 's#/etc/pki/tls/certs/localhost.crt#/etc/webmin/letsencrypt-cert.pem#' /etc/httpd/conf.d/ssl.conf \
128 | && sed -i 's#localhost.key#localhost.key\n\tcat \"/etc/letsencrypt/archive/$HOSTNAME/privkey1.pem\" \"/etc/letsencrypt/archive/$HOSTNAME/cert1.pem\" >/etc/webmin/miniserv.pem#' /etc/containerstartup.sh \
129 | && systemctl.original disable sendmail.service \
130 | && systemctl.original enable iptables.service fail2ban.service shorewall.service mariadb.service asterisk.service httpd.service freepbx.service crond.service rsyslog.service sshd-keygen.service sshd.service postfix.service named.service webmin.service containerstartup.service \
131 | && chmod +x /etc/containerstartup.sh \
132 | && mv -f /etc/containerstartup.sh /containerstartup.sh \
133 | && echo "root:freepbx" | chpasswd
134 |
135 | ENV container docker
136 | ENV HTTPPORT 80
137 | ENV SSLPORT 443
138 | ENV SSHPORT 2122
139 | ENV WEBMINPORT 9990
140 | ENV INTERFACE eth0
141 |
142 | EXPOSE 25 53/udp 80 443 465 953 2122 5060/tcp 5060/udp 5061/tcp 5061/udp 5062/tcp 5062/udp 5063/tcp 5063/udp 8001 8003 8088 8089 9990/tcp 9990/udp 10000-10100/tcp 10000-10100/udp
143 |
144 | ENTRYPOINT ["/usr/bin/systemctl","default","--init"]
145 |
--------------------------------------------------------------------------------
/etc/httpd/conf.d/ssl.conf:
--------------------------------------------------------------------------------
1 | #
2 | # When we also provide SSL we have to listen to the
3 | # the HTTPS port in addition.
4 | #
5 | Listen 443 https
6 |
7 | ##
8 | ## SSL Global Context
9 | ##
10 | ## All SSL configuration in this context applies both to
11 | ## the main server and all SSL-enabled virtual hosts.
12 | ##
13 |
14 | # Pass Phrase Dialog:
15 | # Configure the pass phrase gathering process.
16 | # The filtering dialog program (`builtin' is a internal
17 | # terminal dialog) has to provide the pass phrase on stdout.
18 | SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
19 |
20 | # Inter-Process Session Cache:
21 | # Configure the SSL Session Cache: First the mechanism
22 | # to use and second the expiring timeout (in seconds).
23 | SSLSessionCache shmcb:/run/httpd/sslcache(512000)
24 | SSLSessionCacheTimeout 300
25 |
26 | # Pseudo Random Number Generator (PRNG):
27 | # Configure one or more sources to seed the PRNG of the
28 | # SSL library. The seed data should be of good random quality.
29 | # WARNING! On some platforms /dev/random blocks if not enough entropy
30 | # is available. This means you then cannot use the /dev/random device
31 | # because it would lead to very long connection times (as long as
32 | # it requires to make more entropy available). But usually those
33 | # platforms additionally provide a /dev/urandom device which doesn't
34 | # block. So, if available, use this one instead. Read the mod_ssl User
35 | # Manual for more details.
36 | SSLRandomSeed startup file:/dev/urandom 256
37 | SSLRandomSeed connect builtin
38 | #SSLRandomSeed startup file:/dev/random 512
39 | #SSLRandomSeed connect file:/dev/random 512
40 | #SSLRandomSeed connect file:/dev/urandom 512
41 |
42 | #
43 | # Use "SSLCryptoDevice" to enable any supported hardware
44 | # accelerators. Use "openssl engine -v" to list supported
45 | # engine names. NOTE: If you enable an accelerator and the
46 | # server does not start, consult the error logs and ensure
47 | # your accelerator is functioning properly.
48 | #
49 | SSLCryptoDevice builtin
50 | #SSLCryptoDevice ubsec
51 |
52 | ##
53 | ## SSL Virtual Host Context
54 | ##
55 |
56 |
57 |
58 | # General setup for the virtual host, inherited from global configuration
59 | #DocumentRoot "/var/www/html"
60 | #ServerName www.example.com:443
61 |
62 | # Use separate log files for the SSL virtual host; note that LogLevel
63 | # is not inherited from httpd.conf.
64 | ErrorLog logs/ssl_error_log
65 | TransferLog logs/ssl_access_log
66 | LogLevel warn
67 |
68 | # SSL Engine Switch:
69 | # Enable/Disable SSL for this virtual host.
70 | SSLEngine on
71 |
72 | # SSL Protocol support:
73 | # List the enable protocol levels with which clients will be able to
74 | # connect. Disable SSLv2 access by default:
75 | SSLProtocol +TLSv1.1 +TLSv1.2
76 |
77 | # SSL Cipher Suite:
78 | # List the ciphers that the client is permitted to negotiate.
79 | # See the mod_ssl documentation for a complete list.
80 | SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
81 |
82 | refresh/update for text to speech, remove unused, added xsome nessary frepbx modules
83 |
84 | # Speed-optimized SSL Cipher configuration:
85 | # If speed is your main concern (on busy HTTPS servers e.g.),
86 | # you might want to force clients to specific, performance
87 | # optimized ciphers. In this case, prepend those ciphers
88 | # to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
89 | # Caveat: by giving precedence to RC4-SHA and AES128-SHA
90 | # (as in the example below), most connections will no longer
91 | # have perfect forward secrecy - if the server's key is
92 | # compromised, captures of past or future traffic must be
93 | # considered compromised, too.
94 | #SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
95 | #SSLHonorCipherOrder on
96 |
97 | # Server Certificate:
98 | # Point SSLCertificateFile at a PEM encoded certificate. If
99 | # the certificate is encrypted, then you will be prompted for a
100 | # pass phrase. Note that a kill -HUP will prompt again. A new
101 | # certificate can be generated using the genkey(1) command.
102 | SSLCertificateFile /etc/pki/tls/certs/localhost.crt
103 |
104 | # Server Private Key:
105 | # If the key is not combined with the certificate, use this
106 | # directive to point at the key file. Keep in mind that if
107 | # you've both a RSA and a DSA private key you can configure
108 | # both in parallel (to also allow the use of DSA ciphers, etc.)
109 | SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
110 |
111 | # Server Certificate Chain:
112 | # Point SSLCertificateChainFile at a file containing the
113 | # concatenation of PEM encoded CA certificates which form the
114 | # certificate chain for the server certificate. Alternatively
115 | # the referenced file can be the same as SSLCertificateFile
116 | # when the CA certificates are directly appended to the server
117 | # certificate for convinience.
118 | #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
119 |
120 | # Certificate Authority (CA):
121 | # Set the CA certificate verification path where to find CA
122 | # certificates for client authentication or alternatively one
123 | # huge file containing all of them (file must be PEM encoded)
124 | #SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
125 |
126 | # Client Authentication (Type):
127 | # Client certificate verification type and depth. Types are
128 | # none, optional, require and optional_no_ca. Depth is a
129 | # number which specifies how deeply to verify the certificate
130 | # issuer chain before deciding the certificate is not valid.
131 | #SSLVerifyClient require
132 | #SSLVerifyDepth 10
133 |
134 | # Access Control:
135 | # With SSLRequire you can do per-directory access control based
136 | # on arbitrary complex boolean expressions containing server
137 | # variable checks and other lookup directives. The syntax is a
138 | # mixture between C and Perl. See the mod_ssl documentation
139 | # for more details.
140 | #
141 | #SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
142 | # and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
143 | # and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
144 | # and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
145 | # and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
146 | # or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
147 | #
148 |
149 | # SSL Engine Options:
150 | # Set various options for the SSL engine.
151 | # o FakeBasicAuth:
152 | # Translate the client X.509 into a Basic Authorisation. This means that
153 | # the standard Auth/DBMAuth methods can be used for access control. The
154 | # user name is the `one line' version of the client's X.509 certificate.
155 | # Note that no password is obtained from the user. Every entry in the user
156 | # file needs this password: `xxj31ZMTZzkVA'.
157 | # o ExportCertData:
158 | # This exports two additional environment variables: SSL_CLIENT_CERT and
159 | # SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
160 | # server (always existing) and the client (only existing when client
161 | # authentication is used). This can be used to import the certificates
162 | # into CGI scripts.
163 | # o StdEnvVars:
164 | # This exports the standard SSL/TLS related `SSL_*' environment variables.
165 | # Per default this exportation is switched off for performance reasons,
166 | # because the extraction step is an expensive operation and is usually
167 | # useless for serving static content. So one usually enables the
168 | # exportation for CGI and SSI requests only.
169 | # o StrictRequire:
170 | # This denies access when "SSLRequireSSL" or "SSLRequire" applied even
171 | # under a "Satisfy any" situation, i.e. when it applies access is denied
172 | # and no other module can change it.
173 | # o OptRenegotiate:
174 | # This enables optimized SSL connection renegotiation handling when SSL
175 | # directives are used in per-directory context.
176 | #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
177 |
178 | SSLOptions +StdEnvVars
179 |
180 |
181 | SSLOptions +StdEnvVars
182 |
183 |
184 | # SSL Protocol Adjustments:
185 | # The safe and default but still SSL/TLS standard compliant shutdown
186 | # approach is that mod_ssl sends the close notify alert but doesn't wait for
187 | # the close notify alert from client. When you need a different shutdown
188 | # approach you can use one of the following variables:
189 | # o ssl-unclean-shutdown:
190 | # This forces an unclean shutdown when the connection is closed, i.e. no
191 | # SSL close notify alert is send or allowed to received. This violates
192 | # the SSL/TLS standard but is needed for some brain-dead browsers. Use
193 | # this when you receive I/O errors because of the standard approach where
194 | # mod_ssl sends the close notify alert.
195 | # o ssl-accurate-shutdown:
196 | # This forces an accurate shutdown when the connection is closed, i.e. a
197 | # SSL close notify alert is send and mod_ssl waits for the close notify
198 | # alert of the client. This is 100% SSL/TLS standard compliant, but in
199 | # practice often causes hanging connections with brain-dead browsers. Use
200 | # this only for browsers where you know that their SSL implementation
201 | # works correctly.
202 | # Notice: Most problems of broken clients are also related to the HTTP
203 | # keep-alive facility, so you usually additionally want to disable
204 | # keep-alive for those clients, too. Use variable "nokeepalive" for this.
205 | # Similarly, one has to force some clients to use HTTP/1.0 to workaround
206 | # their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
207 | # "force-response-1.0" for this.
208 | BrowserMatch "MSIE [2-5]" \
209 | nokeepalive ssl-unclean-shutdown \
210 | downgrade-1.0 force-response-1.0
211 |
212 | # Per-Server Logging:
213 | # The home of a custom SSL log file. Use this when you want a
214 | # compact non-error SSL logfile on a virtual host basis.
215 | CustomLog logs/ssl_request_log \
216 | "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
217 |
218 |
219 |
--------------------------------------------------------------------------------
/etc/httpd/conf/httpd.conf:
--------------------------------------------------------------------------------
1 | #
2 | # This is the main Apache HTTP server configuration file. It contains the
3 | # configuration directives that give the server its instructions.
4 | # See for detailed information.
5 | # In particular, see
6 | #
7 | # for a discussion of each configuration directive.
8 | #
9 | # Do NOT simply read the instructions in here without understanding
10 | # what they do. They're here only as hints or reminders. If you are unsure
11 | # consult the online docs. You have been warned.
12 | #
13 | # Configuration and logfile names: If the filenames you specify for many
14 | # of the server's control files begin with "/" (or "drive:/" for Win32), the
15 | # server will use that explicit path. If the filenames do *not* begin
16 | # with "/", the value of ServerRoot is prepended -- so 'log/access_log'
17 | # with ServerRoot set to '/www' will be interpreted by the
18 | # server as '/www/log/access_log', where as '/log/access_log' will be
19 | # interpreted as '/log/access_log'.
20 |
21 | #
22 | # ServerRoot: The top of the directory tree under which the server's
23 | # configuration, error, and log files are kept.
24 | #
25 | # Do not add a slash at the end of the directory path. If you point
26 | # ServerRoot at a non-local disk, be sure to specify a local disk on the
27 | # Mutex directive, if file-based mutexes are used. If you wish to share the
28 | # same ServerRoot for multiple httpd daemons, you will need to change at
29 | # least PidFile.
30 | #
31 | ServerRoot "/etc/httpd"
32 |
33 | #
34 | # Listen: Allows you to bind Apache to specific IP addresses and/or
35 | # ports, instead of the default. See also the
36 | # directive.
37 | #
38 | # Change this to Listen on specific IP addresses as shown below to
39 | # prevent Apache from glomming onto all bound IP addresses.
40 | #
41 | #Listen 12.34.56.78:80
42 | Listen 80 http
43 |
44 | #
45 | # Dynamic Shared Object (DSO) Support
46 | #
47 | # To be able to use the functionality of a module which was built as a DSO you
48 | # have to place corresponding `LoadModule' lines at this location so the
49 | # directives contained in it are actually available _before_ they are used.
50 | # Statically compiled modules (those listed by `httpd -l') do not need
51 | # to be loaded here.
52 | #
53 | # Example:
54 | # LoadModule foo_module modules/mod_foo.so
55 | #
56 | Include conf.modules.d/*.conf
57 |
58 | #
59 | # If you wish httpd to run as a different user or group, you must run
60 | # httpd as root initially and it will switch.
61 | #
62 | # User/Group: The name (or #number) of the user/group to run httpd as.
63 | # It is usually good practice to create a dedicated user and group for
64 | # running httpd, as with most system services.
65 | #
66 | User asterisk
67 | Group asterisk
68 |
69 | # 'Main' server configuration
70 | #
71 | # The directives in this section set up the values used by the 'main'
72 | # server, which responds to any requests that aren't handled by a
73 | # definition. These values also provide defaults for
74 | # any containers you may define later in the file.
75 | #
76 | # All of these directives may appear inside containers,
77 | # in which case these default settings will be overridden for the
78 | # virtual host being defined.
79 | #
80 |
81 | #
82 | # ServerAdmin: Your address, where problems with the server should be
83 | # e-mailed. This address appears on some server-generated pages, such
84 | # as error documents. e.g. admin@your-domain.com
85 | #
86 | ServerAdmin root@localhost
87 |
88 | #
89 | # ServerName gives the name and port that the server uses to identify itself.
90 | # This can often be determined automatically, but we recommend you specify
91 | # it explicitly to prevent problems during startup.
92 | #
93 | # If your host doesn't have a registered DNS name, enter its IP address here.
94 | #
95 | #ServerName www.example.com:80
96 |
97 | #
98 | # Deny access to the entirety of your server's filesystem. You must
99 | # explicitly permit access to web content directories in other
100 | # blocks below.
101 | #
102 |
103 | AllowOverride none
104 | Require all denied
105 |
106 |
107 | #
108 | # Note that from this point forward you must specifically allow
109 | # particular features to be enabled - so if something's not working as
110 | # you might expect, make sure that you have specifically enabled it
111 | # below.
112 | #
113 |
114 | #
115 | # DocumentRoot: The directory out of which you will serve your
116 | # documents. By default, all requests are taken from this directory, but
117 | # symbolic links and aliases may be used to point to other locations.
118 | #
119 | DocumentRoot "/var/www/html"
120 |
121 | #
122 | # Relax access to content within /var/www.
123 | #
124 |
125 | AllowOverride All
126 | # Allow open access:
127 | Require all granted
128 |
129 |
130 | # Further relax access to the default document root:
131 |
132 | #
133 | # Possible values for the Options directive are "None", "All",
134 | # or any combination of:
135 | # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
136 | #
137 | # Note that "MultiViews" must be named *explicitly* --- "Options All"
138 | # doesn't give it to you.
139 | #
140 | # The Options directive is both complicated and important. Please see
141 | # http://httpd.apache.org/docs/2.4/mod/core.html#options
142 | # for more information.
143 | #
144 | Options Indexes FollowSymLinks
145 |
146 | #
147 | # AllowOverride controls what directives may be placed in .htaccess files.
148 | # It can be "All", "None", or any combination of the keywords:
149 | # Options FileInfo AuthConfig Limit
150 | #
151 | AllowOverride All
152 |
153 | #
154 | # Controls who can get stuff from this server.
155 | #
156 | Require all granted
157 |
158 |
159 | #
160 | # DirectoryIndex: sets the file that Apache will serve if a directory
161 | # is requested.
162 | #
163 |
164 | DirectoryIndex index.html
165 |
166 |
167 | #
168 | # The following lines prevent .htaccess and .htpasswd files from being
169 | # viewed by Web clients.
170 | #
171 |
172 | Require all denied
173 |
174 |
175 | #
176 | # ErrorLog: The location of the error log file.
177 | # If you do not specify an ErrorLog directive within a
178 | # container, error messages relating to that virtual host will be
179 | # logged here. If you *do* define an error logfile for a
180 | # container, that host's errors will be logged there and not here.
181 | #
182 | ErrorLog "logs/error_log"
183 |
184 | #
185 | # LogLevel: Control the number of messages logged to the error_log.
186 | # Possible values include: debug, info, notice, warn, error, crit,
187 | # alert, emerg.
188 | #
189 | LogLevel warn
190 |
191 |
192 | #
193 | # The following directives define some format nicknames for use with
194 | # a CustomLog directive (see below).
195 | #
196 | LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
197 | LogFormat "%h %l %u %t \"%r\" %>s %b" common
198 |
199 |
200 | # You need to enable mod_logio.c to use %I and %O
201 | LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio
202 |
203 |
204 | #
205 | # The location and format of the access logfile (Common Logfile Format).
206 | # If you do not define any access logfiles within a
207 | # container, they will be logged here. Contrariwise, if you *do*
208 | # define per- access logfiles, transactions will be
209 | # logged therein and *not* in this file.
210 | #
211 | #CustomLog "logs/access_log" common
212 |
213 | #
214 | # If you prefer a logfile with access, agent, and referer information
215 | # (Combined Logfile Format) you can use the following directive.
216 | #
217 | CustomLog "logs/access_log" combined
218 |
219 |
220 |
221 | #
222 | # Redirect: Allows you to tell clients about documents that used to
223 | # exist in your server's namespace, but do not anymore. The client
224 | # will make a new request for the document at its new location.
225 | # Example:
226 | # Redirect permanent /foo http://www.example.com/bar
227 |
228 | #
229 | # Alias: Maps web paths into filesystem paths and is used to
230 | # access content that does not live under the DocumentRoot.
231 | # Example:
232 | # Alias /webpath /full/filesystem/path
233 | #
234 | # If you include a trailing / on /webpath then the server will
235 | # require it to be present in the URL. You will also likely
236 | # need to provide a section to allow access to
237 | # the filesystem path.
238 |
239 | #
240 | # ScriptAlias: This controls which directories contain server scripts.
241 | # ScriptAliases are essentially the same as Aliases, except that
242 | # documents in the target directory are treated as applications and
243 | # run by the server when requested rather than as documents sent to the
244 | # client. The same rules about trailing "/" apply to ScriptAlias
245 | # directives as to Alias.
246 | #
247 | ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
248 |
249 |
250 |
251 | #
252 | # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
253 | # CGI directory exists, if you have that configured.
254 | #
255 |
256 | AllowOverride All
257 | Options None
258 | Require all granted
259 |
260 |
261 |
262 | #
263 | # TypesConfig points to the file containing the list of mappings from
264 | # filename extension to MIME-type.
265 | #
266 | TypesConfig /etc/mime.types
267 |
268 | #
269 | # AddType allows you to add to or override the MIME configuration
270 | # file specified in TypesConfig for specific file types.
271 | #
272 | #AddType application/x-gzip .tgz
273 | #
274 | # AddEncoding allows you to have certain browsers uncompress
275 | # information on the fly. Note: Not all browsers support this.
276 | #
277 | #AddEncoding x-compress .Z
278 | #AddEncoding x-gzip .gz .tgz
279 | #
280 | # If the AddEncoding directives above are commented-out, then you
281 | # probably should define those extensions to indicate media types:
282 | #
283 | AddType application/x-compress .Z
284 | AddType application/x-gzip .gz .tgz
285 |
286 | #
287 | # AddHandler allows you to map certain file extensions to "handlers":
288 | # actions unrelated to filetype. These can be either built into the server
289 | # or added with the Action directive (see below)
290 | #
291 | # To use CGI scripts outside of ScriptAliased directories:
292 | # (You will also need to add "ExecCGI" to the "Options" directive.)
293 | #
294 | #AddHandler cgi-script .cgi
295 |
296 | # For type maps (negotiated resources):
297 | #AddHandler type-map var
298 |
299 | #
300 | # Filters allow you to process content before it is sent to the client.
301 | #
302 | # To parse .shtml files for server-side includes (SSI):
303 | # (You will also need to add "Includes" to the "Options" directive.)
304 | #
305 | AddType text/html .shtml
306 | AddOutputFilter INCLUDES .shtml
307 |
308 |
309 | #
310 | # Specify a default charset for all content served; this enables
311 | # interpretation of all content as UTF-8 by default. To use the
312 | # default browser choice (ISO-8859-1), or to allow the META tags
313 | # in HTML content to override this choice, comment out this
314 | # directive:
315 | #
316 | AddDefaultCharset UTF-8
317 |
318 |
319 | #
320 | # The mod_mime_magic module allows the server to use various hints from the
321 | # contents of the file itself to determine its type. The MIMEMagicFile
322 | # directive tells the module where the hint definitions are located.
323 | #
324 | MIMEMagicFile conf/magic
325 |
326 |
327 | #
328 | # Customizable error responses come in three flavors:
329 | # 1) plain text 2) local redirects 3) external redirects
330 | #
331 | # Some examples:
332 | #ErrorDocument 500 "The server made a boo boo."
333 | #ErrorDocument 404 /missing.html
334 | #ErrorDocument 404 "/cgi-bin/missing_handler.pl"
335 | #ErrorDocument 402 http://www.example.com/subscription_info.html
336 | #
337 |
338 | #
339 | # EnableMMAP and EnableSendfile: On systems that support it,
340 | # memory-mapping or the sendfile syscall may be used to deliver
341 | # files. This usually improves server performance, but must
342 | # be turned off when serving from networked-mounted
343 | # filesystems or if support for these functions is otherwise
344 | # broken on your system.
345 | # Defaults if commented: EnableMMAP On, EnableSendfile Off
346 | #
347 | #EnableMMAP off
348 | EnableSendfile on
349 |
350 | # Supplemental configuration
351 | #
352 | # Load config files in the "/etc/httpd/conf.d" directory, if any.
353 | IncludeOptional conf.d/*.conf
354 | KeepAlive on
355 |
--------------------------------------------------------------------------------
/etc/root/avantfax_config.php:
--------------------------------------------------------------------------------
1 |
8 | * @copyright 2005 - 2007 MENTALBARCODE Software, LLC
9 | * @copyright 2007 - 2008 iFAX Solutions, Inc.
10 | * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
11 | */
12 |
13 | //
14 | // DATABASE SETTINGS
15 | //
16 | // EDIT DATABASE USER INFO
17 | // You must create the database before you continue (mysql -p < create_table.sql)
18 | define('AFDB_USER', 'root'); // username
19 | define('AFDB_PASS', 'CLEARTEXT_PASSWORD'); // password
20 | define('AFDB_NAME', 'avantfax'); // database name
21 | define('AFDB_ENGINE', 'mysql'); // database engine: mysql
22 | define('AFDB_HOST', 'localhost'); // database host
23 |
24 | //
25 | // HYLAFAX SETTINGS
26 | //
27 | $BINARYDIR = '/usr/bin'; // typical on Linux, while /usr/local/bin would be typical for FreeBSD
28 | $HYLAFAX_PREFIX = '/usr'; // if you installed hylafax from source, your installation may default to /usr/local
29 | $HYLASPOOL = '/var/spool/hylafax';
30 |
31 | // Use HylaFAX's tiff2ps script (/var/spool/hylafax/bin/tiff2ps) instead of AvantFAX's tiff2ps functionality
32 | $HYLATIFF2PS = false;
33 |
34 |
35 | //
36 | // Configuring Caller ID
37 | //
38 | // Set the following to resemble the order in which your Caller ID information and DID/DNIS/DTMF information is stored in your TIFF fax file
39 | // Example output from 'faxinfo fax0000000XX.tif'
40 | // Sender: Internal Fax
41 | // CallID1: 8005551212
42 | // CallID2: iFAX
43 | // CallID3: 8490
44 | //
45 | // The config. file has these settings set:
46 | // CallIDPattern: "NMBR="
47 | // CallIDPattern: "NAME="
48 | // CallIDPattern: "NDID="
49 | //
50 | $CALLIDn_CIDNumber = 1;
51 | $CALLIDn_CIDName = 2;
52 | $CALLIDn_DIDNum = 3;
53 |
54 | //
55 | // Faxmail user
56 | //
57 | // If you're using Email to FAX through your MTA, set the following value as the faxmail user you chose
58 | // If you're using postfix on Debian, this may be faxmaster
59 | $FAXMAILUSER = 'faxmail';
60 |
61 | //
62 | // Apache user
63 | //
64 | // When resubmitting a fax job (faxalter -r), the fax job shows up as owned by the user running httpd
65 | // In order to properly lookup the correct user, $WWWUSER must be the name of the user running httpd.
66 | // Examples are apache, www-run, nobody
67 | $WWWUSER = 'asterisk';
68 |
69 | //
70 | // AvantFAX System email address
71 | //
72 | // Emails from faxrcvd and notify are sent from this email address
73 | define('ADMIN_EMAIL', 'root@localhost'); // system return email address
74 |
75 | //
76 | // EMAIL settings for faxrcvd and notify
77 | //
78 | // If you would like to include the fax PDF for successful faxes, set the following to true
79 | // Failed faxes automatically have the failed PDF attached to the email
80 | $NOTIFY_INCLUDE_PDF = false;
81 |
82 | // If you would like the email from faxrcvd to include the thumbnail image
83 | $FAXRCVD_INCLUDE_THUMBNAIL = true;
84 | $FAXRCVD_INCLUDE_PDF = true;
85 |
86 | //
87 | // DID/DTMF Routing
88 | //
89 | // If you're using DTMF enabled hardware or PBX that is sending hunt group information to HylaFAX, you can set the following to true
90 | $ENABLE_DID_ROUTING = false;
91 |
92 | // Set this to false if you don't want to auto configure new DID/DTMF Routing groups. This is helpful for automatically creating
93 | // new DID groups upon receiving new faxes. However, some may find it a hassle to have new groups created. Faxes that arrive
94 | // on an unconfigured DID/DTMF group will then go into the Catch-All group
95 | $AUTOCONFDID = true;
96 |
97 | //
98 | // AvantFAX Interface Options
99 | //
100 |
101 | $dft_config_lang = 'en'; // default system language (english)
102 |
103 | // Default values for fields when sending a fax either through AvantFAX or directly through HylaFAX
104 | // (only if they haven't been set in /etc/hylafax/hyla.conf)
105 | $FROM_COMPANY = "";
106 | $FROM_LOCATION = "";
107 | $FROM_FAXNUMBER = "";
108 | $FROM_VOICENUMBER = "";
109 | $DEFAULT_TSI_ID = "";
110 |
111 | // enable interface to show link for downloading the original TIFF file
112 | $ENABLE_DL_TIFF = false;
113 |
114 | // server name
115 | $AVANTFAX_SERVERNAME = 'avantfax'; // replace with a custom string for your server name, otherwise leave NULL to use your server's hostname (if found)
116 | $SHOWSERVER_DETAILS = false;
117 |
118 | // Show all Address book contacts
119 | // You would set to false once you have several hundreds (even thousands) of contacts that it doesn't make sense
120 | // to load them all every time you load a page like Contacts and Archive
121 | $SHOW_ALL_CONTACTS = true;
122 |
123 | // If you want to convert your faxes to G4 format (to save space) when faxrcvd copies the tif file to the AvantFAX archive
124 | $TIFF_TO_G4 = false;
125 |
126 | // To enable debugging
127 | $AVANTFAX_DEBUG = false;
128 |
129 | // This mode is for restricting user access to faxes in the archive
130 | // When diabled, users can view faxes that were received on their viewable fax line (or DID group) OR viewable category
131 | // When enabled, users can only view faxes that were received on their viewable fax line (or DID group) AND viewable category
132 | // Therefore, when in use, users who have access to one modem (or DID group) cannot see the faxes from another modem (or DID group)
133 | // even if they can view that category
134 | define('RESTRICTED_USER_MODE', false);
135 |
136 | // set to 1 if you want your custom cover page to show total pages in the fax instead of number pages that follow the cover page
137 | // this is used ONLY when you send a fax that consists of just the cover page
138 | // the default cover page displays (Number of pages to follow: 0)
139 | $NUM_PAGES_FOLLOW = 0;
140 |
141 | // Fax number lookup
142 | // replace your own link but fax number must be behind the last =
143 | define('WHITEPAGES', "http://www.whitepages.com/search/ReversePhone?full_phone="); // White Pages USA
144 | // define('WHITEPAGES', "http://www.paginebianche.it/execute.cgi?btt=1&tl=2&tr=106&qs="); // White Pages Italy
145 | // define('WHITEPAGES', "http://privatpersoner.eniro.se/query?stq=0&searcharea=&what=wphone&searchword="); // Vita sidorna Eniro, Sverige
146 |
147 | // increase if you want users to be able to have longer values
148 | // WHFC has issues with usernames longer than 15 chars
149 | define('MAX_USERNAME_SIZE', 15);
150 | define('MAX_PASSWD_SIZE', 15);
151 | define('MIN_PASSWD_SIZE', 8);
152 | define('MAX_EMAIL_SIZE', 99);
153 |
154 | // List Inbox by modem instead of by date
155 | define('INBOX_LIST_MODEM', false);
156 |
157 | // Inbox takes focus when new fax arrives
158 | $FOCUS_ON_NEW_FAX = false;
159 | // Inbox shows a popup window (Javascript alert) when a new fax arrives
160 | $FOCUS_ON_NEW_FAX_POPUP = false;
161 |
162 | // Default setting for requesting "requeued" email
163 | $SENDFAX_REQUEUE_EMAIL = true;
164 |
165 | // Toggle if you want to show the Cover page form in sendfax.php (set: true or false)
166 | $SENDFAX_USE_COVERPAGE = true;
167 |
168 | // Archive faxes "Routed by Sender"
169 | // if you would like to see all faxes that are "Routed by Sender" in your Inbox, then set this to false.
170 | // Otherwise, set this to true, so that the fax is archived
171 | $ARCHIVEFAX2EMAIL = true;
172 |
173 | // For smaller screens (ie: 1024x768), set this to false
174 | // When set to false, the Archve page will fit the fax preview image in with the rest of the results
175 | $ARCHIVE_WIDE = true;
176 |
177 | // Set the default number of faxes to display per page in the Inbox and Archive (if user hasn't specified a preference)
178 | // Use either: 10, 15, 20, 25, 30, 50, or 100
179 | $DEFAULT_FAXES_PER_PAGE_INBOX = 25;
180 | $DEFAULT_FAXES_PER_PAGE_ARCHIVE = 30;
181 |
182 | //
183 | // OCR Support
184 | //
185 | // Enable support for Tesseract to read the content of your fax and store the data in your database for improved Archive searching
186 | // tesseract must be installed first
187 | define('ENABLE_OCR_SUPPORT', false); // set to true to enable support
188 | define('OCR_BINARY', "/usr/local/bin/tesseract");
189 | define('OCR_COMMAND', OCR_BINARY." %s %s -l %s"); // to use all languages, remove "-l %s" from the command
190 | define('OCR_LANGUAGE', "eng"); // Examples: eng, fra, deu, spa, ita
191 |
192 | //
193 | // Barcode Support
194 | //
195 | // If you have the bardecode software, you can enable this functionality to automatically store any barcode data from received faxes in the database
196 | // Contact sales@ifax.com for details
197 | define('ENABLE_BARDECODE_SUPPORT', false);
198 | define('BARDECODE_BINARY', "/var/spool/hylafax/bin/bardecode");
199 | define('BARDECODE_COMMAND', BARDECODE_BINARY." -t any -f %s");
200 |
201 | //
202 | // Annotation support
203 | //
204 | // If you want to annotate each fax with AvantFAX's faxid
205 | define('ENABLE_FAX_ANNOTATION', false);
206 | define('ANN_GRAVITY', 'south'); // acceptable values: north, northeast, northwest, south, southeast, southwest
207 | // If you want to print the annotated PDF, set the following to true. Otherwise, the received TIFF file will be printed as received (not annotated)
208 | $FAXRCVD_PRINT_PDF = false;
209 |
210 | //
211 | // Email settings
212 | //
213 | // Email encoding options (values are: SevenBitEncoding, QPrintEncoding, Base64Encoding)
214 | define('EMAIL_ENCODING_TEXT', "Base64Encoding");
215 | define('EMAIL_ENCODING_HTML', "Base64Encoding");
216 |
217 | // Email Charset options (values: UTF-8, or whatever your iso-8859 charset is)
218 | define('EMAIL_ENCODING_CHARSET', "UTF-8");
219 |
220 | // SMTP server support for using external mail server (mail server not on this machine)
221 | define('USE_SMTPSERVER', false); // set to true to enable usage
222 | define('SMTP_SERVER', 'localhost'); // set your mail server address (ie: mail.example.com, or ssl://mail.example.com)
223 | define('SMTP_PORT', 25); // mail server port. For SSL, try 465
224 | define('SMTP_AUTH', false); // set to true to enable SMTP authentication
225 | define('SMTP_USERNAME', ''); // username for authentication
226 | define('SMTP_PASSWORD', ''); // password for authentication
227 | define('SMTP_LOCALHOST', 'localhost'); // the value to give for HELO
228 |
229 | // If you do want to receive an email for every successful sent fax, set $NOTIFY_ON_SUCCESS = true
230 | // If you don't want to receive an email, set it the following to false. This is a global setting and
231 | // individual users cannot override it.
232 | $NOTIFY_ON_SUCCESS = true;
233 |
234 | // AvantFAX Email signature
235 | $SYSTEM_EMAIL_SIG_HTML = 'AvantFAX';
236 | $SYSTEM_EMAIL_SIG_TEXT = 'www.AvantFAX.com';
237 |
238 | //
239 | // Cover page
240 | //
241 | // This is the path to your custom cover page
242 | // The PostScript file must be located in the images/ directory
243 | $COVERPAGE_FILE = 'cover.ps'; // ie: mycover.ps, coverpage.html
244 |
245 | // The new cover page feature allows you to use an HTML page as your cover page
246 | // This means that it will be much easier to make your own coverpages to be used with AvantFAX/HylaFAX
247 | // Your custom HTML cover page must be located in AvantFAX's "images" directory
248 | // This feature requires html2ps. AvantFAX was tested with version 1.0 beta5
249 | // To download html2ps, follow this URL: http://user.it.uu.se/~jan/html2ps.html
250 | $HTML2PS = '/usr/local/bin/html2ps'; // path to html2ps
251 |
252 | // if you need to change the document size
253 | $PAPERSIZE = 'letter'; // a4, letter
254 |
255 | // Cover Page options (for postscript cover pages)
256 | $CPAGE_LINELEN = 80; // max line length
257 |
258 | //
259 | // Printer Settings
260 | //
261 | // Printing support for received faxes to enable support, change to true
262 | $PRINTFAXRCVD = false;
263 | $PRINTERNAME = ''; // the name of the print queue or leave blank for default printer
264 | $PRINTCMD = '/usr/bin/lpr'; // the print spool command
265 | $PRINTFAX2PS = '/usr/bin/fax2ps'; // the print command
266 | $PDFPRINTCMD = '/usr/bin/lpr'; // the print command for PDFs
267 |
268 | //
269 | // Date format settings
270 | //
271 | define('FAXCOVER_DATE_FORMAT', "%d.%m.%Y %H:%M"); // strftime format for faxcover. Example: "%m/%d/%Y %H:%M"
272 | define('EMAIL_DATE_FORMAT', "%d.%m.%Y %H:%M"); // strftime format for notify/faxrcvd subject email dates. Example: "%m/%d/%Y %H:%M"
273 | define('ARCHIVE_DATE_FORMAT', "'%d.%m.%Y %H:%i'");// SQL format for Inbox & Archive Dates. Example: "'%m/%d/%Y %H:%i'" or "GET_FORMAT(DATETIME, 'USA')"
274 |
275 | //
276 | // Ghostscript tweaks
277 | //
278 | // ghostscript
279 | $DPI = 92; // DPI of recieved faxes viewed in inbox (calibrate for rotate speed) higher number for faster processor. View AvantFAX Admin Logs for stats.
280 | $DPIS = 200; // DPI of sent faxes kept in archive (calibrate for pdf file size)
281 |
282 | define('PREV_TN', 80); // thumbnail width
283 | define('PREV_SP', 750); // view fax preview fax image width
284 |
285 | //
286 | // Custom Authentication settings
287 | //
288 | // If you would like to use/develop your own custom authentication backend, set ALTERNATE_AUTH_ENABLE to true and see below
289 | $ALTERNATE_AUTH_ENABLE = false;
290 | // If you want to allow users who aren't able to login via your custom authentication method to be able to login using
291 | // their AvantFAX username and password, set ALTERNATE_AUTH_FALLBACK to true. Otherwise, if you require all users to
292 | // login using your method, set ALTERNATE_AUTH_FALLBACK to false.
293 | $ALTERNATE_AUTH_FALLBACK = true;
294 | // Enter the name of your custom authentication class below. The name of the class must be identical (case-sensitive)
295 | // to the PHP file name and the class must be located in the includes/ directory. The class file will by dynamically
296 | // included by AvantFAX when needed. Your class must implement the "CustomAuth" interface found in includes/classes.php.
297 | // For an example, see includes/PAMAuth.php
298 | $ALTERNATE_AUTH_CLASS = "PAMAuth";
299 |
--------------------------------------------------------------------------------
/etc/httpd/conf/magic:
--------------------------------------------------------------------------------
1 | # Magic data for mod_mime_magic Apache module (originally for file(1) command)
2 | # The module is described in /manual/mod/mod_mime_magic.html
3 | #
4 | # The format is 4-5 columns:
5 | # Column #1: byte number to begin checking from, ">" indicates continuation
6 | # Column #2: type of data to match
7 | # Column #3: contents of data to match
8 | # Column #4: MIME type of result
9 | # Column #5: MIME encoding of result (optional)
10 |
11 | #------------------------------------------------------------------------------
12 | # Localstuff: file(1) magic for locally observed files
13 | # Add any locally observed files here.
14 |
15 | #------------------------------------------------------------------------------
16 | # end local stuff
17 | #------------------------------------------------------------------------------
18 |
19 | #------------------------------------------------------------------------------
20 | # Java
21 |
22 | 0 short 0xcafe
23 | >2 short 0xbabe application/java
24 |
25 | #------------------------------------------------------------------------------
26 | # audio: file(1) magic for sound formats
27 | #
28 | # from Jan Nicolai Langfeldt ,
29 | #
30 |
31 | # Sun/NeXT audio data
32 | 0 string .snd
33 | >12 belong 1 audio/basic
34 | >12 belong 2 audio/basic
35 | >12 belong 3 audio/basic
36 | >12 belong 4 audio/basic
37 | >12 belong 5 audio/basic
38 | >12 belong 6 audio/basic
39 | >12 belong 7 audio/basic
40 |
41 | >12 belong 23 audio/x-adpcm
42 |
43 | # DEC systems (e.g. DECstation 5000) use a variant of the Sun/NeXT format
44 | # that uses little-endian encoding and has a different magic number
45 | # (0x0064732E in little-endian encoding).
46 | 0 lelong 0x0064732E
47 | >12 lelong 1 audio/x-dec-basic
48 | >12 lelong 2 audio/x-dec-basic
49 | >12 lelong 3 audio/x-dec-basic
50 | >12 lelong 4 audio/x-dec-basic
51 | >12 lelong 5 audio/x-dec-basic
52 | >12 lelong 6 audio/x-dec-basic
53 | >12 lelong 7 audio/x-dec-basic
54 | # compressed (G.721 ADPCM)
55 | >12 lelong 23 audio/x-dec-adpcm
56 |
57 | # Bytes 0-3 of AIFF, AIFF-C, & 8SVX audio files are "FORM"
58 | # AIFF audio data
59 | 8 string AIFF audio/x-aiff
60 | # AIFF-C audio data
61 | 8 string AIFC audio/x-aiff
62 | # IFF/8SVX audio data
63 | 8 string 8SVX audio/x-aiff
64 |
65 | # Creative Labs AUDIO stuff
66 | # Standard MIDI data
67 | 0 string MThd audio/unknown
68 | #>9 byte >0 (format %d)
69 | #>11 byte >1 using %d channels
70 | # Creative Music (CMF) data
71 | 0 string CTMF audio/unknown
72 | # SoundBlaster instrument data
73 | 0 string SBI audio/unknown
74 | # Creative Labs voice data
75 | 0 string Creative\ Voice\ File audio/unknown
76 | ## is this next line right? it came this way...
77 | #>19 byte 0x1A
78 | #>23 byte >0 - version %d
79 | #>22 byte >0 \b.%d
80 |
81 | # [GRR 950115: is this also Creative Labs? Guessing that first line
82 | # should be string instead of unknown-endian long...]
83 | #0 long 0x4e54524b MultiTrack sound data
84 | #0 string NTRK MultiTrack sound data
85 | #>4 long x - version %ld
86 |
87 | # Microsoft WAVE format (*.wav)
88 | # [GRR 950115: probably all of the shorts and longs should be leshort/lelong]
89 | # Microsoft RIFF
90 | 0 string RIFF audio/unknown
91 | # - WAVE format
92 | >8 string WAVE audio/x-wav
93 | # MPEG audio.
94 | 0 beshort&0xfff0 0xfff0 audio/mpeg
95 | # C64 SID Music files, from Linus Walleij
96 | 0 string PSID audio/prs.sid
97 |
98 | #------------------------------------------------------------------------------
99 | # c-lang: file(1) magic for C programs or various scripts
100 | #
101 |
102 | # XPM icons (Greg Roelofs, newt@uchicago.edu)
103 | # ideally should go into "images", but entries below would tag XPM as C source
104 | 0 string /*\ XPM image/x-xbm 7bit
105 |
106 | # this first will upset you if you're a PL/1 shop... (are there any left?)
107 | # in which case rm it; ascmagic will catch real C programs
108 | # C or REXX program text
109 | 0 string /* text/plain
110 | # C++ program text
111 | 0 string // text/plain
112 |
113 | #------------------------------------------------------------------------------
114 | # compress: file(1) magic for pure-compression formats (no archives)
115 | #
116 | # compress, gzip, pack, compact, huf, squeeze, crunch, freeze, yabba, whap, etc.
117 | #
118 | # Formats for various forms of compressed data
119 | # Formats for "compress" proper have been moved into "compress.c",
120 | # because it tries to uncompress it to figure out what's inside.
121 |
122 | # standard unix compress
123 | 0 string \037\235 application/octet-stream x-compress
124 |
125 | # gzip (GNU zip, not to be confused with [Info-ZIP/PKWARE] zip archiver)
126 | 0 string \037\213 application/octet-stream x-gzip
127 |
128 | # According to gzip.h, this is the correct byte order for packed data.
129 | 0 string \037\036 application/octet-stream
130 | #
131 | # This magic number is byte-order-independent.
132 | #
133 | 0 short 017437 application/octet-stream
134 |
135 | # XXX - why *two* entries for "compacted data", one of which is
136 | # byte-order independent, and one of which is byte-order dependent?
137 | #
138 | # compacted data
139 | 0 short 0x1fff application/octet-stream
140 | 0 string \377\037 application/octet-stream
141 | # huf output
142 | 0 short 0145405 application/octet-stream
143 |
144 | # Squeeze and Crunch...
145 | # These numbers were gleaned from the Unix versions of the programs to
146 | # handle these formats. Note that I can only uncrunch, not crunch, and
147 | # I didn't have a crunched file handy, so the crunch number is untested.
148 | # Keith Waclena
149 | #0 leshort 0x76FF squeezed data (CP/M, DOS)
150 | #0 leshort 0x76FE crunched data (CP/M, DOS)
151 |
152 | # Freeze
153 | #0 string \037\237 Frozen file 2.1
154 | #0 string \037\236 Frozen file 1.0 (or gzip 0.5)
155 |
156 | # lzh?
157 | #0 string \037\240 LZH compressed data
158 |
159 | #------------------------------------------------------------------------------
160 | # frame: file(1) magic for FrameMaker files
161 | #
162 | # This stuff came on a FrameMaker demo tape, most of which is
163 | # copyright, but this file is "published" as witness the following:
164 | #
165 | 0 string \
177 | # and Anna Shergold
178 | #
179 | 0 string \
192 | 0 string \14 byte 12 (OS/2 1.x format)
257 | #>14 byte 64 (OS/2 2.x format)
258 | #>14 byte 40 (Windows 3.x format)
259 | #0 string IC icon
260 | #0 string PI pointer
261 | #0 string CI color icon
262 | #0 string CP color pointer
263 | #0 string BA bitmap array
264 |
265 | 0 string \x89PNG image/png
266 | 0 string FWS application/x-shockwave-flash
267 | 0 string CWS application/x-shockwave-flash
268 |
269 | #------------------------------------------------------------------------------
270 | # lisp: file(1) magic for lisp programs
271 | #
272 | # various lisp types, from Daniel Quinlan (quinlan@yggdrasil.com)
273 | 0 string ;; text/plain 8bit
274 | # Emacs 18 - this is always correct, but not very magical.
275 | 0 string \012( application/x-elc
276 | # Emacs 19
277 | 0 string ;ELC\023\000\000\000 application/x-elc
278 |
279 | #------------------------------------------------------------------------------
280 | # mail.news: file(1) magic for mail and news
281 | #
282 | # There are tests to ascmagic.c to cope with mail and news.
283 | 0 string Relay-Version: message/rfc822 7bit
284 | 0 string #!\ rnews message/rfc822 7bit
285 | 0 string N#!\ rnews message/rfc822 7bit
286 | 0 string Forward\ to message/rfc822 7bit
287 | 0 string Pipe\ to message/rfc822 7bit
288 | 0 string Return-Path: message/rfc822 7bit
289 | 0 string Path: message/news 8bit
290 | 0 string Xref: message/news 8bit
291 | 0 string From: message/rfc822 7bit
292 | 0 string Article message/news 8bit
293 | #------------------------------------------------------------------------------
294 | # msword: file(1) magic for MS Word files
295 | #
296 | # Contributor claims:
297 | # Reversed-engineered MS Word magic numbers
298 | #
299 |
300 | 0 string \376\067\0\043 application/msword
301 | 0 string \333\245-\0\0\0 application/msword
302 |
303 | # disable this one because it applies also to other
304 | # Office/OLE documents for which msword is not correct. See PR#2608.
305 | #0 string \320\317\021\340\241\261 application/msword
306 |
307 |
308 |
309 | #------------------------------------------------------------------------------
310 | # printer: file(1) magic for printer-formatted files
311 | #
312 |
313 | # PostScript
314 | 0 string %! application/postscript
315 | 0 string \004%! application/postscript
316 |
317 | # Acrobat
318 | # (due to clamen@cs.cmu.edu)
319 | 0 string %PDF- application/pdf
320 |
321 | #------------------------------------------------------------------------------
322 | # sc: file(1) magic for "sc" spreadsheet
323 | #
324 | 38 string Spreadsheet application/x-sc
325 |
326 | #------------------------------------------------------------------------------
327 | # tex: file(1) magic for TeX files
328 | #
329 | # XXX - needs byte-endian stuff (big-endian and little-endian DVI?)
330 | #
331 | # From
332 |
333 | # Although we may know the offset of certain text fields in TeX DVI
334 | # and font files, we can't use them reliably because they are not
335 | # zero terminated. [but we do anyway, christos]
336 | 0 string \367\002 application/x-dvi
337 | #0 string \367\203 TeX generic font data
338 | #0 string \367\131 TeX packed font data
339 | #0 string \367\312 TeX virtual font data
340 | #0 string This\ is\ TeX, TeX transcript text
341 | #0 string This\ is\ METAFONT, METAFONT transcript text
342 |
343 | # There is no way to detect TeX Font Metric (*.tfm) files without
344 | # breaking them apart and reading the data. The following patterns
345 | # match most *.tfm files generated by METAFONT or afm2tfm.
346 | #2 string \000\021 TeX font metric data
347 | #2 string \000\022 TeX font metric data
348 | #>34 string >\0 (%s)
349 |
350 | # Texinfo and GNU Info, from Daniel Quinlan (quinlan@yggdrasil.com)
351 | #0 string \\input\ texinfo Texinfo source text
352 | #0 string This\ is\ Info\ file GNU Info text
353 |
354 | # correct TeX magic for Linux (and maybe more)
355 | # from Peter Tobias (tobias@server.et-inf.fho-emden.de)
356 | #
357 | 0 leshort 0x02f7 application/x-dvi
358 |
359 | # RTF - Rich Text Format
360 | 0 string {\\rtf application/rtf
361 |
362 | #------------------------------------------------------------------------------
363 | # animation: file(1) magic for animation/movie formats
364 | #
365 | # animation formats, originally from vax@ccwf.cc.utexas.edu (VaX#n8)
366 | # MPEG file
367 | 0 string \000\000\001\263 video/mpeg
368 | #
369 | # The contributor claims:
370 | # I couldn't find a real magic number for these, however, this
371 | # -appears- to work. Note that it might catch other files, too,
372 | # so BE CAREFUL!
373 | #
374 | # Note that title and author appear in the two 20-byte chunks
375 | # at decimal offsets 2 and 22, respectively, but they are XOR'ed with
376 | # 255 (hex FF)! DL format SUCKS BIG ROCKS.
377 | #
378 | # DL file version 1 , medium format (160x100, 4 images/screen)
379 | 0 byte 1 video/unknown
380 | 0 byte 2 video/unknown
381 | # Quicktime video, from Linus Walleij
382 | # from Apple quicktime file format documentation.
383 | 4 string moov video/quicktime
384 | 4 string mdat video/quicktime
385 |
386 |
--------------------------------------------------------------------------------
/etc/fail2ban/jail.local:
--------------------------------------------------------------------------------
1 | #
2 | # WARNING: heavily refactored in 0.9.0 release. Please review and
3 | # customize settings for your setup.
4 | #
5 | # Changes: in most of the cases you should not modify this
6 | # file, but provide customizations in jail.local file,
7 | # or separate .conf files under jail.d/ directory, e.g.:
8 | #
9 | # HOW TO ACTIVATE JAILS:
10 | #
11 | # YOU SHOULD NOT MODIFY THIS FILE.
12 | #
13 | # It will probably be overwritten or improved in a distribution update.
14 | #
15 | # Provide customizations in a jail.local file or a jail.d/customisation.local.
16 | # For example to change the default bantime for all jails and to enable the
17 | # ssh-iptables jail the following (uncommented) would appear in the .local file.
18 | # See man 5 jail.conf for details.
19 | #
20 | # [DEFAULT]
21 | # bantime = 3600
22 | #
23 | # [sshd]
24 | # enabled = true
25 | #
26 | # See jail.conf(5) man page for more information
27 |
28 |
29 |
30 | # Comments: use '#' for comment lines and ';' (following a space) for inline comments
31 |
32 |
33 | [INCLUDES]
34 |
35 | #before = paths-distro.conf
36 | before = paths-fedora.conf
37 |
38 | # The DEFAULT allows a global definition of the options. They can be overridden
39 | # in each jail afterwards.
40 |
41 | [DEFAULT]
42 |
43 | #
44 | # MISCELLANEOUS OPTIONS
45 | #
46 |
47 | # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
48 | # ban a host which matches an address in this list. Several addresses can be
49 | # defined using space separator.
50 | ignoreip = 127.0.0.1/8
51 |
52 | # External command that will take an tagged arguments to ignore, e.g. ,
53 | # and return true if the IP is to be ignored. False otherwise.
54 | #
55 | # ignorecommand = /path/to/command
56 | ignorecommand =
57 |
58 | # "bantime" is the number of seconds that a host is banned.
59 | bantime = 21600
60 |
61 | # A host is banned if it has generated "maxretry" during the last "findtime"
62 | # seconds.
63 | findtime = 10800
64 |
65 | # "maxretry" is the number of failures before a host get banned.
66 |
67 | # "backend" specifies the backend used to get files modification.
68 | # Available options are "pyinotify", "gamin", "polling", "systemd" and "auto".
69 | # This option can be overridden in each jail as well.
70 | #
71 | # pyinotify: requires pyinotify (a file alteration monitor) to be installed.
72 | # If pyinotify is not installed, Fail2ban will use auto.
73 | # gamin: requires Gamin (a file alteration monitor) to be installed.
74 | # If Gamin is not installed, Fail2ban will use auto.
75 | # polling: uses a polling algorithm which does not require external libraries.
76 | # systemd: uses systemd python library to access the systemd journal.
77 | # Specifying "logpath" is not valid for this backend.
78 | # See "journalmatch" in the jails associated filter config
79 | # auto: will try to use the following backends, in order:
80 | # pyinotify, gamin, polling.
81 | #
82 | # Note: if systemd backend is choses as the default but you enable a jail
83 | # for which logs are present only in its own log files, specify some other
84 | # backend for that jail (e.g. polling) and provide empty value for
85 | # journalmatch. See https://github.com/fail2ban/fail2ban/issues/959#issuecomment-74901200
86 | backend = auto
87 |
88 | # "usedns" specifies if jails should trust hostnames in logs,
89 | # warn when DNS lookups are performed, or ignore all hostnames in logs
90 | #
91 | # yes: if a hostname is encountered, a DNS lookup will be performed.
92 | # warn: if a hostname is encountered, a DNS lookup will be performed,
93 | # but it will be logged as a warning.
94 | # no: if a hostname is encountered, will not be used for banning,
95 | # but it will be logged as info.
96 | #usedns = warn
97 | usedns = no
98 |
99 | # "logencoding" specifies the encoding of the log files handled by the jail
100 | # This is used to decode the lines from the log file.
101 | # Typical examples: "ascii", "utf-8"
102 | #
103 | # auto: will use the system locale setting
104 | logencoding = auto
105 |
106 | # "enabled" enables the jails.
107 | # By default all jails are disabled, and it should stay this way.
108 | # Enable only relevant to your setup jails in your .local or jail.d/*.conf
109 | #
110 | # true: jail will be enabled and log files will get monitored for changes
111 | # false: jail is not enabled
112 | enabled = false
113 |
114 |
115 | # "filter" defines the filter to use by the jail.
116 | # By default jails have names matching their filter name
117 | #
118 | filter = %(__name__)s
119 |
120 |
121 | #
122 | # ACTIONS
123 | #
124 |
125 | # Some options used for actions
126 |
127 | # Destination email address used solely for the interpolations in
128 | # jail.{conf,local,d/*} configuration files.
129 | destemail = root@localhost
130 |
131 | # Sender email address used solely for some actions
132 | sender = root@localhost
133 |
134 | # E-mail action. Since 0.8.1 Fail2Ban uses sendmail MTA for the
135 | # mailing. Change mta configuration parameter to mail if you want to
136 | # revert to conventional 'mail'.
137 | mta = sendmail
138 |
139 | # Default protocol
140 | protocol = all
141 |
142 | # Specify chain where jumps would need to be added in iptables-* actions
143 | chain = INPUT
144 |
145 | # Ports to be banned
146 | # Usually should be overridden in a particular jail
147 | port = 0:65535
148 |
149 | #
150 | # Action shortcuts. To be used to define action parameter
151 |
152 | # Default banning action (e.g. iptables, iptables-new,
153 | # iptables-multiport, shorewall, etc) It is used to define
154 | # action_* variables. Can be overridden globally or per
155 | # section within jail.local file
156 | banaction = shorewall
157 |
158 | # The simplest action to take: ban only
159 | action_ = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
160 |
161 | # ban & send an e-mail with whois report to the destemail.
162 | action_mw = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
163 | %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s"]
164 |
165 | # ban & send an e-mail with whois report and relevant log lines
166 | # to the destemail.
167 | action_mwl = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
168 | %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
169 |
170 | # See the IMPORTANT note in action.d/xarf-login-attack for when to use this action
171 | #
172 | # ban & send a xarf e-mail to abuse contact of IP address and include relevant log lines
173 | # to the destemail.
174 | action_xarf = %(banaction)s[name=%(__name__)s, bantime="%(bantime)s", port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
175 | xarf-login-attack[service=%(__name__)s, sender="%(sender)s", logpath=%(logpath)s, port="%(port)s"]
176 |
177 | # ban IP on CloudFlare & send an e-mail with whois report and relevant log lines
178 | # to the destemail.
179 | action_cf_mwl = cloudflare[cfuser="%(cfemail)s", cftoken="%(cfapikey)s"]
180 | %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s"]
181 |
182 | # Report block via blocklist.de fail2ban reporting service API
183 | #
184 | # See the IMPORTANT note in action.d/blocklist_de.conf for when to
185 | # use this action. Create a file jail.d/blocklist_de.local containing
186 | # [Init]
187 | # blocklist_de_apikey = {api key from registration]
188 | #
189 | action_blocklist_de = blocklist_de[email="%(sender)s", service=%(filter)s, apikey="%(blocklist_de_apikey)s"]
190 |
191 | # Report ban via badips.com, and use as blacklist
192 | #
193 | # See BadIPsAction docstring in config/action.d/badips.py for
194 | # documentation for this action.
195 | #
196 | # NOTE: This action relies on banaction being present on start and therefore
197 | # should be last action defined for a jail.
198 | #
199 | action_badips = badips.py[category="%(name)s", banaction="%(banaction)s"]
200 |
201 | # Choose default action. To change, just override value of 'action' with the
202 | # interpolation to the chosen action shortcut (e.g. action_mw, action_mwl, etc) in jail.local
203 | # globally (section [DEFAULT]) or per specific section
204 | action = %(action_)s
205 |
206 |
207 | #
208 | # JAILS
209 | #
210 |
211 | #
212 | # SSH servers
213 | #
214 |
215 | [sshd]
216 |
217 | port = ssh
218 | logpath = /var/log/secure
219 | enabled = true
220 | filter = sshd
221 | action = %(banaction)s[name=sshd, protocol=tcp]
222 | maxretry = 2
223 | bantime = -1
224 |
225 |
226 | [sshd-ddos]
227 | # This jail corresponds to the standard configuration in Fail2ban.
228 | # The mail-whois action send a notification e-mail with a whois request
229 | # in the body.
230 | port = ssh
231 | logpath = /var/log/secure
232 | enabled = true
233 | filter = sshd-ddos
234 | action = %(banaction)s[name=sshd-ddos, protocol=tcp]
235 | bantime = -1
236 | maxretry = 2
237 |
238 |
239 | [dropbear]
240 |
241 | port = ssh
242 | logpath = %(dropbear_log)s
243 |
244 |
245 | [selinux-ssh]
246 |
247 | port = ssh
248 | logpath = /var/log/secure
249 | maxretry = 3
250 | enabled = true
251 | filter = selinux-ssh
252 | action = %(banaction)s[name=selinux-ssh, protocol=tcp]
253 | bantime = -1
254 |
255 |
256 | #
257 | # HTTP servers
258 | #
259 |
260 | [apache-auth]
261 |
262 | port = http,https
263 | logpath = /etc/httpd/logs/error_log
264 | /var/log/httpd/access_log
265 | enabled = true
266 | filter = apache-auth
267 | action = %(banaction)s[name=apache-auth, port="80,443", protocol=tcp]
268 | bantime = -1
269 |
270 |
271 | [apache-badbots]
272 | # Ban hosts which agent identifies spammer robots crawling the web
273 | # for email addresses. The mail outputs are buffered.
274 | port = http,https
275 | logpath = /etc/httpd/logs/error_log
276 | /var/log/httpd/access_log
277 | bantime = 172800
278 | maxretry = 1
279 | enabled = true
280 | filter = apache-badbots
281 | action = %(banaction)s[name=apache-badbots, port="80,443", protocol=tcp]
282 |
283 |
284 | [apache-noscript]
285 |
286 | port = http,https
287 | logpath = /etc/httpd/logs/error_log
288 | /var/log/httpd/access_log
289 | enabled = true
290 | filter = apache-noscript
291 | bantime = -1
292 | action = %(banaction)s[name=apache-noscript, port="80,443", protocol=tcp]
293 |
294 |
295 | [apache-overflows]
296 |
297 | port = http,https
298 | logpath = /etc/httpd/logs/error_log
299 | /var/log/httpd/access_log
300 | maxretry = 1
301 | enabled = true
302 | filter = apache-overflows
303 | action = %(banaction)s[name=apache-overflows, port="80,443", protocol=tcp]
304 | bantime = -1
305 |
306 |
307 | [apache-nohome]
308 |
309 | port = http,https
310 | logpath = %(apache_error_log)s
311 | maxretry = 2
312 | enabled = true
313 | filter = apache-nohome
314 | action = %(banaction)s[name=apache-nohome, port="80,443", protocol=tcp]
315 |
316 |
317 | [apache-botsearch]
318 |
319 | port = http,https
320 | logpath = /etc/httpd/logs/error_log
321 | /var/log/httpd/access_log
322 | maxretry = 2
323 | enabled = true
324 | filter = apache-botsearch
325 | bantime = -1
326 | action = %(banaction)s[name=apache-botsearch, port="80,443", protocol=tcp]
327 |
328 |
329 | [apache-fakegooglebot]
330 |
331 | port = http,https
332 | logpath = /etc/httpd/logs/error_log
333 | /var/log/httpd/access_log
334 | maxretry = 1
335 | ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot
336 | enabled = true
337 | filter = apache-fakegooglebot
338 | action = %(banaction)s[name=apache-fakegooglebot, port="80,443", protocol=tcp]
339 | bantime = -1
340 |
341 |
342 | [apache-modsecurity]
343 |
344 | port = http,https
345 | logpath = %(apache_error_log)s
346 | maxretry = 2
347 | enabled = true
348 | filter = apache-modsecurity
349 | action = %(banaction)s[name=apache-modsecurity, port="80,443", protocol=tcp]
350 |
351 | [apache-shellshock]
352 |
353 | port = http,https
354 | logpath = /etc/httpd/logs/error_log
355 | /var/log/httpd/access_log
356 | maxretry = 1
357 | enabled = true
358 | filter = apache-shellshock
359 | action = %(banaction)s[name=apache-shellshock, port="80,443", protocol=tcp]
360 | bantime = -1
361 |
362 | [nginx-http-auth]
363 |
364 | port = http,https
365 | logpath = /var/log/nginx/access*.log
366 | enabled = false
367 | filter = nginx-http-auth
368 | action = %(banaction)s[]
369 |
370 | [nginx-botsearch]
371 |
372 | port = http,https
373 | logpath = /var/log/nginx/access*.log
374 | maxretry = 2
375 | enabled = false
376 | filter = nginx-botsearch
377 | action = %(banaction)s[]
378 |
379 | # Ban attackers that try to use PHP's URL-fopen() functionality
380 | # through GET/POST variables. - Experimental, with more than a year
381 | # of usage in production environments.
382 |
383 | [php-url-fopen]
384 |
385 | port = http,https
386 | logpath = /etc/httpd/logs/error_log
387 | /var/log/httpd/access_log
388 | enabled = false
389 | filter = php-url-fopen
390 |
391 |
392 | [suhosin]
393 |
394 | port = http,https
395 | logpath = %(suhosin_log)s
396 |
397 |
398 | [lighttpd-auth]
399 | # Same as above for Apache's mod_auth
400 | # It catches wrong authentifications
401 | port = http,https
402 | logpath = %(lighttpd_error_log)s
403 |
404 |
405 | #
406 | # Webmail and groupware servers
407 | #
408 |
409 | [roundcube-auth]
410 |
411 | port = http,https
412 | logpath = /etc/httpd/logs/error_log
413 | enabled = false
414 | filter = roundcube-auth
415 | action = %(banaction)s[]
416 |
417 |
418 | [openwebmail]
419 |
420 | port = http,https
421 | logpath = /var/log/openwebmail.log
422 |
423 |
424 | [horde]
425 |
426 | port = http,https
427 | logpath = /var/log/horde/horde.log
428 |
429 |
430 | [groupoffice]
431 |
432 | port = http,https
433 | logpath = /home/groupoffice/log/info.log
434 |
435 |
436 | [sogo-auth]
437 | # Monitor SOGo groupware server
438 | # without proxy this would be:
439 | # port = 20000
440 | port = http,https
441 | logpath = /var/log/sogo/sogo.log
442 |
443 |
444 | [tine20]
445 |
446 | logpath = /var/log/tine20/tine20.log
447 | port = http,https
448 | maxretry = 5
449 |
450 |
451 | #
452 | # Web Applications
453 | #
454 | #
455 |
456 | [drupal-auth]
457 |
458 | port = http,https
459 | logpath = %(syslog_daemon)s
460 |
461 | [guacamole]
462 |
463 | port = http,https
464 | logpath = /var/log/tomcat*/catalina.out
465 |
466 | [monit]
467 | #Ban clients brute-forcing the monit gui login
468 | filter = monit
469 | port = 2812
470 | logpath = /var/log/monit
471 |
472 |
473 | [webmin-auth]
474 |
475 | port = 10000
476 | logpath = /etc/httpd/logs/error_log
477 | /var/log/httpd/access_log
478 | enabled = true
479 | filter = webmin-auth
480 | action = %(banaction)s[name=webmin-auth-tcp, port=9000:9010, protocol=tcp]
481 |
482 |
483 | [froxlor-auth]
484 |
485 | port = http,https
486 | logpath = %(syslog_authpriv)s
487 |
488 |
489 | #
490 | # HTTP Proxy servers
491 | #
492 | #
493 |
494 | [squid]
495 |
496 | port = 80,443,3128,8080
497 | logpath = /var/log/squid/access.log
498 |
499 |
500 | [3proxy]
501 |
502 | port = 3128
503 | logpath = /var/log/3proxy.log
504 |
505 |
506 | #
507 | # FTP servers
508 | #
509 |
510 |
511 | [proftpd]
512 |
513 | port = ftp,ftp-data,ftps,ftps-data
514 | logpath = /var/log/secure
515 | enabled = true
516 | filter = proftpd
517 | action = %(banaction)s[name=proftpd, port=ftp, protocol=tcp]
518 | bantime = -1
519 |
520 |
521 | [pure-ftpd]
522 |
523 | port = ftp,ftp-data,ftps,ftps-data
524 | logpath = %(pureftpd_log)s
525 | maxretry = 6
526 |
527 |
528 | [gssftpd]
529 |
530 | port = ftp,ftp-data,ftps,ftps-data
531 | logpath = %(syslog_daemon)s
532 | maxretry = 6
533 |
534 |
535 | [wuftpd]
536 |
537 | port = ftp,ftp-data,ftps,ftps-data
538 | logpath = %(wuftpd_log)s
539 | maxretry = 6
540 |
541 |
542 | [vsftpd]
543 | # or overwrite it in jails.local to be
544 | # logpath = %(syslog_authpriv)s
545 | # if you want to rely on PAM failed login attempts
546 | # vsftpd's failregex should match both of those formats
547 | port = ftp,ftp-data,ftps,ftps-data
548 | logpath = %(vsftpd_log)s
549 |
550 |
551 | #
552 | # Mail servers
553 | #
554 |
555 | # ASSP SMTP Proxy Jail
556 | [assp]
557 | port = smtp,465,submission
558 | logpath = /root/path/to/assp/logs/maillog.txt
559 |
560 |
561 | [courier-smtp]
562 | port = smtp,465,submission
563 | logpath = %(syslog_mail)s
564 |
565 |
566 | [postfix]
567 | port = smtp,465,submission
568 | logpath = /var/log/maillog
569 | enabled = true
570 | filter = postfix
571 | action = %(banaction)s[name=postfix, protocol=tcp]
572 | maxretry = 2
573 | bantime = -1
574 |
575 |
576 | [sendmail-auth]
577 | port = submission,465,smtp
578 | logpath = /var/log/maillog
579 | enabled = true
580 | filter = sendmail-auth
581 | action = %(banaction)s[name=sendmail-auth, protocol=tcp]
582 |
583 |
584 | [sendmail-reject]
585 | port = smtp,465,submission
586 | logpath = /var/log/maillog
587 | enabled = true
588 | filter = sendmail-reject
589 | action = %(banaction)s[name=sendmail-reject, protocol=tcp]
590 |
591 |
592 | [qmail-rbl]
593 | filter = qmail
594 | port = smtp,465,submission
595 | logpath = /service/qmail/log/main/current
596 |
597 |
598 | # dovecot defaults to logging to the mail syslog facility
599 | # but can be set by syslog_facility in the dovecot configuration.
600 | [dovecot]
601 | port = pop3,pop3s,imap,imaps,submission,465,sieve
602 | logpath = /var/log/maillog
603 | enabled = true
604 | filter = dovecot
605 | action = %(banaction)s[name=dovecot, port=imap, protocol=tcp]
606 | maxretry = 2
607 | bantime = -1
608 |
609 |
610 | [sieve]
611 | port = smtp,465,submission
612 | logpath = %(dovecot_log)s
613 |
614 |
615 | [solid-pop3d]
616 | port = pop3,pop3s
617 | logpath = %(solidpop3d_log)s
618 |
619 |
620 | [exim]
621 | port = smtp,465,submission
622 | logpath = %(exim_main_log)s
623 |
624 |
625 | [exim-spam]
626 | port = smtp,465,submission
627 | logpath = %(exim_main_log)s
628 |
629 |
630 | [kerio]
631 | port = imap,smtp,imaps,465
632 | logpath = /opt/kerio/mailserver/store/logs/security.log
633 |
634 |
635 | #
636 | # Mail servers authenticators: might be used for smtp,ftp,imap servers, so
637 | # all relevant ports get banned
638 | #
639 |
640 | [courier-auth]
641 |
642 | port = smtp,465,submission,imap3,imaps,pop3,pop3s
643 | logpath = %(syslog_mail)s
644 |
645 |
646 | [squirrelmail]
647 | port = smtp,465,submission,imap2,imap3,imaps,pop3,pop3s,http,https,socks
648 | logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log
649 |
650 |
651 | [cyrus-imap]
652 | port = imap3,imaps
653 | logpath = %(syslog_mail)s
654 |
655 |
656 | [uwimap-auth]
657 | port = imap3,imaps
658 | logpath = %(syslog_mail)s
659 |
660 |
661 | #
662 | #
663 | # DNS servers
664 | #
665 |
666 |
667 | # !!! WARNING !!!
668 | # Since UDP is connection-less protocol, spoofing of IP and imitation
669 | # of illegal actions is way too simple. Thus enabling of this filter
670 | # might provide an easy way for implementing a DoS against a chosen
671 | # victim. See
672 | # http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
673 | # Please DO NOT USE this jail unless you know what you are doing.
674 | #
675 | # IMPORTANT: see filter.d/named-refused for instructions to enable logging
676 | # This jail blocks UDP traffic for DNS requests.
677 | # [named-refused-udp]
678 | #
679 | # filter = named-refused
680 | # port = domain,953
681 | # protocol = udp
682 | # logpath = /var/log/named/security.log
683 |
684 | # IMPORTANT: see filter.d/named-refused for instructions to enable logging
685 | # This jail blocks TCP traffic for DNS requests.
686 |
687 | [named-refused]
688 |
689 | port = domain,953
690 | logpath = /var/log/named/security.log
691 | enabled = false
692 | filter = named-refused
693 | action = hostsdeny[]
694 |
695 |
696 | [nsd]
697 |
698 | port = 53
699 | action = %(banaction)s[name=%(__name__)s-tcp, port="%(port)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
700 | %(banaction)s[name=%(__name__)s-udp, port="%(port)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
701 | logpath = /var/log/nsd.log
702 |
703 |
704 | #
705 | # Miscellaneous
706 | #
707 |
708 | [asterisk]
709 | port = 5060,5061
710 | %(banaction)s[name=asterisk-tcp, port=5060, protocol=tcp, chain=%(chain)s, actname=%(banaction)s-tcp]
711 | %(banaction)s[name=asterisk-udp, port=5061, protocol=udp, chain=%(chain)s, actname=%(banaction)s-udp]
712 | %(mta)s-whois[name=asterisk, dest=%(destemail)s]
713 | logpath = /var/log/asterisk/full
714 | enabled = true
715 | filter = asterisk
716 | findtime = 86400
717 | bantime = -1
718 | maxretry = 3
719 | action = %(banaction)s[name=asterisk-tcp, port=5060, protocol=tcp, chain=%(chain)s, actname=%(banaction)s-tcp]
720 | %(banaction)s[name=asterisk-udp, port=5061, protocol=udp, chain=%(chain)s, actname=%(banaction)s-udp]
721 | %(mta)s-whois[name=asterisk, dest=%(destemail)s]
722 |
723 | [freeswitch]
724 | port = 5060,5061
725 | action = %(banaction)s[protocol=tcp, chain=%(chain)s, actname=%(banaction)s-tcp]
726 | iptables-multiport[protocol=udp, chain=%(chain)s, actname=%(banaction)s-udp]
727 | hostsdeny[dest=%(destemail)s]
728 | logpath = /var/log/freeswitch/freeswitch.log
729 | maxretry = 10
730 | enabled = false
731 | filter = freeswitch
732 |
733 |
734 | # To log wrong MySQL access attempts add to /etc/my.cnf in [mysqld] or
735 | # equivalent section:
736 | # log-warning = 2
737 | #
738 | # for syslog (daemon facility)
739 | # [mysqld_safe]
740 | # syslog
741 | #
742 | # for own logfile
743 | # [mysqld]
744 | # log-error=/var/log/mysqld.log
745 | [mysqld-auth]
746 |
747 | port = 3306
748 | logpath = /var/log/secure
749 | maxretry = 5
750 | enabled = true
751 | filter = mysqld-auth
752 | action = %(banaction)s[name=mysqld-auth, port=3306, protocol=tcp]
753 |
754 |
755 | # Jail for more extended banning of persistent abusers
756 | # !!! WARNINGS !!!
757 | # 1. Make sure that your loglevel specified in fail2ban.conf/.local
758 | # is not at DEBUG level -- which might then cause fail2ban to fall into
759 | # an infinite loop constantly feeding itself with non-informative lines
760 | # 2. Increase dbpurgeage defined in fail2ban.conf to e.g. 648000 (7.5 days)
761 | # to maintain entries for failed logins for sufficient amount of time
762 | [recidive]
763 | logpath = /var/log/fail2ban.log
764 | banaction = shorewall
765 | bantime = -1
766 | findtime = 86400
767 | enabled = true
768 | filter = recidive
769 | action = %(banaction)s[name=recidive]
770 | hostsdeny[]
771 | maxretry = 2
772 |
773 |
774 | # Generic filter for PAM. Has to be used with action which bans all
775 | # ports such as shorewall, shorewall
776 |
777 | [pam-generic]
778 | # pam-generic filter can be customized to monitor specific subset of 'tty's
779 | banaction = shorewall
780 | logpath = /var/log/secure
781 | enabled = true
782 | filter = pam-generic
783 | action = %(banaction)s[name=pam-generic, protocol=tcp]
784 | maxretry = 2
785 | bantime = -1
786 |
787 |
788 | [xinetd-fail]
789 |
790 | banaction = iptables-multiport-log
791 | logpath = %(syslog_daemon)s
792 | maxretry = 2
793 |
794 |
795 | # stunnel - need to set port for this
796 | [stunnel]
797 |
798 | logpath = /var/log/stunnel4/stunnel.log
799 |
800 |
801 | [ejabberd-auth]
802 |
803 | port = 5222
804 | logpath = /var/log/ejabberd/ejabberd.log
805 |
806 |
807 | [counter-strike]
808 |
809 | logpath = /opt/cstrike/logs/L[0-9]*.log
810 | # Firewall: http://www.cstrike-planet.com/faq/6
811 | tcpport = 27030,27031,27032,27033,27034,27035,27036,27037,27038,27039
812 | udpport = 1200,27000,27001,27002,27003,27004,27005,27006,27007,27008,27009,27010,27011,27012,27013,27014,27015
813 | action = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp", chain="%(chain)s", actname=%(banaction)s-tcp]
814 | %(banaction)s[name=%(__name__)s-udp, port="%(udpport)s", protocol="udp", chain="%(chain)s", actname=%(banaction)s-udp]
815 |
816 | # consider low maxretry and a long bantime
817 | # nobody except your own Nagios server should ever probe nrpe
818 | [nagios]
819 |
820 | enabled = false
821 | logpath = %(syslog_daemon)s ; nrpe.cfg may define a different log_facility
822 | maxretry = 1
823 |
824 |
825 | [oracleims]
826 | # see "oracleims" filter file for configuration requirement for Oracle IMS v6 and above
827 | enabled = false
828 | logpath = /opt/sun/comms/messaging64/log/mail.log_current
829 | maxretry = 6
830 | banaction = shorewall
831 |
832 | [directadmin]
833 | enabled = false
834 | logpath = /var/log/directadmin/login.log
835 | port = 2222
836 |
837 | [portsentry]
838 | enabled = false
839 | logpath = /var/lib/portsentry/portsentry.history
840 | maxretry = 1
841 |
842 | [pass2allow-ftp]
843 | # this pass2allow example allows FTP traffic after successful HTTP authentication
844 | port = ftp,ftp-data,ftps,ftps-data
845 | # knocking_url variable must be overridden to some secret value in filter.d/apache-pass.local
846 | filter = apache-pass
847 | # access log of the website with HTTP auth
848 | logpath = /etc/httpd/logs/error_log
849 | /var/log/httpd/access_log
850 | blocktype = RETURN
851 | returntype = DROP
852 | bantime = 3600
853 | maxretry = 1
854 | findtime = 1
855 | enabled = false
856 |
857 | [apache-pass]
858 | enabled = false
859 | filter = apache-pass
860 | action = %(banaction)s[name=apache-pass, port="80,443", protocol=tcp]
861 | logpath = /etc/httpd/logs/error_log
862 | /var/log/httpd/access_log
863 |
864 |
865 |
866 | # sendmail-whois[name=FreeSwitch, dest=root, sender=fail2ban@example.org] #no smtp server installed
867 |
868 | #bantime = 86400
869 |
870 | #[freeswitch-ip-udp]
871 | #enabled = true
872 | #port = 5060,5061,5080,5081
873 | #protocol = all
874 | #filter = freeswitch-ip
875 | #logpath = /var/log/freeswitch/freeswitch.log
876 | #action = iptables-multiport[name=freeswitch-ip-udp, port="5060,5061,5080,5081", protocol=udp]
877 | #maxretry = 1
878 | #findtime = 30
879 | #bantime = 86400
880 |
881 |
882 | #[fusionpbx]
883 | #enabled = true
884 | #port = 80,443
885 | #protocol = tcp
886 | #filter = fusionpbx
887 | #logpath = /var/log/auth.log
888 | #action = iptables-multiport[name=fusionpbx, port="http,https", protocol=tcp]
889 | # sendmail-whois[name=fusionpbx, dest=root, sender=fail2ban@example.org] #no smtp server installed
890 | #maxretry = 10
891 |
892 | [ast-cli-attck]
893 | enabled = true
894 | filter = asterisk_cli
895 | action = %(banaction)s[name=AST_CLI_Attack, port=5060, protocol=tcp]
896 | logpath = /var/log/asterisk/full
897 | maxretry = 1
898 | bantime = -1
899 |
900 | [asterisk-manager]
901 | enabled = true
902 | filter = asterisk_manager
903 | action = %(banaction)s[name=AST_MANAGER, port=5038, protocol=tcp]
904 | logpath = /var/log/asterisk/full
905 | maxretry = 1
906 | bantime = -1
907 |
908 | [mor_ddos]
909 | enabled = true
910 | filter = mor_ddos
911 | action = %(banaction)s[name=mor_ddos, port=5060, protocol=tcp]
912 | logpath = /var/log/httpd/error_log
913 | bantime = 3600
914 |
--------------------------------------------------------------------------------
/etc/php.ini:
--------------------------------------------------------------------------------
1 | [PHP]
2 |
3 | ;;;;;;;;;;;;;;;;;;;
4 | ; About php.ini ;
5 | ;;;;;;;;;;;;;;;;;;;
6 | ; PHP's initialization file, generally called php.ini, is responsible for
7 | ; configuring many of the aspects of PHP's behavior.
8 |
9 | ; PHP attempts to find and load this configuration from a number of locations.
10 | ; The following is a summary of its search order:
11 | ; 1. SAPI module specific location.
12 | ; 2. The PHPRC environment variable. (As of PHP 5.2.0)
13 | ; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0)
14 | ; 4. Current working directory (except CLI)
15 | ; 5. The web server's directory (for SAPI modules), or directory of PHP
16 | ; (otherwise in Windows)
17 | ; 6. The directory from the --with-config-file-path compile time option, or the
18 | ; Windows directory (C:\windows or C:\winnt)
19 | ; See the PHP docs for more specific information.
20 | ; http://php.net/configuration.file
21 |
22 | ; The syntax of the file is extremely simple. Whitespace and lines
23 | ; beginning with a semicolon are silently ignored (as you probably guessed).
24 | ; Section headers (e.g. [Foo]) are also silently ignored, even though
25 | ; they might mean something in the future.
26 |
27 | ; Directives following the section heading [PATH=/www/mysite] only
28 | ; apply to PHP files in the /www/mysite directory. Directives
29 | ; following the section heading [HOST=www.example.com] only apply to
30 | ; PHP files served from www.example.com. Directives set in these
31 | ; special sections cannot be overridden by user-defined INI files or
32 | ; at runtime. Currently, [PATH=] and [HOST=] sections only work under
33 | ; CGI/FastCGI.
34 | ; http://php.net/ini.sections
35 |
36 | ; Directives are specified using the following syntax:
37 | ; directive = value
38 | ; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
39 | ; Directives are variables used to configure PHP or PHP extensions.
40 | ; There is no name validation. If PHP can't find an expected
41 | ; directive because it is not set or is mistyped, a default value will be used.
42 |
43 | ; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
44 | ; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
45 | ; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a
46 | ; previously set variable or directive (e.g. ${foo})
47 |
48 | ; Expressions in the INI file are limited to bitwise operators and parentheses:
49 | ; | bitwise OR
50 | ; ^ bitwise XOR
51 | ; & bitwise AND
52 | ; ~ bitwise NOT
53 | ; ! boolean NOT
54 |
55 | ; Boolean flags can be turned on using the values 1, On, True or Yes.
56 | ; They can be turned off using the values 0, Off, False or No.
57 |
58 | ; An empty string can be denoted by simply not writing anything after the equal
59 | ; sign, or by using the None keyword:
60 |
61 | ; foo = ; sets foo to an empty string
62 | ; foo = None ; sets foo to an empty string
63 | ; foo = "None" ; sets foo to the string 'None'
64 |
65 | ; If you use constants in your value, and these constants belong to a
66 | ; dynamically loaded extension (either a PHP extension or a Zend extension),
67 | ; you may only use these constants *after* the line that loads the extension.
68 |
69 | ;;;;;;;;;;;;;;;;;;;
70 | ; About this file ;
71 | ;;;;;;;;;;;;;;;;;;;
72 | ; PHP comes packaged with two INI files. One that is recommended to be used
73 | ; in production environments and one that is recommended to be used in
74 | ; development environments.
75 |
76 | ; php.ini-production contains settings which hold security, performance and
77 | ; best practices at its core. But please be aware, these settings may break
78 | ; compatibility with older or less security conscience applications. We
79 | ; recommending using the production ini in production and testing environments.
80 |
81 | ; php.ini-development is very similar to its production variant, except it is
82 | ; much more verbose when it comes to errors. We recommend using the
83 | ; development version only in development environments, as errors shown to
84 | ; application users can inadvertently leak otherwise secure information.
85 |
86 | ; This is php.ini-production INI file.
87 |
88 | ;;;;;;;;;;;;;;;;;;;
89 | ; Quick Reference ;
90 | ;;;;;;;;;;;;;;;;;;;
91 | ; The following are all the settings which are different in either the production
92 | ; or development versions of the INIs with respect to PHP's default behavior.
93 | ; Please see the actual settings later in the document for more details as to why
94 | ; we recommend these changes in PHP's behavior.
95 |
96 | ; display_errors
97 | ; Default Value: On
98 | ; Development Value: On
99 | ; Production Value: Off
100 |
101 | ; display_startup_errors
102 | ; Default Value: Off
103 | ; Development Value: On
104 | ; Production Value: Off
105 |
106 | ; error_reporting
107 | ; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
108 | ; Development Value: E_ALL
109 | ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
110 |
111 | ; html_errors
112 | ; Default Value: On
113 | ; Development Value: On
114 | ; Production value: On
115 |
116 | ; log_errors
117 | ; Default Value: Off
118 | ; Development Value: On
119 | ; Production Value: On
120 |
121 | ; max_input_time
122 | ; Default Value: -1 (Unlimited)
123 | ; Development Value: 60 (60 seconds)
124 | ; Production Value: 60 (60 seconds)
125 |
126 | ; output_buffering
127 | ; Default Value: Off
128 | ; Development Value: 4096
129 | ; Production Value: 4096
130 |
131 | ; register_argc_argv
132 | ; Default Value: On
133 | ; Development Value: Off
134 | ; Production Value: Off
135 |
136 | ; request_order
137 | ; Default Value: None
138 | ; Development Value: "GP"
139 | ; Production Value: "GP"
140 |
141 | ; session.gc_divisor
142 | ; Default Value: 100
143 | ; Development Value: 1000
144 | ; Production Value: 1000
145 |
146 | ; session.hash_bits_per_character
147 | ; Default Value: 4
148 | ; Development Value: 5
149 | ; Production Value: 5
150 |
151 | ; short_open_tag
152 | ; Default Value: On
153 | ; Development Value: Off
154 | ; Production Value: Off
155 |
156 | ; track_errors
157 | ; Default Value: Off
158 | ; Development Value: On
159 | ; Production Value: Off
160 |
161 | ; url_rewriter.tags
162 | ; Default Value: "a=href,area=href,frame=src,form=,fieldset="
163 | ; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
164 | ; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
165 |
166 | ; variables_order
167 | ; Default Value: "EGPCS"
168 | ; Development Value: "GPCS"
169 | ; Production Value: "GPCS"
170 |
171 | ;;;;;;;;;;;;;;;;;;;;
172 | ; php.ini Options ;
173 | ;;;;;;;;;;;;;;;;;;;;
174 | ; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
175 | ;user_ini.filename = ".user.ini"
176 |
177 | ; To disable this feature set this option to empty value
178 | ;user_ini.filename =
179 |
180 | ; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes)
181 | ;user_ini.cache_ttl = 300
182 |
183 | ;;;;;;;;;;;;;;;;;;;;
184 | ; Language Options ;
185 | ;;;;;;;;;;;;;;;;;;;;
186 |
187 | ; Enable the PHP scripting language engine under Apache.
188 | ; http://php.net/engine
189 | engine = On
190 |
191 | ; This directive determines whether or not PHP will recognize code between
192 | ; tags as PHP source which should be processed as such. It is
193 | ; generally recommended that should be used and that this feature
194 | ; should be disabled, as enabling it may result in issues when generating XML
195 | ; documents, however this remains supported for backward compatibility reasons.
196 | ; Note that this directive does not control the tags.
205 | ; http://php.net/asp-tags
206 | asp_tags = Off
207 |
208 | ; The number of significant digits displayed in floating point numbers.
209 | ; http://php.net/precision
210 | precision = 14
211 |
212 | ; Output buffering is a mechanism for controlling how much output data
213 | ; (excluding headers and cookies) PHP should keep internally before pushing that
214 | ; data to the client. If your application's output exceeds this setting, PHP
215 | ; will send that data in chunks of roughly the size you specify.
216 | ; Turning on this setting and managing its maximum buffer size can yield some
217 | ; interesting side-effects depending on your application and web server.
218 | ; You may be able to send headers and cookies after you've already sent output
219 | ; through print or echo. You also may see performance benefits if your server is
220 | ; emitting less packets due to buffered output versus PHP streaming the output
221 | ; as it gets it. On production servers, 4096 bytes is a good setting for performance
222 | ; reasons.
223 | ; Note: Output buffering can also be controlled via Output Buffering Control
224 | ; functions.
225 | ; Possible Values:
226 | ; On = Enabled and buffer is unlimited. (Use with caution)
227 | ; Off = Disabled
228 | ; Integer = Enables the buffer and sets its maximum size in bytes.
229 | ; Note: This directive is hardcoded to Off for the CLI SAPI
230 | ; Default Value: Off
231 | ; Development Value: 4096
232 | ; Production Value: 4096
233 | ; http://php.net/output-buffering
234 | output_buffering = 4096
235 |
236 | ; You can redirect all of the output of your scripts to a function. For
237 | ; example, if you set output_handler to "mb_output_handler", character
238 | ; encoding will be transparently converted to the specified encoding.
239 | ; Setting any output handler automatically turns on output buffering.
240 | ; Note: People who wrote portable scripts should not depend on this ini
241 | ; directive. Instead, explicitly set the output handler using ob_start().
242 | ; Using this ini directive may cause problems unless you know what script
243 | ; is doing.
244 | ; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler"
245 | ; and you cannot use both "ob_gzhandler" and "zlib.output_compression".
246 | ; Note: output_handler must be empty if this is set 'On' !!!!
247 | ; Instead you must use zlib.output_handler.
248 | ; http://php.net/output-handler
249 | ;output_handler =
250 |
251 | ; Transparent output compression using the zlib library
252 | ; Valid values for this option are 'off', 'on', or a specific buffer size
253 | ; to be used for compression (default is 4KB)
254 | ; Note: Resulting chunk size may vary due to nature of compression. PHP
255 | ; outputs chunks that are few hundreds bytes each as a result of
256 | ; compression. If you prefer a larger chunk size for better
257 | ; performance, enable output_buffering in addition.
258 | ; Note: You need to use zlib.output_handler instead of the standard
259 | ; output_handler, or otherwise the output will be corrupted.
260 | ; http://php.net/zlib.output-compression
261 | zlib.output_compression = Off
262 |
263 | ; http://php.net/zlib.output-compression-level
264 | ;zlib.output_compression_level = -1
265 |
266 | ; You cannot specify additional output handlers if zlib.output_compression
267 | ; is activated here. This setting does the same as output_handler but in
268 | ; a different order.
269 | ; http://php.net/zlib.output-handler
270 | ;zlib.output_handler =
271 |
272 | ; Implicit flush tells PHP to tell the output layer to flush itself
273 | ; automatically after every output block. This is equivalent to calling the
274 | ; PHP function flush() after each and every call to print() or echo() and each
275 | ; and every HTML block. Turning this option on has serious performance
276 | ; implications and is generally recommended for debugging purposes only.
277 | ; http://php.net/implicit-flush
278 | ; Note: This directive is hardcoded to On for the CLI SAPI
279 | implicit_flush = Off
280 |
281 | ; The unserialize callback function will be called (with the undefined class'
282 | ; name as parameter), if the unserializer finds an undefined class
283 | ; which should be instantiated. A warning appears if the specified function is
284 | ; not defined, or if the function doesn't include/implement the missing class.
285 | ; So only set this entry, if you really want to implement such a
286 | ; callback-function.
287 | unserialize_callback_func =
288 |
289 | ; When floats & doubles are serialized store serialize_precision significant
290 | ; digits after the floating point. The default value ensures that when floats
291 | ; are decoded with unserialize, the data will remain the same.
292 | serialize_precision = 17
293 |
294 | ; open_basedir, if set, limits all file operations to the defined directory
295 | ; and below. This directive makes most sense if used in a per-directory
296 | ; or per-virtualhost web server configuration file. This directive is
297 | ; *NOT* affected by whether Safe Mode is turned On or Off.
298 | ; http://php.net/open-basedir
299 | ;open_basedir =
300 |
301 | ; This directive allows you to disable certain functions for security reasons.
302 | ; It receives a comma-delimited list of function names. This directive is
303 | ; *NOT* affected by whether Safe Mode is turned On or Off.
304 | ; http://php.net/disable-functions
305 | disable_functions =
306 |
307 | ; This directive allows you to disable certain classes for security reasons.
308 | ; It receives a comma-delimited list of class names. This directive is
309 | ; *NOT* affected by whether Safe Mode is turned On or Off.
310 | ; http://php.net/disable-classes
311 | disable_classes =
312 |
313 | ; Colors for Syntax Highlighting mode. Anything that's acceptable in
314 | ; would work.
315 | ; http://php.net/syntax-highlighting
316 | ;highlight.string = #DD0000
317 | ;highlight.comment = #FF9900
318 | ;highlight.keyword = #007700
319 | ;highlight.default = #0000BB
320 | ;highlight.html = #000000
321 |
322 | ; If enabled, the request will be allowed to complete even if the user aborts
323 | ; the request. Consider enabling it if executing long requests, which may end up
324 | ; being interrupted by the user or a browser timing out. PHP's default behavior
325 | ; is to disable this feature.
326 | ; http://php.net/ignore-user-abort
327 | ;ignore_user_abort = On
328 |
329 | ; Determines the size of the realpath cache to be used by PHP. This value should
330 | ; be increased on systems where PHP opens many files to reflect the quantity of
331 | ; the file operations performed.
332 | ; http://php.net/realpath-cache-size
333 | ;realpath_cache_size = 16k
334 |
335 | ; Duration of time, in seconds for which to cache realpath information for a given
336 | ; file or directory. For systems with rarely changing files, consider increasing this
337 | ; value.
338 | ; http://php.net/realpath-cache-ttl
339 | ;realpath_cache_ttl = 120
340 |
341 | ; Enables or disables the circular reference collector.
342 | ; http://php.net/zend.enable-gc
343 | zend.enable_gc = On
344 |
345 | ; If enabled, scripts may be written in encodings that are incompatible with
346 | ; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such
347 | ; encodings. To use this feature, mbstring extension must be enabled.
348 | ; Default: Off
349 | ;zend.multibyte = Off
350 |
351 | ; Allows to set the default encoding for the scripts. This value will be used
352 | ; unless "declare(encoding=...)" directive appears at the top of the script.
353 | ; Only affects if zend.multibyte is set.
354 | ; Default: ""
355 | ;zend.script_encoding =
356 |
357 | ;;;;;;;;;;;;;;;;;
358 | ; Miscellaneous ;
359 | ;;;;;;;;;;;;;;;;;
360 |
361 | ; Decides whether PHP may expose the fact that it is installed on the server
362 | ; (e.g. by adding its signature to the Web server header). It is no security
363 | ; threat in any way, but it makes it possible to determine whether you use PHP
364 | ; on your server or not.
365 | ; http://php.net/expose-php
366 | expose_php = On
367 |
368 | ;;;;;;;;;;;;;;;;;;;
369 | ; Resource Limits ;
370 | ;;;;;;;;;;;;;;;;;;;
371 |
372 | ; Maximum execution time of each script, in seconds
373 | ; http://php.net/max-execution-time
374 | ; Note: This directive is hardcoded to 0 for the CLI SAPI
375 | max_execution_time = 30
376 |
377 | ; Maximum amount of time each script may spend parsing request data. It's a good
378 | ; idea to limit this time on productions servers in order to eliminate unexpectedly
379 | ; long running scripts.
380 | ; Note: This directive is hardcoded to -1 for the CLI SAPI
381 | ; Default Value: -1 (Unlimited)
382 | ; Development Value: 60 (60 seconds)
383 | ; Production Value: 60 (60 seconds)
384 | ; http://php.net/max-input-time
385 | max_input_time = 60
386 |
387 | ; Maximum input variable nesting level
388 | ; http://php.net/max-input-nesting-level
389 | ;max_input_nesting_level = 64
390 |
391 | ; How many GET/POST/COOKIE input variables may be accepted
392 | ; max_input_vars = 1000
393 |
394 | ; Maximum amount of memory a script may consume (128MB)
395 | ; http://php.net/memory-limit
396 | memory_limit = 256M
397 |
398 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
399 | ; Error handling and logging ;
400 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
401 |
402 | ; This directive informs PHP of which errors, warnings and notices you would like
403 | ; it to take action for. The recommended way of setting values for this
404 | ; directive is through the use of the error level constants and bitwise
405 | ; operators. The error level constants are below here for convenience as well as
406 | ; some common settings and their meanings.
407 | ; By default, PHP is set to take action on all errors, notices and warnings EXCEPT
408 | ; those related to E_NOTICE and E_STRICT, which together cover best practices and
409 | ; recommended coding standards in PHP. For performance reasons, this is the
410 | ; recommend error reporting setting. Your production server shouldn't be wasting
411 | ; resources complaining about best practices and coding standards. That's what
412 | ; development servers and development settings are for.
413 | ; Note: The php.ini-development file has this setting as E_ALL. This
414 | ; means it pretty much reports everything which is exactly what you want during
415 | ; development and early testing.
416 | ;
417 | ; Error Level Constants:
418 | ; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0)
419 | ; E_ERROR - fatal run-time errors
420 | ; E_RECOVERABLE_ERROR - almost fatal run-time errors
421 | ; E_WARNING - run-time warnings (non-fatal errors)
422 | ; E_PARSE - compile-time parse errors
423 | ; E_NOTICE - run-time notices (these are warnings which often result
424 | ; from a bug in your code, but it's possible that it was
425 | ; intentional (e.g., using an uninitialized variable and
426 | ; relying on the fact it is automatically initialized to an
427 | ; empty string)
428 | ; E_STRICT - run-time notices, enable to have PHP suggest changes
429 | ; to your code which will ensure the best interoperability
430 | ; and forward compatibility of your code
431 | ; E_CORE_ERROR - fatal errors that occur during PHP's initial startup
432 | ; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's
433 | ; initial startup
434 | ; E_COMPILE_ERROR - fatal compile-time errors
435 | ; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
436 | ; E_USER_ERROR - user-generated error message
437 | ; E_USER_WARNING - user-generated warning message
438 | ; E_USER_NOTICE - user-generated notice message
439 | ; E_DEPRECATED - warn about code that will not work in future versions
440 | ; of PHP
441 | ; E_USER_DEPRECATED - user-generated deprecation warnings
442 | ;
443 | ; Common Values:
444 | ; E_ALL (Show all errors, warnings and notices including coding standards.)
445 | ; E_ALL & ~E_NOTICE (Show all errors, except for notices)
446 | ; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.)
447 | ; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
448 | ; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
449 | ; Development Value: E_ALL
450 | ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
451 | ; http://php.net/error-reporting
452 | error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
453 |
454 | ; This directive controls whether or not and where PHP will output errors,
455 | ; notices and warnings too. Error output is very useful during development, but
456 | ; it could be very dangerous in production environments. Depending on the code
457 | ; which is triggering the error, sensitive information could potentially leak
458 | ; out of your application such as database usernames and passwords or worse.
459 | ; For production environments, we recommend logging errors rather than
460 | ; sending them to STDOUT.
461 | ; Possible Values:
462 | ; Off = Do not display any errors
463 | ; stderr = Display errors to STDERR (affects only CGI/CLI binaries!)
464 | ; On or stdout = Display errors to STDOUT
465 | ; Default Value: On
466 | ; Development Value: On
467 | ; Production Value: Off
468 | ; http://php.net/display-errors
469 | display_errors = Off
470 |
471 | ; The display of errors which occur during PHP's startup sequence are handled
472 | ; separately from display_errors. PHP's default behavior is to suppress those
473 | ; errors from clients. Turning the display of startup errors on can be useful in
474 | ; debugging configuration problems. We strongly recommend you
475 | ; set this to 'off' for production servers.
476 | ; Default Value: Off
477 | ; Development Value: On
478 | ; Production Value: Off
479 | ; http://php.net/display-startup-errors
480 | display_startup_errors = Off
481 |
482 | ; Besides displaying errors, PHP can also log errors to locations such as a
483 | ; server-specific log, STDERR, or a location specified by the error_log
484 | ; directive found below. While errors should not be displayed on productions
485 | ; servers they should still be monitored and logging is a great way to do that.
486 | ; Default Value: Off
487 | ; Development Value: On
488 | ; Production Value: On
489 | ; http://php.net/log-errors
490 | log_errors = On
491 |
492 | ; Set maximum length of log_errors. In error_log information about the source is
493 | ; added. The default is 1024 and 0 allows to not apply any maximum length at all.
494 | ; http://php.net/log-errors-max-len
495 | log_errors_max_len = 1024
496 |
497 | ; Do not log repeated messages. Repeated errors must occur in same file on same
498 | ; line unless ignore_repeated_source is set true.
499 | ; http://php.net/ignore-repeated-errors
500 | ignore_repeated_errors = Off
501 |
502 | ; Ignore source of message when ignoring repeated messages. When this setting
503 | ; is On you will not log errors with repeated messages from different files or
504 | ; source lines.
505 | ; http://php.net/ignore-repeated-source
506 | ignore_repeated_source = Off
507 |
508 | ; If this parameter is set to Off, then memory leaks will not be shown (on
509 | ; stdout or in the log). This has only effect in a debug compile, and if
510 | ; error reporting includes E_WARNING in the allowed list
511 | ; http://php.net/report-memleaks
512 | report_memleaks = On
513 |
514 | ; This setting is on by default.
515 | ;report_zend_debug = 0
516 |
517 | ; Store the last error/warning message in $php_errormsg (boolean). Setting this value
518 | ; to On can assist in debugging and is appropriate for development servers. It should
519 | ; however be disabled on production servers.
520 | ; Default Value: Off
521 | ; Development Value: On
522 | ; Production Value: Off
523 | ; http://php.net/track-errors
524 | track_errors = Off
525 |
526 | ; Turn off normal error reporting and emit XML-RPC error XML
527 | ; http://php.net/xmlrpc-errors
528 | ;xmlrpc_errors = 0
529 |
530 | ; An XML-RPC faultCode
531 | ;xmlrpc_error_number = 0
532 |
533 | ; When PHP displays or logs an error, it has the capability of formatting the
534 | ; error message as HTML for easier reading. This directive controls whether
535 | ; the error message is formatted as HTML or not.
536 | ; Note: This directive is hardcoded to Off for the CLI SAPI
537 | ; Default Value: On
538 | ; Development Value: On
539 | ; Production value: On
540 | ; http://php.net/html-errors
541 | html_errors = On
542 |
543 | ; If html_errors is set to On *and* docref_root is not empty, then PHP
544 | ; produces clickable error messages that direct to a page describing the error
545 | ; or function causing the error in detail.
546 | ; You can download a copy of the PHP manual from http://php.net/docs
547 | ; and change docref_root to the base URL of your local copy including the
548 | ; leading '/'. You must also specify the file extension being used including
549 | ; the dot. PHP's default behavior is to leave these settings empty, in which
550 | ; case no links to documentation are generated.
551 | ; Note: Never use this feature for production boxes.
552 | ; http://php.net/docref-root
553 | ; Examples
554 | ;docref_root = "/phpmanual/"
555 |
556 | ; http://php.net/docref-ext
557 | ;docref_ext = .html
558 |
559 | ; String to output before an error message. PHP's default behavior is to leave
560 | ; this setting blank.
561 | ; http://php.net/error-prepend-string
562 | ; Example:
563 | ;error_prepend_string = ""
564 |
565 | ; String to output after an error message. PHP's default behavior is to leave
566 | ; this setting blank.
567 | ; http://php.net/error-append-string
568 | ; Example:
569 | ;error_append_string = ""
570 |
571 | ; Log errors to specified file. PHP's default behavior is to leave this value
572 | ; empty.
573 | ; http://php.net/error-log
574 | ; Example:
575 | ;error_log = php_errors.log
576 | ; Log errors to syslog (Event Log on NT, not valid in Windows 95).
577 | ;error_log = syslog
578 |
579 | ;windows.show_crt_warning
580 | ; Default value: 0
581 | ; Development value: 0
582 | ; Production value: 0
583 |
584 | ;;;;;;;;;;;;;;;;;
585 | ; Data Handling ;
586 | ;;;;;;;;;;;;;;;;;
587 |
588 | ; The separator used in PHP generated URLs to separate arguments.
589 | ; PHP's default setting is "&".
590 | ; http://php.net/arg-separator.output
591 | ; Example:
592 | ;arg_separator.output = "&"
593 |
594 | ; List of separator(s) used by PHP to parse input URLs into variables.
595 | ; PHP's default setting is "&".
596 | ; NOTE: Every character in this directive is considered as separator!
597 | ; http://php.net/arg-separator.input
598 | ; Example:
599 | ;arg_separator.input = ";&"
600 |
601 | ; This directive determines which super global arrays are registered when PHP
602 | ; starts up. G,P,C,E & S are abbreviations for the following respective super
603 | ; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty
604 | ; paid for the registration of these arrays and because ENV is not as commonly
605 | ; used as the others, ENV is not recommended on productions servers. You
606 | ; can still get access to the environment variables through getenv() should you
607 | ; need to.
608 | ; Default Value: "EGPCS"
609 | ; Development Value: "GPCS"
610 | ; Production Value: "GPCS";
611 | ; http://php.net/variables-order
612 | variables_order = "GPCS"
613 |
614 | ; This directive determines which super global data (G,P,C,E & S) should
615 | ; be registered into the super global array REQUEST. If so, it also determines
616 | ; the order in which that data is registered. The values for this directive are
617 | ; specified in the same manner as the variables_order directive, EXCEPT one.
618 | ; Leaving this value empty will cause PHP to use the value set in the
619 | ; variables_order directive. It does not mean it will leave the super globals
620 | ; array REQUEST empty.
621 | ; Default Value: None
622 | ; Development Value: "GP"
623 | ; Production Value: "GP"
624 | ; http://php.net/request-order
625 | request_order = "GP"
626 |
627 | ; This directive determines whether PHP registers $argv & $argc each time it
628 | ; runs. $argv contains an array of all the arguments passed to PHP when a script
629 | ; is invoked. $argc contains an integer representing the number of arguments
630 | ; that were passed when the script was invoked. These arrays are extremely
631 | ; useful when running scripts from the command line. When this directive is
632 | ; enabled, registering these variables consumes CPU cycles and memory each time
633 | ; a script is executed. For performance reasons, this feature should be disabled
634 | ; on production servers.
635 | ; Note: This directive is hardcoded to On for the CLI SAPI
636 | ; Default Value: On
637 | ; Development Value: Off
638 | ; Production Value: Off
639 | ; http://php.net/register-argc-argv
640 | register_argc_argv = Off
641 |
642 | ; When enabled, the ENV, REQUEST and SERVER variables are created when they're
643 | ; first used (Just In Time) instead of when the script starts. If these
644 | ; variables are not used within a script, having this directive on will result
645 | ; in a performance gain. The PHP directive register_argc_argv must be disabled
646 | ; for this directive to have any affect.
647 | ; http://php.net/auto-globals-jit
648 | auto_globals_jit = On
649 |
650 | ; Whether PHP will read the POST data.
651 | ; This option is enabled by default.
652 | ; Most likely, you won't want to disable this option globally. It causes $_POST
653 | ; and $_FILES to always be empty; the only way you will be able to read the
654 | ; POST data will be through the php://input stream wrapper. This can be useful
655 | ; to proxy requests or to process the POST data in a memory efficient fashion.
656 | ; http://php.net/enable-post-data-reading
657 | ;enable_post_data_reading = Off
658 |
659 | ; Maximum size of POST data that PHP will accept.
660 | ; Its value may be 0 to disable the limit. It is ignored if POST data reading
661 | ; is disabled through enable_post_data_reading.
662 | ; http://php.net/post-max-size
663 | post_max_size = 20M
664 |
665 | ; Automatically add files before PHP document.
666 | ; http://php.net/auto-prepend-file
667 | auto_prepend_file =
668 |
669 | ; Automatically add files after PHP document.
670 | ; http://php.net/auto-append-file
671 | auto_append_file =
672 |
673 | ; By default, PHP will output a character encoding using
674 | ; the Content-type: header. To disable sending of the charset, simply
675 | ; set it to be empty.
676 | ;
677 | ; PHP's built-in default is text/html
678 | ; http://php.net/default-mimetype
679 | default_mimetype = "text/html"
680 |
681 | ; PHP's default character set is set to empty.
682 | ; http://php.net/default-charset
683 | default_charset = "UTF-8"
684 |
685 | ; PHP internal character encoding is set to empty.
686 | ; If empty, default_charset is used.
687 | ; http://php.net/internal-encoding
688 | ;internal_encoding =
689 |
690 | ; PHP input character encoding is set to empty.
691 | ; http://php.net/input-encoding
692 | ;input_encoding =
693 |
694 | ; PHP output character encoding is set to empty.
695 | ; mbstring or iconv output handler is used.
696 | ; See also output_buffer.
697 | ; http://php.net/output-encoding
698 | ;output_encoding =
699 |
700 | ; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is
701 | ; to disable this feature and it will be removed in a future version.
702 | ; If post reading is disabled through enable_post_data_reading,
703 | ; $HTTP_RAW_POST_DATA is *NOT* populated.
704 | ; http://php.net/always-populate-raw-post-data
705 | ;always_populate_raw_post_data = -1
706 |
707 | ;;;;;;;;;;;;;;;;;;;;;;;;;
708 | ; Paths and Directories ;
709 | ;;;;;;;;;;;;;;;;;;;;;;;;;
710 |
711 | ; UNIX: "/path1:/path2"
712 | ;include_path = ".:/php/includes"
713 | ;
714 | ; Windows: "\path1;\path2"
715 | ;include_path = ".;c:\php\includes"
716 | ;
717 | ; PHP's default setting for include_path is ".;/path/to/php/pear"
718 | ; http://php.net/include-path
719 |
720 | ; The root of the PHP pages, used only if nonempty.
721 | ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
722 | ; if you are running php as a CGI under any web server (other than IIS)
723 | ; see documentation for security issues. The alternate is to use the
724 | ; cgi.force_redirect configuration below
725 | ; http://php.net/doc-root
726 | doc_root =
727 |
728 | ; The directory under which PHP opens the script using /~username used only
729 | ; if nonempty.
730 | ; http://php.net/user-dir
731 | user_dir =
732 |
733 | ; Directory in which the loadable extensions (modules) reside.
734 | ; http://php.net/extension-dir
735 | ; extension_dir = "./"
736 | ; On windows:
737 | ; extension_dir = "ext"
738 |
739 | ; Directory where the temporary files should be placed.
740 | ; Defaults to the system default (see sys_get_temp_dir)
741 | ; sys_temp_dir = "/tmp"
742 |
743 | ; Whether or not to enable the dl() function. The dl() function does NOT work
744 | ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
745 | ; disabled on them.
746 | ; http://php.net/enable-dl
747 | enable_dl = Off
748 |
749 | ; cgi.force_redirect is necessary to provide security running PHP as a CGI under
750 | ; most web servers. Left undefined, PHP turns this on by default. You can
751 | ; turn it off here AT YOUR OWN RISK
752 | ; **You CAN safely turn this off for IIS, in fact, you MUST.**
753 | ; http://php.net/cgi.force-redirect
754 | ;cgi.force_redirect = 1
755 |
756 | ; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
757 | ; every request. PHP's default behavior is to disable this feature.
758 | ;cgi.nph = 1
759 |
760 | ; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
761 | ; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
762 | ; will look for to know it is OK to continue execution. Setting this variable MAY
763 | ; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
764 | ; http://php.net/cgi.redirect-status-env
765 | ;cgi.redirect_status_env =
766 |
767 | ; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
768 | ; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
769 | ; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
770 | ; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting
771 | ; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
772 | ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
773 | ; http://php.net/cgi.fix-pathinfo
774 | ;cgi.fix_pathinfo=1
775 |
776 | ; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
777 | ; security tokens of the calling client. This allows IIS to define the
778 | ; security context that the request runs under. mod_fastcgi under Apache
779 | ; does not currently support this feature (03/17/2002)
780 | ; Set to 1 if running under IIS. Default is zero.
781 | ; http://php.net/fastcgi.impersonate
782 | ;fastcgi.impersonate = 1
783 |
784 | ; Disable logging through FastCGI connection. PHP's default behavior is to enable
785 | ; this feature.
786 | ;fastcgi.logging = 0
787 |
788 | ; cgi.rfc2616_headers configuration option tells PHP what type of headers to
789 | ; use when sending HTTP response code. If set to 0, PHP sends Status: header that
790 | ; is supported by Apache. When this option is set to 1, PHP will send
791 | ; RFC2616 compliant header.
792 | ; Default is zero.
793 | ; http://php.net/cgi.rfc2616-headers
794 | ;cgi.rfc2616_headers = 0
795 |
796 | ;;;;;;;;;;;;;;;;
797 | ; File Uploads ;
798 | ;;;;;;;;;;;;;;;;
799 |
800 | ; Whether to allow HTTP file uploads.
801 | ; http://php.net/file-uploads
802 | file_uploads = On
803 |
804 | ; Temporary directory for HTTP uploaded files (will use system default if not
805 | ; specified).
806 | ; http://php.net/upload-tmp-dir
807 | ;upload_tmp_dir =
808 |
809 | ; Maximum allowed size for uploaded files.
810 | ; http://php.net/upload-max-filesize
811 | upload_max_filesize = 20M
812 |
813 | ; Maximum number of files that can be uploaded via a single request
814 | max_file_uploads = 20
815 |
816 | ;;;;;;;;;;;;;;;;;;
817 | ; Fopen wrappers ;
818 | ;;;;;;;;;;;;;;;;;;
819 |
820 | ; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
821 | ; http://php.net/allow-url-fopen
822 | allow_url_fopen = On
823 |
824 | ; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
825 | ; http://php.net/allow-url-include
826 | allow_url_include = Off
827 |
828 | ; Define the anonymous ftp password (your email address). PHP's default setting
829 | ; for this is empty.
830 | ; http://php.net/from
831 | ;from="john@doe.com"
832 |
833 | ; Define the User-Agent string. PHP's default setting for this is empty.
834 | ; http://php.net/user-agent
835 | ;user_agent="PHP"
836 |
837 | ; Default timeout for socket based streams (seconds)
838 | ; http://php.net/default-socket-timeout
839 | default_socket_timeout = 60
840 |
841 | ; If your scripts have to deal with files from Macintosh systems,
842 | ; or you are running on a Mac and need to deal with files from
843 | ; unix or win32 systems, setting this flag will cause PHP to
844 | ; automatically detect the EOL character in those files so that
845 | ; fgets() and file() will work regardless of the source of the file.
846 | ; http://php.net/auto-detect-line-endings
847 | ;auto_detect_line_endings = Off
848 |
849 | ;;;;;;;;;;;;;;;;;;;;;;
850 | ; Dynamic Extensions ;
851 | ;;;;;;;;;;;;;;;;;;;;;;
852 |
853 | ; If you wish to have an extension loaded automatically, use the following
854 | ; syntax:
855 | ;
856 | ; extension=modulename.extension
857 | ;
858 | ; For example, on Windows:
859 | ;
860 | ; extension=msql.dll
861 | ;
862 | ; ... or under UNIX:
863 | ;
864 | ; extension=msql.so
865 | ;
866 | ; ... or with a path:
867 | ;
868 | ; extension=/path/to/extension/msql.so
869 | ;
870 | ; If you only provide the name of the extension, PHP will look for it in its
871 | ; default extension directory.
872 |
873 | ;;;;
874 | ; Note: packaged extension modules are now loaded via the .ini files
875 | ; found in the directory /etc/php.d; these are loaded by default.
876 | ;;;;
877 |
878 | ;;;;;;;;;;;;;;;;;;;
879 | ; Module Settings ;
880 | ;;;;;;;;;;;;;;;;;;;
881 |
882 | [CLI Server]
883 | ; Whether the CLI web server uses ANSI color coding in its terminal output.
884 | cli_server.color = On
885 |
886 | [Date]
887 | ; Defines the default timezone used by the date functions
888 | ; http://php.net/date.timezone
889 | ;date.timezone =
890 |
891 | ; http://php.net/date.default-latitude
892 | ;date.default_latitude = 31.7667
893 |
894 | ; http://php.net/date.default-longitude
895 | ;date.default_longitude = 35.2333
896 |
897 | ; http://php.net/date.sunrise-zenith
898 | ;date.sunrise_zenith = 90.583333
899 |
900 | ; http://php.net/date.sunset-zenith
901 | ;date.sunset_zenith = 90.583333
902 |
903 | [filter]
904 | ; http://php.net/filter.default
905 | ;filter.default = unsafe_raw
906 |
907 | ; http://php.net/filter.default-flags
908 | ;filter.default_flags =
909 |
910 | [iconv]
911 | ; Use of this INI entory is deprecated, use global input_encoding instead.
912 | ; If empty, input_encoding is used.
913 | ;iconv.input_encoding =
914 |
915 | ; Use of this INI entory is deprecated, use global internal_encoding instead.
916 | ; If empty, internal_encoding is used.
917 | ;iconv.internal_encoding =
918 |
919 | ; Use of this INI entory is deprecated, use global output_encoding instead.
920 | ; If empty, output_encoding is used.
921 | ;iconv.output_encoding =
922 |
923 | [intl]
924 | ;intl.default_locale =
925 | ; This directive allows you to produce PHP errors when some error
926 | ; happens within intl functions. The value is the level of the error produced.
927 | ; Default is 0, which does not produce any errors.
928 | ;intl.error_level = E_WARNING
929 |
930 | [sqlite]
931 | ; http://php.net/sqlite.assoc-case
932 | ;sqlite.assoc_case = 0
933 |
934 | [sqlite3]
935 | ;sqlite3.extension_dir =
936 |
937 | [Pcre]
938 | ;PCRE library backtracking limit.
939 | ; http://php.net/pcre.backtrack-limit
940 | ;pcre.backtrack_limit=100000
941 |
942 | ;PCRE library recursion limit.
943 | ;Please note that if you set this value to a high number you may consume all
944 | ;the available process stack and eventually crash PHP (due to reaching the
945 | ;stack size limit imposed by the Operating System).
946 | ; http://php.net/pcre.recursion-limit
947 | ;pcre.recursion_limit=100000
948 |
949 | [Pdo]
950 | ; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"
951 | ; http://php.net/pdo-odbc.connection-pooling
952 | ;pdo_odbc.connection_pooling=strict
953 |
954 | ;pdo_odbc.db2_instance_name
955 |
956 | [Pdo_mysql]
957 | ; If mysqlnd is used: Number of cache slots for the internal result set cache
958 | ; http://php.net/pdo_mysql.cache_size
959 | pdo_mysql.cache_size = 2000
960 |
961 | ; Default socket name for local MySQL connects. If empty, uses the built-in
962 | ; MySQL defaults.
963 | ; http://php.net/pdo_mysql.default-socket
964 | pdo_mysql.default_socket=
965 |
966 | [Phar]
967 | ; http://php.net/phar.readonly
968 | ;phar.readonly = On
969 |
970 | ; http://php.net/phar.require-hash
971 | ;phar.require_hash = On
972 |
973 | ;phar.cache_list =
974 |
975 | [mail function]
976 | ; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
977 | ; http://php.net/sendmail-path
978 | sendmail_path = /usr/sbin/sendmail -t -i
979 |
980 | ; Force the addition of the specified parameters to be passed as extra parameters
981 | ; to the sendmail binary. These parameters will always replace the value of
982 | ; the 5th parameter to mail(), even in safe mode.
983 | ;mail.force_extra_parameters =
984 |
985 | ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
986 | mail.add_x_header = On
987 |
988 | ; The path to a log file that will log all mail() calls. Log entries include
989 | ; the full path of the script, line number, To address and headers.
990 | ;mail.log =
991 | ; Log mail to syslog (Event Log on NT, not valid in Windows 95).
992 | ;mail.log = syslog
993 |
994 | [SQL]
995 | ; http://php.net/sql.safe-mode
996 | sql.safe_mode = Off
997 |
998 | [ODBC]
999 | ; http://php.net/odbc.default-db
1000 | ;odbc.default_db = Not yet implemented
1001 |
1002 | ; http://php.net/odbc.default-user
1003 | ;odbc.default_user = Not yet implemented
1004 |
1005 | ; http://php.net/odbc.default-pw
1006 | ;odbc.default_pw = Not yet implemented
1007 |
1008 | ; Controls the ODBC cursor model.
1009 | ; Default: SQL_CURSOR_STATIC (default).
1010 | ;odbc.default_cursortype
1011 |
1012 | ; Allow or prevent persistent links.
1013 | ; http://php.net/odbc.allow-persistent
1014 | odbc.allow_persistent = On
1015 |
1016 | ; Check that a connection is still valid before reuse.
1017 | ; http://php.net/odbc.check-persistent
1018 | odbc.check_persistent = On
1019 |
1020 | ; Maximum number of persistent links. -1 means no limit.
1021 | ; http://php.net/odbc.max-persistent
1022 | odbc.max_persistent = -1
1023 |
1024 | ; Maximum number of links (persistent + non-persistent). -1 means no limit.
1025 | ; http://php.net/odbc.max-links
1026 | odbc.max_links = -1
1027 |
1028 | ; Handling of LONG fields. Returns number of bytes to variables. 0 means
1029 | ; passthru.
1030 | ; http://php.net/odbc.defaultlrl
1031 | odbc.defaultlrl = 4096
1032 |
1033 | ; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char.
1034 | ; See the documentation on odbc_binmode and odbc_longreadlen for an explanation
1035 | ; of odbc.defaultlrl and odbc.defaultbinmode
1036 | ; http://php.net/odbc.defaultbinmode
1037 | odbc.defaultbinmode = 1
1038 |
1039 | ;birdstep.max_links = -1
1040 |
1041 | [Interbase]
1042 | ; Allow or prevent persistent links.
1043 | ibase.allow_persistent = 1
1044 |
1045 | ; Maximum number of persistent links. -1 means no limit.
1046 | ibase.max_persistent = -1
1047 |
1048 | ; Maximum number of links (persistent + non-persistent). -1 means no limit.
1049 | ibase.max_links = -1
1050 |
1051 | ; Default database name for ibase_connect().
1052 | ;ibase.default_db =
1053 |
1054 | ; Default username for ibase_connect().
1055 | ;ibase.default_user =
1056 |
1057 | ; Default password for ibase_connect().
1058 | ;ibase.default_password =
1059 |
1060 | ; Default charset for ibase_connect().
1061 | ;ibase.default_charset =
1062 |
1063 | ; Default timestamp format.
1064 | ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
1065 |
1066 | ; Default date format.
1067 | ibase.dateformat = "%Y-%m-%d"
1068 |
1069 | ; Default time format.
1070 | ibase.timeformat = "%H:%M:%S"
1071 |
1072 | [MySQL]
1073 | ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
1074 | ; http://php.net/mysql.allow_local_infile
1075 | mysql.allow_local_infile = On
1076 |
1077 | ; Allow or prevent persistent links.
1078 | ; http://php.net/mysql.allow-persistent
1079 | mysql.allow_persistent = On
1080 |
1081 | ; If mysqlnd is used: Number of cache slots for the internal result set cache
1082 | ; http://php.net/mysql.cache_size
1083 | mysql.cache_size = 2000
1084 |
1085 | ; Maximum number of persistent links. -1 means no limit.
1086 | ; http://php.net/mysql.max-persistent
1087 | mysql.max_persistent = -1
1088 |
1089 | ; Maximum number of links (persistent + non-persistent). -1 means no limit.
1090 | ; http://php.net/mysql.max-links
1091 | mysql.max_links = -1
1092 |
1093 | ; Default port number for mysql_connect(). If unset, mysql_connect() will use
1094 | ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
1095 | ; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
1096 | ; at MYSQL_PORT.
1097 | ; http://php.net/mysql.default-port
1098 | mysql.default_port =
1099 |
1100 | ; Default socket name for local MySQL connects. If empty, uses the built-in
1101 | ; MySQL defaults.
1102 | ; http://php.net/mysql.default-socket
1103 | mysql.default_socket =
1104 |
1105 | ; Default host for mysql_connect() (doesn't apply in safe mode).
1106 | ; http://php.net/mysql.default-host
1107 | mysql.default_host =
1108 |
1109 | ; Default user for mysql_connect() (doesn't apply in safe mode).
1110 | ; http://php.net/mysql.default-user
1111 | mysql.default_user =
1112 |
1113 | ; Default password for mysql_connect() (doesn't apply in safe mode).
1114 | ; Note that this is generally a *bad* idea to store passwords in this file.
1115 | ; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password")
1116 | ; and reveal this password! And of course, any users with read access to this
1117 | ; file will be able to reveal the password as well.
1118 | ; http://php.net/mysql.default-password
1119 | mysql.default_password =
1120 |
1121 | ; Maximum time (in seconds) for connect timeout. -1 means no limit
1122 | ; http://php.net/mysql.connect-timeout
1123 | mysql.connect_timeout = 60
1124 |
1125 | ; Trace mode. When trace_mode is active (=On), warnings for table/index scans and
1126 | ; SQL-Errors will be displayed.
1127 | ; http://php.net/mysql.trace-mode
1128 | mysql.trace_mode = Off
1129 |
1130 | [MySQLi]
1131 |
1132 | ; Maximum number of persistent links. -1 means no limit.
1133 | ; http://php.net/mysqli.max-persistent
1134 | mysqli.max_persistent = -1
1135 |
1136 | ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
1137 | ; http://php.net/mysqli.allow_local_infile
1138 | ;mysqli.allow_local_infile = On
1139 |
1140 | ; Allow or prevent persistent links.
1141 | ; http://php.net/mysqli.allow-persistent
1142 | mysqli.allow_persistent = On
1143 |
1144 | ; Maximum number of links. -1 means no limit.
1145 | ; http://php.net/mysqli.max-links
1146 | mysqli.max_links = -1
1147 |
1148 | ; If mysqlnd is used: Number of cache slots for the internal result set cache
1149 | ; http://php.net/mysqli.cache_size
1150 | mysqli.cache_size = 2000
1151 |
1152 | ; Default port number for mysqli_connect(). If unset, mysqli_connect() will use
1153 | ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
1154 | ; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
1155 | ; at MYSQL_PORT.
1156 | ; http://php.net/mysqli.default-port
1157 | mysqli.default_port = 3306
1158 |
1159 | ; Default socket name for local MySQL connects. If empty, uses the built-in
1160 | ; MySQL defaults.
1161 | ; http://php.net/mysqli.default-socket
1162 | mysqli.default_socket =
1163 |
1164 | ; Default host for mysql_connect() (doesn't apply in safe mode).
1165 | ; http://php.net/mysqli.default-host
1166 | mysqli.default_host =
1167 |
1168 | ; Default user for mysql_connect() (doesn't apply in safe mode).
1169 | ; http://php.net/mysqli.default-user
1170 | mysqli.default_user =
1171 |
1172 | ; Default password for mysqli_connect() (doesn't apply in safe mode).
1173 | ; Note that this is generally a *bad* idea to store passwords in this file.
1174 | ; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw")
1175 | ; and reveal this password! And of course, any users with read access to this
1176 | ; file will be able to reveal the password as well.
1177 | ; http://php.net/mysqli.default-pw
1178 | mysqli.default_pw =
1179 |
1180 | ; Allow or prevent reconnect
1181 | mysqli.reconnect = Off
1182 |
1183 | [mysqlnd]
1184 | ; Enable / Disable collection of general statistics by mysqlnd which can be
1185 | ; used to tune and monitor MySQL operations.
1186 | ; http://php.net/mysqlnd.collect_statistics
1187 | mysqlnd.collect_statistics = On
1188 |
1189 | ; Enable / Disable collection of memory usage statistics by mysqlnd which can be
1190 | ; used to tune and monitor MySQL operations.
1191 | ; http://php.net/mysqlnd.collect_memory_statistics
1192 | mysqlnd.collect_memory_statistics = Off
1193 |
1194 | ; Size of a pre-allocated buffer used when sending commands to MySQL in bytes.
1195 | ; http://php.net/mysqlnd.net_cmd_buffer_size
1196 | ;mysqlnd.net_cmd_buffer_size = 2048
1197 |
1198 | ; Size of a pre-allocated buffer used for reading data sent by the server in
1199 | ; bytes.
1200 | ; http://php.net/mysqlnd.net_read_buffer_size
1201 | ;mysqlnd.net_read_buffer_size = 32768
1202 |
1203 | [OCI8]
1204 |
1205 | ; Connection: Enables privileged connections using external
1206 | ; credentials (OCI_SYSOPER, OCI_SYSDBA)
1207 | ; http://php.net/oci8.privileged-connect
1208 | ;oci8.privileged_connect = Off
1209 |
1210 | ; Connection: The maximum number of persistent OCI8 connections per
1211 | ; process. Using -1 means no limit.
1212 | ; http://php.net/oci8.max-persistent
1213 | ;oci8.max_persistent = -1
1214 |
1215 | ; Connection: The maximum number of seconds a process is allowed to
1216 | ; maintain an idle persistent connection. Using -1 means idle
1217 | ; persistent connections will be maintained forever.
1218 | ; http://php.net/oci8.persistent-timeout
1219 | ;oci8.persistent_timeout = -1
1220 |
1221 | ; Connection: The number of seconds that must pass before issuing a
1222 | ; ping during oci_pconnect() to check the connection validity. When
1223 | ; set to 0, each oci_pconnect() will cause a ping. Using -1 disables
1224 | ; pings completely.
1225 | ; http://php.net/oci8.ping-interval
1226 | ;oci8.ping_interval = 60
1227 |
1228 | ; Connection: Set this to a user chosen connection class to be used
1229 | ; for all pooled server requests with Oracle 11g Database Resident
1230 | ; Connection Pooling (DRCP). To use DRCP, this value should be set to
1231 | ; the same string for all web servers running the same application,
1232 | ; the database pool must be configured, and the connection string must
1233 | ; specify to use a pooled server.
1234 | ;oci8.connection_class =
1235 |
1236 | ; High Availability: Using On lets PHP receive Fast Application
1237 | ; Notification (FAN) events generated when a database node fails. The
1238 | ; database must also be configured to post FAN events.
1239 | ;oci8.events = Off
1240 |
1241 | ; Tuning: This option enables statement caching, and specifies how
1242 | ; many statements to cache. Using 0 disables statement caching.
1243 | ; http://php.net/oci8.statement-cache-size
1244 | ;oci8.statement_cache_size = 20
1245 |
1246 | ; Tuning: Enables statement prefetching and sets the default number of
1247 | ; rows that will be fetched automatically after statement execution.
1248 | ; http://php.net/oci8.default-prefetch
1249 | ;oci8.default_prefetch = 100
1250 |
1251 | ; Compatibility. Using On means oci_close() will not close
1252 | ; oci_connect() and oci_new_connect() connections.
1253 | ; http://php.net/oci8.old-oci-close-semantics
1254 | ;oci8.old_oci_close_semantics = Off
1255 |
1256 | [PostgreSQL]
1257 | ; Allow or prevent persistent links.
1258 | ; http://php.net/pgsql.allow-persistent
1259 | pgsql.allow_persistent = On
1260 |
1261 | ; Detect broken persistent links always with pg_pconnect().
1262 | ; Auto reset feature requires a little overheads.
1263 | ; http://php.net/pgsql.auto-reset-persistent
1264 | pgsql.auto_reset_persistent = Off
1265 |
1266 | ; Maximum number of persistent links. -1 means no limit.
1267 | ; http://php.net/pgsql.max-persistent
1268 | pgsql.max_persistent = -1
1269 |
1270 | ; Maximum number of links (persistent+non persistent). -1 means no limit.
1271 | ; http://php.net/pgsql.max-links
1272 | pgsql.max_links = -1
1273 |
1274 | ; Ignore PostgreSQL backends Notice message or not.
1275 | ; Notice message logging require a little overheads.
1276 | ; http://php.net/pgsql.ignore-notice
1277 | pgsql.ignore_notice = 0
1278 |
1279 | ; Log PostgreSQL backends Notice message or not.
1280 | ; Unless pgsql.ignore_notice=0, module cannot log notice message.
1281 | ; http://php.net/pgsql.log-notice
1282 | pgsql.log_notice = 0
1283 |
1284 | [Sybase-CT]
1285 | ; Allow or prevent persistent links.
1286 | ; http://php.net/sybct.allow-persistent
1287 | sybct.allow_persistent = On
1288 |
1289 | ; Maximum number of persistent links. -1 means no limit.
1290 | ; http://php.net/sybct.max-persistent
1291 | sybct.max_persistent = -1
1292 |
1293 | ; Maximum number of links (persistent + non-persistent). -1 means no limit.
1294 | ; http://php.net/sybct.max-links
1295 | sybct.max_links = -1
1296 |
1297 | ; Minimum server message severity to display.
1298 | ; http://php.net/sybct.min-server-severity
1299 | sybct.min_server_severity = 10
1300 |
1301 | ; Minimum client message severity to display.
1302 | ; http://php.net/sybct.min-client-severity
1303 | sybct.min_client_severity = 10
1304 |
1305 | ; Set per-context timeout
1306 | ; http://php.net/sybct.timeout
1307 | ;sybct.timeout=
1308 |
1309 | ;sybct.packet_size
1310 |
1311 | ; The maximum time in seconds to wait for a connection attempt to succeed before returning failure.
1312 | ; Default: one minute
1313 | ;sybct.login_timeout=
1314 |
1315 | ; The name of the host you claim to be connecting from, for display by sp_who.
1316 | ; Default: none
1317 | ;sybct.hostname=
1318 |
1319 | ; Allows you to define how often deadlocks are to be retried. -1 means "forever".
1320 | ; Default: 0
1321 | ;sybct.deadlock_retry_count=
1322 |
1323 | [bcmath]
1324 | ; Number of decimal digits for all bcmath functions.
1325 | ; http://php.net/bcmath.scale
1326 | bcmath.scale = 0
1327 |
1328 | [browscap]
1329 | ; http://php.net/browscap
1330 | ;browscap = extra/browscap.ini
1331 |
1332 | [Session]
1333 | ; Handler used to store/retrieve data.
1334 | ; http://php.net/session.save-handler
1335 | session.save_handler = files
1336 |
1337 | ; Argument passed to save_handler. In the case of files, this is the path
1338 | ; where data files are stored. Note: Windows users have to change this
1339 | ; variable in order to use PHP's session functions.
1340 | ;
1341 | ; The path can be defined as:
1342 | ;
1343 | ; session.save_path = "N;/path"
1344 | ;
1345 | ; where N is an integer. Instead of storing all the session files in
1346 | ; /path, what this will do is use subdirectories N-levels deep, and
1347 | ; store the session data in those directories. This is useful if
1348 | ; your OS has problems with many files in one directory, and is
1349 | ; a more efficient layout for servers that handle many sessions.
1350 | ;
1351 | ; NOTE 1: PHP will not create this directory structure automatically.
1352 | ; You can use the script in the ext/session dir for that purpose.
1353 | ; NOTE 2: See the section on garbage collection below if you choose to
1354 | ; use subdirectories for session storage
1355 | ;
1356 | ; The file storage module creates files using mode 600 by default.
1357 | ; You can change that by using
1358 | ;
1359 | ; session.save_path = "N;MODE;/path"
1360 | ;
1361 | ; where MODE is the octal representation of the mode. Note that this
1362 | ; does not overwrite the process's umask.
1363 | ; http://php.net/session.save-path
1364 |
1365 | ; RPM note : session directory must be owned by process owner
1366 | ; for mod_php, see /etc/httpd/conf.d/php.conf
1367 | ; for php-fpm, see /etc/php-fpm.d/*conf
1368 | ;session.save_path = "/tmp"
1369 |
1370 | ; Whether to use strict session mode.
1371 | ; Strict session mode does not accept uninitialized session ID and regenerate
1372 | ; session ID if browser sends uninitialized session ID. Strict mode protects
1373 | ; applications from session fixation via session adoption vulnerability. It is
1374 | ; disabled by default for maximum compatibility, but enabling it is encouraged.
1375 | ; https://wiki.php.net/rfc/strict_sessions
1376 | session.use_strict_mode = 0
1377 |
1378 | ; Whether to use cookies.
1379 | ; http://php.net/session.use-cookies
1380 | session.use_cookies = 1
1381 |
1382 | ; http://php.net/session.cookie-secure
1383 | ;session.cookie_secure =
1384 |
1385 | ; This option forces PHP to fetch and use a cookie for storing and maintaining
1386 | ; the session id. We encourage this operation as it's very helpful in combating
1387 | ; session hijacking when not specifying and managing your own session id. It is
1388 | ; not the be-all and end-all of session hijacking defense, but it's a good start.
1389 | ; http://php.net/session.use-only-cookies
1390 | session.use_only_cookies = 1
1391 |
1392 | ; Name of the session (used as cookie name).
1393 | ; http://php.net/session.name
1394 | session.name = PHPSESSID
1395 |
1396 | ; Initialize session on request startup.
1397 | ; http://php.net/session.auto-start
1398 | session.auto_start = 0
1399 |
1400 | ; Lifetime in seconds of cookie or, if 0, until browser is restarted.
1401 | ; http://php.net/session.cookie-lifetime
1402 | session.cookie_lifetime = 0
1403 |
1404 | ; The path for which the cookie is valid.
1405 | ; http://php.net/session.cookie-path
1406 | session.cookie_path = /
1407 |
1408 | ; The domain for which the cookie is valid.
1409 | ; http://php.net/session.cookie-domain
1410 | session.cookie_domain =
1411 |
1412 | ; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
1413 | ; http://php.net/session.cookie-httponly
1414 | session.cookie_httponly =
1415 |
1416 | ; Handler used to serialize data. php is the standard serializer of PHP.
1417 | ; http://php.net/session.serialize-handler
1418 | session.serialize_handler = php
1419 |
1420 | ; Defines the probability that the 'garbage collection' process is started
1421 | ; on every session initialization. The probability is calculated by using
1422 | ; gc_probability/gc_divisor. Where session.gc_probability is the numerator
1423 | ; and gc_divisor is the denominator in the equation. Setting this value to 1
1424 | ; when the session.gc_divisor value is 100 will give you approximately a 1% chance
1425 | ; the gc will run on any give request.
1426 | ; Default Value: 1
1427 | ; Development Value: 1
1428 | ; Production Value: 1
1429 | ; http://php.net/session.gc-probability
1430 | session.gc_probability = 1
1431 |
1432 | ; Defines the probability that the 'garbage collection' process is started on every
1433 | ; session initialization. The probability is calculated by using the following equation:
1434 | ; gc_probability/gc_divisor. Where session.gc_probability is the numerator and
1435 | ; session.gc_divisor is the denominator in the equation. Setting this value to 1
1436 | ; when the session.gc_divisor value is 100 will give you approximately a 1% chance
1437 | ; the gc will run on any give request. Increasing this value to 1000 will give you
1438 | ; a 0.1% chance the gc will run on any give request. For high volume production servers,
1439 | ; this is a more efficient approach.
1440 | ; Default Value: 100
1441 | ; Development Value: 1000
1442 | ; Production Value: 1000
1443 | ; http://php.net/session.gc-divisor
1444 | session.gc_divisor = 1000
1445 |
1446 | ; After this number of seconds, stored data will be seen as 'garbage' and
1447 | ; cleaned up by the garbage collection process.
1448 | ; http://php.net/session.gc-maxlifetime
1449 | session.gc_maxlifetime = 1440
1450 |
1451 | ; NOTE: If you are using the subdirectory option for storing session files
1452 | ; (see session.save_path above), then garbage collection does *not*
1453 | ; happen automatically. You will need to do your own garbage
1454 | ; collection through a shell script, cron entry, or some other method.
1455 | ; For example, the following script would is the equivalent of
1456 | ; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
1457 | ; find /path/to/sessions -cmin +24 -type f | xargs rm
1458 |
1459 | ; Check HTTP Referer to invalidate externally stored URLs containing ids.
1460 | ; HTTP_REFERER has to contain this substring for the session to be
1461 | ; considered as valid.
1462 | ; http://php.net/session.referer-check
1463 | session.referer_check =
1464 |
1465 | ; How many bytes to read from the file.
1466 | ; http://php.net/session.entropy-length
1467 | ;session.entropy_length = 32
1468 |
1469 | ; Specified here to create the session id.
1470 | ; http://php.net/session.entropy-file
1471 | ; Defaults to /dev/urandom
1472 | ; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom
1473 | ; If neither are found at compile time, the default is no entropy file.
1474 | ; On windows, setting the entropy_length setting will activate the
1475 | ; Windows random source (using the CryptoAPI)
1476 | ;session.entropy_file = /dev/urandom
1477 |
1478 | ; Set to {nocache,private,public,} to determine HTTP caching aspects
1479 | ; or leave this empty to avoid sending anti-caching headers.
1480 | ; http://php.net/session.cache-limiter
1481 | session.cache_limiter = nocache
1482 |
1483 | ; Document expires after n minutes.
1484 | ; http://php.net/session.cache-expire
1485 | session.cache_expire = 180
1486 |
1487 | ; trans sid support is disabled by default.
1488 | ; Use of trans sid may risk your users' security.
1489 | ; Use this option with caution.
1490 | ; - User may send URL contains active session ID
1491 | ; to other person via. email/irc/etc.
1492 | ; - URL that contains active session ID may be stored
1493 | ; in publicly accessible computer.
1494 | ; - User may access your site with the same session ID
1495 | ; always using URL stored in browser's history or bookmarks.
1496 | ; http://php.net/session.use-trans-sid
1497 | session.use_trans_sid = 0
1498 |
1499 | ; Select a hash function for use in generating session ids.
1500 | ; Possible Values
1501 | ; 0 (MD5 128 bits)
1502 | ; 1 (SHA-1 160 bits)
1503 | ; This option may also be set to the name of any hash function supported by
1504 | ; the hash extension. A list of available hashes is returned by the hash_algos()
1505 | ; function.
1506 | ; http://php.net/session.hash-function
1507 | session.hash_function = 0
1508 |
1509 | ; Define how many bits are stored in each character when converting
1510 | ; the binary hash data to something readable.
1511 | ; Possible values:
1512 | ; 4 (4 bits: 0-9, a-f)
1513 | ; 5 (5 bits: 0-9, a-v)
1514 | ; 6 (6 bits: 0-9, a-z, A-Z, "-", ",")
1515 | ; Default Value: 4
1516 | ; Development Value: 5
1517 | ; Production Value: 5
1518 | ; http://php.net/session.hash-bits-per-character
1519 | session.hash_bits_per_character = 5
1520 |
1521 | ; The URL rewriter will look for URLs in a defined set of HTML tags.
1522 | ; form/fieldset are special; if you include them here, the rewriter will
1523 | ; add a hidden field with the info which is otherwise appended
1524 | ; to URLs. If you want XHTML conformity, remove the form entry.
1525 | ; Note that all valid entries require a "=", even if no value follows.
1526 | ; Default Value: "a=href,area=href,frame=src,form=,fieldset="
1527 | ; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
1528 | ; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
1529 | ; http://php.net/url-rewriter.tags
1530 | url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
1531 |
1532 | ; Enable upload progress tracking in $_SESSION
1533 | ; Default Value: On
1534 | ; Development Value: On
1535 | ; Production Value: On
1536 | ; http://php.net/session.upload-progress.enabled
1537 | ;session.upload_progress.enabled = On
1538 |
1539 | ; Cleanup the progress information as soon as all POST data has been read
1540 | ; (i.e. upload completed).
1541 | ; Default Value: On
1542 | ; Development Value: On
1543 | ; Production Value: On
1544 | ; http://php.net/session.upload-progress.cleanup
1545 | ;session.upload_progress.cleanup = On
1546 |
1547 | ; A prefix used for the upload progress key in $_SESSION
1548 | ; Default Value: "upload_progress_"
1549 | ; Development Value: "upload_progress_"
1550 | ; Production Value: "upload_progress_"
1551 | ; http://php.net/session.upload-progress.prefix
1552 | ;session.upload_progress.prefix = "upload_progress_"
1553 |
1554 | ; The index name (concatenated with the prefix) in $_SESSION
1555 | ; containing the upload progress information
1556 | ; Default Value: "PHP_SESSION_UPLOAD_PROGRESS"
1557 | ; Development Value: "PHP_SESSION_UPLOAD_PROGRESS"
1558 | ; Production Value: "PHP_SESSION_UPLOAD_PROGRESS"
1559 | ; http://php.net/session.upload-progress.name
1560 | ;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"
1561 |
1562 | ; How frequently the upload progress should be updated.
1563 | ; Given either in percentages (per-file), or in bytes
1564 | ; Default Value: "1%"
1565 | ; Development Value: "1%"
1566 | ; Production Value: "1%"
1567 | ; http://php.net/session.upload-progress.freq
1568 | ;session.upload_progress.freq = "1%"
1569 |
1570 | ; The minimum delay between updates, in seconds
1571 | ; Default Value: 1
1572 | ; Development Value: 1
1573 | ; Production Value: 1
1574 | ; http://php.net/session.upload-progress.min-freq
1575 | ;session.upload_progress.min_freq = "1"
1576 |
1577 | [MSSQL]
1578 | ; Allow or prevent persistent links.
1579 | mssql.allow_persistent = On
1580 |
1581 | ; Maximum number of persistent links. -1 means no limit.
1582 | mssql.max_persistent = -1
1583 |
1584 | ; Maximum number of links (persistent+non persistent). -1 means no limit.
1585 | mssql.max_links = -1
1586 |
1587 | ; Minimum error severity to display.
1588 | mssql.min_error_severity = 10
1589 |
1590 | ; Minimum message severity to display.
1591 | mssql.min_message_severity = 10
1592 |
1593 | ; Compatibility mode with old versions of PHP 3.0.
1594 | mssql.compatibility_mode = Off
1595 |
1596 | ; Connect timeout
1597 | ;mssql.connect_timeout = 5
1598 |
1599 | ; Query timeout
1600 | ;mssql.timeout = 60
1601 |
1602 | ; Valid range 0 - 2147483647. Default = 4096.
1603 | ;mssql.textlimit = 4096
1604 |
1605 | ; Valid range 0 - 2147483647. Default = 4096.
1606 | ;mssql.textsize = 4096
1607 |
1608 | ; Limits the number of records in each batch. 0 = all records in one batch.
1609 | ;mssql.batchsize = 0
1610 |
1611 | ; Specify how datetime and datetim4 columns are returned
1612 | ; On => Returns data converted to SQL server settings
1613 | ; Off => Returns values as YYYY-MM-DD hh:mm:ss
1614 | ;mssql.datetimeconvert = On
1615 |
1616 | ; Use NT authentication when connecting to the server
1617 | mssql.secure_connection = Off
1618 |
1619 | ; Specify max number of processes. -1 = library default
1620 | ; msdlib defaults to 25
1621 | ; FreeTDS defaults to 4096
1622 | ;mssql.max_procs = -1
1623 |
1624 | ; Specify client character set.
1625 | ; If empty or not set the client charset from freetds.conf is used
1626 | ; This is only used when compiled with FreeTDS
1627 | ;mssql.charset = "ISO-8859-1"
1628 |
1629 | [Assertion]
1630 | ; Assert(expr); active by default.
1631 | ; http://php.net/assert.active
1632 | ;assert.active = On
1633 |
1634 | ; Issue a PHP warning for each failed assertion.
1635 | ; http://php.net/assert.warning
1636 | ;assert.warning = On
1637 |
1638 | ; Don't bail out by default.
1639 | ; http://php.net/assert.bail
1640 | ;assert.bail = Off
1641 |
1642 | ; User-function to be called if an assertion fails.
1643 | ; http://php.net/assert.callback
1644 | ;assert.callback = 0
1645 |
1646 | ; Eval the expression with current error_reporting(). Set to true if you want
1647 | ; error_reporting(0) around the eval().
1648 | ; http://php.net/assert.quiet-eval
1649 | ;assert.quiet_eval = 0
1650 |
1651 | [mbstring]
1652 | ; language for internal character representation.
1653 | ; This affects mb_send_mail() and mbstrig.detect_order.
1654 | ; http://php.net/mbstring.language
1655 | ;mbstring.language = Japanese
1656 |
1657 | ; Use of this INI entory is deprecated, use global internal_encoding instead.
1658 | ; internal/script encoding.
1659 | ; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*)
1660 | ; If empty, default_charset or internal_encoding is used in order.
1661 | ; http://php.net/mbstring.internal-encoding
1662 | ;mbstring.internal_encoding =
1663 |
1664 | ; Use of this INI entory is deprecated, use global input_encoding instead.
1665 | ; http input encoding.
1666 | ; If empty, input_encoding is used.
1667 | ; mbstring.encoding_traslation = On is needed to use this setting.
1668 | ; http://php.net/mbstring.http-input
1669 | ;mbstring.http_input =
1670 |
1671 | ; Use of this INI entory is deprecated, use global output_encoding instead.
1672 | ; http output encoding.
1673 | ; mb_output_handler must be registered as output buffer to function.
1674 | ; If empty, output_encoding is used.
1675 | ; http://php.net/mbstring.http-output
1676 | ;mbstring.http_output =
1677 |
1678 | ; enable automatic encoding translation according to
1679 | ; mbstring.internal_encoding setting. Input chars are
1680 | ; converted to internal encoding by setting this to On.
1681 | ; Note: Do _not_ use automatic encoding translation for
1682 | ; portable libs/applications.
1683 | ; http://php.net/mbstring.encoding-translation
1684 | ;mbstring.encoding_translation = Off
1685 |
1686 | ; automatic encoding detection order.
1687 | ; "auto" detect order is changed accoding to mbstring.language
1688 | ; http://php.net/mbstring.detect-order
1689 | ;mbstring.detect_order = auto
1690 |
1691 | ; substitute_character used when character cannot be converted
1692 | ; one from another
1693 | ; http://php.net/mbstring.substitute-character
1694 | ;mbstring.substitute_character = none
1695 |
1696 | ; overload(replace) single byte functions by mbstring functions.
1697 | ; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(),
1698 | ; etc. Possible values are 0,1,2,4 or combination of them.
1699 | ; For example, 7 for overload everything.
1700 | ; 0: No overload
1701 | ; 1: Overload mail() function
1702 | ; 2: Overload str*() functions
1703 | ; 4: Overload ereg*() functions
1704 | ; http://php.net/mbstring.func-overload
1705 | ;mbstring.func_overload = 0
1706 |
1707 | ; enable strict encoding detection.
1708 | ; Default: Off
1709 | ;mbstring.strict_detection = On
1710 |
1711 | ; This directive specifies the regex pattern of content types for which mb_output_handler()
1712 | ; is activated.
1713 | ; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml)
1714 | ;mbstring.http_output_conv_mimetype=
1715 |
1716 | [gd]
1717 | ; Tell the jpeg decode to ignore warnings and try to create
1718 | ; a gd image. The warning will then be displayed as notices
1719 | ; disabled by default
1720 | ; http://php.net/gd.jpeg-ignore-warning
1721 | ;gd.jpeg_ignore_warning = 0
1722 |
1723 | [exif]
1724 | ; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS.
1725 | ; With mbstring support this will automatically be converted into the encoding
1726 | ; given by corresponding encode setting. When empty mbstring.internal_encoding
1727 | ; is used. For the decode settings you can distinguish between motorola and
1728 | ; intel byte order. A decode setting cannot be empty.
1729 | ; http://php.net/exif.encode-unicode
1730 | ;exif.encode_unicode = ISO-8859-15
1731 |
1732 | ; http://php.net/exif.decode-unicode-motorola
1733 | ;exif.decode_unicode_motorola = UCS-2BE
1734 |
1735 | ; http://php.net/exif.decode-unicode-intel
1736 | ;exif.decode_unicode_intel = UCS-2LE
1737 |
1738 | ; http://php.net/exif.encode-jis
1739 | ;exif.encode_jis =
1740 |
1741 | ; http://php.net/exif.decode-jis-motorola
1742 | ;exif.decode_jis_motorola = JIS
1743 |
1744 | ; http://php.net/exif.decode-jis-intel
1745 | ;exif.decode_jis_intel = JIS
1746 |
1747 | [Tidy]
1748 | ; The path to a default tidy configuration file to use when using tidy
1749 | ; http://php.net/tidy.default-config
1750 | ;tidy.default_config = /usr/local/lib/php/default.tcfg
1751 |
1752 | ; Should tidy clean and repair output automatically?
1753 | ; WARNING: Do not use this option if you are generating non-html content
1754 | ; such as dynamic images
1755 | ; http://php.net/tidy.clean-output
1756 | tidy.clean_output = Off
1757 |
1758 | [soap]
1759 | ; Enables or disables WSDL caching feature.
1760 | ; http://php.net/soap.wsdl-cache-enabled
1761 | soap.wsdl_cache_enabled=1
1762 |
1763 | ; Sets the directory name where SOAP extension will put cache files.
1764 | ; http://php.net/soap.wsdl-cache-dir
1765 |
1766 | ; RPM note : cache directory must be owned by process owner
1767 | ; for mod_php, see /etc/httpd/conf.d/php.conf
1768 | ; for php-fpm, see /etc/php-fpm.d/*conf
1769 | soap.wsdl_cache_dir="/tmp"
1770 |
1771 | ; (time to live) Sets the number of second while cached file will be used
1772 | ; instead of original one.
1773 | ; http://php.net/soap.wsdl-cache-ttl
1774 | soap.wsdl_cache_ttl=86400
1775 |
1776 | ; Sets the size of the cache limit. (Max. number of WSDL files to cache)
1777 | soap.wsdl_cache_limit = 5
1778 |
1779 | [sysvshm]
1780 | ; A default size of the shared memory segment
1781 | ;sysvshm.init_mem = 10000
1782 |
1783 | [ldap]
1784 | ; Sets the maximum number of open links or -1 for unlimited.
1785 | ldap.max_links = -1
1786 |
1787 | [mcrypt]
1788 | ; For more information about mcrypt settings see http://php.net/mcrypt-module-open
1789 |
1790 | ; Directory where to load mcrypt algorithms
1791 | ; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt)
1792 | ;mcrypt.algorithms_dir=
1793 |
1794 | ; Directory where to load mcrypt modes
1795 | ; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt)
1796 | ;mcrypt.modes_dir=
1797 |
1798 | [dba]
1799 | ;dba.default_handler=
1800 |
1801 | [curl]
1802 | ; A default value for the CURLOPT_CAINFO option. This is required to be an
1803 | ; absolute path.
1804 | ;curl.cainfo =
1805 |
1806 | ; Local Variables:
1807 | ; tab-width: 4
1808 | ; End:
1809 |
--------------------------------------------------------------------------------