├── README.md ├── mysql ├── conf.d │ ├── mariadb.cnf │ └── mysqld_safe_syslog.cnf └── my.cnf ├── nginx ├── fastcgi.conf ├── fastcgi_params ├── koi-utf ├── koi-win ├── mime.types ├── naxsi.rules ├── naxsi_core.rules ├── nginx.conf ├── proxy_params ├── scgi_params ├── sites-available │ ├── example.com-le.vhost │ ├── example.com-sslonly-le.vhost │ ├── example.com-sslonly.vhost │ └── example.com.vhost ├── snippets │ └── perfect-forward-secrecy.conf ├── uwsgi_params └── win-utf └── php5 ├── cli └── php.ini ├── fpm ├── php-fpm.conf ├── php.ini └── pool.d │ └── example.com.conf └── mods-available ├── curl.ini ├── gd.ini ├── json.ini ├── mcrypt.ini ├── memcached.ini ├── mysql.ini ├── mysqli.ini ├── opcache.ini ├── pdo.ini ├── pdo_mysql.ini ├── pspell.ini ├── readline.ini ├── tidy.ini ├── xmlrpc.ini └── xsl.ini /README.md: -------------------------------------------------------------------------------- 1 | nginx-opencart 2 | ============== 3 | 4 | Nginx and PHP-FPM configuration for OpenCart install. Current work goes into "development" branch and is merged to master periodically. MySQL configs are designed for MariaDB on low resource VPS such as Digital Ocean $5 - $20 droplet. Some changes would be needed for more robust systems, mostly in my.cnf. Nginx and PHP should work as configured on wide range of systems. 5 | 6 | To Do 7 | ===== 8 | 9 | 1. Split into major sections using *.conf includes. 10 | -------------------------------------------------------------------------------- /mysql/conf.d/mariadb.cnf: -------------------------------------------------------------------------------- 1 | # MariaDB-specific config file. 2 | # Read by /etc/mysql/my.cnf 3 | 4 | [client] 5 | # Default is Latin1, if you need UTF-8 set this (also in server section) 6 | default-character-set = utf8 7 | 8 | [mysqld] 9 | # 10 | # * Character sets 11 | # 12 | # Default is Latin1, if you need UTF-8 set all this (also in client section) 13 | # 14 | character-set-server = utf8 15 | collation-server = utf8_general_ci 16 | character_set_server = utf8 17 | collation_server = utf8_general_ci 18 | -------------------------------------------------------------------------------- /mysql/conf.d/mysqld_safe_syslog.cnf: -------------------------------------------------------------------------------- 1 | [mysqld_safe] 2 | syslog 3 | -------------------------------------------------------------------------------- /mysql/my.cnf: -------------------------------------------------------------------------------- 1 | # MariaDB database server configuration file. 2 | # Designed for less than 1GB RAM on combined server 3 | 4 | [client] 5 | port = 3306 6 | socket = /var/run/mysqld/mysqld.sock 7 | default-character-set = utf8 8 | 9 | [mysqld_safe] 10 | syslog 11 | socket = /var/run/mysqld/mysqld.sock 12 | nice = 0 13 | 14 | [mysqld] 15 | 16 | # * Basic Settings 17 | 18 | user = mysql 19 | pid-file = /var/run/mysqld/mysqld.pid 20 | socket = /var/run/mysqld/mysqld.sock 21 | port = 3306 22 | basedir = /usr 23 | datadir = /var/lib/mysql 24 | tmpdir = /tmp 25 | lc_messages_dir = /usr/share/mysql 26 | lc_messages = en_US 27 | skip-external-locking 28 | bind-address = 127.0.0.1 29 | 30 | # * Character Sets and Collations 31 | 32 | character-set-server = utf8 33 | collation-server = utf8_general_ci 34 | character_set_server = utf8 35 | collation_server = utf8_general_ci 36 | init-connect = 'SET NAMES utf8' 37 | init_connect = 'SET collation_connection = utf8_general_ci' 38 | skip-character-set-client-handshake 39 | 40 | # * Fine Tuning 41 | 42 | max_connections = 50 43 | connect_timeout = 5 44 | wait_timeout = 6000 45 | max_allowed_packet = 64M 46 | thread_cache_size = 128 47 | sort_buffer_size = 512KB 48 | bulk_insert_buffer_size = 16M 49 | tmp_table_size = 120M 50 | max_heap_table_size = 120M 51 | 52 | # * MyISAM 53 | 54 | myisam_recover = BACKUP 55 | key_buffer_size = 196KB 56 | #open-files-limit = 2000 57 | table_open_cache = 400 58 | myisam_sort_buffer_size = 512M 59 | concurrent_insert = 2 60 | read_buffer_size = 256KB 61 | read_rnd_buffer_size = 1M 62 | 63 | # * Query Cache Configuration 64 | 65 | query_cache_limit = 128K 66 | query_cache_size = 32M 67 | 68 | # * Logging and Replication 69 | 70 | #general_log_file = /var/log/mysql/mysql.log 71 | #general_log = 1 72 | log_warnings = 2 73 | slow_query_log = 1 74 | slow_query_log_file = /var/log/mysql/mariadb-slow.log 75 | long_query_time = 10 76 | #log_slow_rate_limit = 1000 77 | log_slow_verbosity = query_plan 78 | 79 | #log-queries-not-using-indexes 80 | #log_slow_admin_statements 81 | 82 | #log_bin = /var/log/mysql/mariadb-bin 83 | #log_bin_index = /var/log/mysql/mariadb-bin.index 84 | #sync_binlog = 1 85 | #expire_logs_days = 10 86 | #max_binlog_size = 100M 87 | #binlog_format = MIXED 88 | # Use for production 89 | sql_mode = NO_ENGINE_SUBSTITUTION,TRADITIONAL 90 | # Use for transfers 91 | #sql_mode = STRICT_TRANS_TABLES,STRICT_ALL_TABLES,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION 92 | 93 | # * InnoDB 94 | 95 | default_storage_engine = InnoDB 96 | #innodb_log_file_size = 50M 97 | innodb_buffer_pool_size = 9M 98 | innodb_log_buffer_size = 1M 99 | innodb_file_per_table = 1 100 | innodb_open_files = 400 101 | innodb_io_capacity = 400 102 | innodb_flush_method = O_DIRECT 103 | 104 | [mysqldump] 105 | quick 106 | quote-names 107 | max_allowed_packet = 64M 108 | 109 | [mysql] 110 | #default-character-set = utf8 111 | 112 | [isamchk] 113 | key_buffer = 16M 114 | 115 | #!includedir /etc/mysql/conf.d/ 116 | -------------------------------------------------------------------------------- /nginx/fastcgi.conf: -------------------------------------------------------------------------------- 1 | 2 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 3 | fastcgi_param QUERY_STRING $query_string; 4 | fastcgi_param REQUEST_METHOD $request_method; 5 | fastcgi_param CONTENT_TYPE $content_type; 6 | fastcgi_param CONTENT_LENGTH $content_length; 7 | 8 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 9 | fastcgi_param REQUEST_URI $request_uri; 10 | fastcgi_param DOCUMENT_URI $document_uri; 11 | fastcgi_param DOCUMENT_ROOT $document_root; 12 | fastcgi_param SERVER_PROTOCOL $server_protocol; 13 | fastcgi_param HTTPS $https if_not_empty; 14 | 15 | fastcgi_param GATEWAY_INTERFACE CGI/1.1; 16 | fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; 17 | 18 | fastcgi_param REMOTE_ADDR $remote_addr; 19 | fastcgi_param REMOTE_PORT $remote_port; 20 | fastcgi_param SERVER_ADDR $server_addr; 21 | fastcgi_param SERVER_PORT $server_port; 22 | fastcgi_param SERVER_NAME $server_name; 23 | 24 | # PHP only, required if PHP was built with --enable-force-cgi-redirect 25 | fastcgi_param REDIRECT_STATUS 200; 26 | -------------------------------------------------------------------------------- /nginx/fastcgi_params: -------------------------------------------------------------------------------- 1 | fastcgi_param QUERY_STRING $query_string; 2 | fastcgi_param REQUEST_METHOD $request_method; 3 | fastcgi_param CONTENT_TYPE $content_type; 4 | fastcgi_param CONTENT_LENGTH $content_length; 5 | 6 | fastcgi_param SCRIPT_FILENAME $request_filename; 7 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 8 | fastcgi_param REQUEST_URI $request_uri; 9 | fastcgi_param DOCUMENT_URI $document_uri; 10 | fastcgi_param DOCUMENT_ROOT $document_root; 11 | fastcgi_param SERVER_PROTOCOL $server_protocol; 12 | 13 | fastcgi_param GATEWAY_INTERFACE CGI/1.1; 14 | fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; 15 | 16 | fastcgi_param REMOTE_ADDR $remote_addr; 17 | fastcgi_param REMOTE_PORT $remote_port; 18 | fastcgi_param SERVER_ADDR $server_addr; 19 | fastcgi_param SERVER_PORT $server_port; 20 | fastcgi_param SERVER_NAME $server_name; 21 | 22 | fastcgi_param HTTPS $https; 23 | 24 | # PHP only, required if PHP was built with --enable-force-cgi-redirect 25 | fastcgi_param REDIRECT_STATUS 200; 26 | -------------------------------------------------------------------------------- /nginx/koi-utf: -------------------------------------------------------------------------------- 1 | # This map is not a full koi8-r <> utf8 map: it does not contain 2 | # box-drawing and some other characters. Besides this map contains 3 | # several koi8-u and Byelorussian letters which are not in koi8-r. 4 | # If you need a full and standard map, use contrib/unicode2nginx/koi-utf 5 | # map instead. 6 | 7 | charset_map koi8-r utf-8 { 8 | 9 | 80 E282AC; # euro 10 | 11 | 95 E280A2; # bullet 12 | 13 | 9A C2A0; #   14 | 15 | 9E C2B7; # · 16 | 17 | A3 D191; # small yo 18 | A4 D194; # small Ukrainian ye 19 | 20 | A6 D196; # small Ukrainian i 21 | A7 D197; # small Ukrainian yi 22 | 23 | AD D291; # small Ukrainian soft g 24 | AE D19E; # small Byelorussian short u 25 | 26 | B0 C2B0; # ° 27 | 28 | B3 D081; # capital YO 29 | B4 D084; # capital Ukrainian YE 30 | 31 | B6 D086; # capital Ukrainian I 32 | B7 D087; # capital Ukrainian YI 33 | 34 | B9 E28496; # numero sign 35 | 36 | BD D290; # capital Ukrainian soft G 37 | BE D18E; # capital Byelorussian short U 38 | 39 | BF C2A9; # (C) 40 | 41 | C0 D18E; # small yu 42 | C1 D0B0; # small a 43 | C2 D0B1; # small b 44 | C3 D186; # small ts 45 | C4 D0B4; # small d 46 | C5 D0B5; # small ye 47 | C6 D184; # small f 48 | C7 D0B3; # small g 49 | C8 D185; # small kh 50 | C9 D0B8; # small i 51 | CA D0B9; # small j 52 | CB D0BA; # small k 53 | CC D0BB; # small l 54 | CD D0BC; # small m 55 | CE D0BD; # small n 56 | CF D0BE; # small o 57 | 58 | D0 D0BF; # small p 59 | D1 D18F; # small ya 60 | D2 D180; # small r 61 | D3 D181; # small s 62 | D4 D182; # small t 63 | D5 D183; # small u 64 | D6 D0B6; # small zh 65 | D7 D0B2; # small v 66 | D8 D18C; # small soft sign 67 | D9 D18B; # small y 68 | DA D0B7; # small z 69 | DB D188; # small sh 70 | DC D18D; # small e 71 | DD D189; # small shch 72 | DE D187; # small ch 73 | DF D18A; # small hard sign 74 | 75 | E0 D0AE; # capital YU 76 | E1 D090; # capital A 77 | E2 D091; # capital B 78 | E3 D0A6; # capital TS 79 | E4 D094; # capital D 80 | E5 D095; # capital YE 81 | E6 D0A4; # capital F 82 | E7 D093; # capital G 83 | E8 D0A5; # capital KH 84 | E9 D098; # capital I 85 | EA D099; # capital J 86 | EB D09A; # capital K 87 | EC D09B; # capital L 88 | ED D09C; # capital M 89 | EE D09D; # capital N 90 | EF D09E; # capital O 91 | 92 | F0 D09F; # capital P 93 | F1 D0AF; # capital YA 94 | F2 D0A0; # capital R 95 | F3 D0A1; # capital S 96 | F4 D0A2; # capital T 97 | F5 D0A3; # capital U 98 | F6 D096; # capital ZH 99 | F7 D092; # capital V 100 | F8 D0AC; # capital soft sign 101 | F9 D0AB; # capital Y 102 | FA D097; # capital Z 103 | FB D0A8; # capital SH 104 | FC D0AD; # capital E 105 | FD D0A9; # capital SHCH 106 | FE D0A7; # capital CH 107 | FF D0AA; # capital hard sign 108 | } 109 | -------------------------------------------------------------------------------- /nginx/koi-win: -------------------------------------------------------------------------------- 1 | charset_map koi8-r windows-1251 { 2 | 3 | 80 88; # euro 4 | 5 | 95 95; # bullet 6 | 7 | 9A A0; #   8 | 9 | 9E B7; # · 10 | 11 | A3 B8; # small yo 12 | A4 BA; # small Ukrainian ye 13 | 14 | A6 B3; # small Ukrainian i 15 | A7 BF; # small Ukrainian yi 16 | 17 | AD B4; # small Ukrainian soft g 18 | AE A2; # small Byelorussian short u 19 | 20 | B0 B0; # ° 21 | 22 | B3 A8; # capital YO 23 | B4 AA; # capital Ukrainian YE 24 | 25 | B6 B2; # capital Ukrainian I 26 | B7 AF; # capital Ukrainian YI 27 | 28 | B9 B9; # numero sign 29 | 30 | BD A5; # capital Ukrainian soft G 31 | BE A1; # capital Byelorussian short U 32 | 33 | BF A9; # (C) 34 | 35 | C0 FE; # small yu 36 | C1 E0; # small a 37 | C2 E1; # small b 38 | C3 F6; # small ts 39 | C4 E4; # small d 40 | C5 E5; # small ye 41 | C6 F4; # small f 42 | C7 E3; # small g 43 | C8 F5; # small kh 44 | C9 E8; # small i 45 | CA E9; # small j 46 | CB EA; # small k 47 | CC EB; # small l 48 | CD EC; # small m 49 | CE ED; # small n 50 | CF EE; # small o 51 | 52 | D0 EF; # small p 53 | D1 FF; # small ya 54 | D2 F0; # small r 55 | D3 F1; # small s 56 | D4 F2; # small t 57 | D5 F3; # small u 58 | D6 E6; # small zh 59 | D7 E2; # small v 60 | D8 FC; # small soft sign 61 | D9 FB; # small y 62 | DA E7; # small z 63 | DB F8; # small sh 64 | DC FD; # small e 65 | DD F9; # small shch 66 | DE F7; # small ch 67 | DF FA; # small hard sign 68 | 69 | E0 DE; # capital YU 70 | E1 C0; # capital A 71 | E2 C1; # capital B 72 | E3 D6; # capital TS 73 | E4 C4; # capital D 74 | E5 C5; # capital YE 75 | E6 D4; # capital F 76 | E7 C3; # capital G 77 | E8 D5; # capital KH 78 | E9 C8; # capital I 79 | EA C9; # capital J 80 | EB CA; # capital K 81 | EC CB; # capital L 82 | ED CC; # capital M 83 | EE CD; # capital N 84 | EF CE; # capital O 85 | 86 | F0 CF; # capital P 87 | F1 DF; # capital YA 88 | F2 D0; # capital R 89 | F3 D1; # capital S 90 | F4 D2; # capital T 91 | F5 D3; # capital U 92 | F6 C6; # capital ZH 93 | F7 C2; # capital V 94 | F8 DC; # capital soft sign 95 | F9 DB; # capital Y 96 | FA C7; # capital Z 97 | FB D8; # capital SH 98 | FC DD; # capital E 99 | FD D9; # capital SHCH 100 | FE D7; # capital CH 101 | FF DA; # capital hard sign 102 | } 103 | -------------------------------------------------------------------------------- /nginx/mime.types: -------------------------------------------------------------------------------- 1 | types { 2 | text/html html htm shtml; 3 | text/css css; 4 | text/xml xml rss; 5 | image/gif gif; 6 | image/jpeg jpeg jpg; 7 | application/x-javascript js; 8 | application/atom+xml atom; 9 | 10 | text/mathml mml; 11 | text/plain txt; 12 | text/vnd.sun.j2me.app-descriptor jad; 13 | text/vnd.wap.wml wml; 14 | text/x-component htc; 15 | 16 | image/png png; 17 | image/tiff tif tiff; 18 | image/vnd.wap.wbmp wbmp; 19 | image/x-icon ico; 20 | image/x-jng jng; 21 | image/x-ms-bmp bmp; 22 | image/svg+xml svg svgz; 23 | 24 | application/java-archive jar war ear; 25 | application/json json; 26 | application/mac-binhex40 hqx; 27 | application/msword doc; 28 | application/pdf pdf; 29 | application/postscript ps eps ai; 30 | application/rtf rtf; 31 | application/vnd.ms-excel xls; 32 | application/vnd.ms-powerpoint ppt; 33 | application/vnd.wap.wmlc wmlc; 34 | application/vnd.google-earth.kml+xml kml; 35 | application/vnd.google-earth.kmz kmz; 36 | application/x-7z-compressed 7z; 37 | application/x-cocoa cco; 38 | application/x-java-archive-diff jardiff; 39 | application/x-java-jnlp-file jnlp; 40 | application/x-makeself run; 41 | application/x-perl pl pm; 42 | application/x-pilot prc pdb; 43 | application/x-rar-compressed rar; 44 | application/x-redhat-package-manager rpm; 45 | application/x-sea sea; 46 | application/x-shockwave-flash swf; 47 | application/x-stuffit sit; 48 | application/x-tcl tcl tk; 49 | application/x-x509-ca-cert der pem crt; 50 | application/x-xpinstall xpi; 51 | application/xhtml+xml xhtml; 52 | application/zip zip; 53 | 54 | application/octet-stream bin exe dll; 55 | application/octet-stream deb; 56 | application/octet-stream dmg; 57 | application/octet-stream eot; 58 | application/octet-stream iso img; 59 | application/octet-stream msi msp msm; 60 | application/ogg ogx; 61 | 62 | audio/midi mid midi kar; 63 | audio/mpeg mpga mpega mp2 mp3 m4a; 64 | audio/ogg oga ogg spx; 65 | audio/x-realaudio ra; 66 | audio/webm weba; 67 | 68 | video/3gpp 3gpp 3gp; 69 | video/mp4 mp4; 70 | video/mpeg mpeg mpg mpe; 71 | video/ogg ogv; 72 | video/quicktime mov; 73 | video/webm webm; 74 | video/x-flv flv; 75 | video/x-mng mng; 76 | video/x-ms-asf asx asf; 77 | video/x-ms-wmv wmv; 78 | video/x-msvideo avi; 79 | } 80 | -------------------------------------------------------------------------------- /nginx/naxsi.rules: -------------------------------------------------------------------------------- 1 | # Sample rules file for default vhost. 2 | 3 | LearningMode; 4 | SecRulesEnabled; 5 | #SecRulesDisabled; 6 | DeniedUrl "/RequestDenied"; 7 | 8 | ## check rules 9 | CheckRule "$SQL >= 8" BLOCK; 10 | CheckRule "$RFI >= 8" BLOCK; 11 | CheckRule "$TRAVERSAL >= 4" BLOCK; 12 | CheckRule "$EVADE >= 4" BLOCK; 13 | CheckRule "$XSS >= 8" BLOCK; 14 | -------------------------------------------------------------------------------- /nginx/naxsi_core.rules: -------------------------------------------------------------------------------- 1 | ################################## 2 | ## INTERNAL RULES IDS:1-10 ## 3 | ################################## 4 | #weird_request : 1 5 | #big_body : 2 6 | #no_content_type : 3 7 | 8 | #MainRule "str:yesone" "msg:foobar test pattern" "mz:ARGS" "s:$SQL:42" id:1999; 9 | 10 | ################################## 11 | ## SQL Injections IDs:1000-1099 ## 12 | ################################## 13 | MainRule "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex" "msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000; 14 | MainRule "str:\"" "msg:double quote" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1001; 15 | MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002; 16 | ## Hardcore rules 17 | MainRule "str:/*" "msg:mysql comment (/*)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003; 18 | MainRule "str:*/" "msg:mysql comment (*/)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004; 19 | MainRule "str:|" "msg:mysql keyword (|)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005; 20 | MainRule "rx:&&" "msg:mysql keyword (&&)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1006; 21 | ## end of hardcore rules 22 | MainRule "str:--" "msg:mysql comment (--)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1007; 23 | MainRule "str:;" "msg:; in stuff" "mz:BODY|URL|ARGS" "s:$SQL:4" id:1008; 24 | MainRule "str:=" "msg:equal in var, probable sql/xss" "mz:ARGS|BODY" "s:$SQL:2" id:1009; 25 | MainRule "str:(" "msg:parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1010; 26 | MainRule "str:)" "msg:parenthesis, probable sql/xss" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1011; 27 | MainRule "str:'" "msg:simple quote" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1013; 28 | MainRule "str:\"" "msg:double quote" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1014; 29 | MainRule "str:," "msg:, in stuff" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1015; 30 | MainRule "str:#" "msg:mysql comment (#)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1016; 31 | 32 | ############################### 33 | ## OBVIOUS RFI IDs:1100-1199 ## 34 | ############################### 35 | MainRule "str:http://" "msg:html comment tag" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1100; 36 | MainRule "str:https://" "msg:html comment tag" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1101; 37 | MainRule "str:ftp://" "msg:html comment tag" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1102; 38 | MainRule "str:php://" "msg:html comment tag" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$RFI:8" id:1103; 39 | 40 | ####################################### 41 | ## Directory traversal IDs:1200-1299 ## 42 | ####################################### 43 | MainRule "str:.." "msg:html comment tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1200; 44 | MainRule "str:/etc/passwd" "msg:html comment tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1202; 45 | MainRule "str:c:\\" "msg:html comment tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1203; 46 | MainRule "str:cmd.exe" "msg:html comment tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1204; 47 | MainRule "str:\\" "msg:html comment tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1205; 48 | #MainRule "str:/" "msg:slash in args" "mz:ARGS|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:2" id:1206; 49 | ######################################## 50 | ## Cross Site Scripting IDs:1300-1399 ## 51 | ######################################## 52 | MainRule "str:<" "msg:html open tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1302; 53 | MainRule "str:>" "msg:html close tag" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1303; 54 | MainRule "str:'" "msg:simple quote" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1306; 55 | MainRule "str:\"" "msg:double quote" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1307; 56 | MainRule "str:(" "msg:parenthesis" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1308; 57 | MainRule "str:)" "msg:parenthesis" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1309; 58 | MainRule "str:[" "msg:html close comment tag" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1310; 59 | MainRule "str:]" "msg:html close comment tag" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1311; 60 | MainRule "str:~" "msg:html close comment tag" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$XSS:4" id:1312; 61 | MainRule "str:;" "msg:semi coma" "mz:ARGS|URL|BODY" "s:$XSS:8" id:1313; 62 | MainRule "str:`" "msg:grave accent !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314; 63 | MainRule "rx:%[2|3]." "msg:double encoding !" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315; 64 | 65 | #################################### 66 | ## Evading tricks IDs: 1400-1500 ## 67 | #################################### 68 | MainRule "str:&#" "msg: utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400; 69 | MainRule "str:%U" "msg: M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401; 70 | MainRule negative "rx:multipart/form-data|application/x-www-form-urlencoded" "msg:Content is neither mulipart/x-www-form.." "mz:$HEADERS_VAR:Content-type" "s:$EVADE:4" id:1402; 71 | 72 | ############################# 73 | ## File uploads: 1500-1600 ## 74 | ############################# 75 | MainRule "rx:.ph*|.asp*" "msg:asp/php file upload!" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500; 76 | -------------------------------------------------------------------------------- /nginx/nginx.conf: -------------------------------------------------------------------------------- 1 | user www-data; 2 | worker_processes auto; 3 | pid /var/run/nginx.pid; 4 | 5 | events { 6 | 7 | worker_connections 1024; 8 | multi_accept on; 9 | use epoll; 10 | } 11 | 12 | http { 13 | 14 | ## Silently block all undefined vhost access. 15 | server { 16 | server_name _; 17 | return 444; 18 | } 19 | 20 | ## Basic Settings 21 | 22 | include /etc/nginx/mime.types; 23 | default_type application/octet-stream; 24 | server_tokens off; 25 | 26 | ## Security Settings 27 | 28 | # For further explanation: http://tautt.com/best-nginx-configuration-for-security/ 29 | add_header X-Frame-Options SAMEORIGIN; 30 | add_header X-Content-Type-Options nosniff; 31 | add_header X-XSS-Protection "1; mode=block"; 32 | #add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://ssl.google-analytics.com"; 33 | 34 | ## Add here all HTTP methods allowed 35 | map $request_method $bad_method { 36 | default 1; 37 | ~(?i)(GET|HEAD|POST) 0; 38 | } 39 | 40 | ## Logging Settings 41 | 42 | log_format main '$remote_addr - $remote_user [$time_local] "$request" ' 43 | '$status $body_bytes_sent "$http_referer" ' 44 | '"$http_user_agent" "$http_x_forwarded_for"'; 45 | 46 | access_log /var/log/nginx/access.log main buffer=32k; 47 | error_log /var/log/nginx/error.log; 48 | 49 | ## Buffer + Timeout Settings 50 | 51 | sendfile on; 52 | tcp_nopush on; 53 | tcp_nodelay on; 54 | 55 | client_header_buffer_size 4k; 56 | types_hash_max_size 2048; 57 | client_max_body_size 25m; 58 | connection_pool_size 8192; 59 | request_pool_size 8k; 60 | keepalive_timeout 15; #had 65 61 | reset_timedout_connection on; 62 | 63 | # Cache file metadata 64 | # http://www.nginxtips.com/nginx-open-file-cache/ 65 | open_file_cache max=10000 inactive=10m; 66 | open_file_cache_valid 20m; 67 | open_file_cache_min_uses 1; 68 | open_file_cache_errors on; 69 | 70 | server_names_hash_bucket_size 64; 71 | server_names_hash_max_size 512; 72 | 73 | ## Gzip Settings 74 | 75 | gzip on; 76 | gzip_vary on; 77 | gzip_proxied any; 78 | gzip_min_length 1485; 79 | gzip_comp_level 2; 80 | gzip_http_version 1.1; 81 | gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript; 82 | 83 | # make sure gzip does not lose large gzipped js or css files 84 | # see http://blog.leetsoft.com/2007/07/25/nginx-gzip-ssl.html 85 | gzip_buffers 16 8k; 86 | 87 | # Disable gzip for certain browsers. 88 | gzip_disable “MSIE [1-6].(?!.*SV1)”; 89 | 90 | ## Virtual Host Configs 91 | 92 | include /etc/nginx/conf.d/*.conf; 93 | include /etc/nginx/sites-enabled/*; 94 | 95 | # See: https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy 96 | # This MUST come AFTER the lines that includes .../sites-enabled/*, otherwise SSLv3 support may be re-enabled accidentally. 97 | include snippets/perfect-forward-secrecy.conf; 98 | } 99 | -------------------------------------------------------------------------------- /nginx/proxy_params: -------------------------------------------------------------------------------- 1 | proxy_set_header Host $host; 2 | proxy_set_header X-Real-IP $remote_addr; 3 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 4 | -------------------------------------------------------------------------------- /nginx/scgi_params: -------------------------------------------------------------------------------- 1 | scgi_param REQUEST_METHOD $request_method; 2 | scgi_param REQUEST_URI $request_uri; 3 | scgi_param QUERY_STRING $query_string; 4 | scgi_param CONTENT_TYPE $content_type; 5 | 6 | scgi_param DOCUMENT_URI $document_uri; 7 | scgi_param DOCUMENT_ROOT $document_root; 8 | scgi_param SCGI 1; 9 | scgi_param SERVER_PROTOCOL $server_protocol; 10 | 11 | scgi_param REMOTE_ADDR $remote_addr; 12 | scgi_param REMOTE_PORT $remote_port; 13 | scgi_param SERVER_PORT $server_port; 14 | scgi_param SERVER_NAME $server_name; 15 | -------------------------------------------------------------------------------- /nginx/sites-available/example.com-le.vhost: -------------------------------------------------------------------------------- 1 | # Move the www people to no-www 2 | server { 3 | listen 80; 4 | listen [::]:80; #enable for IPv6 support 5 | server_name www.domain.com; 6 | return 301 $scheme://domain.com$request_uri; 7 | } 8 | 9 | server { 10 | listen 80; 11 | listen [::]:80; 12 | listen 443 ssl; 13 | listen [::]:443 ssl; 14 | server_name domain.com; 15 | 16 | # Certs sent to the client in SERVER HELLO are concatenated in ssl_certificate 17 | ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; 18 | ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem; 19 | 20 | # Verify chain of trust of OCSP response using Root CA and Intermediate certs 21 | ssl_trusted_certificate /etc/letsencrypt/live/domain.com/fullchain.pem; 22 | 23 | root /srv/www/domain.com/htdocs; 24 | index index.php index.html index.htm; 25 | charset UTF-8; 26 | autoindex off; 27 | 28 | # Show "Not Found" 404 errors in place of "Forbidden" 403 errors, because 29 | # forbidden errors allow attackers potential insight into your server's 30 | # layout and contents 31 | error_page 403 =404; 32 | 33 | # It's always good to set logs, note however you cannot turn off the error log 34 | # Setting error_log off; will simply create a file called 'off' 35 | access_log /var/log/nginx/domain.com.access.log; 36 | error_log /var/log/nginx/domain.com.error.log; 37 | 38 | # allow Let's Encrypt client authentication - letsencrypt.org 39 | location ~ /.well-known { 40 | allow all; 41 | } 42 | 43 | # Vqmod settings 44 | # Add trailing slash to */vqmod/install requests. 45 | rewrite /vqmod/install$ $scheme://$host$uri/ permanent; 46 | 47 | # Run index.php on /vqmod/install calls 48 | location /vqmod/install/ { 49 | index index.php; 50 | } 51 | 52 | # Nginx configuration of vqmod htaccess 53 | location /srv/www/domain.com/htdocs/vqmod/ { 54 | location ~ \.(xml|cache) { 55 | deny all; 56 | } 57 | } 58 | # End Vqmod settings 59 | 60 | # SEO URL Settings 61 | # Nginx configuration of OC htaccess 62 | location = /sitemap.xml { 63 | rewrite ^(.*)$ /index.php?route=feed/google_sitemap break; 64 | } 65 | 66 | location = /googlebase.xml { 67 | rewrite ^(.*)$ /index.php?route=feed/google_base break; 68 | } 69 | 70 | location / { 71 | # This try_files directive is used to enable SEO-friendly URLs for OpenCart 72 | try_files $uri $uri/ @opencart; 73 | } 74 | 75 | location @opencart { 76 | rewrite ^/(.+)$ /index.php?_route_=$1 last; 77 | } 78 | # End SEO settings 79 | 80 | # Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS! 81 | location ~* \.(engine|inc|info|ini|install|log|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ { 82 | deny all; 83 | } 84 | 85 | # Do not log access to the favicon, to keep the logs cleaner 86 | location = /favicon.ico { 87 | log_not_found off; 88 | access_log off; 89 | } 90 | 91 | location = /apple-touch-icon.png { 92 | log_not_found off; 93 | access_log off; 94 | } 95 | 96 | location = /apple-touch-icon-precomposed.png { 97 | log_not_found off; 98 | access_log off; 99 | } 100 | 101 | # This block will catch static file requests, such as images, css, js 102 | # The ?: prefix is a 'non-capturing' mark, meaning we do not require 103 | # the pattern to be captured into $1 which should help improve performance 104 | location ~* \.(?:3gp|gif|jpg|jpe?g|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|woff2|eot|otf|ttf)$ { 105 | # Some basic cache-control for static files to be sent to the browser 106 | expires max; 107 | add_header Pragma public; 108 | add_header Cache-Control "public, must-revalidate, proxy-revalidate"; 109 | } 110 | 111 | # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). 112 | # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) 113 | location ~ /\. { 114 | access_log off; 115 | log_not_found off; 116 | deny all; 117 | } 118 | 119 | location ~ ~$ { 120 | access_log off; 121 | log_not_found off; 122 | deny all; 123 | } 124 | 125 | # Deny access to any files with a .php extension in these directories 126 | # Works in sub-directory installs and also in multisite network 127 | # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) 128 | location ~* /(?:cache|logs|image|download)/.*\.php$ { 129 | deny all; 130 | } 131 | 132 | # Make sure these get through 133 | location = /robots.txt { 134 | allow all; 135 | log_not_found off; 136 | access_log off; 137 | } 138 | 139 | # Fix for Firefox issue with cross site font icons 140 | location ~* \.(eot|otf|ttf|woff)$ { 141 | add_header Access-Control-Allow-Origin *; 142 | } 143 | 144 | # redirect server error pages to the static page /50x.html 145 | error_page 500 502 503 504 /50x.html; 146 | location = /50x.html { 147 | root /usr/share/nginx/www; 148 | } 149 | 150 | # Pass all .php files onto a php-fpm/php-fcgi server. 151 | location ~ [^/]\.php(/|$) { 152 | # Regex to split $uri to $fastcgi_script_name and $fastcgi_path 153 | fastcgi_split_path_info ^(.+\.php)(/.+)$; 154 | 155 | # Check that the PHP script exists before passing it 156 | try_files $fastcgi_script_name =404; 157 | 158 | # Bypass the fact that try_files resets $fastcgi_path_info 159 | # see: http://trac.nginx.org/nginx/ticket/321 160 | set $path_info $fastcgi_path_info; 161 | fastcgi_param PATH_INFO $path_info; 162 | 163 | fastcgi_pass unix:/var/run/domain.com.sock; 164 | fastcgi_index index.php; 165 | # Uncomment if site is HTTPS 166 | #fastcgi_param HTTPS on; 167 | include fastcgi.conf; 168 | } 169 | 170 | # Use this block if PHPMyAdmin is enabled for domain.com 171 | location /phpmyadmin { 172 | root /usr/share/; 173 | index index.php index.html index.htm; 174 | 175 | location ~ ^/phpmyadmin/(.+\.php)$ { 176 | try_files $uri =404; 177 | root /usr/share/; 178 | fastcgi_pass unix:/var/run/domain.com.sock; 179 | fastcgi_index index.php; 180 | include fastcgi.conf; 181 | } 182 | 183 | location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { 184 | root /usr/share/; 185 | } 186 | } 187 | 188 | location /phpMyAdmin { 189 | rewrite ^/* /phpmyadmin last; 190 | } 191 | # End PHPMyAdmin block 192 | 193 | } # End of server block. 194 | -------------------------------------------------------------------------------- /nginx/sites-available/example.com-sslonly-le.vhost: -------------------------------------------------------------------------------- 1 | # Move the www people to no-www 2 | server { 3 | listen 80; 4 | listen [::]:80; 5 | server_name www.domain.com domain.com; 6 | return 301 https://domain.com$request_uri; 7 | } 8 | 9 | server { 10 | listen 443 ssl; 11 | listen [::]:443 ssl; 12 | server_name www.domain.com; 13 | 14 | # Certs sent to the client in SERVER HELLO are concatenated in ssl_certificate 15 | ssl_certificate /etc/ssl/domain.com/domain.com.crt; 16 | ssl_certificate_key /etc/ssl/domain.com/domain.com.key; 17 | 18 | return 301 https://domain.com$request_uri; 19 | } 20 | 21 | server { 22 | listen 443 ssl spdy; 23 | listen [::]:443 ssl spdy; 24 | server_name domain.com; 25 | 26 | # Certs sent to the client in SERVER HELLO are concatenated in ssl_certificate 27 | ssl_certificate /etc/ssl/domain.com/domain.com.crt; 28 | ssl_certificate_key /etc/ssl/domain.com/domain.com.key; 29 | 30 | # Verify chain of trust of OCSP response using Root CA and Intermediate certs 31 | ssl_trusted_certificate /etc/ssl/domain.com/domain.com.pem; 32 | 33 | root /srv/www/domain.com/htdocs; 34 | index index.php index.html index.htm; 35 | charset UTF-8; 36 | autoindex off; 37 | 38 | # Show "Not Found" 404 errors in place of "Forbidden" 403 errors, because 39 | # forbidden errors allow attackers potential insight into your server's 40 | # layout and contents 41 | error_page 403 =404; 42 | 43 | # It's always good to set logs, note however you cannot turn off the error log 44 | # Setting error_log off; will simply create a file called 'off' 45 | access_log /var/log/nginx/domain.com.access.log; 46 | error_log /var/log/nginx/domain.com.error.log; 47 | 48 | # allow Let's Encrypt client authentication - letsencrypt.org 49 | location ~ /.well-known { 50 | allow all; 51 | } 52 | 53 | # Vqmod settings 54 | # Add trailing slash to */vqmod/install requests. 55 | rewrite /vqmod/install$ $scheme://$host$uri/ permanent; 56 | 57 | # Run index.php on /vqmod/install calls 58 | location /vqmod/install/ { 59 | index index.php; 60 | } 61 | 62 | # Nginx configuration of vqmod htaccess 63 | location /srv/www/domain.com/htdocs/vqmod/ { 64 | location ~ \.(xml|cache) { 65 | deny all; 66 | } 67 | } 68 | # End Vqmod settings 69 | 70 | # SEO URL Settings 71 | # Nginx configuration of OC htaccess 72 | location = /sitemap.xml { 73 | rewrite ^(.*)$ /index.php?route=feed/google_sitemap break; 74 | } 75 | 76 | location = /googlebase.xml { 77 | rewrite ^(.*)$ /index.php?route=feed/google_base break; 78 | } 79 | 80 | location / { 81 | # This try_files directive is used to enable SEO-friendly URLs for OpenCart 82 | try_files $uri $uri/ @opencart; 83 | } 84 | 85 | location @opencart { 86 | rewrite ^/(.+)$ /index.php?_route_=$1 last; 87 | } 88 | # End SEO settings 89 | 90 | # Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS! 91 | location ~* \.(engine|inc|info|ini|install|log|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ { 92 | deny all; 93 | } 94 | 95 | # Do not log access to the favicon, to keep the logs cleaner 96 | location = /favicon.ico { 97 | log_not_found off; 98 | access_log off; 99 | } 100 | 101 | location = /apple-touch-icon.png { 102 | log_not_found off; 103 | access_log off; 104 | } 105 | 106 | location = /apple-touch-icon-precomposed.png { 107 | log_not_found off; 108 | access_log off; 109 | } 110 | 111 | # This block will catch static file requests, such as images, css, js 112 | # The ?: prefix is a 'non-capturing' mark, meaning we do not require 113 | # the pattern to be captured into $1 which should help improve performance 114 | location ~* \.(?:3gp|gif|jpg|jpe?g|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|woff2|eot|otf|ttf)$ { 115 | # Some basic cache-control for static files to be sent to the browser 116 | expires max; 117 | add_header Pragma public; 118 | add_header Cache-Control "public, must-revalidate, proxy-revalidate"; 119 | } 120 | 121 | # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). 122 | # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) 123 | location ~ /\. { 124 | access_log off; 125 | log_not_found off; 126 | deny all; 127 | } 128 | 129 | location ~ ~$ { 130 | access_log off; 131 | log_not_found off; 132 | deny all; 133 | } 134 | 135 | # Deny access to any files with a .php extension in these directories 136 | # Works in sub-directory installs and also in multisite network 137 | # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) 138 | location ~* /(?:cache|logs|image|download)/.*\.php$ { 139 | deny all; 140 | } 141 | 142 | # Make sure these get through 143 | location = /robots.txt { 144 | allow all; 145 | log_not_found off; 146 | access_log off; 147 | } 148 | 149 | # Fix for Firefox issue with cross site font icons 150 | location ~* \.(eot|otf|ttf|woff)$ { 151 | add_header Access-Control-Allow-Origin *; 152 | } 153 | 154 | # redirect server error pages to the static page /50x.html 155 | error_page 500 502 503 504 /50x.html; 156 | location = /50x.html { 157 | root /usr/share/nginx/www; 158 | } 159 | 160 | # Pass all .php files onto a php-fpm/php-fcgi server. 161 | location ~ [^/]\.php(/|$) { 162 | # Regex to split $uri to $fastcgi_script_name and $fastcgi_path 163 | fastcgi_split_path_info ^(.+\.php)(/.+)$; 164 | 165 | # Check that the PHP script exists before passing it 166 | try_files $fastcgi_script_name =404; 167 | 168 | # Bypass the fact that try_files resets $fastcgi_path_info 169 | # see: http://trac.nginx.org/nginx/ticket/321 170 | set $path_info $fastcgi_path_info; 171 | fastcgi_param PATH_INFO $path_info; 172 | 173 | fastcgi_pass unix:/var/run/domain.com.sock; 174 | fastcgi_index index.php; 175 | fastcgi_param HTTPS on; 176 | include fastcgi.conf; 177 | } 178 | 179 | # Use this block if PHPMyAdmin is enabled for domain.com 180 | location /phpmyadmin { 181 | root /usr/share/; 182 | index index.php index.html index.htm; 183 | 184 | location ~ ^/phpmyadmin/(.+\.php)$ { 185 | try_files $uri =404; 186 | root /usr/share/; 187 | fastcgi_pass unix:/var/run/domain.com.sock; 188 | fastcgi_index index.php; 189 | include fastcgi.conf; 190 | } 191 | 192 | location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { 193 | root /usr/share/; 194 | } 195 | } 196 | 197 | location /phpMyAdmin { 198 | rewrite ^/* /phpmyadmin last; 199 | } 200 | # End PHPMyAdmin block 201 | 202 | } # End of server block. 203 | -------------------------------------------------------------------------------- /nginx/sites-available/example.com-sslonly.vhost: -------------------------------------------------------------------------------- 1 | # Move the www people to no-www 2 | server { 3 | listen 80; 4 | listen [::]:80; 5 | server_name www.domain.com domain.com; 6 | return 301 https://domain.com$request_uri; 7 | } 8 | 9 | server { 10 | listen 443 ssl; 11 | listen [::]:443 ssl; 12 | server_name www.domain.com; 13 | 14 | # Certs sent to the client in SERVER HELLO are concatenated in ssl_certificate 15 | ssl_certificate /srv/www/domain.com/ssl/domain.com.crt; 16 | ssl_certificate_key /srv/www/domain.com/ssl/domain.com.key; 17 | 18 | return 301 https://domain.com$request_uri; 19 | } 20 | 21 | server { 22 | listen 443 ssl spdy; 23 | listen [::]:443 ssl spdy; 24 | server_name domain.com; 25 | 26 | # Certs sent to the client in SERVER HELLO are concatenated in ssl_certificate 27 | ssl_certificate /srv/www/domain.com/ssl/domain.com.crt; 28 | ssl_certificate_key /srv/www/domain.com/ssl/domain.com.key; 29 | 30 | # Verify chain of trust of OCSP response using Root CA and Intermediate certs 31 | ssl_trusted_certificate /srv/www/domain.com/ssl/unified-ssl.crt; 32 | 33 | root /srv/www/domain.com/htdocs; 34 | index index.php index.html index.htm; 35 | charset UTF-8; 36 | autoindex off; 37 | 38 | # Show "Not Found" 404 errors in place of "Forbidden" 403 errors, because 39 | # forbidden errors allow attackers potential insight into your server's 40 | # layout and contents 41 | error_page 403 =404; 42 | 43 | # It's always good to set logs, note however you cannot turn off the error log 44 | # Setting error_log off; will simply create a file called 'off' 45 | access_log /var/log/nginx/domain.com.access.log; 46 | error_log /var/log/nginx/domain.com.error.log; 47 | 48 | # Vqmod settings 49 | # Add trailing slash to */vqmod/install requests. 50 | rewrite /vqmod/install$ $scheme://$host$uri/ permanent; 51 | 52 | # Run index.php on /vqmod/install calls 53 | location /vqmod/install/ { 54 | index index.php; 55 | } 56 | 57 | # Nginx configuration of vqmod htaccess 58 | location /srv/www/domain.com/htdocs/vqmod/ { 59 | location ~ \.(xml|cache) { 60 | deny all; 61 | } 62 | } 63 | # End Vqmod settings 64 | 65 | # SEO URL Settings 66 | # Nginx configuration of OC htaccess 67 | location = /sitemap.xml { 68 | rewrite ^(.*)$ /index.php?route=feed/google_sitemap break; 69 | } 70 | 71 | location = /googlebase.xml { 72 | rewrite ^(.*)$ /index.php?route=feed/google_base break; 73 | } 74 | 75 | location / { 76 | # This try_files directive is used to enable SEO-friendly URLs for OpenCart 77 | try_files $uri $uri/ @opencart; 78 | } 79 | 80 | location @opencart { 81 | rewrite ^/(.+)$ /index.php?_route_=$1 last; 82 | } 83 | # End SEO settings 84 | 85 | # Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS! 86 | location ~* \.(engine|inc|info|ini|install|log|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ { 87 | deny all; 88 | } 89 | 90 | # Do not log access to the favicon, to keep the logs cleaner 91 | location = /favicon.ico { 92 | log_not_found off; 93 | access_log off; 94 | } 95 | 96 | location = /apple-touch-icon.png { 97 | log_not_found off; 98 | access_log off; 99 | } 100 | 101 | location = /apple-touch-icon-precomposed.png { 102 | log_not_found off; 103 | access_log off; 104 | } 105 | 106 | # This block will catch static file requests, such as images, css, js 107 | # The ?: prefix is a 'non-capturing' mark, meaning we do not require 108 | # the pattern to be captured into $1 which should help improve performance 109 | location ~* \.(?:3gp|gif|jpg|jpe?g|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|woff2|eot|otf|ttf)$ { 110 | # Some basic cache-control for static files to be sent to the browser 111 | expires max; 112 | add_header Pragma public; 113 | add_header Cache-Control "public, must-revalidate, proxy-revalidate"; 114 | } 115 | 116 | # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). 117 | # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) 118 | location ~ /\. { 119 | access_log off; 120 | log_not_found off; 121 | deny all; 122 | } 123 | 124 | location ~ ~$ { 125 | access_log off; 126 | log_not_found off; 127 | deny all; 128 | } 129 | 130 | # Deny access to any files with a .php extension in these directories 131 | # Works in sub-directory installs and also in multisite network 132 | # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) 133 | location ~* /(?:cache|logs|image|download)/.*\.php$ { 134 | deny all; 135 | } 136 | 137 | # Make sure these get through 138 | location = /robots.txt { 139 | allow all; 140 | log_not_found off; 141 | access_log off; 142 | } 143 | 144 | # Fix for Firefox issue with cross site font icons 145 | location ~* \.(eot|otf|ttf|woff)$ { 146 | add_header Access-Control-Allow-Origin *; 147 | } 148 | 149 | # redirect server error pages to the static page /50x.html 150 | error_page 500 502 503 504 /50x.html; 151 | location = /50x.html { 152 | root /usr/share/nginx/www; 153 | } 154 | 155 | # Pass all .php files onto a php-fpm/php-fcgi server. 156 | location ~ [^/]\.php(/|$) { 157 | # Regex to split $uri to $fastcgi_script_name and $fastcgi_path 158 | fastcgi_split_path_info ^(.+\.php)(/.+)$; 159 | 160 | # Check that the PHP script exists before passing it 161 | try_files $fastcgi_script_name =404; 162 | 163 | # Bypass the fact that try_files resets $fastcgi_path_info 164 | # see: http://trac.nginx.org/nginx/ticket/321 165 | set $path_info $fastcgi_path_info; 166 | fastcgi_param PATH_INFO $path_info; 167 | 168 | fastcgi_pass unix:/var/run/domain.com.sock; 169 | fastcgi_index index.php; 170 | fastcgi_param HTTPS on; 171 | include fastcgi.conf; 172 | } 173 | 174 | # Use this block if PHPMyAdmin is enabled for domain.com 175 | location /phpmyadmin { 176 | root /usr/share/; 177 | index index.php index.html index.htm; 178 | 179 | location ~ ^/phpmyadmin/(.+\.php)$ { 180 | try_files $uri =404; 181 | root /usr/share/; 182 | fastcgi_pass unix:/var/run/domain.com.sock; 183 | fastcgi_index index.php; 184 | include fastcgi.conf; 185 | } 186 | 187 | location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { 188 | root /usr/share/; 189 | } 190 | } 191 | 192 | location /phpMyAdmin { 193 | rewrite ^/* /phpmyadmin last; 194 | } 195 | # End PHPMyAdmin block 196 | 197 | } # End of server block. 198 | -------------------------------------------------------------------------------- /nginx/sites-available/example.com.vhost: -------------------------------------------------------------------------------- 1 | # Move the www people to no-www 2 | server { 3 | listen 80; 4 | listen [::]:80; #enable for IPv6 support 5 | server_name www.domain.com; 6 | return 301 $scheme://domain.com$request_uri; 7 | } 8 | 9 | server { 10 | listen 80; 11 | listen [::]:80; 12 | listen 443 ssl; 13 | listen [::]:443 ssl; 14 | server_name domain.com; 15 | 16 | # Certs sent to the client in SERVER HELLO are concatenated in ssl_certificate 17 | ssl_certificate /srv/www/domain.com/ssl/domain.com.crt; 18 | ssl_certificate_key /srv/www/domnain.com/ssl/domain.com.key; 19 | 20 | # Verify chain of trust of OCSP response using Root CA and Intermediate certs 21 | ssl_trusted_certificate /srv/www/domain.com/ssl/unified-ssl.crt; 22 | 23 | root /srv/www/domain.com/htdocs; 24 | index index.php index.html index.htm; 25 | charset UTF-8; 26 | autoindex off; 27 | 28 | # Show "Not Found" 404 errors in place of "Forbidden" 403 errors, because 29 | # forbidden errors allow attackers potential insight into your server's 30 | # layout and contents 31 | error_page 403 =404; 32 | 33 | # It's always good to set logs, note however you cannot turn off the error log 34 | # Setting error_log off; will simply create a file called 'off' 35 | access_log /var/log/nginx/domain.com.access.log; 36 | error_log /var/log/nginx/domain.com.error.log; 37 | 38 | # Vqmod settings 39 | # Add trailing slash to */vqmod/install requests. 40 | rewrite /vqmod/install$ $scheme://$host$uri/ permanent; 41 | 42 | # Run index.php on /vqmod/install calls 43 | location /vqmod/install/ { 44 | index index.php; 45 | } 46 | 47 | # Nginx configuration of vqmod htaccess 48 | location /srv/www/domain.com/htdocs/vqmod/ { 49 | location ~ \.(xml|cache) { 50 | deny all; 51 | } 52 | } 53 | # End Vqmod settings 54 | 55 | # SEO URL Settings 56 | # Nginx configuration of OC htaccess 57 | location = /sitemap.xml { 58 | rewrite ^(.*)$ /index.php?route=feed/google_sitemap break; 59 | } 60 | 61 | location = /googlebase.xml { 62 | rewrite ^(.*)$ /index.php?route=feed/google_base break; 63 | } 64 | 65 | location / { 66 | # This try_files directive is used to enable SEO-friendly URLs for OpenCart 67 | try_files $uri $uri/ @opencart; 68 | } 69 | 70 | location @opencart { 71 | rewrite ^/(.+)$ /index.php?_route_=$1 last; 72 | } 73 | # End SEO settings 74 | 75 | # Make sure files with the following extensions do not get loaded by nginx because nginx would display the source code, and these files can contain PASSWORDS! 76 | location ~* \.(engine|inc|info|ini|install|log|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|\.php_ { 77 | deny all; 78 | } 79 | 80 | # Do not log access to the favicon, to keep the logs cleaner 81 | location = /favicon.ico { 82 | log_not_found off; 83 | access_log off; 84 | } 85 | 86 | location = /apple-touch-icon.png { 87 | log_not_found off; 88 | access_log off; 89 | } 90 | 91 | location = /apple-touch-icon-precomposed.png { 92 | log_not_found off; 93 | access_log off; 94 | } 95 | 96 | # This block will catch static file requests, such as images, css, js 97 | # The ?: prefix is a 'non-capturing' mark, meaning we do not require 98 | # the pattern to be captured into $1 which should help improve performance 99 | location ~* \.(?:3gp|gif|jpg|jpe?g|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|woff2|eot|otf|ttf)$ { 100 | # Some basic cache-control for static files to be sent to the browser 101 | expires max; 102 | add_header Pragma public; 103 | add_header Cache-Control "public, must-revalidate, proxy-revalidate"; 104 | } 105 | 106 | # Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac). 107 | # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) 108 | location ~ /\. { 109 | access_log off; 110 | log_not_found off; 111 | deny all; 112 | } 113 | 114 | location ~ ~$ { 115 | access_log off; 116 | log_not_found off; 117 | deny all; 118 | } 119 | 120 | # Deny access to any files with a .php extension in these directories 121 | # Works in sub-directory installs and also in multisite network 122 | # Keep logging the requests to parse later (or to pass to firewall utilities such as fail2ban) 123 | location ~* /(?:cache|logs|image|download)/.*\.php$ { 124 | deny all; 125 | } 126 | 127 | # Make sure these get through 128 | location = /robots.txt { 129 | allow all; 130 | log_not_found off; 131 | access_log off; 132 | } 133 | 134 | # Fix for Firefox issue with cross site font icons 135 | location ~* \.(eot|otf|ttf|woff)$ { 136 | add_header Access-Control-Allow-Origin *; 137 | } 138 | 139 | # redirect server error pages to the static page /50x.html 140 | error_page 500 502 503 504 /50x.html; 141 | location = /50x.html { 142 | root /usr/share/nginx/www; 143 | } 144 | 145 | # Pass all .php files onto a php-fpm/php-fcgi server. 146 | location ~ [^/]\.php(/|$) { 147 | # Regex to split $uri to $fastcgi_script_name and $fastcgi_path 148 | fastcgi_split_path_info ^(.+\.php)(/.+)$; 149 | 150 | # Check that the PHP script exists before passing it 151 | try_files $fastcgi_script_name =404; 152 | 153 | # Bypass the fact that try_files resets $fastcgi_path_info 154 | # see: http://trac.nginx.org/nginx/ticket/321 155 | set $path_info $fastcgi_path_info; 156 | fastcgi_param PATH_INFO $path_info; 157 | 158 | fastcgi_pass unix:/var/run/domain.com.sock; 159 | fastcgi_index index.php; 160 | # Uncomment if site is HTTPS 161 | #fastcgi_param HTTPS on; 162 | include fastcgi.conf; 163 | } 164 | 165 | # Use this block if PHPMyAdmin is enabled for domain.com 166 | location /phpmyadmin { 167 | root /usr/share/; 168 | index index.php index.html index.htm; 169 | 170 | location ~ ^/phpmyadmin/(.+\.php)$ { 171 | try_files $uri =404; 172 | root /usr/share/; 173 | fastcgi_pass unix:/var/run/domain.com.sock; 174 | fastcgi_index index.php; 175 | include fastcgi.conf; 176 | } 177 | 178 | location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ { 179 | root /usr/share/; 180 | } 181 | } 182 | 183 | location /phpMyAdmin { 184 | rewrite ^/* /phpmyadmin last; 185 | } 186 | # End PHPMyAdmin block 187 | 188 | } # End of server block. 189 | -------------------------------------------------------------------------------- /nginx/snippets/perfect-forward-secrecy.conf: -------------------------------------------------------------------------------- 1 | # Allow multiple connections to use the same key data 2 | ssl_session_timeout 1d; 3 | ssl_session_cache shared:SSL:50m; 4 | 5 | # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits 6 | ssl_dhparam /etc/ssl/certs/dhparam.pem; 7 | 8 | # Intermediate configuration. tweak to your needs 9 | ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 10 | ssl_prefer_server_ciphers on; 11 | ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; 12 | 13 | # HSTS (ngx_http_headers_module is required) (15724800 seconds = 26 months) 14 | add_header Strict-Transport-Security "max-age=15724800; includeSubdomains; preload" always; 15 | 16 | # Shut this off until Nginx provides a way to rotate keys 17 | # https://timtaubert.de/blog/2014/11/the-sad-state-of-server-side-tls-session-resumption-implementations/ 18 | ssl_session_tickets off; 19 | 20 | # OCSP Stapling - fetch OCSP records from URL in ssl_certificate and cache them 21 | ssl_stapling on; 22 | ssl_stapling_verify on; 23 | 24 | # Fast DNS servers for OCSP verify 25 | resolver [2001:4860:4860::8888] [2001:4860:4860::8844] 8.8.8.8 8.8.4.4 valid=600s; 26 | resolver_timeout 10s; 27 | -------------------------------------------------------------------------------- /nginx/uwsgi_params: -------------------------------------------------------------------------------- 1 | uwsgi_param QUERY_STRING $query_string; 2 | uwsgi_param REQUEST_METHOD $request_method; 3 | uwsgi_param CONTENT_TYPE $content_type; 4 | uwsgi_param CONTENT_LENGTH $content_length; 5 | 6 | uwsgi_param REQUEST_URI $request_uri; 7 | uwsgi_param PATH_INFO $document_uri; 8 | uwsgi_param DOCUMENT_ROOT $document_root; 9 | uwsgi_param SERVER_PROTOCOL $server_protocol; 10 | 11 | uwsgi_param REMOTE_ADDR $remote_addr; 12 | uwsgi_param REMOTE_PORT $remote_port; 13 | uwsgi_param SERVER_PORT $server_port; 14 | uwsgi_param SERVER_NAME $server_name; 15 | -------------------------------------------------------------------------------- /nginx/win-utf: -------------------------------------------------------------------------------- 1 | # This map is not a full windows-1251 <> utf8 map: it does not 2 | # contain Serbian and Macedonian letters. If you need a full map, 3 | # use contrib/unicode2nginx/win-utf map instead. 4 | 5 | charset_map windows-1251 utf-8 { 6 | 7 | 82 E2809A; # single low-9 quotation mark 8 | 9 | 84 E2809E; # double low-9 quotation mark 10 | 85 E280A6; # ellipsis 11 | 86 E280A0; # dagger 12 | 87 E280A1; # double dagger 13 | 88 E282AC; # euro 14 | 89 E280B0; # per mille 15 | 16 | 91 E28098; # left single quotation mark 17 | 92 E28099; # right single quotation mark 18 | 93 E2809C; # left double quotation mark 19 | 94 E2809D; # right double quotation mark 20 | 95 E280A2; # bullet 21 | 96 E28093; # en dash 22 | 97 E28094; # em dash 23 | 24 | 99 E284A2; # trade mark sign 25 | 26 | A0 C2A0; #   27 | A1 D18E; # capital Byelorussian short U 28 | A2 D19E; # small Byelorussian short u 29 | 30 | A4 C2A4; # currency sign 31 | A5 D290; # capital Ukrainian soft G 32 | A6 C2A6; # borken bar 33 | A7 C2A7; # section sign 34 | A8 D081; # capital YO 35 | A9 C2A9; # (C) 36 | AA D084; # capital Ukrainian YE 37 | AB C2AB; # left-pointing double angle quotation mark 38 | AC C2AC; # not sign 39 | AD C2AD; # soft hypen 40 | AE C2AE; # (R) 41 | AF D087; # capital Ukrainian YI 42 | 43 | B0 C2B0; # ° 44 | B1 C2B1; # plus-minus sign 45 | B2 D086; # capital Ukrainian I 46 | B3 D196; # small Ukrainian i 47 | B4 D291; # small Ukrainian soft g 48 | B5 C2B5; # micro sign 49 | B6 C2B6; # pilcrow sign 50 | B7 C2B7; # · 51 | B8 D191; # small yo 52 | B9 E28496; # numero sign 53 | BA D194; # small Ukrainian ye 54 | BB C2BB; # right-pointing double angle quotation mark 55 | 56 | BF D197; # small Ukrainian yi 57 | 58 | C0 D090; # capital A 59 | C1 D091; # capital B 60 | C2 D092; # capital V 61 | C3 D093; # capital G 62 | C4 D094; # capital D 63 | C5 D095; # capital YE 64 | C6 D096; # capital ZH 65 | C7 D097; # capital Z 66 | C8 D098; # capital I 67 | C9 D099; # capital J 68 | CA D09A; # capital K 69 | CB D09B; # capital L 70 | CC D09C; # capital M 71 | CD D09D; # capital N 72 | CE D09E; # capital O 73 | CF D09F; # capital P 74 | 75 | D0 D0A0; # capital R 76 | D1 D0A1; # capital S 77 | D2 D0A2; # capital T 78 | D3 D0A3; # capital U 79 | D4 D0A4; # capital F 80 | D5 D0A5; # capital KH 81 | D6 D0A6; # capital TS 82 | D7 D0A7; # capital CH 83 | D8 D0A8; # capital SH 84 | D9 D0A9; # capital SHCH 85 | DA D0AA; # capital hard sign 86 | DB D0AB; # capital Y 87 | DC D0AC; # capital soft sign 88 | DD D0AD; # capital E 89 | DE D0AE; # capital YU 90 | DF D0AF; # capital YA 91 | 92 | E0 D0B0; # small a 93 | E1 D0B1; # small b 94 | E2 D0B2; # small v 95 | E3 D0B3; # small g 96 | E4 D0B4; # small d 97 | E5 D0B5; # small ye 98 | E6 D0B6; # small zh 99 | E7 D0B7; # small z 100 | E8 D0B8; # small i 101 | E9 D0B9; # small j 102 | EA D0BA; # small k 103 | EB D0BB; # small l 104 | EC D0BC; # small m 105 | ED D0BD; # small n 106 | EE D0BE; # small o 107 | EF D0BF; # small p 108 | 109 | F0 D180; # small r 110 | F1 D181; # small s 111 | F2 D182; # small t 112 | F3 D183; # small u 113 | F4 D184; # small f 114 | F5 D185; # small kh 115 | F6 D186; # small ts 116 | F7 D187; # small ch 117 | F8 D188; # small sh 118 | F9 D189; # small shch 119 | FA D18A; # small hard sign 120 | FB D18B; # small y 121 | FC D18C; # small soft sign 122 | FD D18D; # small e 123 | FE D18E; # small yu 124 | FF D18F; # small ya 125 | } 126 | -------------------------------------------------------------------------------- /php5/cli/php.ini: -------------------------------------------------------------------------------- 1 | [PHP] 2 | 3 | ;;;;;;;;;;;;;;;;;;; 4 | ; About php.ini ; 5 | ;;;;;;;;;;;;;;;;;;; 6 | ; PHP's initialization file, generally called php.ini, is responsible for 7 | ; configuring many of the aspects of PHP's behavior. 8 | 9 | ; PHP attempts to find and load this configuration from a number of locations. 10 | ; The following is a summary of its search order: 11 | ; 1. SAPI module specific location. 12 | ; 2. The PHPRC environment variable. (As of PHP 5.2.0) 13 | ; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) 14 | ; 4. Current working directory (except CLI) 15 | ; 5. The web server's directory (for SAPI modules), or directory of PHP 16 | ; (otherwise in Windows) 17 | ; 6. The directory from the --with-config-file-path compile time option, or the 18 | ; Windows directory (C:\windows or C:\winnt) 19 | ; See the PHP docs for more specific information. 20 | ; http://php.net/configuration.file 21 | 22 | ; The syntax of the file is extremely simple. Whitespace and Lines 23 | ; beginning with a semicolon are silently ignored (as you probably guessed). 24 | ; Section headers (e.g. [Foo]) are also silently ignored, even though 25 | ; they might mean something in the future. 26 | 27 | ; Directives following the section heading [PATH=/www/mysite] only 28 | ; apply to PHP files in the /www/mysite directory. Directives 29 | ; following the section heading [HOST=www.example.com] only apply to 30 | ; PHP files served from www.example.com. Directives set in these 31 | ; special sections cannot be overridden by user-defined INI files or 32 | ; at runtime. Currently, [PATH=] and [HOST=] sections only work under 33 | ; CGI/FastCGI. 34 | ; http://php.net/ini.sections 35 | 36 | ; Directives are specified using the following syntax: 37 | ; directive = value 38 | ; Directive names are *case sensitive* - foo=bar is different from FOO=bar. 39 | ; Directives are variables used to configure PHP or PHP extensions. 40 | ; There is no name validation. If PHP can't find an expected 41 | ; directive because it is not set or is mistyped, a default value will be used. 42 | 43 | ; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one 44 | ; of the INI constants (On, Off, True, False, Yes, No and None) or an expression 45 | ; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a 46 | ; previously set variable or directive (e.g. ${foo}) 47 | 48 | ; Expressions in the INI file are limited to bitwise operators and parentheses: 49 | ; | bitwise OR 50 | ; ^ bitwise XOR 51 | ; & bitwise AND 52 | ; ~ bitwise NOT 53 | ; ! boolean NOT 54 | 55 | ; Boolean flags can be turned on using the values 1, On, True or Yes. 56 | ; They can be turned off using the values 0, Off, False or No. 57 | 58 | ; An empty string can be denoted by simply not writing anything after the equal 59 | ; sign, or by using the None keyword: 60 | 61 | ; foo = ; sets foo to an empty string 62 | ; foo = None ; sets foo to an empty string 63 | ; foo = "None" ; sets foo to the string 'None' 64 | 65 | ; If you use constants in your value, and these constants belong to a 66 | ; dynamically loaded extension (either a PHP extension or a Zend extension), 67 | ; you may only use these constants *after* the line that loads the extension. 68 | 69 | ;;;;;;;;;;;;;;;;;;; 70 | ; About this file ; 71 | ;;;;;;;;;;;;;;;;;;; 72 | ; PHP comes packaged with two INI files. One that is recommended to be used 73 | ; in production environments and one that is recommended to be used in 74 | ; development environments. 75 | 76 | ; php.ini-production contains settings which hold security, performance and 77 | ; best practices at its core. But please be aware, these settings may break 78 | ; compatibility with older or less security conscience applications. We 79 | ; recommending using the production ini in production and testing environments. 80 | 81 | ; php.ini-development is very similar to its production variant, except it's 82 | ; much more verbose when it comes to errors. We recommending using the 83 | ; development version only in development environments as errors shown to 84 | ; application users can inadvertently leak otherwise secure information. 85 | 86 | ;;;;;;;;;;;;;;;;;;; 87 | ; Quick Reference ; 88 | ;;;;;;;;;;;;;;;;;;; 89 | ; The following are all the settings which are different in either the production 90 | ; or development versions of the INIs with respect to PHP's default behavior. 91 | ; Please see the actual settings later in the document for more details as to why 92 | ; we recommend these changes in PHP's behavior. 93 | 94 | ; allow_call_time_pass_reference 95 | ; Default Value: On 96 | ; Development Value: Off 97 | ; Production Value: Off 98 | 99 | ; display_errors 100 | ; Default Value: On 101 | ; Development Value: On 102 | ; Production Value: Off 103 | 104 | ; display_startup_errors 105 | ; Default Value: Off 106 | ; Development Value: On 107 | ; Production Value: Off 108 | 109 | ; error_reporting 110 | ; Default Value: E_ALL & ~E_NOTICE 111 | ; Development Value: E_ALL | E_STRICT 112 | ; Production Value: E_ALL & ~E_DEPRECATED 113 | 114 | ; html_errors 115 | ; Default Value: On 116 | ; Development Value: On 117 | ; Production value: Off 118 | 119 | ; log_errors 120 | ; Default Value: Off 121 | ; Development Value: On 122 | ; Production Value: On 123 | 124 | ; magic_quotes_gpc 125 | ; Default Value: On 126 | ; Development Value: Off 127 | ; Production Value: Off 128 | 129 | ; max_input_time 130 | ; Default Value: -1 (Unlimited) 131 | ; Development Value: 60 (60 seconds) 132 | ; Production Value: 60 (60 seconds) 133 | 134 | ; output_buffering 135 | ; Default Value: Off 136 | ; Development Value: 4096 137 | ; Production Value: 4096 138 | 139 | ; register_argc_argv 140 | ; Default Value: On 141 | ; Development Value: Off 142 | ; Production Value: Off 143 | 144 | ; register_long_arrays 145 | ; Default Value: On 146 | ; Development Value: Off 147 | ; Production Value: Off 148 | 149 | ; request_order 150 | ; Default Value: None 151 | ; Development Value: "GP" 152 | ; Production Value: "GP" 153 | 154 | ; session.bug_compat_42 155 | ; Default Value: On 156 | ; Development Value: On 157 | ; Production Value: Off 158 | 159 | ; session.bug_compat_warn 160 | ; Default Value: On 161 | ; Development Value: On 162 | ; Production Value: Off 163 | 164 | ; session.gc_divisor 165 | ; Default Value: 100 166 | ; Development Value: 1000 167 | ; Production Value: 1000 168 | 169 | ; session.hash_bits_per_character 170 | ; Default Value: 4 171 | ; Development Value: 5 172 | ; Production Value: 5 173 | 174 | ; short_open_tag 175 | ; Default Value: On 176 | ; Development Value: Off 177 | ; Production Value: Off 178 | 179 | ; track_errors 180 | ; Default Value: Off 181 | ; Development Value: On 182 | ; Production Value: Off 183 | 184 | ; url_rewriter.tags 185 | ; Default Value: "a=href,area=href,frame=src,form=,fieldset=" 186 | ; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" 187 | ; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" 188 | 189 | ; variables_order 190 | ; Default Value: "EGPCS" 191 | ; Development Value: "GPCS" 192 | ; Production Value: "GPCS" 193 | 194 | ;;;;;;;;;;;;;;;;;;;; 195 | ; php.ini Options ; 196 | ;;;;;;;;;;;;;;;;;;;; 197 | ; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" 198 | ;user_ini.filename = ".user.ini" 199 | 200 | ; To disable this feature set this option to empty value 201 | ;user_ini.filename = 202 | 203 | ; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) 204 | ;user_ini.cache_ttl = 300 205 | 206 | ;;;;;;;;;;;;;;;;;;;; 207 | ; Language Options ; 208 | ;;;;;;;;;;;;;;;;;;;; 209 | 210 | ; Enable the PHP scripting language engine under Apache. 211 | ; http://php.net/engine 212 | engine = On 213 | 214 | ; This directive determines whether or not PHP will recognize code between 215 | ; tags as PHP source which should be processed as such. It's been 216 | ; recommended for several years that you not use the short tag "short cut" and 217 | ; instead to use the full tag combination. With the wide spread use 218 | ; of XML and use of these tags by other languages, the server can become easily 219 | ; confused and end up parsing the wrong code in the wrong context. But because 220 | ; this short cut has been a feature for such a long time, it's currently still 221 | ; supported for backwards compatibility, but we recommend you don't use them. 222 | ; Default Value: On 223 | ; Development Value: Off 224 | ; Production Value: Off 225 | ; http://php.net/short-open-tag 226 | short_open_tag = On 227 | 228 | ; Allow ASP-style <% %> tags. 229 | ; http://php.net/asp-tags 230 | asp_tags = Off 231 | 232 | ; The number of significant digits displayed in floating point numbers. 233 | ; http://php.net/precision 234 | precision = 14 235 | 236 | ; Enforce year 2000 compliance (will cause problems with non-compliant browsers) 237 | ; http://php.net/y2k-compliance 238 | y2k_compliance = On 239 | 240 | ; Output buffering is a mechanism for controlling how much output data 241 | ; (excluding headers and cookies) PHP should keep internally before pushing that 242 | ; data to the client. If your application's output exceeds this setting, PHP 243 | ; will send that data in chunks of roughly the size you specify. 244 | ; Turning on this setting and managing its maximum buffer size can yield some 245 | ; interesting side-effects depending on your application and web server. 246 | ; You may be able to send headers and cookies after you've already sent output 247 | ; through print or echo. You also may see performance benefits if your server is 248 | ; emitting less packets due to buffered output versus PHP streaming the output 249 | ; as it gets it. On production servers, 4096 bytes is a good setting for performance 250 | ; reasons. 251 | ; Note: Output buffering can also be controlled via Output Buffering Control 252 | ; functions. 253 | ; Possible Values: 254 | ; On = Enabled and buffer is unlimited. (Use with caution) 255 | ; Off = Disabled 256 | ; Integer = Enables the buffer and sets its maximum size in bytes. 257 | ; Note: This directive is hardcoded to Off for the CLI SAPI 258 | ; Default Value: Off 259 | ; Development Value: 4096 260 | ; Production Value: 4096 261 | ; http://php.net/output-buffering 262 | output_buffering = 4096 263 | 264 | ; You can redirect all of the output of your scripts to a function. For 265 | ; example, if you set output_handler to "mb_output_handler", character 266 | ; encoding will be transparently converted to the specified encoding. 267 | ; Setting any output handler automatically turns on output buffering. 268 | ; Note: People who wrote portable scripts should not depend on this ini 269 | ; directive. Instead, explicitly set the output handler using ob_start(). 270 | ; Using this ini directive may cause problems unless you know what script 271 | ; is doing. 272 | ; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler" 273 | ; and you cannot use both "ob_gzhandler" and "zlib.output_compression". 274 | ; Note: output_handler must be empty if this is set 'On' !!!! 275 | ; Instead you must use zlib.output_handler. 276 | ; http://php.net/output-handler 277 | ;output_handler = 278 | 279 | ; Transparent output compression using the zlib library 280 | ; Valid values for this option are 'off', 'on', or a specific buffer size 281 | ; to be used for compression (default is 4KB) 282 | ; Note: Resulting chunk size may vary due to nature of compression. PHP 283 | ; outputs chunks that are few hundreds bytes each as a result of 284 | ; compression. If you prefer a larger chunk size for better 285 | ; performance, enable output_buffering in addition. 286 | ; Note: You need to use zlib.output_handler instead of the standard 287 | ; output_handler, or otherwise the output will be corrupted. 288 | ; http://php.net/zlib.output-compression 289 | zlib.output_compression = Off 290 | 291 | ; http://php.net/zlib.output-compression-level 292 | ;zlib.output_compression_level = -1 293 | 294 | ; You cannot specify additional output handlers if zlib.output_compression 295 | ; is activated here. This setting does the same as output_handler but in 296 | ; a different order. 297 | ; http://php.net/zlib.output-handler 298 | ;zlib.output_handler = 299 | 300 | ; Implicit flush tells PHP to tell the output layer to flush itself 301 | ; automatically after every output block. This is equivalent to calling the 302 | ; PHP function flush() after each and every call to print() or echo() and each 303 | ; and every HTML block. Turning this option on has serious performance 304 | ; implications and is generally recommended for debugging purposes only. 305 | ; http://php.net/implicit-flush 306 | ; Note: This directive is hardcoded to On for the CLI SAPI 307 | implicit_flush = Off 308 | 309 | ; The unserialize callback function will be called (with the undefined class' 310 | ; name as parameter), if the unserializer finds an undefined class 311 | ; which should be instantiated. A warning appears if the specified function is 312 | ; not defined, or if the function doesn't include/implement the missing class. 313 | ; So only set this entry, if you really want to implement such a 314 | ; callback-function. 315 | unserialize_callback_func = 316 | 317 | ; When floats & doubles are serialized store serialize_precision significant 318 | ; digits after the floating point. The default value ensures that when floats 319 | ; are decoded with unserialize, the data will remain the same. 320 | serialize_precision = 17 321 | 322 | ; This directive allows you to enable and disable warnings which PHP will issue 323 | ; if you pass a value by reference at function call time. Passing values by 324 | ; reference at function call time is a deprecated feature which will be removed 325 | ; from PHP at some point in the near future. The acceptable method for passing a 326 | ; value by reference to a function is by declaring the reference in the functions 327 | ; definition, not at call time. This directive does not disable this feature, it 328 | ; only determines whether PHP will warn you about it or not. These warnings 329 | ; should enabled in development environments only. 330 | ; Default Value: On (Suppress warnings) 331 | ; Development Value: Off (Issue warnings) 332 | ; Production Value: Off (Issue warnings) 333 | ; http://php.net/allow-call-time-pass-reference 334 | allow_call_time_pass_reference = Off 335 | 336 | ; Safe Mode 337 | ; http://php.net/safe-mode 338 | safe_mode = Off 339 | 340 | ; By default, Safe Mode does a UID compare check when 341 | ; opening files. If you want to relax this to a GID compare, 342 | ; then turn on safe_mode_gid. 343 | ; http://php.net/safe-mode-gid 344 | safe_mode_gid = Off 345 | 346 | ; When safe_mode is on, UID/GID checks are bypassed when 347 | ; including files from this directory and its subdirectories. 348 | ; (directory must also be in include_path or full path must 349 | ; be used when including) 350 | ; http://php.net/safe-mode-include-dir 351 | safe_mode_include_dir = 352 | 353 | ; When safe_mode is on, only executables located in the safe_mode_exec_dir 354 | ; will be allowed to be executed via the exec family of functions. 355 | ; http://php.net/safe-mode-exec-dir 356 | safe_mode_exec_dir = 357 | 358 | ; Setting certain environment variables may be a potential security breach. 359 | ; This directive contains a comma-delimited list of prefixes. In Safe Mode, 360 | ; the user may only alter environment variables whose names begin with the 361 | ; prefixes supplied here. By default, users will only be able to set 362 | ; environment variables that begin with PHP_ (e.g. PHP_FOO=BAR). 363 | ; Note: If this directive is empty, PHP will let the user modify ANY 364 | ; environment variable! 365 | ; http://php.net/safe-mode-allowed-env-vars 366 | safe_mode_allowed_env_vars = PHP_ 367 | 368 | ; This directive contains a comma-delimited list of environment variables that 369 | ; the end user won't be able to change using putenv(). These variables will be 370 | ; protected even if safe_mode_allowed_env_vars is set to allow to change them. 371 | ; http://php.net/safe-mode-protected-env-vars 372 | safe_mode_protected_env_vars = LD_LIBRARY_PATH 373 | 374 | ; open_basedir, if set, limits all file operations to the defined directory 375 | ; and below. This directive makes most sense if used in a per-directory 376 | ; or per-virtualhost web server configuration file. This directive is 377 | ; *NOT* affected by whether Safe Mode is turned On or Off. 378 | ; http://php.net/open-basedir 379 | ;open_basedir = 380 | 381 | ; This directive allows you to disable certain functions for security reasons. 382 | ; It receives a comma-delimited list of function names. This directive is 383 | ; *NOT* affected by whether Safe Mode is turned On or Off. 384 | ; http://php.net/disable-functions 385 | disable_functions = 386 | 387 | ; This directive allows you to disable certain classes for security reasons. 388 | ; It receives a comma-delimited list of class names. This directive is 389 | ; *NOT* affected by whether Safe Mode is turned On or Off. 390 | ; http://php.net/disable-classes 391 | disable_classes = 392 | 393 | ; Colors for Syntax Highlighting mode. Anything that's acceptable in 394 | ; would work. 395 | ; http://php.net/syntax-highlighting 396 | ;highlight.string = #DD0000 397 | ;highlight.comment = #FF9900 398 | ;highlight.keyword = #007700 399 | ;highlight.bg = #FFFFFF 400 | ;highlight.default = #0000BB 401 | ;highlight.html = #000000 402 | 403 | ; If enabled, the request will be allowed to complete even if the user aborts 404 | ; the request. Consider enabling it if executing long requests, which may end up 405 | ; being interrupted by the user or a browser timing out. PHP's default behavior 406 | ; is to disable this feature. 407 | ; http://php.net/ignore-user-abort 408 | ;ignore_user_abort = On 409 | 410 | ; Determines the size of the realpath cache to be used by PHP. This value should 411 | ; be increased on systems where PHP opens many files to reflect the quantity of 412 | ; the file operations performed. 413 | ; http://php.net/realpath-cache-size 414 | ;realpath_cache_size = 16k 415 | 416 | ; Duration of time, in seconds for which to cache realpath information for a given 417 | ; file or directory. For systems with rarely changing files, consider increasing this 418 | ; value. 419 | ; http://php.net/realpath-cache-ttl 420 | ;realpath_cache_ttl = 120 421 | 422 | ; Enables or disables the circular reference collector. 423 | ; http://php.net/zend.enable-gc 424 | zend.enable_gc = On 425 | 426 | ;;;;;;;;;;;;;;;;; 427 | ; Miscellaneous ; 428 | ;;;;;;;;;;;;;;;;; 429 | 430 | ; Decides whether PHP may expose the fact that it is installed on the server 431 | ; (e.g. by adding its signature to the Web server header). It is no security 432 | ; threat in any way, but it makes it possible to determine whether you use PHP 433 | ; on your server or not. 434 | ; http://php.net/expose-php 435 | expose_php = On 436 | 437 | ;;;;;;;;;;;;;;;;;;; 438 | ; Resource Limits ; 439 | ;;;;;;;;;;;;;;;;;;; 440 | 441 | ; Maximum execution time of each script, in seconds 442 | ; http://php.net/max-execution-time 443 | ; Note: This directive is hardcoded to 0 for the CLI SAPI 444 | max_execution_time = 30 445 | 446 | ; Maximum amount of time each script may spend parsing request data. It's a good 447 | ; idea to limit this time on productions servers in order to eliminate unexpectedly 448 | ; long running scripts. 449 | ; Note: This directive is hardcoded to -1 for the CLI SAPI 450 | ; Default Value: -1 (Unlimited) 451 | ; Development Value: 60 (60 seconds) 452 | ; Production Value: 60 (60 seconds) 453 | ; http://php.net/max-input-time 454 | max_input_time = 60 455 | 456 | ; Maximum input variable nesting level 457 | ; http://php.net/max-input-nesting-level 458 | ;max_input_nesting_level = 64 459 | 460 | ; How many GET/POST/COOKIE input variables may be accepted 461 | ; max_input_vars = 1000 462 | 463 | ; Maximum amount of memory a script may consume (128MB) 464 | ; http://php.net/memory-limit 465 | memory_limit = -1 466 | 467 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 468 | ; Error handling and logging ; 469 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 470 | 471 | ; This directive informs PHP of which errors, warnings and notices you would like 472 | ; it to take action for. The recommended way of setting values for this 473 | ; directive is through the use of the error level constants and bitwise 474 | ; operators. The error level constants are below here for convenience as well as 475 | ; some common settings and their meanings. 476 | ; By default, PHP is set to take action on all errors, notices and warnings EXCEPT 477 | ; those related to E_NOTICE and E_STRICT, which together cover best practices and 478 | ; recommended coding standards in PHP. For performance reasons, this is the 479 | ; recommend error reporting setting. Your production server shouldn't be wasting 480 | ; resources complaining about best practices and coding standards. That's what 481 | ; development servers and development settings are for. 482 | ; Note: The php.ini-development file has this setting as E_ALL | E_STRICT. This 483 | ; means it pretty much reports everything which is exactly what you want during 484 | ; development and early testing. 485 | ; 486 | ; Error Level Constants: 487 | ; E_ALL - All errors and warnings (includes E_STRICT as of PHP 6.0.0) 488 | ; E_ERROR - fatal run-time errors 489 | ; E_RECOVERABLE_ERROR - almost fatal run-time errors 490 | ; E_WARNING - run-time warnings (non-fatal errors) 491 | ; E_PARSE - compile-time parse errors 492 | ; E_NOTICE - run-time notices (these are warnings which often result 493 | ; from a bug in your code, but it's possible that it was 494 | ; intentional (e.g., using an uninitialized variable and 495 | ; relying on the fact it's automatically initialized to an 496 | ; empty string) 497 | ; E_STRICT - run-time notices, enable to have PHP suggest changes 498 | ; to your code which will ensure the best interoperability 499 | ; and forward compatibility of your code 500 | ; E_CORE_ERROR - fatal errors that occur during PHP's initial startup 501 | ; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's 502 | ; initial startup 503 | ; E_COMPILE_ERROR - fatal compile-time errors 504 | ; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) 505 | ; E_USER_ERROR - user-generated error message 506 | ; E_USER_WARNING - user-generated warning message 507 | ; E_USER_NOTICE - user-generated notice message 508 | ; E_DEPRECATED - warn about code that will not work in future versions 509 | ; of PHP 510 | ; E_USER_DEPRECATED - user-generated deprecation warnings 511 | ; 512 | ; Common Values: 513 | ; E_ALL & ~E_NOTICE (Show all errors, except for notices and coding standards warnings.) 514 | ; E_ALL & ~E_NOTICE | E_STRICT (Show all errors, except for notices) 515 | ; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) 516 | ; E_ALL | E_STRICT (Show all errors, warnings and notices including coding standards.) 517 | ; Default Value: E_ALL & ~E_NOTICE 518 | ; Development Value: E_ALL | E_STRICT 519 | ; Production Value: E_ALL & ~E_DEPRECATED 520 | ; http://php.net/error-reporting 521 | error_reporting = E_ALL & ~E_DEPRECATED 522 | 523 | ; This directive controls whether or not and where PHP will output errors, 524 | ; notices and warnings too. Error output is very useful during development, but 525 | ; it could be very dangerous in production environments. Depending on the code 526 | ; which is triggering the error, sensitive information could potentially leak 527 | ; out of your application such as database usernames and passwords or worse. 528 | ; It's recommended that errors be logged on production servers rather than 529 | ; having the errors sent to STDOUT. 530 | ; Possible Values: 531 | ; Off = Do not display any errors 532 | ; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) 533 | ; On or stdout = Display errors to STDOUT 534 | ; Default Value: On 535 | ; Development Value: On 536 | ; Production Value: Off 537 | ; http://php.net/display-errors 538 | display_errors = Off 539 | 540 | ; The display of errors which occur during PHP's startup sequence are handled 541 | ; separately from display_errors. PHP's default behavior is to suppress those 542 | ; errors from clients. Turning the display of startup errors on can be useful in 543 | ; debugging configuration problems. But, it's strongly recommended that you 544 | ; leave this setting off on production servers. 545 | ; Default Value: Off 546 | ; Development Value: On 547 | ; Production Value: Off 548 | ; http://php.net/display-startup-errors 549 | display_startup_errors = Off 550 | 551 | ; Besides displaying errors, PHP can also log errors to locations such as a 552 | ; server-specific log, STDERR, or a location specified by the error_log 553 | ; directive found below. While errors should not be displayed on productions 554 | ; servers they should still be monitored and logging is a great way to do that. 555 | ; Default Value: Off 556 | ; Development Value: On 557 | ; Production Value: On 558 | ; http://php.net/log-errors 559 | log_errors = On 560 | 561 | ; Set maximum length of log_errors. In error_log information about the source is 562 | ; added. The default is 1024 and 0 allows to not apply any maximum length at all. 563 | ; http://php.net/log-errors-max-len 564 | log_errors_max_len = 1024 565 | 566 | ; Do not log repeated messages. Repeated errors must occur in same file on same 567 | ; line unless ignore_repeated_source is set true. 568 | ; http://php.net/ignore-repeated-errors 569 | ignore_repeated_errors = Off 570 | 571 | ; Ignore source of message when ignoring repeated messages. When this setting 572 | ; is On you will not log errors with repeated messages from different files or 573 | ; source lines. 574 | ; http://php.net/ignore-repeated-source 575 | ignore_repeated_source = Off 576 | 577 | ; If this parameter is set to Off, then memory leaks will not be shown (on 578 | ; stdout or in the log). This has only effect in a debug compile, and if 579 | ; error reporting includes E_WARNING in the allowed list 580 | ; http://php.net/report-memleaks 581 | report_memleaks = On 582 | 583 | ; This setting is on by default. 584 | ;report_zend_debug = 0 585 | 586 | ; Store the last error/warning message in $php_errormsg (boolean). Setting this value 587 | ; to On can assist in debugging and is appropriate for development servers. It should 588 | ; however be disabled on production servers. 589 | ; Default Value: Off 590 | ; Development Value: On 591 | ; Production Value: Off 592 | ; http://php.net/track-errors 593 | track_errors = Off 594 | 595 | ; Turn off normal error reporting and emit XML-RPC error XML 596 | ; http://php.net/xmlrpc-errors 597 | ;xmlrpc_errors = 0 598 | 599 | ; An XML-RPC faultCode 600 | ;xmlrpc_error_number = 0 601 | 602 | ; When PHP displays or logs an error, it has the capability of inserting html 603 | ; links to documentation related to that error. This directive controls whether 604 | ; those HTML links appear in error messages or not. For performance and security 605 | ; reasons, it's recommended you disable this on production servers. 606 | ; Note: This directive is hardcoded to Off for the CLI SAPI 607 | ; Default Value: On 608 | ; Development Value: On 609 | ; Production value: Off 610 | ; http://php.net/html-errors 611 | html_errors = Off 612 | 613 | ; If html_errors is set On PHP produces clickable error messages that direct 614 | ; to a page describing the error or function causing the error in detail. 615 | ; You can download a copy of the PHP manual from http://php.net/docs 616 | ; and change docref_root to the base URL of your local copy including the 617 | ; leading '/'. You must also specify the file extension being used including 618 | ; the dot. PHP's default behavior is to leave these settings empty. 619 | ; Note: Never use this feature for production boxes. 620 | ; http://php.net/docref-root 621 | ; Examples 622 | ;docref_root = "/phpmanual/" 623 | 624 | ; http://php.net/docref-ext 625 | ;docref_ext = .html 626 | 627 | ; String to output before an error message. PHP's default behavior is to leave 628 | ; this setting blank. 629 | ; http://php.net/error-prepend-string 630 | ; Example: 631 | ;error_prepend_string = "" 632 | 633 | ; String to output after an error message. PHP's default behavior is to leave 634 | ; this setting blank. 635 | ; http://php.net/error-append-string 636 | ; Example: 637 | ;error_append_string = "" 638 | 639 | ; Log errors to specified file. PHP's default behavior is to leave this value 640 | ; empty. 641 | ; http://php.net/error-log 642 | ; Example: 643 | ;error_log = php_errors.log 644 | ; Log errors to syslog (Event Log on NT, not valid in Windows 95). 645 | ;error_log = syslog 646 | 647 | ;windows.show_crt_warning 648 | ; Default value: 0 649 | ; Development value: 0 650 | ; Production value: 0 651 | 652 | ;;;;;;;;;;;;;;;;; 653 | ; Data Handling ; 654 | ;;;;;;;;;;;;;;;;; 655 | 656 | ; The separator used in PHP generated URLs to separate arguments. 657 | ; PHP's default setting is "&". 658 | ; http://php.net/arg-separator.output 659 | ; Example: 660 | ;arg_separator.output = "&" 661 | 662 | ; List of separator(s) used by PHP to parse input URLs into variables. 663 | ; PHP's default setting is "&". 664 | ; NOTE: Every character in this directive is considered as separator! 665 | ; http://php.net/arg-separator.input 666 | ; Example: 667 | ;arg_separator.input = ";&" 668 | 669 | ; This directive determines which super global arrays are registered when PHP 670 | ; starts up. If the register_globals directive is enabled, it also determines 671 | ; what order variables are populated into the global space. G,P,C,E & S are 672 | ; abbreviations for the following respective super globals: GET, POST, COOKIE, 673 | ; ENV and SERVER. There is a performance penalty paid for the registration of 674 | ; these arrays and because ENV is not as commonly used as the others, ENV is 675 | ; is not recommended on productions servers. You can still get access to 676 | ; the environment variables through getenv() should you need to. 677 | ; Default Value: "EGPCS" 678 | ; Development Value: "GPCS" 679 | ; Production Value: "GPCS"; 680 | ; http://php.net/variables-order 681 | variables_order = "GPCS" 682 | 683 | ; This directive determines which super global data (G,P,C,E & S) should 684 | ; be registered into the super global array REQUEST. If so, it also determines 685 | ; the order in which that data is registered. The values for this directive are 686 | ; specified in the same manner as the variables_order directive, EXCEPT one. 687 | ; Leaving this value empty will cause PHP to use the value set in the 688 | ; variables_order directive. It does not mean it will leave the super globals 689 | ; array REQUEST empty. 690 | ; Default Value: None 691 | ; Development Value: "GP" 692 | ; Production Value: "GP" 693 | ; http://php.net/request-order 694 | request_order = "GP" 695 | 696 | ; Whether or not to register the EGPCS variables as global variables. You may 697 | ; want to turn this off if you don't want to clutter your scripts' global scope 698 | ; with user data. 699 | ; You should do your best to write your scripts so that they do not require 700 | ; register_globals to be on; Using form variables as globals can easily lead 701 | ; to possible security problems, if the code is not very well thought of. 702 | ; http://php.net/register-globals 703 | register_globals = Off 704 | 705 | ; Determines whether the deprecated long $HTTP_*_VARS type predefined variables 706 | ; are registered by PHP or not. As they are deprecated, we obviously don't 707 | ; recommend you use them. They are on by default for compatibility reasons but 708 | ; they are not recommended on production servers. 709 | ; Default Value: On 710 | ; Development Value: Off 711 | ; Production Value: Off 712 | ; http://php.net/register-long-arrays 713 | register_long_arrays = Off 714 | 715 | ; This directive determines whether PHP registers $argv & $argc each time it 716 | ; runs. $argv contains an array of all the arguments passed to PHP when a script 717 | ; is invoked. $argc contains an integer representing the number of arguments 718 | ; that were passed when the script was invoked. These arrays are extremely 719 | ; useful when running scripts from the command line. When this directive is 720 | ; enabled, registering these variables consumes CPU cycles and memory each time 721 | ; a script is executed. For performance reasons, this feature should be disabled 722 | ; on production servers. 723 | ; Note: This directive is hardcoded to On for the CLI SAPI 724 | ; Default Value: On 725 | ; Development Value: Off 726 | ; Production Value: Off 727 | ; http://php.net/register-argc-argv 728 | register_argc_argv = Off 729 | 730 | ; When enabled, the SERVER and ENV variables are created when they're first 731 | ; used (Just In Time) instead of when the script starts. If these variables 732 | ; are not used within a script, having this directive on will result in a 733 | ; performance gain. The PHP directives register_globals, register_long_arrays, 734 | ; and register_argc_argv must be disabled for this directive to have any affect. 735 | ; http://php.net/auto-globals-jit 736 | auto_globals_jit = On 737 | 738 | ; Maximum size of POST data that PHP will accept. 739 | ; http://php.net/post-max-size 740 | post_max_size = 8M 741 | 742 | ; Magic quotes are a preprocessing feature of PHP where PHP will attempt to 743 | ; escape any character sequences in GET, POST, COOKIE and ENV data which might 744 | ; otherwise corrupt data being placed in resources such as databases before 745 | ; making that data available to you. Because of character encoding issues and 746 | ; non-standard SQL implementations across many databases, it's not currently 747 | ; possible for this feature to be 100% accurate. PHP's default behavior is to 748 | ; enable the feature. We strongly recommend you use the escaping mechanisms 749 | ; designed specifically for the database your using instead of relying on this 750 | ; feature. Also note, this feature has been deprecated as of PHP 5.3.0 and is 751 | ; scheduled for removal in PHP 6. 752 | ; Default Value: On 753 | ; Development Value: Off 754 | ; Production Value: Off 755 | ; http://php.net/magic-quotes-gpc 756 | magic_quotes_gpc = Off 757 | 758 | ; Magic quotes for runtime-generated data, e.g. data from SQL, from exec(), etc. 759 | ; http://php.net/magic-quotes-runtime 760 | magic_quotes_runtime = Off 761 | 762 | ; Use Sybase-style magic quotes (escape ' with '' instead of \'). 763 | ; http://php.net/magic-quotes-sybase 764 | magic_quotes_sybase = Off 765 | 766 | ; Automatically add files before PHP document. 767 | ; http://php.net/auto-prepend-file 768 | auto_prepend_file = 769 | 770 | ; Automatically add files after PHP document. 771 | ; http://php.net/auto-append-file 772 | auto_append_file = 773 | 774 | ; By default, PHP will output a character encoding using 775 | ; the Content-type: header. To disable sending of the charset, simply 776 | ; set it to be empty. 777 | ; 778 | ; PHP's built-in default is text/html 779 | ; http://php.net/default-mimetype 780 | default_mimetype = "text/html" 781 | 782 | ; PHP's default character set is set to empty. 783 | ; http://php.net/default-charset 784 | ;default_charset = "iso-8859-1" 785 | 786 | ; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is 787 | ; to disable this feature. 788 | ; http://php.net/always-populate-raw-post-data 789 | ;always_populate_raw_post_data = On 790 | 791 | ;;;;;;;;;;;;;;;;;;;;;;;;; 792 | ; Paths and Directories ; 793 | ;;;;;;;;;;;;;;;;;;;;;;;;; 794 | 795 | ; UNIX: "/path1:/path2" 796 | ;include_path = ".:/usr/share/php" 797 | ; 798 | ; Windows: "\path1;\path2" 799 | ;include_path = ".;c:\php\includes" 800 | ; 801 | ; PHP's default setting for include_path is ".;/path/to/php/pear" 802 | ; http://php.net/include-path 803 | 804 | ; The root of the PHP pages, used only if nonempty. 805 | ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root 806 | ; if you are running php as a CGI under any web server (other than IIS) 807 | ; see documentation for security issues. The alternate is to use the 808 | ; cgi.force_redirect configuration below 809 | ; http://php.net/doc-root 810 | doc_root = 811 | 812 | ; The directory under which PHP opens the script using /~username used only 813 | ; if nonempty. 814 | ; http://php.net/user-dir 815 | user_dir = 816 | 817 | ; Directory in which the loadable extensions (modules) reside. 818 | ; http://php.net/extension-dir 819 | ; extension_dir = "./" 820 | ; On windows: 821 | ; extension_dir = "ext" 822 | 823 | ; Whether or not to enable the dl() function. The dl() function does NOT work 824 | ; properly in multithreaded servers, such as IIS or Zeus, and is automatically 825 | ; disabled on them. 826 | ; http://php.net/enable-dl 827 | enable_dl = Off 828 | 829 | ; cgi.force_redirect is necessary to provide security running PHP as a CGI under 830 | ; most web servers. Left undefined, PHP turns this on by default. You can 831 | ; turn it off here AT YOUR OWN RISK 832 | ; **You CAN safely turn this off for IIS, in fact, you MUST.** 833 | ; http://php.net/cgi.force-redirect 834 | ;cgi.force_redirect = 1 835 | 836 | ; if cgi.nph is enabled it will force cgi to always sent Status: 200 with 837 | ; every request. PHP's default behavior is to disable this feature. 838 | ;cgi.nph = 1 839 | 840 | ; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape 841 | ; (iPlanet) web servers, you MAY need to set an environment variable name that PHP 842 | ; will look for to know it is OK to continue execution. Setting this variable MAY 843 | ; cause security issues, KNOW WHAT YOU ARE DOING FIRST. 844 | ; http://php.net/cgi.redirect-status-env 845 | ;cgi.redirect_status_env = ; 846 | 847 | ; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's 848 | ; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok 849 | ; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting 850 | ; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting 851 | ; of zero causes PHP to behave as before. Default is 1. You should fix your scripts 852 | ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. 853 | ; http://php.net/cgi.fix-pathinfo 854 | ;cgi.fix_pathinfo=1 855 | 856 | ; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate 857 | ; security tokens of the calling client. This allows IIS to define the 858 | ; security context that the request runs under. mod_fastcgi under Apache 859 | ; does not currently support this feature (03/17/2002) 860 | ; Set to 1 if running under IIS. Default is zero. 861 | ; http://php.net/fastcgi.impersonate 862 | ;fastcgi.impersonate = 1; 863 | 864 | ; Disable logging through FastCGI connection. PHP's default behavior is to enable 865 | ; this feature. 866 | ;fastcgi.logging = 0 867 | 868 | ; cgi.rfc2616_headers configuration option tells PHP what type of headers to 869 | ; use when sending HTTP response code. If it's set 0 PHP sends Status: header that 870 | ; is supported by Apache. When this option is set to 1 PHP will send 871 | ; RFC2616 compliant header. 872 | ; Default is zero. 873 | ; http://php.net/cgi.rfc2616-headers 874 | ;cgi.rfc2616_headers = 0 875 | 876 | ;;;;;;;;;;;;;;;; 877 | ; File Uploads ; 878 | ;;;;;;;;;;;;;;;; 879 | 880 | ; Whether to allow HTTP file uploads. 881 | ; http://php.net/file-uploads 882 | file_uploads = On 883 | 884 | ; Temporary directory for HTTP uploaded files (will use system default if not 885 | ; specified). 886 | ; http://php.net/upload-tmp-dir 887 | ;upload_tmp_dir = 888 | 889 | ; Maximum allowed size for uploaded files. 890 | ; http://php.net/upload-max-filesize 891 | upload_max_filesize = 2M 892 | 893 | ; Maximum number of files that can be uploaded via a single request 894 | max_file_uploads = 20 895 | 896 | ;;;;;;;;;;;;;;;;;; 897 | ; Fopen wrappers ; 898 | ;;;;;;;;;;;;;;;;;; 899 | 900 | ; Whether to allow the treatment of URLs (like http:// or ftp://) as files. 901 | ; http://php.net/allow-url-fopen 902 | allow_url_fopen = On 903 | 904 | ; Whether to allow include/require to open URLs (like http:// or ftp://) as files. 905 | ; http://php.net/allow-url-include 906 | allow_url_include = Off 907 | 908 | ; Define the anonymous ftp password (your email address). PHP's default setting 909 | ; for this is empty. 910 | ; http://php.net/from 911 | ;from="john@doe.com" 912 | 913 | ; Define the User-Agent string. PHP's default setting for this is empty. 914 | ; http://php.net/user-agent 915 | ;user_agent="PHP" 916 | 917 | ; Default timeout for socket based streams (seconds) 918 | ; http://php.net/default-socket-timeout 919 | default_socket_timeout = 60 920 | 921 | ; If your scripts have to deal with files from Macintosh systems, 922 | ; or you are running on a Mac and need to deal with files from 923 | ; unix or win32 systems, setting this flag will cause PHP to 924 | ; automatically detect the EOL character in those files so that 925 | ; fgets() and file() will work regardless of the source of the file. 926 | ; http://php.net/auto-detect-line-endings 927 | ;auto_detect_line_endings = Off 928 | 929 | ;;;;;;;;;;;;;;;;;;;;;; 930 | ; Dynamic Extensions ; 931 | ;;;;;;;;;;;;;;;;;;;;;; 932 | 933 | ; If you wish to have an extension loaded automatically, use the following 934 | ; syntax: 935 | ; 936 | ; extension=modulename.extension 937 | ; 938 | ; For example, on Windows: 939 | ; 940 | ; extension=msql.dll 941 | ; 942 | ; ... or under UNIX: 943 | ; 944 | ; extension=msql.so 945 | ; 946 | ; ... or with a path: 947 | ; 948 | ; extension=/path/to/extension/msql.so 949 | ; 950 | ; If you only provide the name of the extension, PHP will look for it in its 951 | ; default extension directory. 952 | 953 | ;;;;;;;;;;;;;;;;;;; 954 | ; Module Settings ; 955 | ;;;;;;;;;;;;;;;;;;; 956 | 957 | [Date] 958 | ; Defines the default timezone used by the date functions 959 | ; http://php.net/date.timezone 960 | ;date.timezone = 961 | 962 | ; http://php.net/date.default-latitude 963 | ;date.default_latitude = 31.7667 964 | 965 | ; http://php.net/date.default-longitude 966 | ;date.default_longitude = 35.2333 967 | 968 | ; http://php.net/date.sunrise-zenith 969 | ;date.sunrise_zenith = 90.583333 970 | 971 | ; http://php.net/date.sunset-zenith 972 | ;date.sunset_zenith = 90.583333 973 | 974 | [filter] 975 | ; http://php.net/filter.default 976 | ;filter.default = unsafe_raw 977 | 978 | ; http://php.net/filter.default-flags 979 | ;filter.default_flags = 980 | 981 | [iconv] 982 | ;iconv.input_encoding = ISO-8859-1 983 | ;iconv.internal_encoding = ISO-8859-1 984 | ;iconv.output_encoding = ISO-8859-1 985 | 986 | [intl] 987 | ;intl.default_locale = 988 | ; This directive allows you to produce PHP errors when some error 989 | ; happens within intl functions. The value is the level of the error produced. 990 | ; Default is 0, which does not produce any errors. 991 | ;intl.error_level = E_WARNING 992 | 993 | [sqlite] 994 | ; http://php.net/sqlite.assoc-case 995 | ;sqlite.assoc_case = 0 996 | 997 | [sqlite3] 998 | ;sqlite3.extension_dir = 999 | 1000 | [Pcre] 1001 | ;PCRE library backtracking limit. 1002 | ; http://php.net/pcre.backtrack-limit 1003 | ;pcre.backtrack_limit=100000 1004 | 1005 | ;PCRE library recursion limit. 1006 | ;Please note that if you set this value to a high number you may consume all 1007 | ;the available process stack and eventually crash PHP (due to reaching the 1008 | ;stack size limit imposed by the Operating System). 1009 | ; http://php.net/pcre.recursion-limit 1010 | ;pcre.recursion_limit=100000 1011 | 1012 | [Pdo] 1013 | ; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" 1014 | ; http://php.net/pdo-odbc.connection-pooling 1015 | ;pdo_odbc.connection_pooling=strict 1016 | 1017 | ;pdo_odbc.db2_instance_name 1018 | 1019 | [Pdo_mysql] 1020 | ; If mysqlnd is used: Number of cache slots for the internal result set cache 1021 | ; http://php.net/pdo_mysql.cache_size 1022 | pdo_mysql.cache_size = 2000 1023 | 1024 | ; Default socket name for local MySQL connects. If empty, uses the built-in 1025 | ; MySQL defaults. 1026 | ; http://php.net/pdo_mysql.default-socket 1027 | pdo_mysql.default_socket= 1028 | 1029 | [Phar] 1030 | ; http://php.net/phar.readonly 1031 | ;phar.readonly = On 1032 | 1033 | ; http://php.net/phar.require-hash 1034 | ;phar.require_hash = On 1035 | 1036 | ;phar.cache_list = 1037 | 1038 | [Syslog] 1039 | ; Whether or not to define the various syslog variables (e.g. $LOG_PID, 1040 | ; $LOG_CRON, etc.). Turning it off is a good idea performance-wise. In 1041 | ; runtime, you can define these variables by calling define_syslog_variables(). 1042 | ; http://php.net/define-syslog-variables 1043 | define_syslog_variables = Off 1044 | 1045 | [mail function] 1046 | ; For Win32 only. 1047 | ; http://php.net/smtp 1048 | SMTP = localhost 1049 | ; http://php.net/smtp-port 1050 | smtp_port = 25 1051 | 1052 | ; For Win32 only. 1053 | ; http://php.net/sendmail-from 1054 | ;sendmail_from = me@example.com 1055 | 1056 | ; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). 1057 | ; http://php.net/sendmail-path 1058 | ;sendmail_path = 1059 | 1060 | ; Force the addition of the specified parameters to be passed as extra parameters 1061 | ; to the sendmail binary. These parameters will always replace the value of 1062 | ; the 5th parameter to mail(), even in safe mode. 1063 | ;mail.force_extra_parameters = 1064 | 1065 | ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename 1066 | mail.add_x_header = On 1067 | 1068 | ; The path to a log file that will log all mail() calls. Log entries include 1069 | ; the full path of the script, line number, To address and headers. 1070 | ;mail.log = 1071 | 1072 | [SQL] 1073 | ; http://php.net/sql.safe-mode 1074 | sql.safe_mode = Off 1075 | 1076 | [ODBC] 1077 | ; http://php.net/odbc.default-db 1078 | ;odbc.default_db = Not yet implemented 1079 | 1080 | ; http://php.net/odbc.default-user 1081 | ;odbc.default_user = Not yet implemented 1082 | 1083 | ; http://php.net/odbc.default-pw 1084 | ;odbc.default_pw = Not yet implemented 1085 | 1086 | ; Controls the ODBC cursor model. 1087 | ; Default: SQL_CURSOR_STATIC (default). 1088 | ;odbc.default_cursortype 1089 | 1090 | ; Allow or prevent persistent links. 1091 | ; http://php.net/odbc.allow-persistent 1092 | odbc.allow_persistent = On 1093 | 1094 | ; Check that a connection is still valid before reuse. 1095 | ; http://php.net/odbc.check-persistent 1096 | odbc.check_persistent = On 1097 | 1098 | ; Maximum number of persistent links. -1 means no limit. 1099 | ; http://php.net/odbc.max-persistent 1100 | odbc.max_persistent = -1 1101 | 1102 | ; Maximum number of links (persistent + non-persistent). -1 means no limit. 1103 | ; http://php.net/odbc.max-links 1104 | odbc.max_links = -1 1105 | 1106 | ; Handling of LONG fields. Returns number of bytes to variables. 0 means 1107 | ; passthru. 1108 | ; http://php.net/odbc.defaultlrl 1109 | odbc.defaultlrl = 4096 1110 | 1111 | ; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. 1112 | ; See the documentation on odbc_binmode and odbc_longreadlen for an explanation 1113 | ; of odbc.defaultlrl and odbc.defaultbinmode 1114 | ; http://php.net/odbc.defaultbinmode 1115 | odbc.defaultbinmode = 1 1116 | 1117 | ;birdstep.max_links = -1 1118 | 1119 | [Interbase] 1120 | ; Allow or prevent persistent links. 1121 | ibase.allow_persistent = 1 1122 | 1123 | ; Maximum number of persistent links. -1 means no limit. 1124 | ibase.max_persistent = -1 1125 | 1126 | ; Maximum number of links (persistent + non-persistent). -1 means no limit. 1127 | ibase.max_links = -1 1128 | 1129 | ; Default database name for ibase_connect(). 1130 | ;ibase.default_db = 1131 | 1132 | ; Default username for ibase_connect(). 1133 | ;ibase.default_user = 1134 | 1135 | ; Default password for ibase_connect(). 1136 | ;ibase.default_password = 1137 | 1138 | ; Default charset for ibase_connect(). 1139 | ;ibase.default_charset = 1140 | 1141 | ; Default timestamp format. 1142 | ibase.timestampformat = "%Y-%m-%d %H:%M:%S" 1143 | 1144 | ; Default date format. 1145 | ibase.dateformat = "%Y-%m-%d" 1146 | 1147 | ; Default time format. 1148 | ibase.timeformat = "%H:%M:%S" 1149 | 1150 | [MySQL] 1151 | ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements 1152 | ; http://php.net/mysql.allow_local_infile 1153 | mysql.allow_local_infile = On 1154 | 1155 | ; Allow or prevent persistent links. 1156 | ; http://php.net/mysql.allow-persistent 1157 | mysql.allow_persistent = On 1158 | 1159 | ; If mysqlnd is used: Number of cache slots for the internal result set cache 1160 | ; http://php.net/mysql.cache_size 1161 | mysql.cache_size = 2000 1162 | 1163 | ; Maximum number of persistent links. -1 means no limit. 1164 | ; http://php.net/mysql.max-persistent 1165 | mysql.max_persistent = -1 1166 | 1167 | ; Maximum number of links (persistent + non-persistent). -1 means no limit. 1168 | ; http://php.net/mysql.max-links 1169 | mysql.max_links = -1 1170 | 1171 | ; Default port number for mysql_connect(). If unset, mysql_connect() will use 1172 | ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the 1173 | ; compile-time value defined MYSQL_PORT (in that order). Win32 will only look 1174 | ; at MYSQL_PORT. 1175 | ; http://php.net/mysql.default-port 1176 | mysql.default_port = 1177 | 1178 | ; Default socket name for local MySQL connects. If empty, uses the built-in 1179 | ; MySQL defaults. 1180 | ; http://php.net/mysql.default-socket 1181 | mysql.default_socket = 1182 | 1183 | ; Default host for mysql_connect() (doesn't apply in safe mode). 1184 | ; http://php.net/mysql.default-host 1185 | mysql.default_host = 1186 | 1187 | ; Default user for mysql_connect() (doesn't apply in safe mode). 1188 | ; http://php.net/mysql.default-user 1189 | mysql.default_user = 1190 | 1191 | ; Default password for mysql_connect() (doesn't apply in safe mode). 1192 | ; Note that this is generally a *bad* idea to store passwords in this file. 1193 | ; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password") 1194 | ; and reveal this password! And of course, any users with read access to this 1195 | ; file will be able to reveal the password as well. 1196 | ; http://php.net/mysql.default-password 1197 | mysql.default_password = 1198 | 1199 | ; Maximum time (in seconds) for connect timeout. -1 means no limit 1200 | ; http://php.net/mysql.connect-timeout 1201 | mysql.connect_timeout = 60 1202 | 1203 | ; Trace mode. When trace_mode is active (=On), warnings for table/index scans and 1204 | ; SQL-Errors will be displayed. 1205 | ; http://php.net/mysql.trace-mode 1206 | mysql.trace_mode = Off 1207 | 1208 | [MySQLi] 1209 | 1210 | ; Maximum number of persistent links. -1 means no limit. 1211 | ; http://php.net/mysqli.max-persistent 1212 | mysqli.max_persistent = -1 1213 | 1214 | ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements 1215 | ; http://php.net/mysqli.allow_local_infile 1216 | ;mysqli.allow_local_infile = On 1217 | 1218 | ; Allow or prevent persistent links. 1219 | ; http://php.net/mysqli.allow-persistent 1220 | mysqli.allow_persistent = On 1221 | 1222 | ; Maximum number of links. -1 means no limit. 1223 | ; http://php.net/mysqli.max-links 1224 | mysqli.max_links = -1 1225 | 1226 | ; If mysqlnd is used: Number of cache slots for the internal result set cache 1227 | ; http://php.net/mysqli.cache_size 1228 | mysqli.cache_size = 2000 1229 | 1230 | ; Default port number for mysqli_connect(). If unset, mysqli_connect() will use 1231 | ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the 1232 | ; compile-time value defined MYSQL_PORT (in that order). Win32 will only look 1233 | ; at MYSQL_PORT. 1234 | ; http://php.net/mysqli.default-port 1235 | mysqli.default_port = 3306 1236 | 1237 | ; Default socket name for local MySQL connects. If empty, uses the built-in 1238 | ; MySQL defaults. 1239 | ; http://php.net/mysqli.default-socket 1240 | mysqli.default_socket = 1241 | 1242 | ; Default host for mysql_connect() (doesn't apply in safe mode). 1243 | ; http://php.net/mysqli.default-host 1244 | mysqli.default_host = 1245 | 1246 | ; Default user for mysql_connect() (doesn't apply in safe mode). 1247 | ; http://php.net/mysqli.default-user 1248 | mysqli.default_user = 1249 | 1250 | ; Default password for mysqli_connect() (doesn't apply in safe mode). 1251 | ; Note that this is generally a *bad* idea to store passwords in this file. 1252 | ; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") 1253 | ; and reveal this password! And of course, any users with read access to this 1254 | ; file will be able to reveal the password as well. 1255 | ; http://php.net/mysqli.default-pw 1256 | mysqli.default_pw = 1257 | 1258 | ; Allow or prevent reconnect 1259 | mysqli.reconnect = Off 1260 | 1261 | [mysqlnd] 1262 | ; Enable / Disable collection of general statistics by mysqlnd which can be 1263 | ; used to tune and monitor MySQL operations. 1264 | ; http://php.net/mysqlnd.collect_statistics 1265 | mysqlnd.collect_statistics = On 1266 | 1267 | ; Enable / Disable collection of memory usage statistics by mysqlnd which can be 1268 | ; used to tune and monitor MySQL operations. 1269 | ; http://php.net/mysqlnd.collect_memory_statistics 1270 | mysqlnd.collect_memory_statistics = Off 1271 | 1272 | ; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. 1273 | ; http://php.net/mysqlnd.net_cmd_buffer_size 1274 | ;mysqlnd.net_cmd_buffer_size = 2048 1275 | 1276 | ; Size of a pre-allocated buffer used for reading data sent by the server in 1277 | ; bytes. 1278 | ; http://php.net/mysqlnd.net_read_buffer_size 1279 | ;mysqlnd.net_read_buffer_size = 32768 1280 | 1281 | [OCI8] 1282 | 1283 | ; Connection: Enables privileged connections using external 1284 | ; credentials (OCI_SYSOPER, OCI_SYSDBA) 1285 | ; http://php.net/oci8.privileged-connect 1286 | ;oci8.privileged_connect = Off 1287 | 1288 | ; Connection: The maximum number of persistent OCI8 connections per 1289 | ; process. Using -1 means no limit. 1290 | ; http://php.net/oci8.max-persistent 1291 | ;oci8.max_persistent = -1 1292 | 1293 | ; Connection: The maximum number of seconds a process is allowed to 1294 | ; maintain an idle persistent connection. Using -1 means idle 1295 | ; persistent connections will be maintained forever. 1296 | ; http://php.net/oci8.persistent-timeout 1297 | ;oci8.persistent_timeout = -1 1298 | 1299 | ; Connection: The number of seconds that must pass before issuing a 1300 | ; ping during oci_pconnect() to check the connection validity. When 1301 | ; set to 0, each oci_pconnect() will cause a ping. Using -1 disables 1302 | ; pings completely. 1303 | ; http://php.net/oci8.ping-interval 1304 | ;oci8.ping_interval = 60 1305 | 1306 | ; Connection: Set this to a user chosen connection class to be used 1307 | ; for all pooled server requests with Oracle 11g Database Resident 1308 | ; Connection Pooling (DRCP). To use DRCP, this value should be set to 1309 | ; the same string for all web servers running the same application, 1310 | ; the database pool must be configured, and the connection string must 1311 | ; specify to use a pooled server. 1312 | ;oci8.connection_class = 1313 | 1314 | ; High Availability: Using On lets PHP receive Fast Application 1315 | ; Notification (FAN) events generated when a database node fails. The 1316 | ; database must also be configured to post FAN events. 1317 | ;oci8.events = Off 1318 | 1319 | ; Tuning: This option enables statement caching, and specifies how 1320 | ; many statements to cache. Using 0 disables statement caching. 1321 | ; http://php.net/oci8.statement-cache-size 1322 | ;oci8.statement_cache_size = 20 1323 | 1324 | ; Tuning: Enables statement prefetching and sets the default number of 1325 | ; rows that will be fetched automatically after statement execution. 1326 | ; http://php.net/oci8.default-prefetch 1327 | ;oci8.default_prefetch = 100 1328 | 1329 | ; Compatibility. Using On means oci_close() will not close 1330 | ; oci_connect() and oci_new_connect() connections. 1331 | ; http://php.net/oci8.old-oci-close-semantics 1332 | ;oci8.old_oci_close_semantics = Off 1333 | 1334 | [PostgreSQL] 1335 | ; Allow or prevent persistent links. 1336 | ; http://php.net/pgsql.allow-persistent 1337 | pgsql.allow_persistent = On 1338 | 1339 | ; Detect broken persistent links always with pg_pconnect(). 1340 | ; Auto reset feature requires a little overheads. 1341 | ; http://php.net/pgsql.auto-reset-persistent 1342 | pgsql.auto_reset_persistent = Off 1343 | 1344 | ; Maximum number of persistent links. -1 means no limit. 1345 | ; http://php.net/pgsql.max-persistent 1346 | pgsql.max_persistent = -1 1347 | 1348 | ; Maximum number of links (persistent+non persistent). -1 means no limit. 1349 | ; http://php.net/pgsql.max-links 1350 | pgsql.max_links = -1 1351 | 1352 | ; Ignore PostgreSQL backends Notice message or not. 1353 | ; Notice message logging require a little overheads. 1354 | ; http://php.net/pgsql.ignore-notice 1355 | pgsql.ignore_notice = 0 1356 | 1357 | ; Log PostgreSQL backends Notice message or not. 1358 | ; Unless pgsql.ignore_notice=0, module cannot log notice message. 1359 | ; http://php.net/pgsql.log-notice 1360 | pgsql.log_notice = 0 1361 | 1362 | [Sybase-CT] 1363 | ; Allow or prevent persistent links. 1364 | ; http://php.net/sybct.allow-persistent 1365 | sybct.allow_persistent = On 1366 | 1367 | ; Maximum number of persistent links. -1 means no limit. 1368 | ; http://php.net/sybct.max-persistent 1369 | sybct.max_persistent = -1 1370 | 1371 | ; Maximum number of links (persistent + non-persistent). -1 means no limit. 1372 | ; http://php.net/sybct.max-links 1373 | sybct.max_links = -1 1374 | 1375 | ; Minimum server message severity to display. 1376 | ; http://php.net/sybct.min-server-severity 1377 | sybct.min_server_severity = 10 1378 | 1379 | ; Minimum client message severity to display. 1380 | ; http://php.net/sybct.min-client-severity 1381 | sybct.min_client_severity = 10 1382 | 1383 | ; Set per-context timeout 1384 | ; http://php.net/sybct.timeout 1385 | ;sybct.timeout= 1386 | 1387 | ;sybct.packet_size 1388 | 1389 | ; The maximum time in seconds to wait for a connection attempt to succeed before returning failure. 1390 | ; Default: one minute 1391 | ;sybct.login_timeout= 1392 | 1393 | ; The name of the host you claim to be connecting from, for display by sp_who. 1394 | ; Default: none 1395 | ;sybct.hostname= 1396 | 1397 | ; Allows you to define how often deadlocks are to be retried. -1 means "forever". 1398 | ; Default: 0 1399 | ;sybct.deadlock_retry_count= 1400 | 1401 | [bcmath] 1402 | ; Number of decimal digits for all bcmath functions. 1403 | ; http://php.net/bcmath.scale 1404 | bcmath.scale = 0 1405 | 1406 | [browscap] 1407 | ; http://php.net/browscap 1408 | ;browscap = extra/browscap.ini 1409 | 1410 | [Session] 1411 | ; Handler used to store/retrieve data. 1412 | ; http://php.net/session.save-handler 1413 | session.save_handler = files 1414 | 1415 | ; Argument passed to save_handler. In the case of files, this is the path 1416 | ; where data files are stored. Note: Windows users have to change this 1417 | ; variable in order to use PHP's session functions. 1418 | ; 1419 | ; The path can be defined as: 1420 | ; 1421 | ; session.save_path = "N;/path" 1422 | ; 1423 | ; where N is an integer. Instead of storing all the session files in 1424 | ; /path, what this will do is use subdirectories N-levels deep, and 1425 | ; store the session data in those directories. This is useful if you 1426 | ; or your OS have problems with lots of files in one directory, and is 1427 | ; a more efficient layout for servers that handle lots of sessions. 1428 | ; 1429 | ; NOTE 1: PHP will not create this directory structure automatically. 1430 | ; You can use the script in the ext/session dir for that purpose. 1431 | ; NOTE 2: See the section on garbage collection below if you choose to 1432 | ; use subdirectories for session storage 1433 | ; 1434 | ; The file storage module creates files using mode 600 by default. 1435 | ; You can change that by using 1436 | ; 1437 | ; session.save_path = "N;MODE;/path" 1438 | ; 1439 | ; where MODE is the octal representation of the mode. Note that this 1440 | ; does not overwrite the process's umask. 1441 | ; http://php.net/session.save-path 1442 | ;session.save_path = "/tmp" 1443 | 1444 | ; Whether to use cookies. 1445 | ; http://php.net/session.use-cookies 1446 | session.use_cookies = 1 1447 | 1448 | ; http://php.net/session.cookie-secure 1449 | ;session.cookie_secure = 1450 | 1451 | ; This option forces PHP to fetch and use a cookie for storing and maintaining 1452 | ; the session id. We encourage this operation as it's very helpful in combatting 1453 | ; session hijacking when not specifying and managing your own session id. It is 1454 | ; not the end all be all of session hijacking defense, but it's a good start. 1455 | ; http://php.net/session.use-only-cookies 1456 | session.use_only_cookies = 1 1457 | 1458 | ; Name of the session (used as cookie name). 1459 | ; http://php.net/session.name 1460 | session.name = PHPSESSID 1461 | 1462 | ; Initialize session on request startup. 1463 | ; http://php.net/session.auto-start 1464 | session.auto_start = 0 1465 | 1466 | ; Lifetime in seconds of cookie or, if 0, until browser is restarted. 1467 | ; http://php.net/session.cookie-lifetime 1468 | session.cookie_lifetime = 0 1469 | 1470 | ; The path for which the cookie is valid. 1471 | ; http://php.net/session.cookie-path 1472 | session.cookie_path = / 1473 | 1474 | ; The domain for which the cookie is valid. 1475 | ; http://php.net/session.cookie-domain 1476 | session.cookie_domain = 1477 | 1478 | ; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. 1479 | ; http://php.net/session.cookie-httponly 1480 | session.cookie_httponly = 1481 | 1482 | ; Handler used to serialize data. php is the standard serializer of PHP. 1483 | ; http://php.net/session.serialize-handler 1484 | session.serialize_handler = php 1485 | 1486 | ; Defines the probability that the 'garbage collection' process is started 1487 | ; on every session initialization. The probability is calculated by using 1488 | ; gc_probability/gc_divisor. Where session.gc_probability is the numerator 1489 | ; and gc_divisor is the denominator in the equation. Setting this value to 1 1490 | ; when the session.gc_divisor value is 100 will give you approximately a 1% chance 1491 | ; the gc will run on any give request. 1492 | ; Default Value: 1 1493 | ; Development Value: 1 1494 | ; Production Value: 1 1495 | ; http://php.net/session.gc-probability 1496 | session.gc_probability = 0 1497 | 1498 | ; Defines the probability that the 'garbage collection' process is started on every 1499 | ; session initialization. The probability is calculated by using the following equation: 1500 | ; gc_probability/gc_divisor. Where session.gc_probability is the numerator and 1501 | ; session.gc_divisor is the denominator in the equation. Setting this value to 1 1502 | ; when the session.gc_divisor value is 100 will give you approximately a 1% chance 1503 | ; the gc will run on any give request. Increasing this value to 1000 will give you 1504 | ; a 0.1% chance the gc will run on any give request. For high volume production servers, 1505 | ; this is a more efficient approach. 1506 | ; Default Value: 100 1507 | ; Development Value: 1000 1508 | ; Production Value: 1000 1509 | ; http://php.net/session.gc-divisor 1510 | session.gc_divisor = 1000 1511 | 1512 | ; After this number of seconds, stored data will be seen as 'garbage' and 1513 | ; cleaned up by the garbage collection process. 1514 | ; http://php.net/session.gc-maxlifetime 1515 | session.gc_maxlifetime = 1440 1516 | 1517 | ; NOTE: If you are using the subdirectory option for storing session files 1518 | ; (see session.save_path above), then garbage collection does *not* 1519 | ; happen automatically. You will need to do your own garbage 1520 | ; collection through a shell script, cron entry, or some other method. 1521 | ; For example, the following script would is the equivalent of 1522 | ; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): 1523 | ; find /path/to/sessions -cmin +24 | xargs rm 1524 | 1525 | ; PHP 4.2 and less have an undocumented feature/bug that allows you to 1526 | ; to initialize a session variable in the global scope, even when register_globals 1527 | ; is disabled. PHP 4.3 and later will warn you, if this feature is used. 1528 | ; You can disable the feature and the warning separately. At this time, 1529 | ; the warning is only displayed, if bug_compat_42 is enabled. This feature 1530 | ; introduces some serious security problems if not handled correctly. It's 1531 | ; recommended that you do not use this feature on production servers. But you 1532 | ; should enable this on development servers and enable the warning as well. If you 1533 | ; do not enable the feature on development servers, you won't be warned when it's 1534 | ; used and debugging errors caused by this can be difficult to track down. 1535 | ; Default Value: On 1536 | ; Development Value: On 1537 | ; Production Value: Off 1538 | ; http://php.net/session.bug-compat-42 1539 | session.bug_compat_42 = Off 1540 | 1541 | ; This setting controls whether or not you are warned by PHP when initializing a 1542 | ; session value into the global space. session.bug_compat_42 must be enabled before 1543 | ; these warnings can be issued by PHP. See the directive above for more information. 1544 | ; Default Value: On 1545 | ; Development Value: On 1546 | ; Production Value: Off 1547 | ; http://php.net/session.bug-compat-warn 1548 | session.bug_compat_warn = Off 1549 | 1550 | ; Check HTTP Referer to invalidate externally stored URLs containing ids. 1551 | ; HTTP_REFERER has to contain this substring for the session to be 1552 | ; considered as valid. 1553 | ; http://php.net/session.referer-check 1554 | session.referer_check = 1555 | 1556 | ; How many bytes to read from the file. 1557 | ; http://php.net/session.entropy-length 1558 | session.entropy_length = 0 1559 | 1560 | ; Specified here to create the session id. 1561 | ; http://php.net/session.entropy-file 1562 | ; On systems that don't have /dev/urandom /dev/arandom can be used 1563 | ; On windows, setting the entropy_length setting will activate the 1564 | ; Windows random source (using the CryptoAPI) 1565 | ;session.entropy_file = /dev/urandom 1566 | 1567 | ; Set to {nocache,private,public,} to determine HTTP caching aspects 1568 | ; or leave this empty to avoid sending anti-caching headers. 1569 | ; http://php.net/session.cache-limiter 1570 | session.cache_limiter = nocache 1571 | 1572 | ; Document expires after n minutes. 1573 | ; http://php.net/session.cache-expire 1574 | session.cache_expire = 180 1575 | 1576 | ; trans sid support is disabled by default. 1577 | ; Use of trans sid may risk your users security. 1578 | ; Use this option with caution. 1579 | ; - User may send URL contains active session ID 1580 | ; to other person via. email/irc/etc. 1581 | ; - URL that contains active session ID may be stored 1582 | ; in publically accessible computer. 1583 | ; - User may access your site with the same session ID 1584 | ; always using URL stored in browser's history or bookmarks. 1585 | ; http://php.net/session.use-trans-sid 1586 | session.use_trans_sid = 0 1587 | 1588 | ; Select a hash function for use in generating session ids. 1589 | ; Possible Values 1590 | ; 0 (MD5 128 bits) 1591 | ; 1 (SHA-1 160 bits) 1592 | ; This option may also be set to the name of any hash function supported by 1593 | ; the hash extension. A list of available hashes is returned by the hash_algos() 1594 | ; function. 1595 | ; http://php.net/session.hash-function 1596 | session.hash_function = 0 1597 | 1598 | ; Define how many bits are stored in each character when converting 1599 | ; the binary hash data to something readable. 1600 | ; Possible values: 1601 | ; 4 (4 bits: 0-9, a-f) 1602 | ; 5 (5 bits: 0-9, a-v) 1603 | ; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") 1604 | ; Default Value: 4 1605 | ; Development Value: 5 1606 | ; Production Value: 5 1607 | ; http://php.net/session.hash-bits-per-character 1608 | session.hash_bits_per_character = 5 1609 | 1610 | ; The URL rewriter will look for URLs in a defined set of HTML tags. 1611 | ; form/fieldset are special; if you include them here, the rewriter will 1612 | ; add a hidden field with the info which is otherwise appended 1613 | ; to URLs. If you want XHTML conformity, remove the form entry. 1614 | ; Note that all valid entries require a "=", even if no value follows. 1615 | ; Default Value: "a=href,area=href,frame=src,form=,fieldset=" 1616 | ; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" 1617 | ; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" 1618 | ; http://php.net/url-rewriter.tags 1619 | url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" 1620 | 1621 | [MSSQL] 1622 | ; Allow or prevent persistent links. 1623 | mssql.allow_persistent = On 1624 | 1625 | ; Maximum number of persistent links. -1 means no limit. 1626 | mssql.max_persistent = -1 1627 | 1628 | ; Maximum number of links (persistent+non persistent). -1 means no limit. 1629 | mssql.max_links = -1 1630 | 1631 | ; Minimum error severity to display. 1632 | mssql.min_error_severity = 10 1633 | 1634 | ; Minimum message severity to display. 1635 | mssql.min_message_severity = 10 1636 | 1637 | ; Compatibility mode with old versions of PHP 3.0. 1638 | mssql.compatability_mode = Off 1639 | 1640 | ; Connect timeout 1641 | ;mssql.connect_timeout = 5 1642 | 1643 | ; Query timeout 1644 | ;mssql.timeout = 60 1645 | 1646 | ; Valid range 0 - 2147483647. Default = 4096. 1647 | ;mssql.textlimit = 4096 1648 | 1649 | ; Valid range 0 - 2147483647. Default = 4096. 1650 | ;mssql.textsize = 4096 1651 | 1652 | ; Limits the number of records in each batch. 0 = all records in one batch. 1653 | ;mssql.batchsize = 0 1654 | 1655 | ; Specify how datetime and datetim4 columns are returned 1656 | ; On => Returns data converted to SQL server settings 1657 | ; Off => Returns values as YYYY-MM-DD hh:mm:ss 1658 | ;mssql.datetimeconvert = On 1659 | 1660 | ; Use NT authentication when connecting to the server 1661 | mssql.secure_connection = Off 1662 | 1663 | ; Specify max number of processes. -1 = library default 1664 | ; msdlib defaults to 25 1665 | ; FreeTDS defaults to 4096 1666 | ;mssql.max_procs = -1 1667 | 1668 | ; Specify client character set. 1669 | ; If empty or not set the client charset from freetds.conf is used 1670 | ; This is only used when compiled with FreeTDS 1671 | ;mssql.charset = "ISO-8859-1" 1672 | 1673 | [Assertion] 1674 | ; Assert(expr); active by default. 1675 | ; http://php.net/assert.active 1676 | ;assert.active = On 1677 | 1678 | ; Issue a PHP warning for each failed assertion. 1679 | ; http://php.net/assert.warning 1680 | ;assert.warning = On 1681 | 1682 | ; Don't bail out by default. 1683 | ; http://php.net/assert.bail 1684 | ;assert.bail = Off 1685 | 1686 | ; User-function to be called if an assertion fails. 1687 | ; http://php.net/assert.callback 1688 | ;assert.callback = 0 1689 | 1690 | ; Eval the expression with current error_reporting(). Set to true if you want 1691 | ; error_reporting(0) around the eval(). 1692 | ; http://php.net/assert.quiet-eval 1693 | ;assert.quiet_eval = 0 1694 | 1695 | [COM] 1696 | ; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs 1697 | ; http://php.net/com.typelib-file 1698 | ;com.typelib_file = 1699 | 1700 | ; allow Distributed-COM calls 1701 | ; http://php.net/com.allow-dcom 1702 | ;com.allow_dcom = true 1703 | 1704 | ; autoregister constants of a components typlib on com_load() 1705 | ; http://php.net/com.autoregister-typelib 1706 | ;com.autoregister_typelib = true 1707 | 1708 | ; register constants casesensitive 1709 | ; http://php.net/com.autoregister-casesensitive 1710 | ;com.autoregister_casesensitive = false 1711 | 1712 | ; show warnings on duplicate constant registrations 1713 | ; http://php.net/com.autoregister-verbose 1714 | ;com.autoregister_verbose = true 1715 | 1716 | ; The default character set code-page to use when passing strings to and from COM objects. 1717 | ; Default: system ANSI code page 1718 | ;com.code_page= 1719 | 1720 | [mbstring] 1721 | ; language for internal character representation. 1722 | ; http://php.net/mbstring.language 1723 | ;mbstring.language = Japanese 1724 | 1725 | ; internal/script encoding. 1726 | ; Some encoding cannot work as internal encoding. 1727 | ; (e.g. SJIS, BIG5, ISO-2022-*) 1728 | ; http://php.net/mbstring.internal-encoding 1729 | ;mbstring.internal_encoding = EUC-JP 1730 | 1731 | ; http input encoding. 1732 | ; http://php.net/mbstring.http-input 1733 | ;mbstring.http_input = auto 1734 | 1735 | ; http output encoding. mb_output_handler must be 1736 | ; registered as output buffer to function 1737 | ; http://php.net/mbstring.http-output 1738 | ;mbstring.http_output = SJIS 1739 | 1740 | ; enable automatic encoding translation according to 1741 | ; mbstring.internal_encoding setting. Input chars are 1742 | ; converted to internal encoding by setting this to On. 1743 | ; Note: Do _not_ use automatic encoding translation for 1744 | ; portable libs/applications. 1745 | ; http://php.net/mbstring.encoding-translation 1746 | ;mbstring.encoding_translation = Off 1747 | 1748 | ; automatic encoding detection order. 1749 | ; auto means 1750 | ; http://php.net/mbstring.detect-order 1751 | ;mbstring.detect_order = auto 1752 | 1753 | ; substitute_character used when character cannot be converted 1754 | ; one from another 1755 | ; http://php.net/mbstring.substitute-character 1756 | ;mbstring.substitute_character = none; 1757 | 1758 | ; overload(replace) single byte functions by mbstring functions. 1759 | ; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), 1760 | ; etc. Possible values are 0,1,2,4 or combination of them. 1761 | ; For example, 7 for overload everything. 1762 | ; 0: No overload 1763 | ; 1: Overload mail() function 1764 | ; 2: Overload str*() functions 1765 | ; 4: Overload ereg*() functions 1766 | ; http://php.net/mbstring.func-overload 1767 | ;mbstring.func_overload = 0 1768 | 1769 | ; enable strict encoding detection. 1770 | ;mbstring.strict_detection = Off 1771 | 1772 | ; This directive specifies the regex pattern of content types for which mb_output_handler() 1773 | ; is activated. 1774 | ; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) 1775 | ;mbstring.http_output_conv_mimetype= 1776 | 1777 | ; Allows to set script encoding. Only affects if PHP is compiled with --enable-zend-multibyte 1778 | ; Default: "" 1779 | ;mbstring.script_encoding= 1780 | 1781 | [gd] 1782 | ; Tell the jpeg decode to ignore warnings and try to create 1783 | ; a gd image. The warning will then be displayed as notices 1784 | ; disabled by default 1785 | ; http://php.net/gd.jpeg-ignore-warning 1786 | ;gd.jpeg_ignore_warning = 0 1787 | 1788 | [exif] 1789 | ; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. 1790 | ; With mbstring support this will automatically be converted into the encoding 1791 | ; given by corresponding encode setting. When empty mbstring.internal_encoding 1792 | ; is used. For the decode settings you can distinguish between motorola and 1793 | ; intel byte order. A decode setting cannot be empty. 1794 | ; http://php.net/exif.encode-unicode 1795 | ;exif.encode_unicode = ISO-8859-15 1796 | 1797 | ; http://php.net/exif.decode-unicode-motorola 1798 | ;exif.decode_unicode_motorola = UCS-2BE 1799 | 1800 | ; http://php.net/exif.decode-unicode-intel 1801 | ;exif.decode_unicode_intel = UCS-2LE 1802 | 1803 | ; http://php.net/exif.encode-jis 1804 | ;exif.encode_jis = 1805 | 1806 | ; http://php.net/exif.decode-jis-motorola 1807 | ;exif.decode_jis_motorola = JIS 1808 | 1809 | ; http://php.net/exif.decode-jis-intel 1810 | ;exif.decode_jis_intel = JIS 1811 | 1812 | [Tidy] 1813 | ; The path to a default tidy configuration file to use when using tidy 1814 | ; http://php.net/tidy.default-config 1815 | ;tidy.default_config = /usr/local/lib/php/default.tcfg 1816 | 1817 | ; Should tidy clean and repair output automatically? 1818 | ; WARNING: Do not use this option if you are generating non-html content 1819 | ; such as dynamic images 1820 | ; http://php.net/tidy.clean-output 1821 | tidy.clean_output = Off 1822 | 1823 | [soap] 1824 | ; Enables or disables WSDL caching feature. 1825 | ; http://php.net/soap.wsdl-cache-enabled 1826 | soap.wsdl_cache_enabled=1 1827 | 1828 | ; Sets the directory name where SOAP extension will put cache files. 1829 | ; http://php.net/soap.wsdl-cache-dir 1830 | soap.wsdl_cache_dir="/tmp" 1831 | 1832 | ; (time to live) Sets the number of second while cached file will be used 1833 | ; instead of original one. 1834 | ; http://php.net/soap.wsdl-cache-ttl 1835 | soap.wsdl_cache_ttl=86400 1836 | 1837 | ; Sets the size of the cache limit. (Max. number of WSDL files to cache) 1838 | soap.wsdl_cache_limit = 5 1839 | 1840 | [sysvshm] 1841 | ; A default size of the shared memory segment 1842 | ;sysvshm.init_mem = 10000 1843 | 1844 | [ldap] 1845 | ; Sets the maximum number of open links or -1 for unlimited. 1846 | ldap.max_links = -1 1847 | 1848 | [mcrypt] 1849 | ; For more information about mcrypt settings see http://php.net/mcrypt-module-open 1850 | 1851 | ; Directory where to load mcrypt algorithms 1852 | ; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) 1853 | ;mcrypt.algorithms_dir= 1854 | 1855 | ; Directory where to load mcrypt modes 1856 | ; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) 1857 | ;mcrypt.modes_dir= 1858 | 1859 | [dba] 1860 | ;dba.default_handler= 1861 | 1862 | [xsl] 1863 | ; Write operations from within XSLT are disabled by default. 1864 | ; XSL_SECPREF_CREATE_DIRECTORY | XSL_SECPREF_WRITE_NETWORK | XSL_SECPREF_WRITE_FILE = 44 1865 | ; Set it to 0 to allow all operations 1866 | ;xsl.security_prefs = 44 1867 | 1868 | ; Local Variables: 1869 | ; tab-width: 4 1870 | ; End: 1871 | -------------------------------------------------------------------------------- /php5/fpm/php-fpm.conf: -------------------------------------------------------------------------------- 1 | ;;;;;;;;;;;;;;;;;;;;; 2 | ; FPM Configuration ; 3 | ;;;;;;;;;;;;;;;;;;;;; 4 | 5 | ; All relative paths in this configuration file are relative to PHP's install 6 | ; prefix (/usr). This prefix can be dynamically changed by using the 7 | ; '-p' argument from the command line. 8 | 9 | ; Include one or more files. If glob(3) exists, it is used to include a bunch of 10 | ; files from a glob(3) pattern. This directive can be used everywhere in the 11 | ; file. 12 | ; Relative path can also be used. They will be prefixed by: 13 | ; - the global prefix if it's been set (-p argument) 14 | ; - /usr otherwise 15 | ;include=/etc/php5/fpm/*.conf 16 | 17 | ;;;;;;;;;;;;;;;;;; 18 | ; Global Options ; 19 | ;;;;;;;;;;;;;;;;;; 20 | 21 | [global] 22 | ; Pid file 23 | ; Note: the default prefix is /var 24 | ; Default Value: none 25 | pid = /var/run/php5-fpm.pid 26 | 27 | ; Error log file 28 | ; If it's set to "syslog", log is sent to syslogd instead of being written 29 | ; in a local file. 30 | ; Note: the default prefix is /var 31 | ; Default Value: log/php-fpm.log 32 | error_log = /var/log/php5-fpm.log 33 | 34 | ; syslog_facility is used to specify what type of program is logging the 35 | ; message. This lets syslogd specify that messages from different facilities 36 | ; will be handled differently. 37 | ; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) 38 | ; Default Value: daemon 39 | ;syslog.facility = daemon 40 | 41 | ; syslog_ident is prepended to every message. If you have multiple FPM 42 | ; instances running on the same server, you can change the default value 43 | ; which must suit common needs. 44 | ; Default Value: php-fpm 45 | ;syslog.ident = php-fpm 46 | 47 | ; Log level 48 | ; Possible Values: alert, error, warning, notice, debug 49 | ; Default Value: notice 50 | ;log_level = notice 51 | 52 | ; If this number of child processes exit with SIGSEGV or SIGBUS within the time 53 | ; interval set by emergency_restart_interval then FPM will restart. A value 54 | ; of '0' means 'Off'. 55 | ; Default Value: 0 56 | ;emergency_restart_threshold = 0 57 | 58 | ; Interval of time used by emergency_restart_interval to determine when 59 | ; a graceful restart will be initiated. This can be useful to work around 60 | ; accidental corruptions in an accelerator's shared memory. 61 | ; Available Units: s(econds), m(inutes), h(ours), or d(ays) 62 | ; Default Unit: seconds 63 | ; Default Value: 0 64 | ;emergency_restart_interval = 0 65 | 66 | ; Time limit for child processes to wait for a reaction on signals from master. 67 | ; Available units: s(econds), m(inutes), h(ours), or d(ays) 68 | ; Default Unit: seconds 69 | ; Default Value: 0 70 | ;process_control_timeout = 0 71 | 72 | ; The maximum number of processes FPM will fork. This has been design to control 73 | ; the global number of processes when using dynamic PM within a lot of pools. 74 | ; Use it with caution. 75 | ; Note: A value of 0 indicates no limit 76 | ; Default Value: 0 77 | ; process.max = 128 78 | 79 | ; Specify the nice(2) priority to apply to the master process (only if set) 80 | ; The value can vary from -19 (highest priority) to 20 (lower priority) 81 | ; Note: - It will only work if the FPM master process is launched as root 82 | ; - The pool process will inherit the master process priority 83 | ; unless it specified otherwise 84 | ; Default Value: no set 85 | ; process.priority = -19 86 | 87 | ; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. 88 | ; Default Value: yes 89 | ;daemonize = yes 90 | 91 | ; Set open file descriptor rlimit for the master process. 92 | ; Default Value: system defined value 93 | ;rlimit_files = 1024 94 | 95 | ; Set max core size rlimit for the master process. 96 | ; Possible Values: 'unlimited' or an integer greater or equal to 0 97 | ; Default Value: system defined value 98 | ;rlimit_core = 0 99 | 100 | ; Specify the event mechanism FPM will use. The following is available: 101 | ; - select (any POSIX os) 102 | ; - poll (any POSIX os) 103 | ; - epoll (linux >= 2.5.44) 104 | ; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0) 105 | ; - /dev/poll (Solaris >= 7) 106 | ; - port (Solaris >= 10) 107 | ; Default Value: not set (auto detection) 108 | ;events.mechanism = epoll 109 | 110 | ; When FPM is build with systemd integration, specify the interval, 111 | ; in second, between health report notification to systemd. 112 | ; Set to 0 to disable. 113 | ; Available Units: s(econds), m(inutes), h(ours) 114 | ; Default Unit: seconds 115 | ; Default value: 10 116 | ;systemd_interval = 10 117 | 118 | ;;;;;;;;;;;;;;;;;;;; 119 | ; Pool Definitions ; 120 | ;;;;;;;;;;;;;;;;;;;; 121 | 122 | ; Multiple pools of child processes may be started with different listening 123 | ; ports and different management options. The name of the pool will be 124 | ; used in logs and stats. There is no limitation on the number of pools which 125 | ; FPM can handle. Your system will tell you anyway :) 126 | 127 | ; To configure the pools it is recommended to have one .conf file per 128 | ; pool in the following directory: 129 | include=/etc/php5/fpm/pool.d/*.conf 130 | 131 | -------------------------------------------------------------------------------- /php5/fpm/pool.d/example.com.conf: -------------------------------------------------------------------------------- 1 | ; Start a new pool named 'domain.com'. 2 | ; the variable $pool can we used in any directive and will be replaced by the 3 | ; pool name ('domain.com' here) 4 | [domain.com] 5 | 6 | ; Per pool prefix 7 | ; It only applies on the following directives: 8 | ; - 'slowlog' 9 | ; - 'listen' (unixsocket) 10 | ; - 'chroot' 11 | ; - 'chdir' 12 | ; - 'php_values' 13 | ; - 'php_admin_values' 14 | ; When not set, the global prefix (or /usr) applies instead. 15 | ; Note: This directive can also be relative to the global prefix. 16 | ; Default Value: none 17 | ;prefix = /path/to/pools/$pool 18 | 19 | ; Unix user/group of processes 20 | ; Note: The user is mandatory. If the group is not set, the default user's group 21 | ; will be used. 22 | user = site_uname 23 | group = www-data 24 | 25 | ; The address on which to accept FastCGI requests. 26 | ; Valid syntaxes are: 27 | ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on 28 | ; a specific port; 29 | ; 'port' - to listen on a TCP socket to all addresses on a 30 | ; specific port; 31 | ; '/path/to/unix/socket' - to listen on a unix socket. 32 | ; Note: This value is mandatory. 33 | ;listen = 127.0.0.1:9000 34 | Listen = /var/run/domain.com.sock 35 | 36 | ; Set listen(2) backlog. A value of '-1' means unlimited. 37 | ; Default Value: 128 (-1 on FreeBSD and OpenBSD) 38 | ;listen.backlog = -1 39 | 40 | ; Set permissions for unix socket, if one is used. In Linux, read/write 41 | ; permissions must be set in order to allow connections from a web server. Many 42 | ; BSD-derived systems allow connections regardless of permissions. 43 | ; Default Values: user and group are set as the running user 44 | ; mode is set to 0666 45 | listen.owner = site_uname 46 | listen.group = www-data 47 | listen.mode = 0660 48 | 49 | ; List of ipv4 addresses of FastCGI clients which are allowed to connect. 50 | ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original 51 | ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address 52 | ; must be separated by a comma. If this value is left blank, connections will be 53 | ; accepted from any ip address. 54 | ; Default Value: any 55 | ;listen.allowed_clients = 127.0.0.1 56 | 57 | ; Specify the nice(2) priority to apply to the pool processes (only if set) 58 | ; The value can vary from -19 (highest priority) to 20 (lower priority) 59 | ; Note: - It will only work if the FPM master process is launched as root 60 | ; - The pool processes will inherit the master process priority 61 | ; unless it specified otherwise 62 | ; Default Value: no set 63 | ; process.priority = -19 64 | 65 | ; Choose how the process manager will control the number of child processes. 66 | ; Possible Values: 67 | ; static - a fixed number (pm.max_children) of child processes; 68 | ; dynamic - the number of child processes are set dynamically based on the 69 | ; following directives. With this process management, there will be 70 | ; always at least 1 children. 71 | ; pm.max_children - the maximum number of children that can 72 | ; be alive at the same time. 73 | ; pm.start_servers - the number of children created on startup. 74 | ; pm.min_spare_servers - the minimum number of children in 'idle' 75 | ; state (waiting to process). If the number 76 | ; of 'idle' processes is less than this 77 | ; number then some children will be created. 78 | ; pm.max_spare_servers - the maximum number of children in 'idle' 79 | ; state (waiting to process). If the number 80 | ; of 'idle' processes is greater than this 81 | ; number then some children will be killed. 82 | ; ondemand - no children are created at startup. Children will be forked when 83 | ; new requests will connect. The following parameter are used: 84 | ; pm.max_children - the maximum number of children that 85 | ; can be alive at the same time. 86 | ; pm.process_idle_timeout - The number of seconds after which 87 | ; an idle process will be killed. 88 | ; Note: This value is mandatory. 89 | pm = ondemand 90 | 91 | ; The number of child processes to be created when pm is set to 'static' and the 92 | ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. 93 | ; This value sets the limit on the number of simultaneous requests that will be 94 | ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. 95 | ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP 96 | ; CGI. The below defaults are based on a server without much resources. Don't 97 | ; forget to tweak pm.* to fit your needs. 98 | ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' 99 | ; Note: This value is mandatory. 100 | pm.max_children = 10 101 | 102 | ; The number of child processes created on startup. 103 | ; Note: Used only when pm is set to 'dynamic' 104 | ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 105 | ;pm.start_servers = 4 106 | 107 | ; The desired minimum number of idle server processes. 108 | ; Note: Used only when pm is set to 'dynamic' 109 | ; Note: Mandatory when pm is set to 'dynamic' 110 | ;pm.min_spare_servers = 2 111 | 112 | ; The desired maximum number of idle server processes. 113 | ; Note: Used only when pm is set to 'dynamic' 114 | ; Note: Mandatory when pm is set to 'dynamic' 115 | ;pm.max_spare_servers = 6 116 | 117 | ; The number of seconds after which an idle process will be killed. 118 | ; Note: Used only when pm is set to 'ondemand' 119 | ; Default Value: 10s 120 | ;pm.process_idle_timeout = 10s; 121 | 122 | ; The number of requests each child process should execute before respawning. 123 | ; This can be useful to work around memory leaks in 3rd party libraries. For 124 | ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. 125 | ; Default Value: 0 126 | ;pm.max_requests = 500 127 | 128 | ; The URI to view the FPM status page. If this value is not set, no URI will be 129 | ; recognized as a status page. It shows the following informations: 130 | ; pool - the name of the pool; 131 | ; process manager - static, dynamic or ondemand; 132 | ; start time - the date and time FPM has started; 133 | ; start since - number of seconds since FPM has started; 134 | ; accepted conn - the number of request accepted by the pool; 135 | ; listen queue - the number of request in the queue of pending 136 | ; connections (see backlog in listen(2)); 137 | ; max listen queue - the maximum number of requests in the queue 138 | ; of pending connections since FPM has started; 139 | ; listen queue len - the size of the socket queue of pending connections; 140 | ; idle processes - the number of idle processes; 141 | ; active processes - the number of active processes; 142 | ; total processes - the number of idle + active processes; 143 | ; max active processes - the maximum number of active processes since FPM 144 | ; has started; 145 | ; max children reached - number of times, the process limit has been reached, 146 | ; when pm tries to start more children (works only for 147 | ; pm 'dynamic' and 'ondemand'); 148 | ; Value are updated in real time. 149 | ; Example output: 150 | ; pool: www 151 | ; process manager: static 152 | ; start time: 01/Jul/2011:17:53:49 +0200 153 | ; start since: 62636 154 | ; accepted conn: 190460 155 | ; listen queue: 0 156 | ; max listen queue: 1 157 | ; listen queue len: 42 158 | ; idle processes: 4 159 | ; active processes: 11 160 | ; total processes: 15 161 | ; max active processes: 12 162 | ; max children reached: 0 163 | ; 164 | ; By default the status page output is formatted as text/plain. Passing either 165 | ; 'html', 'xml' or 'json' in the query string will return the corresponding 166 | ; output syntax. Example: 167 | ; http://www.foo.bar/status 168 | ; http://www.foo.bar/status?json 169 | ; http://www.foo.bar/status?html 170 | ; http://www.foo.bar/status?xml 171 | ; 172 | ; By default the status page only outputs short status. Passing 'full' in the 173 | ; query string will also return status for each pool process. 174 | ; Example: 175 | ; http://www.foo.bar/status?full 176 | ; http://www.foo.bar/status?json&full 177 | ; http://www.foo.bar/status?html&full 178 | ; http://www.foo.bar/status?xml&full 179 | ; The Full status returns for each process: 180 | ; pid - the PID of the process; 181 | ; state - the state of the process (Idle, Running, ...); 182 | ; start time - the date and time the process has started; 183 | ; start since - the number of seconds since the process has started; 184 | ; requests - the number of requests the process has served; 185 | ; request duration - the duration in µs of the requests; 186 | ; request method - the request method (GET, POST, ...); 187 | ; request URI - the request URI with the query string; 188 | ; content length - the content length of the request (only with POST); 189 | ; user - the user (PHP_AUTH_USER) (or '-' if not set); 190 | ; script - the main script called (or '-' if not set); 191 | ; last request cpu - the %cpu the last request consumed 192 | ; it's always 0 if the process is not in Idle state 193 | ; because CPU calculation is done when the request 194 | ; processing has terminated; 195 | ; last request memory - the max amount of memory the last request consumed 196 | ; it's always 0 if the process is not in Idle state 197 | ; because memory calculation is done when the request 198 | ; processing has terminated; 199 | ; If the process is in Idle state, then informations are related to the 200 | ; last request the process has served. Otherwise informations are related to 201 | ; the current request being served. 202 | ; Example output: 203 | ; ************************ 204 | ; pid: 31330 205 | ; state: Running 206 | ; start time: 01/Jul/2011:17:53:49 +0200 207 | ; start since: 63087 208 | ; requests: 12808 209 | ; request duration: 1250261 210 | ; request method: GET 211 | ; request URI: /test_mem.php?N=10000 212 | ; content length: 0 213 | ; user: - 214 | ; script: /home/fat/web/docs/php/test_mem.php 215 | ; last request cpu: 0.00 216 | ; last request memory: 0 217 | ; 218 | ; Note: There is a real-time FPM status monitoring sample web page available 219 | ; It's available in: ${prefix}/share/fpm/status.html 220 | ; 221 | ; Note: The value must start with a leading slash (/). The value can be 222 | ; anything, but it may not be a good idea to use the .php extension or it 223 | ; may conflict with a real PHP file. 224 | ; Default Value: not set 225 | ;pm.status_path = /status 226 | 227 | ; The ping URI to call the monitoring page of FPM. If this value is not set, no 228 | ; URI will be recognized as a ping page. This could be used to test from outside 229 | ; that FPM is alive and responding, or to 230 | ; - create a graph of FPM availability (rrd or such); 231 | ; - remove a server from a group if it is not responding (load balancing); 232 | ; - trigger alerts for the operating team (24/7). 233 | ; Note: The value must start with a leading slash (/). The value can be 234 | ; anything, but it may not be a good idea to use the .php extension or it 235 | ; may conflict with a real PHP file. 236 | ; Default Value: not set 237 | ;ping.path = /ping 238 | 239 | ; This directive may be used to customize the response of a ping request. The 240 | ; response is formatted as text/plain with a 200 response code. 241 | ; Default Value: pong 242 | ;ping.response = pong 243 | 244 | ; The access log file 245 | ; Default: not set 246 | ;access.log = log/$pool.access.log 247 | 248 | ; The access log format. 249 | ; The following syntax is allowed 250 | ; %%: the '%' character 251 | ; %C: %CPU used by the request 252 | ; it can accept the following format: 253 | ; - %{user}C for user CPU only 254 | ; - %{system}C for system CPU only 255 | ; - %{total}C for user + system CPU (default) 256 | ; %d: time taken to serve the request 257 | ; it can accept the following format: 258 | ; - %{seconds}d (default) 259 | ; - %{miliseconds}d 260 | ; - %{mili}d 261 | ; - %{microseconds}d 262 | ; - %{micro}d 263 | ; %e: an environment variable (same as $_ENV or $_SERVER) 264 | ; it must be associated with embraces to specify the name of the env 265 | ; variable. Some exemples: 266 | ; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e 267 | ; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e 268 | ; %f: script filename 269 | ; %l: content-length of the request (for POST request only) 270 | ; %m: request method 271 | ; %M: peak of memory allocated by PHP 272 | ; it can accept the following format: 273 | ; - %{bytes}M (default) 274 | ; - %{kilobytes}M 275 | ; - %{kilo}M 276 | ; - %{megabytes}M 277 | ; - %{mega}M 278 | ; %n: pool name 279 | ; %o: output header 280 | ; it must be associated with embraces to specify the name of the header: 281 | ; - %{Content-Type}o 282 | ; - %{X-Powered-By}o 283 | ; - %{Transfert-Encoding}o 284 | ; - .... 285 | ; %p: PID of the child that serviced the request 286 | ; %P: PID of the parent of the child that serviced the request 287 | ; %q: the query string 288 | ; %Q: the '?' character if query string exists 289 | ; %r: the request URI (without the query string, see %q and %Q) 290 | ; %R: remote IP address 291 | ; %s: status (response code) 292 | ; %t: server time the request was received 293 | ; it can accept a strftime(3) format: 294 | ; %d/%b/%Y:%H:%M:%S %z (default) 295 | ; %T: time the log has been written (the request has finished) 296 | ; it can accept a strftime(3) format: 297 | ; %d/%b/%Y:%H:%M:%S %z (default) 298 | ; %u: remote user 299 | ; 300 | ; Default: "%R - %u %t \"%m %r\" %s" 301 | ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" 302 | 303 | ; The log file for slow requests 304 | ; Default Value: not set 305 | ; Note: slowlog is mandatory if request_slowlog_timeout is set 306 | ;slowlog = log/$pool.log.slow 307 | 308 | ; The timeout for serving a single request after which a PHP backtrace will be 309 | ; dumped to the 'slowlog' file. A value of '0s' means 'off'. 310 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 311 | ; Default Value: 0 312 | ;request_slowlog_timeout = 0 313 | 314 | ; The timeout for serving a single request after which the worker process will 315 | ; be killed. This option should be used when the 'max_execution_time' ini option 316 | ; does not stop script execution for some reason. A value of '0' means 'off'. 317 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 318 | ; Default Value: 0 319 | ;request_terminate_timeout = 0 320 | 321 | ; Set open file descriptor rlimit. 322 | ; Default Value: system defined value 323 | ;rlimit_files = 1024 324 | 325 | ; Set max core size rlimit. 326 | ; Possible Values: 'unlimited' or an integer greater or equal to 0 327 | ; Default Value: system defined value 328 | ;rlimit_core = 0 329 | 330 | ; Chroot to this directory at the start. This value must be defined as an 331 | ; absolute path. When this value is not set, chroot is not used. 332 | ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one 333 | ; of its subdirectories. If the pool prefix is not set, the global prefix 334 | ; will be used instead. 335 | ; Note: chrooting is a great security feature and should be used whenever 336 | ; possible. However, all PHP paths will be relative to the chroot 337 | ; (error_log, sessions.save_path, ...). 338 | ; Default Value: not set 339 | ;chroot = 340 | 341 | ; Chdir to this directory at the start. 342 | ; Note: relative path can be used. 343 | ; Default Value: current directory or / when chroot 344 | chdir = / 345 | 346 | ; Redirect worker stdout and stderr into main error log. If not set, stdout and 347 | ; stderr will be redirected to /dev/null according to FastCGI specs. 348 | ; Note: on highloaded environement, this can cause some delay in the page 349 | ; process time (several ms). 350 | ; Default Value: no 351 | ;catch_workers_output = yes 352 | 353 | ; Clear environment in FPM workers 354 | ; Prevents arbitrary environment variables from reaching FPM worker processes 355 | ; by clearing the environment in workers before env vars specified in this 356 | ; pool configuration are added. 357 | ; Setting to "no" will make all environment variables available to PHP code 358 | ; via getenv(), $_ENV and $_SERVER. 359 | ; Default Value: yes 360 | ;clear_env = no 361 | 362 | ; Limits the extensions of the main script FPM will allow to parse. This can 363 | ; prevent configuration mistakes on the web server side. You should only limit 364 | ; FPM to .php extensions to prevent malicious users to use other extensions to 365 | ; exectute php code. 366 | ; Note: set an empty value to allow all extensions. 367 | ; Default Value: .php 368 | ;security.limit_extensions = .php .php3 .php4 .php5 369 | 370 | ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from 371 | ; the current environment. 372 | ; Default Value: clean env 373 | ;env[HOSTNAME] = $HOSTNAME 374 | ;env[PATH] = /usr/local/bin:/usr/bin:/bin 375 | ;env[TMP] = /tmp 376 | ;env[TMPDIR] = /tmp 377 | ;env[TEMP] = /tmp 378 | 379 | ; Additional php.ini defines, specific to this pool of workers. These settings 380 | ; overwrite the values previously defined in the php.ini. The directives are the 381 | ; same as the PHP SAPI: 382 | ; php_value/php_flag - you can set classic ini defines which can 383 | ; be overwritten from PHP call 'ini_set'. 384 | ; php_admin_value/php_admin_flag - these directives won't be overwritten by 385 | ; PHP call 'ini_set' 386 | ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. 387 | 388 | ; Defining 'extension' will load the corresponding shared extension from 389 | ; extension_dir. Defining 'disable_functions' or 'disable_classes' will not 390 | ; overwrite previously defined php.ini values, but will append the new value 391 | ; instead. 392 | 393 | ; Note: path INI options can be relative and will be expanded with the prefix 394 | ; (pool, global or /usr) 395 | 396 | ; Default Value: nothing is defined by default except the values in php.ini and 397 | ; specified at startup with the -d argument 398 | ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com 399 | ;php_flag[display_errors] = off 400 | php_admin_value[error_log] = /var/log/nginx-error/domain.com.log 401 | php_admin_flag[log_errors] = on 402 | ;php_admin_value[memory_limit] = 32M 403 | ; Change to default email 404 | ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f user@domain.com 405 | -------------------------------------------------------------------------------- /php5/mods-available/curl.ini: -------------------------------------------------------------------------------- 1 | ; configuration for php CURL module 2 | ; priority=20 3 | extension=curl.so 4 | -------------------------------------------------------------------------------- /php5/mods-available/gd.ini: -------------------------------------------------------------------------------- 1 | ; configuration for php GD module 2 | ; priority=20 3 | extension=gd.so 4 | -------------------------------------------------------------------------------- /php5/mods-available/json.ini: -------------------------------------------------------------------------------- 1 | ; configuration for php json module 2 | ; priority=20 3 | extension=json.so 4 | -------------------------------------------------------------------------------- /php5/mods-available/mcrypt.ini: -------------------------------------------------------------------------------- 1 | ; configuration for php MCrypt module 2 | ; priority=20 3 | extension=mcrypt.so 4 | -------------------------------------------------------------------------------- /php5/mods-available/memcached.ini: -------------------------------------------------------------------------------- 1 | ; uncomment the next line to enable the module 2 | extension=memcached.so 3 | -------------------------------------------------------------------------------- /php5/mods-available/mysql.ini: -------------------------------------------------------------------------------- 1 | ; configuration for php MySQL module 2 | ; priority=20 3 | extension=mysql.so 4 | -------------------------------------------------------------------------------- /php5/mods-available/mysqli.ini: -------------------------------------------------------------------------------- 1 | ; configuration for php MySQL module 2 | ; priority=20 3 | extension=mysqli.so 4 | -------------------------------------------------------------------------------- /php5/mods-available/opcache.ini: -------------------------------------------------------------------------------- 1 | ; configuration for php ZendOpcache module 2 | ; priority=05 3 | zend_extension=opcache.so 4 | 5 | ; Sets how much memory to use 6 | opcache.memory_consumption=128 7 | 8 | ;Sets how much memory should be used by OPcache for storing internal strings 9 | ;(e.g. classnames and the files they are contained in) 10 | opcache.interned_strings_buffer=8 11 | 12 | ; The maximum number of files OPcache will cache 13 | opcache.max_accelerated_files=4000 14 | 15 | ;How often (in seconds) to check file timestamps for changes to the shared 16 | ;memory storage allocation. 17 | opcache.revalidate_freq=60 18 | 19 | ;If enabled, a fast shutdown sequence is used for the accelerated code 20 | ;The fast shutdown sequence doesn't free each allocated block, but lets 21 | ;the Zend Engine Memory Manager do the work. 22 | opcache.fast_shutdown=1 23 | 24 | ;Enables the OPcache for the CLI version of PHP. 25 | opcache.enable_cli=1 -------------------------------------------------------------------------------- /php5/mods-available/pdo.ini: -------------------------------------------------------------------------------- 1 | ; configuration for php PDO module 2 | ; priority=10 3 | extension=pdo.so 4 | -------------------------------------------------------------------------------- /php5/mods-available/pdo_mysql.ini: -------------------------------------------------------------------------------- 1 | ; configuration for php MySQL module 2 | ; priority=20 3 | extension=pdo_mysql.so 4 | -------------------------------------------------------------------------------- /php5/mods-available/pspell.ini: -------------------------------------------------------------------------------- 1 | ; configuration for php pspell module 2 | ; priority=20 3 | extension=pspell.so 4 | -------------------------------------------------------------------------------- /php5/mods-available/readline.ini: -------------------------------------------------------------------------------- 1 | ; configuration for php readline module 2 | ; priority=20 3 | extension=readline.so 4 | -------------------------------------------------------------------------------- /php5/mods-available/tidy.ini: -------------------------------------------------------------------------------- 1 | ; configuration for php tidy module 2 | ; priority=20 3 | extension=tidy.so 4 | -------------------------------------------------------------------------------- /php5/mods-available/xmlrpc.ini: -------------------------------------------------------------------------------- 1 | ; configuration for php XML-RPC module 2 | ; priority=20 3 | extension=xmlrpc.so 4 | -------------------------------------------------------------------------------- /php5/mods-available/xsl.ini: -------------------------------------------------------------------------------- 1 | ; configuration for php XSL module 2 | ; priority=20 3 | extension=xsl.so 4 | --------------------------------------------------------------------------------