├── .gitignore
├── LICENSE
├── README.md
├── ansible
├── README.md
└── install
│ ├── install.yml
│ └── prepare.yml
├── docker-compose.yml
├── nginx.conf
└── php-fpm
├── Dockerfile
└── php.ini-production
/.gitignore:
--------------------------------------------------------------------------------
1 | mariadb
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | Apache License
2 | Version 2.0, January 2004
3 | http://www.apache.org/licenses/
4 |
5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
6 |
7 | 1. Definitions.
8 |
9 | "License" shall mean the terms and conditions for use, reproduction,
10 | and distribution as defined by Sections 1 through 9 of this document.
11 |
12 | "Licensor" shall mean the copyright owner or entity authorized by
13 | the copyright owner that is granting the License.
14 |
15 | "Legal Entity" shall mean the union of the acting entity and all
16 | other entities that control, are controlled by, or are under common
17 | control with that entity. For the purposes of this definition,
18 | "control" means (i) the power, direct or indirect, to cause the
19 | direction or management of such entity, whether by contract or
20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the
21 | outstanding shares, or (iii) beneficial ownership of such entity.
22 |
23 | "You" (or "Your") shall mean an individual or Legal Entity
24 | exercising permissions granted by this License.
25 |
26 | "Source" form shall mean the preferred form for making modifications,
27 | including but not limited to software source code, documentation
28 | source, and configuration files.
29 |
30 | "Object" form shall mean any form resulting from mechanical
31 | transformation or translation of a Source form, including but
32 | not limited to compiled object code, generated documentation,
33 | and conversions to other media types.
34 |
35 | "Work" shall mean the work of authorship, whether in Source or
36 | Object form, made available under the License, as indicated by a
37 | copyright notice that is included in or attached to the work
38 | (an example is provided in the Appendix below).
39 |
40 | "Derivative Works" shall mean any work, whether in Source or Object
41 | form, that is based on (or derived from) the Work and for which the
42 | editorial revisions, annotations, elaborations, or other modifications
43 | represent, as a whole, an original work of authorship. For the purposes
44 | of this License, Derivative Works shall not include works that remain
45 | separable from, or merely link (or bind by name) to the interfaces of,
46 | the Work and Derivative Works thereof.
47 |
48 | "Contribution" shall mean any work of authorship, including
49 | the original version of the Work and any modifications or additions
50 | to that Work or Derivative Works thereof, that is intentionally
51 | submitted to Licensor for inclusion in the Work by the copyright owner
52 | or by an individual or Legal Entity authorized to submit on behalf of
53 | the copyright owner. For the purposes of this definition, "submitted"
54 | means any form of electronic, verbal, or written communication sent
55 | to the Licensor or its representatives, including but not limited to
56 | communication on electronic mailing lists, source code control systems,
57 | and issue tracking systems that are managed by, or on behalf of, the
58 | Licensor for the purpose of discussing and improving the Work, but
59 | excluding communication that is conspicuously marked or otherwise
60 | designated in writing by the copyright owner as "Not a Contribution."
61 |
62 | "Contributor" shall mean Licensor and any individual or Legal Entity
63 | on behalf of whom a Contribution has been received by Licensor and
64 | subsequently incorporated within the Work.
65 |
66 | 2. Grant of Copyright License. Subject to the terms and conditions of
67 | this License, each Contributor hereby grants to You a perpetual,
68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
69 | copyright license to reproduce, prepare Derivative Works of,
70 | publicly display, publicly perform, sublicense, and distribute the
71 | Work and such Derivative Works in Source or Object form.
72 |
73 | 3. Grant of Patent License. Subject to the terms and conditions of
74 | this License, each Contributor hereby grants to You a perpetual,
75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable
76 | (except as stated in this section) patent license to make, have made,
77 | use, offer to sell, sell, import, and otherwise transfer the Work,
78 | where such license applies only to those patent claims licensable
79 | by such Contributor that are necessarily infringed by their
80 | Contribution(s) alone or by combination of their Contribution(s)
81 | with the Work to which such Contribution(s) was submitted. If You
82 | institute patent litigation against any entity (including a
83 | cross-claim or counterclaim in a lawsuit) alleging that the Work
84 | or a Contribution incorporated within the Work constitutes direct
85 | or contributory patent infringement, then any patent licenses
86 | granted to You under this License for that Work shall terminate
87 | as of the date such litigation is filed.
88 |
89 | 4. Redistribution. You may reproduce and distribute copies of the
90 | Work or Derivative Works thereof in any medium, with or without
91 | modifications, and in Source or Object form, provided that You
92 | meet the following conditions:
93 |
94 | (a) You must give any other recipients of the Work or
95 | Derivative Works a copy of this License; and
96 |
97 | (b) You must cause any modified files to carry prominent notices
98 | stating that You changed the files; and
99 |
100 | (c) You must retain, in the Source form of any Derivative Works
101 | that You distribute, all copyright, patent, trademark, and
102 | attribution notices from the Source form of the Work,
103 | excluding those notices that do not pertain to any part of
104 | the Derivative Works; and
105 |
106 | (d) If the Work includes a "NOTICE" text file as part of its
107 | distribution, then any Derivative Works that You distribute must
108 | include a readable copy of the attribution notices contained
109 | within such NOTICE file, excluding those notices that do not
110 | pertain to any part of the Derivative Works, in at least one
111 | of the following places: within a NOTICE text file distributed
112 | as part of the Derivative Works; within the Source form or
113 | documentation, if provided along with the Derivative Works; or,
114 | within a display generated by the Derivative Works, if and
115 | wherever such third-party notices normally appear. The contents
116 | of the NOTICE file are for informational purposes only and
117 | do not modify the License. You may add Your own attribution
118 | notices within Derivative Works that You distribute, alongside
119 | or as an addendum to the NOTICE text from the Work, provided
120 | that such additional attribution notices cannot be construed
121 | as modifying the License.
122 |
123 | You may add Your own copyright statement to Your modifications and
124 | may provide additional or different license terms and conditions
125 | for use, reproduction, or distribution of Your modifications, or
126 | for any such Derivative Works as a whole, provided Your use,
127 | reproduction, and distribution of the Work otherwise complies with
128 | the conditions stated in this License.
129 |
130 | 5. Submission of Contributions. Unless You explicitly state otherwise,
131 | any Contribution intentionally submitted for inclusion in the Work
132 | by You to the Licensor shall be under the terms and conditions of
133 | this License, without any additional terms or conditions.
134 | Notwithstanding the above, nothing herein shall supersede or modify
135 | the terms of any separate license agreement you may have executed
136 | with Licensor regarding such Contributions.
137 |
138 | 6. Trademarks. This License does not grant permission to use the trade
139 | names, trademarks, service marks, or product names of the Licensor,
140 | except as required for reasonable and customary use in describing the
141 | origin of the Work and reproducing the content of the NOTICE file.
142 |
143 | 7. Disclaimer of Warranty. Unless required by applicable law or
144 | agreed to in writing, Licensor provides the Work (and each
145 | Contributor provides its Contributions) on an "AS IS" BASIS,
146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
147 | implied, including, without limitation, any warranties or conditions
148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
149 | PARTICULAR PURPOSE. You are solely responsible for determining the
150 | appropriateness of using or redistributing the Work and assume any
151 | risks associated with Your exercise of permissions under this License.
152 |
153 | 8. Limitation of Liability. In no event and under no legal theory,
154 | whether in tort (including negligence), contract, or otherwise,
155 | unless required by applicable law (such as deliberate and grossly
156 | negligent acts) or agreed to in writing, shall any Contributor be
157 | liable to You for damages, including any direct, indirect, special,
158 | incidental, or consequential damages of any character arising as a
159 | result of this License or out of the use or inability to use the
160 | Work (including but not limited to damages for loss of goodwill,
161 | work stoppage, computer failure or malfunction, or any and all
162 | other commercial damages or losses), even if such Contributor
163 | has been advised of the possibility of such damages.
164 |
165 | 9. Accepting Warranty or Additional Liability. While redistributing
166 | the Work or Derivative Works thereof, You may choose to offer,
167 | and charge a fee for, acceptance of support, warranty, indemnity,
168 | or other liability obligations and/or rights consistent with this
169 | License. However, in accepting such obligations, You may act only
170 | on Your own behalf and on Your sole responsibility, not on behalf
171 | of any other Contributor, and only if You agree to indemnify,
172 | defend, and hold each Contributor harmless for any liability
173 | incurred by, or claims asserted against, such Contributor by reason
174 | of your accepting any such warranty or additional liability.
175 |
176 | END OF TERMS AND CONDITIONS
177 |
178 | APPENDIX: How to apply the Apache License to your work.
179 |
180 | To apply the Apache License to your work, attach the following
181 | boilerplate notice, with the fields enclosed by brackets "[]"
182 | replaced with your own identifying information. (Don't include
183 | the brackets!) The text should be enclosed in the appropriate
184 | comment syntax for the file format. We also recommend that a
185 | file or class name and description of purpose be included on the
186 | same "printed page" as the copyright notice for easier
187 | identification within third-party archives.
188 |
189 | Copyright [yyyy] [name of copyright owner]
190 |
191 | Licensed under the Apache License, Version 2.0 (the "License");
192 | you may not use this file except in compliance with the License.
193 | You may obtain a copy of the License at
194 |
195 | http://www.apache.org/licenses/LICENSE-2.0
196 |
197 | Unless required by applicable law or agreed to in writing, software
198 | distributed under the License is distributed on an "AS IS" BASIS,
199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
200 | See the License for the specific language governing permissions and
201 | limitations under the License.
202 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | 
2 | # Nextcloud Dockerized
3 |
4 | Currently existing "all-in-one" Nextcloud solutions using Docker are either unoptimized or lack many configuration options for advanced setup scenarios. This setup is close to an optimized Nextcloud baremetal installation but with each component being dockerized.
5 |
6 | With this project you **don't need to do manual configuration** such as...
7 | - installing webserver, php, redis
8 | - installing php extensions
9 | - optimizing web server and php for performance and large filesizes
10 |
11 | However, you must still...
12 | - download nextcloud
13 | - set permissions
14 | - set your domain names and passwords in the config files
15 |
16 | ...or use the provided Ansible playbook to set things up for you.
17 |
18 |
19 | Disclaimer:
20 | This project is in no way associated with the official Nextcloud project. This project is maintained by me and is intended for expert use. If you want something simple to set up but with less configuration options consider the [Nextcloud All-In-One docker container](https://github.com/nextcloud/all-in-one#nextcloud-all-in-one). I do not take responsibility if you mess up your server, existing Nextcloud or lose your job because the Nextcloud calendar broke.
21 |
22 | ## Features
23 | - An optimized version of php-fpm as described in the official Nextcloud [documentation](https://docs.nextcloud.com/server/28/admin_manual/installation/php_configuration.html).
24 | - Nginx preinstalled and already configured for Nextcloud as described in the [documentation](https://docs.nextcloud.com/server/28/admin_manual/installation/nginx.html).
25 | - Redis preinstalled.
26 | - Nextcloud system cronjob preconfigured.
27 |
28 | ## Install Guide
29 |
30 | If you use Ansible, you can use the provided playbook.
31 |
32 | This assumes you already know how to install Nextcloud on a baremetal server or are familiar with the [documentation](https://docs.nextcloud.com/server/28/admin_manual/installation/index.html).
33 |
34 | ### Directories and file permissions
35 | You need to create two directories. One where your Nextcloud webroot will be and another where you want the data to be. The location doesn't really matter. *In this example* we have both directories in **/your/nextcloud/root** bt you should choose your own.
36 |
37 | Next, download the latest archive containing Nextcloud from the official site [here](https://download.nextcloud.com/server/releases/latest.zip) and put it in `/your/nextcloud/root`.
38 |
39 | Unzip the archive with `unzip latest.zip`. This will create the directory `/your/nextcloud/root/nextcloud`.
40 |
41 | Create the directory where your Nextcloud data will be: `mkdir /your/nextcloud/root/data`
42 |
43 | Set the correct owner for both directories:
44 |
45 | `sudo chown -R www-data:www-data /your/nextcloud/root/nextcloud`
46 |
47 | `sudo chown -R www-data:www-data /your/nextcloud/root/data`
48 |
49 |
50 |
51 | ### Setting up Docker Compose
52 | You must set some environment variables. Create a **.env** file in the root of the cloned repo.
53 | - DATA_DIR: Where your nextcloud data is. The same as /your/nextcloud/root/data
54 | - NEXTCLOUD_DIR: Where your nextcloud webroot is. The same as /your/nextcloud/root/nextcloud
55 | - MARIADB_ROOT_PASS and MARIADB_PASS: Password for your mariadb root user and the user called "nextcloud"
56 | - TRAEFIK_CUSTOM_MIDDLEWARES: (optional) If you plan to use Traefik and want to add additional middlewares, if you have any
57 | - DOMAIN: Set this to your domain like **"\`example.com\`"** or for more than one **"\`example.com\`,\`another.com\`"** without the double quotes. **Don't forget the backticks!**
58 |
59 | ### Building php-fpm
60 | Because the official php-fpm images don't have and php extensions installed, we must do it ourselves.
61 | Simply run this command from the root of the cloned repo:
62 |
63 | `docker compose build php-fpm-nextcloud`
64 |
65 | this will take a while.
66 |
67 | ### Installing Nextcloud
68 |
69 | Run `docker compose up -d`. If something doesn't work try debugging it yourself of open an issue with the php-fpm and nginx logs attached.
70 |
71 | Install Nextcloud how you usually would through the web interface. Use the MariaDB database and fill in the passwords you chose earlier. The database host is **mariadb-nextcloud:3306**
72 |
73 | ### Editing the Nextcloud config
74 | Edit `/your/nextcloud/root/nextcloud/config/config.php` and add the following optimizations:
75 |
76 | ```
77 | 'memcache.local' => '\\OC\\Memcache\\APCu',
78 | 'maintenance_window_start' => 1,
79 | 'filelocking.enabled' => true,
80 | 'memcache.locking' => '\OC\Memcache\Redis',
81 | 'redis' => array(
82 | 'host' => 'redis-nextcloud',
83 | 'port' => 6379,
84 | 'timeout' => 0.0,
85 | ),
86 | ```
87 |
88 | ### Editing nginx.conf
89 | You may also have to replace `example.com` with your own domain or multiple domains in the nginx.conf file.
90 |
91 |
92 | ### Adding Traefik (optional)
93 | Check out the *traefik* branch for instructions
94 |
95 |
96 | ### Migrating from existing Nextcloud
97 | To migrate you follow the steps described in the official [docs](https://docs.nextcloud.com/server/28/admin_manual/maintenance/migrating.html). The only difference here is importing the database backup into MariaDB running in the Docker Container. The way I did it is I exposed a port to MariaDB in the docker compose file and I ran something like `mysql -h localhost -P [PORT] -u nextcloud -p[PASSWORD] nextcloud < database.bak` to import the backed up database.
98 |
--------------------------------------------------------------------------------
/ansible/README.md:
--------------------------------------------------------------------------------
1 | # Install using ansible
2 |
3 | These are some sample playbooks to quickly get everything up and running
--------------------------------------------------------------------------------
/ansible/install/install.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Installing Nextcloud from https://github.com/flor0/nextcloud-docker
3 | hosts: nextcloud
4 | become: yes
5 |
6 | vars:
7 | # Change these variables to your setup
8 | # Make sure they are the same in prepare.yml
9 | mariadb_pass: password123
10 | mariadb_root_pass: password123
11 | data_dir: ~/nextcloud/data
12 | nextcloud_root: ~/nextcloud
13 | docker_compose_dir: ~/docker/nextcloud
14 |
15 | tasks:
16 | - name: Ensure ~/docker/ exists
17 | ansible.builtin.file:
18 | path: ~/docker/
19 | state: directory
20 | mode: '0755'
21 | - name: Git clone Nextcloud Docker
22 | ansible.builtin.git:
23 | repo: https://github.com/flor0/nextcloud-docker.git
24 | dest: ~/docker/nextcloud
25 | - name: Configuring .env by writing to it
26 | ansible.builtin.copy:
27 | content: |
28 | DATA_DIR={{ data_dir }}
29 | NEXTCLOUD_DIR={{ nextcloud_dir }}/nextcloud
30 | MARIADB_ROOT_PASS={{ mariadb_root_pass }}
31 | MARIADB_PASS={{ mariadb_pass }}
32 | dest: "~{{ docker_compose_dir }}/.env"
33 | - name: Running docker-compose build php-fpm-nextcloud
34 | ansible.builtin.command:
35 | cmd: docker compose -f ~/docker/nextcloud/docker-compose.yml build php-fpm-nextcloud
36 | - name: Running docker-compose up -d
37 | ansible.builtin.command:
38 | cmd: docker compose -f ~/docker/nextcloud/docker-compose.yml up -d
39 |
40 |
--------------------------------------------------------------------------------
/ansible/install/prepare.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Setting up directories and downloading Nextcloud
3 | hosts: nextcloud
4 | become: yes
5 |
6 | vars:
7 | # Change these variables to your setup
8 | # Make sure they are the same in install.yml
9 | data_dir: ~/nextcloud/data
10 | nextcloud_root: ~/nextcloud/ # This is the root directory of the nextcloud installation, like /var/www/html
11 |
12 | tasks:
13 | - name: Ensure nextcloud_root exists
14 | ansible.builtin.file:
15 | path: {{ nextcloud_root }}
16 | state: directory
17 | mode: '0755'
18 | - name: Ensure data_dir exists
19 | ansible.builtin.file:
20 | path: {{ data_dir }}
21 | state: directory
22 | mode: '0755'
23 | - name: Downloading latest nextcloud archive
24 | ansible.builtin.get_url:
25 | url: https://download.nextcloud.com/server/releases/latest.zip
26 | dest: "{{ nextcloud_root }}/latest.zip"
27 | - name: Extracting nextcloud archive into "{{ nextcloud_root }}/nextcloud"
28 | ansible.builtin.unarchive:
29 | src: {{ nextcloud_root }}/latest.zip
30 | dest: {{ nextcloud_root }}
31 | remote_src: yes
32 | - name: Set owner www-data:www-data for nextcloud_root
33 | ansible.builtin.file:
34 | path: {{ nextcloud_root }}
35 | owner: www-data
36 | group: www-data
37 | recurse: yes
38 | - name: Set owner www-data:www-data for data_dir
39 | ansible.builtin.file:
40 | path: {{ data_dir }}
41 | owner: www-data
42 | group: www-data
43 | recurse: yes
44 | - name: Delete {{ nextcloud_root }}/latest.zip
45 | ansible.builtin.file:
46 | path: {{ nextcloud_root }}/latest.zip
47 | state: absent
48 |
--------------------------------------------------------------------------------
/docker-compose.yml:
--------------------------------------------------------------------------------
1 | ---
2 | services:
3 |
4 | nginx:
5 | container_name: nginx-nextcloud
6 | image: nginx:latest
7 | ports:
8 | - 80:80
9 | - 443:443
10 | volumes:
11 | - ${NEXTCLOUD_DIR}:/var/www/html
12 | - ${DATA_DIR}:/data
13 | - ./nginx.conf:/etc/nginx/nginx.conf:ro
14 | networks:
15 | - nextcloud
16 | depends_on:
17 | - php-fpm-nextcloud
18 | - redis-nextcloud
19 | - mariadb-nextcloud
20 |
21 | php-fpm-nextcloud:
22 | container_name: php-fpm-nextcloud
23 | build:
24 | context: ./php-fpm
25 | tags:
26 | - localhost/php-fpm-nextcloud:latest
27 | volumes:
28 | - ${NEXTCLOUD_DIR}:/var/www/html
29 | - ${DATA_DIR}:/data
30 | networks:
31 | - nextcloud
32 |
33 | mariadb-nextcloud:
34 | container_name: mariadb-nextcloud
35 | image: mariadb:10.11
36 | command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
37 | restart: always
38 | volumes:
39 | - ./mariadb:/var/lib/mysql
40 | environment:
41 | - MYSQL_ROOT_PASSWORD=${MARIADB_ROOT_PASS}
42 | - MYSQL_PASSWORD=${MARIADB_PASS}
43 | - MYSQL_DATABASE=nextcloud
44 | - MYSQL_USER=nextcloud
45 | networks:
46 | - nextcloud
47 |
48 | redis-nextcloud:
49 | container_name: redis-nextcloud
50 | # image: redis:latest
51 | # keydb is a fork and drop-in replacement for Redis
52 | image: eqalpha/keydb
53 | restart: unless-stopped
54 | networks:
55 | - nextcloud
56 |
57 | cron-nextcloud:
58 | container_name: cron-nextcloud
59 | image: localhost/php-fpm-nextcloud:latest
60 | restart: unless-stopped
61 | command: ["bash", "-c", "while true; do echo \"Running cron job\"; php /var/www/html/cron.php; sleep 300; done"]
62 | user: www-data
63 | networks:
64 | - nextcloud
65 | volumes:
66 | - ${NEXTCLOUD_DIR}:/var/www/html
67 | - ${DATA_DIR}:/data
68 | depends_on:
69 | - php-fpm-nextcloud
70 | - redis-nextcloud
71 | - mariadb-nextcloud
72 |
73 | networks:
74 | nextcloud:
75 | driver: bridge
76 |
--------------------------------------------------------------------------------
/nginx.conf:
--------------------------------------------------------------------------------
1 | events { worker_connections 1024; }
2 | http {
3 |
4 | upstream php-handler {
5 | server php-fpm-nextcloud:9000;
6 | #server unix:/run/php/php8.2-fpm.sock;
7 | }
8 |
9 | # Set the `immutable` cache control options only for assets with a cache busting `v` argument
10 | map $arg_v $asset_immutable {
11 | "" "";
12 | default ", immutable";
13 | }
14 |
15 | server {
16 | listen 80;
17 | listen [::]:80;
18 | # INFO: Set this to your domain
19 | server_name example.com;
20 |
21 | # Prevent nginx HTTP Server Detection
22 | server_tokens off;
23 |
24 | # Path to the root of your installation
25 | root /var/www/html;
26 |
27 |
28 | # HSTS settings
29 | # WARNING: Only add the preload option once you read about
30 | # the consequences in https://hstspreload.org/. This option
31 | # will add the domain to a hardcoded list that is shipped
32 | # in all major browsers and getting removed from this list
33 | # could take several months.
34 | add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
35 |
36 | # set max upload size and increase upload timeout:
37 | client_max_body_size 10G;
38 | client_body_timeout 300s;
39 | fastcgi_buffers 64 4K;
40 |
41 | # Enable gzip but do not remove ETag headers
42 | gzip on;
43 | gzip_vary on;
44 | gzip_comp_level 4;
45 | gzip_min_length 256;
46 | gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
47 | gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
48 |
49 | # Pagespeed is not supported by Nextcloud, so if your server is built
50 | # with the `ngx_pagespeed` module, uncomment this line to disable it.
51 | #pagespeed off;
52 |
53 | # The settings allows you to optimize the HTTP2 bandwidth.
54 | # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
55 | # for tuning hints
56 | client_body_buffer_size 512k;
57 |
58 | # HTTP response headers borrowed from Nextcloud `.htaccess`
59 | add_header Referrer-Policy "no-referrer" always;
60 | add_header X-Content-Type-Options "nosniff" always;
61 | add_header X-Frame-Options "SAMEORIGIN" always;
62 | add_header X-Permitted-Cross-Domain-Policies "none" always;
63 | add_header X-Robots-Tag "noindex, nofollow" always;
64 | add_header X-XSS-Protection "1; mode=block" always;
65 |
66 | # Remove X-Powered-By, which is an information leak
67 | fastcgi_hide_header X-Powered-By;
68 |
69 | # Set .mjs and .wasm MIME types
70 | # Either include it in the default mime.types list
71 | # and include that list explicitly or add the file extension
72 | # only for Nextcloud like below:
73 | include mime.types;
74 | types {
75 | text/javascript js mjs;
76 | application/wasm wasm;
77 | }
78 |
79 | # Specify how to handle directories -- specifying `/index.php$request_uri`
80 | # here as the fallback means that Nginx always exhibits the desired behaviour
81 | # when a client requests a path that corresponds to a directory that exists
82 | # on the server. In particular, if that directory contains an index.php file,
83 | # that file is correctly served; if it doesn't, then the request is passed to
84 | # the front-end controller. This consistent behaviour means that we don't need
85 | # to specify custom rules for certain paths (e.g. images and other assets,
86 | # `/updater`, `/ocs-provider`), and thus
87 | # `try_files $uri $uri/ /index.php$request_uri`
88 | # always provides the desired behaviour.
89 | index index.php index.html /index.php$request_uri;
90 |
91 | # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
92 | location = / {
93 | if ( $http_user_agent ~ ^DavClnt ) {
94 | return 302 /remote.php/webdav/$is_args$args;
95 | }
96 | }
97 |
98 | location = /robots.txt {
99 | allow all;
100 | log_not_found off;
101 | access_log off;
102 | }
103 |
104 | # Make a regex exception for `/.well-known` so that clients can still
105 | # access it despite the existence of the regex rule
106 | # `location ~ /(\.|autotest|...)` which would otherwise handle requests
107 | # for `/.well-known`.
108 | location ^~ /.well-known {
109 | # The rules in this block are an adaptation of the rules
110 | # in `.htaccess` that concern `/.well-known`.
111 |
112 | location = /.well-known/carddav { return 301 /remote.php/dav/; }
113 | location = /.well-known/caldav { return 301 /remote.php/dav/; }
114 |
115 | # My own test
116 | location = /.well-known/webfinger { return 301 /index.php/.well-known/webfinger; }
117 | location = /.well-known/nodeinfo { return 301 /index.php/.well-known/nodeinfo; }
118 |
119 | location /.well-known/acme-challenge { try_files $uri $uri/ =404; }
120 | location /.well-known/pki-validation { try_files $uri $uri/ =404; }
121 |
122 | # Let Nextcloud's API for `/.well-known` URIs handle all other
123 | # requests by passing them to the front-end controller.
124 | return 301 /index.php$request_uri;
125 | }
126 |
127 | # Rules borrowed from `.htaccess` to hide certain paths from clients
128 | location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
129 | location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
130 |
131 | # Ensure this block, which passes PHP files to the PHP process, is above the blocks
132 | # which handle static assets (as seen below). If this block is not declared first,
133 | # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
134 | # to the URI, resulting in a HTTP 500 error response.
135 | location ~ \.php(?:$|/) {
136 | # Required for legacy support
137 | rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode(_arm64)?\/proxy) /index.php$request_uri;
138 |
139 | fastcgi_split_path_info ^(.+?\.php)(/.*)$;
140 | set $path_info $fastcgi_path_info;
141 |
142 | try_files $fastcgi_script_name =404;
143 |
144 | include fastcgi_params;
145 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
146 | fastcgi_param PATH_INFO $path_info;
147 | fastcgi_param HTTPS on;
148 |
149 | fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
150 | fastcgi_param front_controller_active true; # Enable pretty urls
151 | fastcgi_pass php-handler;
152 |
153 | fastcgi_intercept_errors on;
154 | fastcgi_request_buffering off;
155 |
156 | fastcgi_max_temp_file_size 0;
157 | }
158 |
159 | # Serve static files
160 | location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
161 | try_files $uri /index.php$request_uri;
162 | # HTTP response headers borrowed from Nextcloud `.htaccess`
163 | add_header Cache-Control "public, max-age=15778463$asset_immutable";
164 | add_header Referrer-Policy "no-referrer" always;
165 | add_header X-Content-Type-Options "nosniff" always;
166 | add_header X-Frame-Options "SAMEORIGIN" always;
167 | add_header X-Permitted-Cross-Domain-Policies "none" always;
168 | add_header X-Robots-Tag "noindex, nofollow" always;
169 | add_header X-XSS-Protection "1; mode=block" always;
170 | access_log off; # Optional: Don't log access to assets
171 | }
172 |
173 | location ~ \.woff2?$ {
174 | try_files $uri /index.php$request_uri;
175 | expires 7d; # Cache-Control policy borrowed from `.htaccess`
176 | access_log off; # Optional: Don't log access to assets
177 | }
178 |
179 | # Rule borrowed from `.htaccess`
180 | location /remote {
181 | return 301 /remote.php$request_uri;
182 | }
183 |
184 | location / {
185 | try_files $uri $uri/ /index.php$request_uri;
186 | }
187 | }
188 | }
189 |
--------------------------------------------------------------------------------
/php-fpm/Dockerfile:
--------------------------------------------------------------------------------
1 | # Use the PHP 8.3 FPM image as the base
2 | FROM php:8.3-fpm
3 |
4 | # Install system dependencies
5 | RUN apt-get update && apt-get install -y \
6 | libfreetype6-dev \
7 | libjpeg62-turbo-dev \
8 | libpng-dev \
9 | libwebp-dev \
10 | libxpm-dev \
11 | zlib1g-dev \
12 | libzip-dev \
13 | libmariadb-dev \
14 | libxml2-dev \
15 | libldap2-dev \
16 | libsmbclient-dev \
17 | libcurl4-openssl-dev \
18 | imagemagick \
19 | && rm -rf /var/lib/apt/lists/*
20 |
21 | # Download and install the docker-php-extension-installer script
22 | RUN curl -sSL https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions -o /usr/local/bin/install-php-extensions \
23 | && chmod +x /usr/local/bin/install-php-extensions
24 |
25 | # Install PHP extensions
26 | RUN install-php-extensions \
27 | ctype \
28 | curl \
29 | dom \
30 | fileinfo \
31 | gd \
32 | hash \
33 | json \
34 | libxml \
35 | mbstring \
36 | openssl \
37 | posix \
38 | session \
39 | simplexml \
40 | xmlreader \
41 | xmlwriter \
42 | zip \
43 | zlib \
44 | pdo_mysql \
45 | intl \
46 | sodium \
47 | ldap \
48 | smbclient \
49 | ftp \
50 | imap \
51 | bcmath \
52 | gmp \
53 | exif \
54 | apcu \
55 | memcached \
56 | redis \
57 | sysvsem \
58 | opcache \
59 | imagick/imagick@master
60 |
61 | # Copy optimized php.ini
62 | COPY ./php.ini-production /usr/local/etc/php/php.ini
63 |
64 | # Set the working directory
65 | WORKDIR /var/www/html
66 |
67 | # Start PHP-FPM
68 | CMD ["bash", "-c", "php-fpm"]
69 |
--------------------------------------------------------------------------------
/php-fpm/php.ini-production:
--------------------------------------------------------------------------------
1 | [PHP]
2 |
3 | ;;;;;;;;;;;;;;;;;;;
4 | ; About php.ini ;
5 | ;;;;;;;;;;;;;;;;;;;
6 | ; PHP's initialization file, generally called php.ini, is responsible for
7 | ; configuring many of the aspects of PHP's behavior.
8 |
9 | ; PHP attempts to find and load this configuration from a number of locations.
10 | ; The following is a summary of its search order:
11 | ; 1. SAPI module specific location.
12 | ; 2. The PHPRC environment variable.
13 | ; 3. A number of predefined registry keys on Windows
14 | ; 4. Current working directory (except CLI)
15 | ; 5. The web server's directory (for SAPI modules), or directory of PHP
16 | ; (otherwise in Windows)
17 | ; 6. The directory from the --with-config-file-path compile time option, or the
18 | ; Windows directory (usually C:\windows)
19 | ; See the PHP docs for more specific information.
20 | ; https://php.net/configuration.file
21 |
22 | ; The syntax of the file is extremely simple. Whitespace and lines
23 | ; beginning with a semicolon are silently ignored (as you probably guessed).
24 | ; Section headers (e.g. [Foo]) are also silently ignored, even though
25 | ; they might mean something in the future.
26 |
27 | ; Directives following the section heading [PATH=/www/mysite] only
28 | ; apply to PHP files in the /www/mysite directory. Directives
29 | ; following the section heading [HOST=www.example.com] only apply to
30 | ; PHP files served from www.example.com. Directives set in these
31 | ; special sections cannot be overridden by user-defined INI files or
32 | ; at runtime. Currently, [PATH=] and [HOST=] sections only work under
33 | ; CGI/FastCGI.
34 | ; https://php.net/ini.sections
35 |
36 | ; Directives are specified using the following syntax:
37 | ; directive = value
38 | ; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
39 | ; Directives are variables used to configure PHP or PHP extensions.
40 | ; There is no name validation. If PHP can't find an expected
41 | ; directive because it is not set or is mistyped, a default value will be used.
42 |
43 | ; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
44 | ; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
45 | ; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a
46 | ; previously set variable or directive (e.g. ${foo})
47 |
48 | ; Expressions in the INI file are limited to bitwise operators and parentheses:
49 | ; | bitwise OR
50 | ; ^ bitwise XOR
51 | ; & bitwise AND
52 | ; ~ bitwise NOT
53 | ; ! boolean NOT
54 |
55 | ; Boolean flags can be turned on using the values 1, On, True or Yes.
56 | ; They can be turned off using the values 0, Off, False or No.
57 |
58 | ; An empty string can be denoted by simply not writing anything after the equal
59 | ; sign, or by using the None keyword:
60 |
61 | ; foo = ; sets foo to an empty string
62 | ; foo = None ; sets foo to an empty string
63 | ; foo = "None" ; sets foo to the string 'None'
64 |
65 | ; If you use constants in your value, and these constants belong to a
66 | ; dynamically loaded extension (either a PHP extension or a Zend extension),
67 | ; you may only use these constants *after* the line that loads the extension.
68 |
69 | ;;;;;;;;;;;;;;;;;;;
70 | ; About this file ;
71 | ;;;;;;;;;;;;;;;;;;;
72 | ; PHP comes packaged with two INI files. One that is recommended to be used
73 | ; in production environments and one that is recommended to be used in
74 | ; development environments.
75 |
76 | ; php.ini-production contains settings which hold security, performance and
77 | ; best practices at its core. But please be aware, these settings may break
78 | ; compatibility with older or less security conscience applications. We
79 | ; recommending using the production ini in production and testing environments.
80 |
81 | ; php.ini-development is very similar to its production variant, except it is
82 | ; much more verbose when it comes to errors. We recommend using the
83 | ; development version only in development environments, as errors shown to
84 | ; application users can inadvertently leak otherwise secure information.
85 |
86 | ; This is the php.ini-production INI file.
87 |
88 | ;;;;;;;;;;;;;;;;;;;
89 | ; Quick Reference ;
90 | ;;;;;;;;;;;;;;;;;;;
91 |
92 | ; The following are all the settings which are different in either the production
93 | ; or development versions of the INIs with respect to PHP's default behavior.
94 | ; Please see the actual settings later in the document for more details as to why
95 | ; we recommend these changes in PHP's behavior.
96 |
97 | ; display_errors
98 | ; Default Value: On
99 | ; Development Value: On
100 | ; Production Value: Off
101 |
102 | ; display_startup_errors
103 | ; Default Value: On
104 | ; Development Value: On
105 | ; Production Value: Off
106 |
107 | ; error_reporting
108 | ; Default Value: E_ALL
109 | ; Development Value: E_ALL
110 | ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
111 |
112 | ; log_errors
113 | ; Default Value: Off
114 | ; Development Value: On
115 | ; Production Value: On
116 |
117 | ; max_input_time
118 | ; Default Value: -1 (Unlimited)
119 | ; Development Value: 60 (60 seconds)
120 | ; Production Value: 60 (60 seconds)
121 |
122 | ; output_buffering
123 | ; Default Value: Off
124 | ; Development Value: 4096
125 | ; Production Value: 4096
126 |
127 | ; register_argc_argv
128 | ; Default Value: On
129 | ; Development Value: Off
130 | ; Production Value: Off
131 |
132 | ; request_order
133 | ; Default Value: None
134 | ; Development Value: "GP"
135 | ; Production Value: "GP"
136 |
137 | ; session.gc_divisor
138 | ; Default Value: 100
139 | ; Development Value: 1000
140 | ; Production Value: 1000
141 |
142 | ; session.sid_bits_per_character
143 | ; Default Value: 4
144 | ; Development Value: 5
145 | ; Production Value: 5
146 |
147 | ; short_open_tag
148 | ; Default Value: On
149 | ; Development Value: Off
150 | ; Production Value: Off
151 |
152 | ; variables_order
153 | ; Default Value: "EGPCS"
154 | ; Development Value: "GPCS"
155 | ; Production Value: "GPCS"
156 |
157 | ; zend.exception_ignore_args
158 | ; Default Value: Off
159 | ; Development Value: Off
160 | ; Production Value: On
161 |
162 | ; zend.exception_string_param_max_len
163 | ; Default Value: 15
164 | ; Development Value: 15
165 | ; Production Value: 0
166 |
167 | ;;;;;;;;;;;;;;;;;;;;
168 | ; php.ini Options ;
169 | ;;;;;;;;;;;;;;;;;;;;
170 | ; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
171 | ;user_ini.filename = ".user.ini"
172 |
173 | ; To disable this feature set this option to an empty value
174 | ;user_ini.filename =
175 |
176 | ; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes)
177 | ;user_ini.cache_ttl = 300
178 |
179 | ;;;;;;;;;;;;;;;;;;;;
180 | ; Language Options ;
181 | ;;;;;;;;;;;;;;;;;;;;
182 |
183 | ; Enable the PHP scripting language engine under Apache.
184 | ; https://php.net/engine
185 | engine = On
186 |
187 | ; This directive determines whether or not PHP will recognize code between
188 | ; tags as PHP source which should be processed as such. It is
189 | ; generally recommended that should be used and that this feature
190 | ; should be disabled, as enabling it may result in issues when generating XML
191 | ; documents, however this remains supported for backward compatibility reasons.
192 | ; Note that this directive does not control the would work.
332 | ; https://php.net/syntax-highlighting
333 | ;highlight.string = #DD0000
334 | ;highlight.comment = #FF9900
335 | ;highlight.keyword = #007700
336 | ;highlight.default = #0000BB
337 | ;highlight.html = #000000
338 |
339 | ; If enabled, the request will be allowed to complete even if the user aborts
340 | ; the request. Consider enabling it if executing long requests, which may end up
341 | ; being interrupted by the user or a browser timing out. PHP's default behavior
342 | ; is to disable this feature.
343 | ; https://php.net/ignore-user-abort
344 | ;ignore_user_abort = On
345 |
346 | ; Determines the size of the realpath cache to be used by PHP. This value should
347 | ; be increased on systems where PHP opens many files to reflect the quantity of
348 | ; the file operations performed.
349 | ; Note: if open_basedir is set, the cache is disabled
350 | ; https://php.net/realpath-cache-size
351 | realpath_cache_size = 4096k
352 |
353 | ; Duration of time, in seconds for which to cache realpath information for a given
354 | ; file or directory. For systems with rarely changing files, consider increasing this
355 | ; value.
356 | ; https://php.net/realpath-cache-ttl
357 | realpath_cache_ttl = 120
358 |
359 | ; Enables or disables the circular reference collector.
360 | ; https://php.net/zend.enable-gc
361 | zend.enable_gc = On
362 |
363 | ; If enabled, scripts may be written in encodings that are incompatible with
364 | ; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such
365 | ; encodings. To use this feature, mbstring extension must be enabled.
366 | ;zend.multibyte = Off
367 |
368 | ; Allows to set the default encoding for the scripts. This value will be used
369 | ; unless "declare(encoding=...)" directive appears at the top of the script.
370 | ; Only affects if zend.multibyte is set.
371 | ;zend.script_encoding =
372 |
373 | ; Allows to include or exclude arguments from stack traces generated for exceptions.
374 | ; In production, it is recommended to turn this setting on to prohibit the output
375 | ; of sensitive information in stack traces
376 | ; Default Value: Off
377 | ; Development Value: Off
378 | ; Production Value: On
379 | zend.exception_ignore_args = On
380 |
381 | ; Allows setting the maximum string length in an argument of a stringified stack trace
382 | ; to a value between 0 and 1000000.
383 | ; This has no effect when zend.exception_ignore_args is enabled.
384 | ; Default Value: 15
385 | ; Development Value: 15
386 | ; Production Value: 0
387 | ; In production, it is recommended to set this to 0 to reduce the output
388 | ; of sensitive information in stack traces.
389 | zend.exception_string_param_max_len = 0
390 |
391 | ;;;;;;;;;;;;;;;;;
392 | ; Miscellaneous ;
393 | ;;;;;;;;;;;;;;;;;
394 |
395 | ; Decides whether PHP may expose the fact that it is installed on the server
396 | ; (e.g. by adding its signature to the Web server header). It is no security
397 | ; threat in any way, but it makes it possible to determine whether you use PHP
398 | ; on your server or not.
399 | ; https://php.net/expose-php
400 | expose_php = On
401 |
402 | ;;;;;;;;;;;;;;;;;;;
403 | ; Resource Limits ;
404 | ;;;;;;;;;;;;;;;;;;;
405 |
406 | ; Maximum execution time of each script, in seconds
407 | ; https://php.net/max-execution-time
408 | ; Note: This directive is hardcoded to 0 for the CLI SAPI
409 | max_execution_time = 30
410 |
411 | ; Maximum amount of time each script may spend parsing request data. It's a good
412 | ; idea to limit this time on productions servers in order to eliminate unexpectedly
413 | ; long running scripts.
414 | ; Note: This directive is hardcoded to -1 for the CLI SAPI
415 | ; Default Value: -1 (Unlimited)
416 | ; Development Value: 60 (60 seconds)
417 | ; Production Value: 60 (60 seconds)
418 | ; https://php.net/max-input-time
419 | max_input_time = 60
420 |
421 | ; Maximum input variable nesting level
422 | ; https://php.net/max-input-nesting-level
423 | ;max_input_nesting_level = 64
424 |
425 | ; How many GET/POST/COOKIE input variables may be accepted
426 | ;max_input_vars = 1000
427 |
428 | ; How many multipart body parts (combined input variable and file uploads) may
429 | ; be accepted.
430 | ; Default Value: -1 (Sum of max_input_vars and max_file_uploads)
431 | ;max_multipart_body_parts = 1500
432 |
433 | ; Maximum amount of memory a script may consume
434 | ; https://php.net/memory-limit
435 | memory_limit = 2048M
436 |
437 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
438 | ; Error handling and logging ;
439 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
440 |
441 | ; This directive informs PHP of which errors, warnings and notices you would like
442 | ; it to take action for. The recommended way of setting values for this
443 | ; directive is through the use of the error level constants and bitwise
444 | ; operators. The error level constants are below here for convenience as well as
445 | ; some common settings and their meanings.
446 | ; By default, PHP is set to take action on all errors, notices and warnings EXCEPT
447 | ; those related to E_NOTICE and E_STRICT, which together cover best practices and
448 | ; recommended coding standards in PHP. For performance reasons, this is the
449 | ; recommend error reporting setting. Your production server shouldn't be wasting
450 | ; resources complaining about best practices and coding standards. That's what
451 | ; development servers and development settings are for.
452 | ; Note: The php.ini-development file has this setting as E_ALL. This
453 | ; means it pretty much reports everything which is exactly what you want during
454 | ; development and early testing.
455 | ;
456 | ; Error Level Constants:
457 | ; E_ALL - All errors and warnings
458 | ; E_ERROR - fatal run-time errors
459 | ; E_RECOVERABLE_ERROR - almost fatal run-time errors
460 | ; E_WARNING - run-time warnings (non-fatal errors)
461 | ; E_PARSE - compile-time parse errors
462 | ; E_NOTICE - run-time notices (these are warnings which often result
463 | ; from a bug in your code, but it's possible that it was
464 | ; intentional (e.g., using an uninitialized variable and
465 | ; relying on the fact it is automatically initialized to an
466 | ; empty string)
467 | ; E_STRICT - run-time notices, enable to have PHP suggest changes
468 | ; to your code which will ensure the best interoperability
469 | ; and forward compatibility of your code
470 | ; E_CORE_ERROR - fatal errors that occur during PHP's initial startup
471 | ; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's
472 | ; initial startup
473 | ; E_COMPILE_ERROR - fatal compile-time errors
474 | ; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
475 | ; E_USER_ERROR - user-generated error message
476 | ; E_USER_WARNING - user-generated warning message
477 | ; E_USER_NOTICE - user-generated notice message
478 | ; E_DEPRECATED - warn about code that will not work in future versions
479 | ; of PHP
480 | ; E_USER_DEPRECATED - user-generated deprecation warnings
481 | ;
482 | ; Common Values:
483 | ; E_ALL (Show all errors, warnings and notices including coding standards.)
484 | ; E_ALL & ~E_NOTICE (Show all errors, except for notices)
485 | ; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.)
486 | ; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
487 | ; Default Value: E_ALL
488 | ; Development Value: E_ALL
489 | ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
490 | ; https://php.net/error-reporting
491 | error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
492 |
493 | ; This directive controls whether or not and where PHP will output errors,
494 | ; notices and warnings too. Error output is very useful during development, but
495 | ; it could be very dangerous in production environments. Depending on the code
496 | ; which is triggering the error, sensitive information could potentially leak
497 | ; out of your application such as database usernames and passwords or worse.
498 | ; For production environments, we recommend logging errors rather than
499 | ; sending them to STDOUT.
500 | ; Possible Values:
501 | ; Off = Do not display any errors
502 | ; stderr = Display errors to STDERR (affects only CGI/CLI binaries!)
503 | ; On or stdout = Display errors to STDOUT
504 | ; Default Value: On
505 | ; Development Value: On
506 | ; Production Value: Off
507 | ; https://php.net/display-errors
508 | display_errors = Off
509 |
510 | ; The display of errors which occur during PHP's startup sequence are handled
511 | ; separately from display_errors. We strongly recommend you set this to 'off'
512 | ; for production servers to avoid leaking configuration details.
513 | ; Default Value: On
514 | ; Development Value: On
515 | ; Production Value: Off
516 | ; https://php.net/display-startup-errors
517 | display_startup_errors = Off
518 |
519 | ; Besides displaying errors, PHP can also log errors to locations such as a
520 | ; server-specific log, STDERR, or a location specified by the error_log
521 | ; directive found below. While errors should not be displayed on productions
522 | ; servers they should still be monitored and logging is a great way to do that.
523 | ; Default Value: Off
524 | ; Development Value: On
525 | ; Production Value: On
526 | ; https://php.net/log-errors
527 | log_errors = On
528 |
529 | ; Do not log repeated messages. Repeated errors must occur in same file on same
530 | ; line unless ignore_repeated_source is set true.
531 | ; https://php.net/ignore-repeated-errors
532 | ignore_repeated_errors = Off
533 |
534 | ; Ignore source of message when ignoring repeated messages. When this setting
535 | ; is On you will not log errors with repeated messages from different files or
536 | ; source lines.
537 | ; https://php.net/ignore-repeated-source
538 | ignore_repeated_source = Off
539 |
540 | ; If this parameter is set to Off, then memory leaks will not be shown (on
541 | ; stdout or in the log). This is only effective in a debug compile, and if
542 | ; error reporting includes E_WARNING in the allowed list
543 | ; https://php.net/report-memleaks
544 | report_memleaks = On
545 |
546 | ; This setting is off by default.
547 | ;report_zend_debug = 0
548 |
549 | ; Turn off normal error reporting and emit XML-RPC error XML
550 | ; https://php.net/xmlrpc-errors
551 | ;xmlrpc_errors = 0
552 |
553 | ; An XML-RPC faultCode
554 | ;xmlrpc_error_number = 0
555 |
556 | ; When PHP displays or logs an error, it has the capability of formatting the
557 | ; error message as HTML for easier reading. This directive controls whether
558 | ; the error message is formatted as HTML or not.
559 | ; Note: This directive is hardcoded to Off for the CLI SAPI
560 | ; https://php.net/html-errors
561 | ;html_errors = On
562 |
563 | ; If html_errors is set to On *and* docref_root is not empty, then PHP
564 | ; produces clickable error messages that direct to a page describing the error
565 | ; or function causing the error in detail.
566 | ; You can download a copy of the PHP manual from https://php.net/docs
567 | ; and change docref_root to the base URL of your local copy including the
568 | ; leading '/'. You must also specify the file extension being used including
569 | ; the dot. PHP's default behavior is to leave these settings empty, in which
570 | ; case no links to documentation are generated.
571 | ; Note: Never use this feature for production boxes.
572 | ; https://php.net/docref-root
573 | ; Examples
574 | ;docref_root = "/phpmanual/"
575 |
576 | ; https://php.net/docref-ext
577 | ;docref_ext = .html
578 |
579 | ; String to output before an error message. PHP's default behavior is to leave
580 | ; this setting blank.
581 | ; https://php.net/error-prepend-string
582 | ; Example:
583 | ;error_prepend_string = ""
584 |
585 | ; String to output after an error message. PHP's default behavior is to leave
586 | ; this setting blank.
587 | ; https://php.net/error-append-string
588 | ; Example:
589 | ;error_append_string = ""
590 |
591 | ; Log errors to specified file. PHP's default behavior is to leave this value
592 | ; empty.
593 | ; https://php.net/error-log
594 | ; Example:
595 | ;error_log = php_errors.log
596 | ; Log errors to syslog (Event Log on Windows).
597 | ;error_log = syslog
598 |
599 | ; The syslog ident is a string which is prepended to every message logged
600 | ; to syslog. Only used when error_log is set to syslog.
601 | ;syslog.ident = php
602 |
603 | ; The syslog facility is used to specify what type of program is logging
604 | ; the message. Only used when error_log is set to syslog.
605 | ;syslog.facility = user
606 |
607 | ; Set this to disable filtering control characters (the default).
608 | ; Some loggers only accept NVT-ASCII, others accept anything that's not
609 | ; control characters. If your logger accepts everything, then no filtering
610 | ; is needed at all.
611 | ; Allowed values are:
612 | ; ascii (all printable ASCII characters and NL)
613 | ; no-ctrl (all characters except control characters)
614 | ; all (all characters)
615 | ; raw (like "all", but messages are not split at newlines)
616 | ; https://php.net/syslog.filter
617 | ;syslog.filter = ascii
618 |
619 | ;windows.show_crt_warning
620 | ; Default value: 0
621 | ; Development value: 0
622 | ; Production value: 0
623 |
624 | ;;;;;;;;;;;;;;;;;
625 | ; Data Handling ;
626 | ;;;;;;;;;;;;;;;;;
627 |
628 | ; The separator used in PHP generated URLs to separate arguments.
629 | ; PHP's default setting is "&".
630 | ; https://php.net/arg-separator.output
631 | ; Example:
632 | ;arg_separator.output = "&"
633 |
634 | ; List of separator(s) used by PHP to parse input URLs into variables.
635 | ; PHP's default setting is "&".
636 | ; NOTE: Every character in this directive is considered as separator!
637 | ; https://php.net/arg-separator.input
638 | ; Example:
639 | ;arg_separator.input = ";&"
640 |
641 | ; This directive determines which super global arrays are registered when PHP
642 | ; starts up. G,P,C,E & S are abbreviations for the following respective super
643 | ; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty
644 | ; paid for the registration of these arrays and because ENV is not as commonly
645 | ; used as the others, ENV is not recommended on productions servers. You
646 | ; can still get access to the environment variables through getenv() should you
647 | ; need to.
648 | ; Default Value: "EGPCS"
649 | ; Development Value: "GPCS"
650 | ; Production Value: "GPCS";
651 | ; https://php.net/variables-order
652 | variables_order = "GPCS"
653 |
654 | ; This directive determines which super global data (G,P & C) should be
655 | ; registered into the super global array REQUEST. If so, it also determines
656 | ; the order in which that data is registered. The values for this directive
657 | ; are specified in the same manner as the variables_order directive,
658 | ; EXCEPT one. Leaving this value empty will cause PHP to use the value set
659 | ; in the variables_order directive. It does not mean it will leave the super
660 | ; globals array REQUEST empty.
661 | ; Default Value: None
662 | ; Development Value: "GP"
663 | ; Production Value: "GP"
664 | ; https://php.net/request-order
665 | request_order = "GP"
666 |
667 | ; This directive determines whether PHP registers $argv & $argc each time it
668 | ; runs. $argv contains an array of all the arguments passed to PHP when a script
669 | ; is invoked. $argc contains an integer representing the number of arguments
670 | ; that were passed when the script was invoked. These arrays are extremely
671 | ; useful when running scripts from the command line. When this directive is
672 | ; enabled, registering these variables consumes CPU cycles and memory each time
673 | ; a script is executed. For performance reasons, this feature should be disabled
674 | ; on production servers.
675 | ; Note: This directive is hardcoded to On for the CLI SAPI
676 | ; Default Value: On
677 | ; Development Value: Off
678 | ; Production Value: Off
679 | ; https://php.net/register-argc-argv
680 | register_argc_argv = Off
681 |
682 | ; When enabled, the ENV, REQUEST and SERVER variables are created when they're
683 | ; first used (Just In Time) instead of when the script starts. If these
684 | ; variables are not used within a script, having this directive on will result
685 | ; in a performance gain. The PHP directive register_argc_argv must be disabled
686 | ; for this directive to have any effect.
687 | ; https://php.net/auto-globals-jit
688 | auto_globals_jit = On
689 |
690 | ; Whether PHP will read the POST data.
691 | ; This option is enabled by default.
692 | ; Most likely, you won't want to disable this option globally. It causes $_POST
693 | ; and $_FILES to always be empty; the only way you will be able to read the
694 | ; POST data will be through the php://input stream wrapper. This can be useful
695 | ; to proxy requests or to process the POST data in a memory efficient fashion.
696 | ; https://php.net/enable-post-data-reading
697 | ;enable_post_data_reading = Off
698 |
699 | ; Maximum size of POST data that PHP will accept.
700 | ; Its value may be 0 to disable the limit. It is ignored if POST data reading
701 | ; is disabled through enable_post_data_reading.
702 | ; https://php.net/post-max-size
703 | post_max_size = 10G
704 |
705 | ; Automatically add files before PHP document.
706 | ; https://php.net/auto-prepend-file
707 | auto_prepend_file =
708 |
709 | ; Automatically add files after PHP document.
710 | ; https://php.net/auto-append-file
711 | auto_append_file =
712 |
713 | ; By default, PHP will output a media type using the Content-Type header. To
714 | ; disable this, simply set it to be empty.
715 | ;
716 | ; PHP's built-in default media type is set to text/html.
717 | ; https://php.net/default-mimetype
718 | default_mimetype = "text/html"
719 |
720 | ; PHP's default character set is set to UTF-8.
721 | ; https://php.net/default-charset
722 | default_charset = "UTF-8"
723 |
724 | ; PHP internal character encoding is set to empty.
725 | ; If empty, default_charset is used.
726 | ; https://php.net/internal-encoding
727 | ;internal_encoding =
728 |
729 | ; PHP input character encoding is set to empty.
730 | ; If empty, default_charset is used.
731 | ; https://php.net/input-encoding
732 | ;input_encoding =
733 |
734 | ; PHP output character encoding is set to empty.
735 | ; If empty, default_charset is used.
736 | ; See also output_buffer.
737 | ; https://php.net/output-encoding
738 | ;output_encoding =
739 |
740 | ;;;;;;;;;;;;;;;;;;;;;;;;;
741 | ; Paths and Directories ;
742 | ;;;;;;;;;;;;;;;;;;;;;;;;;
743 |
744 | ; UNIX: "/path1:/path2"
745 | ;include_path = ".:/php/includes"
746 | ;
747 | ; Windows: "\path1;\path2"
748 | ;include_path = ".;c:\php\includes"
749 | ;
750 | ; PHP's default setting for include_path is ".;/path/to/php/pear"
751 | ; https://php.net/include-path
752 |
753 | ; The root of the PHP pages, used only if nonempty.
754 | ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
755 | ; if you are running php as a CGI under any web server (other than IIS)
756 | ; see documentation for security issues. The alternate is to use the
757 | ; cgi.force_redirect configuration below
758 | ; https://php.net/doc-root
759 | doc_root =
760 |
761 | ; The directory under which PHP opens the script using /~username used only
762 | ; if nonempty.
763 | ; https://php.net/user-dir
764 | user_dir =
765 |
766 | ; Directory in which the loadable extensions (modules) reside.
767 | ; https://php.net/extension-dir
768 | ;extension_dir = "./"
769 | ; On windows:
770 | ;extension_dir = "ext"
771 |
772 | ; Directory where the temporary files should be placed.
773 | ; Defaults to the system default (see sys_get_temp_dir)
774 | ;sys_temp_dir = "/tmp"
775 |
776 | ; Whether or not to enable the dl() function. The dl() function does NOT work
777 | ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
778 | ; disabled on them.
779 | ; https://php.net/enable-dl
780 | enable_dl = Off
781 |
782 | ; cgi.force_redirect is necessary to provide security running PHP as a CGI under
783 | ; most web servers. Left undefined, PHP turns this on by default. You can
784 | ; turn it off here AT YOUR OWN RISK
785 | ; **You CAN safely turn this off for IIS, in fact, you MUST.**
786 | ; https://php.net/cgi.force-redirect
787 | ;cgi.force_redirect = 1
788 |
789 | ; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
790 | ; every request. PHP's default behavior is to disable this feature.
791 | ;cgi.nph = 1
792 |
793 | ; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
794 | ; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
795 | ; will look for to know it is OK to continue execution. Setting this variable MAY
796 | ; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
797 | ; https://php.net/cgi.redirect-status-env
798 | ;cgi.redirect_status_env =
799 |
800 | ; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
801 | ; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
802 | ; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
803 | ; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting
804 | ; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
805 | ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
806 | ; https://php.net/cgi.fix-pathinfo
807 | ;cgi.fix_pathinfo=1
808 |
809 | ; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside
810 | ; of the web tree and people will not be able to circumvent .htaccess security.
811 | ;cgi.discard_path=1
812 |
813 | ; FastCGI under IIS supports the ability to impersonate
814 | ; security tokens of the calling client. This allows IIS to define the
815 | ; security context that the request runs under. mod_fastcgi under Apache
816 | ; does not currently support this feature (03/17/2002)
817 | ; Set to 1 if running under IIS. Default is zero.
818 | ; https://php.net/fastcgi.impersonate
819 | ;fastcgi.impersonate = 1
820 |
821 | ; Disable logging through FastCGI connection. PHP's default behavior is to enable
822 | ; this feature.
823 | ;fastcgi.logging = 0
824 |
825 | ; cgi.rfc2616_headers configuration option tells PHP what type of headers to
826 | ; use when sending HTTP response code. If set to 0, PHP sends Status: header that
827 | ; is supported by Apache. When this option is set to 1, PHP will send
828 | ; RFC2616 compliant header.
829 | ; Default is zero.
830 | ; https://php.net/cgi.rfc2616-headers
831 | ;cgi.rfc2616_headers = 0
832 |
833 | ; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #!
834 | ; (shebang) at the top of the running script. This line might be needed if the
835 | ; script support running both as stand-alone script and via PHP CGI<. PHP in CGI
836 | ; mode skips this line and ignores its content if this directive is turned on.
837 | ; https://php.net/cgi.check-shebang-line
838 | ;cgi.check_shebang_line=1
839 |
840 | ;;;;;;;;;;;;;;;;
841 | ; File Uploads ;
842 | ;;;;;;;;;;;;;;;;
843 |
844 | ; Whether to allow HTTP file uploads.
845 | ; https://php.net/file-uploads
846 | file_uploads = On
847 |
848 | ; Temporary directory for HTTP uploaded files (will use system default if not
849 | ; specified).
850 | ; https://php.net/upload-tmp-dir
851 | ;upload_tmp_dir =
852 |
853 | ; Maximum allowed size for uploaded files.
854 | ; https://php.net/upload-max-filesize
855 | upload_max_filesize = 10G
856 |
857 | ; Maximum number of files that can be uploaded via a single request
858 | max_file_uploads = 100
859 |
860 | ;;;;;;;;;;;;;;;;;;
861 | ; Fopen wrappers ;
862 | ;;;;;;;;;;;;;;;;;;
863 |
864 | ; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
865 | ; https://php.net/allow-url-fopen
866 | allow_url_fopen = On
867 |
868 | ; Whether to allow include/require to open URLs (like https:// or ftp://) as files.
869 | ; https://php.net/allow-url-include
870 | allow_url_include = Off
871 |
872 | ; Define the anonymous ftp password (your email address). PHP's default setting
873 | ; for this is empty.
874 | ; https://php.net/from
875 | ;from="john@doe.com"
876 |
877 | ; Define the User-Agent string. PHP's default setting for this is empty.
878 | ; https://php.net/user-agent
879 | ;user_agent="PHP"
880 |
881 | ; Default timeout for socket based streams (seconds)
882 | ; https://php.net/default-socket-timeout
883 | default_socket_timeout = 60
884 |
885 | ; If your scripts have to deal with files from Macintosh systems,
886 | ; or you are running on a Mac and need to deal with files from
887 | ; unix or win32 systems, setting this flag will cause PHP to
888 | ; automatically detect the EOL character in those files so that
889 | ; fgets() and file() will work regardless of the source of the file.
890 | ; https://php.net/auto-detect-line-endings
891 | ;auto_detect_line_endings = Off
892 |
893 | ;;;;;;;;;;;;;;;;;;;;;;
894 | ; Dynamic Extensions ;
895 | ;;;;;;;;;;;;;;;;;;;;;;
896 |
897 | ; If you wish to have an extension loaded automatically, use the following
898 | ; syntax:
899 | ;
900 | ; extension=modulename
901 | ;
902 | ; For example:
903 | ;
904 | ; extension=mysqli
905 | ;
906 | ; When the extension library to load is not located in the default extension
907 | ; directory, You may specify an absolute path to the library file:
908 | ;
909 | ; extension=/path/to/extension/mysqli.so
910 | ;
911 | ; Note : The syntax used in previous PHP versions ('extension=.so' and
912 | ; 'extension='php_.dll') is supported for legacy reasons and may be
913 | ; deprecated in a future PHP major version. So, when it is possible, please
914 | ; move to the new ('extension=) syntax.
915 | ;
916 | ; Notes for Windows environments :
917 | ;
918 | ; - Many DLL files are located in the ext/
919 | ; extension folders as well as the separate PECL DLL download.
920 | ; Be sure to appropriately set the extension_dir directive.
921 | ;
922 | ;extension=bz2
923 |
924 | ; The ldap extension must be before curl if OpenSSL 1.0.2 and OpenLDAP is used
925 | ; otherwise it results in segfault when unloading after using SASL.
926 | ; See https://github.com/php/php-src/issues/8620 for more info.
927 | ;extension=ldap
928 |
929 | ;extension=curl
930 | ;extension=ffi
931 | ;extension=ftp
932 | ;extension=fileinfo
933 | ;extension=gd
934 | ;extension=gettext
935 | ;extension=gmp
936 | ;extension=intl
937 | ;extension=imap
938 | ;extension=mbstring
939 | ;extension=exif ; Must be after mbstring as it depends on it
940 | ;extension=mysqli
941 | ;extension=oci8_12c ; Use with Oracle Database 12c Instant Client
942 | ;extension=oci8_19 ; Use with Oracle Database 19 Instant Client
943 | ;extension=odbc
944 | ;extension=openssl
945 | ;extension=pdo_firebird
946 | ;extension=pdo_mysql
947 | ;extension=pdo_oci
948 | ;extension=pdo_odbc
949 | ;extension=pdo_pgsql
950 | ;extension=pdo_sqlite
951 | ;extension=pgsql
952 | ;extension=shmop
953 |
954 | ; The MIBS data available in the PHP distribution must be installed.
955 | ; See https://www.php.net/manual/en/snmp.installation.php
956 | ;extension=snmp
957 |
958 | ;extension=soap
959 | ;extension=sockets
960 | ;extension=sodium
961 | ;extension=sqlite3
962 | ;extension=tidy
963 | ;extension=xsl
964 | ;extension=zip
965 |
966 | ;zend_extension=opcache
967 |
968 | ;;;;;;;;;;;;;;;;;;;
969 | ; Module Settings ;
970 | ;;;;;;;;;;;;;;;;;;;
971 |
972 | [CLI Server]
973 | ; Whether the CLI web server uses ANSI color coding in its terminal output.
974 | cli_server.color = On
975 |
976 | [Date]
977 | ; Defines the default timezone used by the date functions
978 | ; https://php.net/date.timezone
979 | ;date.timezone =
980 |
981 | ; https://php.net/date.default-latitude
982 | ;date.default_latitude = 31.7667
983 |
984 | ; https://php.net/date.default-longitude
985 | ;date.default_longitude = 35.2333
986 |
987 | ; https://php.net/date.sunrise-zenith
988 | ;date.sunrise_zenith = 90.833333
989 |
990 | ; https://php.net/date.sunset-zenith
991 | ;date.sunset_zenith = 90.833333
992 |
993 | [filter]
994 | ; https://php.net/filter.default
995 | ;filter.default = unsafe_raw
996 |
997 | ; https://php.net/filter.default-flags
998 | ;filter.default_flags =
999 |
1000 | [iconv]
1001 | ; Use of this INI entry is deprecated, use global input_encoding instead.
1002 | ; If empty, default_charset or input_encoding or iconv.input_encoding is used.
1003 | ; The precedence is: default_charset < input_encoding < iconv.input_encoding
1004 | ;iconv.input_encoding =
1005 |
1006 | ; Use of this INI entry is deprecated, use global internal_encoding instead.
1007 | ; If empty, default_charset or internal_encoding or iconv.internal_encoding is used.
1008 | ; The precedence is: default_charset < internal_encoding < iconv.internal_encoding
1009 | ;iconv.internal_encoding =
1010 |
1011 | ; Use of this INI entry is deprecated, use global output_encoding instead.
1012 | ; If empty, default_charset or output_encoding or iconv.output_encoding is used.
1013 | ; The precedence is: default_charset < output_encoding < iconv.output_encoding
1014 | ; To use an output encoding conversion, iconv's output handler must be set
1015 | ; otherwise output encoding conversion cannot be performed.
1016 | ;iconv.output_encoding =
1017 |
1018 | [imap]
1019 | ; rsh/ssh logins are disabled by default. Use this INI entry if you want to
1020 | ; enable them. Note that the IMAP library does not filter mailbox names before
1021 | ; passing them to rsh/ssh command, thus passing untrusted data to this function
1022 | ; with rsh/ssh enabled is insecure.
1023 | ;imap.enable_insecure_rsh=0
1024 |
1025 | [intl]
1026 | ;intl.default_locale =
1027 | ; This directive allows you to produce PHP errors when some error
1028 | ; happens within intl functions. The value is the level of the error produced.
1029 | ; Default is 0, which does not produce any errors.
1030 | ;intl.error_level = E_WARNING
1031 | ;intl.use_exceptions = 0
1032 |
1033 | [sqlite3]
1034 | ; Directory pointing to SQLite3 extensions
1035 | ; https://php.net/sqlite3.extension-dir
1036 | ;sqlite3.extension_dir =
1037 |
1038 | ; SQLite defensive mode flag (only available from SQLite 3.26+)
1039 | ; When the defensive flag is enabled, language features that allow ordinary
1040 | ; SQL to deliberately corrupt the database file are disabled. This forbids
1041 | ; writing directly to the schema, shadow tables (eg. FTS data tables), or
1042 | ; the sqlite_dbpage virtual table.
1043 | ; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
1044 | ; (for older SQLite versions, this flag has no use)
1045 | ;sqlite3.defensive = 1
1046 |
1047 | [Pcre]
1048 | ; PCRE library backtracking limit.
1049 | ; https://php.net/pcre.backtrack-limit
1050 | ;pcre.backtrack_limit=100000
1051 |
1052 | ; PCRE library recursion limit.
1053 | ; Please note that if you set this value to a high number you may consume all
1054 | ; the available process stack and eventually crash PHP (due to reaching the
1055 | ; stack size limit imposed by the Operating System).
1056 | ; https://php.net/pcre.recursion-limit
1057 | ;pcre.recursion_limit=100000
1058 |
1059 | ; Enables or disables JIT compilation of patterns. This requires the PCRE
1060 | ; library to be compiled with JIT support.
1061 | ;pcre.jit=1
1062 |
1063 | [Pdo]
1064 | ; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"
1065 | ; https://php.net/pdo-odbc.connection-pooling
1066 | ;pdo_odbc.connection_pooling=strict
1067 |
1068 | [Pdo_mysql]
1069 | ; Default socket name for local MySQL connects. If empty, uses the built-in
1070 | ; MySQL defaults.
1071 | pdo_mysql.default_socket=
1072 |
1073 | [Phar]
1074 | ; https://php.net/phar.readonly
1075 | ;phar.readonly = On
1076 |
1077 | ; https://php.net/phar.require-hash
1078 | ;phar.require_hash = On
1079 |
1080 | ;phar.cache_list =
1081 |
1082 | [mail function]
1083 | ; For Win32 only.
1084 | ; https://php.net/smtp
1085 | SMTP = localhost
1086 | ; https://php.net/smtp-port
1087 | smtp_port = 25
1088 |
1089 | ; For Win32 only.
1090 | ; https://php.net/sendmail-from
1091 | ;sendmail_from = me@example.com
1092 |
1093 | ; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
1094 | ; https://php.net/sendmail-path
1095 | ;sendmail_path =
1096 |
1097 | ; Force the addition of the specified parameters to be passed as extra parameters
1098 | ; to the sendmail binary. These parameters will always replace the value of
1099 | ; the 5th parameter to mail().
1100 | ;mail.force_extra_parameters =
1101 |
1102 | ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
1103 | mail.add_x_header = Off
1104 |
1105 | ; Use mixed LF and CRLF line separators to keep compatibility with some
1106 | ; RFC 2822 non conformant MTA.
1107 | mail.mixed_lf_and_crlf = Off
1108 |
1109 | ; The path to a log file that will log all mail() calls. Log entries include
1110 | ; the full path of the script, line number, To address and headers.
1111 | ;mail.log =
1112 | ; Log mail to syslog (Event Log on Windows).
1113 | ;mail.log = syslog
1114 |
1115 | [ODBC]
1116 | ; https://php.net/odbc.default-db
1117 | ;odbc.default_db = Not yet implemented
1118 |
1119 | ; https://php.net/odbc.default-user
1120 | ;odbc.default_user = Not yet implemented
1121 |
1122 | ; https://php.net/odbc.default-pw
1123 | ;odbc.default_pw = Not yet implemented
1124 |
1125 | ; Controls the ODBC cursor model.
1126 | ; Default: SQL_CURSOR_STATIC (default).
1127 | ;odbc.default_cursortype
1128 |
1129 | ; Allow or prevent persistent links.
1130 | ; https://php.net/odbc.allow-persistent
1131 | odbc.allow_persistent = On
1132 |
1133 | ; Check that a connection is still valid before reuse.
1134 | ; https://php.net/odbc.check-persistent
1135 | odbc.check_persistent = On
1136 |
1137 | ; Maximum number of persistent links. -1 means no limit.
1138 | ; https://php.net/odbc.max-persistent
1139 | odbc.max_persistent = -1
1140 |
1141 | ; Maximum number of links (persistent + non-persistent). -1 means no limit.
1142 | ; https://php.net/odbc.max-links
1143 | odbc.max_links = -1
1144 |
1145 | ; Handling of LONG fields. Returns number of bytes to variables. 0 means
1146 | ; passthru.
1147 | ; https://php.net/odbc.defaultlrl
1148 | odbc.defaultlrl = 4096
1149 |
1150 | ; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char.
1151 | ; See the documentation on odbc_binmode and odbc_longreadlen for an explanation
1152 | ; of odbc.defaultlrl and odbc.defaultbinmode
1153 | ; https://php.net/odbc.defaultbinmode
1154 | odbc.defaultbinmode = 1
1155 |
1156 | [MySQLi]
1157 |
1158 | ; Maximum number of persistent links. -1 means no limit.
1159 | ; https://php.net/mysqli.max-persistent
1160 | mysqli.max_persistent = -1
1161 |
1162 | ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
1163 | ; https://php.net/mysqli.allow_local_infile
1164 | ;mysqli.allow_local_infile = On
1165 |
1166 | ; It allows the user to specify a folder where files that can be sent via LOAD DATA
1167 | ; LOCAL can exist. It is ignored if mysqli.allow_local_infile is enabled.
1168 | ;mysqli.local_infile_directory =
1169 |
1170 | ; Allow or prevent persistent links.
1171 | ; https://php.net/mysqli.allow-persistent
1172 | mysqli.allow_persistent = On
1173 |
1174 | ; Maximum number of links. -1 means no limit.
1175 | ; https://php.net/mysqli.max-links
1176 | mysqli.max_links = -1
1177 |
1178 | ; Default port number for mysqli_connect(). If unset, mysqli_connect() will use
1179 | ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
1180 | ; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
1181 | ; at MYSQL_PORT.
1182 | ; https://php.net/mysqli.default-port
1183 | mysqli.default_port = 3306
1184 |
1185 | ; Default socket name for local MySQL connects. If empty, uses the built-in
1186 | ; MySQL defaults.
1187 | ; https://php.net/mysqli.default-socket
1188 | mysqli.default_socket =
1189 |
1190 | ; Default host for mysqli_connect() (doesn't apply in safe mode).
1191 | ; https://php.net/mysqli.default-host
1192 | mysqli.default_host =
1193 |
1194 | ; Default user for mysqli_connect() (doesn't apply in safe mode).
1195 | ; https://php.net/mysqli.default-user
1196 | mysqli.default_user =
1197 |
1198 | ; Default password for mysqli_connect() (doesn't apply in safe mode).
1199 | ; Note that this is generally a *bad* idea to store passwords in this file.
1200 | ; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw")
1201 | ; and reveal this password! And of course, any users with read access to this
1202 | ; file will be able to reveal the password as well.
1203 | ; https://php.net/mysqli.default-pw
1204 | mysqli.default_pw =
1205 |
1206 | ; If this option is enabled, closing a persistent connection will rollback
1207 | ; any pending transactions of this connection, before it is put back
1208 | ; into the persistent connection pool.
1209 | ;mysqli.rollback_on_cached_plink = Off
1210 |
1211 | [mysqlnd]
1212 | ; Enable / Disable collection of general statistics by mysqlnd which can be
1213 | ; used to tune and monitor MySQL operations.
1214 | mysqlnd.collect_statistics = On
1215 |
1216 | ; Enable / Disable collection of memory usage statistics by mysqlnd which can be
1217 | ; used to tune and monitor MySQL operations.
1218 | mysqlnd.collect_memory_statistics = Off
1219 |
1220 | ; Records communication from all extensions using mysqlnd to the specified log
1221 | ; file.
1222 | ; https://php.net/mysqlnd.debug
1223 | ;mysqlnd.debug =
1224 |
1225 | ; Defines which queries will be logged.
1226 | ;mysqlnd.log_mask = 0
1227 |
1228 | ; Default size of the mysqlnd memory pool, which is used by result sets.
1229 | ;mysqlnd.mempool_default_size = 16000
1230 |
1231 | ; Size of a pre-allocated buffer used when sending commands to MySQL in bytes.
1232 | ;mysqlnd.net_cmd_buffer_size = 2048
1233 |
1234 | ; Size of a pre-allocated buffer used for reading data sent by the server in
1235 | ; bytes.
1236 | ;mysqlnd.net_read_buffer_size = 32768
1237 |
1238 | ; Timeout for network requests in seconds.
1239 | ;mysqlnd.net_read_timeout = 31536000
1240 |
1241 | ; SHA-256 Authentication Plugin related. File with the MySQL server public RSA
1242 | ; key.
1243 | ;mysqlnd.sha256_server_public_key =
1244 |
1245 | [OCI8]
1246 |
1247 | ; Connection: Enables privileged connections using external
1248 | ; credentials (OCI_SYSOPER, OCI_SYSDBA)
1249 | ; https://php.net/oci8.privileged-connect
1250 | ;oci8.privileged_connect = Off
1251 |
1252 | ; Connection: The maximum number of persistent OCI8 connections per
1253 | ; process. Using -1 means no limit.
1254 | ; https://php.net/oci8.max-persistent
1255 | ;oci8.max_persistent = -1
1256 |
1257 | ; Connection: The maximum number of seconds a process is allowed to
1258 | ; maintain an idle persistent connection. Using -1 means idle
1259 | ; persistent connections will be maintained forever.
1260 | ; https://php.net/oci8.persistent-timeout
1261 | ;oci8.persistent_timeout = -1
1262 |
1263 | ; Connection: The number of seconds that must pass before issuing a
1264 | ; ping during oci_pconnect() to check the connection validity. When
1265 | ; set to 0, each oci_pconnect() will cause a ping. Using -1 disables
1266 | ; pings completely.
1267 | ; https://php.net/oci8.ping-interval
1268 | ;oci8.ping_interval = 60
1269 |
1270 | ; Connection: Set this to a user chosen connection class to be used
1271 | ; for all pooled server requests with Oracle Database Resident
1272 | ; Connection Pooling (DRCP). To use DRCP, this value should be set to
1273 | ; the same string for all web servers running the same application,
1274 | ; the database pool must be configured, and the connection string must
1275 | ; specify to use a pooled server.
1276 | ;oci8.connection_class =
1277 |
1278 | ; High Availability: Using On lets PHP receive Fast Application
1279 | ; Notification (FAN) events generated when a database node fails. The
1280 | ; database must also be configured to post FAN events.
1281 | ;oci8.events = Off
1282 |
1283 | ; Tuning: This option enables statement caching, and specifies how
1284 | ; many statements to cache. Using 0 disables statement caching.
1285 | ; https://php.net/oci8.statement-cache-size
1286 | ;oci8.statement_cache_size = 20
1287 |
1288 | ; Tuning: Enables row prefetching and sets the default number of
1289 | ; rows that will be fetched automatically after statement execution.
1290 | ; https://php.net/oci8.default-prefetch
1291 | ;oci8.default_prefetch = 100
1292 |
1293 | ; Tuning: Sets the amount of LOB data that is internally returned from
1294 | ; Oracle Database when an Oracle LOB locator is initially retrieved as
1295 | ; part of a query. Setting this can improve performance by reducing
1296 | ; round-trips.
1297 | ; https://php.net/oci8.prefetch-lob-size
1298 | ; oci8.prefetch_lob_size = 0
1299 |
1300 | ; Compatibility. Using On means oci_close() will not close
1301 | ; oci_connect() and oci_new_connect() connections.
1302 | ; https://php.net/oci8.old-oci-close-semantics
1303 | ;oci8.old_oci_close_semantics = Off
1304 |
1305 | [PostgreSQL]
1306 | ; Allow or prevent persistent links.
1307 | ; https://php.net/pgsql.allow-persistent
1308 | pgsql.allow_persistent = On
1309 |
1310 | ; Detect broken persistent links always with pg_pconnect().
1311 | ; Auto reset feature requires a little overheads.
1312 | ; https://php.net/pgsql.auto-reset-persistent
1313 | pgsql.auto_reset_persistent = Off
1314 |
1315 | ; Maximum number of persistent links. -1 means no limit.
1316 | ; https://php.net/pgsql.max-persistent
1317 | pgsql.max_persistent = -1
1318 |
1319 | ; Maximum number of links (persistent+non persistent). -1 means no limit.
1320 | ; https://php.net/pgsql.max-links
1321 | pgsql.max_links = -1
1322 |
1323 | ; Ignore PostgreSQL backends Notice message or not.
1324 | ; Notice message logging require a little overheads.
1325 | ; https://php.net/pgsql.ignore-notice
1326 | pgsql.ignore_notice = 0
1327 |
1328 | ; Log PostgreSQL backends Notice message or not.
1329 | ; Unless pgsql.ignore_notice=0, module cannot log notice message.
1330 | ; https://php.net/pgsql.log-notice
1331 | pgsql.log_notice = 0
1332 |
1333 | [bcmath]
1334 | ; Number of decimal digits for all bcmath functions.
1335 | ; https://php.net/bcmath.scale
1336 | bcmath.scale = 0
1337 |
1338 | [browscap]
1339 | ; https://php.net/browscap
1340 | ;browscap = extra/browscap.ini
1341 |
1342 | [Session]
1343 | ; Handler used to store/retrieve data.
1344 | ; https://php.net/session.save-handler
1345 | session.save_handler = files
1346 |
1347 | ; Argument passed to save_handler. In the case of files, this is the path
1348 | ; where data files are stored. Note: Windows users have to change this
1349 | ; variable in order to use PHP's session functions.
1350 | ;
1351 | ; The path can be defined as:
1352 | ;
1353 | ; session.save_path = "N;/path"
1354 | ;
1355 | ; where N is an integer. Instead of storing all the session files in
1356 | ; /path, what this will do is use subdirectories N-levels deep, and
1357 | ; store the session data in those directories. This is useful if
1358 | ; your OS has problems with many files in one directory, and is
1359 | ; a more efficient layout for servers that handle many sessions.
1360 | ;
1361 | ; NOTE 1: PHP will not create this directory structure automatically.
1362 | ; You can use the script in the ext/session dir for that purpose.
1363 | ; NOTE 2: See the section on garbage collection below if you choose to
1364 | ; use subdirectories for session storage
1365 | ;
1366 | ; The file storage module creates files using mode 600 by default.
1367 | ; You can change that by using
1368 | ;
1369 | ; session.save_path = "N;MODE;/path"
1370 | ;
1371 | ; where MODE is the octal representation of the mode. Note that this
1372 | ; does not overwrite the process's umask.
1373 | ; https://php.net/session.save-path
1374 | ;session.save_path = "/tmp"
1375 |
1376 | ; Whether to use strict session mode.
1377 | ; Strict session mode does not accept an uninitialized session ID, and
1378 | ; regenerates the session ID if the browser sends an uninitialized session ID.
1379 | ; Strict mode protects applications from session fixation via a session adoption
1380 | ; vulnerability. It is disabled by default for maximum compatibility, but
1381 | ; enabling it is encouraged.
1382 | ; https://wiki.php.net/rfc/strict_sessions
1383 | session.use_strict_mode = 0
1384 |
1385 | ; Whether to use cookies.
1386 | ; https://php.net/session.use-cookies
1387 | session.use_cookies = 1
1388 |
1389 | ; https://php.net/session.cookie-secure
1390 | ;session.cookie_secure =
1391 |
1392 | ; This option forces PHP to fetch and use a cookie for storing and maintaining
1393 | ; the session id. We encourage this operation as it's very helpful in combating
1394 | ; session hijacking when not specifying and managing your own session id. It is
1395 | ; not the be-all and end-all of session hijacking defense, but it's a good start.
1396 | ; https://php.net/session.use-only-cookies
1397 | session.use_only_cookies = 1
1398 |
1399 | ; Name of the session (used as cookie name).
1400 | ; https://php.net/session.name
1401 | session.name = PHPSESSID
1402 |
1403 | ; Initialize session on request startup.
1404 | ; https://php.net/session.auto-start
1405 | session.auto_start = 0
1406 |
1407 | ; Lifetime in seconds of cookie or, if 0, until browser is restarted.
1408 | ; https://php.net/session.cookie-lifetime
1409 | session.cookie_lifetime = 0
1410 |
1411 | ; The path for which the cookie is valid.
1412 | ; https://php.net/session.cookie-path
1413 | session.cookie_path = /
1414 |
1415 | ; The domain for which the cookie is valid.
1416 | ; https://php.net/session.cookie-domain
1417 | session.cookie_domain =
1418 |
1419 | ; Whether or not to add the httpOnly flag to the cookie, which makes it
1420 | ; inaccessible to browser scripting languages such as JavaScript.
1421 | ; https://php.net/session.cookie-httponly
1422 | session.cookie_httponly =
1423 |
1424 | ; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF)
1425 | ; Current valid values are "Strict", "Lax" or "None". When using "None",
1426 | ; make sure to include the quotes, as `none` is interpreted like `false` in ini files.
1427 | ; https://tools.ietf.org/html/draft-west-first-party-cookies-07
1428 | session.cookie_samesite =
1429 |
1430 | ; Handler used to serialize data. php is the standard serializer of PHP.
1431 | ; https://php.net/session.serialize-handler
1432 | session.serialize_handler = php
1433 |
1434 | ; Defines the probability that the 'garbage collection' process is started on every
1435 | ; session initialization. The probability is calculated by using gc_probability/gc_divisor,
1436 | ; e.g. 1/100 means there is a 1% chance that the GC process starts on each request.
1437 | ; Default Value: 1
1438 | ; Development Value: 1
1439 | ; Production Value: 1
1440 | ; https://php.net/session.gc-probability
1441 | session.gc_probability = 1
1442 |
1443 | ; Defines the probability that the 'garbage collection' process is started on every
1444 | ; session initialization. The probability is calculated by using gc_probability/gc_divisor,
1445 | ; e.g. 1/100 means there is a 1% chance that the GC process starts on each request.
1446 | ; For high volume production servers, using a value of 1000 is a more efficient approach.
1447 | ; Default Value: 100
1448 | ; Development Value: 1000
1449 | ; Production Value: 1000
1450 | ; https://php.net/session.gc-divisor
1451 | session.gc_divisor = 1000
1452 |
1453 | ; After this number of seconds, stored data will be seen as 'garbage' and
1454 | ; cleaned up by the garbage collection process.
1455 | ; https://php.net/session.gc-maxlifetime
1456 | session.gc_maxlifetime = 1440
1457 |
1458 | ; NOTE: If you are using the subdirectory option for storing session files
1459 | ; (see session.save_path above), then garbage collection does *not*
1460 | ; happen automatically. You will need to do your own garbage
1461 | ; collection through a shell script, cron entry, or some other method.
1462 | ; For example, the following script is the equivalent of setting
1463 | ; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
1464 | ; find /path/to/sessions -cmin +24 -type f | xargs rm
1465 |
1466 | ; Check HTTP Referer to invalidate externally stored URLs containing ids.
1467 | ; HTTP_REFERER has to contain this substring for the session to be
1468 | ; considered as valid.
1469 | ; https://php.net/session.referer-check
1470 | session.referer_check =
1471 |
1472 | ; Set to {nocache,private,public,} to determine HTTP caching aspects
1473 | ; or leave this empty to avoid sending anti-caching headers.
1474 | ; https://php.net/session.cache-limiter
1475 | session.cache_limiter = nocache
1476 |
1477 | ; Document expires after n minutes.
1478 | ; https://php.net/session.cache-expire
1479 | session.cache_expire = 180
1480 |
1481 | ; trans sid support is disabled by default.
1482 | ; Use of trans sid may risk your users' security.
1483 | ; Use this option with caution.
1484 | ; - User may send URL contains active session ID
1485 | ; to other person via. email/irc/etc.
1486 | ; - URL that contains active session ID may be stored
1487 | ; in publicly accessible computer.
1488 | ; - User may access your site with the same session ID
1489 | ; always using URL stored in browser's history or bookmarks.
1490 | ; https://php.net/session.use-trans-sid
1491 | session.use_trans_sid = 0
1492 |
1493 | ; Set session ID character length. This value could be between 22 to 256.
1494 | ; Shorter length than default is supported only for compatibility reason.
1495 | ; Users should use 32 or more chars.
1496 | ; https://php.net/session.sid-length
1497 | ; Default Value: 32
1498 | ; Development Value: 26
1499 | ; Production Value: 26
1500 | session.sid_length = 26
1501 |
1502 | ; The URL rewriter will look for URLs in a defined set of HTML tags.
1503 | ;