├── .gitignore ├── Dockerfile ├── LICENSE ├── README.md ├── bash.bashrc ├── bin ├── README ├── apps-update ├── chaplocal ├── clone-apps ├── cps ├── get-chaplocal ├── get-help ├── get-launcher ├── gpm ├── grav └── tpl_envcp ├── build.sh ├── build ├── README └── install.sh ├── chaperone.d ├── 005-config.conf ├── 010-start.conf ├── 130-nginx.conf └── 300-logrotate.conf ├── etc ├── README ├── fpmpool.d │ └── www.conf ├── logrotate.conf ├── nginx.conf.tpl ├── php-cli.ini ├── php-fpm.conf ├── skel │ ├── clone │ │ ├── bash.bashrc.tpl │ │ ├── build.sh.tpl │ │ ├── build │ │ │ ├── Dockerfile.tpl │ │ │ ├── README.tpl │ │ │ └── install.sh.tpl │ │ └── run.sh.tpl │ ├── help │ │ ├── HELP.tpl │ │ └── LAUNCHER.tpl │ ├── launcher │ │ └── run-IMAGE.sh.tpl │ └── shell_vars.inc ├── ssleay.cnf ├── start_nginx.sh ├── startup.sh └── version.inc ├── run.sh ├── startup.d ├── 000-install.sh ├── 050-grav-setup.sh ├── 100-user-setup.sh ├── 150-ssl-setup.sh ├── README └── nginx.sh └── www └── sites.d ├── grav.conf.tpl └── php-fast.inc.tpl /.gitignore: -------------------------------------------------------------------------------- 1 | var 2 | www/grav 3 | build/new_version.inc 4 | *~ 5 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # This is a template Dockerfile for creating a new image. 2 | # See the README for a complete description of how you create derivative images. 3 | 4 | FROM chapdev/alpine-nginx-php 5 | ADD . /setup/ 6 | 7 | # Git tag version number format should the same as below. 8 | ENV GRAV_VERSION=1.1.1 9 | 10 | RUN /setup/build/install.sh 11 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2015, Gary J. Wisniewski 2 | 3 | Licensed under the Apache License, Version 2.0 (the "License"); 4 | you may not use this file except in compliance with the License. 5 | You may obtain a copy of the License at 6 | 7 | http://www.apache.org/licenses/LICENSE-2.0 8 | 9 | Unless required by applicable law or agreed to in writing, software 10 | distributed under the License is distributed on an "AS IS" BASIS, 11 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | See the License for the specific language governing permissions and 13 | limitations under the License. 14 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Grav Flat-File CMS Docker Image 2 | 3 | Grav is a fast, simple, flexible web-platform. This is a Docker image that makes it trivial to fire-up and use Grav. 4 | 5 | To learn more about Grav, see the [Grav Website](http://learn.getgrav.org/basics/what-is-grav). 6 | 7 | This image is [also available on Docker Hub](https://hub.docker.com/r/garywiz/docker-grav/) so you can pull it directly from there. There's no need to build it yourself. 8 | 9 | **NOTE**: This is an early-release of this container. See the "Known Issues" section at the very bottom of this page for more information about things we know don't work. 10 | 11 | The following documentation tells you how to use the `docker-grav` image, a lean full-featured Docker image that has the following features: 12 | 13 | * Lean 100MB image with a pre-configured `nginx` server and a complete installation of Grav along with the [Grav Administration Plug-in](http://getgrav.org/blog/beta-admin-plugin-available) to make it easy to get started.. 14 | * Works both as a self-contained image, or will automatically recognize attached storage devices so that persistent Grav data is not stored in the container. Makes it easy to upgrade when new images are released. 15 | * Fully configurable using environment variables, including options for logging, and initial Grav setup. A fully customized container can be started without the need to build a new image. 16 | * Automatically generates a self-signed SSL certificate matched to your domain, or allows you to easily add your own legitimate SSL certificate. 17 | 18 | ## Quick Start 19 | 20 | You can get started quickly using the image hosted on Docker Hub. For example, to quickly create a running self-contained Grav server daemon: 21 | 22 | $ docker pull garywiz/docker-grav 23 | $ docker run -d -p 8080:8080 garywiz/docker-grav 24 | 25 | Within a few seconds, you should be able to use Grav by going to `http://localhost:8080/`. The default login user is `admin` with a password of `ChangeMe`. (See "Customizing Grav" below for information about how to modify or add new users. 26 | 27 | If you want to store the Grav website and configuration locally outside the image, you can use the built-in launcher script. Extract the launcher script from the image like this: 28 | 29 | $ docker run -i --rm garywiz/docker-grav --task get-launcher | sh 30 | 31 | This will create a flexible launcher script that you can customize or use as a template. You can run it as a daemon: 32 | 33 | $ ./run-docker-grav.sh -d 34 | 35 | Or, if you want to have local persistent storage: 36 | 37 | $ mkdir docker-grav-storage 38 | $ ./run-docker-grav.sh -d 39 | 40 | Now, all persistent data will be stored in the `docker-grav-storage` directory. The container itself is therefore entirely disposable. 41 | 42 | The `run-docker-grav.sh` script is designed to be self-documenting and you can edit it to change start-up options and storage options. You can get up-to-date help on the image's features like this: 43 | 44 | $ docker run -i --rm garywiz/docker-grav --task get-help 45 | 46 | ## Using `run-docker-grav.sh` 47 | 48 | If you extract the default launcher (see above), it can serve as the basis for your own start-up script. But, it also has some default options built-in to make it easy to tailor startup without having to modify the script. You can use the `-h` option to get a list of options: 49 | 50 | $ ./run-docker-grav.sh -h 51 | Usage: run-docker-grav.sh [-d] [-p port#] [-h] 52 | Run Grav from garywiz/docker-grav as a daemon (with -d) or 53 | interactively (the default). 54 | 55 | -d Run as daemon (otherwise interactive) 56 | -p port# Specify port number to expose Grav server (default 8080) 57 | -s dirpath Specifies the path to an optional storage directory where 58 | ALL persistent Grav files and settings will be stored. This allows 59 | you to keep your site separate from the container so you can easily 60 | upgrade the container software. By default, this script looks to see 61 | if ../docker-grav-storage exists, and if it does, it will be used. 62 | You can override that default with this switch. 63 | -n name Name the container 'name' instead of the default name invented by Docker. 64 | 65 | HTTPS options (SSL): 66 | -H sslhost Specify the SSL host name and enable the SSL server. If specified, Grav 67 | will also be available using https on the port specified by -P 68 | -P sslport# Specify SSL port number (default 8443) 69 | 70 | ## Customizing Grav 71 | 72 | If you run the Grav container using the above launcher but omit the `-d` switch, you'll be place into the container in an interactive shell where you can use the `grav` and `gpm` command to customize Grav by adding users, themes, or plugins: 73 | 74 | $ ./run-docker-grav.sh 75 | Oct 15 22:08:28 e265699abf5f chaperone[1]: system will be killed when '/bin/bash' exits 76 | Now running inside container. Directory is: /apps 77 | 78 | Your Grav site is running at http://localhost:8080/ 79 | 80 | The Grav 'gpm' and 'grav' commands are available at the prompt. 81 | bash-4.3$ gpm 82 | Grav Package Manager version 0.9.45 83 | ... 84 | 85 | You can use `gpm` [as described here in the Grav documentation](http://learn.getgrav.org/advanced/grav-cli) to install new features or browse around a the installation. The container will run and be usable until you exit, at which point it will be destroyed. This is generally a good way to experiment. 86 | 87 | **Note**: Any features you add will be local to the container unless you use persistent storage as described below under "Configuring Attached Storage". 88 | 89 | Once you've configured attached storage, your entire Grav configuration will be located in the attached storage `var/grav` subdirectory. There you will find the `system.yaml` and `site.yaml` file. You can change these and re-run your container and they'll persist even if they container is destroyed. 90 | 91 | See the [Grav Configuration documentation](http://learn.getgrav.org/basics/grav-configuration) for more information about how to modify these files. 92 | 93 | ## Full Option List 94 | 95 | If you want to invent your own start-up, or are using an orchestration tool, here is a quick view of all the configuration options piled into one command along with their defaults: 96 | 97 | $ docker run -d garywiz/docker-grav \ 98 | -p 8080:8080 \ 99 | -e CONFIG_LOGGING=stdout \ 100 | -e CONFIG_ADMIN_USER=admin \ 101 | -e CONFIG_ADMIN_PASSWORD=ChangeMe \ 102 | -e CONFIG_ADMIN_EMAIL="nobody@nowhere.com" \ 103 | -e CONFIG_ADMIN_NAME="Grav Administrator" \ 104 | -e CONFIG_ADMIN_TITLE="Grav Administrator" \ 105 | -e CONFIG_EXT_SSL_HOSTNAME="" 106 | 107 | * **`CONFIG_LOGGING`**: Either `stdout` (the default), `file`, or `syslog:host` (see "Logging Configuration" below). 108 | * **`CONFIG_ADMIN_USER`**, **`CONFIG_ADMIN_USER`**, **`CONFIG_ADMIN_USER`**, and **`CONFIG_ADMIN_USER`**: Specifies the user credentials for the Administrative plugin interface account. This account will be set up automatically to have full access, but won't be changed if it already exists. You can disable this completely by setting `CONFIG_ADMIN_USER` to the string "none". 109 | * **`CONFIG_EXT_SSL_HOSTNAME`**: This is the name of the SSL host. It should match the actual hostname people will use to access the server. If set to "blank", then Grav will run using standard HTTP. If you set this, you also need to add `-p 8443:8443` to the command line to expose the `https` port. 110 | 111 | Of course, you can customize this set-up exactly like any other Docker run command, remapping ports or using other options however you wish. If you want to run interactively, you'll need to include a final argument such as `/bin/bash` as well as use the `-i` and `-t` options. See the [Docker run CLI reference](https://docs.docker.com/reference/commandline/run/) for further information. 112 | 113 | ## Configuring Attached Storage 114 | 115 | Using attached storage, you can choose a location for the Grav user files and configuration so that your entire persistent state is stored outside the container itself. This makes it easy to update the container to a new version while retaining your existing content and configuration. 116 | 117 | When configuring attached storage, there are two considerations: 118 | 119 | 1. Attached storage must be mounted at `/apps/var` inside the container, whether using the Docker `-v` switch, or `--volumes-from`. 120 | 2. You will need to tell the container to match the user credentials using the `--create-user` switch ([documented here on the Chaperone site](http://garywiz.github.io/chaperone/ref/command-line.html#option-create-user)). 121 | 122 | Both are pretty easy. For example, assume you are going to store persistent data on your local drive in `/persist/gravsite`. Providing the directory exists, you can just do this: 123 | 124 | $ docker run -d -v /persist/gravsite:/apps/var garywiz/docker-grav \ 125 | --create-user anyuser:/apps/var 126 | 127 | When the container starts, it will assure that all internal services run as a new user called `anyuser` whose UID/GID credentials match the credentials your host box has assigned to `/persist/gravsite`. 128 | 129 | That's it! 130 | 131 | When you run the container, you'll see that all the Grav persistent data files have been properly created in `/persist/gravsite`. 132 | 133 | ## Logging Configuration 134 | 135 | By default, all container logs will be sent to `stdout` and can be viewed using the `docker logs` command. 136 | 137 | If this isn't suitable, there are two additional options that can be specified using the `CONFIG_LOGGING` environment variable: 138 | 139 | **`CONFIG_LOGGING="file"`** - This setting will cause all logging information to be sent to `var/log/syslog.log` either inside the container or on attached storage. 140 | 141 | **`CONFIG_LOGGING="syslog:hostname"`** - In this case, you need to specify `hostname` as the destination for logging. The specified host must have a syslog-compatible daemon running on UDP port 514. 142 | 143 | ## Using Your Own SSL Keys 144 | 145 | By default, a self-signed SSL key will be generated automatically for you at start-up if you enable SSL. If attached storage is used, the key will be generated only once. Otherwise, a new key will be created each time a new container starts. 146 | 147 | Most enterprise and production installations will often want to use their own pre-defined key. In order to do so, you'll need to: 148 | 149 | 1. Run this image using attached storage. This is where you will store your keys, and they will persist when you upgrade the container. 150 | 2. Have your certificate and private key files in standard `PEM` format (the one usually used by Certificate authorities), or convert it from PKCS12 format as described below. 151 | 3. Not be an SSL noob. I hate to say it, but it really helps if you've done this before. 152 | 153 | Here is a step-by-step guide. 154 | 155 | #### Run with Persistent Storage 156 | 157 | This is easy if you're using the provided launcher, as described above. The first thing to do is run the container once just to initialize the persistent storage directory: 158 | 159 | $ mkdir docker-grav-storage 160 | $ ./run-docker-grav.sh -d 161 | Using attached storage at .../docker-grav-storage 162 | 00e9615bc51d63f9a150186482b3258d1c24b4f21ca0c781ae6e1717d9c97abc 163 | $ 164 | 165 | Now that your container is running, you should see the following in `docker-grav-storage`: 166 | 167 | $ cd docker-grav-storage 168 | $ ls 169 | certs config grav log run 170 | $ 171 | 172 | Certificates are stored in the `certs` directory: 173 | 174 | $ cd certs 175 | $ ls 176 | ssl-cert-localhost.crt ssl-cert-localhost.key 177 | $ 178 | 179 | The self-signed certificates is the file ending with `.crt` and the private key is the one ending with `.key`. 180 | 181 | Once you see that these are present, it's probably a good idea to stop (and even delete) your container, as all persistent data is now stored in `docker-grav-storage`. 182 | 183 | #### Replace the keys with your own 184 | 185 | Note that the names of the certificate and keys will always look like this: `ssl-cert-.crt`, where `` will be the exact string you used with the `CONFIG_EXT_SSL_HOSTNAME` environment variable. 186 | 187 | So, if your site is going to be `https://grav.example.com`, then make sure you edit your start-up scripts to change the hostname, then make sure your certificate and key files are correctly named as follows: 188 | 189 | ssl-cert-grav.example.com.crt 190 | ssl-cert-grav.example.com.key 191 | 192 | If your keys are not already in `PEM` format, you may need to convert them using SSL as [this StackOverflow answer describes for PKCS12 keys](http://stackoverflow.com/questions/15144046/need-help-converting-p12-certificate-into-pem-using-openssl). 193 | 194 | #### Re-run the container 195 | 196 | Once you've replaced the certificates, you can simply restart the old container, or create a new container using the same attached storage location. Your new certificate will then be in use. 197 | 198 | ## Known Issues 199 | 200 | * There is no email service installed within the container, so anything which sends email (such as the forgotten password feature) do not currently work. 201 | * There are many Grav plugins, very few of which have been tested. 202 | * When using attached storage, any newly installed plugins will be stored in attached storage rather inside the image. The admin plugin and related plugins, however, are stored inside the container so that upgrading the container will upgrade the entire set of administrative plugins as well. 203 | 204 | License 205 | ------- 206 | 207 | Copyright (c) 2016, Gary J. Wisniewski 208 | 209 | Licensed under the Apache License, Version 2.0 (the "License"); 210 | you may not use this file except in compliance with the License. 211 | You may obtain a copy of the License at 212 | 213 | http://www.apache.org/licenses/LICENSE-2.0 214 | 215 | Unless required by applicable law or agreed to in writing, software 216 | distributed under the License is distributed on an "AS IS" BASIS, 217 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 218 | See the License for the specific language governing permissions and 219 | limitations under the License. 220 | -------------------------------------------------------------------------------- /bash.bashrc: -------------------------------------------------------------------------------- 1 | # Bash start-up file, created by chaplocal 2 | 3 | export PROMPT_DIRTRIM=2 4 | cd $APPS_DIR 5 | 6 | echo "" 7 | echo "Now running inside container. Directory is: $APPS_DIR" 8 | echo "" 9 | 10 | port=${CONFIG_EXT_HTTP_PORT:-${CONFIG_EXT_PORT:-}} 11 | if [ "$port" != "" -a "$HTTPD_SERVER_NAME" != "" ]; then 12 | echo "Your Grav site is running at http://$CONFIG_EXT_HOSTNAME:$port/" 13 | echo "" 14 | echo "The Grav 'gpm' and 'grav' commands are available at the prompt." 15 | fi 16 | 17 | [ "$EMACS" == "t" ] && stty -echo 18 | 19 | alias ls='ls --color=none' 20 | -------------------------------------------------------------------------------- /bin/README: -------------------------------------------------------------------------------- 1 | Put commands which need to be executed at the command line, or by application 2 | programs here. This directory will automaticaly be included the path for all 3 | running services. 4 | 5 | Some files you may find here: 6 | 7 | chaplocal 8 | This is a template for the chaplocal program, used to set up a container 9 | development environment. 10 | 11 | get-chaplocal 12 | Executed as a --task to retrieve a custom version of the 'chaplocal' script. 13 | 14 | get-help 15 | Executed as a --task to provide help for the image (see ../etc/task-templates) 16 | 17 | get-launcher 18 | Executed as a --task to create launch scripts to launch the image 19 | (see ../etc/task-templates) 20 | -------------------------------------------------------------------------------- /bin/apps-update: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | # -*- mode: python -*- 3 | 4 | """ 5 | Update an older apps directory with newly changed files. 6 | 7 | Usage: apps-update 8 | 9 | This is a utility to simplify the process of updating an existing development 10 | directory with new features and changes from the distribution images. Typically 11 | you run this from inside the container, like this (assuming your home directory 12 | is /home): 13 | 14 | # In your local apps directory... 15 | docker run -i -t --rm -v /home:/home chapdev/chaperone-lamp \ 16 | --create-user yourname:$PWD/chaperone.d \ 17 | --config $PWD/chaperone.d --task /bin/bash 18 | garyw@47de5d3ad4d6:~$ /apps/bin/apps-update /apps $APPS_DIR 19 | 20 | You'll then be prompted for a variety of options, including the ability to 21 | omit directories and view diffs on files which have changed. 22 | 23 | Although intended for the above, this is quite generic and can be used 24 | for any directory-to-directory update task. 25 | 26 | """ 27 | 28 | import os 29 | import re 30 | import difflib 31 | import shutil 32 | import signal 33 | from docopt import docopt 34 | 35 | options = docopt(__doc__) 36 | 37 | def ask(prompt, evalfunc = lambda x: x, error = None): 38 | result = None 39 | while result is None: 40 | result = input(prompt + " ") 41 | try: 42 | result = evalfunc(result) 43 | except Exception as ex: 44 | print("Try again. (" + (error or str(ex)) + ")") 45 | result = None 46 | return result 47 | 48 | def yorn(prompt): 49 | def check(x): 50 | x = x.upper() 51 | if "YES".startswith(x): 52 | return True 53 | if "NO".startswith(x): 54 | return False 55 | raise Exception("Must answer 'Yes' or 'No'") 56 | return ask(prompt, check) 57 | 58 | def getintlist(txt, maxval = None, minval = 1): 59 | if not txt: 60 | return list() 61 | vals = re.split('[\s,]', txt) 62 | result = [int(v) for v in vals] 63 | for r in result: 64 | if ((minval is not None and r < minval) or 65 | (maxval is not None and r > maxval)): 66 | raise Exception("'{0}' is out of range".format(r)) 67 | return result 68 | 69 | MSG_HELP = """For each destination file: 70 | Diffs - show the differences (will be saved in .diffs automatically) 71 | Copy - copy the file to the destination, overwriting it 72 | Keep - keep the existing file (.diffs are still created) 73 | Help/?- this message""" 74 | 75 | def do_copy_or_edit(src, dest, files, diffs): 76 | results = list() 77 | 78 | # Start with the list of files which have no changes 79 | nodiffs = [f for f in files if f not in diffs] 80 | 81 | print("There are {0.value} {0.name} with no differences.".format(pluralint(len(nodiffs), 'file'))) 82 | 83 | def opteval(v): 84 | if len(v) == 0: 85 | raise Exception("no default") 86 | v=v.upper() 87 | if any(k.startswith(v) 88 | for k in ('DIFFS', 'COPY', 'KEEP', 'HELP', '?')): 89 | return v[0] 90 | raise Exception("Not a valid option") 91 | 92 | if diffs: 93 | print("\nThese are the common files with differences...") 94 | 95 | for f,diff in diffs.items(): 96 | option = 'X' 97 | while option not in 'CK': 98 | option = ask("\n{0}:\n Diffs/Copy/Keep/Help? ".format(os.path.join(dest, f)), opteval) 99 | if option in '?H': 100 | print(MSG_HELP) 101 | elif option == 'D': 102 | diff.print() 103 | elif option in 'CK': 104 | if option == 'K': 105 | diff.operation = 'diff' 106 | results.append(diff) 107 | 108 | return results 109 | 110 | 111 | class FileBase: 112 | 113 | def __init__(self, fn, dir1, dir2): 114 | self.basis = fn 115 | self.fromname = os.path.join(dir1, fn) 116 | self.toname = os.path.join(dir2, fn) 117 | self.init() 118 | def init(self): 119 | pass 120 | 121 | class FileOpCopy(FileBase): 122 | 123 | operation = "copy" 124 | 125 | def preview(self): 126 | if self.operation == 'copy': 127 | print("COPY: {0} to {1}".format(self.fromname, self.toname)) 128 | else: 129 | print("PRESERVE: {0}".format(self.toname)) 130 | 131 | def apply(self): 132 | if self.operation != 'copy': 133 | return 134 | print("copying {0} to {1}".format(self.fromname, self.toname)) 135 | os.makedirs(os.path.dirname(self.toname), exist_ok=True) 136 | shutil.copy2(self.fromname, self.toname) 137 | 138 | class FileOpDiff(FileOpCopy): 139 | 140 | diffs = None 141 | 142 | @classmethod 143 | def create_diffs(cls, files, dir1, dir2): 144 | results = dict() 145 | for f in files: 146 | d = cls(f, dir1, dir2) 147 | if d.any_changes: 148 | results[f] = d 149 | return results 150 | 151 | @property 152 | def any_changes(self): 153 | return bool(self.diffs) 154 | 155 | def init(self): 156 | self.diff_file = self.toname + ".diffs" 157 | self.compare() 158 | 159 | def print(self): 160 | if not self.diffs: 161 | print("{0}: no differences".format(self.basis)) 162 | return 163 | print("".join(self.diffs)) 164 | 165 | def compare(self): 166 | self.diffs = list(difflib.context_diff(open(self.fromname).readlines(), 167 | open(self.toname).readlines(), 168 | self.fromname, self.toname)) 169 | 170 | def preview(self): 171 | super().preview() 172 | print(" with differences in '{0}'".format(self.diff_file)) 173 | 174 | def apply(self): 175 | super().apply() 176 | print("creating {0}".format(self.diff_file)) 177 | f = open(self.diff_file, 'w') 178 | f.write(''.join(self.diffs)) 179 | f.close() 180 | 181 | class pluralint: 182 | 183 | @property 184 | def name(self): 185 | if self.value == 1: 186 | return self.singular 187 | if self.plural: 188 | return self.plural 189 | if self.singular.endswith('y'): 190 | return self.singular[:-1] + 'ies' 191 | if self.singular.endswith('s'): 192 | return self.singular + 'es' 193 | return self.singular + 's' 194 | 195 | def __init__(self, value, name, name_plural = None): 196 | self.value = value 197 | self.singular = name 198 | self.plural = name_plural 199 | 200 | class FileTree: 201 | 202 | _rootpath = None 203 | 204 | def __init__(self, rootpath): 205 | self._rootpath = rootpath 206 | self.build_tree() 207 | 208 | def _makepath(self, path, base): 209 | return os.path.relpath(os.path.join(path, base), self._rootpath) 210 | 211 | def build_tree(self): 212 | flist = self._flist = set() 213 | dlist = self._dlist = set() 214 | for root, dirs, files in os.walk(self._rootpath): 215 | for f in files: 216 | flist.add(self._makepath(root, f)) 217 | for f in dirs: 218 | dlist.add(self._makepath(root, f)); 219 | 220 | def common_with(self, other): 221 | return sorted(self._flist.intersection(other._flist)) 222 | 223 | def new_files_in_known_dirs(self, other, omitdirs = list()): 224 | newfiles = self._flist.difference(other._flist) 225 | return sorted(f for f in newfiles if any(f.startswith(d) for d in self._dlist) 226 | and not any(f.startswith(d) for d in omitdirs)) 227 | 228 | def new_dirs(self, other): 229 | return sorted(self._dlist.difference(other._dlist)) 230 | 231 | def dump(self): 232 | for d in self._dlist: 233 | print("D", d) 234 | for f in self._flist: 235 | print("F", f) 236 | 237 | srcdir = options[''] 238 | destdir = options[''] 239 | 240 | srcapps = FileTree(srcdir) 241 | destapps = FileTree(destdir) 242 | 243 | common_files = srcapps.common_with(destapps) 244 | new_dirs = srcapps.new_dirs(destapps) 245 | 246 | def int_handler(signum, frame): 247 | print("\n^C.\nExiting. NO changes have been made to '{0}'.".format(destdir)) 248 | exit(0) 249 | 250 | signal.signal(signal.SIGINT, int_handler) 251 | 252 | print("In {0} ...".format(srcdir)) 253 | 254 | omitdirs = list() 255 | 256 | if new_dirs: 257 | print("There are {0.value} new {0.name}.".format(pluralint(len(new_dirs), 'directory'))) 258 | for i in range(len(new_dirs)): 259 | print(" {0}. {1}".format(i+1, new_dirs[i])) 260 | nv = ask("Which directories should NOT be included in the update?", lambda v: getintlist(v, len(new_dirs)+1)) 261 | if nv: 262 | omitdirs = [new_dirs[n-1] for n in nv] 263 | 264 | new_files = srcapps.new_files_in_known_dirs(destapps, omitdirs) 265 | 266 | if new_files: 267 | print("There are {0.value} new files {0.name} not present in {1}".format(pluralint(len(new_files), 'file'), destdir)) 268 | option = ask("(A)ll (N)one (C)hoose?", lambda v: v[0].upper() in 'ANC' and v[0].upper()) 269 | if option == 'N': 270 | new_files = list() 271 | elif option == 'C': 272 | nv = True 273 | while nv: 274 | for i in range(len(new_files)): 275 | print(" {0}. {1}".format(i+1, new_files[i])) 276 | nv = ask("Which files should NOT be included in the update (Enter to stop choosing)\n?", 277 | lambda v: getintlist(v, len(new_files)+1)) 278 | if nv: 279 | new_files = [new_files[i] for i in range(len(new_files)) if i+1 not in nv] 280 | print("{0.value} new {0.name} will be copied to {1}".format(pluralint(len(new_files), 'file'), destdir)) 281 | 282 | new_ops = [FileOpCopy(f, srcdir, destdir) for f in new_files] 283 | 284 | if common_files: 285 | common_diffs = FileOpDiff.create_diffs(common_files, srcdir, destdir) 286 | print("There are {0.value} {0.name} in common between {1} and {2}. ({3.value} {3.name} identical)". 287 | format(pluralint(len(common_files), 'file'), destdir, srcdir, 288 | pluralint(len(common_files) - len(common_diffs), 'is', 'are'))) 289 | option = ask("(A)ll (N)one (C)hoose?", lambda v: v[0].upper() in 'ANC' and v[0].upper()) 290 | if option == 'N': 291 | common_ops = list() 292 | elif option == 'C': 293 | common_ops = do_copy_or_edit(srcdir, destdir, common_files, common_diffs) 294 | else: 295 | common_ops = common_diffs.values() 296 | 297 | if not new_ops and not common_ops: 298 | print("There are no operations to perform.") 299 | exit(0) 300 | 301 | print("\nNothing has been done so far. Before proceeding, let's be sure...") 302 | 303 | if new_ops: 304 | print("\nThese are the new files that don't exist...") 305 | for f in new_ops: 306 | f.preview() 307 | 308 | if common_ops: 309 | print("\nThis is what we'll do with common files...") 310 | for f in common_ops: 311 | f.preview() 312 | 313 | option = yorn("\nWould you like to apply ALL the above changes?") 314 | 315 | if not option: 316 | print("No changes will be applied.") 317 | exit(0) 318 | 319 | for f in new_ops: 320 | f.apply() 321 | for f in common_ops: 322 | f.apply() 323 | -------------------------------------------------------------------------------- /bin/chaplocal: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Little script to run a chaperone docker container in the local directory 3 | # for development or other purposes. 4 | 5 | DEFAULT_IMAGE="chapdev/chaperone-baseimage" 6 | VERSTR="chaplocal version 1.31" 7 | 8 | if [ "$CHAP_SERVICE_NAME" != "" ]; then 9 | echo "The 'chaplocal' script is not intended to be run inside a container," 10 | echo "but for use on the docker host to set up local development directories." 11 | echo "Maybe you meant 'get-chaplocal'?" 12 | exit 1 13 | fi 14 | 15 | if [ "$1" == '-V' ]; then 16 | echo $VERSTR 17 | exit 18 | fi 19 | 20 | if [ "$1" == '-d' ]; then 21 | runopts="-d" 22 | shift 23 | else 24 | runopts="" 25 | fi 26 | 27 | IMAGE="$2" 28 | if [ $# == 1 ]; then 29 | IMAGE=$DEFAULT_IMAGE 30 | elif [ $# != 2 ]; then 31 | echo "" 32 | echo "Usage: chaplocal [-d] local-apps-dir [image-name]" 33 | echo "" 34 | echo "Runs the specified chaperone image and uses local-apps-dir for the apps" 35 | echo "directory. Creates a script in local-apps-dir called run.sh so you can" 36 | echo "run an interactive (default) or daemon instance." 37 | echo "" 38 | echo "Will run all container processes under the current user account with the" 39 | echo "local drive mounted as a shared volume in the container." 40 | echo "" 41 | echo "If not specified, then the image '$DEFAULT_IMAGE' will be used." 42 | echo "" 43 | exit 44 | fi 45 | 46 | APPSBASE="$1" 47 | LOCALROOT=$PWD 48 | 49 | APPSDIR=$LOCALROOT/$APPSBASE 50 | MOUNT=/home 51 | 52 | # Assure we're running in /home or /Users 53 | if [ "${PWD:0:7}" == "/Users/" ]; then 54 | MOUNT=/Users 55 | elif [ "${PWD:0:6}" != "/home/" ]; then 56 | echo "Sorry, this script is designed to operate only within the /home or /Users directory" 57 | echo "of your host. :-(" 58 | exit 1 59 | fi 60 | 61 | if [[ "$IMAGE" != *":"* ]]; then 62 | IMAGE=$IMAGE:latest 63 | fi 64 | 65 | if [ "`docker inspect $IMAGE >/dev/null 2>&1 && echo yes`" != "yes" ]; then 66 | echo "" 67 | echo Cannot find local docker image: $IMAGE 68 | echo "" 69 | echo You may want to pull the image with \"docker pull $IMAGE\" 70 | echo and then try again. 71 | exit 1 72 | fi 73 | 74 | # Extract our local UID/GID 75 | myuid=`id -u` 76 | mygid=`id -g` 77 | 78 | # Copy the boilerplate apps directory into this development directory where it can be 79 | # worked on easily. 80 | if [ ! -d $APPSDIR ]; then 81 | echo "" 82 | echo Extracting /apps default directory into $APPSDIR ... 83 | mkdir $APPSDIR 84 | SELINUX_FLAG=$(sestatus 2>/dev/null | fgrep -q enabled && echo :z) 85 | docker run -i --rm=true -v $APPSDIR:/appsdir$SELINUX_FLAG $IMAGE \ 86 | --user root --config /apps/chaperone.d --task clone-apps /appsdir $myuid:$mygid 87 | echo "You can customize the contents of $APPSDIR to tailor it for your application," 88 | echo "then use it as a template for your production image." 89 | echo "" 90 | if [ -x $APPSDIR/bin/chaplocal ]; then 91 | THEIRVER=`$APPSDIR/bin/chaplocal -V` 92 | if [ "$THEIRVER" != "$VERSTR" ]; then 93 | echo "WARNING: This image uses a different version of chaplocal." 94 | echo " Ours: $VERSTR" 95 | echo " Image: $THEIRVER" 96 | echo "" 97 | fi 98 | fi 99 | echo Executing run.sh within $APPSDIR ... 100 | echo "" 101 | elif [ ! -f $APPSDIR/run.sh ]; then 102 | echo "$APPSDIR already exists but doesn't seem to be one I created (no run.sh in there)" 103 | echo "You're on your own" 104 | exit 1 105 | else 106 | echo "" 107 | echo $APPSDIR already exists. 108 | echo Executing run.sh within $APPSDIR ... 109 | echo "" 110 | fi 111 | 112 | $APPSDIR/run.sh $runopts 113 | -------------------------------------------------------------------------------- /bin/clone-apps: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Used to clone the /apps hierarchy into a new develoment directory using 3 | # clone skeletons. 4 | 5 | DESTPATH="$1" 6 | UIDGID="$2" 7 | SKEL="$APPS_DIR/etc/skel" 8 | CLONESKEL="$SKEL/clone" 9 | 10 | if [ "$CHAP_TASK_MODE" != "1" ]; then 11 | echo "'clone-apps' should only be run in chaperone --task mode from the docker host" 12 | exit 1 13 | fi 14 | 15 | if [ "$DESTPATH" == "" -o "$UIDGID" == "" ]; then 16 | echo 'Usage: clone-apps :' 17 | exit 18 | fi 19 | 20 | if [ "${DESTPATH#/}" == "${DESTPATH}" ]; then 21 | echo "Error: must be an absolute path, $DESTPATH" 22 | exit 1 23 | fi 24 | 25 | if [ -e "$DESTPATH" ]; then 26 | if [ "$(ls $DESTPATH)" != "" ]; then 27 | echo "Error: already exists and is not empty, $DESTPATH" 28 | exit 1 29 | fi 30 | fi 31 | 32 | # Clone the actual directory 33 | (cd $APPS_DIR; tar cf - --exclude ./var .) | (mkdir -p $DESTPATH; cd $DESTPATH; tar xf -) 34 | 35 | cd $CLONESKEL 36 | skelfiles=`find . -name '*.tpl'` 37 | cd $DESTPATH 38 | 39 | source $SKEL/shell_vars.inc 40 | 41 | for tpl in $skelfiles; do 42 | tpl=${tpl#./} 43 | tdir=$(dirname $tpl) 44 | if [ "$tdir" != "." ]; then 45 | mkdir -p $tdir 46 | fi 47 | if [ ! -f "${tpl%.tpl}" ]; then 48 | tpl_envcp -a $CLONESKEL/$tpl ${tpl%.tpl} 49 | fi 50 | done 51 | 52 | chown -R $UIDGID $DESTPATH 53 | -------------------------------------------------------------------------------- /bin/cps: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # PS defaults which are a bit nicer for containers 3 | 4 | ps --forest -weo 'user,pid,ppid,pgid,vsz,rss,stat,command' $* 5 | -------------------------------------------------------------------------------- /bin/get-chaplocal: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ "$CHAP_SERVICE_NAME" != "" ]; then 4 | stty -onlcr 2>/dev/null # inhibits carriage return if -t was specified 5 | fi 6 | 7 | if [ "$CHAP_TASK_MODE" != "1" ]; then 8 | echo "get-chaplocal' should only be run in chaperone --task mode from the docker host" 9 | exit 1 10 | fi 11 | 12 | source $APPS_DIR/etc/version.inc 13 | 14 | if [ "$IMAGE_NAME" == "" ]; then 15 | script_text=`cat $APPS_DIR/bin/chaplocal` 16 | else 17 | script_text=`sed "s|chapdev/chaperone-baseimage|$IMAGE_NAME|" $APPS_DIR/bin/chaplocal` 18 | fi 19 | 20 | 21 | cat </dev/null 34 | exit 1 35 | fi 36 | cat >chaplocal <<'-QEOF-' 37 | $script_text 38 | -QEOF- 39 | chmod ugo+x chaplocal 40 | echo "" 41 | echo "The 'chaplocal' script is ready to use. Here is the help you get if you type" 42 | echo " ./chaplocal" 43 | echo "at the command line..." 44 | ./chaplocal 45 | ################################################################################# 46 | # 47 | # YOU SHOULD NOT BE SEEING THIS!!!!!!!!! IF SO, YOU ARE NOT PIPING INTO sh! 48 | # 49 | # Make sure you pipe the output of your docker command into sh, like this... 50 | # 51 | # docker run -i chapdev/chaperone-baseimage --command get-chaplocal | sh 52 | # ^^^^ 53 | ################################################################################# 54 | EOF 55 | -------------------------------------------------------------------------------- /bin/get-help: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ "$CHAP_SERVICE_NAME" != "" ]; then 4 | stty -onlcr 2>/dev/null # inhibits carriage return if -t was specified 5 | fi 6 | 7 | if [ "$CHAP_TASK_MODE" != "1" ]; then 8 | echo "get-chaplocal' should only be run in chaperone --task mode from the docker host" 9 | exit 1 10 | fi 11 | 12 | helpfile=HELP 13 | 14 | if [ "$1" != "" -a "$1" != "/bin/bash" ]; then 15 | helpfile="$1" 16 | fi 17 | 18 | function expand_template() { tpl_envcp - <$1; } 19 | skel=$APPS_DIR/etc/skel 20 | 21 | if [ ! -f "$skel/help/$helpfile.tpl" ]; then 22 | cat </dev/null # inhibits carriage return if -t was specified 5 | fi 6 | 7 | if [ "$CHAP_TASK_MODE" != "1" ]; then 8 | echo "get-chaplocal' should only be run in chaperone --task mode from the docker host" 9 | exit 1 10 | fi 11 | 12 | cat </dev/null; exit 1; }" 40 | for lf in $tplfiles; do 41 | realname=$(transform_filename $lf) 42 | contents=$(expand_template $lf) 43 | cat <$realname <<"--EOF--" 46 | $contents 47 | --EOF-- 48 | chmod 755 $realname 49 | EOF 50 | done 51 | if [ -f "$skel/help/LAUNCHER.tpl" ]; then 52 | cat <" 18 | exit 1 19 | else 20 | echo Building "$prodimage" ... 21 | fi 22 | 23 | if [ ! -f Dockerfile ]; then 24 | echo "Expecting to find Dockerfile in $PWD ... not found!" 25 | exit 1 26 | fi 27 | 28 | # Do the build 29 | docker build -t $prodimage . 30 | -------------------------------------------------------------------------------- /build/README: -------------------------------------------------------------------------------- 1 | This directory contains a template for creating derivative images 2 | based upon 'chapdev/alpine-nginx-php'. 3 | 4 | Note that these build materials will NOT become a part of the newly created image. 5 | Instead, new build materials will be created if somebody wants to use 'chaplocal' 6 | to continue development. 7 | 8 | To make a complete, ready-to-go image, you should do the following: 9 | 10 | 1. Customize Dockerfile in this directory. 11 | 12 | 2. Customize install.sh by adding any additional build commands. 13 | 14 | 3. If you want to cater to developers who want to use this image, then 15 | modify the skeleton files in ../etc/skel as described below. 16 | 17 | 4. Usually, you can just create a new .git project at in the same 18 | directory where your build.sh is located. 19 | 20 | Modifying the Skelenton Files 21 | 22 | The ../etc/skel directory contains skeleton template files which are used: 23 | * To output container-specific help using "--task get-help" 24 | * To create container-specific launchers using "--task get-launcher" 25 | * To create new development directories using 'chaplocal'. 26 | 27 | At a minimum, you should modify: ../etc/skel/help and ../etc/skel/launcher 28 | to reflect the needs of your container. 29 | 30 | If you want to improve the experience for developers using your image, then 31 | also modify the templates in ../etc/clone. 'chaplocal' uses these files when 32 | it clones a new 'apps' directory for a developer. 33 | -------------------------------------------------------------------------------- /build/install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Set in Dockerfile 4 | #GRAV_VERSION=1.0.0-rc.4 5 | 6 | cd /setup 7 | 8 | # remove existing chaperone.d and startup.d from /apps so none linger 9 | rm -rf /apps; mkdir /apps 10 | 11 | # copy everything from setup to the root /apps except Dockerfile rebuild materials 12 | echo copying application files to /apps ... 13 | tar cf - --exclude ./build \ 14 | --exclude ./build.sh \ 15 | --exclude ./www/grav \ 16 | --exclude ./var \ 17 | --exclude ./run.sh . | (cd /apps; tar xf -) 18 | 19 | # update the version information 20 | sed "s/^GRAV_VERSION=.*/GRAV_VERSION=${GRAV_VERSION}/" /apps/etc/version.inc 21 | 22 | # / is normally the user home directory for self-contained and attached-storage modes 23 | ln -sf /apps/bash.bashrc /.bashrc 24 | 25 | # PHP EXTENSIONS! 26 | # 27 | # Add any php extensions your application needs. Alpine Linux is VERY granular and 28 | # does not contain the large number of extensions you'd expect in a Ubuntu/Debian/CentOS 29 | # install. You can find the package names here... 30 | # https://pkgs.alpinelinux.org/packages?name=php-%25&repo=all&arch=x86_64&maintainer=all 31 | 32 | apk --update add \ 33 | php-ctype \ 34 | php-curl \ 35 | php-dom \ 36 | php-gd \ 37 | php-iconv \ 38 | php-json \ 39 | php-mcrypt \ 40 | php-openssl \ 41 | php-posix \ 42 | php-sockets \ 43 | php-xml \ 44 | php-xmlreader \ 45 | php-zip 46 | 47 | mkdir -p /setup/grav; cd /setup/grav 48 | wget https://github.com/getgrav/grav/releases/download/$GRAV_VERSION/grav-admin-v$GRAV_VERSION.zip 49 | cd /apps/www 50 | unzip -q /setup/grav/grav-admin-v$GRAV_VERSION.zip 51 | mv grav-admin grav 52 | 53 | # Move any writable directories to have -dist extensions. See ../startup.d/050-grav-setup.sh for how this 54 | # works when a container is started 55 | cd grav 56 | 57 | mv cache cache-dist 58 | mv backup backup-dist 59 | mv logs logs-dist 60 | mv user user-dist; mv user-dist/plugins plugins-sticky 61 | mv assets assets-dist 62 | mv images images-dist 63 | 64 | # Add additional setup commands for your production image here, if any. 65 | # ... 66 | 67 | # Clean up and assure permissions are correct 68 | 69 | rm -rf /setup 70 | chown -R runapps: /apps # for full-container execution 71 | -------------------------------------------------------------------------------- /chaperone.d/005-config.conf: -------------------------------------------------------------------------------- 1 | # 005-config.conf 2 | # 3 | # Put container configuration variables here. This should strictly be for configuration 4 | # variables that are passed into the container. 100% of container configuraiton should 5 | # be possible by setting these variables here or on the 'docker run' command line. 6 | 7 | settings: { 8 | 9 | env_set: { 10 | 11 | # This is the hostname of the host machine. Generally, this is only needed 12 | # by certain applications (such as those supporting SSL certiifcates, but is common 13 | # enough to include as a standard option. 14 | 15 | CONFIG_EXT_HOSTNAME: "$(CONFIG_EXT_HOSTNAME:-localhost)", 16 | 17 | # HTTP ports of exported ports. These are good policy to define in your "docker run" 18 | # command so that internal applications know what ports the public interfaces are 19 | # visible on. Sometimes this is necessary, such as when appliations push their 20 | # endpoints via API's or when webservers do redirects. The default launchers 21 | # for Chaperone containers handle this for you automatically. 22 | 23 | CONFIG_EXT_HTTP_PORT: "$(CONFIG_EXT_HTTP_PORT:-8080)", 24 | CONFIG_EXT_HTTPS_PORT: "$(CONFIG_EXT_HTTPS_PORT:-8443)", 25 | 26 | # Configure this to enable SSL and generate snakeoil keys for the given domain 27 | CONFIG_EXT_SSL_HOSTNAME: "$(CONFIG_EXT_SSL_HOSTNAME:-)", 28 | 29 | # CONFIG_ADMIN_USER, if set, will create a user with the given name, but only if 30 | # a user by that name does not already exist. 31 | 32 | CONFIG_ADMIN_USER: "$(CONFIG_ADMIN_USER:|NONE||$(CONFIG_ADMIN_USER:-admin))", 33 | CONFIG_ADMIN_PASSWORD: "$(CONFIG_ADMIN_PASSWORD:-ChangeMe)", 34 | CONFIG_ADMIN_EMAIL: "$(CONFIG_ADMIN_EMAIL:-nobody@nowhere.com)", 35 | CONFIG_ADMIN_NAME: "$(CONFIG_ADMIN_NAME:-Grav Administrator)", 36 | CONFIG_ADMIN_TITLE: "$(CONFIG_ADMIN_TITLE:-Grav Administrator)", 37 | 38 | # Create additional configuration variables here. Start them with "CONFIG_" 39 | # so they can be easily identified... 40 | 41 | } 42 | 43 | } 44 | -------------------------------------------------------------------------------- /chaperone.d/010-start.conf: -------------------------------------------------------------------------------- 1 | # 010-start.conf 2 | # 3 | # This is the first start-up file for the chaperone base images. Note that start-up files 4 | # are processed in order alphabetically, so settings in later files can override those in 5 | # earlier files. 6 | 7 | # General environmental settings. These settings apply to all services and logging entries. 8 | # There should be only one "settings" directive in each configuration file. But, any 9 | # settings encountered in subsequent configuration files can override or augment these. 10 | # Note that variables are expanded as late as possile. So, there can be variables 11 | # defined here which depend upon variables which will be defined later (such as _CHAP_SERVICE), 12 | # which is defined implicitly for each service. 13 | 14 | settings: { 15 | 16 | env_set: { 17 | 18 | 'LANG': 'en_US.UTF-8', 19 | 'LC_CTYPE': '$(LANG)', 20 | 'PATH': '$(APPS_DIR)/bin:/usr/local/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/sbin', 21 | 'RANDFILE': '/tmp/openssl.rnd', 22 | 23 | # Uncomment the below to tell startup.sh to lock-down the root account after the first 24 | # successful start. 25 | #'SECURE_ROOT': '1', 26 | 27 | # Variables starting with _CHAP are internal and won't be exported to services, 28 | # so we derive public environment variables if needed... 29 | 'APPS_DIR': '$(_CHAP_CONFIG_DIR:-/)', 30 | 'CHAP_SERVICE_NAME': '$(_CHAP_SERVICE:-)', 31 | 'CHAP_TASK_MODE': '$(_CHAP_TASK_MODE:-)', 32 | 33 | # The best use-cases will want to move $(VAR_DIR) out of the container to keep 34 | # the container emphemeral, so all references to var should always use this 35 | # environment variable. 36 | 'VAR_DIR': '$(APPS_DIR)/var', 37 | }, 38 | 39 | } 40 | 41 | # This is the startup script which manages the contents of $(APPS_DIR)/startup.d. It will 42 | # run each of the startup.d scripts in sequence. Because this is part of the special "INIT" 43 | # group, it will be run before any other service which is not in the group. This makes 44 | # it unnecessary to worry about 'before:' and 'after:' settings for startup scripts. 45 | 46 | startup.service: { 47 | type: oneshot, 48 | process_timeout: 600, # allow 10 minutes for startup in case installs need to be done 49 | command: '/bin/bash $(APPS_DIR)/etc/startup.sh', 50 | before: 'default,database,application', 51 | service_groups: 'INIT', 52 | } 53 | 54 | # LOGGING options are driven by the setting of CONFIG_LOGGING 55 | 56 | # Extended console logging dumps everything to stdout 57 | 58 | console-full.logging: { 59 | enabled: "$(CONFIG_LOGGING:|stdout|true|false)", 60 | selector: '*.info', 61 | stdout: true, 62 | } 63 | 64 | # Or we can send things to a file 65 | 66 | syslog-file.logging: { 67 | enabled: "$(CONFIG_LOGGING:|file|true|false)", 68 | selector: '*.info', 69 | file: '$(VAR_DIR)/log/syslog.log', 70 | } 71 | 72 | # Otherwise, if it contains "syslog:" then it is a syslog host 73 | 74 | syslog-host.logging: { 75 | enabled: "$(CONFIG_LOGGING:|syslog:*|true|false)", 76 | selector: '*.info', 77 | syslog_host: "$(CONFIG_LOGGING:/syslog://)", 78 | stdout: true, 79 | } 80 | 81 | # For the console, we include everything which is a warning except authentication 82 | # messages and daemon messages which are not errors. 83 | 84 | console.logging: { 85 | enabled: "$(CONFIG_LOGGING:|stdout|false|true)", # only if not already going to stdout 86 | stdout: true, 87 | selector: '*.warn;authpriv,auth.!*;daemon.!warn', 88 | } 89 | -------------------------------------------------------------------------------- /chaperone.d/130-nginx.conf: -------------------------------------------------------------------------------- 1 | # 130-nginx2.conf 2 | # 3 | # Start up nginx. This is a "simple" service, so chaperone will monitor Nginx and restart 4 | # it if necessary. 5 | # 6 | # In the case where no USER variable is specified, we run as the www-data user. 7 | 8 | settings: { 9 | env_set: { 10 | PHPRC: "$(APPS_DIR)/etc/php-cli.ini", 11 | NGINX_LOG_DIR: "$(VAR_DIR)/log/nginx", 12 | PHPFFM_SOCKET: "/tmp/php-fpm.sock", 13 | HTTPD_SERVER_NAME: nginx, 14 | } 15 | } 16 | 17 | phpfpm.service: { 18 | type: forking, 19 | process_timeout: 15, 20 | command: "/usr/bin/php-fpm --daemonize --fpm-config $(APPS_DIR)/etc/php-fpm.conf", 21 | pidfile: "$(PHPFPM_PID_FILE)", 22 | restart: true, 23 | uid: "$(USER:-www-data)", 24 | env_set: { 25 | PHPFPM_PID_FILE: "/tmp/php-fpm.pid", 26 | PHPFPM_LOG_DIR: "$(VAR_DIR)/log/nginx", 27 | }, 28 | env_unset: [ "PHPRC", "CONFIG_ADMIN_*" ], 29 | before: nginx.service, 30 | } 31 | 32 | nginx.service: { 33 | type: forking, 34 | process_timeout: 15, 35 | command: "$(APPS_DIR)/etc/start_nginx.sh", 36 | pidfile: "$(NGINX_PID_FILE)", 37 | kill_signal: SIGQUIT, # graceful shutdown 38 | restart: true, 39 | optional: true, 40 | enabled: true, 41 | uid: "$(USER:-www-data)", 42 | env_set: { 43 | NGINX_SITES_DIR: "$(APPS_DIR)/www", 44 | NGINX_LOG_DIR: "$(VAR_DIR)/log/nginx", 45 | NGINX_PID_FILE: "/tmp/nginx.pid" 46 | }, 47 | env_unset: [ "CONFIG_ADMIN_*" ], # we don't want these available 48 | # If Nginx does not require a database, you can leave this out. 49 | after: database, 50 | } 51 | 52 | # Use daily logging (the %d) so that log rotation isn't so important. Logs 53 | # will be created automatically for each day where they are requied. 54 | # See 300-logrotate.conf if you want to enable log rotation as a periodic 55 | # job. Note that chaperone watches for logs which are rotated and will 56 | # automatically open a new file if the old one is rotated. 57 | # 58 | # Write logs either as the USER= user, or as www-data. 59 | 60 | nginx.logging: { 61 | enabled: true, 62 | selector: 'local7.*;*.!err', 63 | file: '$(NGINX_LOG_DIR)/nginx-%d.log', 64 | uid: "$(USER:-www-data)", 65 | } 66 | 67 | nginx.logging: { 68 | enabled: true, 69 | selector: 'local7.err', 70 | stderr: true, 71 | file: '$(NGINX_LOG_DIR)/error-%d.log', 72 | uid: "$(USER:-www-data)", 73 | } 74 | -------------------------------------------------------------------------------- /chaperone.d/300-logrotate.conf: -------------------------------------------------------------------------------- 1 | # 300-logrotate.conf 2 | # 3 | # This is disabled by default. 4 | # 5 | # However, you can enable this to run logrotation daily, and customize $(APPS_DIR)/etc/logrotate.conf 6 | # to indicate which logs should be rotated. 7 | 8 | logrotate.service: { 9 | enabled: false, 10 | type: cron, 11 | interval: "25 6 * * *", # uses standard crontab format. 12 | command: "/usr/sbin/logrotate -s $(VAR_DIR)/run/logrotate.status $(APPS_DIR)/etc/logrotate.conf", 13 | optional: true, # don't worry if logrotate isn't even installed 14 | directory: "$(VAR_DIR)/log", 15 | ignore_failures: true, # problems are best just investigated rather than causing problems 16 | } 17 | -------------------------------------------------------------------------------- /etc/README: -------------------------------------------------------------------------------- 1 | This is a "mini etc" directory which, as much as possible, is where all normal application and service configuration 2 | files are stored. For example, in the chaperone-lamp configuration, all MySQL and Apache configurations are stored 3 | here, but may make reference to other files on the system (such as modules and plugins). However, the normal 4 | startup files in /etc/apache2 and /etc/mysql are not used, as they expect a normal fully-booted system. 5 | 6 | System start-up is controlled by the startup.sh script, which reads additional startup files from ../startup.d. 7 | 8 | This is not built into chaperone, but rather is a custom configuration defined within chaperone.d. If you want, 9 | you can completely change the way things work and invent new startup schemes. But, this is a good place to start. 10 | -------------------------------------------------------------------------------- /etc/fpmpool.d/www.conf: -------------------------------------------------------------------------------- 1 | ; Start a new pool named 'www'. 2 | ; the variable $pool can we used in any directive and will be replaced by the 3 | ; pool name ('www' here) 4 | [www] 5 | 6 | ; Per pool prefix 7 | ; It only applies on the following directives: 8 | ; - 'slowlog' 9 | ; - 'listen' (unixsocket) 10 | ; - 'chroot' 11 | ; - 'chdir' 12 | ; - 'php_values' 13 | ; - 'php_admin_values' 14 | ; When not set, the global prefix (or /usr) applies instead. 15 | ; Note: This directive can also be relative to the global prefix. 16 | ; Default Value: none 17 | ;prefix = /path/to/pools/$pool 18 | 19 | ; Unix user/group of processes 20 | ; Note: The user is mandatory. If the group is not set, the default user's group 21 | ; will be used. 22 | ;user = www-data 23 | ;group = www-data 24 | 25 | ; The address on which to accept FastCGI requests. 26 | ; Valid syntaxes are: 27 | ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on 28 | ; a specific port; 29 | ; 'port' - to listen on a TCP socket to all addresses on a 30 | ; specific port; 31 | ; '/path/to/unix/socket' - to listen on a unix socket. 32 | ; Note: This value is mandatory. 33 | listen = ${PHPFFM_SOCKET} 34 | 35 | ; Set listen(2) backlog. 36 | ; Default Value: 65535 (-1 on FreeBSD and OpenBSD) 37 | ;listen.backlog = 65535 38 | 39 | ; Set permissions for unix socket, if one is used. In Linux, read/write 40 | ; permissions must be set in order to allow connections from a web server. Many 41 | ; BSD-derived systems allow connections regardless of permissions. 42 | ; Default Values: user and group are set as the running user 43 | ; mode is set to 0660 44 | ;listen.owner = www-data 45 | ;listen.group = www-data 46 | ;listen.mode = 0660 47 | 48 | ; List of ipv4 addresses of FastCGI clients which are allowed to connect. 49 | ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original 50 | ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address 51 | ; must be separated by a comma. If this value is left blank, connections will be 52 | ; accepted from any ip address. 53 | ; Default Value: any 54 | ;listen.allowed_clients = 127.0.0.1 55 | 56 | ; Specify the nice(2) priority to apply to the pool processes (only if set) 57 | ; The value can vary from -19 (highest priority) to 20 (lower priority) 58 | ; Note: - It will only work if the FPM master process is launched as root 59 | ; - The pool processes will inherit the master process priority 60 | ; unless it specified otherwise 61 | ; Default Value: no set 62 | ; priority = -19 63 | 64 | ; Choose how the process manager will control the number of child processes. 65 | ; Possible Values: 66 | ; static - a fixed number (pm.max_children) of child processes; 67 | ; dynamic - the number of child processes are set dynamically based on the 68 | ; following directives. With this process management, there will be 69 | ; always at least 1 children. 70 | ; pm.max_children - the maximum number of children that can 71 | ; be alive at the same time. 72 | ; pm.start_servers - the number of children created on startup. 73 | ; pm.min_spare_servers - the minimum number of children in 'idle' 74 | ; state (waiting to process). If the number 75 | ; of 'idle' processes is less than this 76 | ; number then some children will be created. 77 | ; pm.max_spare_servers - the maximum number of children in 'idle' 78 | ; state (waiting to process). If the number 79 | ; of 'idle' processes is greater than this 80 | ; number then some children will be killed. 81 | ; ondemand - no children are created at startup. Children will be forked when 82 | ; new requests will connect. The following parameter are used: 83 | ; pm.max_children - the maximum number of children that 84 | ; can be alive at the same time. 85 | ; pm.process_idle_timeout - The number of seconds after which 86 | ; an idle process will be killed. 87 | ; Note: This value is mandatory. 88 | pm = dynamic 89 | 90 | ; The number of child processes to be created when pm is set to 'static' and the 91 | ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. 92 | ; This value sets the limit on the number of simultaneous requests that will be 93 | ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. 94 | ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP 95 | ; CGI. The below defaults are based on a server without much resources. Don't 96 | ; forget to tweak pm.* to fit your needs. 97 | ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' 98 | ; Note: This value is mandatory. 99 | pm.max_children = 5 100 | 101 | ; The number of child processes created on startup. 102 | ; Note: Used only when pm is set to 'dynamic' 103 | ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 104 | pm.start_servers = 2 105 | 106 | ; The desired minimum number of idle server processes. 107 | ; Note: Used only when pm is set to 'dynamic' 108 | ; Note: Mandatory when pm is set to 'dynamic' 109 | pm.min_spare_servers = 1 110 | 111 | ; The desired maximum number of idle server processes. 112 | ; Note: Used only when pm is set to 'dynamic' 113 | ; Note: Mandatory when pm is set to 'dynamic' 114 | pm.max_spare_servers = 3 115 | 116 | ; The number of seconds after which an idle process will be killed. 117 | ; Note: Used only when pm is set to 'ondemand' 118 | ; Default Value: 10s 119 | ;pm.process_idle_timeout = 10s; 120 | 121 | ; The number of requests each child process should execute before respawning. 122 | ; This can be useful to work around memory leaks in 3rd party libraries. For 123 | ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. 124 | ; Default Value: 0 125 | ;pm.max_requests = 500 126 | 127 | ; The URI to view the FPM status page. If this value is not set, no URI will be 128 | ; recognized as a status page. It shows the following informations: 129 | ; pool - the name of the pool; 130 | ; process manager - static, dynamic or ondemand; 131 | ; start time - the date and time FPM has started; 132 | ; start since - number of seconds since FPM has started; 133 | ; accepted conn - the number of request accepted by the pool; 134 | ; listen queue - the number of request in the queue of pending 135 | ; connections (see backlog in listen(2)); 136 | ; max listen queue - the maximum number of requests in the queue 137 | ; of pending connections since FPM has started; 138 | ; listen queue len - the size of the socket queue of pending connections; 139 | ; idle processes - the number of idle processes; 140 | ; active processes - the number of active processes; 141 | ; total processes - the number of idle + active processes; 142 | ; max active processes - the maximum number of active processes since FPM 143 | ; has started; 144 | ; max children reached - number of times, the process limit has been reached, 145 | ; when pm tries to start more children (works only for 146 | ; pm 'dynamic' and 'ondemand'); 147 | ; Value are updated in real time. 148 | ; Example output: 149 | ; pool: www 150 | ; process manager: static 151 | ; start time: 01/Jul/2011:17:53:49 +0200 152 | ; start since: 62636 153 | ; accepted conn: 190460 154 | ; listen queue: 0 155 | ; max listen queue: 1 156 | ; listen queue len: 42 157 | ; idle processes: 4 158 | ; active processes: 11 159 | ; total processes: 15 160 | ; max active processes: 12 161 | ; max children reached: 0 162 | ; 163 | ; By default the status page output is formatted as text/plain. Passing either 164 | ; 'html', 'xml' or 'json' in the query string will return the corresponding 165 | ; output syntax. Example: 166 | ; http://www.foo.bar/status 167 | ; http://www.foo.bar/status?json 168 | ; http://www.foo.bar/status?html 169 | ; http://www.foo.bar/status?xml 170 | ; 171 | ; By default the status page only outputs short status. Passing 'full' in the 172 | ; query string will also return status for each pool process. 173 | ; Example: 174 | ; http://www.foo.bar/status?full 175 | ; http://www.foo.bar/status?json&full 176 | ; http://www.foo.bar/status?html&full 177 | ; http://www.foo.bar/status?xml&full 178 | ; The Full status returns for each process: 179 | ; pid - the PID of the process; 180 | ; state - the state of the process (Idle, Running, ...); 181 | ; start time - the date and time the process has started; 182 | ; start since - the number of seconds since the process has started; 183 | ; requests - the number of requests the process has served; 184 | ; request duration - the duration in µs of the requests; 185 | ; request method - the request method (GET, POST, ...); 186 | ; request URI - the request URI with the query string; 187 | ; content length - the content length of the request (only with POST); 188 | ; user - the user (PHP_AUTH_USER) (or '-' if not set); 189 | ; script - the main script called (or '-' if not set); 190 | ; last request cpu - the %cpu the last request consumed 191 | ; it's always 0 if the process is not in Idle state 192 | ; because CPU calculation is done when the request 193 | ; processing has terminated; 194 | ; last request memory - the max amount of memory the last request consumed 195 | ; it's always 0 if the process is not in Idle state 196 | ; because memory calculation is done when the request 197 | ; processing has terminated; 198 | ; If the process is in Idle state, then informations are related to the 199 | ; last request the process has served. Otherwise informations are related to 200 | ; the current request being served. 201 | ; Example output: 202 | ; ************************ 203 | ; pid: 31330 204 | ; state: Running 205 | ; start time: 01/Jul/2011:17:53:49 +0200 206 | ; start since: 63087 207 | ; requests: 12808 208 | ; request duration: 1250261 209 | ; request method: GET 210 | ; request URI: /test_mem.php?N=10000 211 | ; content length: 0 212 | ; user: - 213 | ; script: /home/fat/web/docs/php/test_mem.php 214 | ; last request cpu: 0.00 215 | ; last request memory: 0 216 | ; 217 | ; Note: There is a real-time FPM status monitoring sample web page available 218 | ; It's available in: ${prefix}/share/fpm/status.html 219 | ; 220 | ; Note: The value must start with a leading slash (/). The value can be 221 | ; anything, but it may not be a good idea to use the .php extension or it 222 | ; may conflict with a real PHP file. 223 | ; Default Value: not set 224 | ;pm.status_path = /status 225 | 226 | ; The ping URI to call the monitoring page of FPM. If this value is not set, no 227 | ; URI will be recognized as a ping page. This could be used to test from outside 228 | ; that FPM is alive and responding, or to 229 | ; - create a graph of FPM availability (rrd or such); 230 | ; - remove a server from a group if it is not responding (load balancing); 231 | ; - trigger alerts for the operating team (24/7). 232 | ; Note: The value must start with a leading slash (/). The value can be 233 | ; anything, but it may not be a good idea to use the .php extension or it 234 | ; may conflict with a real PHP file. 235 | ; Default Value: not set 236 | ;ping.path = /ping 237 | 238 | ; This directive may be used to customize the response of a ping request. The 239 | ; response is formatted as text/plain with a 200 response code. 240 | ; Default Value: pong 241 | ;ping.response = pong 242 | 243 | ; The access log file 244 | ; Default: not set 245 | ;access.log = log/$pool.access.log 246 | 247 | ; The access log format. 248 | ; The following syntax is allowed 249 | ; %%: the '%' character 250 | ; %C: %CPU used by the request 251 | ; it can accept the following format: 252 | ; - %{user}C for user CPU only 253 | ; - %{system}C for system CPU only 254 | ; - %{total}C for user + system CPU (default) 255 | ; %d: time taken to serve the request 256 | ; it can accept the following format: 257 | ; - %{seconds}d (default) 258 | ; - %{miliseconds}d 259 | ; - %{mili}d 260 | ; - %{microseconds}d 261 | ; - %{micro}d 262 | ; %e: an environment variable (same as $_ENV or $_SERVER) 263 | ; it must be associated with embraces to specify the name of the env 264 | ; variable. Some exemples: 265 | ; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e 266 | ; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e 267 | ; %f: script filename 268 | ; %l: content-length of the request (for POST request only) 269 | ; %m: request method 270 | ; %M: peak of memory allocated by PHP 271 | ; it can accept the following format: 272 | ; - %{bytes}M (default) 273 | ; - %{kilobytes}M 274 | ; - %{kilo}M 275 | ; - %{megabytes}M 276 | ; - %{mega}M 277 | ; %n: pool name 278 | ; %o: output header 279 | ; it must be associated with embraces to specify the name of the header: 280 | ; - %{Content-Type}o 281 | ; - %{X-Powered-By}o 282 | ; - %{Transfert-Encoding}o 283 | ; - .... 284 | ; %p: PID of the child that serviced the request 285 | ; %P: PID of the parent of the child that serviced the request 286 | ; %q: the query string 287 | ; %Q: the '?' character if query string exists 288 | ; %r: the request URI (without the query string, see %q and %Q) 289 | ; %R: remote IP address 290 | ; %s: status (response code) 291 | ; %t: server time the request was received 292 | ; it can accept a strftime(3) format: 293 | ; %d/%b/%Y:%H:%M:%S %z (default) 294 | ; %T: time the log has been written (the request has finished) 295 | ; it can accept a strftime(3) format: 296 | ; %d/%b/%Y:%H:%M:%S %z (default) 297 | ; %u: remote user 298 | ; 299 | ; Default: "%R - %u %t \"%m %r\" %s" 300 | ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" 301 | 302 | ; The log file for slow requests 303 | ; Default Value: not set 304 | ; Note: slowlog is mandatory if request_slowlog_timeout is set 305 | ;slowlog = log/$pool.log.slow 306 | 307 | ; The timeout for serving a single request after which a PHP backtrace will be 308 | ; dumped to the 'slowlog' file. A value of '0s' means 'off'. 309 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 310 | ; Default Value: 0 311 | ;request_slowlog_timeout = 0 312 | 313 | ; The timeout for serving a single request after which the worker process will 314 | ; be killed. This option should be used when the 'max_execution_time' ini option 315 | ; does not stop script execution for some reason. A value of '0' means 'off'. 316 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) 317 | ; Default Value: 0 318 | ;request_terminate_timeout = 0 319 | 320 | ; Set open file descriptor rlimit. 321 | ; Default Value: system defined value 322 | ;rlimit_files = 1024 323 | 324 | ; Set max core size rlimit. 325 | ; Possible Values: 'unlimited' or an integer greater or equal to 0 326 | ; Default Value: system defined value 327 | ;rlimit_core = 0 328 | 329 | ; Chroot to this directory at the start. This value must be defined as an 330 | ; absolute path. When this value is not set, chroot is not used. 331 | ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one 332 | ; of its subdirectories. If the pool prefix is not set, the global prefix 333 | ; will be used instead. 334 | ; Note: chrooting is a great security feature and should be used whenever 335 | ; possible. However, all PHP paths will be relative to the chroot 336 | ; (error_log, sessions.save_path, ...). 337 | ; Default Value: not set 338 | ;chroot = 339 | 340 | ; Chdir to this directory at the start. 341 | ; Note: relative path can be used. 342 | ; Default Value: current directory or / when chroot 343 | chdir = / 344 | 345 | ; Redirect worker stdout and stderr into main error log. If not set, stdout and 346 | ; stderr will be redirected to /dev/null according to FastCGI specs. 347 | ; Note: on highloaded environement, this can cause some delay in the page 348 | ; process time (several ms). 349 | ; Default Value: no 350 | ;catch_workers_output = yes 351 | 352 | ; Limits the extensions of the main script FPM will allow to parse. This can 353 | ; prevent configuration mistakes on the web server side. You should only limit 354 | ; FPM to .php extensions to prevent malicious users to use other extensions to 355 | ; exectute php code. 356 | ; Note: set an empty value to allow all extensions. 357 | ; Default Value: .php 358 | ;security.limit_extensions = .php .php3 .php4 .php5 359 | 360 | ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from 361 | ; the current environment. 362 | ; Default Value: clean env 363 | ;env[HOSTNAME] = $HOSTNAME 364 | ;env[PATH] = /usr/local/bin:/usr/bin:/bin 365 | ;env[TMP] = /tmp 366 | ;env[TMPDIR] = /tmp 367 | ;env[TEMP] = /tmp 368 | 369 | ; Additional php.ini defines, specific to this pool of workers. These settings 370 | ; overwrite the values previously defined in the php.ini. The directives are the 371 | ; same as the PHP SAPI: 372 | ; php_value/php_flag - you can set classic ini defines which can 373 | ; be overwritten from PHP call 'ini_set'. 374 | ; php_admin_value/php_admin_flag - these directives won't be overwritten by 375 | ; PHP call 'ini_set' 376 | ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. 377 | 378 | ; Defining 'extension' will load the corresponding shared extension from 379 | ; extension_dir. Defining 'disable_functions' or 'disable_classes' will not 380 | ; overwrite previously defined php.ini values, but will append the new value 381 | ; instead. 382 | 383 | ; Note: path INI options can be relative and will be expanded with the prefix 384 | ; (pool, global or /usr) 385 | 386 | ; Default Value: nothing is defined by default except the values in php.ini and 387 | ; specified at startup with the -d argument 388 | ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com 389 | ;php_flag[display_errors] = off 390 | ;php_admin_value[error_log] = /var/log/fpm-php.www.log 391 | ;php_admin_flag[log_errors] = on 392 | ;php_admin_value[memory_limit] = 32M 393 | 394 | php_admin_value[mysql.default_socket] = ${MYSQL_UNIX_PORT} 395 | php_admin_value[mysqli.default_socket] = ${MYSQL_UNIX_PORT} 396 | 397 | env[APPS_DIR] = ${APPS_DIR}; 398 | env[VAR_DIR] = ${VAR_DIR}; 399 | env[HTTPD_SERVER_NAME] = ${HTTPD_SERVER_NAME}; 400 | 401 | -------------------------------------------------------------------------------- /etc/logrotate.conf: -------------------------------------------------------------------------------- 1 | # logrotate will run in the $(VAR_DIR)/log directory by default. 2 | # So paths here needn't be absolute. 3 | 4 | "*.log" { 5 | rotate 5 6 | daily 7 | compress 8 | } 9 | -------------------------------------------------------------------------------- /etc/nginx.conf.tpl: -------------------------------------------------------------------------------- 1 | # DO NOT MODIFY THIS FILE. IT WILL BE REGENERATED EVERY TIME THE CONTAINER STARTS 2 | 3 | # This file is processed by envcp. See apps/etc/start_nginx.sh 4 | 5 | # Interestingly, Nginx will attempt to write to /var/log/nginx/error.log no matter WHAT you do, so 6 | # check there if you are having startup problems, but the following should at least assure 7 | # that things go to syslog whenever Nginx deems fit. 8 | error_log syslog:server=unix:/dev/log; 9 | 10 | worker_processes 4; 11 | working_directory %(APPS_DIR); 12 | 13 | pid %(NGINX_PID_FILE); 14 | 15 | events { 16 | worker_connections 768; 17 | # multi_accept on; 18 | } 19 | 20 | http { 21 | 22 | ## 23 | # Basic Settings 24 | ## 25 | 26 | sendfile on; 27 | tcp_nopush on; 28 | tcp_nodelay on; 29 | keepalive_timeout 65; 30 | types_hash_max_size 2048; 31 | # server_tokens off; 32 | 33 | # server_names_hash_bucket_size 64; 34 | # server_name_in_redirect off; 35 | 36 | # Set an array of temp and cache file options that will otherwise default to 37 | # restricted locations accessible only to root. 38 | client_body_temp_path /tmp/client_body; 39 | fastcgi_temp_path /tmp/fastcgi_temp; 40 | proxy_temp_path /tmp/proxy_temp; 41 | scgi_temp_path /tmp/scgi_temp; 42 | uwsgi_temp_path /tmp/uwsgi_temp; 43 | 44 | include /etc/nginx/mime.types; 45 | default_type application/octet-stream; 46 | 47 | ## 48 | # Logging Settings 49 | ## 50 | 51 | access_log %(NGINX_LOG_DIR)/access.log; 52 | 53 | ## 54 | # Gzip Settings 55 | ## 56 | 57 | gzip on; 58 | gzip_disable "msie6"; 59 | 60 | # gzip_vary on; 61 | # gzip_proxied any; 62 | # gzip_comp_level 6; 63 | # gzip_buffers 16 8k; 64 | # gzip_http_version 1.1; 65 | # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; 66 | 67 | ## 68 | # nginx-naxsi config 69 | ## 70 | # Uncomment it if you installed nginx-naxsi 71 | ## 72 | 73 | #include /etc/nginx/naxsi_core.rules; 74 | 75 | ## 76 | # nginx-passenger config 77 | ## 78 | # Uncomment it if you installed nginx-passenger 79 | ## 80 | 81 | #passenger_root /usr; 82 | #passenger_ruby /usr/bin/ruby; 83 | 84 | ## 85 | # Virtual Host Configs 86 | ## 87 | 88 | include %(VAR_DIR)/sites.d/*.conf; 89 | } 90 | -------------------------------------------------------------------------------- /etc/php-cli.ini: -------------------------------------------------------------------------------- 1 | [PHP] 2 | 3 | ;; This version of php.ini is used ONLY for command line operations. 4 | ;; See 120-apache2.conf for the definition of the PHPRC environment 5 | ;; variable. 6 | 7 | ; Quick Reference ; 8 | ;;;;;;;;;;;;;;;;;;; 9 | ; The following are all the settings which are different in either the production 10 | ; or development versions of the INIs with respect to PHP's default behavior. 11 | ; Please see the actual settings later in the document for more details as to why 12 | ; we recommend these changes in PHP's behavior. 13 | 14 | ; display_errors 15 | ; Default Value: On 16 | ; Development Value: On 17 | ; Production Value: Off 18 | 19 | ; display_startup_errors 20 | ; Default Value: Off 21 | ; Development Value: On 22 | ; Production Value: Off 23 | 24 | ; error_reporting 25 | ; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED 26 | ; Development Value: E_ALL 27 | ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT 28 | 29 | ; html_errors 30 | ; Default Value: On 31 | ; Development Value: On 32 | ; Production value: On 33 | 34 | ; log_errors 35 | ; Default Value: Off 36 | ; Development Value: On 37 | ; Production Value: On 38 | 39 | ; max_input_time 40 | ; Default Value: -1 (Unlimited) 41 | ; Development Value: 60 (60 seconds) 42 | ; Production Value: 60 (60 seconds) 43 | 44 | ; output_buffering 45 | ; Default Value: Off 46 | ; Development Value: 4096 47 | ; Production Value: 4096 48 | 49 | ; register_argc_argv 50 | ; Default Value: On 51 | ; Development Value: Off 52 | ; Production Value: Off 53 | 54 | ; request_order 55 | ; Default Value: None 56 | ; Development Value: "GP" 57 | ; Production Value: "GP" 58 | 59 | ; session.bug_compat_42 60 | ; Default Value: On 61 | ; Development Value: On 62 | ; Production Value: Off 63 | 64 | ; session.bug_compat_warn 65 | ; Default Value: On 66 | ; Development Value: On 67 | ; Production Value: Off 68 | 69 | ; session.gc_divisor 70 | ; Default Value: 100 71 | ; Development Value: 1000 72 | ; Production Value: 1000 73 | 74 | ; session.hash_bits_per_character 75 | ; Default Value: 4 76 | ; Development Value: 5 77 | ; Production Value: 5 78 | 79 | ; short_open_tag 80 | ; Default Value: On 81 | ; Development Value: Off 82 | ; Production Value: Off 83 | 84 | ; track_errors 85 | ; Default Value: Off 86 | ; Development Value: On 87 | ; Production Value: Off 88 | 89 | ; url_rewriter.tags 90 | ; Default Value: "a=href,area=href,frame=src,form=,fieldset=" 91 | ; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" 92 | ; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" 93 | 94 | ; variables_order 95 | ; Default Value: "EGPCS" 96 | ; Development Value: "GPCS" 97 | ; Production Value: "GPCS" 98 | 99 | ;;;;;;;;;;;;;;;;;;;; 100 | ; php.ini Options ; 101 | ;;;;;;;;;;;;;;;;;;;; 102 | ; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" 103 | ;user_ini.filename = ".user.ini" 104 | 105 | ; To disable this feature set this option to empty value 106 | ;user_ini.filename = 107 | 108 | ; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) 109 | ;user_ini.cache_ttl = 300 110 | 111 | ;;;;;;;;;;;;;;;;;;;; 112 | ; Language Options ; 113 | ;;;;;;;;;;;;;;;;;;;; 114 | 115 | ; Enable the PHP scripting language engine under Apache. 116 | ; http://php.net/engine 117 | engine = On 118 | 119 | ; This directive determines whether or not PHP will recognize code between 120 | ; tags as PHP source which should be processed as such. It is 121 | ; generally recommended that should be used and that this feature 122 | ; should be disabled, as enabling it may result in issues when generating XML 123 | ; documents, however this remains supported for backward compatibility reasons. 124 | ; Note that this directive does not control the tags. 133 | ; http://php.net/asp-tags 134 | asp_tags = Off 135 | 136 | ; The number of significant digits displayed in floating point numbers. 137 | ; http://php.net/precision 138 | precision = 14 139 | 140 | ; Output buffering is a mechanism for controlling how much output data 141 | ; (excluding headers and cookies) PHP should keep internally before pushing that 142 | ; data to the client. If your application's output exceeds this setting, PHP 143 | ; will send that data in chunks of roughly the size you specify. 144 | ; Turning on this setting and managing its maximum buffer size can yield some 145 | ; interesting side-effects depending on your application and web server. 146 | ; You may be able to send headers and cookies after you've already sent output 147 | ; through print or echo. You also may see performance benefits if your server is 148 | ; emitting less packets due to buffered output versus PHP streaming the output 149 | ; as it gets it. On production servers, 4096 bytes is a good setting for performance 150 | ; reasons. 151 | ; Note: Output buffering can also be controlled via Output Buffering Control 152 | ; functions. 153 | ; Possible Values: 154 | ; On = Enabled and buffer is unlimited. (Use with caution) 155 | ; Off = Disabled 156 | ; Integer = Enables the buffer and sets its maximum size in bytes. 157 | ; Note: This directive is hardcoded to Off for the CLI SAPI 158 | ; Default Value: Off 159 | ; Development Value: 4096 160 | ; Production Value: 4096 161 | ; http://php.net/output-buffering 162 | output_buffering = 4096 163 | 164 | ; You can redirect all of the output of your scripts to a function. For 165 | ; example, if you set output_handler to "mb_output_handler", character 166 | ; encoding will be transparently converted to the specified encoding. 167 | ; Setting any output handler automatically turns on output buffering. 168 | ; Note: People who wrote portable scripts should not depend on this ini 169 | ; directive. Instead, explicitly set the output handler using ob_start(). 170 | ; Using this ini directive may cause problems unless you know what script 171 | ; is doing. 172 | ; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler" 173 | ; and you cannot use both "ob_gzhandler" and "zlib.output_compression". 174 | ; Note: output_handler must be empty if this is set 'On' !!!! 175 | ; Instead you must use zlib.output_handler. 176 | ; http://php.net/output-handler 177 | ;output_handler = 178 | 179 | ; Transparent output compression using the zlib library 180 | ; Valid values for this option are 'off', 'on', or a specific buffer size 181 | ; to be used for compression (default is 4KB) 182 | ; Note: Resulting chunk size may vary due to nature of compression. PHP 183 | ; outputs chunks that are few hundreds bytes each as a result of 184 | ; compression. If you prefer a larger chunk size for better 185 | ; performance, enable output_buffering in addition. 186 | ; Note: You need to use zlib.output_handler instead of the standard 187 | ; output_handler, or otherwise the output will be corrupted. 188 | ; http://php.net/zlib.output-compression 189 | zlib.output_compression = Off 190 | 191 | ; http://php.net/zlib.output-compression-level 192 | ;zlib.output_compression_level = -1 193 | 194 | ; You cannot specify additional output handlers if zlib.output_compression 195 | ; is activated here. This setting does the same as output_handler but in 196 | ; a different order. 197 | ; http://php.net/zlib.output-handler 198 | ;zlib.output_handler = 199 | 200 | ; Implicit flush tells PHP to tell the output layer to flush itself 201 | ; automatically after every output block. This is equivalent to calling the 202 | ; PHP function flush() after each and every call to print() or echo() and each 203 | ; and every HTML block. Turning this option on has serious performance 204 | ; implications and is generally recommended for debugging purposes only. 205 | ; http://php.net/implicit-flush 206 | ; Note: This directive is hardcoded to On for the CLI SAPI 207 | implicit_flush = Off 208 | 209 | ; The unserialize callback function will be called (with the undefined class' 210 | ; name as parameter), if the unserializer finds an undefined class 211 | ; which should be instantiated. A warning appears if the specified function is 212 | ; not defined, or if the function doesn't include/implement the missing class. 213 | ; So only set this entry, if you really want to implement such a 214 | ; callback-function. 215 | unserialize_callback_func = 216 | 217 | ; When floats & doubles are serialized store serialize_precision significant 218 | ; digits after the floating point. The default value ensures that when floats 219 | ; are decoded with unserialize, the data will remain the same. 220 | serialize_precision = 17 221 | 222 | ; open_basedir, if set, limits all file operations to the defined directory 223 | ; and below. This directive makes most sense if used in a per-directory 224 | ; or per-virtualhost web server configuration file. This directive is 225 | ; *NOT* affected by whether Safe Mode is turned On or Off. 226 | ; http://php.net/open-basedir 227 | ;open_basedir = 228 | 229 | ; This directive allows you to disable certain functions for security reasons. 230 | ; It receives a comma-delimited list of function names. This directive is 231 | ; *NOT* affected by whether Safe Mode is turned On or Off. 232 | ; http://php.net/disable-functions 233 | disable_functions = 234 | 235 | ; This directive allows you to disable certain classes for security reasons. 236 | ; It receives a comma-delimited list of class names. This directive is 237 | ; *NOT* affected by whether Safe Mode is turned On or Off. 238 | ; http://php.net/disable-classes 239 | disable_classes = 240 | 241 | ; Colors for Syntax Highlighting mode. Anything that's acceptable in 242 | ; would work. 243 | ; http://php.net/syntax-highlighting 244 | ;highlight.string = #DD0000 245 | ;highlight.comment = #FF9900 246 | ;highlight.keyword = #007700 247 | ;highlight.default = #0000BB 248 | ;highlight.html = #000000 249 | 250 | ; If enabled, the request will be allowed to complete even if the user aborts 251 | ; the request. Consider enabling it if executing long requests, which may end up 252 | ; being interrupted by the user or a browser timing out. PHP's default behavior 253 | ; is to disable this feature. 254 | ; http://php.net/ignore-user-abort 255 | ;ignore_user_abort = On 256 | 257 | ; Determines the size of the realpath cache to be used by PHP. This value should 258 | ; be increased on systems where PHP opens many files to reflect the quantity of 259 | ; the file operations performed. 260 | ; http://php.net/realpath-cache-size 261 | ;realpath_cache_size = 16k 262 | 263 | ; Duration of time, in seconds for which to cache realpath information for a given 264 | ; file or directory. For systems with rarely changing files, consider increasing this 265 | ; value. 266 | ; http://php.net/realpath-cache-ttl 267 | ;realpath_cache_ttl = 120 268 | 269 | ; Enables or disables the circular reference collector. 270 | ; http://php.net/zend.enable-gc 271 | zend.enable_gc = On 272 | 273 | ; If enabled, scripts may be written in encodings that are incompatible with 274 | ; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such 275 | ; encodings. To use this feature, mbstring extension must be enabled. 276 | ; Default: Off 277 | ;zend.multibyte = Off 278 | 279 | ; Allows to set the default encoding for the scripts. This value will be used 280 | ; unless "declare(encoding=...)" directive appears at the top of the script. 281 | ; Only affects if zend.multibyte is set. 282 | ; Default: "" 283 | ;zend.script_encoding = 284 | 285 | ;;;;;;;;;;;;;;;;; 286 | ; Miscellaneous ; 287 | ;;;;;;;;;;;;;;;;; 288 | 289 | ; Decides whether PHP may expose the fact that it is installed on the server 290 | ; (e.g. by adding its signature to the Web server header). It is no security 291 | ; threat in any way, but it makes it possible to determine whether you use PHP 292 | ; on your server or not. 293 | ; http://php.net/expose-php 294 | expose_php = On 295 | 296 | ;;;;;;;;;;;;;;;;;;; 297 | ; Resource Limits ; 298 | ;;;;;;;;;;;;;;;;;;; 299 | 300 | ; Maximum execution time of each script, in seconds 301 | ; http://php.net/max-execution-time 302 | ; Note: This directive is hardcoded to 0 for the CLI SAPI 303 | max_execution_time = 30 304 | 305 | ; Maximum amount of time each script may spend parsing request data. It's a good 306 | ; idea to limit this time on productions servers in order to eliminate unexpectedly 307 | ; long running scripts. 308 | ; Note: This directive is hardcoded to -1 for the CLI SAPI 309 | ; Default Value: -1 (Unlimited) 310 | ; Development Value: 60 (60 seconds) 311 | ; Production Value: 60 (60 seconds) 312 | ; http://php.net/max-input-time 313 | max_input_time = 60 314 | 315 | ; Maximum input variable nesting level 316 | ; http://php.net/max-input-nesting-level 317 | ;max_input_nesting_level = 64 318 | 319 | ; How many GET/POST/COOKIE input variables may be accepted 320 | ; max_input_vars = 1000 321 | 322 | ; Maximum amount of memory a script may consume (128MB) 323 | ; http://php.net/memory-limit 324 | memory_limit = -1 325 | 326 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 327 | ; Error handling and logging ; 328 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 329 | 330 | ; This directive informs PHP of which errors, warnings and notices you would like 331 | ; it to take action for. The recommended way of setting values for this 332 | ; directive is through the use of the error level constants and bitwise 333 | ; operators. The error level constants are below here for convenience as well as 334 | ; some common settings and their meanings. 335 | ; By default, PHP is set to take action on all errors, notices and warnings EXCEPT 336 | ; those related to E_NOTICE and E_STRICT, which together cover best practices and 337 | ; recommended coding standards in PHP. For performance reasons, this is the 338 | ; recommend error reporting setting. Your production server shouldn't be wasting 339 | ; resources complaining about best practices and coding standards. That's what 340 | ; development servers and development settings are for. 341 | ; Note: The php.ini-development file has this setting as E_ALL. This 342 | ; means it pretty much reports everything which is exactly what you want during 343 | ; development and early testing. 344 | ; 345 | ; Error Level Constants: 346 | ; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) 347 | ; E_ERROR - fatal run-time errors 348 | ; E_RECOVERABLE_ERROR - almost fatal run-time errors 349 | ; E_WARNING - run-time warnings (non-fatal errors) 350 | ; E_PARSE - compile-time parse errors 351 | ; E_NOTICE - run-time notices (these are warnings which often result 352 | ; from a bug in your code, but it's possible that it was 353 | ; intentional (e.g., using an uninitialized variable and 354 | ; relying on the fact it's automatically initialized to an 355 | ; empty string) 356 | ; E_STRICT - run-time notices, enable to have PHP suggest changes 357 | ; to your code which will ensure the best interoperability 358 | ; and forward compatibility of your code 359 | ; E_CORE_ERROR - fatal errors that occur during PHP's initial startup 360 | ; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's 361 | ; initial startup 362 | ; E_COMPILE_ERROR - fatal compile-time errors 363 | ; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) 364 | ; E_USER_ERROR - user-generated error message 365 | ; E_USER_WARNING - user-generated warning message 366 | ; E_USER_NOTICE - user-generated notice message 367 | ; E_DEPRECATED - warn about code that will not work in future versions 368 | ; of PHP 369 | ; E_USER_DEPRECATED - user-generated deprecation warnings 370 | ; 371 | ; Common Values: 372 | ; E_ALL (Show all errors, warnings and notices including coding standards.) 373 | ; E_ALL & ~E_NOTICE (Show all errors, except for notices) 374 | ; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) 375 | ; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) 376 | ; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED 377 | ; Development Value: E_ALL 378 | ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT 379 | ; http://php.net/error-reporting 380 | error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT 381 | 382 | ; This directive controls whether or not and where PHP will output errors, 383 | ; notices and warnings too. Error output is very useful during development, but 384 | ; it could be very dangerous in production environments. Depending on the code 385 | ; which is triggering the error, sensitive information could potentially leak 386 | ; out of your application such as database usernames and passwords or worse. 387 | ; It's recommended that errors be logged on production servers rather than 388 | ; having the errors sent to STDOUT. 389 | ; Possible Values: 390 | ; Off = Do not display any errors 391 | ; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) 392 | ; On or stdout = Display errors to STDOUT 393 | ; Default Value: On 394 | ; Development Value: On 395 | ; Production Value: Off 396 | ; http://php.net/display-errors 397 | display_errors = Off 398 | 399 | ; The display of errors which occur during PHP's startup sequence are handled 400 | ; separately from display_errors. PHP's default behavior is to suppress those 401 | ; errors from clients. Turning the display of startup errors on can be useful in 402 | ; debugging configuration problems. But, it's strongly recommended that you 403 | ; leave this setting off on production servers. 404 | ; Default Value: Off 405 | ; Development Value: On 406 | ; Production Value: Off 407 | ; http://php.net/display-startup-errors 408 | display_startup_errors = Off 409 | 410 | ; Besides displaying errors, PHP can also log errors to locations such as a 411 | ; server-specific log, STDERR, or a location specified by the error_log 412 | ; directive found below. While errors should not be displayed on productions 413 | ; servers they should still be monitored and logging is a great way to do that. 414 | ; Default Value: Off 415 | ; Development Value: On 416 | ; Production Value: On 417 | ; http://php.net/log-errors 418 | log_errors = On 419 | 420 | ; Set maximum length of log_errors. In error_log information about the source is 421 | ; added. The default is 1024 and 0 allows to not apply any maximum length at all. 422 | ; http://php.net/log-errors-max-len 423 | log_errors_max_len = 1024 424 | 425 | ; Do not log repeated messages. Repeated errors must occur in same file on same 426 | ; line unless ignore_repeated_source is set true. 427 | ; http://php.net/ignore-repeated-errors 428 | ignore_repeated_errors = Off 429 | 430 | ; Ignore source of message when ignoring repeated messages. When this setting 431 | ; is On you will not log errors with repeated messages from different files or 432 | ; source lines. 433 | ; http://php.net/ignore-repeated-source 434 | ignore_repeated_source = Off 435 | 436 | ; If this parameter is set to Off, then memory leaks will not be shown (on 437 | ; stdout or in the log). This has only effect in a debug compile, and if 438 | ; error reporting includes E_WARNING in the allowed list 439 | ; http://php.net/report-memleaks 440 | report_memleaks = On 441 | 442 | ; This setting is on by default. 443 | ;report_zend_debug = 0 444 | 445 | ; Store the last error/warning message in $php_errormsg (boolean). Setting this value 446 | ; to On can assist in debugging and is appropriate for development servers. It should 447 | ; however be disabled on production servers. 448 | ; Default Value: Off 449 | ; Development Value: On 450 | ; Production Value: Off 451 | ; http://php.net/track-errors 452 | track_errors = Off 453 | 454 | ; Turn off normal error reporting and emit XML-RPC error XML 455 | ; http://php.net/xmlrpc-errors 456 | ;xmlrpc_errors = 0 457 | 458 | ; An XML-RPC faultCode 459 | ;xmlrpc_error_number = 0 460 | 461 | ; When PHP displays or logs an error, it has the capability of formatting the 462 | ; error message as HTML for easier reading. This directive controls whether 463 | ; the error message is formatted as HTML or not. 464 | ; Note: This directive is hardcoded to Off for the CLI SAPI 465 | ; Default Value: On 466 | ; Development Value: On 467 | ; Production value: On 468 | ; http://php.net/html-errors 469 | html_errors = On 470 | 471 | ; If html_errors is set to On *and* docref_root is not empty, then PHP 472 | ; produces clickable error messages that direct to a page describing the error 473 | ; or function causing the error in detail. 474 | ; You can download a copy of the PHP manual from http://php.net/docs 475 | ; and change docref_root to the base URL of your local copy including the 476 | ; leading '/'. You must also specify the file extension being used including 477 | ; the dot. PHP's default behavior is to leave these settings empty, in which 478 | ; case no links to documentation are generated. 479 | ; Note: Never use this feature for production boxes. 480 | ; http://php.net/docref-root 481 | ; Examples 482 | ;docref_root = "/phpmanual/" 483 | 484 | ; http://php.net/docref-ext 485 | ;docref_ext = .html 486 | 487 | ; String to output before an error message. PHP's default behavior is to leave 488 | ; this setting blank. 489 | ; http://php.net/error-prepend-string 490 | ; Example: 491 | ;error_prepend_string = "" 492 | 493 | ; String to output after an error message. PHP's default behavior is to leave 494 | ; this setting blank. 495 | ; http://php.net/error-append-string 496 | ; Example: 497 | ;error_append_string = "" 498 | 499 | ; Log errors to specified file. PHP's default behavior is to leave this value 500 | ; empty. 501 | ; http://php.net/error-log 502 | ; Example: 503 | ;error_log = php_errors.log 504 | ; Log errors to syslog (Event Log on NT, not valid in Windows 95). 505 | ;error_log = syslog 506 | 507 | ;windows.show_crt_warning 508 | ; Default value: 0 509 | ; Development value: 0 510 | ; Production value: 0 511 | 512 | ;;;;;;;;;;;;;;;;; 513 | ; Data Handling ; 514 | ;;;;;;;;;;;;;;;;; 515 | 516 | ; The separator used in PHP generated URLs to separate arguments. 517 | ; PHP's default setting is "&". 518 | ; http://php.net/arg-separator.output 519 | ; Example: 520 | ;arg_separator.output = "&" 521 | 522 | ; List of separator(s) used by PHP to parse input URLs into variables. 523 | ; PHP's default setting is "&". 524 | ; NOTE: Every character in this directive is considered as separator! 525 | ; http://php.net/arg-separator.input 526 | ; Example: 527 | ;arg_separator.input = ";&" 528 | 529 | ; This directive determines which super global arrays are registered when PHP 530 | ; starts up. G,P,C,E & S are abbreviations for the following respective super 531 | ; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty 532 | ; paid for the registration of these arrays and because ENV is not as commonly 533 | ; used as the others, ENV is not recommended on productions servers. You 534 | ; can still get access to the environment variables through getenv() should you 535 | ; need to. 536 | ; Default Value: "EGPCS" 537 | ; Development Value: "GPCS" 538 | ; Production Value: "GPCS"; 539 | ; http://php.net/variables-order 540 | variables_order = "GPCS" 541 | 542 | ; This directive determines which super global data (G,P,C,E & S) should 543 | ; be registered into the super global array REQUEST. If so, it also determines 544 | ; the order in which that data is registered. The values for this directive are 545 | ; specified in the same manner as the variables_order directive, EXCEPT one. 546 | ; Leaving this value empty will cause PHP to use the value set in the 547 | ; variables_order directive. It does not mean it will leave the super globals 548 | ; array REQUEST empty. 549 | ; Default Value: None 550 | ; Development Value: "GP" 551 | ; Production Value: "GP" 552 | ; http://php.net/request-order 553 | request_order = "GP" 554 | 555 | ; This directive determines whether PHP registers $argv & $argc each time it 556 | ; runs. $argv contains an array of all the arguments passed to PHP when a script 557 | ; is invoked. $argc contains an integer representing the number of arguments 558 | ; that were passed when the script was invoked. These arrays are extremely 559 | ; useful when running scripts from the command line. When this directive is 560 | ; enabled, registering these variables consumes CPU cycles and memory each time 561 | ; a script is executed. For performance reasons, this feature should be disabled 562 | ; on production servers. 563 | ; Note: This directive is hardcoded to On for the CLI SAPI 564 | ; Default Value: On 565 | ; Development Value: Off 566 | ; Production Value: Off 567 | ; http://php.net/register-argc-argv 568 | register_argc_argv = Off 569 | 570 | ; When enabled, the ENV, REQUEST and SERVER variables are created when they're 571 | ; first used (Just In Time) instead of when the script starts. If these 572 | ; variables are not used within a script, having this directive on will result 573 | ; in a performance gain. The PHP directive register_argc_argv must be disabled 574 | ; for this directive to have any affect. 575 | ; http://php.net/auto-globals-jit 576 | auto_globals_jit = On 577 | 578 | ; Whether PHP will read the POST data. 579 | ; This option is enabled by default. 580 | ; Most likely, you won't want to disable this option globally. It causes $_POST 581 | ; and $_FILES to always be empty; the only way you will be able to read the 582 | ; POST data will be through the php://input stream wrapper. This can be useful 583 | ; to proxy requests or to process the POST data in a memory efficient fashion. 584 | ; http://php.net/enable-post-data-reading 585 | ;enable_post_data_reading = Off 586 | 587 | ; Maximum size of POST data that PHP will accept. 588 | ; Its value may be 0 to disable the limit. It is ignored if POST data reading 589 | ; is disabled through enable_post_data_reading. 590 | ; http://php.net/post-max-size 591 | post_max_size = 8M 592 | 593 | ; Automatically add files before PHP document. 594 | ; http://php.net/auto-prepend-file 595 | auto_prepend_file = 596 | 597 | ; Automatically add files after PHP document. 598 | ; http://php.net/auto-append-file 599 | auto_append_file = 600 | 601 | ; By default, PHP will output a character encoding using 602 | ; the Content-type: header. To disable sending of the charset, simply 603 | ; set it to be empty. 604 | ; 605 | ; PHP's built-in default is text/html 606 | ; http://php.net/default-mimetype 607 | default_mimetype = "text/html" 608 | 609 | ; PHP's default character set is set to empty. 610 | ; http://php.net/default-charset 611 | ;default_charset = "UTF-8" 612 | 613 | ; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is 614 | ; to disable this feature. If post reading is disabled through 615 | ; enable_post_data_reading, $HTTP_RAW_POST_DATA is *NOT* populated. 616 | ; http://php.net/always-populate-raw-post-data 617 | ;always_populate_raw_post_data = On 618 | 619 | ;;;;;;;;;;;;;;;;;;;;;;;;; 620 | ; Paths and Directories ; 621 | ;;;;;;;;;;;;;;;;;;;;;;;;; 622 | 623 | ; UNIX: "/path1:/path2" 624 | ;include_path = ".:/usr/share/php" 625 | ; 626 | ; Windows: "\path1;\path2" 627 | ;include_path = ".;c:\php\includes" 628 | ; 629 | ; PHP's default setting for include_path is ".;/path/to/php/pear" 630 | ; http://php.net/include-path 631 | 632 | ; The root of the PHP pages, used only if nonempty. 633 | ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root 634 | ; if you are running php as a CGI under any web server (other than IIS) 635 | ; see documentation for security issues. The alternate is to use the 636 | ; cgi.force_redirect configuration below 637 | ; http://php.net/doc-root 638 | doc_root = 639 | 640 | ; The directory under which PHP opens the script using /~username used only 641 | ; if nonempty. 642 | ; http://php.net/user-dir 643 | user_dir = 644 | 645 | ; Directory in which the loadable extensions (modules) reside. 646 | ; http://php.net/extension-dir 647 | ; extension_dir = "./" 648 | ; On windows: 649 | ; extension_dir = "ext" 650 | 651 | ; Directory where the temporary files should be placed. 652 | ; Defaults to the system default (see sys_get_temp_dir) 653 | ; sys_temp_dir = "/tmp" 654 | 655 | ; Whether or not to enable the dl() function. The dl() function does NOT work 656 | ; properly in multithreaded servers, such as IIS or Zeus, and is automatically 657 | ; disabled on them. 658 | ; http://php.net/enable-dl 659 | enable_dl = Off 660 | 661 | ; cgi.force_redirect is necessary to provide security running PHP as a CGI under 662 | ; most web servers. Left undefined, PHP turns this on by default. You can 663 | ; turn it off here AT YOUR OWN RISK 664 | ; **You CAN safely turn this off for IIS, in fact, you MUST.** 665 | ; http://php.net/cgi.force-redirect 666 | ;cgi.force_redirect = 1 667 | 668 | ; if cgi.nph is enabled it will force cgi to always sent Status: 200 with 669 | ; every request. PHP's default behavior is to disable this feature. 670 | ;cgi.nph = 1 671 | 672 | ; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape 673 | ; (iPlanet) web servers, you MAY need to set an environment variable name that PHP 674 | ; will look for to know it is OK to continue execution. Setting this variable MAY 675 | ; cause security issues, KNOW WHAT YOU ARE DOING FIRST. 676 | ; http://php.net/cgi.redirect-status-env 677 | ;cgi.redirect_status_env = 678 | 679 | ; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's 680 | ; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok 681 | ; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting 682 | ; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting 683 | ; of zero causes PHP to behave as before. Default is 1. You should fix your scripts 684 | ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. 685 | ; http://php.net/cgi.fix-pathinfo 686 | ;cgi.fix_pathinfo=1 687 | 688 | ; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate 689 | ; security tokens of the calling client. This allows IIS to define the 690 | ; security context that the request runs under. mod_fastcgi under Apache 691 | ; does not currently support this feature (03/17/2002) 692 | ; Set to 1 if running under IIS. Default is zero. 693 | ; http://php.net/fastcgi.impersonate 694 | ;fastcgi.impersonate = 1 695 | 696 | ; Disable logging through FastCGI connection. PHP's default behavior is to enable 697 | ; this feature. 698 | ;fastcgi.logging = 0 699 | 700 | ; cgi.rfc2616_headers configuration option tells PHP what type of headers to 701 | ; use when sending HTTP response code. If it's set 0 PHP sends Status: header that 702 | ; is supported by Apache. When this option is set to 1 PHP will send 703 | ; RFC2616 compliant header. 704 | ; Default is zero. 705 | ; http://php.net/cgi.rfc2616-headers 706 | ;cgi.rfc2616_headers = 0 707 | 708 | ;;;;;;;;;;;;;;;; 709 | ; File Uploads ; 710 | ;;;;;;;;;;;;;;;; 711 | 712 | ; Whether to allow HTTP file uploads. 713 | ; http://php.net/file-uploads 714 | file_uploads = On 715 | 716 | ; Temporary directory for HTTP uploaded files (will use system default if not 717 | ; specified). 718 | ; http://php.net/upload-tmp-dir 719 | ;upload_tmp_dir = 720 | 721 | ; Maximum allowed size for uploaded files. 722 | ; http://php.net/upload-max-filesize 723 | upload_max_filesize = 2M 724 | 725 | ; Maximum number of files that can be uploaded via a single request 726 | max_file_uploads = 20 727 | 728 | ;;;;;;;;;;;;;;;;;; 729 | ; Fopen wrappers ; 730 | ;;;;;;;;;;;;;;;;;; 731 | 732 | ; Whether to allow the treatment of URLs (like http:// or ftp://) as files. 733 | ; http://php.net/allow-url-fopen 734 | allow_url_fopen = On 735 | 736 | ; Whether to allow include/require to open URLs (like http:// or ftp://) as files. 737 | ; http://php.net/allow-url-include 738 | allow_url_include = Off 739 | 740 | ; Define the anonymous ftp password (your email address). PHP's default setting 741 | ; for this is empty. 742 | ; http://php.net/from 743 | ;from="john@doe.com" 744 | 745 | ; Define the User-Agent string. PHP's default setting for this is empty. 746 | ; http://php.net/user-agent 747 | ;user_agent="PHP" 748 | 749 | ; Default timeout for socket based streams (seconds) 750 | ; http://php.net/default-socket-timeout 751 | default_socket_timeout = 60 752 | 753 | ; If your scripts have to deal with files from Macintosh systems, 754 | ; or you are running on a Mac and need to deal with files from 755 | ; unix or win32 systems, setting this flag will cause PHP to 756 | ; automatically detect the EOL character in those files so that 757 | ; fgets() and file() will work regardless of the source of the file. 758 | ; http://php.net/auto-detect-line-endings 759 | ;auto_detect_line_endings = Off 760 | 761 | ;;;;;;;;;;;;;;;;;;;;;; 762 | ; Dynamic Extensions ; 763 | ;;;;;;;;;;;;;;;;;;;;;; 764 | 765 | ; If you wish to have an extension loaded automatically, use the following 766 | ; syntax: 767 | ; 768 | ; extension=modulename.extension 769 | ; 770 | ; For example, on Windows: 771 | ; 772 | ; extension=msql.dll 773 | ; 774 | ; ... or under UNIX: 775 | ; 776 | ; extension=msql.so 777 | ; 778 | ; ... or with a path: 779 | ; 780 | ; extension=/path/to/extension/msql.so 781 | ; 782 | ; If you only provide the name of the extension, PHP will look for it in its 783 | ; default extension directory. 784 | ; 785 | 786 | ;;;;;;;;;;;;;;;;;;; 787 | ; Module Settings ; 788 | ;;;;;;;;;;;;;;;;;;; 789 | 790 | [CLI Server] 791 | ; Whether the CLI web server uses ANSI color coding in its terminal output. 792 | cli_server.color = On 793 | 794 | [Date] 795 | ; Defines the default timezone used by the date functions 796 | ; http://php.net/date.timezone 797 | ;date.timezone = 798 | 799 | ; http://php.net/date.default-latitude 800 | ;date.default_latitude = 31.7667 801 | 802 | ; http://php.net/date.default-longitude 803 | ;date.default_longitude = 35.2333 804 | 805 | ; http://php.net/date.sunrise-zenith 806 | ;date.sunrise_zenith = 90.583333 807 | 808 | ; http://php.net/date.sunset-zenith 809 | ;date.sunset_zenith = 90.583333 810 | 811 | [filter] 812 | ; http://php.net/filter.default 813 | ;filter.default = unsafe_raw 814 | 815 | ; http://php.net/filter.default-flags 816 | ;filter.default_flags = 817 | 818 | [iconv] 819 | ;iconv.input_encoding = ISO-8859-1 820 | ;iconv.internal_encoding = ISO-8859-1 821 | ;iconv.output_encoding = ISO-8859-1 822 | 823 | [intl] 824 | ;intl.default_locale = 825 | ; This directive allows you to produce PHP errors when some error 826 | ; happens within intl functions. The value is the level of the error produced. 827 | ; Default is 0, which does not produce any errors. 828 | ;intl.error_level = E_WARNING 829 | 830 | [sqlite] 831 | ; http://php.net/sqlite.assoc-case 832 | ;sqlite.assoc_case = 0 833 | 834 | [sqlite3] 835 | ;sqlite3.extension_dir = 836 | 837 | [Pcre] 838 | ;PCRE library backtracking limit. 839 | ; http://php.net/pcre.backtrack-limit 840 | ;pcre.backtrack_limit=100000 841 | 842 | ;PCRE library recursion limit. 843 | ;Please note that if you set this value to a high number you may consume all 844 | ;the available process stack and eventually crash PHP (due to reaching the 845 | ;stack size limit imposed by the Operating System). 846 | ; http://php.net/pcre.recursion-limit 847 | ;pcre.recursion_limit=100000 848 | 849 | [Pdo] 850 | ; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" 851 | ; http://php.net/pdo-odbc.connection-pooling 852 | ;pdo_odbc.connection_pooling=strict 853 | 854 | ;pdo_odbc.db2_instance_name 855 | 856 | [Pdo_mysql] 857 | ; If mysqlnd is used: Number of cache slots for the internal result set cache 858 | ; http://php.net/pdo_mysql.cache_size 859 | pdo_mysql.cache_size = 2000 860 | 861 | ; Default socket name for local MySQL connects. If empty, uses the built-in 862 | ; MySQL defaults. 863 | ; http://php.net/pdo_mysql.default-socket 864 | pdo_mysql.default_socket=${MYSQL_SOCKET} 865 | 866 | [Phar] 867 | ; http://php.net/phar.readonly 868 | ;phar.readonly = On 869 | 870 | ; http://php.net/phar.require-hash 871 | ;phar.require_hash = On 872 | 873 | ;phar.cache_list = 874 | 875 | [mail function] 876 | ; For Win32 only. 877 | ; http://php.net/smtp 878 | SMTP = localhost 879 | ; http://php.net/smtp-port 880 | smtp_port = 25 881 | 882 | ; For Win32 only. 883 | ; http://php.net/sendmail-from 884 | ;sendmail_from = me@example.com 885 | 886 | ; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). 887 | ; http://php.net/sendmail-path 888 | ;sendmail_path = 889 | 890 | ; Force the addition of the specified parameters to be passed as extra parameters 891 | ; to the sendmail binary. These parameters will always replace the value of 892 | ; the 5th parameter to mail(), even in safe mode. 893 | ;mail.force_extra_parameters = 894 | 895 | ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename 896 | mail.add_x_header = On 897 | 898 | ; The path to a log file that will log all mail() calls. Log entries include 899 | ; the full path of the script, line number, To address and headers. 900 | ;mail.log = 901 | ; Log mail to syslog (Event Log on NT, not valid in Windows 95). 902 | ;mail.log = syslog 903 | 904 | [SQL] 905 | ; http://php.net/sql.safe-mode 906 | sql.safe_mode = Off 907 | 908 | [ODBC] 909 | ; http://php.net/odbc.default-db 910 | ;odbc.default_db = Not yet implemented 911 | 912 | ; http://php.net/odbc.default-user 913 | ;odbc.default_user = Not yet implemented 914 | 915 | ; http://php.net/odbc.default-pw 916 | ;odbc.default_pw = Not yet implemented 917 | 918 | ; Controls the ODBC cursor model. 919 | ; Default: SQL_CURSOR_STATIC (default). 920 | ;odbc.default_cursortype 921 | 922 | ; Allow or prevent persistent links. 923 | ; http://php.net/odbc.allow-persistent 924 | odbc.allow_persistent = On 925 | 926 | ; Check that a connection is still valid before reuse. 927 | ; http://php.net/odbc.check-persistent 928 | odbc.check_persistent = On 929 | 930 | ; Maximum number of persistent links. -1 means no limit. 931 | ; http://php.net/odbc.max-persistent 932 | odbc.max_persistent = -1 933 | 934 | ; Maximum number of links (persistent + non-persistent). -1 means no limit. 935 | ; http://php.net/odbc.max-links 936 | odbc.max_links = -1 937 | 938 | ; Handling of LONG fields. Returns number of bytes to variables. 0 means 939 | ; passthru. 940 | ; http://php.net/odbc.defaultlrl 941 | odbc.defaultlrl = 4096 942 | 943 | ; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. 944 | ; See the documentation on odbc_binmode and odbc_longreadlen for an explanation 945 | ; of odbc.defaultlrl and odbc.defaultbinmode 946 | ; http://php.net/odbc.defaultbinmode 947 | odbc.defaultbinmode = 1 948 | 949 | ;birdstep.max_links = -1 950 | 951 | [Interbase] 952 | ; Allow or prevent persistent links. 953 | ibase.allow_persistent = 1 954 | 955 | ; Maximum number of persistent links. -1 means no limit. 956 | ibase.max_persistent = -1 957 | 958 | ; Maximum number of links (persistent + non-persistent). -1 means no limit. 959 | ibase.max_links = -1 960 | 961 | ; Default database name for ibase_connect(). 962 | ;ibase.default_db = 963 | 964 | ; Default username for ibase_connect(). 965 | ;ibase.default_user = 966 | 967 | ; Default password for ibase_connect(). 968 | ;ibase.default_password = 969 | 970 | ; Default charset for ibase_connect(). 971 | ;ibase.default_charset = 972 | 973 | ; Default timestamp format. 974 | ibase.timestampformat = "%Y-%m-%d %H:%M:%S" 975 | 976 | ; Default date format. 977 | ibase.dateformat = "%Y-%m-%d" 978 | 979 | ; Default time format. 980 | ibase.timeformat = "%H:%M:%S" 981 | 982 | [MySQL] 983 | ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements 984 | ; http://php.net/mysql.allow_local_infile 985 | mysql.allow_local_infile = On 986 | 987 | ; Allow or prevent persistent links. 988 | ; http://php.net/mysql.allow-persistent 989 | mysql.allow_persistent = On 990 | 991 | ; If mysqlnd is used: Number of cache slots for the internal result set cache 992 | ; http://php.net/mysql.cache_size 993 | mysql.cache_size = 2000 994 | 995 | ; Maximum number of persistent links. -1 means no limit. 996 | ; http://php.net/mysql.max-persistent 997 | mysql.max_persistent = -1 998 | 999 | ; Maximum number of links (persistent + non-persistent). -1 means no limit. 1000 | ; http://php.net/mysql.max-links 1001 | mysql.max_links = -1 1002 | 1003 | ; Default port number for mysql_connect(). If unset, mysql_connect() will use 1004 | ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the 1005 | ; compile-time value defined MYSQL_PORT (in that order). Win32 will only look 1006 | ; at MYSQL_PORT. 1007 | ; http://php.net/mysql.default-port 1008 | mysql.default_port = 1009 | 1010 | ; Default socket name for local MySQL connects. If empty, uses the built-in 1011 | ; MySQL defaults. 1012 | ; http://php.net/mysql.default-socket 1013 | mysql.default_socket = ${MYSQL_SOCKET} 1014 | 1015 | ; Default host for mysql_connect() (doesn't apply in safe mode). 1016 | ; http://php.net/mysql.default-host 1017 | mysql.default_host = 1018 | 1019 | ; Default user for mysql_connect() (doesn't apply in safe mode). 1020 | ; http://php.net/mysql.default-user 1021 | mysql.default_user = 1022 | 1023 | ; Default password for mysql_connect() (doesn't apply in safe mode). 1024 | ; Note that this is generally a *bad* idea to store passwords in this file. 1025 | ; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password") 1026 | ; and reveal this password! And of course, any users with read access to this 1027 | ; file will be able to reveal the password as well. 1028 | ; http://php.net/mysql.default-password 1029 | mysql.default_password = 1030 | 1031 | ; Maximum time (in seconds) for connect timeout. -1 means no limit 1032 | ; http://php.net/mysql.connect-timeout 1033 | mysql.connect_timeout = 60 1034 | 1035 | ; Trace mode. When trace_mode is active (=On), warnings for table/index scans and 1036 | ; SQL-Errors will be displayed. 1037 | ; http://php.net/mysql.trace-mode 1038 | mysql.trace_mode = Off 1039 | 1040 | [MySQLi] 1041 | 1042 | ; Maximum number of persistent links. -1 means no limit. 1043 | ; http://php.net/mysqli.max-persistent 1044 | mysqli.max_persistent = -1 1045 | 1046 | ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements 1047 | ; http://php.net/mysqli.allow_local_infile 1048 | ;mysqli.allow_local_infile = On 1049 | 1050 | ; Allow or prevent persistent links. 1051 | ; http://php.net/mysqli.allow-persistent 1052 | mysqli.allow_persistent = On 1053 | 1054 | ; Maximum number of links. -1 means no limit. 1055 | ; http://php.net/mysqli.max-links 1056 | mysqli.max_links = -1 1057 | 1058 | ; If mysqlnd is used: Number of cache slots for the internal result set cache 1059 | ; http://php.net/mysqli.cache_size 1060 | mysqli.cache_size = 2000 1061 | 1062 | ; Default port number for mysqli_connect(). If unset, mysqli_connect() will use 1063 | ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the 1064 | ; compile-time value defined MYSQL_PORT (in that order). Win32 will only look 1065 | ; at MYSQL_PORT. 1066 | ; http://php.net/mysqli.default-port 1067 | mysqli.default_port = 3306 1068 | 1069 | ; Default socket name for local MySQL connects. If empty, uses the built-in 1070 | ; MySQL defaults. 1071 | ; http://php.net/mysqli.default-socket 1072 | mysqli.default_socket = ${MYSQL_SOCKET} 1073 | 1074 | ; Default host for mysql_connect() (doesn't apply in safe mode). 1075 | ; http://php.net/mysqli.default-host 1076 | mysqli.default_host = 1077 | 1078 | ; Default user for mysql_connect() (doesn't apply in safe mode). 1079 | ; http://php.net/mysqli.default-user 1080 | mysqli.default_user = 1081 | 1082 | ; Default password for mysqli_connect() (doesn't apply in safe mode). 1083 | ; Note that this is generally a *bad* idea to store passwords in this file. 1084 | ; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") 1085 | ; and reveal this password! And of course, any users with read access to this 1086 | ; file will be able to reveal the password as well. 1087 | ; http://php.net/mysqli.default-pw 1088 | mysqli.default_pw = 1089 | 1090 | ; Allow or prevent reconnect 1091 | mysqli.reconnect = Off 1092 | 1093 | [mysqlnd] 1094 | ; Enable / Disable collection of general statistics by mysqlnd which can be 1095 | ; used to tune and monitor MySQL operations. 1096 | ; http://php.net/mysqlnd.collect_statistics 1097 | mysqlnd.collect_statistics = On 1098 | 1099 | ; Enable / Disable collection of memory usage statistics by mysqlnd which can be 1100 | ; used to tune and monitor MySQL operations. 1101 | ; http://php.net/mysqlnd.collect_memory_statistics 1102 | mysqlnd.collect_memory_statistics = Off 1103 | 1104 | ; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. 1105 | ; http://php.net/mysqlnd.net_cmd_buffer_size 1106 | ;mysqlnd.net_cmd_buffer_size = 2048 1107 | 1108 | ; Size of a pre-allocated buffer used for reading data sent by the server in 1109 | ; bytes. 1110 | ; http://php.net/mysqlnd.net_read_buffer_size 1111 | ;mysqlnd.net_read_buffer_size = 32768 1112 | 1113 | [OCI8] 1114 | 1115 | ; Connection: Enables privileged connections using external 1116 | ; credentials (OCI_SYSOPER, OCI_SYSDBA) 1117 | ; http://php.net/oci8.privileged-connect 1118 | ;oci8.privileged_connect = Off 1119 | 1120 | ; Connection: The maximum number of persistent OCI8 connections per 1121 | ; process. Using -1 means no limit. 1122 | ; http://php.net/oci8.max-persistent 1123 | ;oci8.max_persistent = -1 1124 | 1125 | ; Connection: The maximum number of seconds a process is allowed to 1126 | ; maintain an idle persistent connection. Using -1 means idle 1127 | ; persistent connections will be maintained forever. 1128 | ; http://php.net/oci8.persistent-timeout 1129 | ;oci8.persistent_timeout = -1 1130 | 1131 | ; Connection: The number of seconds that must pass before issuing a 1132 | ; ping during oci_pconnect() to check the connection validity. When 1133 | ; set to 0, each oci_pconnect() will cause a ping. Using -1 disables 1134 | ; pings completely. 1135 | ; http://php.net/oci8.ping-interval 1136 | ;oci8.ping_interval = 60 1137 | 1138 | ; Connection: Set this to a user chosen connection class to be used 1139 | ; for all pooled server requests with Oracle 11g Database Resident 1140 | ; Connection Pooling (DRCP). To use DRCP, this value should be set to 1141 | ; the same string for all web servers running the same application, 1142 | ; the database pool must be configured, and the connection string must 1143 | ; specify to use a pooled server. 1144 | ;oci8.connection_class = 1145 | 1146 | ; High Availability: Using On lets PHP receive Fast Application 1147 | ; Notification (FAN) events generated when a database node fails. The 1148 | ; database must also be configured to post FAN events. 1149 | ;oci8.events = Off 1150 | 1151 | ; Tuning: This option enables statement caching, and specifies how 1152 | ; many statements to cache. Using 0 disables statement caching. 1153 | ; http://php.net/oci8.statement-cache-size 1154 | ;oci8.statement_cache_size = 20 1155 | 1156 | ; Tuning: Enables statement prefetching and sets the default number of 1157 | ; rows that will be fetched automatically after statement execution. 1158 | ; http://php.net/oci8.default-prefetch 1159 | ;oci8.default_prefetch = 100 1160 | 1161 | ; Compatibility. Using On means oci_close() will not close 1162 | ; oci_connect() and oci_new_connect() connections. 1163 | ; http://php.net/oci8.old-oci-close-semantics 1164 | ;oci8.old_oci_close_semantics = Off 1165 | 1166 | [PostgreSQL] 1167 | ; Allow or prevent persistent links. 1168 | ; http://php.net/pgsql.allow-persistent 1169 | pgsql.allow_persistent = On 1170 | 1171 | ; Detect broken persistent links always with pg_pconnect(). 1172 | ; Auto reset feature requires a little overheads. 1173 | ; http://php.net/pgsql.auto-reset-persistent 1174 | pgsql.auto_reset_persistent = Off 1175 | 1176 | ; Maximum number of persistent links. -1 means no limit. 1177 | ; http://php.net/pgsql.max-persistent 1178 | pgsql.max_persistent = -1 1179 | 1180 | ; Maximum number of links (persistent+non persistent). -1 means no limit. 1181 | ; http://php.net/pgsql.max-links 1182 | pgsql.max_links = -1 1183 | 1184 | ; Ignore PostgreSQL backends Notice message or not. 1185 | ; Notice message logging require a little overheads. 1186 | ; http://php.net/pgsql.ignore-notice 1187 | pgsql.ignore_notice = 0 1188 | 1189 | ; Log PostgreSQL backends Notice message or not. 1190 | ; Unless pgsql.ignore_notice=0, module cannot log notice message. 1191 | ; http://php.net/pgsql.log-notice 1192 | pgsql.log_notice = 0 1193 | 1194 | [Sybase-CT] 1195 | ; Allow or prevent persistent links. 1196 | ; http://php.net/sybct.allow-persistent 1197 | sybct.allow_persistent = On 1198 | 1199 | ; Maximum number of persistent links. -1 means no limit. 1200 | ; http://php.net/sybct.max-persistent 1201 | sybct.max_persistent = -1 1202 | 1203 | ; Maximum number of links (persistent + non-persistent). -1 means no limit. 1204 | ; http://php.net/sybct.max-links 1205 | sybct.max_links = -1 1206 | 1207 | ; Minimum server message severity to display. 1208 | ; http://php.net/sybct.min-server-severity 1209 | sybct.min_server_severity = 10 1210 | 1211 | ; Minimum client message severity to display. 1212 | ; http://php.net/sybct.min-client-severity 1213 | sybct.min_client_severity = 10 1214 | 1215 | ; Set per-context timeout 1216 | ; http://php.net/sybct.timeout 1217 | ;sybct.timeout= 1218 | 1219 | ;sybct.packet_size 1220 | 1221 | ; The maximum time in seconds to wait for a connection attempt to succeed before returning failure. 1222 | ; Default: one minute 1223 | ;sybct.login_timeout= 1224 | 1225 | ; The name of the host you claim to be connecting from, for display by sp_who. 1226 | ; Default: none 1227 | ;sybct.hostname= 1228 | 1229 | ; Allows you to define how often deadlocks are to be retried. -1 means "forever". 1230 | ; Default: 0 1231 | ;sybct.deadlock_retry_count= 1232 | 1233 | [bcmath] 1234 | ; Number of decimal digits for all bcmath functions. 1235 | ; http://php.net/bcmath.scale 1236 | bcmath.scale = 0 1237 | 1238 | [browscap] 1239 | ; http://php.net/browscap 1240 | ;browscap = extra/browscap.ini 1241 | 1242 | [Session] 1243 | ; Handler used to store/retrieve data. 1244 | ; http://php.net/session.save-handler 1245 | session.save_handler = files 1246 | 1247 | ; Argument passed to save_handler. In the case of files, this is the path 1248 | ; where data files are stored. Note: Windows users have to change this 1249 | ; variable in order to use PHP's session functions. 1250 | ; 1251 | ; The path can be defined as: 1252 | ; 1253 | ; session.save_path = "N;/path" 1254 | ; 1255 | ; where N is an integer. Instead of storing all the session files in 1256 | ; /path, what this will do is use subdirectories N-levels deep, and 1257 | ; store the session data in those directories. This is useful if you 1258 | ; or your OS have problems with lots of files in one directory, and is 1259 | ; a more efficient layout for servers that handle lots of sessions. 1260 | ; 1261 | ; NOTE 1: PHP will not create this directory structure automatically. 1262 | ; You can use the script in the ext/session dir for that purpose. 1263 | ; NOTE 2: See the section on garbage collection below if you choose to 1264 | ; use subdirectories for session storage 1265 | ; 1266 | ; The file storage module creates files using mode 600 by default. 1267 | ; You can change that by using 1268 | ; 1269 | ; session.save_path = "N;MODE;/path" 1270 | ; 1271 | ; where MODE is the octal representation of the mode. Note that this 1272 | ; does not overwrite the process's umask. 1273 | ; http://php.net/session.save-path 1274 | ;session.save_path = "/var/lib/php5" 1275 | 1276 | ; Whether to use strict session mode. 1277 | ; Strict session mode does not accept uninitialized session ID and regenerate 1278 | ; session ID if browser sends uninitialized session ID. Strict mode protects 1279 | ; applications from session fixation via session adoption vulnerability. It is 1280 | ; disabled by default for maximum compatibility, but enabling it is encouraged. 1281 | ; https://wiki.php.net/rfc/strict_sessions 1282 | session.use_strict_mode = 0 1283 | 1284 | ; Whether to use cookies. 1285 | ; http://php.net/session.use-cookies 1286 | session.use_cookies = 1 1287 | 1288 | ; http://php.net/session.cookie-secure 1289 | ;session.cookie_secure = 1290 | 1291 | ; This option forces PHP to fetch and use a cookie for storing and maintaining 1292 | ; the session id. We encourage this operation as it's very helpful in combating 1293 | ; session hijacking when not specifying and managing your own session id. It is 1294 | ; not the end all be all of session hijacking defense, but it's a good start. 1295 | ; http://php.net/session.use-only-cookies 1296 | session.use_only_cookies = 1 1297 | 1298 | ; Name of the session (used as cookie name). 1299 | ; http://php.net/session.name 1300 | session.name = PHPSESSID 1301 | 1302 | ; Initialize session on request startup. 1303 | ; http://php.net/session.auto-start 1304 | session.auto_start = 0 1305 | 1306 | ; Lifetime in seconds of cookie or, if 0, until browser is restarted. 1307 | ; http://php.net/session.cookie-lifetime 1308 | session.cookie_lifetime = 0 1309 | 1310 | ; The path for which the cookie is valid. 1311 | ; http://php.net/session.cookie-path 1312 | session.cookie_path = / 1313 | 1314 | ; The domain for which the cookie is valid. 1315 | ; http://php.net/session.cookie-domain 1316 | session.cookie_domain = 1317 | 1318 | ; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. 1319 | ; http://php.net/session.cookie-httponly 1320 | session.cookie_httponly = 1321 | 1322 | ; Handler used to serialize data. php is the standard serializer of PHP. 1323 | ; http://php.net/session.serialize-handler 1324 | session.serialize_handler = php 1325 | 1326 | ; Defines the probability that the 'garbage collection' process is started 1327 | ; on every session initialization. The probability is calculated by using 1328 | ; gc_probability/gc_divisor. Where session.gc_probability is the numerator 1329 | ; and gc_divisor is the denominator in the equation. Setting this value to 1 1330 | ; when the session.gc_divisor value is 100 will give you approximately a 1% chance 1331 | ; the gc will run on any give request. 1332 | ; Default Value: 1 1333 | ; Development Value: 1 1334 | ; Production Value: 1 1335 | ; http://php.net/session.gc-probability 1336 | session.gc_probability = 0 1337 | 1338 | ; Defines the probability that the 'garbage collection' process is started on every 1339 | ; session initialization. The probability is calculated by using the following equation: 1340 | ; gc_probability/gc_divisor. Where session.gc_probability is the numerator and 1341 | ; session.gc_divisor is the denominator in the equation. Setting this value to 1 1342 | ; when the session.gc_divisor value is 100 will give you approximately a 1% chance 1343 | ; the gc will run on any give request. Increasing this value to 1000 will give you 1344 | ; a 0.1% chance the gc will run on any give request. For high volume production servers, 1345 | ; this is a more efficient approach. 1346 | ; Default Value: 100 1347 | ; Development Value: 1000 1348 | ; Production Value: 1000 1349 | ; http://php.net/session.gc-divisor 1350 | session.gc_divisor = 1000 1351 | 1352 | ; After this number of seconds, stored data will be seen as 'garbage' and 1353 | ; cleaned up by the garbage collection process. 1354 | ; http://php.net/session.gc-maxlifetime 1355 | session.gc_maxlifetime = 1440 1356 | 1357 | ; NOTE: If you are using the subdirectory option for storing session files 1358 | ; (see session.save_path above), then garbage collection does *not* 1359 | ; happen automatically. You will need to do your own garbage 1360 | ; collection through a shell script, cron entry, or some other method. 1361 | ; For example, the following script would is the equivalent of 1362 | ; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): 1363 | ; find /path/to/sessions -cmin +24 -type f | xargs rm 1364 | 1365 | ; PHP 4.2 and less have an undocumented feature/bug that allows you to 1366 | ; to initialize a session variable in the global scope. 1367 | ; PHP 4.3 and later will warn you, if this feature is used. 1368 | ; You can disable the feature and the warning separately. At this time, 1369 | ; the warning is only displayed, if bug_compat_42 is enabled. This feature 1370 | ; introduces some serious security problems if not handled correctly. It's 1371 | ; recommended that you do not use this feature on production servers. But you 1372 | ; should enable this on development servers and enable the warning as well. If you 1373 | ; do not enable the feature on development servers, you won't be warned when it's 1374 | ; used and debugging errors caused by this can be difficult to track down. 1375 | ; Default Value: On 1376 | ; Development Value: On 1377 | ; Production Value: Off 1378 | ; http://php.net/session.bug-compat-42 1379 | session.bug_compat_42 = Off 1380 | 1381 | ; This setting controls whether or not you are warned by PHP when initializing a 1382 | ; session value into the global space. session.bug_compat_42 must be enabled before 1383 | ; these warnings can be issued by PHP. See the directive above for more information. 1384 | ; Default Value: On 1385 | ; Development Value: On 1386 | ; Production Value: Off 1387 | ; http://php.net/session.bug-compat-warn 1388 | session.bug_compat_warn = Off 1389 | 1390 | ; Check HTTP Referer to invalidate externally stored URLs containing ids. 1391 | ; HTTP_REFERER has to contain this substring for the session to be 1392 | ; considered as valid. 1393 | ; http://php.net/session.referer-check 1394 | session.referer_check = 1395 | 1396 | ; How many bytes to read from the file. 1397 | ; http://php.net/session.entropy-length 1398 | ;session.entropy_length = 32 1399 | 1400 | ; Specified here to create the session id. 1401 | ; http://php.net/session.entropy-file 1402 | ; Defaults to /dev/urandom 1403 | ; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom 1404 | ; If neither are found at compile time, the default is no entropy file. 1405 | ; On windows, setting the entropy_length setting will activate the 1406 | ; Windows random source (using the CryptoAPI) 1407 | ;session.entropy_file = /dev/urandom 1408 | 1409 | ; Set to {nocache,private,public,} to determine HTTP caching aspects 1410 | ; or leave this empty to avoid sending anti-caching headers. 1411 | ; http://php.net/session.cache-limiter 1412 | session.cache_limiter = nocache 1413 | 1414 | ; Document expires after n minutes. 1415 | ; http://php.net/session.cache-expire 1416 | session.cache_expire = 180 1417 | 1418 | ; trans sid support is disabled by default. 1419 | ; Use of trans sid may risk your users security. 1420 | ; Use this option with caution. 1421 | ; - User may send URL contains active session ID 1422 | ; to other person via. email/irc/etc. 1423 | ; - URL that contains active session ID may be stored 1424 | ; in publicly accessible computer. 1425 | ; - User may access your site with the same session ID 1426 | ; always using URL stored in browser's history or bookmarks. 1427 | ; http://php.net/session.use-trans-sid 1428 | session.use_trans_sid = 0 1429 | 1430 | ; Select a hash function for use in generating session ids. 1431 | ; Possible Values 1432 | ; 0 (MD5 128 bits) 1433 | ; 1 (SHA-1 160 bits) 1434 | ; This option may also be set to the name of any hash function supported by 1435 | ; the hash extension. A list of available hashes is returned by the hash_algos() 1436 | ; function. 1437 | ; http://php.net/session.hash-function 1438 | session.hash_function = 0 1439 | 1440 | ; Define how many bits are stored in each character when converting 1441 | ; the binary hash data to something readable. 1442 | ; Possible values: 1443 | ; 4 (4 bits: 0-9, a-f) 1444 | ; 5 (5 bits: 0-9, a-v) 1445 | ; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") 1446 | ; Default Value: 4 1447 | ; Development Value: 5 1448 | ; Production Value: 5 1449 | ; http://php.net/session.hash-bits-per-character 1450 | session.hash_bits_per_character = 5 1451 | 1452 | ; The URL rewriter will look for URLs in a defined set of HTML tags. 1453 | ; form/fieldset are special; if you include them here, the rewriter will 1454 | ; add a hidden field with the info which is otherwise appended 1455 | ; to URLs. If you want XHTML conformity, remove the form entry. 1456 | ; Note that all valid entries require a "=", even if no value follows. 1457 | ; Default Value: "a=href,area=href,frame=src,form=,fieldset=" 1458 | ; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" 1459 | ; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" 1460 | ; http://php.net/url-rewriter.tags 1461 | url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" 1462 | 1463 | ; Enable upload progress tracking in $_SESSION 1464 | ; Default Value: On 1465 | ; Development Value: On 1466 | ; Production Value: On 1467 | ; http://php.net/session.upload-progress.enabled 1468 | ;session.upload_progress.enabled = On 1469 | 1470 | ; Cleanup the progress information as soon as all POST data has been read 1471 | ; (i.e. upload completed). 1472 | ; Default Value: On 1473 | ; Development Value: On 1474 | ; Production Value: On 1475 | ; http://php.net/session.upload-progress.cleanup 1476 | ;session.upload_progress.cleanup = On 1477 | 1478 | ; A prefix used for the upload progress key in $_SESSION 1479 | ; Default Value: "upload_progress_" 1480 | ; Development Value: "upload_progress_" 1481 | ; Production Value: "upload_progress_" 1482 | ; http://php.net/session.upload-progress.prefix 1483 | ;session.upload_progress.prefix = "upload_progress_" 1484 | 1485 | ; The index name (concatenated with the prefix) in $_SESSION 1486 | ; containing the upload progress information 1487 | ; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" 1488 | ; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" 1489 | ; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" 1490 | ; http://php.net/session.upload-progress.name 1491 | ;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" 1492 | 1493 | ; How frequently the upload progress should be updated. 1494 | ; Given either in percentages (per-file), or in bytes 1495 | ; Default Value: "1%" 1496 | ; Development Value: "1%" 1497 | ; Production Value: "1%" 1498 | ; http://php.net/session.upload-progress.freq 1499 | ;session.upload_progress.freq = "1%" 1500 | 1501 | ; The minimum delay between updates, in seconds 1502 | ; Default Value: 1 1503 | ; Development Value: 1 1504 | ; Production Value: 1 1505 | ; http://php.net/session.upload-progress.min-freq 1506 | ;session.upload_progress.min_freq = "1" 1507 | 1508 | [MSSQL] 1509 | ; Allow or prevent persistent links. 1510 | mssql.allow_persistent = On 1511 | 1512 | ; Maximum number of persistent links. -1 means no limit. 1513 | mssql.max_persistent = -1 1514 | 1515 | ; Maximum number of links (persistent+non persistent). -1 means no limit. 1516 | mssql.max_links = -1 1517 | 1518 | ; Minimum error severity to display. 1519 | mssql.min_error_severity = 10 1520 | 1521 | ; Minimum message severity to display. 1522 | mssql.min_message_severity = 10 1523 | 1524 | ; Compatibility mode with old versions of PHP 3.0. 1525 | mssql.compatibility_mode = Off 1526 | 1527 | ; Connect timeout 1528 | ;mssql.connect_timeout = 5 1529 | 1530 | ; Query timeout 1531 | ;mssql.timeout = 60 1532 | 1533 | ; Valid range 0 - 2147483647. Default = 4096. 1534 | ;mssql.textlimit = 4096 1535 | 1536 | ; Valid range 0 - 2147483647. Default = 4096. 1537 | ;mssql.textsize = 4096 1538 | 1539 | ; Limits the number of records in each batch. 0 = all records in one batch. 1540 | ;mssql.batchsize = 0 1541 | 1542 | ; Specify how datetime and datetim4 columns are returned 1543 | ; On => Returns data converted to SQL server settings 1544 | ; Off => Returns values as YYYY-MM-DD hh:mm:ss 1545 | ;mssql.datetimeconvert = On 1546 | 1547 | ; Use NT authentication when connecting to the server 1548 | mssql.secure_connection = Off 1549 | 1550 | ; Specify max number of processes. -1 = library default 1551 | ; msdlib defaults to 25 1552 | ; FreeTDS defaults to 4096 1553 | ;mssql.max_procs = -1 1554 | 1555 | ; Specify client character set. 1556 | ; If empty or not set the client charset from freetds.conf is used 1557 | ; This is only used when compiled with FreeTDS 1558 | ;mssql.charset = "ISO-8859-1" 1559 | 1560 | [Assertion] 1561 | ; Assert(expr); active by default. 1562 | ; http://php.net/assert.active 1563 | ;assert.active = On 1564 | 1565 | ; Issue a PHP warning for each failed assertion. 1566 | ; http://php.net/assert.warning 1567 | ;assert.warning = On 1568 | 1569 | ; Don't bail out by default. 1570 | ; http://php.net/assert.bail 1571 | ;assert.bail = Off 1572 | 1573 | ; User-function to be called if an assertion fails. 1574 | ; http://php.net/assert.callback 1575 | ;assert.callback = 0 1576 | 1577 | ; Eval the expression with current error_reporting(). Set to true if you want 1578 | ; error_reporting(0) around the eval(). 1579 | ; http://php.net/assert.quiet-eval 1580 | ;assert.quiet_eval = 0 1581 | 1582 | [COM] 1583 | ; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs 1584 | ; http://php.net/com.typelib-file 1585 | ;com.typelib_file = 1586 | 1587 | ; allow Distributed-COM calls 1588 | ; http://php.net/com.allow-dcom 1589 | ;com.allow_dcom = true 1590 | 1591 | ; autoregister constants of a components typlib on com_load() 1592 | ; http://php.net/com.autoregister-typelib 1593 | ;com.autoregister_typelib = true 1594 | 1595 | ; register constants casesensitive 1596 | ; http://php.net/com.autoregister-casesensitive 1597 | ;com.autoregister_casesensitive = false 1598 | 1599 | ; show warnings on duplicate constant registrations 1600 | ; http://php.net/com.autoregister-verbose 1601 | ;com.autoregister_verbose = true 1602 | 1603 | ; The default character set code-page to use when passing strings to and from COM objects. 1604 | ; Default: system ANSI code page 1605 | ;com.code_page= 1606 | 1607 | [mbstring] 1608 | ; language for internal character representation. 1609 | ; http://php.net/mbstring.language 1610 | ;mbstring.language = Japanese 1611 | 1612 | ; internal/script encoding. 1613 | ; Some encoding cannot work as internal encoding. 1614 | ; (e.g. SJIS, BIG5, ISO-2022-*) 1615 | ; http://php.net/mbstring.internal-encoding 1616 | ;mbstring.internal_encoding = UTF-8 1617 | 1618 | ; http input encoding. 1619 | ; http://php.net/mbstring.http-input 1620 | ;mbstring.http_input = UTF-8 1621 | 1622 | ; http output encoding. mb_output_handler must be 1623 | ; registered as output buffer to function 1624 | ; http://php.net/mbstring.http-output 1625 | ;mbstring.http_output = pass 1626 | 1627 | ; enable automatic encoding translation according to 1628 | ; mbstring.internal_encoding setting. Input chars are 1629 | ; converted to internal encoding by setting this to On. 1630 | ; Note: Do _not_ use automatic encoding translation for 1631 | ; portable libs/applications. 1632 | ; http://php.net/mbstring.encoding-translation 1633 | ;mbstring.encoding_translation = Off 1634 | 1635 | ; automatic encoding detection order. 1636 | ; auto means 1637 | ; http://php.net/mbstring.detect-order 1638 | ;mbstring.detect_order = auto 1639 | 1640 | ; substitute_character used when character cannot be converted 1641 | ; one from another 1642 | ; http://php.net/mbstring.substitute-character 1643 | ;mbstring.substitute_character = none 1644 | 1645 | ; overload(replace) single byte functions by mbstring functions. 1646 | ; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), 1647 | ; etc. Possible values are 0,1,2,4 or combination of them. 1648 | ; For example, 7 for overload everything. 1649 | ; 0: No overload 1650 | ; 1: Overload mail() function 1651 | ; 2: Overload str*() functions 1652 | ; 4: Overload ereg*() functions 1653 | ; http://php.net/mbstring.func-overload 1654 | ;mbstring.func_overload = 0 1655 | 1656 | ; enable strict encoding detection. 1657 | ;mbstring.strict_detection = On 1658 | 1659 | ; This directive specifies the regex pattern of content types for which mb_output_handler() 1660 | ; is activated. 1661 | ; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) 1662 | ;mbstring.http_output_conv_mimetype= 1663 | 1664 | [gd] 1665 | ; Tell the jpeg decode to ignore warnings and try to create 1666 | ; a gd image. The warning will then be displayed as notices 1667 | ; disabled by default 1668 | ; http://php.net/gd.jpeg-ignore-warning 1669 | ;gd.jpeg_ignore_warning = 0 1670 | 1671 | [exif] 1672 | ; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. 1673 | ; With mbstring support this will automatically be converted into the encoding 1674 | ; given by corresponding encode setting. When empty mbstring.internal_encoding 1675 | ; is used. For the decode settings you can distinguish between motorola and 1676 | ; intel byte order. A decode setting cannot be empty. 1677 | ; http://php.net/exif.encode-unicode 1678 | ;exif.encode_unicode = ISO-8859-15 1679 | 1680 | ; http://php.net/exif.decode-unicode-motorola 1681 | ;exif.decode_unicode_motorola = UCS-2BE 1682 | 1683 | ; http://php.net/exif.decode-unicode-intel 1684 | ;exif.decode_unicode_intel = UCS-2LE 1685 | 1686 | ; http://php.net/exif.encode-jis 1687 | ;exif.encode_jis = 1688 | 1689 | ; http://php.net/exif.decode-jis-motorola 1690 | ;exif.decode_jis_motorola = JIS 1691 | 1692 | ; http://php.net/exif.decode-jis-intel 1693 | ;exif.decode_jis_intel = JIS 1694 | 1695 | [Tidy] 1696 | ; The path to a default tidy configuration file to use when using tidy 1697 | ; http://php.net/tidy.default-config 1698 | ;tidy.default_config = /usr/local/lib/php/default.tcfg 1699 | 1700 | ; Should tidy clean and repair output automatically? 1701 | ; WARNING: Do not use this option if you are generating non-html content 1702 | ; such as dynamic images 1703 | ; http://php.net/tidy.clean-output 1704 | tidy.clean_output = Off 1705 | 1706 | [soap] 1707 | ; Enables or disables WSDL caching feature. 1708 | ; http://php.net/soap.wsdl-cache-enabled 1709 | soap.wsdl_cache_enabled=1 1710 | 1711 | ; Sets the directory name where SOAP extension will put cache files. 1712 | ; http://php.net/soap.wsdl-cache-dir 1713 | soap.wsdl_cache_dir="/tmp" 1714 | 1715 | ; (time to live) Sets the number of second while cached file will be used 1716 | ; instead of original one. 1717 | ; http://php.net/soap.wsdl-cache-ttl 1718 | soap.wsdl_cache_ttl=86400 1719 | 1720 | ; Sets the size of the cache limit. (Max. number of WSDL files to cache) 1721 | soap.wsdl_cache_limit = 5 1722 | 1723 | [sysvshm] 1724 | ; A default size of the shared memory segment 1725 | ;sysvshm.init_mem = 10000 1726 | 1727 | [ldap] 1728 | ; Sets the maximum number of open links or -1 for unlimited. 1729 | ldap.max_links = -1 1730 | 1731 | [mcrypt] 1732 | ; For more information about mcrypt settings see http://php.net/mcrypt-module-open 1733 | 1734 | ; Directory where to load mcrypt algorithms 1735 | ; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) 1736 | ;mcrypt.algorithms_dir= 1737 | 1738 | ; Directory where to load mcrypt modes 1739 | ; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) 1740 | ;mcrypt.modes_dir= 1741 | 1742 | [dba] 1743 | ;dba.default_handler= 1744 | 1745 | [opcache] 1746 | ; Determines if Zend OPCache is enabled 1747 | ;opcache.enable=0 1748 | 1749 | ; Determines if Zend OPCache is enabled for the CLI version of PHP 1750 | ;opcache.enable_cli=0 1751 | 1752 | ; The OPcache shared memory storage size. 1753 | ;opcache.memory_consumption=64 1754 | 1755 | ; The amount of memory for interned strings in Mbytes. 1756 | ;opcache.interned_strings_buffer=4 1757 | 1758 | ; The maximum number of keys (scripts) in the OPcache hash table. 1759 | ; Only numbers between 200 and 100000 are allowed. 1760 | ;opcache.max_accelerated_files=2000 1761 | 1762 | ; The maximum percentage of "wasted" memory until a restart is scheduled. 1763 | ;opcache.max_wasted_percentage=5 1764 | 1765 | ; When this directive is enabled, the OPcache appends the current working 1766 | ; directory to the script key, thus eliminating possible collisions between 1767 | ; files with the same name (basename). Disabling the directive improves 1768 | ; performance, but may break existing applications. 1769 | ;opcache.use_cwd=1 1770 | 1771 | ; When disabled, you must reset the OPcache manually or restart the 1772 | ; webserver for changes to the filesystem to take effect. 1773 | ;opcache.validate_timestamps=1 1774 | 1775 | ; How often (in seconds) to check file timestamps for changes to the shared 1776 | ; memory storage allocation. ("1" means validate once per second, but only 1777 | ; once per request. "0" means always validate) 1778 | ;opcache.revalidate_freq=2 1779 | 1780 | ; Enables or disables file search in include_path optimization 1781 | ;opcache.revalidate_path=0 1782 | 1783 | ; If disabled, all PHPDoc comments are dropped from the code to reduce the 1784 | ; size of the optimized code. 1785 | ;opcache.save_comments=1 1786 | 1787 | ; If disabled, PHPDoc comments are not loaded from SHM, so "Doc Comments" 1788 | ; may be always stored (save_comments=1), but not loaded by applications 1789 | ; that don't need them anyway. 1790 | ;opcache.load_comments=1 1791 | 1792 | ; If enabled, a fast shutdown sequence is used for the accelerated code 1793 | ;opcache.fast_shutdown=0 1794 | 1795 | ; Allow file existence override (file_exists, etc.) performance feature. 1796 | ;opcache.enable_file_override=0 1797 | 1798 | ; A bitmask, where each bit enables or disables the appropriate OPcache 1799 | ; passes 1800 | ;opcache.optimization_level=0xffffffff 1801 | 1802 | ;opcache.inherited_hack=1 1803 | ;opcache.dups_fix=0 1804 | 1805 | ; The location of the OPcache blacklist file (wildcards allowed). 1806 | ; Each OPcache blacklist file is a text file that holds the names of files 1807 | ; that should not be accelerated. The file format is to add each filename 1808 | ; to a new line. The filename may be a full path or just a file prefix 1809 | ; (i.e., /var/www/x blacklists all the files and directories in /var/www 1810 | ; that start with 'x'). Line starting with a ; are ignored (comments). 1811 | ;opcache.blacklist_filename= 1812 | 1813 | ; Allows exclusion of large files from being cached. By default all files 1814 | ; are cached. 1815 | ;opcache.max_file_size=0 1816 | 1817 | ; Check the cache checksum each N requests. 1818 | ; The default value of "0" means that the checks are disabled. 1819 | ;opcache.consistency_checks=0 1820 | 1821 | ; How long to wait (in seconds) for a scheduled restart to begin if the cache 1822 | ; is not being accessed. 1823 | ;opcache.force_restart_timeout=180 1824 | 1825 | ; OPcache error_log file name. Empty string assumes "stderr". 1826 | ;opcache.error_log= 1827 | 1828 | ; All OPcache errors go to the Web server log. 1829 | ; By default, only fatal errors (level 0) or errors (level 1) are logged. 1830 | ; You can also enable warnings (level 2), info messages (level 3) or 1831 | ; debug messages (level 4). 1832 | ;opcache.log_verbosity_level=1 1833 | 1834 | ; Preferred Shared Memory back-end. Leave empty and let the system decide. 1835 | ;opcache.preferred_memory_model= 1836 | 1837 | ; Protect the shared memory from unexpected writing during script execution. 1838 | ; Useful for internal debugging only. 1839 | ;opcache.protect_memory=0 1840 | 1841 | [curl] 1842 | ; A default value for the CURLOPT_CAINFO option. This is required to be an 1843 | ; absolute path. 1844 | ;curl.cainfo = 1845 | 1846 | ; Local Variables: 1847 | ; tab-width: 4 1848 | ; End: 1849 | -------------------------------------------------------------------------------- /etc/php-fpm.conf: -------------------------------------------------------------------------------- 1 | ;;;;;;;;;;;;;;;;;;;;; 2 | ; FPM Configuration ; 3 | ;;;;;;;;;;;;;;;;;;;;; 4 | 5 | ; All relative paths in this configuration file are relative to PHP's install 6 | ; prefix (/usr). This prefix can be dynamically changed by using the 7 | ; '-p' argument from the command line. 8 | 9 | ; Include one or more files. If glob(3) exists, it is used to include a bunch of 10 | ; files from a glob(3) pattern. This directive can be used everywhere in the 11 | ; file. 12 | ; Relative path can also be used. They will be prefixed by: 13 | ; - the global prefix if it's been set (-p argument) 14 | ; - /usr otherwise 15 | ;include=/etc/php5/fpm/*.conf 16 | 17 | ;;;;;;;;;;;;;;;;;; 18 | ; Global Options ; 19 | ;;;;;;;;;;;;;;;;;; 20 | 21 | [global] 22 | ; Pid file 23 | ; Note: the default prefix is /var 24 | ; Default Value: none 25 | pid = ${PHPFPM_PID_FILE} 26 | 27 | ; Error log file 28 | ; If it's set to "syslog", log is sent to syslogd instead of being written 29 | ; in a local file. 30 | ; Note: the default prefix is /var 31 | ; Default Value: log/php-fpm.log 32 | error_log = syslog 33 | 34 | ; syslog_facility is used to specify what type of program is logging the 35 | ; message. This lets syslogd specify that messages from different facilities 36 | ; will be handled differently. 37 | ; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) 38 | ; Default Value: daemon 39 | ;syslog.facility = daemon 40 | 41 | ; syslog_ident is prepended to every message. If you have multiple FPM 42 | ; instances running on the same server, you can change the default value 43 | ; which must suit common needs. 44 | ; Default Value: php-fpm 45 | ;syslog.ident = php-fpm 46 | 47 | ; Log level 48 | ; Possible Values: alert, error, warning, notice, debug 49 | ; Default Value: notice 50 | ;log_level = notice 51 | 52 | ; If this number of child processes exit with SIGSEGV or SIGBUS within the time 53 | ; interval set by emergency_restart_interval then FPM will restart. A value 54 | ; of '0' means 'Off'. 55 | ; Default Value: 0 56 | ;emergency_restart_threshold = 0 57 | 58 | ; Interval of time used by emergency_restart_interval to determine when 59 | ; a graceful restart will be initiated. This can be useful to work around 60 | ; accidental corruptions in an accelerator's shared memory. 61 | ; Available Units: s(econds), m(inutes), h(ours), or d(ays) 62 | ; Default Unit: seconds 63 | ; Default Value: 0 64 | ;emergency_restart_interval = 0 65 | 66 | ; Time limit for child processes to wait for a reaction on signals from master. 67 | ; Available units: s(econds), m(inutes), h(ours), or d(ays) 68 | ; Default Unit: seconds 69 | ; Default Value: 0 70 | ;process_control_timeout = 0 71 | 72 | ; The maximum number of processes FPM will fork. This has been design to control 73 | ; the global number of processes when using dynamic PM within a lot of pools. 74 | ; Use it with caution. 75 | ; Note: A value of 0 indicates no limit 76 | ; Default Value: 0 77 | ; process.max = 128 78 | 79 | ; Specify the nice(2) priority to apply to the master process (only if set) 80 | ; The value can vary from -19 (highest priority) to 20 (lower priority) 81 | ; Note: - It will only work if the FPM master process is launched as root 82 | ; - The pool process will inherit the master process priority 83 | ; unless it specified otherwise 84 | ; Default Value: no set 85 | ; process.priority = -19 86 | 87 | ; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. 88 | ; Default Value: yes 89 | ;daemonize = yes 90 | 91 | ; Set open file descriptor rlimit for the master process. 92 | ; Default Value: system defined value 93 | ;rlimit_files = 1024 94 | 95 | ; Set max core size rlimit for the master process. 96 | ; Possible Values: 'unlimited' or an integer greater or equal to 0 97 | ; Default Value: system defined value 98 | ;rlimit_core = 0 99 | 100 | ; Specify the event mechanism FPM will use. The following is available: 101 | ; - select (any POSIX os) 102 | ; - poll (any POSIX os) 103 | ; - epoll (linux >= 2.5.44) 104 | ; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0) 105 | ; - /dev/poll (Solaris >= 7) 106 | ; - port (Solaris >= 10) 107 | ; Default Value: not set (auto detection) 108 | ;events.mechanism = epoll 109 | 110 | ; When FPM is build with systemd integration, specify the interval, 111 | ; in second, between health report notification to systemd. 112 | ; Set to 0 to disable. 113 | ; Available Units: s(econds), m(inutes), h(ours) 114 | ; Default Unit: seconds 115 | ; Default value: 10 116 | ;systemd_interval = 10 117 | 118 | ;;;;;;;;;;;;;;;;;;;; 119 | ; Pool Definitions ; 120 | ;;;;;;;;;;;;;;;;;;;; 121 | 122 | ; Multiple pools of child processes may be started with different listening 123 | ; ports and different management options. The name of the pool will be 124 | ; used in logs and stats. There is no limitation on the number of pools which 125 | ; FPM can handle. Your system will tell you anyway :) 126 | 127 | ; To configure the pools it is recommended to have one .conf file per 128 | ; pool in the following directory: 129 | include=${APPS_DIR}/etc/fpmpool.d/*.conf 130 | -------------------------------------------------------------------------------- /etc/skel/clone/bash.bashrc.tpl: -------------------------------------------------------------------------------- 1 | # Bash start-up file, created by chaplocal 2 | 3 | export PROMPT_DIRTRIM=2 4 | cd $APPS_DIR 5 | 6 | echo "" 7 | echo "Now running inside container. Directory is: $APPS_DIR" 8 | echo "" 9 | 10 | port=${CONFIG_EXT_HTTP_PORT:-${CONFIG_EXT_PORT:-}} 11 | if [ "$port" != "" -a "$HTTPD_SERVER_NAME" != "" ]; then 12 | echo "The default '$HTTPD_SERVER_NAME' site is running at http://$CONFIG_EXT_HOSTNAME:$port/" 13 | echo "" 14 | fi 15 | -------------------------------------------------------------------------------- /etc/skel/clone/build.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #Created by chaplocal on %(`date`) 3 | # the cd trick assures this works even if the current directory is not current. 4 | 5 | cd ${0%/*} 6 | if [ "$CHAP_SERVICE_NAME" != "" ]; then 7 | echo You need to run build.sh on your docker host, not inside a container. 8 | exit 9 | fi 10 | 11 | # Uncomment to default to your new derivative image name... 12 | #prodimage="%(PARENT_IMAGE:|chapdev/*|%(PARENT_IMAGE:/^chapdev/mylocal/)|%(PARENT_IMAGE))" 13 | 14 | [ "$1" != "" ] && prodimage="$1" 15 | 16 | if [ "$prodimage" == "" ]; then 17 | echo "Usage: ./build.sh " 18 | exit 1 19 | else 20 | echo Building "$prodimage" ... 21 | fi 22 | 23 | if [ ! -f build/Dockerfile ]; then 24 | echo "Expecting to find Dockerfile in ./build ... not found!" 25 | exit 1 26 | fi 27 | 28 | # Update the image information for the new build 29 | sed "s/^IMAGE_NAME=.*/IMAGE_NAME=${prodimage/\//\\\/}/" build/new_version.inc 30 | 31 | # Do the build 32 | tar czh --exclude '*~' --exclude 'var/*' . | docker build -t $prodimage -f build/Dockerfile - 33 | -------------------------------------------------------------------------------- /etc/skel/clone/build/Dockerfile.tpl: -------------------------------------------------------------------------------- 1 | # This is a template Dockerfile for creating a new image. 2 | # See the README for a complete description of how you create derivative images. 3 | 4 | FROM %(PARENT_IMAGE) 5 | ADD . /setup/ 6 | RUN /setup/build/install.sh 7 | -------------------------------------------------------------------------------- /etc/skel/clone/build/README.tpl: -------------------------------------------------------------------------------- 1 | This directory contains a template for creating derivative images 2 | based upon '%(PARENT_IMAGE)'. 3 | 4 | Note that these build materials will NOT become a part of the newly created image. 5 | Instead, new build materials will be created if somebody wants to use 'chaplocal' 6 | to continue development. 7 | 8 | To make a complete, ready-to-go image, you should do the following: 9 | 10 | 1. Customize Dockerfile in this directory. 11 | 12 | 2. Customize install.sh by adding any additional build commands. 13 | 14 | 3. If you want to cater to developers who want to use this image, then 15 | modify the skeleton files in ../etc/skel as described below. 16 | 17 | 4. Usually, you can just create a new .git project at in the same 18 | directory where your build.sh is located. 19 | 20 | Modifying the Skelenton Files 21 | 22 | The ../etc/skel directory contains skeleton template files which are used: 23 | * To output container-specific help using "--task get-help" 24 | * To create container-specific launchers using "--task get-launcher" 25 | * To create new development directories using 'chaplocal'. 26 | 27 | At a minimum, you should modify: ../etc/skel/help and ../etc/skel/launcher 28 | to reflect the needs of your container. 29 | 30 | If you want to improve the experience for developers using your image, then 31 | also modify the templates in ../etc/clone. 'chaplocal' uses these files when 32 | it clones a new 'apps' directory for a developer. 33 | -------------------------------------------------------------------------------- /etc/skel/clone/build/install.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd /setup 4 | 5 | # remove existing chaperone.d and startup.d from /apps so none linger 6 | rm -rf /apps; mkdir /apps 7 | 8 | # copy everything from setup to the root /apps except Dockerfile rebuild materials 9 | echo copying application files to /apps ... 10 | tar cf - --exclude ./build --exclude ./build.sh --exclude ./run.sh . | (cd /apps; tar xf -) 11 | 12 | # update the version information 13 | mv /setup/build/new_version.inc /apps/etc/version.inc 14 | 15 | # Add additional setup commands for your production image here, if any. 16 | # ... 17 | 18 | # Clean up and assure permissions are correct 19 | 20 | rm -rf /setup 21 | chown -R runapps: /apps # for full-container execution 22 | -------------------------------------------------------------------------------- /etc/skel/clone/run.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #Developer's startup script 3 | #Created by chaplocal on %(`date`) 4 | 5 | IMAGE="%(PARENT_IMAGE)" 6 | INTERACTIVE_SHELL="/bin/bash" 7 | 8 | # You can specify the external host and ports for your webserver here. These variables 9 | # are also passed into the container so that any application code which does redirects 10 | # can use these if need be. 11 | 12 | EXT_HOSTNAME=%(CONFIG_EXT_HOSTNAME:-localhost) 13 | EXT_HTTP_PORT=%(CONFIG_EXT_HTTP_PORT:-8080) 14 | EXT_HTTPS_PORT=%(CONFIG_EXT_HTTPS_PORT:-8443) 15 | 16 | # Uncomment to enable SSL and specify the certificate hostname 17 | #EXT_SSL_HOSTNAME=secure.example.com 18 | 19 | PORTOPT="-p $EXT_HTTP_PORT:8080 -e CONFIG_EXT_HTTP_PORT=$EXT_HTTP_PORT \ 20 | -p $EXT_HTTPS_PORT:8443 -e CONFIG_EXT_HTTPS_PORT=$EXT_HTTPS_PORT" 21 | 22 | usage() { 23 | echo "Usage: run.sh [-d] [-p port#] [-h] [extra-chaperone-options]" 24 | echo " Run $IMAGE as a daemon or interactively (the default)." 25 | echo " First available port will be remapped to $EXT_HOSTNAME if possible." 26 | exit 27 | } 28 | 29 | if [ "$CHAP_SERVICE_NAME" != "" ]; then 30 | echo run.sh should be executed on your docker host, not inside a container. 31 | exit 32 | fi 33 | 34 | cd ${0%/*} # go to directory of this file 35 | APPS=$PWD 36 | cd .. 37 | 38 | options="-t -i -e TERM=$TERM --rm=true" 39 | shellopt="/bin/bash --rcfile $APPS/bash.bashrc" 40 | 41 | while getopts ":-dp:n:" o; do 42 | case "$o" in 43 | d) 44 | options="-d" 45 | shellopt="" 46 | ;; 47 | n) 48 | options="$options --name $OPTARG" 49 | ;; 50 | p) 51 | PORTOPT="-p $OPTARG" 52 | ;; 53 | -) # first long option terminates 54 | break 55 | ;; 56 | *) 57 | usage 58 | ;; 59 | esac 60 | done 61 | shift $((OPTIND-1)) 62 | 63 | # Run the image with this directory as our local apps dir. 64 | # Create a user with a uid/gid based upon the file permissions of the chaperone.d 65 | # directory. 66 | 67 | MOUNT=${PWD#/}; MOUNT=/${MOUNT%%/*} # extract user mountpoint 68 | SELINUX_FLAG=$(sestatus 2>/dev/null | fgrep -q enabled && echo :z) 69 | 70 | docker run $options -v $MOUNT:$MOUNT$SELINUX_FLAG $PORTOPT \ 71 | -e CONFIG_EXT_HOSTNAME="$EXT_HOSTNAME" \ 72 | -e CONFIG_EXT_SSL_HOSTNAME="$EXT_SSL_HOSTNAME" \ 73 | $IMAGE \ 74 | --create $USER:$APPS/chaperone.d --config $APPS/chaperone.d $* $shellopt 75 | -------------------------------------------------------------------------------- /etc/skel/help/HELP.tpl: -------------------------------------------------------------------------------- 1 | Help for Image: %(PARENT_IMAGE) Version %(IMAGE_VERSION) 2 | Grav: Version %(GRAV_VERSION) 3 | Chaperone: %(`chaperone --version | awk '/This is/{print $5}'`) 4 | Linux: %(`cat /etc/issue | head -1 | sed -e 's/Welcome to //' -e 's/ \\.*$//'`) 5 | 6 | This image contains contains a complete installation of the Grav Flat-File CMS, 7 | ready to use. For more information, see http://getgrav.org. For information 8 | about how to use this image, see https://github.com/garywiz/docker-grav. 9 | 10 | When you launch the container, the Grav site will be running at the URL: 11 | http://%(CONFIG_EXT_HOSTNAME)%(CONFIG_EXT_HTTP_PORT:|80||:%(CONFIG_EXT_HTTP_PORT))/ 12 | (Assuming you haven't changed the default port.) 13 | 14 | You can extract also ready-made startup scripts for this image by running 15 | the following command: 16 | 17 | $ docker run -i --rm %(PARENT_IMAGE) --task get-launcher | sh 18 | 19 | Startup scripts have the option of working with attached storage. 20 | Each script is self-documenting and has configuration variables 21 | at the beginning of the script itself. 22 | -------------------------------------------------------------------------------- /etc/skel/help/LAUNCHER.tpl: -------------------------------------------------------------------------------- 1 | 2 | The %(DEFAULT_LAUNCHER) script is a quick-start for launching 3 | the %(PARENT_IMAGE) image. 4 | 5 | When you launch the container, a fully configured working Grav instnace will be 6 | available at http://%(CONFIG_EXT_HOSTNAME)%(CONFIG_EXT_HTTP_PORT:|80||:%(CONFIG_EXT_HTTP_PORT))/ 7 | 8 | To get this message again: 9 | docker run -i --rm %(PARENT_IMAGE) --task get-help LAUNCHER 10 | 11 | Or, for geeneral help on the image itself: 12 | docker run -i --rm %(PARENT_IMAGE) --task get-help 13 | -------------------------------------------------------------------------------- /etc/skel/launcher/run-IMAGE.sh.tpl: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #Extracted from %(PARENT_IMAGE) on %(`date`) 3 | 4 | # Usage is displayed if you use -h 5 | 6 | usage() { 7 | echo "Usage: %(DEFAULT_LAUNCHER) [-d] [-p port#] [-h]" 8 | echo " Run Grav from $IMAGE as a daemon (with -d) or interactively (the default)." 9 | echo "" 10 | echo " -d Run as daemon (otherwise interactive)" 11 | echo " -p port# Specify port number to expose Grav server (default 8080)" 12 | echo " -s dirpath Specifies the path to an optional storage directory where ALL persistent" 13 | echo " Grav files and settings will be stored. This allows you to keep your site" 14 | echo " separate from the container so you can easily upgrade the container software." 15 | echo " By default, this script looks to see if $STORAGE_LOCATION exists, and" 16 | echo " if it does, it will be used. You can override that default with this switch." 17 | echo " -n name Name the container 'name' instead of the default name invented by Docker." 18 | echo "" 19 | echo "HTTPS options (SSL):" 20 | echo " -H sslhost Specify the SSL host name and enable the SSL server. If specified, Grav" 21 | echo " will also be available using https on the port specified by -P" 22 | echo " -P sslport# Specify SSL port number (default 8443)" 23 | exit 24 | } 25 | 26 | IMAGE="%(PARENT_IMAGE)" 27 | INTERACTIVE_SHELL="/bin/bash" 28 | 29 | # You can specify the external host and ports for Grav here. Note that the HTTPS site 30 | # will be started only if you uncomment EXT_SSL_HOSTNAME below (the certificate needs a hostname) 31 | 32 | EXT_HOSTNAME=%(CONFIG_EXT_HOSTNAME:-localhost) 33 | EXT_HTTP_PORT=%(CONFIG_EXT_HTTP_PORT:-8080) 34 | EXT_HTTPS_PORT=%(CONFIG_EXT_HTTPS_PORT:-8443) 35 | 36 | # Uncomment to enable SSL and specify the certificate hostname 37 | 38 | #EXT_SSL_HOSTNAME=secure.example.com 39 | 40 | # Upon start-up, the container will create a new administrative user if one does not already 41 | # exist with the given name. To disable this, set ADMIN_USER to the string 'none'. 42 | 43 | ADMIN_USER=admin 44 | ADMIN_PASSWORD=ChangeMe 45 | ADMIN_EMAIL="nobody@nowhere.com" 46 | 47 | # If this directory exists and is writable, then it will be used 48 | # as attached storage. 49 | # You can change STORAGE_LOCATION to anything you wish other than the default below. 50 | 51 | STORAGE_LOCATION="$PWD/%(IMAGE_BASENAME)-storage" 52 | STORAGE_USER="$USER" 53 | 54 | # Parse the command line and override any options provided above 55 | 56 | docker_opt="" 57 | 58 | while getopts ":-dp:n:s:H:P:" o; do 59 | case "$o" in 60 | d) 61 | INTERACTIVE_SHELL="" 62 | ;; 63 | n) 64 | docker_opt="$docker_opt --name $OPTARG" 65 | ;; 66 | p) 67 | EXT_HTTP_PORT="$OPTARG" 68 | ;; 69 | P) 70 | EXT_HTTPS_PORT="$OPTARG" 71 | ;; 72 | H) 73 | EXT_SSL_HOSTNAME="$OPTARG" 74 | ;; 75 | s) 76 | # The path must exist, and we need the full path if it's relative... 77 | [ -d "$OPTARG" ] && STORAGE_LOCATION="$(cd "$(dirname "$OPTARG")"; pwd)/$(basename "$OPTARG")" 78 | ;; 79 | -) # first long option terminates so remaining options go to Chaperone 80 | break 81 | ;; 82 | *) 83 | usage 84 | ;; 85 | esac 86 | done 87 | shift $((OPTIND-1)) 88 | 89 | # Docker port options (derive from above) 90 | 91 | PORTOPT="-p $EXT_HTTP_PORT:8080 -p $EXT_HTTPS_PORT:8443" 92 | 93 | # The rest should be OK... 94 | 95 | if [ "$INTERACTIVE_SHELL" != "" ]; then 96 | docker_opt="$docker_opt -t -i -e TERM=$TERM --rm=true" 97 | else 98 | docker_opt="-d" 99 | fi 100 | 101 | docker_opt="$docker_opt $PORTOPT \ 102 | -e EMACS=$EMACS \ 103 | -e CONFIG_EXT_HOSTNAME=$EXT_HOSTNAME \ 104 | -e CONFIG_EXT_HTTPS_PORT=$EXT_HTTPS_PORT \ 105 | -e CONFIG_EXT_HTTP_PORT=$EXT_HTTP_PORT \ 106 | -e CONFIG_ADMIN_USER=$ADMIN_USER \ 107 | -e CONFIG_ADMIN_PASSWORD=$ADMIN_PASSWORD \ 108 | -e CONFIG_ADMIN_EMAIL=$ADMIN_EMAIL \ 109 | -e CONFIG_LOGGING=file" 110 | 111 | [ "$EXT_SSL_HOSTNAME" != "" ] && docker_opt="$docker_opt -e CONFIG_EXT_SSL_HOSTNAME=$EXT_SSL_HOSTNAME" 112 | 113 | if [ "$STORAGE_LOCATION" != "" -a -d "$STORAGE_LOCATION" -a -w "$STORAGE_LOCATION" ]; then 114 | SELINUX_FLAG=$(sestatus 2>/dev/null | fgrep -q enabled && echo :z) 115 | docker_opt="$docker_opt -v $STORAGE_LOCATION:/apps/var$SELINUX_FLAG" 116 | chap_opt="--create $STORAGE_USER:/apps/var" 117 | echo Using attached storage at $STORAGE_LOCATION 118 | fi 119 | 120 | docker run $docker_opt $IMAGE $chap_opt $* $INTERACTIVE_SHELL 121 | -------------------------------------------------------------------------------- /etc/skel/shell_vars.inc: -------------------------------------------------------------------------------- 1 | # Variables commonly defined in get-* tasks, so that they can be 2 | # available in templates. See bin/get-help and bin/get-launcher. 3 | 4 | source $APPS_DIR/etc/version.inc 5 | export IMAGE_VERSION IMAGE_ARCH 6 | export PARENT_IMAGE=$IMAGE_NAME 7 | 8 | # The image name, without the prefix. 9 | if [[ "$PARENT_IMAGE" == chapdev/* ]]; then 10 | # Standard chapdev naming. Remove chapdev/chaperone- or just chapdev/ 11 | IMAGE_BASENAME=${PARENT_IMAGE/*chapdev\/chaperone-/} 12 | export IMAGE_BASENAME=${PARENT_IMAGE/*chapdev\//} 13 | else 14 | export IMAGE_BASENAME=${PARENT_IMAGE#*/} # others just strip off username 15 | fi 16 | 17 | # The name of the default launcher (this is what run-IMAGE.sh.tpl gets delivered as) 18 | export DEFAULT_LAUNCHER=run-$IMAGE_BASENAME.sh 19 | 20 | # Used by get-launcher turn .tpl pathnames into the basename delivered. 21 | 22 | function transform_filename() { 23 | base=$(basename $1) 24 | [ "$base" == "run-IMAGE.sh.tpl" ] && echo $DEFAULT_LAUNCHER && return 25 | echo "${base%.tpl}" 26 | } 27 | -------------------------------------------------------------------------------- /etc/ssleay.cnf: -------------------------------------------------------------------------------- 1 | # 2 | # SSLeay example configuration file. 3 | # 4 | 5 | RANDFILE = /dev/urandom 6 | 7 | [ req ] 8 | default_bits = 2048 9 | default_keyfile = privkey.pem 10 | distinguished_name = req_distinguished_name 11 | prompt = no 12 | policy = policy_anything 13 | req_extensions = v3_req 14 | x509_extensions = v3_req 15 | 16 | [ req_distinguished_name ] 17 | commonName = @HostName@ 18 | 19 | [ v3_req ] 20 | basicConstraints = CA:FALSE 21 | -------------------------------------------------------------------------------- /etc/start_nginx.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Startup nginx 3 | # 4 | # Note that all of the .tpl files are copied to locations in ${VAR_DIR} 5 | # since nginx does not consistently support environment variables within configs. 6 | 7 | mkdir -p $VAR_DIR/etc $VAR_DIR/sites.d $VAR_DIR/log/nginx 8 | 9 | tpl_envcp --overwrite --strip .tpl $APPS_DIR/etc/*.tpl $VAR_DIR/etc 10 | tpl_envcp --overwrite --strip .tpl $APPS_DIR/www/sites.d/*.tpl $VAR_DIR/sites.d 11 | 12 | /usr/sbin/nginx -c $VAR_DIR/etc/nginx.conf 13 | -------------------------------------------------------------------------------- /etc/startup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # A quick script to initialize the system. This is not equivalent 3 | # to the classic /etc/init.d type initailization, but more of a preparation 4 | # phase so that services have what they need to run. 5 | 6 | # We publish two variables for use in startup scripts: 7 | # 8 | # CONTAINER_INIT=1 if we are initializing the container for the first time 9 | # VAR_INIT=1 if we are initializing the $VAR_DIR for the first time 10 | # 11 | # Both may be relevant, since it's possible that the $VAR_DIR may be on a mount point 12 | # so it can be reused when starting up containers which refer to it. 13 | 14 | function dolog() { logger -t startup.sh -p info $*; } 15 | function critlog() { logger -t startup.sh -p crit $*; } 16 | 17 | var_setup_file="$VAR_DIR/run/var_setup.done" 18 | cont_setup_file="/container_setup.done" 19 | 20 | export CONTAINER_INIT=0 21 | export VAR_INIT=0 22 | 23 | # Assure anything lingering that might interfere with restart is gone 24 | rm -rf /tmp/*.pid /tmp/*.sock 25 | 26 | if [ ! -f $cont_setup_file ]; then 27 | dolog "initializing container for the first time" 28 | CONTAINER_INIT=1 29 | sudo bash -c "date >$cont_setup_file" 30 | fi 31 | 32 | if [ ! -f $var_setup_file ]; then 33 | dolog "initializing $VAR_DIR for the first time" 34 | VAR_INIT=1 35 | mkdir -p $VAR_DIR >&/dev/null 36 | if [ ! -w $VAR_DIR ]; then 37 | critlog "$VAR_DIR is not writable by user '$USER' -- cannot complete set-up" 38 | exit 1 39 | fi 40 | mkdir -p $VAR_DIR/run $VAR_DIR/log 41 | chmod 777 $VAR_DIR/run $VAR_DIR/log 42 | date >$var_setup_file 43 | fi 44 | 45 | if [ -d $APPS_DIR/startup.d ]; then 46 | for sf in $( find $APPS_DIR/startup.d -type f -perm +100 \! -name '*~' | sort ); do 47 | dolog "running $sf..." 48 | $sf 49 | done 50 | fi 51 | 52 | if [ "$SECURE_ROOT" == "1" -a $CONTAINER_INIT == 1 ]; then 53 | dolog locking down root account 54 | sudo passwd -l root 55 | sudo sed '/NOPASSWD/ d' -i /etc/sudoers 56 | fi 57 | -------------------------------------------------------------------------------- /etc/version.inc: -------------------------------------------------------------------------------- 1 | IMAGE_ARCH=U14 2 | IMAGE_VERSION=1.0.10 3 | IMAGE_NAME=garywiz/docker-grav 4 | GRAV_VERSION=X.X.X 5 | export GRAV_VERSION 6 | -------------------------------------------------------------------------------- /run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | #Developer's startup script 3 | #Created by chaplocal on Wed Oct 7 02:09:09 UTC 2015 4 | 5 | IMAGE="garywiz/docker-grav" 6 | INTERACTIVE_SHELL="/bin/bash" 7 | 8 | # You can specify the external host and ports for your webserver here. These variables 9 | # are also passed into the container so that any application code which does redirects 10 | # can use these if need be. 11 | 12 | EXT_HOSTNAME=docker1.local 13 | EXT_HTTP_PORT=8080 14 | EXT_HTTPS_PORT=8443 15 | 16 | # Uncomment to enable SSL and specify the certificate hostname 17 | #EXT_SSL_HOSTNAME=secure.example.com 18 | 19 | PORTOPT="-p $EXT_HTTP_PORT:8080 -e CONFIG_EXT_HTTP_PORT=$EXT_HTTP_PORT \ 20 | -p $EXT_HTTPS_PORT:8443 -e CONFIG_EXT_HTTPS_PORT=$EXT_HTTPS_PORT" 21 | 22 | usage() { 23 | echo "Usage: run.sh [-d] [-p port#] [-h] [extra-chaperone-options]" 24 | echo " Run $IMAGE as a daemon or interactively (the default)." 25 | echo " First available port will be remapped to $EXT_HOSTNAME if possible." 26 | exit 27 | } 28 | 29 | if [ "$CHAP_SERVICE_NAME" != "" ]; then 30 | echo run.sh should be executed on your docker host, not inside a container. 31 | exit 32 | fi 33 | 34 | cd ${0%/*} # go to directory of this file 35 | APPS=$PWD 36 | cd .. 37 | 38 | options="-t -i -e TERM=$TERM --rm=true" 39 | shellopt="/bin/bash --rcfile $APPS/bash.bashrc" 40 | 41 | while getopts ":-dp:n:" o; do 42 | case "$o" in 43 | d) 44 | options="-d" 45 | shellopt="" 46 | ;; 47 | n) 48 | options="$options --name $OPTARG" 49 | ;; 50 | p) 51 | PORTOPT="-p $OPTARG" 52 | ;; 53 | -) # first long option terminates 54 | break 55 | ;; 56 | *) 57 | usage 58 | ;; 59 | esac 60 | done 61 | shift $((OPTIND-1)) 62 | 63 | # Run the image with this directory as our local apps dir. 64 | # Create a user with a uid/gid based upon the file permissions of the chaperone.d 65 | # directory. 66 | 67 | MOUNT=${PWD#/}; MOUNT=/${MOUNT%%/*} # extract user mountpoint 68 | SELINUX_FLAG=$(sestatus 2>/dev/null | fgrep -q enabled && echo :z) 69 | 70 | docker run $options -v $MOUNT:$MOUNT$SELINUX_FLAG $PORTOPT \ 71 | -e CONFIG_EXT_HOSTNAME="$EXT_HOSTNAME" \ 72 | -e CONFIG_EXT_SSL_HOSTNAME="$EXT_SSL_HOSTNAME" \ 73 | -e CONFIG_LOGGING=file \ 74 | -e EMACS=$EMACS \ 75 | $IMAGE \ 76 | --create $USER:$APPS/chaperone.d --config $APPS/chaperone.d $* $shellopt 77 | -------------------------------------------------------------------------------- /startup.d/000-install.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | #sudo apk --update add php-json php-ctype php-gd php-curl php-openssl php-zip 4 | 5 | -------------------------------------------------------------------------------- /startup.d/050-grav-setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Set up a new $VAR_DIR/grav directory containing all writable components. 4 | # 5 | # If a var/grav directory doesn't exist, looks for any directories called grav/xxxx-dist, which are 6 | # templates for how things should be set up in var. Creates them, as well as the symbolic links 7 | # which point to them. 8 | 9 | VAR_GRAV=$VAR_DIR/grav 10 | 11 | # bash functions 12 | 13 | function dolog() { logger -t 050-grav-setup.sh -p info $*; } 14 | function relpath() { python3 -c "import os,sys;print(os.path.relpath(*(sys.argv[1:])))" "$@"; } 15 | 16 | # First, initialize all the necessary sub directories 17 | 18 | cd $APPS_DIR/www/grav # do all work from here 19 | 20 | if [ ! -d $VAR_GRAV ]; then 21 | 22 | mkdir -p $VAR_GRAV 23 | for sf in $( find . -maxdepth 1 -type d -name '*-dist' ); do 24 | symlink=${sf/-dist} 25 | vardest=$VAR_GRAV${symlink/\./} 26 | cp -dR $sf $vardest 27 | dolog "created $vardest" 28 | done 29 | 30 | # Now, for the sticky plugins, link back to the originals 31 | # These plugins will always refer back to the ones which shipped 32 | # with the container. Other plugins can be installed within the user's 33 | # attached storage 34 | 35 | pushd $VAR_GRAV/user; mkdir plugins; cd plugins 36 | for sf in $APPS_DIR/www/grav/plugins-sticky/*; do 37 | ln -nsf $(relpath $sf) 38 | done 39 | popd 40 | 41 | fi 42 | 43 | # We have to (re)create the container symlinks if this is the 44 | # first time we are preparing this container. 45 | 46 | if [ "$CONTAINER_INIT" == "1" ]; then 47 | 48 | for sf in $( find . -maxdepth 1 -type d -name '*-dist' ); do 49 | symlink=${sf/-dist} 50 | vardest=$VAR_GRAV${symlink/\./} 51 | if [ -w . ]; then 52 | ln -nsf $(relpath $vardest) $symlink 53 | else 54 | sudo ln -nsf $(relpath $vardest) $symlink 55 | fi 56 | done 57 | 58 | fi 59 | -------------------------------------------------------------------------------- /startup.d/100-user-setup.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Sets up CONFIG_ADMIN_USER, if it exists 4 | 5 | function dolog() { logger -t 100-user-setup.sh -p info $*; } 6 | 7 | [ "$CONFIG_ADMIN_USER" == "" ] && exit 8 | 9 | CONF_DIR="$APPS_DIR/www/grav/user/accounts" 10 | CONF_FILE="$CONF_DIR/$CONFIG_ADMIN_USER.yaml" 11 | 12 | [ -f "$CONF_FILE" ] && exit 13 | 14 | # No such file, create it now. 15 | 16 | mkdir -p $CONF_DIR 17 | phash=$(echo '' | php) 18 | 19 | cat >$CONF_FILE < $TMPFILE 26 | 27 | # create the certificate. 28 | 29 | mkdir -p $VAR_DIR/certs 30 | 31 | openssl req -config $TMPFILE -new -x509 -days 3650 -nodes -out $certpem -keyout $certkey 32 | 33 | chmod 644 $certpem 34 | chmod 640 $certkey 35 | 36 | rm -rf $TMPFILE 37 | fi 38 | 39 | fi 40 | -------------------------------------------------------------------------------- /startup.d/README: -------------------------------------------------------------------------------- 1 | Files in this directory are executed upon container startup by the ../etc/startup.sh script. 2 | 3 | There are two modes: 4 | 5 | 1. When the container is first set up, CONTAINER_INIT=="1" and the script can use 'su' without a 6 | password. This is so that any setup activities can be performed which require full access 7 | to the system. 8 | 9 | 2. On subsequent boots (if the container is stopped and started), the same scripts will be 10 | run with CONTAINER_INIT=="0". However, root access is locked down if env var SECURE_ROOT=1. 11 | 12 | Note that SECURE_ROOT is not defined by default. 13 | 14 | In all cases, scripts are run as either root, or the user specified by --user on the 15 | chaperone command line. 16 | -------------------------------------------------------------------------------- /startup.d/nginx.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # System-prep tasks for nginx 3 | 4 | puser=${USER:-www-data} 5 | needs_perm="/var/log/nginx $VAR_DIR/etc $VAR_DIR/sites.d" 6 | 7 | function dolog() { logger -t nginx.sh -p info $*; } 8 | 9 | if [ $CONTAINER_INIT == 1 ]; then 10 | dolog setting nginx user permissions for "$puser" 11 | # Ngnix simply refuses to start unless it can write to /var/log/nginx. Nobody seems to complain, 12 | # but i think this is because people don't try running nginx in userspace very often. 13 | sudo bash -c "mv /var/log/nginx /var/log/nginx-dist; mkdir -p $needs_perm; chown -R $puser: $needs_perm; chmod 777 /var/log/nginx" 14 | fi 15 | -------------------------------------------------------------------------------- /www/sites.d/grav.conf.tpl: -------------------------------------------------------------------------------- 1 | # DO NOT MODIFY THIS FILE. IT WILL BE REGENERATED EVERY TIME THE CONTAINER STARTS 2 | 3 | server { 4 | listen 8080; 5 | server_name .%(CONFIG_EXT_HOSTNAME) ""; 6 | 7 | root %(NGINX_SITES_DIR)/grav; 8 | 9 | access_log %(NGINX_LOG_DIR)/grav.access.log; 10 | error_log syslog:server=unix:/dev/log; 11 | 12 | error_page 500 502 503 504 /50x.html; 13 | 14 | location = /50x.html { 15 | root html; 16 | } 17 | 18 | location / { 19 | root %(NGINX_SITES_DIR)/grav; 20 | index index.php; 21 | if (!-e $request_filename){ rewrite ^(.*)$ /index.php last; } 22 | } 23 | 24 | # if you want grav in a sub-directory of your main site 25 | # (for example, example.com/mygrav) then you need this rewrite: 26 | location /mygrav { 27 | if (!-e $request_filename){ rewrite ^(.*)$ /mygrav/$2 last; } 28 | try_files $uri $uri/ /index.php?$args; 29 | } 30 | 31 | # if using grav in a sub-directory of your site, 32 | # prepend the actual path to each location 33 | # for example: /mygrav/images 34 | # and: /mygrav/user 35 | # and: /mygrav/cache 36 | # and so on 37 | 38 | location /images/ { 39 | # Serve images as static 40 | } 41 | 42 | location /user { 43 | rewrite ^/user/accounts/(.*)$ /error redirect; 44 | rewrite ^/user/config/(.*)$ /error redirect; 45 | rewrite ^/user/(.*)\.(txt|md|html|php|yaml|json|twig|sh|bat)$ /error redirect; 46 | } 47 | 48 | location /cache { 49 | rewrite ^/cache/(.*) /error redirect; 50 | } 51 | 52 | location /bin { 53 | rewrite ^/bin/(.*)$ /error redirect; 54 | } 55 | 56 | location /backup { 57 | rewrite ^/backup/(.*) /error redirect; 58 | } 59 | 60 | location /system { 61 | rewrite ^/system/(.*)\.(txt|md|html|php|yaml|json|twig|sh|bat)$ /error redirect; 62 | } 63 | 64 | location /vendor { 65 | rewrite ^/vendor/(.*)\.(txt|md|html|php|yaml|json|twig|sh|bat)$ /error redirect; 66 | } 67 | 68 | # Remember to change 127.0.0.1:9000 to the Ip/port 69 | # you configured php-cgi.exe to run from 70 | 71 | location ~ \.php$ { 72 | try_files $uri =404; 73 | include %(VAR_DIR)/sites.d/php-fast.inc; 74 | fastcgi_split_path_info ^(.+\.php)(/.+)$; 75 | fastcgi_index index.php; 76 | fastcgi_param PATH_INFO $fastcgi_path_info; 77 | } 78 | } 79 | 80 | %(CONFIG_EXT_SSL_HOSTNAME:|?*| 81 | # SSL Configuration for %(CONFIG_EXT_SSL_HOSTNAME) 82 | 83 | server { 84 | # .domain.com will match both domain.com and anything.domain.com 85 | server_name .%(CONFIG_EXT_SSL_HOSTNAME) ""; 86 | listen 8443; 87 | 88 | ssl on; 89 | ssl_certificate %(VAR_DIR)/certs/ssl-cert-grav-%(CONFIG_EXT_SSL_HOSTNAME).crt; 90 | ssl_certificate_key %(VAR_DIR)/certs/ssl-cert-grav-%(CONFIG_EXT_SSL_HOSTNAME).key; 91 | 92 | root %(NGINX_SITES_DIR)/grav; 93 | 94 | access_log %(NGINX_LOG_DIR)/grav-ssl.access.log; 95 | error_log syslog:server=unix:/dev/log; 96 | 97 | error_page 500 502 503 504 /50x.html; 98 | 99 | location = /50x.html { 100 | root html; 101 | } 102 | 103 | location / { 104 | root %(NGINX_SITES_DIR)/grav; 105 | index index.php; 106 | if (!-e $request_filename){ rewrite ^(.*)$ /index.php last; } 107 | } 108 | 109 | # if you want grav in a sub-directory of your main site 110 | # (for example, example.com/mygrav) then you need this rewrite: 111 | location /mygrav { 112 | if (!-e $request_filename){ rewrite ^(.*)$ /mygrav/$2 last; } 113 | try_files $uri $uri/ /index.php?$args; 114 | } 115 | 116 | # if using grav in a sub-directory of your site, 117 | # prepend the actual path to each location 118 | # for example: /mygrav/images 119 | # and: /mygrav/user 120 | # and: /mygrav/cache 121 | # and so on 122 | 123 | location /images/ { 124 | # Serve images as static 125 | } 126 | 127 | location /user { 128 | rewrite ^/user/accounts/(.*)$ /error redirect; 129 | rewrite ^/user/config/(.*)$ /error redirect; 130 | rewrite ^/user/(.*)\.(txt\|md\|html\|php\|yaml\|json\|twig\|sh\|bat)$ /error redirect; 131 | } 132 | 133 | location /cache { 134 | rewrite ^/cache/(.*) /error redirect; 135 | } 136 | 137 | location /bin { 138 | rewrite ^/bin/(.*)$ /error redirect; 139 | } 140 | 141 | location /backup { 142 | rewrite ^/backup/(.*) /error redirect; 143 | } 144 | 145 | location /system { 146 | rewrite ^/system/(.*)\.(txt\|md\|html\|php\|yaml\|json\|twig\|sh\|bat)$ /error redirect; 147 | } 148 | 149 | location /vendor { 150 | rewrite ^/vendor/(.*)\.(txt\|md\|html\|php\|yaml\|json\|twig\|sh\|bat)$ /error redirect; 151 | } 152 | 153 | # Remember to change 127.0.0.1:9000 to the Ip/port 154 | # you configured php-cgi.exe to run from 155 | 156 | location ~ \.php$ { 157 | try_files $uri =404; 158 | include %(VAR_DIR)/sites.d/php-fast.inc; 159 | fastcgi_split_path_info ^(.+\.php)(/.+)$; 160 | fastcgi_index index.php; 161 | fastcgi_param PATH_INFO $fastcgi_path_info; 162 | } 163 | } 164 | |) 165 | -------------------------------------------------------------------------------- /www/sites.d/php-fast.inc.tpl: -------------------------------------------------------------------------------- 1 | # DO NOT MODIFY THIS FILE. IT WILL BE REGENERATED EVERY TIME THE CONTAINER STARTS 2 | 3 | location ~ \.php$ { 4 | fastcgi_param QUERY_STRING $query_string; 5 | fastcgi_param REQUEST_METHOD $request_method; 6 | fastcgi_param CONTENT_TYPE $content_type; 7 | fastcgi_param CONTENT_LENGTH $content_length; 8 | 9 | fastcgi_param SCRIPT_NAME $fastcgi_script_name; 10 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 11 | fastcgi_param REQUEST_URI $request_uri; 12 | fastcgi_param DOCUMENT_URI $document_uri; 13 | fastcgi_param DOCUMENT_ROOT $document_root; 14 | fastcgi_param SERVER_PROTOCOL $server_protocol; 15 | 16 | fastcgi_param GATEWAY_INTERFACE CGI/1.1; 17 | fastcgi_param SERVER_SOFTWARE nginx; 18 | 19 | fastcgi_param REMOTE_ADDR $remote_addr; 20 | fastcgi_param REMOTE_PORT $remote_port; 21 | fastcgi_param SERVER_ADDR $server_addr; 22 | fastcgi_param SERVER_PORT $server_port; 23 | fastcgi_param SERVER_NAME $server_name; 24 | 25 | fastcgi_pass unix:%(PHPFFM_SOCKET); 26 | } 27 | --------------------------------------------------------------------------------