├── .gitignore ├── LICENSE ├── README.md ├── create_db_tables.sh ├── cron ├── eramba-daily.service ├── eramba-daily.timer ├── eramba-hourly.service ├── eramba-hourly.timer ├── eramba-yearly.service ├── eramba-yearly.timer ├── eramba_daily.sh ├── eramba_hourly.sh ├── eramba_test.sh └── eramba_yearly.sh ├── deploy_cron_services.sh ├── docker-compose-template.yml ├── eramba-app ├── Dockerfile ├── build_image.sh ├── etc │ ├── 25-eramba.conf │ ├── httpd.conf │ ├── php.ini │ └── secure.conf └── httpd_run.sh ├── eramba-db ├── Dockerfile ├── build_image.sh └── my.cnf ├── prep_host_directory_struct.sh └── sql ├── c2.4.1.sql └── c2.8.1.sql /.gitignore: -------------------------------------------------------------------------------- 1 | # envar file # 2 | ############## 3 | global_envars.cfg 4 | docker-compose.yml 5 | 6 | # Editors # 7 | ########### 8 | # swap 9 | [._]*.s[a-v][a-z] 10 | [._]*.sw[a-p] 11 | [._]s[a-v][a-z] 12 | [._]sw[a-p] 13 | # session 14 | Session.vim 15 | # temporary 16 | .netrwhist 17 | *~ 18 | # auto-generated tag files 19 | tags 20 | 21 | # Compiled source # 22 | ################### 23 | *.com 24 | *.class 25 | *.dll 26 | *.exe 27 | *.o 28 | *.so 29 | 30 | # Packages # 31 | ############ 32 | # it's better to unpack these files and commit the raw source 33 | # git has its own built in compression methods 34 | *.7z 35 | *.dmg 36 | *.gz 37 | *.iso 38 | *.jar 39 | *.rar 40 | *.tar 41 | *.zip 42 | *.tgz 43 | 44 | # Logs and databases # 45 | ###################### 46 | *.log 47 | *.sqlite 48 | 49 | # OS generated files # 50 | ###################### 51 | .DS_Store 52 | .DS_Store? 53 | ._* 54 | .Spotlight-V100 55 | .Trashes 56 | ehthumbs.db 57 | Thumbs.db 58 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | This is free and unencumbered software released into the public domain. 2 | 3 | Anyone is free to copy, modify, publish, use, compile, sell, or 4 | distribute this software, either in source code form or as a compiled 5 | binary, for any purpose, commercial or non-commercial, and by any 6 | means. 7 | 8 | In jurisdictions that recognize copyright laws, the author or authors 9 | of this software dedicate any and all copyright interest in the 10 | software to the public domain. We make this dedication for the benefit 11 | of the public at large and to the detriment of our heirs and 12 | successors. We intend this dedication to be an overt act of 13 | relinquishment in perpetuity of all present and future rights to this 14 | software under copyright law. 15 | 16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR 20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, 21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR 22 | OTHER DEALINGS IN THE SOFTWARE. 23 | 24 | For more information, please refer to 25 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Eramaba Community (c.2.8.1) in Docker 2 | -------------------------------- 3 | # This is no longer supported!!! 4 | ## Eramba has published their own docker images, see https://www.eramba.org/get-community 5 | 1. Clone this repo and cd into it 6 | 2. Copy `docker-compose-template.yml` to `docker-compose.yml` 7 | 3. Update the `MYSQL_ROOT_PASSWORD` in `docker-compose.yml` 8 | 4. Create file `global_envars.cfg` with the following (updating credntials): 9 | `MYSQL_DATABASE=erambadb 10 | MYSQL_USER=eramba 11 | MYSQL_PASSWORD=changemetoo` 12 | 5. Run `sh ./prep_host_directory_struct.sh` - this creates /data/eramba/, if you want to change the host data dir, ensure you update the docker-compose.yml also 13 | 6. Run `docker-compose up -d` - this will start containers in the background 14 | 7. On first time start, you need to create the database tables, to do this run `sh ./create_db_tables.sh` 15 | 8. You should now be able to load the initial login page via a browser, i.e.: http://localhost/ 16 | 17 | ## Timer jobs 18 | Eramba has 3 cron/timer jobs, hourly, daily and yearly. 19 | As many docker users will be using coreos / operating systems without cron tabs, systemd jobs and timers can be used to run these jobs. 20 | Assuming you retain the standard directory paths and container names, you can simply run `sudo ./deploy_cron_services.sh` - look at the contents of that script and the `cron` directory if experiencing issues and try running the eramba_test.sh script. 21 | These jobs use the cli cron type (so in the settings of the web interface ensure CLI is chosen, not Web for cron jobs). 22 | 23 | ## Upgrade applied then new container built (DB and APP version mismatch) 24 | By default your deployment will start with c2.8.1 of eramba community. 25 | Periodically eramba.org will releae updates which can be applied via the setting page in the web app. 26 | If you do upgrade then the app container is lost, your DB will be stuck on a new version (say c2.8.2) but the new app container will start back at 2.8.1 (which wont work well if there were schema changes to the database between those releases). 27 | If that occurs specify the desired version of the container in your docker-compose.yml, e.g.: `image: markz0r/eramba-app` becomes `image: markz0r/eramba-app:c282`; this is dependent on the maintainer completing a new docker image in a timely fashion. 28 | 29 | ## Fixing missing future review/audits 30 | - An issue can occur in eramba where future reviews/audits are not created 31 | - Presumed cause is someone has used SQL queries to complete previou reviews/audits in bulk which does not create the next audits and update mapping (whcih is done by applicaiton code) 32 | - Actual cause may be that policies are in draft status or have no owner/reviewer assigned 33 | *To Fix* 34 | ## If policies/objects in draft status or have no owner/reviewer 35 | - Simply update the object via the web interface and reviews future will be generated 36 | ## If caused by broken sql queries 37 | 1. Get into database 38 | ``` 39 | docker exec -ti eramba-community-docker_db_1 bash 40 | printenv 41 | mysql -p 42 | # enter $MYSQL_ROOT_PASSWORD 43 | use erambadb 44 | show tables 45 | ``` 46 | ## key tables: 47 | - audits (no relevant FKs) 48 | - reviews (no relevant FKs) 49 | - security_policy_reviews 50 | - (`security_policy_id`) REFERENCES `security_policies` (`id`) 51 | ``` 52 | 53 | MariaDB [erambadb]> desc security_policies; 54 | +----------------------------------+---------------------------------------+------+-----+---------+----------------+ 55 | | Field | Type | Null | Key | Default | Extra | 56 | +----------------------------------+---------------------------------------+------+-----+---------+----------------+ 57 | | id | int(11) | NO | PRI | NULL | auto_increment | 58 | | index | varchar(100) | NO | MUL | NULL | | 59 | | short_description | varchar(255) | NO | | NULL | | 60 | | description | text | YES | | NULL | | 61 | | url | text | YES | | NULL | | 62 | | use_attachments | int(1) | NO | | 0 | | 63 | | document_type | enum('policy','standard','procedure') | NO | | NULL | | 64 | | security_policy_document_type_id | int(11) | YES | MUL | NULL | | 65 | | version | varchar(50) | NO | | NULL | | 66 | | published_date | date | NO | | NULL | | 67 | | next_review_date | date | NO | | NULL | | 68 | | permission | enum('public','private','logged') | NO | | NULL | | 69 | | ldap_connector_id | int(11) | YES | MUL | NULL | | 70 | | asset_label_id | int(11) | YES | MUL | NULL | | 71 | | status | int(1) | NO | | 0 | | 72 | | expired_reviews | int(1) | NO | | 0 | | 73 | | hash | varchar(255) | YES | | NULL | | 74 | | workflow_owner_id | int(11) | YES | | NULL | | 75 | | workflow_status | int(1) | NO | | 0 | | 76 | | created | datetime | NO | | NULL | | 77 | | modified | datetime | NO | | NULL | | 78 | | edited | datetime | YES | | NULL | | 79 | | deleted | int(2) | NO | | 0 | | 80 | | deleted_date | datetime | YES | | NULL | | 81 | +----------------------------------+---------------------------------------+------+-----+---------+----------------+ 82 | MariaDB [erambadb]> desc reviews; 83 | +--------------------+--------------+------+-----+---------+----------------+ 84 | | Field | Type | Null | Key | Default | Extra | 85 | +--------------------+--------------+------+-----+---------+----------------+ 86 | | id | int(11) | NO | PRI | NULL | auto_increment | 87 | | model | varchar(150) | NO | | NULL | | 88 | | foreign_key | int(11) | NO | | NULL | | 89 | | planned_date | date | YES | | NULL | | 90 | | actual_date | date | YES | | NULL | | 91 | | user_id | int(11) | YES | MUL | NULL | | 92 | | description | text | NO | | NULL | | 93 | | completed | int(1) | NO | | 0 | | 94 | | use_attachments | int(11) | YES | | NULL | | 95 | | policy_description | text | YES | | NULL | | 96 | | url | text | YES | | NULL | | 97 | | version | varchar(150) | YES | | NULL | | 98 | | workflow_owner_id | int(11) | YES | | NULL | | 99 | | workflow_status | int(1) | NO | | 0 | | 100 | | created | datetime | NO | | NULL | | 101 | | modified | datetime | NO | | NULL | | 102 | | edited | datetime | YES | | NULL | | 103 | | deleted | int(2) | NO | | 0 | | 104 | | deleted_date | datetime | YES | | NULL | | 105 | +--------------------+--------------+------+-----+---------+----------------+ 106 | select distinct(model) from reviews; 107 | +----------------+ 108 | | model | 109 | +----------------+ 110 | | SecurityPolicy | 111 | | Asset | 112 | | Risk | 113 | | ThirdPartyRisk | 114 | +----------------+ 115 | ``` 116 | - Security Policies DOES NOTE USE `security_policy_reviews`... it uses ?: 117 | ``` 118 | -- Assumes your relevant policy ID is 26 119 | select * from reviews where model = 'SecurityPolicy' and foreign_key = 26; 120 | 121 | insert into reviews (model, foreign_key, planned_date, completed, workflow_status, created, modified, deleted) 122 | VALUES ('SecurityPolicy',1,'2023-01-15',0,0,now(),now(),0); 123 | update security_policies set next_review_date = '2023-01-15' where id = 1; 124 | update security_policies set next_review_date = '2022-10-08' where id = 1; 125 | 126 | ``` 127 | 128 | 129 | ## Other potentially relevant 130 | - business_continuity_plan_audits 131 | - compliance_audits 132 | - goal_audits 133 | - risks 134 | - security_service_audits -------------------------------------------------------------------------------- /create_db_tables.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | DB_CONTAINER_NAME="eramba-community-docker_db_1" 3 | #DB_SCHEMA_SCRIPT="./sql/c2.4.1.sql" 4 | DB_SCHEMA_SCRIPT="./sql/c2.8.1.sql" 5 | 6 | docker exec -i ${DB_CONTAINER_NAME} sh -c \ 7 | 'exec mysql -uroot -p"$MYSQL_ROOT_PASSWORD" "$MYSQL_DATABASE"' < ${DB_SCHEMA_SCRIPT} 8 | -------------------------------------------------------------------------------- /cron/eramba-daily.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Eramaba daily job runner 3 | 4 | [Service] 5 | Type=oneshot 6 | ExecStart=/usr/bin/sh /data/eramba/cron/eramba_daily.sh 7 | 8 | [Install] 9 | WantedBy=multi-user.target 10 | -------------------------------------------------------------------------------- /cron/eramba-daily.timer: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Run eramaba-daily.service every day 3 | 4 | [Timer] 5 | OnCalendar=*-*-* 00:30:00 6 | 7 | [Install] 8 | WantedBy=multi-user.target 9 | -------------------------------------------------------------------------------- /cron/eramba-hourly.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Eramaba hourly job runner 3 | 4 | [Service] 5 | Type=oneshot 6 | ExecStart=/usr/bin/sh /data/eramba/cron/eramba_hourly.sh 7 | 8 | [Install] 9 | WantedBy=multi-user.target 10 | -------------------------------------------------------------------------------- /cron/eramba-hourly.timer: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Run eramaba-hourly.service every hour 3 | 4 | [Timer] 5 | OnCalendar=hourly 6 | 7 | [Install] 8 | WantedBy=multi-user.target 9 | -------------------------------------------------------------------------------- /cron/eramba-yearly.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Eramaba yearly job runner 3 | 4 | [Service] 5 | Type=oneshot 6 | ExecStart=/usr/bin/sh /data/eramba/cron/eramba_yearly.sh 7 | 8 | [Install] 9 | WantedBy=multi-user.target 10 | -------------------------------------------------------------------------------- /cron/eramba-yearly.timer: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Run eramaba-yearly.service every year 3 | 4 | [Timer] 5 | OnCalendar=yearly 6 | 7 | [Install] 8 | WantedBy=multi-user.target 9 | -------------------------------------------------------------------------------- /cron/eramba_daily.sh: -------------------------------------------------------------------------------- 1 | docker exec -i eramba-community-docker_app_1 bash -c '/var/www/sites/eramba_community/app/Console/cake cron job daily' 2 | docker exec -i eramba-community-docker_app_1 bash -c 'chown -R apache:apache /var/www/sites/eramba_community' 3 | docker exec -i eramba-community-docker_app_1 bash -c 'chmod 777 -R /var/www/sites/eramba_community/app/tmp' 4 | -------------------------------------------------------------------------------- /cron/eramba_hourly.sh: -------------------------------------------------------------------------------- 1 | docker exec -i eramba-community-docker_app_1 bash -c '/var/www/sites/eramba_community/app/Console/cake cron job hourly' 2 | docker exec -i eramba-community-docker_app_1 bash -c 'chown -R apache:apache /var/www/sites/eramba_community' 3 | docker exec -i eramba-community-docker_app_1 bash -c 'chmod 777 -R /var/www/sites/eramba_community/app/tmp' 4 | -------------------------------------------------------------------------------- /cron/eramba_test.sh: -------------------------------------------------------------------------------- 1 | docker exec -i eramba-community-docker_app_1 bash -c '/var/www/sites/eramba_community/app/Console/cake cron test' 2 | docker exec -i eramba-community-docker_app_1 bash -c 'chown -R apache:apache /var/www/sites/eramba_community' 3 | docker exec -i eramba-community-docker_app_1 bash -c 'chmod 777 -R /var/www/sites/eramba_community/app/tmp' 4 | -------------------------------------------------------------------------------- /cron/eramba_yearly.sh: -------------------------------------------------------------------------------- 1 | docker exec -i eramba-community-docker_app_1 bash -c '/var/www/sites/eramba_community/app/Console/cake cron job yearly' 2 | docker exec -i eramba-community-docker_app_1 bash -c 'chown -R apache:apache /var/www/sites/eramba_community' 3 | docker exec -i eramba-community-docker_app_1 bash -c 'chmod 777 -R /var/www/sites/eramba_community/app/tmp' 4 | -------------------------------------------------------------------------------- /deploy_cron_services.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | if [[ $EUID -ne 0 ]]; then 3 | echo "This script must be run as root" 4 | exit 1 5 | fi 6 | 7 | CRON_DIR="/data/eramba/cron" 8 | 9 | # CP to data directory 10 | mkdir -p ${CRON_DIR} 11 | cp ./cron/*.sh ${CRON_DIR}/ 12 | 13 | # Add timers to systemd services 14 | cp ./cron/*.timer /etc/systemd/system/ 15 | # Add services 16 | cp ./cron/*.service /etc/systemd/system/ 17 | 18 | systemctl start eramba-hourly.timer 19 | systemctl start eramba-daily.timer 20 | systemctl start eramba-yearly.timer 21 | systemctl start eramba-hourly.service 22 | systemctl start eramba-daily.service 23 | systemctl start eramba-yearly.service 24 | 25 | systemctl enable eramba-hourly.timer 26 | systemctl enable eramba-daily.timer 27 | systemctl enable eramba-yearly.timer 28 | systemctl enable eramba-hourly.service 29 | systemctl enable eramba-daily.service 30 | systemctl enable eramba-yearly.service 31 | 32 | systemctl daemon-reload 33 | -------------------------------------------------------------------------------- /docker-compose-template.yml: -------------------------------------------------------------------------------- 1 | version: "3.7" 2 | services: 3 | db: 4 | image: markz0r/eramba-db 5 | container_name: eramba-community-docker_db_1 6 | restart: always 7 | volumes: 8 | - mysql-data:/var/lib/mysql 9 | env_file: 10 | - global_envars.cfg 11 | environment: 12 | - MYSQL_ROOT_PASSWORD=changeme 13 | # If you are running on Windows or Mac the shared volume will cause 14 | # an InnoDB error, uncomment the following lines: 15 | # 16 | #command: 17 | # 'mysqld --innodb-flush-method=fsync' 18 | app: 19 | # image: digitorus/eramba:enterprise 20 | image: markz0r/eramba-app:c281 21 | container_name: eramba-community-docker_app_1 22 | depends_on: 23 | - db 24 | restart: always 25 | volumes: 26 | - eramba-files:/var/www/sites/eramba_community/app/webroot/files 27 | - eramba-backups:/var/www/sites/eramba_community/app/webroot/backups 28 | - eramba-applogs:/var/www/sites/eramba_community/app/tmp/logs 29 | - eramba-syslogs:/var/log 30 | env_file: 31 | - global_envars.cfg 32 | environment: 33 | - ERAMBA_HOSTNAME=app 34 | - MYSQL_HOSTNAME=db 35 | - DATABASE_PREFIX= 36 | # map the domain to localhost for wkhtmltopdf 37 | extra_hosts: 38 | - "eramba:172.17.0.1" 39 | ports: 40 | - "80:8080" 41 | links: 42 | - db 43 | # You can create a full database backup with: 44 | # docker exec db-container sh -c \ 45 | # 'exec mysqldump --all-databases -uroot -p"$MYSQL_ROOT_PASSWORD"' > ~/backup/all-databases.sql; 46 | volumes: 47 | mysql-data: 48 | driver: local 49 | driver_opts: 50 | o: bind 51 | type: none 52 | device: /data/eramba/mysql 53 | eramba-files: 54 | driver: local 55 | driver_opts: 56 | o: bind 57 | type: none 58 | device: /data/eramba/files 59 | eramba-backups: 60 | driver: local 61 | driver_opts: 62 | o: bind 63 | type: none 64 | device: /data/eramba/backups 65 | eramba-applogs: 66 | driver: local 67 | driver_opts: 68 | o: bind 69 | type: none 70 | device: /data/eramba/erambalogs 71 | eramba-syslogs: 72 | driver: local 73 | driver_opts: 74 | o: bind 75 | type: none 76 | device: /data/eramba/systemlogs 77 | -------------------------------------------------------------------------------- /eramba-app/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM centos:7 2 | 3 | RUN \ 4 | yum -y install epel-release \ 5 | && yum install -y httpd mod_ssl wget libXext libXrender xorg-x11-fonts-75dpi xorg-x11-fonts-Type1 \ 6 | && yum -y install https://rpms.remirepo.net/enterprise/remi-release-7.rpm \ 7 | && yum -y --enablerepo=remi,remi-php71 install php php-common php-cli php-gd php-intl php-json php-mbstring php-zip php-exif php-ldap php-curl php-mysql php-readline php-xml php-bz2 php-simplexml \ 8 | && wget https://downloads.wkhtmltopdf.org/0.12/0.12.5/wkhtmltox-0.12.5-1.centos7.x86_64.rpm \ 9 | && rpm -Uvh wkhtmltox-0.12.5-1.centos7.x86_64.rpm \ 10 | && yum update -y \ 11 | && yum clean all \ 12 | && rm -vf /etc/httpd/conf.d/autoindex.conf /etc/httpd/conf.d/welcome.conf /etc/httpd/conf.d/userdir.conf \ 13 | && mkdir -p /var/www/sites 14 | 15 | # Assumes you have downloaded eramaba community tarball to c281.tgz 16 | # e.g.: https://downloadseramba.s3-eu-west-1.amazonaws.com/CommunityTGZ/c241.tgz 17 | # e.g.: https://downloadseramba.s3-eu-west-1.amazonaws.com/CommunityTGZ/c281.tgz 18 | # Generally you need to visit 19 | #ADD c241.tgz /var/www/sites 20 | ADD https://downloadseramba.s3-eu-west-1.amazonaws.com/CommunityTGZ/latest.tgz /var/www/sites 21 | 22 | # Fix for broken community version which does not have NotificationSystem 23 | RUN \ 24 | sed -i "s#// check if notifications use this filter#/* MC FIX - check if notifications use this filter#g" /var/www/sites/eramba_community/app/Module/AdvancedFilters/Controller/AdvancedFiltersController.php \ 25 | && sed -i "s#// or is in use in reports#*/ - // or is in use in reports#g" /var/www/sites/eramba_community/app/Module/AdvancedFilters/Controller/AdvancedFiltersController.php \ 26 | && chown -R apache:apache /var/www/sites/eramba_community 27 | 28 | #COPY etc/httpd.conf /etc/httpd/conf/httpd.conf 29 | COPY etc/php.ini /etc/php.ini 30 | COPY etc/25-eramba.conf /etc/httpd/conf.d/ 31 | 32 | COPY httpd_run.sh /run.sh 33 | 34 | EXPOSE 8080 35 | 36 | CMD ["/run.sh"] 37 | -------------------------------------------------------------------------------- /eramba-app/build_image.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | VERSION=c281 3 | docker build . -t markz0r/eramba-app:$VERSION 4 | docker push markz0r/eramba-app:$VERSION 5 | -------------------------------------------------------------------------------- /eramba-app/etc/25-eramba.conf: -------------------------------------------------------------------------------- 1 | 2 | 3 | ServerName app 4 | ServerAlias * 5 | DocumentRoot "/var/www/sites/eramba_community" 6 | 7 | 8 | AllowOverride All 9 | 10 | 11 | Header set X-Frame-Options SAMEORIGIN env=allow_sameorigin 12 | 13 | 14 | -------------------------------------------------------------------------------- /eramba-app/etc/httpd.conf: -------------------------------------------------------------------------------- 1 | # 2 | # This is the main Apache HTTP server configuration file. It contains the 3 | # configuration directives that give the server its instructions. 4 | # See for detailed information. 5 | # In particular, see 6 | # 7 | # for a discussion of each configuration directive. 8 | # 9 | # Do NOT simply read the instructions in here without understanding 10 | # what they do. They're here only as hints or reminders. If you are unsure 11 | # consult the online docs. You have been warned. 12 | # 13 | # Configuration and logfile names: If the filenames you specify for many 14 | # of the server's control files begin with "/" (or "drive:/" for Win32), the 15 | # server will use that explicit path. If the filenames do *not* begin 16 | # with "/", the value of ServerRoot is prepended -- so 'log/access_log' 17 | # with ServerRoot set to '/www' will be interpreted by the 18 | # server as '/www/log/access_log', where as '/log/access_log' will be 19 | # interpreted as '/log/access_log'. 20 | 21 | # 22 | # ServerRoot: The top of the directory tree under which the server's 23 | # configuration, error, and log files are kept. 24 | # 25 | # Do not add a slash at the end of the directory path. If you point 26 | # ServerRoot at a non-local disk, be sure to specify a local disk on the 27 | # Mutex directive, if file-based mutexes are used. If you wish to share the 28 | # same ServerRoot for multiple httpd daemons, you will need to change at 29 | # least PidFile. 30 | # 31 | ServerRoot "/etc/httpd" 32 | 33 | # 34 | # Listen: Allows you to bind Apache to specific IP addresses and/or 35 | # ports, instead of the default. See also the 36 | # directive. 37 | # 38 | # Change this to Listen on specific IP addresses as shown below to 39 | # prevent Apache from glomming onto all bound IP addresses. 40 | # 41 | #Listen 12.34.56.78:80 42 | Listen 8080 43 | 44 | # 45 | # Dynamic Shared Object (DSO) Support 46 | # 47 | # To be able to use the functionality of a module which was built as a DSO you 48 | # have to place corresponding `LoadModule' lines at this location so the 49 | # directives contained in it are actually available _before_ they are used. 50 | # Statically compiled modules (those listed by `httpd -l') do not need 51 | # to be loaded here. 52 | # 53 | # Example: 54 | # LoadModule foo_module modules/mod_foo.so 55 | # 56 | Include conf.modules.d/*.conf 57 | 58 | # 59 | # If you wish httpd to run as a different user or group, you must run 60 | # httpd as root initially and it will switch. 61 | # 62 | # User/Group: The name (or #number) of the user/group to run httpd as. 63 | # It is usually good practice to create a dedicated user and group for 64 | # running httpd, as with most system services. 65 | # 66 | User apache 67 | Group apache 68 | 69 | # 'Main' server configuration 70 | # 71 | # The directives in this section set up the values used by the 'main' 72 | # server, which responds to any requests that aren't handled by a 73 | # definition. These values also provide defaults for 74 | # any containers you may define later in the file. 75 | # 76 | # All of these directives may appear inside containers, 77 | # in which case these default settings will be overridden for the 78 | # virtual host being defined. 79 | # 80 | 81 | # 82 | # ServerAdmin: Your address, where problems with the server should be 83 | # e-mailed. This address appears on some server-generated pages, such 84 | # as error documents. e.g. admin@your-domain.com 85 | # 86 | ServerAdmin updateme@invalid.com.lol 87 | 88 | # 89 | # ServerName gives the name and port that the server uses to identify itself. 90 | # This can often be determined automatically, but we recommend you specify 91 | # it explicitly to prevent problems during startup. 92 | # 93 | # If your host doesn't have a registered DNS name, enter its IP address here. 94 | # 95 | #ServerName www.example.com:80 96 | 97 | # 98 | # Deny access to the entirety of your server's filesystem. You must 99 | # explicitly permit access to web content directories in other 100 | # blocks below. 101 | # 102 | 103 | AllowOverride none 104 | Require all denied 105 | 106 | 107 | # 108 | # Note that from this point forward you must specifically allow 109 | # particular features to be enabled - so if something's not working as 110 | # you might expect, make sure that you have specifically enabled it 111 | # below. 112 | # 113 | 114 | # 115 | # DocumentRoot: The directory out of which you will serve your 116 | # documents. By default, all requests are taken from this directory, but 117 | # symbolic links and aliases may be used to point to other locations. 118 | # 119 | DocumentRoot "/var/www/html" 120 | # 121 | # Relax access to content within /var/www. 122 | # 123 | 124 | AllowOverride None 125 | # Allow open access: 126 | Require all granted 127 | 128 | 129 | # Further relax access to the default document root: 130 | 131 | 132 | 133 | deny from all 134 | 135 | # 136 | # Possible values for the Options directive are "None", "All", 137 | # or any combination of: 138 | # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews 139 | # 140 | # Note that "MultiViews" must be named *explicitly* --- "Options All" 141 | # doesn't give it to you. 142 | # 143 | # The Options directive is both complicated and important. Please see 144 | # http://httpd.apache.org/docs/2.4/mod/core.html#options 145 | # for more information. 146 | # 147 | Options -Indexes -Includes +FollowSymLinks 148 | 149 | # 150 | # AllowOverride controls what directives may be placed in .htaccess files. 151 | # It can be "All", "None", or any combination of the keywords: 152 | # Options FileInfo AuthConfig Limit 153 | # 154 | AllowOverride All 155 | 156 | # 157 | # Controls who can get stuff from this server. 158 | # 159 | Require all granted 160 | 161 | 162 | # 163 | # DirectoryIndex: sets the file that Apache will serve if a directory 164 | # is requested. 165 | # 166 | 167 | DirectoryIndex index.html index.php 168 | 169 | 170 | # 171 | # The following lines prevent .htaccess and .htpasswd files from being 172 | # viewed by Web clients. 173 | # 174 | 175 | Require all denied 176 | 177 | 178 | # 179 | # ErrorLog: The location of the error log file. 180 | # If you do not specify an ErrorLog directive within a 181 | # container, error messages relating to that virtual host will be 182 | # logged here. If you *do* define an error logfile for a 183 | # container, that host's errors will be logged there and not here. 184 | # 185 | ErrorLog /proc/self/fd/2 186 | 187 | # 188 | # LogLevel: Control the number of messages logged to the error_log. 189 | # Possible values include: debug, info, notice, warn, error, crit, 190 | # alert, emerg. 191 | # 192 | LogLevel warn 193 | 194 | 195 | # 196 | # The following directives define some format nicknames for use with 197 | # a CustomLog directive (see below). 198 | # 199 | LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined 200 | LogFormat "%h %l %u %t \"%r\" %>s %b" common 201 | LogFormat "%v %{X-Forwarded-For}i %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_forwarded 202 | 203 | 204 | # You need to enable mod_logio.c to use %I and %O 205 | LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O" combinedio 206 | 207 | 208 | # 209 | # The location and format of the access logfile (Common Logfile Format). 210 | # If you do not define any access logfiles within a 211 | # container, they will be logged here. Contrariwise, if you *do* 212 | # define per- access logfiles, transactions will be 213 | # logged therein and *not* in this file. 214 | # 215 | #CustomLog "logs/access_log" common 216 | 217 | # 218 | # If you prefer a logfile with access, agent, and referer information 219 | # (Combined Logfile Format) you can use the following directive. 220 | # 221 | CustomLog /proc/self/fd/1 combined 222 | 223 | 224 | 225 | # 226 | # Redirect: Allows you to tell clients about documents that used to 227 | # exist in your server's namespace, but do not anymore. The client 228 | # will make a new request for the document at its new location. 229 | # Example: 230 | # Redirect permanent /foo http://www.example.com/bar 231 | 232 | # 233 | # Alias: Maps web paths into filesystem paths and is used to 234 | # access content that does not live under the DocumentRoot. 235 | # Example: 236 | # Alias /webpath /full/filesystem/path 237 | # 238 | # If you include a trailing / on /webpath then the server will 239 | # require it to be present in the URL. You will also likely 240 | # need to provide a section to allow access to 241 | # the filesystem path. 242 | 243 | # 244 | # ScriptAlias: This controls which directories contain server scripts. 245 | # ScriptAliases are essentially the same as Aliases, except that 246 | # documents in the target directory are treated as applications and 247 | # run by the server when requested rather than as documents sent to the 248 | # client. The same rules about trailing "/" apply to ScriptAlias 249 | # directives as to Alias. 250 | # 251 | ScriptAlias /cgi-bin/ "/var/www/cgi-bin/" 252 | 253 | 254 | 255 | # 256 | # "/var/www/cgi-bin" should be changed to whatever your ScriptAliased 257 | # CGI directory exists, if you have that configured. 258 | # 259 | 260 | AllowOverride None 261 | Options None 262 | Require all granted 263 | 264 | 265 | 266 | # 267 | # TypesConfig points to the file containing the list of mappings from 268 | # filename extension to MIME-type. 269 | # 270 | TypesConfig /etc/mime.types 271 | 272 | # 273 | # AddType allows you to add to or override the MIME configuration 274 | # file specified in TypesConfig for specific file types. 275 | # 276 | #AddType application/x-gzip .tgz 277 | # 278 | # AddEncoding allows you to have certain browsers uncompress 279 | # information on the fly. Note: Not all browsers support this. 280 | # 281 | #AddEncoding x-compress .Z 282 | #AddEncoding x-gzip .gz .tgz 283 | # 284 | # If the AddEncoding directives above are commented-out, then you 285 | # probably should define those extensions to indicate media types: 286 | # 287 | AddType application/x-compress .Z 288 | AddType application/x-gzip .gz .tgz 289 | 290 | # 291 | # AddHandler allows you to map certain file extensions to "handlers": 292 | # actions unrelated to filetype. These can be either built into the server 293 | # or added with the Action directive (see below) 294 | # 295 | # To use CGI scripts outside of ScriptAliased directories: 296 | # (You will also need to add "ExecCGI" to the "Options" directive.) 297 | # 298 | #AddHandler cgi-script .cgi 299 | 300 | # For type maps (negotiated resources): 301 | #AddHandler type-map var 302 | 303 | # 304 | # Filters allow you to process content before it is sent to the client. 305 | # 306 | # To parse .shtml files for server-side includes (SSI): 307 | # (You will also need to add "Includes" to the "Options" directive.) 308 | # 309 | AddType text/html .shtml 310 | AddOutputFilter INCLUDES .shtml 311 | 312 | 313 | # 314 | # Specify a default charset for all content served; this enables 315 | # interpretation of all content as UTF-8 by default. To use the 316 | # default browser choice (ISO-8859-1), or to allow the META tags 317 | # in HTML content to override this choice, comment out this 318 | # directive: 319 | # 320 | AddDefaultCharset UTF-8 321 | 322 | 323 | # 324 | # The mod_mime_magic module allows the server to use various hints from the 325 | # contents of the file itself to determine its type. The MIMEMagicFile 326 | # directive tells the module where the hint definitions are located. 327 | # 328 | MIMEMagicFile conf/magic 329 | 330 | 331 | # 332 | # Customizable error responses come in three flavors: 333 | # 1) plain text 2) local redirects 3) external redirects 334 | # 335 | # Some examples: 336 | #ErrorDocument 500 "The server made a boo boo." 337 | #ErrorDocument 404 /missing.html 338 | #ErrorDocument 404 "/cgi-bin/missing_handler.pl" 339 | #ErrorDocument 402 http://www.example.com/subscription_info.html 340 | # 341 | 342 | # 343 | # EnableMMAP and EnableSendfile: On systems that support it, 344 | # memory-mapping or the sendfile syscall may be used to deliver 345 | # files. This usually improves server performance, but must 346 | # be turned off when serving from networked-mounted 347 | # filesystems or if support for these functions is otherwise 348 | # broken on your system. 349 | # Defaults if commented: EnableMMAP On, EnableSendfile Off 350 | # 351 | #EnableMMAP off 352 | EnableSendfile on 353 | 354 | # Custom config 355 | Timeout 120 356 | #KeepAlive On 357 | MaxKeepAliveRequests 100 358 | KeepAliveTimeout 15 359 | LimitRequestFieldSize 8190 360 | LimitRequestFields 100 361 | #Header always set X-UA-Compatible "IE=Edge" 362 | #Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains;" 363 | 364 | # Supplemental configuration 365 | # 366 | # Load config files in the "/etc/httpd/conf.d" directory, if any. 367 | #IncludeOptional conf.d/*.conf 368 | -------------------------------------------------------------------------------- /eramba-app/etc/php.ini: -------------------------------------------------------------------------------- 1 | [PHP] 2 | 3 | ;;;;;;;;;;;;;;;;;;; 4 | ; About php.ini ; 5 | ;;;;;;;;;;;;;;;;;;; 6 | ; PHP's initialization file, generally called php.ini, is responsible for 7 | ; configuring many of the aspects of PHP's behavior. 8 | 9 | ; PHP attempts to find and load this configuration from a number of locations. 10 | ; The following is a summary of its search order: 11 | ; 1. SAPI module specific location. 12 | ; 2. The PHPRC environment variable. (As of PHP 5.2.0) 13 | ; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) 14 | ; 4. Current working directory (except CLI) 15 | ; 5. The web server's directory (for SAPI modules), or directory of PHP 16 | ; (otherwise in Windows) 17 | ; 6. The directory from the --with-config-file-path compile time option, or the 18 | ; Windows directory (C:\windows or C:\winnt) 19 | ; See the PHP docs for more specific information. 20 | ; http://php.net/configuration.file 21 | 22 | ; The syntax of the file is extremely simple. Whitespace and lines 23 | ; beginning with a semicolon are silently ignored (as you probably guessed). 24 | ; Section headers (e.g. [Foo]) are also silently ignored, even though 25 | ; they might mean something in the future. 26 | 27 | ; Directives following the section heading [PATH=/www/mysite] only 28 | ; apply to PHP files in the /www/mysite directory. Directives 29 | ; following the section heading [HOST=www.example.com] only apply to 30 | ; PHP files served from www.example.com. Directives set in these 31 | ; special sections cannot be overridden by user-defined INI files or 32 | ; at runtime. Currently, [PATH=] and [HOST=] sections only work under 33 | ; CGI/FastCGI. 34 | ; http://php.net/ini.sections 35 | 36 | ; Directives are specified using the following syntax: 37 | ; directive = value 38 | ; Directive names are *case sensitive* - foo=bar is different from FOO=bar. 39 | ; Directives are variables used to configure PHP or PHP extensions. 40 | ; There is no name validation. If PHP can't find an expected 41 | ; directive because it is not set or is mistyped, a default value will be used. 42 | 43 | ; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one 44 | ; of the INI constants (On, Off, True, False, Yes, No and None) or an expression 45 | ; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a 46 | ; previously set variable or directive (e.g. ${foo}) 47 | 48 | ; Expressions in the INI file are limited to bitwise operators and parentheses: 49 | ; | bitwise OR 50 | ; ^ bitwise XOR 51 | ; & bitwise AND 52 | ; ~ bitwise NOT 53 | ; ! boolean NOT 54 | 55 | ; Boolean flags can be turned on using the values 1, On, True or Yes. 56 | ; They can be turned off using the values 0, Off, False or No. 57 | 58 | ; An empty string can be denoted by simply not writing anything after the equal 59 | ; sign, or by using the None keyword: 60 | 61 | ; foo = ; sets foo to an empty string 62 | ; foo = None ; sets foo to an empty string 63 | ; foo = "None" ; sets foo to the string 'None' 64 | 65 | ; If you use constants in your value, and these constants belong to a 66 | ; dynamically loaded extension (either a PHP extension or a Zend extension), 67 | ; you may only use these constants *after* the line that loads the extension. 68 | 69 | ;;;;;;;;;;;;;;;;;;; 70 | ; About this file ; 71 | ;;;;;;;;;;;;;;;;;;; 72 | ; PHP comes packaged with two INI files. One that is recommended to be used 73 | ; in production environments and one that is recommended to be used in 74 | ; development environments. 75 | 76 | ; php.ini-production contains settings which hold security, performance and 77 | ; best practices at its core. But please be aware, these settings may break 78 | ; compatibility with older or less security conscience applications. We 79 | ; recommending using the production ini in production and testing environments. 80 | 81 | ; php.ini-development is very similar to its production variant, except it is 82 | ; much more verbose when it comes to errors. We recommend using the 83 | ; development version only in development environments, as errors shown to 84 | ; application users can inadvertently leak otherwise secure information. 85 | 86 | ; This is php.ini-production INI file. 87 | 88 | ;;;;;;;;;;;;;;;;;;; 89 | ; Quick Reference ; 90 | ;;;;;;;;;;;;;;;;;;; 91 | ; The following are all the settings which are different in either the production 92 | ; or development versions of the INIs with respect to PHP's default behavior. 93 | ; Please see the actual settings later in the document for more details as to why 94 | ; we recommend these changes in PHP's behavior. 95 | 96 | ; display_errors 97 | ; Default Value: On 98 | ; Development Value: On 99 | ; Production Value: Off 100 | 101 | ; display_startup_errors 102 | ; Default Value: Off 103 | ; Development Value: On 104 | ; Production Value: Off 105 | 106 | ; error_reporting 107 | ; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED 108 | ; Development Value: E_ALL 109 | ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT 110 | 111 | ; html_errors 112 | ; Default Value: On 113 | ; Development Value: On 114 | ; Production value: On 115 | 116 | ; log_errors 117 | ; Default Value: Off 118 | ; Development Value: On 119 | ; Production Value: On 120 | 121 | ; max_input_time 122 | ; Default Value: -1 (Unlimited) 123 | ; Development Value: 60 (60 seconds) 124 | ; Production Value: 60 (60 seconds) 125 | 126 | ; output_buffering 127 | ; Default Value: Off 128 | ; Development Value: 4096 129 | ; Production Value: 4096 130 | 131 | ; register_argc_argv 132 | ; Default Value: On 133 | ; Development Value: Off 134 | ; Production Value: Off 135 | 136 | ; request_order 137 | ; Default Value: None 138 | ; Development Value: "GP" 139 | ; Production Value: "GP" 140 | 141 | ; session.gc_divisor 142 | ; Default Value: 100 143 | ; Development Value: 1000 144 | ; Production Value: 1000 145 | 146 | ; session.sid_bits_per_character 147 | ; Default Value: 4 148 | ; Development Value: 5 149 | ; Production Value: 5 150 | 151 | ; short_open_tag 152 | ; Default Value: On 153 | ; Development Value: Off 154 | ; Production Value: Off 155 | 156 | ; track_errors 157 | ; Default Value: Off 158 | ; Development Value: On 159 | ; Production Value: Off 160 | 161 | ; variables_order 162 | ; Default Value: "EGPCS" 163 | ; Development Value: "GPCS" 164 | ; Production Value: "GPCS" 165 | 166 | ;;;;;;;;;;;;;;;;;;;; 167 | ; php.ini Options ; 168 | ;;;;;;;;;;;;;;;;;;;; 169 | ; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" 170 | ;user_ini.filename = ".user.ini" 171 | 172 | ; To disable this feature set this option to empty value 173 | ;user_ini.filename = 174 | 175 | ; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) 176 | ;user_ini.cache_ttl = 300 177 | 178 | ;;;;;;;;;;;;;;;;;;;; 179 | ; Language Options ; 180 | ;;;;;;;;;;;;;;;;;;;; 181 | 182 | ; Enable the PHP scripting language engine under Apache. 183 | ; http://php.net/engine 184 | engine = On 185 | 186 | ; This directive determines whether or not PHP will recognize code between 187 | ; tags as PHP source which should be processed as such. It is 188 | ; generally recommended that should be used and that this feature 189 | ; should be disabled, as enabling it may result in issues when generating XML 190 | ; documents, however this remains supported for backward compatibility reasons. 191 | ; Note that this directive does not control the would work. 323 | ; http://php.net/syntax-highlighting 324 | ;highlight.string = #DD0000 325 | ;highlight.comment = #FF9900 326 | ;highlight.keyword = #007700 327 | ;highlight.default = #0000BB 328 | ;highlight.html = #000000 329 | 330 | ; If enabled, the request will be allowed to complete even if the user aborts 331 | ; the request. Consider enabling it if executing long requests, which may end up 332 | ; being interrupted by the user or a browser timing out. PHP's default behavior 333 | ; is to disable this feature. 334 | ; http://php.net/ignore-user-abort 335 | ;ignore_user_abort = On 336 | 337 | ; Determines the size of the realpath cache to be used by PHP. This value should 338 | ; be increased on systems where PHP opens many files to reflect the quantity of 339 | ; the file operations performed. 340 | ; http://php.net/realpath-cache-size 341 | ;realpath_cache_size = 16k 342 | 343 | ; Duration of time, in seconds for which to cache realpath information for a given 344 | ; file or directory. For systems with rarely changing files, consider increasing this 345 | ; value. 346 | ; http://php.net/realpath-cache-ttl 347 | ;realpath_cache_ttl = 120 348 | 349 | ; Enables or disables the circular reference collector. 350 | ; http://php.net/zend.enable-gc 351 | zend.enable_gc = On 352 | 353 | ; If enabled, scripts may be written in encodings that are incompatible with 354 | ; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such 355 | ; encodings. To use this feature, mbstring extension must be enabled. 356 | ; Default: Off 357 | ;zend.multibyte = Off 358 | 359 | ; Allows to set the default encoding for the scripts. This value will be used 360 | ; unless "declare(encoding=...)" directive appears at the top of the script. 361 | ; Only affects if zend.multibyte is set. 362 | ; Default: "" 363 | ;zend.script_encoding = 364 | 365 | ;;;;;;;;;;;;;;;;; 366 | ; Miscellaneous ; 367 | ;;;;;;;;;;;;;;;;; 368 | 369 | ; Decides whether PHP may expose the fact that it is installed on the server 370 | ; (e.g. by adding its signature to the Web server header). It is no security 371 | ; threat in any way, but it makes it possible to determine whether you use PHP 372 | ; on your server or not. 373 | ; http://php.net/expose-php 374 | expose_php = On 375 | 376 | ;;;;;;;;;;;;;;;;;;; 377 | ; Resource Limits ; 378 | ;;;;;;;;;;;;;;;;;;; 379 | 380 | ; Maximum execution time of each script, in seconds 381 | ; http://php.net/max-execution-time 382 | ; Note: This directive is hardcoded to 0 for the CLI SAPI 383 | max_execution_time = 300 384 | 385 | ; Maximum amount of time each script may spend parsing request data. It's a good 386 | ; idea to limit this time on productions servers in order to eliminate unexpectedly 387 | ; long running scripts. 388 | ; Note: This directive is hardcoded to -1 for the CLI SAPI 389 | ; Default Value: -1 (Unlimited) 390 | ; Development Value: 60 (60 seconds) 391 | ; Production Value: 60 (60 seconds) 392 | ; http://php.net/max-input-time 393 | max_input_time = 600 394 | 395 | ; Maximum input variable nesting level 396 | ; http://php.net/max-input-nesting-level 397 | ;max_input_nesting_level = 64 398 | 399 | ; How many GET/POST/COOKIE input variables may be accepted 400 | max_input_vars = 3000 401 | 402 | ; Maximum amount of memory a script may consume (128MB) 403 | ; http://php.net/memory-limit 404 | memory_limit = 4096M 405 | 406 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 407 | ; Error handling and logging ; 408 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; 409 | 410 | ; This directive informs PHP of which errors, warnings and notices you would like 411 | ; it to take action for. The recommended way of setting values for this 412 | ; directive is through the use of the error level constants and bitwise 413 | ; operators. The error level constants are below here for convenience as well as 414 | ; some common settings and their meanings. 415 | ; By default, PHP is set to take action on all errors, notices and warnings EXCEPT 416 | ; those related to E_NOTICE and E_STRICT, which together cover best practices and 417 | ; recommended coding standards in PHP. For performance reasons, this is the 418 | ; recommend error reporting setting. Your production server shouldn't be wasting 419 | ; resources complaining about best practices and coding standards. That's what 420 | ; development servers and development settings are for. 421 | ; Note: The php.ini-development file has this setting as E_ALL. This 422 | ; means it pretty much reports everything which is exactly what you want during 423 | ; development and early testing. 424 | ; 425 | ; Error Level Constants: 426 | ; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) 427 | ; E_ERROR - fatal run-time errors 428 | ; E_RECOVERABLE_ERROR - almost fatal run-time errors 429 | ; E_WARNING - run-time warnings (non-fatal errors) 430 | ; E_PARSE - compile-time parse errors 431 | ; E_NOTICE - run-time notices (these are warnings which often result 432 | ; from a bug in your code, but it's possible that it was 433 | ; intentional (e.g., using an uninitialized variable and 434 | ; relying on the fact it is automatically initialized to an 435 | ; empty string) 436 | ; E_STRICT - run-time notices, enable to have PHP suggest changes 437 | ; to your code which will ensure the best interoperability 438 | ; and forward compatibility of your code 439 | ; E_CORE_ERROR - fatal errors that occur during PHP's initial startup 440 | ; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's 441 | ; initial startup 442 | ; E_COMPILE_ERROR - fatal compile-time errors 443 | ; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) 444 | ; E_USER_ERROR - user-generated error message 445 | ; E_USER_WARNING - user-generated warning message 446 | ; E_USER_NOTICE - user-generated notice message 447 | ; E_DEPRECATED - warn about code that will not work in future versions 448 | ; of PHP 449 | ; E_USER_DEPRECATED - user-generated deprecation warnings 450 | ; 451 | ; Common Values: 452 | ; E_ALL (Show all errors, warnings and notices including coding standards.) 453 | ; E_ALL & ~E_NOTICE (Show all errors, except for notices) 454 | ; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) 455 | ; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) 456 | ; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED 457 | ; Development Value: E_ALL 458 | ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT 459 | ; http://php.net/error-reporting 460 | error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT 461 | 462 | ; This directive controls whether or not and where PHP will output errors, 463 | ; notices and warnings too. Error output is very useful during development, but 464 | ; it could be very dangerous in production environments. Depending on the code 465 | ; which is triggering the error, sensitive information could potentially leak 466 | ; out of your application such as database usernames and passwords or worse. 467 | ; For production environments, we recommend logging errors rather than 468 | ; sending them to STDOUT. 469 | ; Possible Values: 470 | ; Off = Do not display any errors 471 | ; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) 472 | ; On or stdout = Display errors to STDOUT 473 | ; Default Value: On 474 | ; Development Value: On 475 | ; Production Value: Off 476 | ; http://php.net/display-errors 477 | display_errors = Off 478 | 479 | ; The display of errors which occur during PHP's startup sequence are handled 480 | ; separately from display_errors. PHP's default behavior is to suppress those 481 | ; errors from clients. Turning the display of startup errors on can be useful in 482 | ; debugging configuration problems. We strongly recommend you 483 | ; set this to 'off' for production servers. 484 | ; Default Value: Off 485 | ; Development Value: On 486 | ; Production Value: Off 487 | ; http://php.net/display-startup-errors 488 | display_startup_errors = Off 489 | 490 | ; Besides displaying errors, PHP can also log errors to locations such as a 491 | ; server-specific log, STDERR, or a location specified by the error_log 492 | ; directive found below. While errors should not be displayed on productions 493 | ; servers they should still be monitored and logging is a great way to do that. 494 | ; Default Value: Off 495 | ; Development Value: On 496 | ; Production Value: On 497 | ; http://php.net/log-errors 498 | log_errors = On 499 | 500 | ; Set maximum length of log_errors. In error_log information about the source is 501 | ; added. The default is 1024 and 0 allows to not apply any maximum length at all. 502 | ; http://php.net/log-errors-max-len 503 | log_errors_max_len = 1024 504 | 505 | ; Do not log repeated messages. Repeated errors must occur in same file on same 506 | ; line unless ignore_repeated_source is set true. 507 | ; http://php.net/ignore-repeated-errors 508 | ignore_repeated_errors = Off 509 | 510 | ; Ignore source of message when ignoring repeated messages. When this setting 511 | ; is On you will not log errors with repeated messages from different files or 512 | ; source lines. 513 | ; http://php.net/ignore-repeated-source 514 | ignore_repeated_source = Off 515 | 516 | ; If this parameter is set to Off, then memory leaks will not be shown (on 517 | ; stdout or in the log). This has only effect in a debug compile, and if 518 | ; error reporting includes E_WARNING in the allowed list 519 | ; http://php.net/report-memleaks 520 | report_memleaks = On 521 | 522 | ; This setting is on by default. 523 | ;report_zend_debug = 0 524 | 525 | ; Store the last error/warning message in $php_errormsg (boolean). Setting this value 526 | ; to On can assist in debugging and is appropriate for development servers. It should 527 | ; however be disabled on production servers. 528 | ; Default Value: Off 529 | ; Development Value: On 530 | ; Production Value: Off 531 | ; http://php.net/track-errors 532 | track_errors = Off 533 | 534 | ; Turn off normal error reporting and emit XML-RPC error XML 535 | ; http://php.net/xmlrpc-errors 536 | ;xmlrpc_errors = 0 537 | 538 | ; An XML-RPC faultCode 539 | ;xmlrpc_error_number = 0 540 | 541 | ; When PHP displays or logs an error, it has the capability of formatting the 542 | ; error message as HTML for easier reading. This directive controls whether 543 | ; the error message is formatted as HTML or not. 544 | ; Note: This directive is hardcoded to Off for the CLI SAPI 545 | ; Default Value: On 546 | ; Development Value: On 547 | ; Production value: On 548 | ; http://php.net/html-errors 549 | html_errors = On 550 | 551 | ; If html_errors is set to On *and* docref_root is not empty, then PHP 552 | ; produces clickable error messages that direct to a page describing the error 553 | ; or function causing the error in detail. 554 | ; You can download a copy of the PHP manual from http://php.net/docs 555 | ; and change docref_root to the base URL of your local copy including the 556 | ; leading '/'. You must also specify the file extension being used including 557 | ; the dot. PHP's default behavior is to leave these settings empty, in which 558 | ; case no links to documentation are generated. 559 | ; Note: Never use this feature for production boxes. 560 | ; http://php.net/docref-root 561 | ; Examples 562 | ;docref_root = "/phpmanual/" 563 | 564 | ; http://php.net/docref-ext 565 | ;docref_ext = .html 566 | 567 | ; String to output before an error message. PHP's default behavior is to leave 568 | ; this setting blank. 569 | ; http://php.net/error-prepend-string 570 | ; Example: 571 | ;error_prepend_string = "" 572 | 573 | ; String to output after an error message. PHP's default behavior is to leave 574 | ; this setting blank. 575 | ; http://php.net/error-append-string 576 | ; Example: 577 | ;error_append_string = "" 578 | 579 | ; Log errors to specified file. PHP's default behavior is to leave this value 580 | ; empty. 581 | ; http://php.net/error-log 582 | ; Example: 583 | ;error_log = php_errors.log 584 | ; Log errors to syslog. 585 | ;error_log = syslog 586 | 587 | ;windows.show_crt_warning 588 | ; Default value: 0 589 | ; Development value: 0 590 | ; Production value: 0 591 | 592 | ;;;;;;;;;;;;;;;;; 593 | ; Data Handling ; 594 | ;;;;;;;;;;;;;;;;; 595 | 596 | ; The separator used in PHP generated URLs to separate arguments. 597 | ; PHP's default setting is "&". 598 | ; http://php.net/arg-separator.output 599 | ; Example: 600 | ;arg_separator.output = "&" 601 | 602 | ; List of separator(s) used by PHP to parse input URLs into variables. 603 | ; PHP's default setting is "&". 604 | ; NOTE: Every character in this directive is considered as separator! 605 | ; http://php.net/arg-separator.input 606 | ; Example: 607 | ;arg_separator.input = ";&" 608 | 609 | ; This directive determines which super global arrays are registered when PHP 610 | ; starts up. G,P,C,E & S are abbreviations for the following respective super 611 | ; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty 612 | ; paid for the registration of these arrays and because ENV is not as commonly 613 | ; used as the others, ENV is not recommended on productions servers. You 614 | ; can still get access to the environment variables through getenv() should you 615 | ; need to. 616 | ; Default Value: "EGPCS" 617 | ; Development Value: "GPCS" 618 | ; Production Value: "GPCS"; 619 | ; http://php.net/variables-order 620 | variables_order = "GPCS" 621 | 622 | ; This directive determines which super global data (G,P & C) should be 623 | ; registered into the super global array REQUEST. If so, it also determines 624 | ; the order in which that data is registered. The values for this directive 625 | ; are specified in the same manner as the variables_order directive, 626 | ; EXCEPT one. Leaving this value empty will cause PHP to use the value set 627 | ; in the variables_order directive. It does not mean it will leave the super 628 | ; globals array REQUEST empty. 629 | ; Default Value: None 630 | ; Development Value: "GP" 631 | ; Production Value: "GP" 632 | ; http://php.net/request-order 633 | request_order = "GP" 634 | 635 | ; This directive determines whether PHP registers $argv & $argc each time it 636 | ; runs. $argv contains an array of all the arguments passed to PHP when a script 637 | ; is invoked. $argc contains an integer representing the number of arguments 638 | ; that were passed when the script was invoked. These arrays are extremely 639 | ; useful when running scripts from the command line. When this directive is 640 | ; enabled, registering these variables consumes CPU cycles and memory each time 641 | ; a script is executed. For performance reasons, this feature should be disabled 642 | ; on production servers. 643 | ; Note: This directive is hardcoded to On for the CLI SAPI 644 | ; Default Value: On 645 | ; Development Value: Off 646 | ; Production Value: Off 647 | ; http://php.net/register-argc-argv 648 | register_argc_argv = Off 649 | 650 | ; When enabled, the ENV, REQUEST and SERVER variables are created when they're 651 | ; first used (Just In Time) instead of when the script starts. If these 652 | ; variables are not used within a script, having this directive on will result 653 | ; in a performance gain. The PHP directive register_argc_argv must be disabled 654 | ; for this directive to have any affect. 655 | ; http://php.net/auto-globals-jit 656 | auto_globals_jit = On 657 | 658 | ; Whether PHP will read the POST data. 659 | ; This option is enabled by default. 660 | ; Most likely, you won't want to disable this option globally. It causes $_POST 661 | ; and $_FILES to always be empty; the only way you will be able to read the 662 | ; POST data will be through the php://input stream wrapper. This can be useful 663 | ; to proxy requests or to process the POST data in a memory efficient fashion. 664 | ; http://php.net/enable-post-data-reading 665 | ;enable_post_data_reading = Off 666 | 667 | ; Maximum size of POST data that PHP will accept. 668 | ; Its value may be 0 to disable the limit. It is ignored if POST data reading 669 | ; is disabled through enable_post_data_reading. 670 | ; http://php.net/post-max-size 671 | post_max_size = 300M 672 | 673 | ; Automatically add files before PHP document. 674 | ; http://php.net/auto-prepend-file 675 | auto_prepend_file = 676 | 677 | ; Automatically add files after PHP document. 678 | ; http://php.net/auto-append-file 679 | auto_append_file = 680 | 681 | ; By default, PHP will output a media type using the Content-Type header. To 682 | ; disable this, simply set it to be empty. 683 | ; 684 | ; PHP's built-in default media type is set to text/html. 685 | ; http://php.net/default-mimetype 686 | default_mimetype = "text/html" 687 | 688 | ; PHP's default character set is set to UTF-8. 689 | ; http://php.net/default-charset 690 | default_charset = "UTF-8" 691 | 692 | ; PHP internal character encoding is set to empty. 693 | ; If empty, default_charset is used. 694 | ; http://php.net/internal-encoding 695 | ;internal_encoding = 696 | 697 | ; PHP input character encoding is set to empty. 698 | ; If empty, default_charset is used. 699 | ; http://php.net/input-encoding 700 | ;input_encoding = 701 | 702 | ; PHP output character encoding is set to empty. 703 | ; If empty, default_charset is used. 704 | ; See also output_buffer. 705 | ; http://php.net/output-encoding 706 | ;output_encoding = 707 | 708 | ;;;;;;;;;;;;;;;;;;;;;;;;; 709 | ; Paths and Directories ; 710 | ;;;;;;;;;;;;;;;;;;;;;;;;; 711 | 712 | ; UNIX: "/path1:/path2" 713 | ;include_path = ".:/php/includes" 714 | ; 715 | ; Windows: "\path1;\path2" 716 | ;include_path = ".;c:\php\includes" 717 | ; 718 | ; PHP's default setting for include_path is ".;/path/to/php/pear" 719 | ; http://php.net/include-path 720 | 721 | ; The root of the PHP pages, used only if nonempty. 722 | ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root 723 | ; if you are running php as a CGI under any web server (other than IIS) 724 | ; see documentation for security issues. The alternate is to use the 725 | ; cgi.force_redirect configuration below 726 | ; http://php.net/doc-root 727 | doc_root = 728 | 729 | ; The directory under which PHP opens the script using /~username used only 730 | ; if nonempty. 731 | ; http://php.net/user-dir 732 | user_dir = 733 | 734 | ; Directory in which the loadable extensions (modules) reside. 735 | ; http://php.net/extension-dir 736 | ; extension_dir = "./" 737 | ; On windows: 738 | ; extension_dir = "ext" 739 | 740 | ; Directory where the temporary files should be placed. 741 | ; Defaults to the system default (see sys_get_temp_dir) 742 | ; sys_temp_dir = "/tmp" 743 | 744 | ; Whether or not to enable the dl() function. The dl() function does NOT work 745 | ; properly in multithreaded servers, such as IIS or Zeus, and is automatically 746 | ; disabled on them. 747 | ; http://php.net/enable-dl 748 | enable_dl = Off 749 | 750 | ; cgi.force_redirect is necessary to provide security running PHP as a CGI under 751 | ; most web servers. Left undefined, PHP turns this on by default. You can 752 | ; turn it off here AT YOUR OWN RISK 753 | ; **You CAN safely turn this off for IIS, in fact, you MUST.** 754 | ; http://php.net/cgi.force-redirect 755 | ;cgi.force_redirect = 1 756 | 757 | ; if cgi.nph is enabled it will force cgi to always sent Status: 200 with 758 | ; every request. PHP's default behavior is to disable this feature. 759 | ;cgi.nph = 1 760 | 761 | ; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape 762 | ; (iPlanet) web servers, you MAY need to set an environment variable name that PHP 763 | ; will look for to know it is OK to continue execution. Setting this variable MAY 764 | ; cause security issues, KNOW WHAT YOU ARE DOING FIRST. 765 | ; http://php.net/cgi.redirect-status-env 766 | ;cgi.redirect_status_env = 767 | 768 | ; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's 769 | ; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok 770 | ; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting 771 | ; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting 772 | ; of zero causes PHP to behave as before. Default is 1. You should fix your scripts 773 | ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. 774 | ; http://php.net/cgi.fix-pathinfo 775 | ;cgi.fix_pathinfo=1 776 | 777 | ; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside 778 | ; of the web tree and people will not be able to circumvent .htaccess security. 779 | ; http://php.net/cgi.dicard-path 780 | ;cgi.discard_path=1 781 | 782 | ; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate 783 | ; security tokens of the calling client. This allows IIS to define the 784 | ; security context that the request runs under. mod_fastcgi under Apache 785 | ; does not currently support this feature (03/17/2002) 786 | ; Set to 1 if running under IIS. Default is zero. 787 | ; http://php.net/fastcgi.impersonate 788 | ;fastcgi.impersonate = 1 789 | 790 | ; Disable logging through FastCGI connection. PHP's default behavior is to enable 791 | ; this feature. 792 | ;fastcgi.logging = 0 793 | 794 | ; cgi.rfc2616_headers configuration option tells PHP what type of headers to 795 | ; use when sending HTTP response code. If set to 0, PHP sends Status: header that 796 | ; is supported by Apache. When this option is set to 1, PHP will send 797 | ; RFC2616 compliant header. 798 | ; Default is zero. 799 | ; http://php.net/cgi.rfc2616-headers 800 | ;cgi.rfc2616_headers = 0 801 | 802 | ; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! 803 | ; (shebang) at the top of the running script. This line might be needed if the 804 | ; script support running both as stand-alone script and via PHP CGI<. PHP in CGI 805 | ; mode skips this line and ignores its content if this directive is turned on. 806 | ; http://php.net/cgi.check-shebang-line 807 | ;cgi.check_shebang_line=1 808 | 809 | ;;;;;;;;;;;;;;;; 810 | ; File Uploads ; 811 | ;;;;;;;;;;;;;;;; 812 | 813 | ; Whether to allow HTTP file uploads. 814 | ; http://php.net/file-uploads 815 | file_uploads = On 816 | 817 | ; Temporary directory for HTTP uploaded files (will use system default if not 818 | ; specified). 819 | ; http://php.net/upload-tmp-dir 820 | ;upload_tmp_dir = 821 | 822 | ; Maximum allowed size for uploaded files. 823 | ; http://php.net/upload-max-filesize 824 | upload_max_filesize = 300M 825 | 826 | ; Maximum number of files that can be uploaded via a single request 827 | max_file_uploads = 20 828 | 829 | ;;;;;;;;;;;;;;;;;; 830 | ; Fopen wrappers ; 831 | ;;;;;;;;;;;;;;;;;; 832 | 833 | ; Whether to allow the treatment of URLs (like http:// or ftp://) as files. 834 | ; http://php.net/allow-url-fopen 835 | allow_url_fopen = On 836 | 837 | ; Whether to allow include/require to open URLs (like http:// or ftp://) as files. 838 | ; http://php.net/allow-url-include 839 | allow_url_include = Off 840 | 841 | ; Define the anonymous ftp password (your email address). PHP's default setting 842 | ; for this is empty. 843 | ; http://php.net/from 844 | ;from="john@doe.com" 845 | 846 | ; Define the User-Agent string. PHP's default setting for this is empty. 847 | ; http://php.net/user-agent 848 | ;user_agent="PHP" 849 | 850 | ; Default timeout for socket based streams (seconds) 851 | ; http://php.net/default-socket-timeout 852 | default_socket_timeout = 60 853 | 854 | ; If your scripts have to deal with files from Macintosh systems, 855 | ; or you are running on a Mac and need to deal with files from 856 | ; unix or win32 systems, setting this flag will cause PHP to 857 | ; automatically detect the EOL character in those files so that 858 | ; fgets() and file() will work regardless of the source of the file. 859 | ; http://php.net/auto-detect-line-endings 860 | ;auto_detect_line_endings = Off 861 | 862 | ;;;;;;;;;;;;;;;;;;;;;; 863 | ; Dynamic Extensions ; 864 | ;;;;;;;;;;;;;;;;;;;;;; 865 | 866 | ; If you wish to have an extension loaded automatically, use the following 867 | ; syntax: 868 | ; 869 | ; extension=modulename.extension 870 | ; 871 | ; For example, on Windows: 872 | ; 873 | ; extension=msql.dll 874 | ; 875 | ; ... or under UNIX: 876 | ; 877 | ; extension=msql.so 878 | ; 879 | ; ... or with a path: 880 | ; 881 | ; extension=/path/to/extension/msql.so 882 | ; 883 | ; If you only provide the name of the extension, PHP will look for it in its 884 | ; default extension directory. 885 | 886 | ;;;; 887 | ; Note: packaged extension modules are now loaded via the .ini files 888 | ; found in the directory /etc/php.d; these are loaded by default. 889 | ;;;; 890 | 891 | ;;;;;;;;;;;;;;;;;;; 892 | ; Module Settings ; 893 | ;;;;;;;;;;;;;;;;;;; 894 | 895 | [CLI Server] 896 | ; Whether the CLI web server uses ANSI color coding in its terminal output. 897 | cli_server.color = On 898 | 899 | [Date] 900 | ; Defines the default timezone used by the date functions 901 | ; http://php.net/date.timezone 902 | ;date.timezone = 903 | 904 | ; http://php.net/date.default-latitude 905 | ;date.default_latitude = 31.7667 906 | 907 | ; http://php.net/date.default-longitude 908 | ;date.default_longitude = 35.2333 909 | 910 | ; http://php.net/date.sunrise-zenith 911 | ;date.sunrise_zenith = 90.583333 912 | 913 | ; http://php.net/date.sunset-zenith 914 | ;date.sunset_zenith = 90.583333 915 | 916 | [filter] 917 | ; http://php.net/filter.default 918 | ;filter.default = unsafe_raw 919 | 920 | ; http://php.net/filter.default-flags 921 | ;filter.default_flags = 922 | 923 | [iconv] 924 | ; Use of this INI entry is deprecated, use global input_encoding instead. 925 | ; If empty, default_charset or input_encoding or iconv.input_encoding is used. 926 | ; The precedence is: default_charset < intput_encoding < iconv.input_encoding 927 | ;iconv.input_encoding = 928 | 929 | ; Use of this INI entry is deprecated, use global internal_encoding instead. 930 | ; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. 931 | ; The precedence is: default_charset < internal_encoding < iconv.internal_encoding 932 | ;iconv.internal_encoding = 933 | 934 | ; Use of this INI entry is deprecated, use global output_encoding instead. 935 | ; If empty, default_charset or output_encoding or iconv.output_encoding is used. 936 | ; The precedence is: default_charset < output_encoding < iconv.output_encoding 937 | ; To use an output encoding conversion, iconv's output handler must be set 938 | ; otherwise output encoding conversion cannot be performed. 939 | ;iconv.output_encoding = 940 | 941 | [intl] 942 | ;intl.default_locale = 943 | ; This directive allows you to produce PHP errors when some error 944 | ; happens within intl functions. The value is the level of the error produced. 945 | ; Default is 0, which does not produce any errors. 946 | ;intl.error_level = E_WARNING 947 | ;intl.use_exceptions = 0 948 | 949 | [sqlite3] 950 | ;sqlite3.extension_dir = 951 | 952 | [Pcre] 953 | ;PCRE library backtracking limit. 954 | ; http://php.net/pcre.backtrack-limit 955 | ;pcre.backtrack_limit=100000 956 | 957 | ;PCRE library recursion limit. 958 | ;Please note that if you set this value to a high number you may consume all 959 | ;the available process stack and eventually crash PHP (due to reaching the 960 | ;stack size limit imposed by the Operating System). 961 | ; http://php.net/pcre.recursion-limit 962 | ;pcre.recursion_limit=100000 963 | 964 | ;Enables or disables JIT compilation of patterns. This requires the PCRE 965 | ;library to be compiled with JIT support. 966 | pcre.jit=0 967 | 968 | [Pdo] 969 | ; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" 970 | ; http://php.net/pdo-odbc.connection-pooling 971 | ;pdo_odbc.connection_pooling=strict 972 | 973 | ;pdo_odbc.db2_instance_name 974 | 975 | [Pdo_mysql] 976 | ; If mysqlnd is used: Number of cache slots for the internal result set cache 977 | ; http://php.net/pdo_mysql.cache_size 978 | pdo_mysql.cache_size = 2000 979 | 980 | ; Default socket name for local MySQL connects. If empty, uses the built-in 981 | ; MySQL defaults. 982 | ; http://php.net/pdo_mysql.default-socket 983 | pdo_mysql.default_socket= 984 | 985 | [Phar] 986 | ; http://php.net/phar.readonly 987 | ;phar.readonly = On 988 | 989 | ; http://php.net/phar.require-hash 990 | ;phar.require_hash = On 991 | 992 | ;phar.cache_list = 993 | 994 | [mail function] 995 | ; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). 996 | ; http://php.net/sendmail-path 997 | sendmail_path = /usr/sbin/sendmail -t -i 998 | 999 | ; Force the addition of the specified parameters to be passed as extra parameters 1000 | ; to the sendmail binary. These parameters will always replace the value of 1001 | ; the 5th parameter to mail(). 1002 | ;mail.force_extra_parameters = 1003 | 1004 | ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename 1005 | mail.add_x_header = On 1006 | 1007 | ; The path to a log file that will log all mail() calls. Log entries include 1008 | ; the full path of the script, line number, To address and headers. 1009 | ;mail.log = 1010 | ; Log mail to syslog; 1011 | ;mail.log = syslog 1012 | 1013 | [SQL] 1014 | ; http://php.net/sql.safe-mode 1015 | sql.safe_mode = Off 1016 | 1017 | [ODBC] 1018 | ; http://php.net/odbc.default-db 1019 | ;odbc.default_db = Not yet implemented 1020 | 1021 | ; http://php.net/odbc.default-user 1022 | ;odbc.default_user = Not yet implemented 1023 | 1024 | ; http://php.net/odbc.default-pw 1025 | ;odbc.default_pw = Not yet implemented 1026 | 1027 | ; Controls the ODBC cursor model. 1028 | ; Default: SQL_CURSOR_STATIC (default). 1029 | ;odbc.default_cursortype 1030 | 1031 | ; Allow or prevent persistent links. 1032 | ; http://php.net/odbc.allow-persistent 1033 | odbc.allow_persistent = On 1034 | 1035 | ; Check that a connection is still valid before reuse. 1036 | ; http://php.net/odbc.check-persistent 1037 | odbc.check_persistent = On 1038 | 1039 | ; Maximum number of persistent links. -1 means no limit. 1040 | ; http://php.net/odbc.max-persistent 1041 | odbc.max_persistent = -1 1042 | 1043 | ; Maximum number of links (persistent + non-persistent). -1 means no limit. 1044 | ; http://php.net/odbc.max-links 1045 | odbc.max_links = -1 1046 | 1047 | ; Handling of LONG fields. Returns number of bytes to variables. 0 means 1048 | ; passthru. 1049 | ; http://php.net/odbc.defaultlrl 1050 | odbc.defaultlrl = 4096 1051 | 1052 | ; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. 1053 | ; See the documentation on odbc_binmode and odbc_longreadlen for an explanation 1054 | ; of odbc.defaultlrl and odbc.defaultbinmode 1055 | ; http://php.net/odbc.defaultbinmode 1056 | odbc.defaultbinmode = 1 1057 | 1058 | ;birdstep.max_links = -1 1059 | 1060 | [Interbase] 1061 | ; Allow or prevent persistent links. 1062 | ibase.allow_persistent = 1 1063 | 1064 | ; Maximum number of persistent links. -1 means no limit. 1065 | ibase.max_persistent = -1 1066 | 1067 | ; Maximum number of links (persistent + non-persistent). -1 means no limit. 1068 | ibase.max_links = -1 1069 | 1070 | ; Default database name for ibase_connect(). 1071 | ;ibase.default_db = 1072 | 1073 | ; Default username for ibase_connect(). 1074 | ;ibase.default_user = 1075 | 1076 | ; Default password for ibase_connect(). 1077 | ;ibase.default_password = 1078 | 1079 | ; Default charset for ibase_connect(). 1080 | ;ibase.default_charset = 1081 | 1082 | ; Default timestamp format. 1083 | ibase.timestampformat = "%Y-%m-%d %H:%M:%S" 1084 | 1085 | ; Default date format. 1086 | ibase.dateformat = "%Y-%m-%d" 1087 | 1088 | ; Default time format. 1089 | ibase.timeformat = "%H:%M:%S" 1090 | 1091 | [MySQLi] 1092 | 1093 | ; Maximum number of persistent links. -1 means no limit. 1094 | ; http://php.net/mysqli.max-persistent 1095 | mysqli.max_persistent = -1 1096 | 1097 | ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements 1098 | ; http://php.net/mysqli.allow_local_infile 1099 | ;mysqli.allow_local_infile = On 1100 | 1101 | ; Allow or prevent persistent links. 1102 | ; http://php.net/mysqli.allow-persistent 1103 | mysqli.allow_persistent = On 1104 | 1105 | ; Maximum number of links. -1 means no limit. 1106 | ; http://php.net/mysqli.max-links 1107 | mysqli.max_links = -1 1108 | 1109 | ; If mysqlnd is used: Number of cache slots for the internal result set cache 1110 | ; http://php.net/mysqli.cache_size 1111 | mysqli.cache_size = 2000 1112 | 1113 | ; Default port number for mysqli_connect(). If unset, mysqli_connect() will use 1114 | ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the 1115 | ; compile-time value defined MYSQL_PORT (in that order). Win32 will only look 1116 | ; at MYSQL_PORT. 1117 | ; http://php.net/mysqli.default-port 1118 | mysqli.default_port = 3306 1119 | 1120 | ; Default socket name for local MySQL connects. If empty, uses the built-in 1121 | ; MySQL defaults. 1122 | ; http://php.net/mysqli.default-socket 1123 | mysqli.default_socket = 1124 | 1125 | ; Default host for mysql_connect() (doesn't apply in safe mode). 1126 | ; http://php.net/mysqli.default-host 1127 | mysqli.default_host = 1128 | 1129 | ; Default user for mysql_connect() (doesn't apply in safe mode). 1130 | ; http://php.net/mysqli.default-user 1131 | mysqli.default_user = 1132 | 1133 | ; Default password for mysqli_connect() (doesn't apply in safe mode). 1134 | ; Note that this is generally a *bad* idea to store passwords in this file. 1135 | ; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") 1136 | ; and reveal this password! And of course, any users with read access to this 1137 | ; file will be able to reveal the password as well. 1138 | ; http://php.net/mysqli.default-pw 1139 | mysqli.default_pw = 1140 | 1141 | ; Allow or prevent reconnect 1142 | mysqli.reconnect = Off 1143 | 1144 | [mysqlnd] 1145 | ; Enable / Disable collection of general statistics by mysqlnd which can be 1146 | ; used to tune and monitor MySQL operations. 1147 | ; http://php.net/mysqlnd.collect_statistics 1148 | mysqlnd.collect_statistics = On 1149 | 1150 | ; Enable / Disable collection of memory usage statistics by mysqlnd which can be 1151 | ; used to tune and monitor MySQL operations. 1152 | ; http://php.net/mysqlnd.collect_memory_statistics 1153 | mysqlnd.collect_memory_statistics = Off 1154 | 1155 | ; Records communication from all extensions using mysqlnd to the specified log 1156 | ; file. 1157 | ; http://php.net/mysqlnd.debug 1158 | ;mysqlnd.debug = 1159 | 1160 | ; Defines which queries will be logged. 1161 | ; http://php.net/mysqlnd.log_mask 1162 | ;mysqlnd.log_mask = 0 1163 | 1164 | ; Default size of the mysqlnd memory pool, which is used by result sets. 1165 | ; http://php.net/mysqlnd.mempool_default_size 1166 | ;mysqlnd.mempool_default_size = 16000 1167 | 1168 | ; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. 1169 | ; http://php.net/mysqlnd.net_cmd_buffer_size 1170 | ;mysqlnd.net_cmd_buffer_size = 2048 1171 | 1172 | ; Size of a pre-allocated buffer used for reading data sent by the server in 1173 | ; bytes. 1174 | ; http://php.net/mysqlnd.net_read_buffer_size 1175 | ;mysqlnd.net_read_buffer_size = 32768 1176 | 1177 | ; Timeout for network requests in seconds. 1178 | ; http://php.net/mysqlnd.net_read_timeout 1179 | ;mysqlnd.net_read_timeout = 31536000 1180 | 1181 | ; SHA-256 Authentication Plugin related. File with the MySQL server public RSA 1182 | ; key. 1183 | ; http://php.net/mysqlnd.sha256_server_public_key 1184 | ;mysqlnd.sha256_server_public_key = 1185 | 1186 | [PostgreSQL] 1187 | ; Allow or prevent persistent links. 1188 | ; http://php.net/pgsql.allow-persistent 1189 | pgsql.allow_persistent = On 1190 | 1191 | ; Detect broken persistent links always with pg_pconnect(). 1192 | ; Auto reset feature requires a little overheads. 1193 | ; http://php.net/pgsql.auto-reset-persistent 1194 | pgsql.auto_reset_persistent = Off 1195 | 1196 | ; Maximum number of persistent links. -1 means no limit. 1197 | ; http://php.net/pgsql.max-persistent 1198 | pgsql.max_persistent = -1 1199 | 1200 | ; Maximum number of links (persistent+non persistent). -1 means no limit. 1201 | ; http://php.net/pgsql.max-links 1202 | pgsql.max_links = -1 1203 | 1204 | ; Ignore PostgreSQL backends Notice message or not. 1205 | ; Notice message logging require a little overheads. 1206 | ; http://php.net/pgsql.ignore-notice 1207 | pgsql.ignore_notice = 0 1208 | 1209 | ; Log PostgreSQL backends Notice message or not. 1210 | ; Unless pgsql.ignore_notice=0, module cannot log notice message. 1211 | ; http://php.net/pgsql.log-notice 1212 | pgsql.log_notice = 0 1213 | 1214 | [bcmath] 1215 | ; Number of decimal digits for all bcmath functions. 1216 | ; http://php.net/bcmath.scale 1217 | bcmath.scale = 0 1218 | 1219 | [browscap] 1220 | ; http://php.net/browscap 1221 | ;browscap = extra/browscap.ini 1222 | 1223 | [Session] 1224 | ; Handler used to store/retrieve data. 1225 | ; http://php.net/session.save-handler 1226 | session.save_handler = files 1227 | 1228 | ; Argument passed to save_handler. In the case of files, this is the path 1229 | ; where data files are stored. Note: Windows users have to change this 1230 | ; variable in order to use PHP's session functions. 1231 | ; 1232 | ; The path can be defined as: 1233 | ; 1234 | ; session.save_path = "N;/path" 1235 | ; 1236 | ; where N is an integer. Instead of storing all the session files in 1237 | ; /path, what this will do is use subdirectories N-levels deep, and 1238 | ; store the session data in those directories. This is useful if 1239 | ; your OS has problems with many files in one directory, and is 1240 | ; a more efficient layout for servers that handle many sessions. 1241 | ; 1242 | ; NOTE 1: PHP will not create this directory structure automatically. 1243 | ; You can use the script in the ext/session dir for that purpose. 1244 | ; NOTE 2: See the section on garbage collection below if you choose to 1245 | ; use subdirectories for session storage 1246 | ; 1247 | ; The file storage module creates files using mode 600 by default. 1248 | ; You can change that by using 1249 | ; 1250 | ; session.save_path = "N;MODE;/path" 1251 | ; 1252 | ; where MODE is the octal representation of the mode. Note that this 1253 | ; does not overwrite the process's umask. 1254 | ; http://php.net/session.save-path 1255 | 1256 | ; RPM note : session directory must be owned by process owner 1257 | ; for mod_php, see /etc/httpd/conf.d/php.conf 1258 | ; for php-fpm, see /etc/php-fpm.d/*conf 1259 | ;session.save_path = "/tmp" 1260 | 1261 | ; Whether to use strict session mode. 1262 | ; Strict session mode does not accept uninitialized session ID and regenerate 1263 | ; session ID if browser sends uninitialized session ID. Strict mode protects 1264 | ; applications from session fixation via session adoption vulnerability. It is 1265 | ; disabled by default for maximum compatibility, but enabling it is encouraged. 1266 | ; https://wiki.php.net/rfc/strict_sessions 1267 | session.use_strict_mode = 0 1268 | 1269 | ; Whether to use cookies. 1270 | ; http://php.net/session.use-cookies 1271 | session.use_cookies = 1 1272 | 1273 | ; http://php.net/session.cookie-secure 1274 | ;session.cookie_secure = 1275 | 1276 | ; This option forces PHP to fetch and use a cookie for storing and maintaining 1277 | ; the session id. We encourage this operation as it's very helpful in combating 1278 | ; session hijacking when not specifying and managing your own session id. It is 1279 | ; not the be-all and end-all of session hijacking defense, but it's a good start. 1280 | ; http://php.net/session.use-only-cookies 1281 | session.use_only_cookies = 1 1282 | 1283 | ; Name of the session (used as cookie name). 1284 | ; http://php.net/session.name 1285 | session.name = PHPSESSID 1286 | 1287 | ; Initialize session on request startup. 1288 | ; http://php.net/session.auto-start 1289 | session.auto_start = 0 1290 | 1291 | ; Lifetime in seconds of cookie or, if 0, until browser is restarted. 1292 | ; http://php.net/session.cookie-lifetime 1293 | session.cookie_lifetime = 0 1294 | 1295 | ; The path for which the cookie is valid. 1296 | ; http://php.net/session.cookie-path 1297 | session.cookie_path = / 1298 | 1299 | ; The domain for which the cookie is valid. 1300 | ; http://php.net/session.cookie-domain 1301 | session.cookie_domain = 1302 | 1303 | ; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. 1304 | ; http://php.net/session.cookie-httponly 1305 | session.cookie_httponly = 1306 | 1307 | ; Handler used to serialize data. php is the standard serializer of PHP. 1308 | ; http://php.net/session.serialize-handler 1309 | session.serialize_handler = php 1310 | 1311 | ; Defines the probability that the 'garbage collection' process is started 1312 | ; on every session initialization. The probability is calculated by using 1313 | ; gc_probability/gc_divisor. Where session.gc_probability is the numerator 1314 | ; and gc_divisor is the denominator in the equation. Setting this value to 1 1315 | ; when the session.gc_divisor value is 100 will give you approximately a 1% chance 1316 | ; the gc will run on any give request. 1317 | ; Default Value: 1 1318 | ; Development Value: 1 1319 | ; Production Value: 1 1320 | ; http://php.net/session.gc-probability 1321 | session.gc_probability = 1 1322 | 1323 | ; Defines the probability that the 'garbage collection' process is started on every 1324 | ; session initialization. The probability is calculated by using the following equation: 1325 | ; gc_probability/gc_divisor. Where session.gc_probability is the numerator and 1326 | ; session.gc_divisor is the denominator in the equation. Setting this value to 1 1327 | ; when the session.gc_divisor value is 100 will give you approximately a 1% chance 1328 | ; the gc will run on any give request. Increasing this value to 1000 will give you 1329 | ; a 0.1% chance the gc will run on any give request. For high volume production servers, 1330 | ; this is a more efficient approach. 1331 | ; Default Value: 100 1332 | ; Development Value: 1000 1333 | ; Production Value: 1000 1334 | ; http://php.net/session.gc-divisor 1335 | session.gc_divisor = 1000 1336 | 1337 | ; After this number of seconds, stored data will be seen as 'garbage' and 1338 | ; cleaned up by the garbage collection process. 1339 | ; http://php.net/session.gc-maxlifetime 1340 | session.gc_maxlifetime = 1440 1341 | 1342 | ; NOTE: If you are using the subdirectory option for storing session files 1343 | ; (see session.save_path above), then garbage collection does *not* 1344 | ; happen automatically. You will need to do your own garbage 1345 | ; collection through a shell script, cron entry, or some other method. 1346 | ; For example, the following script would is the equivalent of 1347 | ; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): 1348 | ; find /path/to/sessions -cmin +24 -type f | xargs rm 1349 | 1350 | ; Check HTTP Referer to invalidate externally stored URLs containing ids. 1351 | ; HTTP_REFERER has to contain this substring for the session to be 1352 | ; considered as valid. 1353 | ; http://php.net/session.referer-check 1354 | session.referer_check = 1355 | 1356 | ; Set to {nocache,private,public,} to determine HTTP caching aspects 1357 | ; or leave this empty to avoid sending anti-caching headers. 1358 | ; http://php.net/session.cache-limiter 1359 | session.cache_limiter = nocache 1360 | 1361 | ; Document expires after n minutes. 1362 | ; http://php.net/session.cache-expire 1363 | session.cache_expire = 180 1364 | 1365 | ; trans sid support is disabled by default. 1366 | ; Use of trans sid may risk your users' security. 1367 | ; Use this option with caution. 1368 | ; - User may send URL contains active session ID 1369 | ; to other person via. email/irc/etc. 1370 | ; - URL that contains active session ID may be stored 1371 | ; in publicly accessible computer. 1372 | ; - User may access your site with the same session ID 1373 | ; always using URL stored in browser's history or bookmarks. 1374 | ; http://php.net/session.use-trans-sid 1375 | session.use_trans_sid = 0 1376 | 1377 | ; Set session ID character length. This value could be between 22 to 256. 1378 | ; Shorter length than default is supported only for compatibility reason. 1379 | ; Users should use 32 or more chars. 1380 | ; http://php.net/session.sid_length 1381 | ; Default Value: 32 1382 | ; Development Value: 26 1383 | ; Production Value: 26 1384 | session.sid_length = 26 1385 | 1386 | ; The URL rewriter will look for URLs in a defined set of HTML tags. 1387 | ;
is special; if you include them here, the rewriter will 1388 | ; add a hidden field with the info which is otherwise appended 1389 | ; to URLs. tag's action attribute URL will not be modified 1390 | ; unless it is specified. 1391 | ; Note that all valid entries require a "=", even if no value follows. 1392 | ; Default Value: "a=href,area=href,frame=src,form=" 1393 | ; Development Value: "a=href,area=href,frame=src,form=" 1394 | ; Production Value: "a=href,area=href,frame=src,form=" 1395 | ; http://php.net/url-rewriter.tags 1396 | session.trans_sid_tags = "a=href,area=href,frame=src,form=" 1397 | 1398 | ; URL rewriter does not rewrite absolute URLs by default. 1399 | ; To enable rewrites for absolute pathes, target hosts must be specified 1400 | ; at RUNTIME. i.e. use ini_set() 1401 | ; tags is special. PHP will check action attribute's URL regardless 1402 | ; of session.trans_sid_tags setting. 1403 | ; If no host is defined, HTTP_HOST will be used for allowed host. 1404 | ; Example value: php.net,www.php.net,wiki.php.net 1405 | ; Use "," for multiple hosts. No spaces are allowed. 1406 | ; Default Value: "" 1407 | ; Development Value: "" 1408 | ; Production Value: "" 1409 | ;session.trans_sid_hosts="" 1410 | 1411 | ; Define how many bits are stored in each character when converting 1412 | ; the binary hash data to something readable. 1413 | ; Possible values: 1414 | ; 4 (4 bits: 0-9, a-f) 1415 | ; 5 (5 bits: 0-9, a-v) 1416 | ; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") 1417 | ; Default Value: 4 1418 | ; Development Value: 5 1419 | ; Production Value: 5 1420 | ; http://php.net/session.hash-bits-per-character 1421 | session.sid_bits_per_character = 5 1422 | 1423 | ; Enable upload progress tracking in $_SESSION 1424 | ; Default Value: On 1425 | ; Development Value: On 1426 | ; Production Value: On 1427 | ; http://php.net/session.upload-progress.enabled 1428 | ;session.upload_progress.enabled = On 1429 | 1430 | ; Cleanup the progress information as soon as all POST data has been read 1431 | ; (i.e. upload completed). 1432 | ; Default Value: On 1433 | ; Development Value: On 1434 | ; Production Value: On 1435 | ; http://php.net/session.upload-progress.cleanup 1436 | ;session.upload_progress.cleanup = On 1437 | 1438 | ; A prefix used for the upload progress key in $_SESSION 1439 | ; Default Value: "upload_progress_" 1440 | ; Development Value: "upload_progress_" 1441 | ; Production Value: "upload_progress_" 1442 | ; http://php.net/session.upload-progress.prefix 1443 | ;session.upload_progress.prefix = "upload_progress_" 1444 | 1445 | ; The index name (concatenated with the prefix) in $_SESSION 1446 | ; containing the upload progress information 1447 | ; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" 1448 | ; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" 1449 | ; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" 1450 | ; http://php.net/session.upload-progress.name 1451 | ;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" 1452 | 1453 | ; How frequently the upload progress should be updated. 1454 | ; Given either in percentages (per-file), or in bytes 1455 | ; Default Value: "1%" 1456 | ; Development Value: "1%" 1457 | ; Production Value: "1%" 1458 | ; http://php.net/session.upload-progress.freq 1459 | ;session.upload_progress.freq = "1%" 1460 | 1461 | ; The minimum delay between updates, in seconds 1462 | ; Default Value: 1 1463 | ; Development Value: 1 1464 | ; Production Value: 1 1465 | ; http://php.net/session.upload-progress.min-freq 1466 | ;session.upload_progress.min_freq = "1" 1467 | 1468 | ; Only write session data when session data is changed. Enabled by default. 1469 | ; http://php.net/session.lazy-write 1470 | ;session.lazy_write = On 1471 | 1472 | [Assertion] 1473 | ; Switch whether to compile assertions at all (to have no overhead at run-time) 1474 | ; -1: Do not compile at all 1475 | ; 0: Jump over assertion at run-time 1476 | ; 1: Execute assertions 1477 | ; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) 1478 | ; Default Value: 1 1479 | ; Development Value: 1 1480 | ; Production Value: -1 1481 | ; http://php.net/zend.assertions 1482 | zend.assertions = -1 1483 | 1484 | ; Assert(expr); active by default. 1485 | ; http://php.net/assert.active 1486 | ;assert.active = On 1487 | 1488 | ; Throw an AssertationException on failed assertions 1489 | ; http://php.net/assert.exception 1490 | ;assert.exception = On 1491 | 1492 | ; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) 1493 | ; http://php.net/assert.warning 1494 | ;assert.warning = On 1495 | 1496 | ; Don't bail out by default. 1497 | ; http://php.net/assert.bail 1498 | ;assert.bail = Off 1499 | 1500 | ; User-function to be called if an assertion fails. 1501 | ; http://php.net/assert.callback 1502 | ;assert.callback = 0 1503 | 1504 | ; Eval the expression with current error_reporting(). Set to true if you want 1505 | ; error_reporting(0) around the eval(). 1506 | ; http://php.net/assert.quiet-eval 1507 | ;assert.quiet_eval = 0 1508 | 1509 | [mbstring] 1510 | ; language for internal character representation. 1511 | ; This affects mb_send_mail() and mbstring.detect_order. 1512 | ; http://php.net/mbstring.language 1513 | ;mbstring.language = Japanese 1514 | 1515 | ; Use of this INI entry is deprecated, use global internal_encoding instead. 1516 | ; internal/script encoding. 1517 | ; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) 1518 | ; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. 1519 | ; The precedence is: default_charset < internal_encoding < iconv.internal_encoding 1520 | ;mbstring.internal_encoding = 1521 | 1522 | ; Use of this INI entry is deprecated, use global input_encoding instead. 1523 | ; http input encoding. 1524 | ; mbstring.encoding_traslation = On is needed to use this setting. 1525 | ; If empty, default_charset or input_encoding or mbstring.input is used. 1526 | ; The precedence is: default_charset < intput_encoding < mbsting.http_input 1527 | ; http://php.net/mbstring.http-input 1528 | ;mbstring.http_input = 1529 | 1530 | ; Use of this INI entry is deprecated, use global output_encoding instead. 1531 | ; http output encoding. 1532 | ; mb_output_handler must be registered as output buffer to function. 1533 | ; If empty, default_charset or output_encoding or mbstring.http_output is used. 1534 | ; The precedence is: default_charset < output_encoding < mbstring.http_output 1535 | ; To use an output encoding conversion, mbstring's output handler must be set 1536 | ; otherwise output encoding conversion cannot be performed. 1537 | ; http://php.net/mbstring.http-output 1538 | ;mbstring.http_output = 1539 | 1540 | ; enable automatic encoding translation according to 1541 | ; mbstring.internal_encoding setting. Input chars are 1542 | ; converted to internal encoding by setting this to On. 1543 | ; Note: Do _not_ use automatic encoding translation for 1544 | ; portable libs/applications. 1545 | ; http://php.net/mbstring.encoding-translation 1546 | ;mbstring.encoding_translation = Off 1547 | 1548 | ; automatic encoding detection order. 1549 | ; "auto" detect order is changed according to mbstring.language 1550 | ; http://php.net/mbstring.detect-order 1551 | ;mbstring.detect_order = auto 1552 | 1553 | ; substitute_character used when character cannot be converted 1554 | ; one from another 1555 | ; http://php.net/mbstring.substitute-character 1556 | ;mbstring.substitute_character = none 1557 | 1558 | ; overload(replace) single byte functions by mbstring functions. 1559 | ; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), 1560 | ; etc. Possible values are 0,1,2,4 or combination of them. 1561 | ; For example, 7 for overload everything. 1562 | ; 0: No overload 1563 | ; 1: Overload mail() function 1564 | ; 2: Overload str*() functions 1565 | ; 4: Overload ereg*() functions 1566 | ; http://php.net/mbstring.func-overload 1567 | ;mbstring.func_overload = 0 1568 | 1569 | ; enable strict encoding detection. 1570 | ; Default: Off 1571 | ;mbstring.strict_detection = On 1572 | 1573 | ; This directive specifies the regex pattern of content types for which mb_output_handler() 1574 | ; is activated. 1575 | ; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) 1576 | ;mbstring.http_output_conv_mimetype= 1577 | 1578 | [gd] 1579 | ; Tell the jpeg decode to ignore warnings and try to create 1580 | ; a gd image. The warning will then be displayed as notices 1581 | ; disabled by default 1582 | ; http://php.net/gd.jpeg-ignore-warning 1583 | ;gd.jpeg_ignore_warning = 1 1584 | 1585 | [exif] 1586 | ; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. 1587 | ; With mbstring support this will automatically be converted into the encoding 1588 | ; given by corresponding encode setting. When empty mbstring.internal_encoding 1589 | ; is used. For the decode settings you can distinguish between motorola and 1590 | ; intel byte order. A decode setting cannot be empty. 1591 | ; http://php.net/exif.encode-unicode 1592 | ;exif.encode_unicode = ISO-8859-15 1593 | 1594 | ; http://php.net/exif.decode-unicode-motorola 1595 | ;exif.decode_unicode_motorola = UCS-2BE 1596 | 1597 | ; http://php.net/exif.decode-unicode-intel 1598 | ;exif.decode_unicode_intel = UCS-2LE 1599 | 1600 | ; http://php.net/exif.encode-jis 1601 | ;exif.encode_jis = 1602 | 1603 | ; http://php.net/exif.decode-jis-motorola 1604 | ;exif.decode_jis_motorola = JIS 1605 | 1606 | ; http://php.net/exif.decode-jis-intel 1607 | ;exif.decode_jis_intel = JIS 1608 | 1609 | [Tidy] 1610 | ; The path to a default tidy configuration file to use when using tidy 1611 | ; http://php.net/tidy.default-config 1612 | ;tidy.default_config = /usr/local/lib/php/default.tcfg 1613 | 1614 | ; Should tidy clean and repair output automatically? 1615 | ; WARNING: Do not use this option if you are generating non-html content 1616 | ; such as dynamic images 1617 | ; http://php.net/tidy.clean-output 1618 | tidy.clean_output = Off 1619 | 1620 | [soap] 1621 | ; Enables or disables WSDL caching feature. 1622 | ; http://php.net/soap.wsdl-cache-enabled 1623 | soap.wsdl_cache_enabled=1 1624 | 1625 | ; Sets the directory name where SOAP extension will put cache files. 1626 | ; http://php.net/soap.wsdl-cache-dir 1627 | 1628 | ; RPM note : cache directory must be owned by process owner 1629 | ; for mod_php, see /etc/httpd/conf.d/php.conf 1630 | ; for php-fpm, see /etc/php-fpm.d/*conf 1631 | soap.wsdl_cache_dir="/tmp" 1632 | 1633 | ; (time to live) Sets the number of second while cached file will be used 1634 | ; instead of original one. 1635 | ; http://php.net/soap.wsdl-cache-ttl 1636 | soap.wsdl_cache_ttl=86400 1637 | 1638 | ; Sets the size of the cache limit. (Max. number of WSDL files to cache) 1639 | soap.wsdl_cache_limit = 5 1640 | 1641 | [sysvshm] 1642 | ; A default size of the shared memory segment 1643 | ;sysvshm.init_mem = 10000 1644 | 1645 | [ldap] 1646 | ; Sets the maximum number of open links or -1 for unlimited. 1647 | ldap.max_links = -1 1648 | 1649 | [mcrypt] 1650 | ; For more information about mcrypt settings see http://php.net/mcrypt-module-open 1651 | 1652 | ; Directory where to load mcrypt algorithms 1653 | ; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) 1654 | ;mcrypt.algorithms_dir= 1655 | 1656 | ; Directory where to load mcrypt modes 1657 | ; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) 1658 | ;mcrypt.modes_dir= 1659 | 1660 | [dba] 1661 | ;dba.default_handler= 1662 | 1663 | [curl] 1664 | ; A default value for the CURLOPT_CAINFO option. This is required to be an 1665 | ; absolute path. 1666 | ;curl.cainfo = 1667 | 1668 | [openssl] 1669 | ; The location of a Certificate Authority (CA) file on the local filesystem 1670 | ; to use when verifying the identity of SSL/TLS peers. Most users should 1671 | ; not specify a value for this directive as PHP will attempt to use the 1672 | ; OS-managed cert stores in its absence. If specified, this value may still 1673 | ; be overridden on a per-stream basis via the "cafile" SSL stream context 1674 | ; option. 1675 | ;openssl.cafile= 1676 | 1677 | ; If openssl.cafile is not specified or if the CA file is not found, the 1678 | ; directory pointed to by openssl.capath is searched for a suitable 1679 | ; certificate. This value must be a correctly hashed certificate directory. 1680 | ; Most users should not specify a value for this directive as PHP will 1681 | ; attempt to use the OS-managed cert stores in its absence. If specified, 1682 | ; this value may still be overridden on a per-stream basis via the "capath" 1683 | ; SSL stream context option. 1684 | ;openssl.capath= 1685 | 1686 | ; Local Variables: 1687 | ; tab-width: 4 1688 | ; End: 1689 | -------------------------------------------------------------------------------- /eramba-app/etc/secure.conf: -------------------------------------------------------------------------------- 1 | # Basic options to try to secure apache 2 | # References: https://geekflare.com/apache-web-server-hardening-security/#4-Web-Application-Security 3 | ServerName app 4 | 5 | # ServerSignature will remove the version information from the page generated 6 | # like 403, 404, 502, etc. by apache web server. ServerTokens will change 7 | # Header to production only, i.e. Apache 8 | ServerTokens Prod 9 | ServerSignature Off 10 | 11 | # ETag allows remote attackers to obtain sensitive information like inode 12 | # number, multipart MIME boundary, and child process through Etag header. 13 | # This is required to fix for PCI compliance. 14 | FileETag None 15 | 16 | # By default Trace method is enabled in Apache web server. Having this enabled 17 | # can allow Cross Site Tracing attack and potentially giving an option to a 18 | # hacker to steal cookie information. 19 | TraceEnable off 20 | 21 | # Mitigate most of the common Cross Site Scripting attack using HttpOnly and 22 | # Secure flag in a cookie. Without having HttpOnly and Secure, it is possible 23 | # to steal or manipulate web application session and cookies and it’s 24 | # dangerous. 25 | Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure 26 | 27 | # Clickjacking is well-known web application vulnerabilities. Kill it. 28 | 29 | # GL: Enabled for all domains with some exceptions in 25-sonet-am.conf 30 | # Header always append X-Frame-Options SAMEORIGIN 31 | 32 | # Cross Site Scripting (XSS) protection can be bypassed in many browsers. 33 | # if it was disabled by the user, it'll be caught here. This is used by 34 | # a majority of giant web companies like Facebook, twitter, Google, etc. 35 | Header set X-XSS-Protection "1; mode=block" 36 | 37 | # HTTP 1.0 has security weakness related to session hijacking. We can disable 38 | # this by using the mod_rewrite module. 39 | RewriteEngine On 40 | RewriteCond %{THE_REQUEST} !HTTP/1.1$ 41 | RewriteRule .* - [F] 42 | 43 | # By default Apache time-out value is 300 seconds, which can be a victim of 44 | # Slow Loris attack and DoS. To mitigate this we can lower the timeout value 45 | # to maybe 60 seconds. 46 | Timeout 300 47 | -------------------------------------------------------------------------------- /eramba-app/httpd_run.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -eu 3 | 4 | chmod 777 -R /var/www/sites/eramba_community/app/tmp 5 | 6 | ### UPDATE THE DB DETAILS IN CONFIG ### 7 | db_config_file_template="/var/www/sites/eramba_community/app/Config/database.php.default" 8 | db_config_file="/var/www/sites/eramba_community/app/Config/database.php" 9 | cp -f $db_config_file_template $db_config_file 10 | 11 | sed -i "s#'host' => '',#'host' => '${MYSQL_HOSTNAME}',#g" ${db_config_file} 12 | sed -i "s#'login' => '',#'login' => '${MYSQL_USER}',#g" ${db_config_file} 13 | sed -i "s#'password' => '',#'password' => '${MYSQL_PASSWORD}',#g" ${db_config_file} 14 | sed -i "s#'database' => '',#'database' => '${MYSQL_DATABASE}',#g" ${db_config_file} 15 | sed -i "s#'prefix' => '',#'prefix' => '${DATABASE_PREFIX}',#g" ${db_config_file} 16 | ####################################### 17 | 18 | sed -i "s/Listen 80$/Listen 8080/g" /etc/httpd/conf/httpd.conf 19 | 20 | ### STARTING APACHE ### 21 | rm -vf /var/run/httpd/httpd.pid 22 | exec httpd -DFOREGROUND 23 | -------------------------------------------------------------------------------- /eramba-db/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM mariadb 2 | 3 | MAINTAINER "Mark C" 4 | 5 | ADD ./my.cnf /etc/mysql/conf.d/ 6 | -------------------------------------------------------------------------------- /eramba-db/build_image.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | docker build . -t markz0r/eramba-db 3 | docker push markz0r/eramba-db 4 | -------------------------------------------------------------------------------- /eramba-db/my.cnf: -------------------------------------------------------------------------------- 1 | [mysqld] 2 | sql_mode="" 3 | max_allowed_packet=128000000 4 | innodb_lock_wait_timeout=200 5 | -------------------------------------------------------------------------------- /prep_host_directory_struct.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | BASE_DIR="/data/eramba" 3 | mkdir -p ${BASE_DIR}/mysql ${BASE_DIR}/files ${BASE_DIR}/backups ${BASE_DIR}/erambalogs ${BASE_DIR}/systemlogs 4 | --------------------------------------------------------------------------------