├── .gitignore
├── LICENSE
├── Vagrantfile
├── ansible
    ├── group_vars
    │   └── all
    ├── hosts
    └── roles
    │   ├── memcached
    │       ├── handlers
    │       │   └── main.yml
    │       ├── meta
    │       │   └── main.yml
    │       └── tasks
    │       │   └── main.yml
    │   ├── mysql
    │       ├── handlers
    │       │   └── main.yml
    │       ├── meta
    │       │   └── main.yml
    │       ├── tasks
    │       │   └── main.yml
    │       └── templates
    │       │   ├── .my.cnf.j2
    │       │   └── my.cnf.j2
    │   ├── nginx
    │       ├── files
    │       │   ├── h5bp
    │       │   │   ├── basic.conf
    │       │   │   ├── directive-only
    │       │   │   │   ├── cache-file-descriptors.conf
    │       │   │   │   ├── cross-domain-insecure.conf
    │       │   │   │   ├── extra-security.conf
    │       │   │   │   ├── no-transform.conf
    │       │   │   │   ├── spdy.conf
    │       │   │   │   ├── ssl-stapling.conf
    │       │   │   │   ├── ssl.conf
    │       │   │   │   └── x-ua-compatible.conf
    │       │   │   └── location
    │       │   │   │   ├── cache-busting.conf
    │       │   │   │   ├── cross-domain-fonts.conf
    │       │   │   │   ├── expires.conf
    │       │   │   │   └── protect-system-files.conf
    │       │   ├── index.php
    │       │   ├── mime.types
    │       │   └── nginx.conf
    │       ├── handlers
    │       │   └── main.yml
    │       ├── meta
    │       │   └── main.yml
    │       ├── tasks
    │       │   └── main.yml
    │       └── templates
    │       │   └── vagrantops.conf.j2
    │   ├── php
    │       ├── handlers
    │       │   └── main.yml
    │       ├── meta
    │       │   └── main.yml
    │       ├── tasks
    │       │   └── main.yml
    │       └── templates
    │       │   ├── php.ini.j2
    │       │   └── www.conf.j2
    │   ├── postgresql
    │       ├── files
    │       │   ├── pg_hba.conf
    │       │   └── postgresql.conf
    │       ├── handlers
    │       │   └── main.yml
    │       ├── meta
    │       │   └── main.yml
    │       └── tasks
    │       │   └── main.yml
    │   ├── redis
    │       ├── handlers
    │       │   └── main.yml
    │       ├── meta
    │       │   └── main.yml
    │       └── tasks
    │       │   └── main.yml
    │   ├── server
    │       ├── handlers
    │       │   └── main.yml
    │       ├── meta
    │       │   └── main.yml
    │       └── tasks
    │       │   └── main.yml
    │   └── ssl
    │       ├── meta
    │           └── main.yml
    │       └── tasks
    │           └── main.yml
├── config.yml
├── docs
    ├── development.md
    ├── index.md
    └── quickstart.md
├── mkdocs.yml
├── provision.sh
└── readme.md


/.gitignore:
--------------------------------------------------------------------------------
1 | .DS_Store
2 | ._*
3 | .idea*
4 | .vagrant
5 | site


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2015 vagrant-ops
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 
23 | 


--------------------------------------------------------------------------------
/Vagrantfile:
--------------------------------------------------------------------------------
 1 | # -*- mode: ruby -*-
 2 | # vi: set ft=ruby :
 3 | 
 4 | Vagrant.configure(2) do |config|
 5 | 
 6 |   # TO DO: Move to .rb file
 7 |   # borrow more from https://github.com/laravel/homestead/blob/master/scripts/homestead.rb
 8 |   # Thanks, Taylor and contributors to Homestead!
 9 | 
10 |   config.vm.box = "vagrantops/ubuntu"
11 |   config.vm.hostname = "vagrantops"
12 | 
13 |   # Prevent TTY Errors
14 |   config.ssh.shell = "bash -c 'BASH_ENV=/etc/profile exec bash'"
15 | 
16 |   # Configure A Private Network IP
17 |   config.vm.network :private_network, ip: "192.168.12.12"
18 | 
19 |   # Configure A Few VirtualBox Settings
20 |   config.vm.provider "virtualbox" do |vb|
21 |     vb.name = 'vagrantops'
22 |     vb.customize ["modifyvm", :id, "--memory", "1024"]
23 |     vb.customize ["modifyvm", :id, "--cpus", "1"]
24 |     vb.customize ["modifyvm", :id, "--natdnsproxy1", "on"]
25 |     vb.customize ["modifyvm", :id, "--natdnshostresolver1", "on"]
26 |     vb.customize ["modifyvm", :id, "--ostype", "Ubuntu_64"]
27 | 
28 |     # Set the timesync threshold to 10 seconds, instead of the default 20 minutes.
29 |     # If the clock gets more than 15 minutes out of sync (due to your laptop going
30 |     # to sleep for instance, then some 3rd party services will reject requests.
31 |     vb.customize ["guestproperty", "set", :id, "/VirtualBox/GuestAdd/VBoxService/--timesync-set-threshold", 10000]
32 |   end
33 | 
34 |   # Use NFS for the shared folder (??)
35 |   config.vm.synced_folder ".", "/vagrant",
36 |             id: "core",
37 |             :nfs => true,
38 |             :mount_options => ['nolock,vers=3,udp,noatime']
39 | 
40 |   # Add Ansible and Configuration Files
41 |   config.vm.provision "file", source: "./ansible",    destination: "/home/vagrant/ops/ansible"
42 |   config.vm.provision "file", source: "./config.yml", destination: "/home/vagrant/ops/ansible/config.yml"
43 | 
44 |   # Run Ansible
45 |   config.vm.provision "shell" do |s|
46 |     s.path = "./provision.sh"
47 |     s.privileged = false
48 |   end
49 | end
50 | 


--------------------------------------------------------------------------------
/ansible/group_vars/all:
--------------------------------------------------------------------------------
1 | ---
2 | # General
3 | dev_domain: vagrantops.dev
4 | 
5 | # Database
6 | db_root_pass: root
7 | databases:
8 |   - vagrantops


--------------------------------------------------------------------------------
/ansible/hosts:
--------------------------------------------------------------------------------
1 | [vagrantops]
2 | 127.0.0.1 ansible_ssh_pass=vagrant
3 | 
4 | [vagrantops:vars]
5 | 


--------------------------------------------------------------------------------
/ansible/roles/memcached/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Start Memcached
3 |   service: name=memcached  state=started
4 | 
5 | - name: Restart Memcached
6 |   service: name=memcached  state=restarted


--------------------------------------------------------------------------------
/ansible/roles/memcached/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependencies: []


--------------------------------------------------------------------------------
/ansible/roles/memcached/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Install Memcached
3 |   apt: pkg={{ item }} state=installed update_cache=true
4 |   with_items:
5 |    - memcached
6 |   notify:
7 |    - Start Memcached


--------------------------------------------------------------------------------
/ansible/roles/mysql/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Start MySQL
3 |   service: name=mysql state=started
4 | 
5 | - name: Restart MySQL
6 |   service: name=mysql state=restarted


--------------------------------------------------------------------------------
/ansible/roles/mysql/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependencies: []


--------------------------------------------------------------------------------
/ansible/roles/mysql/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: Install MySQL
 3 |   apt: pkg={{ item }} state=installed
 4 |   with_items:
 5 |    - mysql-server-5.6
 6 |    - python-mysqldb
 7 |   notify:
 8 |     - Start MySQL
 9 | 
10 | - name: Copy the my.cnf file
11 |   template: src=my.cnf.j2 dest=/etc/mysql/my.cnf
12 |   notify:
13 |    - Restart MySQL
14 | 
15 | # Run the following as user vagrant
16 | - name: Remove Anonymous Users
17 |   mysql_user: name='' host={{ item }} state=absent
18 |   with_items:
19 |    - localhost
20 |   sudo_user: vagrant
21 | 
22 | - name: Remove Test Database
23 |   mysql_db: name=test state=absent
24 |   sudo_user: vagrant
25 | 
26 | - name: Create Databases
27 |   mysql_db: name={{ item }} state=present
28 |   with_items: databases
29 |   when: databases|lower() != 'none'
30 |   sudo_user: vagrant
31 | 
32 | - name: Update MySQL Root Password for All root Accounts
33 |   mysql_user: name=root host={{ item }} password={{ db_root_pass }}
34 |   with_items:
35 |    - 127.0.0.1
36 |    - ::1
37 |    - localhost
38 |   sudo_user: vagrant
39 | 
40 | # Set user vagrant's ability to login without
41 | # specifying user or password. The above setting of
42 | # password for root user is mandatory for this to work
43 | #
44 | # This must be *last* in order to make this an idempotent action
45 | - name: Copy .my.cnf File with root Password
46 |   template: src=.my.cnf.j2 dest=/home/vagrant/.my.cnf owner=vagrant group=vagrant mode=0600


--------------------------------------------------------------------------------
/ansible/roles/mysql/templates/.my.cnf.j2:
--------------------------------------------------------------------------------
1 | [client]
2 | user=root
3 | password={{ db_root_pass }}


--------------------------------------------------------------------------------
/ansible/roles/mysql/templates/my.cnf.j2:
--------------------------------------------------------------------------------
  1 | #
  2 | # The MySQL database server configuration file.
  3 | #
  4 | # You can copy this to one of:
  5 | # - "/etc/mysql/my.cnf" to set global options,
  6 | # - "~/.my.cnf" to set user-specific options.
  7 | #
  8 | # One can use all long options that the program supports.
  9 | # Run program with --help to get a list of available options and with
 10 | # --print-defaults to see which it would actually understand and use.
 11 | #
 12 | # For explanations see
 13 | # http://dev.mysql.com/doc/mysql/en/server-system-variables.html
 14 | 
 15 | # This will be passed to all mysql clients
 16 | # It has been reported that passwords should be enclosed with ticks/quotes
 17 | # escpecially if they contain "#" chars...
 18 | # Remember to edit /etc/mysql/debian.cnf when changing the socket location.
 19 | [client]
 20 | port        = 3306
 21 | socket      = /var/run/mysqld/mysqld.sock
 22 | 
 23 | # Here is entries for some specific programs
 24 | # The following values assume you have at least 32M ram
 25 | 
 26 | # This was formally known as [safe_mysqld]. Both versions are currently parsed.
 27 | [mysqld_safe]
 28 | socket      = /var/run/mysqld/mysqld.sock
 29 | nice        = 0
 30 | 
 31 | [mysqld]
 32 | #
 33 | # * Basic Settings
 34 | #
 35 | user        = mysql
 36 | pid-file    = /var/run/mysqld/mysqld.pid
 37 | socket      = /var/run/mysqld/mysqld.sock
 38 | port        = 3306
 39 | basedir     = /usr
 40 | datadir     = /var/lib/mysql
 41 | tmpdir      = /tmp
 42 | lc-messages-dir = /usr/share/mysql
 43 | skip-external-locking
 44 | #
 45 | # Instead of skip-networking the default is now to listen only on
 46 | # localhost which is more compatible and is not less secure.
 47 | bind-address        = 0.0.0.0
 48 | #
 49 | # * Fine Tuning
 50 | #
 51 | key_buffer      = 16M
 52 | max_allowed_packet  = 16M
 53 | thread_stack        = 192K
 54 | thread_cache_size       = 8
 55 | # This replaces the startup script and checks MyISAM tables if needed
 56 | # the first time they are touched
 57 | myisam-recover         = BACKUP
 58 | #max_connections        = 100
 59 | #table_cache            = 64
 60 | #thread_concurrency     = 10
 61 | #
 62 | # * Query Cache Configuration
 63 | #
 64 | query_cache_limit   = 1M
 65 | query_cache_size        = 16M
 66 | #
 67 | # * Logging and Replication
 68 | #
 69 | # Both location gets rotated by the cronjob.
 70 | # Be aware that this log type is a performance killer.
 71 | # As of 5.1 you can enable the log at runtime!
 72 | #general_log_file        = /var/log/mysql/mysql.log
 73 | #general_log             = 1
 74 | #
 75 | # Error log - should be very few entries.
 76 | #
 77 | log_error = /var/log/mysql/error.log
 78 | #
 79 | # Here you can see queries with especially long duration
 80 | #log_slow_queries   = /var/log/mysql/mysql-slow.log
 81 | #long_query_time = 2
 82 | #log-queries-not-using-indexes
 83 | #
 84 | # The following can be used as easy to replay backup logs or for replication.
 85 | # note: if you are setting up a replication slave, see README.Debian about
 86 | #       other settings you may need to change.
 87 | #server-id      = 1
 88 | #log_bin            = /var/log/mysql/mysql-bin.log
 89 | expire_logs_days    = 10
 90 | max_binlog_size         = 100M
 91 | #binlog_do_db       = include_database_name
 92 | #binlog_ignore_db   = include_database_name
 93 | #
 94 | # * InnoDB
 95 | #
 96 | # InnoDB is enabled by default with a 10MB datafile in /var/lib/mysql/.
 97 | # Read the manual for more InnoDB related options. There are many!
 98 | #
 99 | # * Security Features
100 | #
101 | # Read the manual, too, if you want chroot!
102 | # chroot = /var/lib/mysql/
103 | #
104 | # For generating SSL certificates I recommend the OpenSSL GUI "tinyca".
105 | #
106 | # ssl-ca=/etc/mysql/cacert.pem
107 | # ssl-cert=/etc/mysql/server-cert.pem
108 | # ssl-key=/etc/mysql/server-key.pem
109 | 
110 | 
111 | 
112 | [mysqldump]
113 | quick
114 | quote-names
115 | max_allowed_packet  = 16M
116 | 
117 | [mysql]
118 | #no-auto-rehash # faster start of mysql but no tab completition
119 | 
120 | [isamchk]
121 | key_buffer      = 16M
122 | 
123 | #
124 | # * IMPORTANT: Additional settings that can override those from this file!
125 | #   The files must end with '.cnf', otherwise they'll be ignored.
126 | #
127 | !includedir /etc/mysql/conf.d/
128 | 


--------------------------------------------------------------------------------
/ansible/roles/nginx/files/h5bp/basic.conf:
--------------------------------------------------------------------------------
1 | # Basic h5bp rules
2 | 
3 | include h5bp/directive-only/x-ua-compatible.conf;
4 | include h5bp/location/expires.conf;
5 | include h5bp/location/cross-domain-fonts.conf;
6 | include h5bp/location/protect-system-files.conf;
7 | 


--------------------------------------------------------------------------------
/ansible/roles/nginx/files/h5bp/directive-only/cache-file-descriptors.conf:
--------------------------------------------------------------------------------
 1 | # This tells Nginx to cache open file handles, "not found" errors, metadata about files and their permissions, etc.
 2 | #
 3 | # The upside of this is that Nginx can immediately begin sending data when a popular file is requested,
 4 | # and will also know to immediately send a 404 if a file is missing on disk, and so on.
 5 | #
 6 | # However, it also means that the server won't react immediately to changes on disk, which may be undesirable.
 7 | #
 8 | # In the below configuration, inactive files are released from the cache after 20 seconds, whereas
 9 | # active (recently requested) files are re-validated every 30 seconds.
10 | #
11 | # Descriptors will not be cached unless they are used at least 2 times within 20 seconds (the inactive time).
12 | #
13 | # A maximum of the 1000 most recently used file descriptors can be cached at any time.
14 | #
15 | # Production servers with stable file collections will definitely want to enable the cache.
16 | open_file_cache          max=1000 inactive=20s;
17 | open_file_cache_valid    30s;
18 | open_file_cache_min_uses 2;
19 | open_file_cache_errors   on;
20 | 


--------------------------------------------------------------------------------
/ansible/roles/nginx/files/h5bp/directive-only/cross-domain-insecure.conf:
--------------------------------------------------------------------------------
 1 | # Cross domain AJAX requests
 2 | 
 3 | # **Security Warning**
 4 | # Do not use this without understanding the consequences.
 5 | # This will permit access from any other website.
 6 | #
 7 | add_header "Access-Control-Allow-Origin" "*";
 8 | 
 9 | # Instead of using this file, consider using a specific rule such as:
10 | #
11 | # Allow access based on [sub]domain:
12 | #    add_header "Access-Control-Allow-Origin" "subdomain.example.com";
13 | # OR
14 | #    add_header "Access-Control-Allow-Origin" "*.example.com";
15 | 
16 | 


--------------------------------------------------------------------------------
/ansible/roles/nginx/files/h5bp/directive-only/extra-security.conf:
--------------------------------------------------------------------------------
 1 | # The X-Frame-Options header indicates whether a browser should be allowed
 2 | # to render a page within a frame or iframe.
 3 | add_header X-Frame-Options SAMEORIGIN;
 4 |  
 5 | # MIME type sniffing security protection
 6 | #	There are very few edge cases where you wouldn't want this enabled.
 7 | add_header X-Content-Type-Options nosniff;
 8 |  
 9 | # The X-XSS-Protection header is used by Internet Explorer version 8+
10 | # The header instructs IE to enable its inbuilt anti-cross-site scripting filter.
11 | add_header X-XSS-Protection "1; mode=block";
12 |  
13 | # with Content Security Policy (CSP) enabled (and a browser that supports it (http://caniuse.com/#feat=contentsecuritypolicy),
14 | # you can tell the browser that it can only download content from the domains you explicitly allow
15 | # CSP can be quite difficult to configure, and cause real issues if you get it wrong
16 | # There is website that helps you generate a policy here http://cspisawesome.com/
17 | # add_header Content-Security-Policy "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://www.google-analytics.com;";
18 | 


--------------------------------------------------------------------------------
/ansible/roles/nginx/files/h5bp/directive-only/no-transform.conf:
--------------------------------------------------------------------------------
 1 | # Prevent mobile network providers from modifying your site
 2 | #
 3 | # (!) If you are using `ngx_pagespeed`, please note that setting
 4 | # the `Cache-Control: no-transform` response header will prevent
 5 | # `PageSpeed` from rewriting `HTML` files, and, if
 6 | # `pagespeed DisableRewriteOnNoTransform off` is not used, also
 7 | # from rewriting other resources.
 8 | #
 9 | # https://developers.google.com/speed/pagespeed/module/configuration#notransform
10 | 
11 | add_header "Cache-Control" "no-transform";
12 | 


--------------------------------------------------------------------------------
/ansible/roles/nginx/files/h5bp/directive-only/spdy.conf:
--------------------------------------------------------------------------------
 1 | # Nginx's spdy module is compiled by default from 1.6
 2 | # SPDY only works on HTTPS connections
 3 | 
 4 | # Inform browser of SPDY availability 
 5 | add_header Alternate-Protocol  443:npn-spdy/3;
 6 | 
 7 | # Adjust connection keepalive for SPDY clients:
 8 | spdy_keepalive_timeout 300; # up from 180 secs default
 9 | 
10 | # enable SPDY header compression
11 | spdy_headers_comp 6;
12 | 


--------------------------------------------------------------------------------
/ansible/roles/nginx/files/h5bp/directive-only/ssl-stapling.conf:
--------------------------------------------------------------------------------
 1 | # OCSP stapling...
 2 | ssl_stapling on;
 3 | ssl_stapling_verify on;
 4 | 
 5 | #trusted cert must be made up of your intermediate certificate followed by root certificate
 6 | #ssl_trusted_certificate /path/to/ca.crt; 
 7 | 
 8 | resolver 8.8.8.8 8.8.4.4 216.146.35.35 216.146.36.36 valid=60s;
 9 | resolver_timeout 2s;
10 | 


--------------------------------------------------------------------------------
/ansible/roles/nginx/files/h5bp/directive-only/ssl.conf:
--------------------------------------------------------------------------------
 1 | # Protect against the BEAST and POODLE attacks by not using SSLv3 at all. If you need to support older browsers (IE6) you may need to add
 2 | # SSLv3 to the list of protocols below.
 3 | ssl_protocols              TLSv1 TLSv1.1 TLSv1.2;
 4 | 
 5 | # Ciphers set to best allow protection from Beast, while providing forwarding secrecy, as defined by Mozilla (Intermediate Set) - https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
 6 | ssl_ciphers                ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA;
 7 | ssl_prefer_server_ciphers  on;
 8 | 
 9 | # Optimize SSL by caching session parameters for 10 minutes. This cuts down on the number of expensive SSL handshakes.
10 | # The handshake is the most CPU-intensive operation, and by default it is re-negotiated on every new/parallel connection.
11 | # By enabling a cache (of type "shared between all Nginx workers"), we tell the client to re-use the already negotiated state.
12 | # Further optimization can be achieved by raising keepalive_timeout, but that shouldn't be done unless you serve primarily HTTPS.
13 | ssl_session_cache    shared:SSL:10m; # a 1mb cache can hold about 4000 sessions, so we can hold 40000 sessions
14 | ssl_session_timeout  24h;
15 | 
16 | # SSL buffer size was added in 1.5.9
17 | #ssl_buffer_size      1400; # 1400 bytes to fit in one MTU
18 | 
19 | # Session tickets appeared in version 1.5.9
20 | #
21 | # nginx does not auto-rotate session ticket keys: only a HUP / restart will do so and
22 | # when a restart is performed the previous key is lost, which resets all previous
23 | # sessions. The fix for this is to setup a manual rotation mechanism:
24 | # http://trac.nginx.org/nginx/changeset/1356a3b9692441e163b4e78be4e9f5a46c7479e9/nginx
25 | #
26 | # Note that you'll have to define and rotate the keys securely by yourself. In absence
27 | # of such infrastructure, consider turning off session tickets:
28 | #ssl_session_tickets off;
29 | 
30 | # Use a higher keepalive timeout to reduce the need for repeated handshakes
31 | keepalive_timeout 300; # up from 75 secs default
32 | 
33 | # HSTS (HTTP Strict Transport Security)
34 | # This header tells browsers to cache the certificate for a year and to connect exclusively via HTTPS.
35 | #add_header Strict-Transport-Security "max-age=31536000;";
36 | # This version tells browsers to treat all subdomains the same as this site and to load exclusively over HTTPS
37 | #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
38 | 
39 | # This default SSL certificate will be served whenever the client lacks support for SNI (Server Name Indication).
40 | # Make it a symlink to the most important certificate you have, so that users of IE 8 and below on WinXP can see your main site without SSL errors.
41 | #ssl_certificate      /etc/nginx/default_ssl.crt;
42 | #ssl_certificate_key  /etc/nginx/default_ssl.key;
43 | 
44 | # Consider using OCSP Stapling as shown in ssl-stapling.conf
45 | 


--------------------------------------------------------------------------------
/ansible/roles/nginx/files/h5bp/directive-only/x-ua-compatible.conf:
--------------------------------------------------------------------------------
1 | # Force the latest IE version
2 | add_header "X-UA-Compatible" "IE=Edge";
3 | 


--------------------------------------------------------------------------------
/ansible/roles/nginx/files/h5bp/location/cache-busting.conf:
--------------------------------------------------------------------------------
 1 | # Built-in filename-based cache busting
 2 | 
 3 | # https://github.com/h5bp/html5-boilerplate/blob/5370479476dceae7cc3ea105946536d6bc0ee468/.htaccess#L403
 4 | # This will route all requests for /css/style.20120716.css to /css/style.css
 5 | # Read also this: github.com/h5bp/html5-boilerplate/wiki/cachebusting
 6 | # This is not included by default, because it'd be better if you use the build
 7 | # script to manage the file names.
 8 | location ~* (.+)\.(?:\d+)\.(js|css|png|jpg|jpeg|gif)$ {
 9 |    try_files $uri $1.$2;
10 | }
11 | 


--------------------------------------------------------------------------------
/ansible/roles/nginx/files/h5bp/location/cross-domain-fonts.conf:
--------------------------------------------------------------------------------
 1 | # Cross domain webfont access
 2 | location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
 3 |     include h5bp/directive-only/cross-domain-insecure.conf;
 4 | 
 5 |     # Also, set cache rules for webfonts.
 6 |     #
 7 |     # See http://wiki.nginx.org/HttpCoreModule#location
 8 |     # And https://github.com/h5bp/server-configs/issues/85
 9 |     # And https://github.com/h5bp/server-configs/issues/86
10 |     expires 1M;
11 |     access_log off;
12 |     add_header Cache-Control "public";
13 | }
14 | 


--------------------------------------------------------------------------------
/ansible/roles/nginx/files/h5bp/location/expires.conf:
--------------------------------------------------------------------------------
 1 | # Expire rules for static content
 2 | 
 3 | # No default expire rule. This config mirrors that of apache as outlined in the
 4 | # html5-boilerplate .htaccess file. However, nginx applies rules by location,
 5 | # the apache rules are defined by type. A consequence of this difference is that
 6 | # if you use no file extension in the url and serve html, with apache you get an
 7 | # expire time of 0s, with nginx you'd get an expire header of one month in the
 8 | # future (if the default expire rule is 1 month). Therefore, do not use a
 9 | # default expire rule with nginx unless your site is completely static
10 | 
11 | # cache.appcache, your document html and data
12 | location ~* \.(?:manifest|appcache|html?|xml|json)$ {
13 |   expires -1;
14 |   # access_log logs/static.log;
15 | }
16 | 
17 | # Feed
18 | location ~* \.(?:rss|atom)$ {
19 |   expires 1h;
20 |   add_header Cache-Control "public";
21 | }
22 | 
23 | # Media: images, icons, video, audio, HTC
24 | location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
25 |   expires 1M;
26 |   access_log off;
27 |   add_header Cache-Control "public";
28 | }
29 | 
30 | # CSS and Javascript
31 | location ~* \.(?:css|js)$ {
32 |   expires 1y;
33 |   access_log off;
34 |   add_header Cache-Control "public";
35 | }
36 | 
37 | # WebFonts
38 | # If you are NOT using cross-domain-fonts.conf, uncomment the following directive
39 | # location ~* \.(?:ttf|ttc|otf|eot|woff|woff2)$ {
40 | #  expires 1M;
41 | #  access_log off;
42 | #  add_header Cache-Control "public";
43 | # }
44 | 


--------------------------------------------------------------------------------
/ansible/roles/nginx/files/h5bp/location/protect-system-files.conf:
--------------------------------------------------------------------------------
 1 | # Prevent clients from accessing hidden files (starting with a dot)
 2 | # This is particularly important if you store .htpasswd files in the site hierarchy
 3 | location ~* (?:^|/)\. {
 4 |     deny all;
 5 | }
 6 | 
 7 | # Prevent clients from accessing to backup/config/source files
 8 | location ~* (?:\.(?:bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$ {
 9 |     deny all;
10 | }
11 | 


--------------------------------------------------------------------------------
/ansible/roles/nginx/files/index.php:
--------------------------------------------------------------------------------
1 | <?php
2 | 
3 | phpinfo();


--------------------------------------------------------------------------------
/ansible/roles/nginx/files/mime.types:
--------------------------------------------------------------------------------
  1 | types {
  2 | 
  3 | # Audio
  4 |   audio/midi                            mid midi kar;
  5 |   audio/mp4                             aac f4a f4b m4a;
  6 |   audio/mpeg                            mp3;
  7 |   audio/ogg                             oga ogg opus;
  8 |   audio/x-realaudio                     ra;
  9 |   audio/x-wav                           wav;
 10 | 
 11 | # Images
 12 |   image/bmp                             bmp;
 13 |   image/gif                             gif;
 14 |   image/jpeg                            jpeg jpg;
 15 |   image/png                             png;
 16 |   image/svg+xml                         svg svgz;
 17 |   image/tiff                            tif tiff;
 18 |   image/vnd.wap.wbmp                    wbmp;
 19 |   image/webp                            webp;
 20 |   image/x-icon                          ico cur;
 21 |   image/x-jng                           jng;
 22 | 
 23 | # JavaScript
 24 |   application/javascript                js;
 25 |   application/json                      json;
 26 | 
 27 | # Manifest files
 28 |   application/x-web-app-manifest+json   webapp;
 29 |   text/cache-manifest                   manifest appcache;
 30 | 
 31 | # Microsoft Office
 32 |   application/msword                                                         doc;
 33 |   application/vnd.ms-excel                                                   xls;
 34 |   application/vnd.ms-powerpoint                                              ppt;
 35 |   application/vnd.openxmlformats-officedocument.wordprocessingml.document    docx;
 36 |   application/vnd.openxmlformats-officedocument.spreadsheetml.sheet          xlsx;
 37 |   application/vnd.openxmlformats-officedocument.presentationml.presentation  pptx;
 38 | 
 39 | # Video
 40 |   video/3gpp                            3gpp 3gp;
 41 |   video/mp4                             mp4 m4v f4v f4p;
 42 |   video/mpeg                            mpeg mpg;
 43 |   video/ogg                             ogv;
 44 |   video/quicktime                       mov;
 45 |   video/webm                            webm;
 46 |   video/x-flv                           flv;
 47 |   video/x-mng                           mng;
 48 |   video/x-ms-asf                        asx asf;
 49 |   video/x-ms-wmv                        wmv;
 50 |   video/x-msvideo                       avi;
 51 | 
 52 | # Web feeds
 53 |   application/atom+xml                  atom;
 54 |   application/rss+xml                   rss;
 55 |   application/xml                       rdf xml;
 56 |   application/xslt+xml                  xsl;
 57 | 
 58 | # Web fonts
 59 |   application/font-woff                 woff;
 60 |   application/font-woff2                woff2;
 61 |   application/vnd.ms-fontobject         eot;
 62 |   application/x-font-ttf                ttc ttf;
 63 |   font/opentype                         otf;
 64 | 
 65 | # Other
 66 |   application/java-archive              jar war ear;
 67 |   application/mac-binhex40              hqx;
 68 |   application/pdf                       pdf;
 69 |   application/postscript                ps eps ai;
 70 |   application/rtf                       rtf;
 71 |   application/vnd.wap.wmlc              wmlc;
 72 |   application/xhtml+xml                 xhtml;
 73 |   application/vnd.google-earth.kml+xml  kml;
 74 |   application/vnd.google-earth.kmz      kmz;
 75 |   application/x-7z-compressed           7z;
 76 |   application/x-chrome-extension        crx;
 77 |   application/x-opera-extension         oex;
 78 |   application/x-xpinstall               xpi;
 79 |   application/x-cocoa                   cco;
 80 |   application/x-java-archive-diff       jardiff;
 81 |   application/x-java-jnlp-file          jnlp;
 82 |   application/x-makeself                run;
 83 |   application/x-perl                    pl pm;
 84 |   application/x-pilot                   prc pdb;
 85 |   application/x-rar-compressed          rar;
 86 |   application/x-redhat-package-manager  rpm;
 87 |   application/x-sea                     sea;
 88 |   application/x-shockwave-flash         swf;
 89 |   application/x-stuffit                 sit;
 90 |   application/x-tcl                     tcl tk;
 91 |   application/x-x509-ca-cert            der pem crt;
 92 |   application/x-bittorrent              torrent;
 93 |   application/zip                       zip;
 94 | 
 95 |   application/octet-stream              bin exe dll;
 96 |   application/octet-stream              deb;
 97 |   application/octet-stream              dmg;
 98 |   application/octet-stream              iso img;
 99 |   application/octet-stream              msi msp msm;
100 |   application/octet-stream              safariextz;
101 | 
102 |   text/css                              css;
103 |   text/html                             html htm shtml;
104 |   text/mathml                           mml;
105 |   text/plain                            txt;
106 |   text/vnd.sun.j2me.app-descriptor      jad;
107 |   text/vnd.wap.wml                      wml;
108 |   text/vtt                              vtt;
109 |   text/x-component                      htc;
110 |   text/x-vcard                          vcf;
111 | 
112 | }
113 | 


--------------------------------------------------------------------------------
/ansible/roles/nginx/files/nginx.conf:
--------------------------------------------------------------------------------
 1 | user www-data;
 2 | worker_processes 2;
 3 | pid /run/nginx.pid;
 4 | 
 5 | events {
 6 |         worker_connections 768;
 7 |         # multi_accept on;
 8 | }
 9 | 
10 | http {
11 |         ##
12 |         # Basic Settings
13 |         ##
14 | 
15 |         sendfile off;
16 |         tcp_nopush on;
17 |         tcp_nodelay on;
18 |         keepalive_timeout 20;
19 |         types_hash_max_size 2048;
20 |         server_tokens off;
21 | 
22 |         # server_names_hash_bucket_size 64;
23 |         # server_name_in_redirect off;
24 | 
25 |         include /etc/nginx/mime.types;
26 |         default_type application/octet-stream;
27 | 
28 |         # Update charset_types due to updated mime.types
29 |         charset_types text/xml text/plain text/vnd.wap.wml application/x-javascript application/rss+xml text/css application/javascript application/json;
30 | 
31 |         ##
32 |         # Logging Settings
33 |         ##
34 | 
35 |         access_log /var/log/nginx/access.log;
36 |         error_log /var/log/nginx/error.log;
37 | 
38 |         ##
39 |         # Gzip Settings
40 |         ##
41 | 
42 |         gzip on;
43 |         gzip_disable "msie6";
44 |         gzip_comp_level    5;
45 |         gzip_min_length    256;
46 |         gzip_proxied       any;
47 |         gzip_vary          on;
48 |         gzip_types
49 |             application/atom+xml
50 |             application/javascript
51 |             application/json
52 |             application/rss+xml
53 |             application/vnd.ms-fontobject
54 |             application/x-font-ttf
55 |             application/x-web-app-manifest+json
56 |             application/xhtml+xml
57 |             application/xml
58 |             font/opentype
59 |             image/svg+xml
60 |             image/x-icon
61 |             text/css
62 |             text/plain
63 |             text/x-component;
64 | 
65 |         ##
66 |         # Virtual Host Configs
67 |         ##
68 | 
69 |         include /etc/nginx/conf.d/*.conf;
70 |         include /etc/nginx/sites-enabled/*;
71 | }


--------------------------------------------------------------------------------
/ansible/roles/nginx/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Start Nginx
3 |   service: name=nginx state=started
4 | 
5 | - name: Reload Nginx
6 |   service: name=nginx state=reloaded
7 | 


--------------------------------------------------------------------------------
/ansible/roles/nginx/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependencies:
3 |   - { role: ssl }


--------------------------------------------------------------------------------
/ansible/roles/nginx/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: Add Nginx Repository
 3 |   apt_repository: repo='ppa:nginx/stable' state=present
 4 | 
 5 | - name: Install Nginx
 6 |   apt: pkg=nginx state=installed update_cache=true
 7 |   notify:
 8 |     - Start Nginx
 9 | 
10 | - name: Add H5BP Config
11 |   copy: src=h5bp dest=/etc/nginx owner=root group=root
12 | 
13 | - name: Add Nginx Config
14 |   copy: src=nginx.conf dest=/etc/nginx/nginx.conf owner=root group=root
15 | 
16 | - name: Add Nginx Mime Types
17 |   copy: src=mime.types dest=/etc/nginx/mime.types owner=root group=root
18 | 
19 | - name: Disable Default Site
20 |   file: dest=/etc/nginx/sites-enabled/default state=absent
21 | 
22 | - name: Add Vagrantops Config
23 |   template: src=vagrantops.conf.j2 dest=/etc/nginx/sites-available/{{ dev_domain }}.conf owner=root group=root
24 |   notify:
25 |     - Reload Nginx
26 | 
27 | - name: Enable Vagrantops Config
28 |   file: src=/etc/nginx/sites-available/{{ dev_domain }}.conf dest=/etc/nginx/sites-enabled/{{ dev_domain }}.conf state=link
29 |   notify:
30 |     - Reload Nginx
31 | 
32 | - name: Create Web Root
33 |   file: dest=/var/www/{{ dev_domain }}/public mode='u=rwx,go=rx' state=directory owner=www-data group=www-data
34 | 
35 | - name: Add Index.php
36 |   copy: src=index.php dest=/var/www/{{ dev_domain }}/public/index.php owner=www-data group=www-data
37 | 
38 | - name: Force Nginx Reload
39 |   service: name=nginx state=reloaded


--------------------------------------------------------------------------------
/ansible/roles/nginx/templates/vagrantops.conf.j2:
--------------------------------------------------------------------------------
 1 | #server {
 2 | #    # Enforce the use of HTTPS
 3 | #    listen 80 default_server;
 4 | #    server_name *.vagrantops.dev;
 5 | #    return 301 https://$host$request_uri;
 6 | #}
 7 | 
 8 | server {
 9 |     listen 80 default_server;
10 |     listen 443 default_server ssl;
11 | 
12 |     root /var/www/{{ dev_domain }}/public;
13 | 
14 |     index index.html index.htm index.php;
15 | 
16 |     access_log /var/log/nginx/vagrantops.log;
17 |     error_log  /var/log/nginx/vagrantops-error.log error;
18 | 
19 |     server_name vagrantops.dev *.vagrantops.dev;
20 | 
21 |     charset utf-8;
22 | 
23 |     include h5bp/basic.conf;
24 | 
25 |     ssl_certificate           /etc/ssl/vagrantops/{{ dev_domain }}.crt;
26 |     ssl_certificate_key       /etc/ssl/vagrantops/{{ dev_domain }}.key;
27 |     include h5bp/directive-only/ssl.conf;
28 | 
29 | 
30 |     location / {
31 |         try_files $uri $uri/ /index.php$is_args$args;
32 |     }
33 | 
34 |     location = /favicon.ico { log_not_found off; access_log off; }
35 |     location = /robots.txt  { log_not_found off; access_log off; }
36 | 
37 |     location ~ \.php$ {
38 |        include snippets/fastcgi-php.conf;
39 |        fastcgi_pass unix:/var/run/php5-fpm.sock;
40 |     }
41 | 
42 |     location ~ ^/(fpmstatus|fpmping)$ {
43 |         access_log off;
44 |         allow 127.0.0.1;
45 |         deny all;
46 |         include snippets/fastcgi-php.conf;
47 |         fastcgi_pass unix:/var/run/php5-fpm.sock;
48 |     }
49 | }
50 | 


--------------------------------------------------------------------------------
/ansible/roles/php/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Start PHP-FPM
3 |   service: name=php5-fpm state=started
4 | 
5 | - name: Restart PHP-FPM
6 |   service: name=php5-fpm state=restarted


--------------------------------------------------------------------------------
/ansible/roles/php/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependencies: []


--------------------------------------------------------------------------------
/ansible/roles/php/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: Add PHP Repository
 3 |   apt_repository: repo='ppa:ondrej/php5-5.6' state=present
 4 | 
 5 | - name: Install PHP and PHP-FPM
 6 |   apt: pkg={{ item }} state=installed update_cache=true
 7 |   with_items:
 8 |    - php5-fpm
 9 |    - php5-cli
10 |    - php5-pgsql
11 |    - php5-mysql
12 |    - php5-sqlite
13 |    - php5-curl
14 |    - php5-gd
15 |    - php5-mcrypt
16 |    - php5-memcached
17 |    - php5-intl
18 |    - php5-imap
19 |    - php5-ldap
20 |    - php5-xdebug
21 |   notify:
22 |     - Start PHP-FPM
23 | 
24 | - name: Install Composer
25 |   shell: curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin creates=/usr/local/bin/composer
26 | 
27 | - name: Rename composer.phar to composer
28 |   shell: mv /usr/local/bin/composer.phar /usr/local/bin/composer creates=/usr/local/bin/composer
29 | 
30 | - name: Make Composer Executable
31 |   shell: chmod a+x /usr/local/bin/composer
32 | 
33 | - name: Composer Self Update
34 |   shell: composer self-update
35 | 
36 | # Temporary fix for Ansible bug #1170
37 | # https://github.com/ansible/ansible-modules-core/issues/1170
38 | - name: Remove php-fpm init.d
39 |   file: path=/etc/init.d/php5-fpm state=absent
40 | 
41 | - name: Add PHP-FPM PHP Configuration
42 |   template: src=php.ini.j2 dest=/etc/php5/fpm/php.ini owner=root group=root
43 |   notify:
44 |     - Restart PHP-FPM
45 | 
46 | - name: Add Default Resource Pool
47 |   template: src=www.conf.j2 dest=/etc/php5/fpm/pool.d/www.conf owner=root group=root mode=644
48 |   notify:
49 |     - Restart PHP-FPM
50 | 


--------------------------------------------------------------------------------
/ansible/roles/php/templates/php.ini.j2:
--------------------------------------------------------------------------------
   1 | [PHP]
   2 | 
   3 | ;;;;;;;;;;;;;;;;;;;
   4 | ; About php.ini   ;
   5 | ;;;;;;;;;;;;;;;;;;;
   6 | ; PHP's initialization file, generally called php.ini, is responsible for
   7 | ; configuring many of the aspects of PHP's behavior.
   8 | 
   9 | ; PHP attempts to find and load this configuration from a number of locations.
  10 | ; The following is a summary of its search order:
  11 | ; 1. SAPI module specific location.
  12 | ; 2. The PHPRC environment variable. (As of PHP 5.2.0)
  13 | ; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0)
  14 | ; 4. Current working directory (except CLI)
  15 | ; 5. The web server's directory (for SAPI modules), or directory of PHP
  16 | ; (otherwise in Windows)
  17 | ; 6. The directory from the --with-config-file-path compile time option, or the
  18 | ; Windows directory (C:\windows or C:\winnt)
  19 | ; See the PHP docs for more specific information.
  20 | ; http://php.net/configuration.file
  21 | 
  22 | ; The syntax of the file is extremely simple.  Whitespace and lines
  23 | ; beginning with a semicolon are silently ignored (as you probably guessed).
  24 | ; Section headers (e.g. [Foo]) are also silently ignored, even though
  25 | ; they might mean something in the future.
  26 | 
  27 | ; Directives following the section heading [PATH=/www/mysite] only
  28 | ; apply to PHP files in the /www/mysite directory.  Directives
  29 | ; following the section heading [HOST=www.example.com] only apply to
  30 | ; PHP files served from www.example.com.  Directives set in these
  31 | ; special sections cannot be overridden by user-defined INI files or
  32 | ; at runtime. Currently, [PATH=] and [HOST=] sections only work under
  33 | ; CGI/FastCGI.
  34 | ; http://php.net/ini.sections
  35 | 
  36 | ; Directives are specified using the following syntax:
  37 | ; directive = value
  38 | ; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
  39 | ; Directives are variables used to configure PHP or PHP extensions.
  40 | ; There is no name validation.  If PHP can't find an expected
  41 | ; directive because it is not set or is mistyped, a default value will be used.
  42 | 
  43 | ; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
  44 | ; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
  45 | ; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a
  46 | ; previously set variable or directive (e.g. ${foo})
  47 | 
  48 | ; Expressions in the INI file are limited to bitwise operators and parentheses:
  49 | ; |  bitwise OR
  50 | ; ^  bitwise XOR
  51 | ; &  bitwise AND
  52 | ; ~  bitwise NOT
  53 | ; !  boolean NOT
  54 | 
  55 | ; Boolean flags can be turned on using the values 1, On, True or Yes.
  56 | ; They can be turned off using the values 0, Off, False or No.
  57 | 
  58 | ; An empty string can be denoted by simply not writing anything after the equal
  59 | ; sign, or by using the None keyword:
  60 | 
  61 | ;  foo =         ; sets foo to an empty string
  62 | ;  foo = None    ; sets foo to an empty string
  63 | ;  foo = "None"  ; sets foo to the string 'None'
  64 | 
  65 | ; If you use constants in your value, and these constants belong to a
  66 | ; dynamically loaded extension (either a PHP extension or a Zend extension),
  67 | ; you may only use these constants *after* the line that loads the extension.
  68 | 
  69 | ;;;;;;;;;;;;;;;;;;;
  70 | ; About this file ;
  71 | ;;;;;;;;;;;;;;;;;;;
  72 | ; PHP comes packaged with two INI files. One that is recommended to be used
  73 | ; in production environments and one that is recommended to be used in
  74 | ; development environments.
  75 | 
  76 | ; php.ini-production contains settings which hold security, performance and
  77 | ; best practices at its core. But please be aware, these settings may break
  78 | ; compatibility with older or less security conscience applications. We
  79 | ; recommending using the production ini in production and testing environments.
  80 | 
  81 | ; php.ini-development is very similar to its production variant, except it is
  82 | ; much more verbose when it comes to errors. We recommend using the
  83 | ; development version only in development environments, as errors shown to
  84 | ; application users can inadvertently leak otherwise secure information.
  85 | 
  86 | ; This is php.ini-production INI file.
  87 | 
  88 | ;;;;;;;;;;;;;;;;;;;
  89 | ; Quick Reference ;
  90 | ;;;;;;;;;;;;;;;;;;;
  91 | ; The following are all the settings which are different in either the production
  92 | ; or development versions of the INIs with respect to PHP's default behavior.
  93 | ; Please see the actual settings later in the document for more details as to why
  94 | ; we recommend these changes in PHP's behavior.
  95 | 
  96 | ; display_errors
  97 | ;   Default Value: On
  98 | ;   Development Value: On
  99 | ;   Production Value: Off
 100 | 
 101 | ; display_startup_errors
 102 | ;   Default Value: Off
 103 | ;   Development Value: On
 104 | ;   Production Value: Off
 105 | 
 106 | ; error_reporting
 107 | ;   Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
 108 | ;   Development Value: E_ALL
 109 | ;   Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
 110 | 
 111 | ; html_errors
 112 | ;   Default Value: On
 113 | ;   Development Value: On
 114 | ;   Production value: On
 115 | 
 116 | ; log_errors
 117 | ;   Default Value: Off
 118 | ;   Development Value: On
 119 | ;   Production Value: On
 120 | 
 121 | ; max_input_time
 122 | ;   Default Value: -1 (Unlimited)
 123 | ;   Development Value: 60 (60 seconds)
 124 | ;   Production Value: 60 (60 seconds)
 125 | 
 126 | ; output_buffering
 127 | ;   Default Value: Off
 128 | ;   Development Value: 4096
 129 | ;   Production Value: 4096
 130 | 
 131 | ; register_argc_argv
 132 | ;   Default Value: On
 133 | ;   Development Value: Off
 134 | ;   Production Value: Off
 135 | 
 136 | ; request_order
 137 | ;   Default Value: None
 138 | ;   Development Value: "GP"
 139 | ;   Production Value: "GP"
 140 | 
 141 | ; session.gc_divisor
 142 | ;   Default Value: 100
 143 | ;   Development Value: 1000
 144 | ;   Production Value: 1000
 145 | 
 146 | ; session.hash_bits_per_character
 147 | ;   Default Value: 4
 148 | ;   Development Value: 5
 149 | ;   Production Value: 5
 150 | 
 151 | ; short_open_tag
 152 | ;   Default Value: On
 153 | ;   Development Value: Off
 154 | ;   Production Value: Off
 155 | 
 156 | ; track_errors
 157 | ;   Default Value: Off
 158 | ;   Development Value: On
 159 | ;   Production Value: Off
 160 | 
 161 | ; url_rewriter.tags
 162 | ;   Default Value: "a=href,area=href,frame=src,form=,fieldset="
 163 | ;   Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
 164 | ;   Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
 165 | 
 166 | ; variables_order
 167 | ;   Default Value: "EGPCS"
 168 | ;   Development Value: "GPCS"
 169 | ;   Production Value: "GPCS"
 170 | 
 171 | ;;;;;;;;;;;;;;;;;;;;
 172 | ; php.ini Options  ;
 173 | ;;;;;;;;;;;;;;;;;;;;
 174 | ; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
 175 | ;user_ini.filename = ".user.ini"
 176 | 
 177 | ; To disable this feature set this option to empty value
 178 | ;user_ini.filename =
 179 | 
 180 | ; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes)
 181 | ;user_ini.cache_ttl = 300
 182 | 
 183 | ;;;;;;;;;;;;;;;;;;;;
 184 | ; Language Options ;
 185 | ;;;;;;;;;;;;;;;;;;;;
 186 | 
 187 | ; Enable the PHP scripting language engine under Apache.
 188 | ; http://php.net/engine
 189 | engine = On
 190 | 
 191 | ; This directive determines whether or not PHP will recognize code between
 192 | ; <? and ?> tags as PHP source which should be processed as such. It is
 193 | ; generally recommended that <?php and ?> should be used and that this feature
 194 | ; should be disabled, as enabling it may result in issues when generating XML
 195 | ; documents, however this remains supported for backward compatibility reasons.
 196 | ; Note that this directive does not control the <?= shorthand tag, which can be
 197 | ; used regardless of this directive.
 198 | ; Default Value: On
 199 | ; Development Value: Off
 200 | ; Production Value: Off
 201 | ; http://php.net/short-open-tag
 202 | short_open_tag = Off
 203 | 
 204 | ; Allow ASP-style <% %> tags.
 205 | ; http://php.net/asp-tags
 206 | asp_tags = Off
 207 | 
 208 | ; The number of significant digits displayed in floating point numbers.
 209 | ; http://php.net/precision
 210 | precision = 14
 211 | 
 212 | ; Output buffering is a mechanism for controlling how much output data
 213 | ; (excluding headers and cookies) PHP should keep internally before pushing that
 214 | ; data to the client. If your application's output exceeds this setting, PHP
 215 | ; will send that data in chunks of roughly the size you specify.
 216 | ; Turning on this setting and managing its maximum buffer size can yield some
 217 | ; interesting side-effects depending on your application and web server.
 218 | ; You may be able to send headers and cookies after you've already sent output
 219 | ; through print or echo. You also may see performance benefits if your server is
 220 | ; emitting less packets due to buffered output versus PHP streaming the output
 221 | ; as it gets it. On production servers, 4096 bytes is a good setting for performance
 222 | ; reasons.
 223 | ; Note: Output buffering can also be controlled via Output Buffering Control
 224 | ;   functions.
 225 | ; Possible Values:
 226 | ;   On = Enabled and buffer is unlimited. (Use with caution)
 227 | ;   Off = Disabled
 228 | ;   Integer = Enables the buffer and sets its maximum size in bytes.
 229 | ; Note: This directive is hardcoded to Off for the CLI SAPI
 230 | ; Default Value: Off
 231 | ; Development Value: 4096
 232 | ; Production Value: 4096
 233 | ; http://php.net/output-buffering
 234 | output_buffering = 4096
 235 | 
 236 | ; You can redirect all of the output of your scripts to a function.  For
 237 | ; example, if you set output_handler to "mb_output_handler", character
 238 | ; encoding will be transparently converted to the specified encoding.
 239 | ; Setting any output handler automatically turns on output buffering.
 240 | ; Note: People who wrote portable scripts should not depend on this ini
 241 | ;   directive. Instead, explicitly set the output handler using ob_start().
 242 | ;   Using this ini directive may cause problems unless you know what script
 243 | ;   is doing.
 244 | ; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler"
 245 | ;   and you cannot use both "ob_gzhandler" and "zlib.output_compression".
 246 | ; Note: output_handler must be empty if this is set 'On' !!!!
 247 | ;   Instead you must use zlib.output_handler.
 248 | ; http://php.net/output-handler
 249 | ;output_handler =
 250 | 
 251 | ; Transparent output compression using the zlib library
 252 | ; Valid values for this option are 'off', 'on', or a specific buffer size
 253 | ; to be used for compression (default is 4KB)
 254 | ; Note: Resulting chunk size may vary due to nature of compression. PHP
 255 | ;   outputs chunks that are few hundreds bytes each as a result of
 256 | ;   compression. If you prefer a larger chunk size for better
 257 | ;   performance, enable output_buffering in addition.
 258 | ; Note: You need to use zlib.output_handler instead of the standard
 259 | ;   output_handler, or otherwise the output will be corrupted.
 260 | ; http://php.net/zlib.output-compression
 261 | zlib.output_compression = Off
 262 | 
 263 | ; http://php.net/zlib.output-compression-level
 264 | ;zlib.output_compression_level = -1
 265 | 
 266 | ; You cannot specify additional output handlers if zlib.output_compression
 267 | ; is activated here. This setting does the same as output_handler but in
 268 | ; a different order.
 269 | ; http://php.net/zlib.output-handler
 270 | ;zlib.output_handler =
 271 | 
 272 | ; Implicit flush tells PHP to tell the output layer to flush itself
 273 | ; automatically after every output block.  This is equivalent to calling the
 274 | ; PHP function flush() after each and every call to print() or echo() and each
 275 | ; and every HTML block.  Turning this option on has serious performance
 276 | ; implications and is generally recommended for debugging purposes only.
 277 | ; http://php.net/implicit-flush
 278 | ; Note: This directive is hardcoded to On for the CLI SAPI
 279 | implicit_flush = Off
 280 | 
 281 | ; The unserialize callback function will be called (with the undefined class'
 282 | ; name as parameter), if the unserializer finds an undefined class
 283 | ; which should be instantiated. A warning appears if the specified function is
 284 | ; not defined, or if the function doesn't include/implement the missing class.
 285 | ; So only set this entry, if you really want to implement such a
 286 | ; callback-function.
 287 | unserialize_callback_func =
 288 | 
 289 | ; When floats & doubles are serialized store serialize_precision significant
 290 | ; digits after the floating point. The default value ensures that when floats
 291 | ; are decoded with unserialize, the data will remain the same.
 292 | serialize_precision = 17
 293 | 
 294 | ; open_basedir, if set, limits all file operations to the defined directory
 295 | ; and below.  This directive makes most sense if used in a per-directory
 296 | ; or per-virtualhost web server configuration file.
 297 | ; http://php.net/open-basedir
 298 | ;open_basedir =
 299 | 
 300 | ; This directive allows you to disable certain functions for security reasons.
 301 | ; It receives a comma-delimited list of function names.
 302 | ; http://php.net/disable-functions
 303 | disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
 304 | 
 305 | ; This directive allows you to disable certain classes for security reasons.
 306 | ; It receives a comma-delimited list of class names.
 307 | ; http://php.net/disable-classes
 308 | disable_classes =
 309 | 
 310 | ; Colors for Syntax Highlighting mode.  Anything that's acceptable in
 311 | ; <span style="color: ???????"> would work.
 312 | ; http://php.net/syntax-highlighting
 313 | ;highlight.string  = #DD0000
 314 | ;highlight.comment = #FF9900
 315 | ;highlight.keyword = #007700
 316 | ;highlight.default = #0000BB
 317 | ;highlight.html    = #000000
 318 | 
 319 | ; If enabled, the request will be allowed to complete even if the user aborts
 320 | ; the request. Consider enabling it if executing long requests, which may end up
 321 | ; being interrupted by the user or a browser timing out. PHP's default behavior
 322 | ; is to disable this feature.
 323 | ; http://php.net/ignore-user-abort
 324 | ;ignore_user_abort = On
 325 | 
 326 | ; Determines the size of the realpath cache to be used by PHP. This value should
 327 | ; be increased on systems where PHP opens many files to reflect the quantity of
 328 | ; the file operations performed.
 329 | ; http://php.net/realpath-cache-size
 330 | ;realpath_cache_size = 16k
 331 | 
 332 | ; Duration of time, in seconds for which to cache realpath information for a given
 333 | ; file or directory. For systems with rarely changing files, consider increasing this
 334 | ; value.
 335 | ; http://php.net/realpath-cache-ttl
 336 | ;realpath_cache_ttl = 120
 337 | 
 338 | ; Enables or disables the circular reference collector.
 339 | ; http://php.net/zend.enable-gc
 340 | zend.enable_gc = On
 341 | 
 342 | ; If enabled, scripts may be written in encodings that are incompatible with
 343 | ; the scanner.  CP936, Big5, CP949 and Shift_JIS are the examples of such
 344 | ; encodings.  To use this feature, mbstring extension must be enabled.
 345 | ; Default: Off
 346 | ;zend.multibyte = Off
 347 | 
 348 | ; Allows to set the default encoding for the scripts.  This value will be used
 349 | ; unless "declare(encoding=...)" directive appears at the top of the script.
 350 | ; Only affects if zend.multibyte is set.
 351 | ; Default: ""
 352 | ;zend.script_encoding =
 353 | 
 354 | ;;;;;;;;;;;;;;;;;
 355 | ; Miscellaneous ;
 356 | ;;;;;;;;;;;;;;;;;
 357 | 
 358 | ; Decides whether PHP may expose the fact that it is installed on the server
 359 | ; (e.g. by adding its signature to the Web server header).  It is no security
 360 | ; threat in any way, but it makes it possible to determine whether you use PHP
 361 | ; on your server or not.
 362 | ; http://php.net/expose-php
 363 | expose_php = Off
 364 | 
 365 | ;;;;;;;;;;;;;;;;;;;
 366 | ; Resource Limits ;
 367 | ;;;;;;;;;;;;;;;;;;;
 368 | 
 369 | ; Maximum execution time of each script, in seconds
 370 | ; http://php.net/max-execution-time
 371 | ; Note: This directive is hardcoded to 0 for the CLI SAPI
 372 | max_execution_time = 30
 373 | 
 374 | ; Maximum amount of time each script may spend parsing request data. It's a good
 375 | ; idea to limit this time on productions servers in order to eliminate unexpectedly
 376 | ; long running scripts.
 377 | ; Note: This directive is hardcoded to -1 for the CLI SAPI
 378 | ; Default Value: -1 (Unlimited)
 379 | ; Development Value: 60 (60 seconds)
 380 | ; Production Value: 60 (60 seconds)
 381 | ; http://php.net/max-input-time
 382 | max_input_time = 60
 383 | 
 384 | ; Maximum input variable nesting level
 385 | ; http://php.net/max-input-nesting-level
 386 | ;max_input_nesting_level = 64
 387 | 
 388 | ; How many GET/POST/COOKIE input variables may be accepted
 389 | ; max_input_vars = 1000
 390 | 
 391 | ; Maximum amount of memory a script may consume (128MB)
 392 | ; http://php.net/memory-limit
 393 | memory_limit = 128M
 394 | 
 395 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 396 | ; Error handling and logging ;
 397 | ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 398 | 
 399 | ; This directive informs PHP of which errors, warnings and notices you would like
 400 | ; it to take action for. The recommended way of setting values for this
 401 | ; directive is through the use of the error level constants and bitwise
 402 | ; operators. The error level constants are below here for convenience as well as
 403 | ; some common settings and their meanings.
 404 | ; By default, PHP is set to take action on all errors, notices and warnings EXCEPT
 405 | ; those related to E_NOTICE and E_STRICT, which together cover best practices and
 406 | ; recommended coding standards in PHP. For performance reasons, this is the
 407 | ; recommend error reporting setting. Your production server shouldn't be wasting
 408 | ; resources complaining about best practices and coding standards. That's what
 409 | ; development servers and development settings are for.
 410 | ; Note: The php.ini-development file has this setting as E_ALL. This
 411 | ; means it pretty much reports everything which is exactly what you want during
 412 | ; development and early testing.
 413 | ;
 414 | ; Error Level Constants:
 415 | ; E_ALL             - All errors and warnings (includes E_STRICT as of PHP 5.4.0)
 416 | ; E_ERROR           - fatal run-time errors
 417 | ; E_RECOVERABLE_ERROR  - almost fatal run-time errors
 418 | ; E_WARNING         - run-time warnings (non-fatal errors)
 419 | ; E_PARSE           - compile-time parse errors
 420 | ; E_NOTICE          - run-time notices (these are warnings which often result
 421 | ;                     from a bug in your code, but it's possible that it was
 422 | ;                     intentional (e.g., using an uninitialized variable and
 423 | ;                     relying on the fact it is automatically initialized to an
 424 | ;                     empty string)
 425 | ; E_STRICT          - run-time notices, enable to have PHP suggest changes
 426 | ;                     to your code which will ensure the best interoperability
 427 | ;                     and forward compatibility of your code
 428 | ; E_CORE_ERROR      - fatal errors that occur during PHP's initial startup
 429 | ; E_CORE_WARNING    - warnings (non-fatal errors) that occur during PHP's
 430 | ;                     initial startup
 431 | ; E_COMPILE_ERROR   - fatal compile-time errors
 432 | ; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
 433 | ; E_USER_ERROR      - user-generated error message
 434 | ; E_USER_WARNING    - user-generated warning message
 435 | ; E_USER_NOTICE     - user-generated notice message
 436 | ; E_DEPRECATED      - warn about code that will not work in future versions
 437 | ;                     of PHP
 438 | ; E_USER_DEPRECATED - user-generated deprecation warnings
 439 | ;
 440 | ; Common Values:
 441 | ;   E_ALL (Show all errors, warnings and notices including coding standards.)
 442 | ;   E_ALL & ~E_NOTICE  (Show all errors, except for notices)
 443 | ;   E_ALL & ~E_NOTICE & ~E_STRICT  (Show all errors, except for notices and coding standards warnings.)
 444 | ;   E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR  (Show only errors)
 445 | ; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
 446 | ; Development Value: E_ALL
 447 | ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
 448 | ; http://php.net/error-reporting
 449 | ; error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
 450 | error_reporting = E_ALL
 451 | 
 452 | ; This directive controls whether or not and where PHP will output errors,
 453 | ; notices and warnings too. Error output is very useful during development, but
 454 | ; it could be very dangerous in production environments. Depending on the code
 455 | ; which is triggering the error, sensitive information could potentially leak
 456 | ; out of your application such as database usernames and passwords or worse.
 457 | ; For production environments, we recommend logging errors rather than
 458 | ; sending them to STDOUT.
 459 | ; Possible Values:
 460 | ;   Off = Do not display any errors
 461 | ;   stderr = Display errors to STDERR (affects only CGI/CLI binaries!)
 462 | ;   On or stdout = Display errors to STDOUT
 463 | ; Default Value: On
 464 | ; Development Value: On
 465 | ; Production Value: Off
 466 | ; http://php.net/display-errors
 467 | display_errors = On
 468 | 
 469 | ; The display of errors which occur during PHP's startup sequence are handled
 470 | ; separately from display_errors. PHP's default behavior is to suppress those
 471 | ; errors from clients. Turning the display of startup errors on can be useful in
 472 | ; debugging configuration problems. We strongly recommend you
 473 | ; set this to 'off' for production servers.
 474 | ; Default Value: Off
 475 | ; Development Value: On
 476 | ; Production Value: Off
 477 | ; http://php.net/display-startup-errors
 478 | display_startup_errors = Off
 479 | 
 480 | ; Besides displaying errors, PHP can also log errors to locations such as a
 481 | ; server-specific log, STDERR, or a location specified by the error_log
 482 | ; directive found below. While errors should not be displayed on productions
 483 | ; servers they should still be monitored and logging is a great way to do that.
 484 | ; Default Value: Off
 485 | ; Development Value: On
 486 | ; Production Value: On
 487 | ; http://php.net/log-errors
 488 | log_errors = On
 489 | 
 490 | ; Set maximum length of log_errors. In error_log information about the source is
 491 | ; added. The default is 1024 and 0 allows to not apply any maximum length at all.
 492 | ; http://php.net/log-errors-max-len
 493 | log_errors_max_len = 1024
 494 | 
 495 | ; Do not log repeated messages. Repeated errors must occur in same file on same
 496 | ; line unless ignore_repeated_source is set true.
 497 | ; http://php.net/ignore-repeated-errors
 498 | ignore_repeated_errors = Off
 499 | 
 500 | ; Ignore source of message when ignoring repeated messages. When this setting
 501 | ; is On you will not log errors with repeated messages from different files or
 502 | ; source lines.
 503 | ; http://php.net/ignore-repeated-source
 504 | ignore_repeated_source = Off
 505 | 
 506 | ; If this parameter is set to Off, then memory leaks will not be shown (on
 507 | ; stdout or in the log). This has only effect in a debug compile, and if
 508 | ; error reporting includes E_WARNING in the allowed list
 509 | ; http://php.net/report-memleaks
 510 | report_memleaks = On
 511 | 
 512 | ; This setting is on by default.
 513 | ;report_zend_debug = 0
 514 | 
 515 | ; Store the last error/warning message in $php_errormsg (boolean). Setting this value
 516 | ; to On can assist in debugging and is appropriate for development servers. It should
 517 | ; however be disabled on production servers.
 518 | ; Default Value: Off
 519 | ; Development Value: On
 520 | ; Production Value: Off
 521 | ; http://php.net/track-errors
 522 | track_errors = Off
 523 | 
 524 | ; Turn off normal error reporting and emit XML-RPC error XML
 525 | ; http://php.net/xmlrpc-errors
 526 | ;xmlrpc_errors = 0
 527 | 
 528 | ; An XML-RPC faultCode
 529 | ;xmlrpc_error_number = 0
 530 | 
 531 | ; When PHP displays or logs an error, it has the capability of formatting the
 532 | ; error message as HTML for easier reading. This directive controls whether
 533 | ; the error message is formatted as HTML or not.
 534 | ; Note: This directive is hardcoded to Off for the CLI SAPI
 535 | ; Default Value: On
 536 | ; Development Value: On
 537 | ; Production value: On
 538 | ; http://php.net/html-errors
 539 | html_errors = On
 540 | 
 541 | ; If html_errors is set to On *and* docref_root is not empty, then PHP
 542 | ; produces clickable error messages that direct to a page describing the error
 543 | ; or function causing the error in detail.
 544 | ; You can download a copy of the PHP manual from http://php.net/docs
 545 | ; and change docref_root to the base URL of your local copy including the
 546 | ; leading '/'. You must also specify the file extension being used including
 547 | ; the dot. PHP's default behavior is to leave these settings empty, in which
 548 | ; case no links to documentation are generated.
 549 | ; Note: Never use this feature for production boxes.
 550 | ; http://php.net/docref-root
 551 | ; Examples
 552 | ;docref_root = "/phpmanual/"
 553 | 
 554 | ; http://php.net/docref-ext
 555 | ;docref_ext = .html
 556 | 
 557 | ; String to output before an error message. PHP's default behavior is to leave
 558 | ; this setting blank.
 559 | ; http://php.net/error-prepend-string
 560 | ; Example:
 561 | ;error_prepend_string = "<span style='color: #ff0000'>"
 562 | 
 563 | ; String to output after an error message. PHP's default behavior is to leave
 564 | ; this setting blank.
 565 | ; http://php.net/error-append-string
 566 | ; Example:
 567 | ;error_append_string = "</span>"
 568 | 
 569 | ; Log errors to specified file. PHP's default behavior is to leave this value
 570 | ; empty.
 571 | ; http://php.net/error-log
 572 | ; Example:
 573 | ;error_log = php_errors.log
 574 | ; Log errors to syslog (Event Log on Windows).
 575 | ;error_log = syslog
 576 | 
 577 | ;windows.show_crt_warning
 578 | ; Default value: 0
 579 | ; Development value: 0
 580 | ; Production value: 0
 581 | 
 582 | ;;;;;;;;;;;;;;;;;
 583 | ; Data Handling ;
 584 | ;;;;;;;;;;;;;;;;;
 585 | 
 586 | ; The separator used in PHP generated URLs to separate arguments.
 587 | ; PHP's default setting is "&".
 588 | ; http://php.net/arg-separator.output
 589 | ; Example:
 590 | ;arg_separator.output = "&amp;"
 591 | 
 592 | ; List of separator(s) used by PHP to parse input URLs into variables.
 593 | ; PHP's default setting is "&".
 594 | ; NOTE: Every character in this directive is considered as separator!
 595 | ; http://php.net/arg-separator.input
 596 | ; Example:
 597 | ;arg_separator.input = ";&"
 598 | 
 599 | ; This directive determines which super global arrays are registered when PHP
 600 | ; starts up. G,P,C,E & S are abbreviations for the following respective super
 601 | ; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty
 602 | ; paid for the registration of these arrays and because ENV is not as commonly
 603 | ; used as the others, ENV is not recommended on productions servers. You
 604 | ; can still get access to the environment variables through getenv() should you
 605 | ; need to.
 606 | ; Default Value: "EGPCS"
 607 | ; Development Value: "GPCS"
 608 | ; Production Value: "GPCS";
 609 | ; http://php.net/variables-order
 610 | variables_order = "GPCS"
 611 | 
 612 | ; This directive determines which super global data (G,P & C) should be
 613 | ; registered into the super global array REQUEST. If so, it also determines
 614 | ; the order in which that data is registered. The values for this directive
 615 | ; are specified in the same manner as the variables_order directive,
 616 | ; EXCEPT one. Leaving this value empty will cause PHP to use the value set
 617 | ; in the variables_order directive. It does not mean it will leave the super
 618 | ; globals array REQUEST empty.
 619 | ; Default Value: None
 620 | ; Development Value: "GP"
 621 | ; Production Value: "GP"
 622 | ; http://php.net/request-order
 623 | request_order = "GP"
 624 | 
 625 | ; This directive determines whether PHP registers $argv & $argc each time it
 626 | ; runs. $argv contains an array of all the arguments passed to PHP when a script
 627 | ; is invoked. $argc contains an integer representing the number of arguments
 628 | ; that were passed when the script was invoked. These arrays are extremely
 629 | ; useful when running scripts from the command line. When this directive is
 630 | ; enabled, registering these variables consumes CPU cycles and memory each time
 631 | ; a script is executed. For performance reasons, this feature should be disabled
 632 | ; on production servers.
 633 | ; Note: This directive is hardcoded to On for the CLI SAPI
 634 | ; Default Value: On
 635 | ; Development Value: Off
 636 | ; Production Value: Off
 637 | ; http://php.net/register-argc-argv
 638 | register_argc_argv = Off
 639 | 
 640 | ; When enabled, the ENV, REQUEST and SERVER variables are created when they're
 641 | ; first used (Just In Time) instead of when the script starts. If these
 642 | ; variables are not used within a script, having this directive on will result
 643 | ; in a performance gain. The PHP directive register_argc_argv must be disabled
 644 | ; for this directive to have any affect.
 645 | ; http://php.net/auto-globals-jit
 646 | auto_globals_jit = On
 647 | 
 648 | ; Whether PHP will read the POST data.
 649 | ; This option is enabled by default.
 650 | ; Most likely, you won't want to disable this option globally. It causes $_POST
 651 | ; and $_FILES to always be empty; the only way you will be able to read the
 652 | ; POST data will be through the php://input stream wrapper. This can be useful
 653 | ; to proxy requests or to process the POST data in a memory efficient fashion.
 654 | ; http://php.net/enable-post-data-reading
 655 | ;enable_post_data_reading = Off
 656 | 
 657 | ; Maximum size of POST data that PHP will accept.
 658 | ; Its value may be 0 to disable the limit. It is ignored if POST data reading
 659 | ; is disabled through enable_post_data_reading.
 660 | ; http://php.net/post-max-size
 661 | post_max_size = 8M
 662 | 
 663 | ; Automatically add files before PHP document.
 664 | ; http://php.net/auto-prepend-file
 665 | auto_prepend_file =
 666 | 
 667 | ; Automatically add files after PHP document.
 668 | ; http://php.net/auto-append-file
 669 | auto_append_file =
 670 | 
 671 | ; By default, PHP will output a character encoding using
 672 | ; the Content-type: header.  To disable sending of the charset, simply
 673 | ; set it to be empty.
 674 | ;
 675 | ; PHP's built-in default is text/html
 676 | ; http://php.net/default-mimetype
 677 | default_mimetype = "text/html"
 678 | 
 679 | ; PHP's default character set is set to UTF-8.
 680 | ; http://php.net/default-charset
 681 | default_charset = "UTF-8"
 682 | 
 683 | ; PHP internal character encoding is set to empty.
 684 | ; If empty, default_charset is used.
 685 | ; http://php.net/internal-encoding
 686 | ;internal_encoding =
 687 | 
 688 | ; PHP input character encoding is set to empty.
 689 | ; If empty, default_charset is used.
 690 | ; http://php.net/input-encoding
 691 | ;input_encoding =
 692 | 
 693 | ; PHP output character encoding is set to empty.
 694 | ; If empty, default_charset is used.
 695 | ; mbstring or iconv output handler is used.
 696 | ; See also output_buffer.
 697 | ; http://php.net/output-encoding
 698 | ;output_encoding =
 699 | 
 700 | ; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is
 701 | ; to disable this feature and it will be removed in a future version.
 702 | ; If post reading is disabled through enable_post_data_reading,
 703 | ; $HTTP_RAW_POST_DATA is *NOT* populated.
 704 | ; http://php.net/always-populate-raw-post-data
 705 | ;always_populate_raw_post_data = -1
 706 | 
 707 | ;;;;;;;;;;;;;;;;;;;;;;;;;
 708 | ; Paths and Directories ;
 709 | ;;;;;;;;;;;;;;;;;;;;;;;;;
 710 | 
 711 | ; UNIX: "/path1:/path2"
 712 | ;include_path = ".:/usr/share/php"
 713 | ;
 714 | ; Windows: "\path1;\path2"
 715 | ;include_path = ".;c:\php\includes"
 716 | ;
 717 | ; PHP's default setting for include_path is ".;/path/to/php/pear"
 718 | ; http://php.net/include-path
 719 | 
 720 | ; The root of the PHP pages, used only if nonempty.
 721 | ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
 722 | ; if you are running php as a CGI under any web server (other than IIS)
 723 | ; see documentation for security issues.  The alternate is to use the
 724 | ; cgi.force_redirect configuration below
 725 | ; http://php.net/doc-root
 726 | doc_root =
 727 | 
 728 | ; The directory under which PHP opens the script using /~username used only
 729 | ; if nonempty.
 730 | ; http://php.net/user-dir
 731 | user_dir =
 732 | 
 733 | ; Directory in which the loadable extensions (modules) reside.
 734 | ; http://php.net/extension-dir
 735 | ; extension_dir = "./"
 736 | ; On windows:
 737 | ; extension_dir = "ext"
 738 | 
 739 | ; Directory where the temporary files should be placed.
 740 | ; Defaults to the system default (see sys_get_temp_dir)
 741 | ; sys_temp_dir = "/tmp"
 742 | 
 743 | ; Whether or not to enable the dl() function.  The dl() function does NOT work
 744 | ; properly in multithreaded servers, such as IIS or Zeus, and is automatically
 745 | ; disabled on them.
 746 | ; http://php.net/enable-dl
 747 | enable_dl = Off
 748 | 
 749 | ; cgi.force_redirect is necessary to provide security running PHP as a CGI under
 750 | ; most web servers.  Left undefined, PHP turns this on by default.  You can
 751 | ; turn it off here AT YOUR OWN RISK
 752 | ; **You CAN safely turn this off for IIS, in fact, you MUST.**
 753 | ; http://php.net/cgi.force-redirect
 754 | ;cgi.force_redirect = 1
 755 | 
 756 | ; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
 757 | ; every request. PHP's default behavior is to disable this feature.
 758 | ;cgi.nph = 1
 759 | 
 760 | ; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
 761 | ; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
 762 | ; will look for to know it is OK to continue execution.  Setting this variable MAY
 763 | ; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
 764 | ; http://php.net/cgi.redirect-status-env
 765 | ;cgi.redirect_status_env =
 766 | 
 767 | ; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.  PHP's
 768 | ; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
 769 | ; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs.  Setting
 770 | ; this to 1 will cause PHP CGI to fix its paths to conform to the spec.  A setting
 771 | ; of zero causes PHP to behave as before.  Default is 1.  You should fix your scripts
 772 | ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
 773 | ; http://php.net/cgi.fix-pathinfo
 774 | cgi.fix_pathinfo=0
 775 | 
 776 | ; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
 777 | ; security tokens of the calling client.  This allows IIS to define the
 778 | ; security context that the request runs under.  mod_fastcgi under Apache
 779 | ; does not currently support this feature (03/17/2002)
 780 | ; Set to 1 if running under IIS.  Default is zero.
 781 | ; http://php.net/fastcgi.impersonate
 782 | ;fastcgi.impersonate = 1
 783 | 
 784 | ; Disable logging through FastCGI connection. PHP's default behavior is to enable
 785 | ; this feature.
 786 | ;fastcgi.logging = 0
 787 | 
 788 | ; cgi.rfc2616_headers configuration option tells PHP what type of headers to
 789 | ; use when sending HTTP response code. If set to 0, PHP sends Status: header that
 790 | ; is supported by Apache. When this option is set to 1, PHP will send
 791 | ; RFC2616 compliant header.
 792 | ; Default is zero.
 793 | ; http://php.net/cgi.rfc2616-headers
 794 | ;cgi.rfc2616_headers = 0
 795 | 
 796 | ;;;;;;;;;;;;;;;;
 797 | ; File Uploads ;
 798 | ;;;;;;;;;;;;;;;;
 799 | 
 800 | ; Whether to allow HTTP file uploads.
 801 | ; http://php.net/file-uploads
 802 | file_uploads = On
 803 | 
 804 | ; Temporary directory for HTTP uploaded files (will use system default if not
 805 | ; specified).
 806 | ; http://php.net/upload-tmp-dir
 807 | ;upload_tmp_dir =
 808 | 
 809 | ; Maximum allowed size for uploaded files.
 810 | ; http://php.net/upload-max-filesize
 811 | upload_max_filesize = 2M
 812 | 
 813 | ; Maximum number of files that can be uploaded via a single request
 814 | max_file_uploads = 20
 815 | 
 816 | ;;;;;;;;;;;;;;;;;;
 817 | ; Fopen wrappers ;
 818 | ;;;;;;;;;;;;;;;;;;
 819 | 
 820 | ; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
 821 | ; http://php.net/allow-url-fopen
 822 | allow_url_fopen = On
 823 | 
 824 | ; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
 825 | ; http://php.net/allow-url-include
 826 | allow_url_include = Off
 827 | 
 828 | ; Define the anonymous ftp password (your email address). PHP's default setting
 829 | ; for this is empty.
 830 | ; http://php.net/from
 831 | ;from="john@doe.com"
 832 | 
 833 | ; Define the User-Agent string. PHP's default setting for this is empty.
 834 | ; http://php.net/user-agent
 835 | ;user_agent="PHP"
 836 | 
 837 | ; Default timeout for socket based streams (seconds)
 838 | ; http://php.net/default-socket-timeout
 839 | default_socket_timeout = 60
 840 | 
 841 | ; If your scripts have to deal with files from Macintosh systems,
 842 | ; or you are running on a Mac and need to deal with files from
 843 | ; unix or win32 systems, setting this flag will cause PHP to
 844 | ; automatically detect the EOL character in those files so that
 845 | ; fgets() and file() will work regardless of the source of the file.
 846 | ; http://php.net/auto-detect-line-endings
 847 | ;auto_detect_line_endings = Off
 848 | 
 849 | ;;;;;;;;;;;;;;;;;;;;;;
 850 | ; Dynamic Extensions ;
 851 | ;;;;;;;;;;;;;;;;;;;;;;
 852 | 
 853 | ; If you wish to have an extension loaded automatically, use the following
 854 | ; syntax:
 855 | ;
 856 | ;   extension=modulename.extension
 857 | ;
 858 | ; For example, on Windows:
 859 | ;
 860 | ;   extension=msql.dll
 861 | ;
 862 | ; ... or under UNIX:
 863 | ;
 864 | ;   extension=msql.so
 865 | ;
 866 | ; ... or with a path:
 867 | ;
 868 | ;   extension=/path/to/extension/msql.so
 869 | ;
 870 | ; If you only provide the name of the extension, PHP will look for it in its
 871 | ; default extension directory.
 872 | ;
 873 | 
 874 | ;;;;;;;;;;;;;;;;;;;
 875 | ; Module Settings ;
 876 | ;;;;;;;;;;;;;;;;;;;
 877 | 
 878 | [CLI Server]
 879 | ; Whether the CLI web server uses ANSI color coding in its terminal output.
 880 | cli_server.color = On
 881 | 
 882 | [Date]
 883 | ; Defines the default timezone used by the date functions
 884 | ; http://php.net/date.timezone
 885 | date.timezone = UTC
 886 | 
 887 | ; http://php.net/date.default-latitude
 888 | ;date.default_latitude = 31.7667
 889 | 
 890 | ; http://php.net/date.default-longitude
 891 | ;date.default_longitude = 35.2333
 892 | 
 893 | ; http://php.net/date.sunrise-zenith
 894 | ;date.sunrise_zenith = 90.583333
 895 | 
 896 | ; http://php.net/date.sunset-zenith
 897 | ;date.sunset_zenith = 90.583333
 898 | 
 899 | [filter]
 900 | ; http://php.net/filter.default
 901 | ;filter.default = unsafe_raw
 902 | 
 903 | ; http://php.net/filter.default-flags
 904 | ;filter.default_flags =
 905 | 
 906 | [iconv]
 907 | ; Use of this INI entry is deprecated, use global input_encoding instead.
 908 | ; If empty, default_charset or input_encoding or iconv.input_encoding is used.
 909 | ; The precedence is: default_charset < intput_encoding < iconv.input_encoding
 910 | ;iconv.input_encoding =
 911 | 
 912 | ; Use of this INI entry is deprecated, use global internal_encoding instead.
 913 | ; If empty, default_charset or internal_encoding or iconv.internal_encoding is used.
 914 | ; The precedence is: default_charset < internal_encoding < iconv.internal_encoding
 915 | ;iconv.internal_encoding =
 916 | 
 917 | ; Use of this INI entry is deprecated, use global output_encoding instead.
 918 | ; If empty, default_charset or output_encoding or iconv.output_encoding is used.
 919 | ; The precedence is: default_charset < output_encoding < iconv.output_encoding
 920 | ; To use an output encoding conversion, iconv's output handler must be set
 921 | ; otherwise output encoding conversion cannot be performed.
 922 | ;iconv.output_encoding =
 923 | 
 924 | [intl]
 925 | ;intl.default_locale =
 926 | ; This directive allows you to produce PHP errors when some error
 927 | ; happens within intl functions. The value is the level of the error produced.
 928 | ; Default is 0, which does not produce any errors.
 929 | ;intl.error_level = E_WARNING
 930 | 
 931 | [sqlite]
 932 | ; http://php.net/sqlite.assoc-case
 933 | ;sqlite.assoc_case = 0
 934 | 
 935 | [sqlite3]
 936 | ;sqlite3.extension_dir =
 937 | 
 938 | [Pcre]
 939 | ;PCRE library backtracking limit.
 940 | ; http://php.net/pcre.backtrack-limit
 941 | ;pcre.backtrack_limit=100000
 942 | 
 943 | ;PCRE library recursion limit.
 944 | ;Please note that if you set this value to a high number you may consume all
 945 | ;the available process stack and eventually crash PHP (due to reaching the
 946 | ;stack size limit imposed by the Operating System).
 947 | ; http://php.net/pcre.recursion-limit
 948 | ;pcre.recursion_limit=100000
 949 | 
 950 | [Pdo]
 951 | ; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"
 952 | ; http://php.net/pdo-odbc.connection-pooling
 953 | ;pdo_odbc.connection_pooling=strict
 954 | 
 955 | ;pdo_odbc.db2_instance_name
 956 | 
 957 | [Pdo_mysql]
 958 | ; If mysqlnd is used: Number of cache slots for the internal result set cache
 959 | ; http://php.net/pdo_mysql.cache_size
 960 | pdo_mysql.cache_size = 2000
 961 | 
 962 | ; Default socket name for local MySQL connects.  If empty, uses the built-in
 963 | ; MySQL defaults.
 964 | ; http://php.net/pdo_mysql.default-socket
 965 | pdo_mysql.default_socket=
 966 | 
 967 | [Phar]
 968 | ; http://php.net/phar.readonly
 969 | ;phar.readonly = On
 970 | 
 971 | ; http://php.net/phar.require-hash
 972 | ;phar.require_hash = On
 973 | 
 974 | ;phar.cache_list =
 975 | 
 976 | [mail function]
 977 | ; For Win32 only.
 978 | ; http://php.net/smtp
 979 | SMTP = localhost
 980 | ; http://php.net/smtp-port
 981 | smtp_port = 25
 982 | 
 983 | ; For Win32 only.
 984 | ; http://php.net/sendmail-from
 985 | ;sendmail_from = me@example.com
 986 | 
 987 | ; For Unix only.  You may supply arguments as well (default: "sendmail -t -i").
 988 | ; http://php.net/sendmail-path
 989 | ;sendmail_path =
 990 | 
 991 | ; Force the addition of the specified parameters to be passed as extra parameters
 992 | ; to the sendmail binary. These parameters will always replace the value of
 993 | ; the 5th parameter to mail().
 994 | ;mail.force_extra_parameters =
 995 | 
 996 | ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
 997 | mail.add_x_header = On
 998 | 
 999 | ; The path to a log file that will log all mail() calls. Log entries include
1000 | ; the full path of the script, line number, To address and headers.
1001 | ;mail.log =
1002 | ; Log mail to syslog (Event Log on Windows).
1003 | ;mail.log = syslog
1004 | 
1005 | [SQL]
1006 | ; http://php.net/sql.safe-mode
1007 | sql.safe_mode = Off
1008 | 
1009 | [ODBC]
1010 | ; http://php.net/odbc.default-db
1011 | ;odbc.default_db    =  Not yet implemented
1012 | 
1013 | ; http://php.net/odbc.default-user
1014 | ;odbc.default_user  =  Not yet implemented
1015 | 
1016 | ; http://php.net/odbc.default-pw
1017 | ;odbc.default_pw    =  Not yet implemented
1018 | 
1019 | ; Controls the ODBC cursor model.
1020 | ; Default: SQL_CURSOR_STATIC (default).
1021 | ;odbc.default_cursortype
1022 | 
1023 | ; Allow or prevent persistent links.
1024 | ; http://php.net/odbc.allow-persistent
1025 | odbc.allow_persistent = On
1026 | 
1027 | ; Check that a connection is still valid before reuse.
1028 | ; http://php.net/odbc.check-persistent
1029 | odbc.check_persistent = On
1030 | 
1031 | ; Maximum number of persistent links.  -1 means no limit.
1032 | ; http://php.net/odbc.max-persistent
1033 | odbc.max_persistent = -1
1034 | 
1035 | ; Maximum number of links (persistent + non-persistent).  -1 means no limit.
1036 | ; http://php.net/odbc.max-links
1037 | odbc.max_links = -1
1038 | 
1039 | ; Handling of LONG fields.  Returns number of bytes to variables.  0 means
1040 | ; passthru.
1041 | ; http://php.net/odbc.defaultlrl
1042 | odbc.defaultlrl = 4096
1043 | 
1044 | ; Handling of binary data.  0 means passthru, 1 return as is, 2 convert to char.
1045 | ; See the documentation on odbc_binmode and odbc_longreadlen for an explanation
1046 | ; of odbc.defaultlrl and odbc.defaultbinmode
1047 | ; http://php.net/odbc.defaultbinmode
1048 | odbc.defaultbinmode = 1
1049 | 
1050 | ;birdstep.max_links = -1
1051 | 
1052 | [Interbase]
1053 | ; Allow or prevent persistent links.
1054 | ibase.allow_persistent = 1
1055 | 
1056 | ; Maximum number of persistent links.  -1 means no limit.
1057 | ibase.max_persistent = -1
1058 | 
1059 | ; Maximum number of links (persistent + non-persistent).  -1 means no limit.
1060 | ibase.max_links = -1
1061 | 
1062 | ; Default database name for ibase_connect().
1063 | ;ibase.default_db =
1064 | 
1065 | ; Default username for ibase_connect().
1066 | ;ibase.default_user =
1067 | 
1068 | ; Default password for ibase_connect().
1069 | ;ibase.default_password =
1070 | 
1071 | ; Default charset for ibase_connect().
1072 | ;ibase.default_charset =
1073 | 
1074 | ; Default timestamp format.
1075 | ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
1076 | 
1077 | ; Default date format.
1078 | ibase.dateformat = "%Y-%m-%d"
1079 | 
1080 | ; Default time format.
1081 | ibase.timeformat = "%H:%M:%S"
1082 | 
1083 | [MySQL]
1084 | ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
1085 | ; http://php.net/mysql.allow_local_infile
1086 | mysql.allow_local_infile = On
1087 | 
1088 | ; Allow or prevent persistent links.
1089 | ; http://php.net/mysql.allow-persistent
1090 | mysql.allow_persistent = On
1091 | 
1092 | ; If mysqlnd is used: Number of cache slots for the internal result set cache
1093 | ; http://php.net/mysql.cache_size
1094 | mysql.cache_size = 2000
1095 | 
1096 | ; Maximum number of persistent links.  -1 means no limit.
1097 | ; http://php.net/mysql.max-persistent
1098 | mysql.max_persistent = -1
1099 | 
1100 | ; Maximum number of links (persistent + non-persistent).  -1 means no limit.
1101 | ; http://php.net/mysql.max-links
1102 | mysql.max_links = -1
1103 | 
1104 | ; Default port number for mysql_connect().  If unset, mysql_connect() will use
1105 | ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
1106 | ; compile-time value defined MYSQL_PORT (in that order).  Win32 will only look
1107 | ; at MYSQL_PORT.
1108 | ; http://php.net/mysql.default-port
1109 | mysql.default_port =
1110 | 
1111 | ; Default socket name for local MySQL connects.  If empty, uses the built-in
1112 | ; MySQL defaults.
1113 | ; http://php.net/mysql.default-socket
1114 | mysql.default_socket =
1115 | 
1116 | ; Default host for mysql_connect() (doesn't apply in safe mode).
1117 | ; http://php.net/mysql.default-host
1118 | mysql.default_host =
1119 | 
1120 | ; Default user for mysql_connect() (doesn't apply in safe mode).
1121 | ; http://php.net/mysql.default-user
1122 | mysql.default_user =
1123 | 
1124 | ; Default password for mysql_connect() (doesn't apply in safe mode).
1125 | ; Note that this is generally a *bad* idea to store passwords in this file.
1126 | ; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password")
1127 | ; and reveal this password!  And of course, any users with read access to this
1128 | ; file will be able to reveal the password as well.
1129 | ; http://php.net/mysql.default-password
1130 | mysql.default_password =
1131 | 
1132 | ; Maximum time (in seconds) for connect timeout. -1 means no limit
1133 | ; http://php.net/mysql.connect-timeout
1134 | mysql.connect_timeout = 60
1135 | 
1136 | ; Trace mode. When trace_mode is active (=On), warnings for table/index scans and
1137 | ; SQL-Errors will be displayed.
1138 | ; http://php.net/mysql.trace-mode
1139 | mysql.trace_mode = Off
1140 | 
1141 | [MySQLi]
1142 | 
1143 | ; Maximum number of persistent links.  -1 means no limit.
1144 | ; http://php.net/mysqli.max-persistent
1145 | mysqli.max_persistent = -1
1146 | 
1147 | ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
1148 | ; http://php.net/mysqli.allow_local_infile
1149 | ;mysqli.allow_local_infile = On
1150 | 
1151 | ; Allow or prevent persistent links.
1152 | ; http://php.net/mysqli.allow-persistent
1153 | mysqli.allow_persistent = On
1154 | 
1155 | ; Maximum number of links.  -1 means no limit.
1156 | ; http://php.net/mysqli.max-links
1157 | mysqli.max_links = -1
1158 | 
1159 | ; If mysqlnd is used: Number of cache slots for the internal result set cache
1160 | ; http://php.net/mysqli.cache_size
1161 | mysqli.cache_size = 2000
1162 | 
1163 | ; Default port number for mysqli_connect().  If unset, mysqli_connect() will use
1164 | ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
1165 | ; compile-time value defined MYSQL_PORT (in that order).  Win32 will only look
1166 | ; at MYSQL_PORT.
1167 | ; http://php.net/mysqli.default-port
1168 | mysqli.default_port = 3306
1169 | 
1170 | ; Default socket name for local MySQL connects.  If empty, uses the built-in
1171 | ; MySQL defaults.
1172 | ; http://php.net/mysqli.default-socket
1173 | mysqli.default_socket =
1174 | 
1175 | ; Default host for mysql_connect() (doesn't apply in safe mode).
1176 | ; http://php.net/mysqli.default-host
1177 | mysqli.default_host =
1178 | 
1179 | ; Default user for mysql_connect() (doesn't apply in safe mode).
1180 | ; http://php.net/mysqli.default-user
1181 | mysqli.default_user =
1182 | 
1183 | ; Default password for mysqli_connect() (doesn't apply in safe mode).
1184 | ; Note that this is generally a *bad* idea to store passwords in this file.
1185 | ; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw")
1186 | ; and reveal this password!  And of course, any users with read access to this
1187 | ; file will be able to reveal the password as well.
1188 | ; http://php.net/mysqli.default-pw
1189 | mysqli.default_pw =
1190 | 
1191 | ; Allow or prevent reconnect
1192 | mysqli.reconnect = Off
1193 | 
1194 | [mysqlnd]
1195 | ; Enable / Disable collection of general statistics by mysqlnd which can be
1196 | ; used to tune and monitor MySQL operations.
1197 | ; http://php.net/mysqlnd.collect_statistics
1198 | mysqlnd.collect_statistics = On
1199 | 
1200 | ; Enable / Disable collection of memory usage statistics by mysqlnd which can be
1201 | ; used to tune and monitor MySQL operations.
1202 | ; http://php.net/mysqlnd.collect_memory_statistics
1203 | mysqlnd.collect_memory_statistics = Off
1204 | 
1205 | ; Size of a pre-allocated buffer used when sending commands to MySQL in bytes.
1206 | ; http://php.net/mysqlnd.net_cmd_buffer_size
1207 | ;mysqlnd.net_cmd_buffer_size = 2048
1208 | 
1209 | ; Size of a pre-allocated buffer used for reading data sent by the server in
1210 | ; bytes.
1211 | ; http://php.net/mysqlnd.net_read_buffer_size
1212 | ;mysqlnd.net_read_buffer_size = 32768
1213 | 
1214 | [OCI8]
1215 | 
1216 | ; Connection: Enables privileged connections using external
1217 | ; credentials (OCI_SYSOPER, OCI_SYSDBA)
1218 | ; http://php.net/oci8.privileged-connect
1219 | ;oci8.privileged_connect = Off
1220 | 
1221 | ; Connection: The maximum number of persistent OCI8 connections per
1222 | ; process. Using -1 means no limit.
1223 | ; http://php.net/oci8.max-persistent
1224 | ;oci8.max_persistent = -1
1225 | 
1226 | ; Connection: The maximum number of seconds a process is allowed to
1227 | ; maintain an idle persistent connection. Using -1 means idle
1228 | ; persistent connections will be maintained forever.
1229 | ; http://php.net/oci8.persistent-timeout
1230 | ;oci8.persistent_timeout = -1
1231 | 
1232 | ; Connection: The number of seconds that must pass before issuing a
1233 | ; ping during oci_pconnect() to check the connection validity. When
1234 | ; set to 0, each oci_pconnect() will cause a ping. Using -1 disables
1235 | ; pings completely.
1236 | ; http://php.net/oci8.ping-interval
1237 | ;oci8.ping_interval = 60
1238 | 
1239 | ; Connection: Set this to a user chosen connection class to be used
1240 | ; for all pooled server requests with Oracle 11g Database Resident
1241 | ; Connection Pooling (DRCP).  To use DRCP, this value should be set to
1242 | ; the same string for all web servers running the same application,
1243 | ; the database pool must be configured, and the connection string must
1244 | ; specify to use a pooled server.
1245 | ;oci8.connection_class =
1246 | 
1247 | ; High Availability: Using On lets PHP receive Fast Application
1248 | ; Notification (FAN) events generated when a database node fails. The
1249 | ; database must also be configured to post FAN events.
1250 | ;oci8.events = Off
1251 | 
1252 | ; Tuning: This option enables statement caching, and specifies how
1253 | ; many statements to cache. Using 0 disables statement caching.
1254 | ; http://php.net/oci8.statement-cache-size
1255 | ;oci8.statement_cache_size = 20
1256 | 
1257 | ; Tuning: Enables statement prefetching and sets the default number of
1258 | ; rows that will be fetched automatically after statement execution.
1259 | ; http://php.net/oci8.default-prefetch
1260 | ;oci8.default_prefetch = 100
1261 | 
1262 | ; Compatibility. Using On means oci_close() will not close
1263 | ; oci_connect() and oci_new_connect() connections.
1264 | ; http://php.net/oci8.old-oci-close-semantics
1265 | ;oci8.old_oci_close_semantics = Off
1266 | 
1267 | [PostgreSQL]
1268 | ; Allow or prevent persistent links.
1269 | ; http://php.net/pgsql.allow-persistent
1270 | pgsql.allow_persistent = On
1271 | 
1272 | ; Detect broken persistent links always with pg_pconnect().
1273 | ; Auto reset feature requires a little overheads.
1274 | ; http://php.net/pgsql.auto-reset-persistent
1275 | pgsql.auto_reset_persistent = Off
1276 | 
1277 | ; Maximum number of persistent links.  -1 means no limit.
1278 | ; http://php.net/pgsql.max-persistent
1279 | pgsql.max_persistent = -1
1280 | 
1281 | ; Maximum number of links (persistent+non persistent).  -1 means no limit.
1282 | ; http://php.net/pgsql.max-links
1283 | pgsql.max_links = -1
1284 | 
1285 | ; Ignore PostgreSQL backends Notice message or not.
1286 | ; Notice message logging require a little overheads.
1287 | ; http://php.net/pgsql.ignore-notice
1288 | pgsql.ignore_notice = 0
1289 | 
1290 | ; Log PostgreSQL backends Notice message or not.
1291 | ; Unless pgsql.ignore_notice=0, module cannot log notice message.
1292 | ; http://php.net/pgsql.log-notice
1293 | pgsql.log_notice = 0
1294 | 
1295 | [Sybase-CT]
1296 | ; Allow or prevent persistent links.
1297 | ; http://php.net/sybct.allow-persistent
1298 | sybct.allow_persistent = On
1299 | 
1300 | ; Maximum number of persistent links.  -1 means no limit.
1301 | ; http://php.net/sybct.max-persistent
1302 | sybct.max_persistent = -1
1303 | 
1304 | ; Maximum number of links (persistent + non-persistent).  -1 means no limit.
1305 | ; http://php.net/sybct.max-links
1306 | sybct.max_links = -1
1307 | 
1308 | ; Minimum server message severity to display.
1309 | ; http://php.net/sybct.min-server-severity
1310 | sybct.min_server_severity = 10
1311 | 
1312 | ; Minimum client message severity to display.
1313 | ; http://php.net/sybct.min-client-severity
1314 | sybct.min_client_severity = 10
1315 | 
1316 | ; Set per-context timeout
1317 | ; http://php.net/sybct.timeout
1318 | ;sybct.timeout=
1319 | 
1320 | ;sybct.packet_size
1321 | 
1322 | ; The maximum time in seconds to wait for a connection attempt to succeed before returning failure.
1323 | ; Default: one minute
1324 | ;sybct.login_timeout=
1325 | 
1326 | ; The name of the host you claim to be connecting from, for display by sp_who.
1327 | ; Default: none
1328 | ;sybct.hostname=
1329 | 
1330 | ; Allows you to define how often deadlocks are to be retried. -1 means "forever".
1331 | ; Default: 0
1332 | ;sybct.deadlock_retry_count=
1333 | 
1334 | [bcmath]
1335 | ; Number of decimal digits for all bcmath functions.
1336 | ; http://php.net/bcmath.scale
1337 | bcmath.scale = 0
1338 | 
1339 | [browscap]
1340 | ; http://php.net/browscap
1341 | ;browscap = extra/browscap.ini
1342 | 
1343 | [Session]
1344 | ; Handler used to store/retrieve data.
1345 | ; http://php.net/session.save-handler
1346 | session.save_handler = files
1347 | 
1348 | ; Argument passed to save_handler.  In the case of files, this is the path
1349 | ; where data files are stored. Note: Windows users have to change this
1350 | ; variable in order to use PHP's session functions.
1351 | ;
1352 | ; The path can be defined as:
1353 | ;
1354 | ;     session.save_path = "N;/path"
1355 | ;
1356 | ; where N is an integer.  Instead of storing all the session files in
1357 | ; /path, what this will do is use subdirectories N-levels deep, and
1358 | ; store the session data in those directories.  This is useful if
1359 | ; your OS has problems with many files in one directory, and is
1360 | ; a more efficient layout for servers that handle many sessions.
1361 | ;
1362 | ; NOTE 1: PHP will not create this directory structure automatically.
1363 | ;         You can use the script in the ext/session dir for that purpose.
1364 | ; NOTE 2: See the section on garbage collection below if you choose to
1365 | ;         use subdirectories for session storage
1366 | ;
1367 | ; The file storage module creates files using mode 600 by default.
1368 | ; You can change that by using
1369 | ;
1370 | ;     session.save_path = "N;MODE;/path"
1371 | ;
1372 | ; where MODE is the octal representation of the mode. Note that this
1373 | ; does not overwrite the process's umask.
1374 | ; http://php.net/session.save-path
1375 | ;session.save_path = "/var/lib/php5/sessions"
1376 | 
1377 | ; Whether to use strict session mode.
1378 | ; Strict session mode does not accept uninitialized session ID and regenerate
1379 | ; session ID if browser sends uninitialized session ID. Strict mode protects
1380 | ; applications from session fixation via session adoption vulnerability. It is
1381 | ; disabled by default for maximum compatibility, but enabling it is encouraged.
1382 | ; https://wiki.php.net/rfc/strict_sessions
1383 | session.use_strict_mode = 0
1384 | 
1385 | ; Whether to use cookies.
1386 | ; http://php.net/session.use-cookies
1387 | session.use_cookies = 1
1388 | 
1389 | ; http://php.net/session.cookie-secure
1390 | ;session.cookie_secure =
1391 | 
1392 | ; This option forces PHP to fetch and use a cookie for storing and maintaining
1393 | ; the session id. We encourage this operation as it's very helpful in combating
1394 | ; session hijacking when not specifying and managing your own session id. It is
1395 | ; not the be-all and end-all of session hijacking defense, but it's a good start.
1396 | ; http://php.net/session.use-only-cookies
1397 | session.use_only_cookies = 1
1398 | 
1399 | ; Name of the session (used as cookie name).
1400 | ; http://php.net/session.name
1401 | session.name = PHPSESSID
1402 | 
1403 | ; Initialize session on request startup.
1404 | ; http://php.net/session.auto-start
1405 | session.auto_start = 0
1406 | 
1407 | ; Lifetime in seconds of cookie or, if 0, until browser is restarted.
1408 | ; http://php.net/session.cookie-lifetime
1409 | session.cookie_lifetime = 0
1410 | 
1411 | ; The path for which the cookie is valid.
1412 | ; http://php.net/session.cookie-path
1413 | session.cookie_path = /
1414 | 
1415 | ; The domain for which the cookie is valid.
1416 | ; http://php.net/session.cookie-domain
1417 | session.cookie_domain =
1418 | 
1419 | ; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
1420 | ; http://php.net/session.cookie-httponly
1421 | session.cookie_httponly =
1422 | 
1423 | ; Handler used to serialize data.  php is the standard serializer of PHP.
1424 | ; http://php.net/session.serialize-handler
1425 | session.serialize_handler = php
1426 | 
1427 | ; Defines the probability that the 'garbage collection' process is started
1428 | ; on every session initialization. The probability is calculated by using
1429 | ; gc_probability/gc_divisor. Where session.gc_probability is the numerator
1430 | ; and gc_divisor is the denominator in the equation. Setting this value to 1
1431 | ; when the session.gc_divisor value is 100 will give you approximately a 1% chance
1432 | ; the gc will run on any give request.
1433 | ; Default Value: 1
1434 | ; Development Value: 1
1435 | ; Production Value: 1
1436 | ; http://php.net/session.gc-probability
1437 | session.gc_probability = 0
1438 | 
1439 | ; Defines the probability that the 'garbage collection' process is started on every
1440 | ; session initialization. The probability is calculated by using the following equation:
1441 | ; gc_probability/gc_divisor. Where session.gc_probability is the numerator and
1442 | ; session.gc_divisor is the denominator in the equation. Setting this value to 1
1443 | ; when the session.gc_divisor value is 100 will give you approximately a 1% chance
1444 | ; the gc will run on any give request. Increasing this value to 1000 will give you
1445 | ; a 0.1% chance the gc will run on any give request. For high volume production servers,
1446 | ; this is a more efficient approach.
1447 | ; Default Value: 100
1448 | ; Development Value: 1000
1449 | ; Production Value: 1000
1450 | ; http://php.net/session.gc-divisor
1451 | session.gc_divisor = 1000
1452 | 
1453 | ; After this number of seconds, stored data will be seen as 'garbage' and
1454 | ; cleaned up by the garbage collection process.
1455 | ; http://php.net/session.gc-maxlifetime
1456 | session.gc_maxlifetime = 1440
1457 | 
1458 | ; NOTE: If you are using the subdirectory option for storing session files
1459 | ;       (see session.save_path above), then garbage collection does *not*
1460 | ;       happen automatically.  You will need to do your own garbage
1461 | ;       collection through a shell script, cron entry, or some other method.
1462 | ;       For example, the following script would is the equivalent of
1463 | ;       setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
1464 | ;          find /path/to/sessions -cmin +24 -type f | xargs rm
1465 | 
1466 | ; Check HTTP Referer to invalidate externally stored URLs containing ids.
1467 | ; HTTP_REFERER has to contain this substring for the session to be
1468 | ; considered as valid.
1469 | ; http://php.net/session.referer-check
1470 | session.referer_check =
1471 | 
1472 | ; How many bytes to read from the file.
1473 | ; http://php.net/session.entropy-length
1474 | ;session.entropy_length = 32
1475 | 
1476 | ; Specified here to create the session id.
1477 | ; http://php.net/session.entropy-file
1478 | ; Defaults to /dev/urandom
1479 | ; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom
1480 | ; If neither are found at compile time, the default is no entropy file.
1481 | ; On windows, setting the entropy_length setting will activate the
1482 | ; Windows random source (using the CryptoAPI)
1483 | ;session.entropy_file = /dev/urandom
1484 | 
1485 | ; Set to {nocache,private,public,} to determine HTTP caching aspects
1486 | ; or leave this empty to avoid sending anti-caching headers.
1487 | ; http://php.net/session.cache-limiter
1488 | session.cache_limiter = nocache
1489 | 
1490 | ; Document expires after n minutes.
1491 | ; http://php.net/session.cache-expire
1492 | session.cache_expire = 180
1493 | 
1494 | ; trans sid support is disabled by default.
1495 | ; Use of trans sid may risk your users' security.
1496 | ; Use this option with caution.
1497 | ; - User may send URL contains active session ID
1498 | ;   to other person via. email/irc/etc.
1499 | ; - URL that contains active session ID may be stored
1500 | ;   in publicly accessible computer.
1501 | ; - User may access your site with the same session ID
1502 | ;   always using URL stored in browser's history or bookmarks.
1503 | ; http://php.net/session.use-trans-sid
1504 | session.use_trans_sid = 0
1505 | 
1506 | ; Select a hash function for use in generating session ids.
1507 | ; Possible Values
1508 | ;   0  (MD5 128 bits)
1509 | ;   1  (SHA-1 160 bits)
1510 | ; This option may also be set to the name of any hash function supported by
1511 | ; the hash extension. A list of available hashes is returned by the hash_algos()
1512 | ; function.
1513 | ; http://php.net/session.hash-function
1514 | session.hash_function = 0
1515 | 
1516 | ; Define how many bits are stored in each character when converting
1517 | ; the binary hash data to something readable.
1518 | ; Possible values:
1519 | ;   4  (4 bits: 0-9, a-f)
1520 | ;   5  (5 bits: 0-9, a-v)
1521 | ;   6  (6 bits: 0-9, a-z, A-Z, "-", ",")
1522 | ; Default Value: 4
1523 | ; Development Value: 5
1524 | ; Production Value: 5
1525 | ; http://php.net/session.hash-bits-per-character
1526 | session.hash_bits_per_character = 5
1527 | 
1528 | ; The URL rewriter will look for URLs in a defined set of HTML tags.
1529 | ; form/fieldset are special; if you include them here, the rewriter will
1530 | ; add a hidden <input> field with the info which is otherwise appended
1531 | ; to URLs.  If you want XHTML conformity, remove the form entry.
1532 | ; Note that all valid entries require a "=", even if no value follows.
1533 | ; Default Value: "a=href,area=href,frame=src,form=,fieldset="
1534 | ; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
1535 | ; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry"
1536 | ; http://php.net/url-rewriter.tags
1537 | url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
1538 | 
1539 | ; Enable upload progress tracking in $_SESSION
1540 | ; Default Value: On
1541 | ; Development Value: On
1542 | ; Production Value: On
1543 | ; http://php.net/session.upload-progress.enabled
1544 | ;session.upload_progress.enabled = On
1545 | 
1546 | ; Cleanup the progress information as soon as all POST data has been read
1547 | ; (i.e. upload completed).
1548 | ; Default Value: On
1549 | ; Development Value: On
1550 | ; Production Value: On
1551 | ; http://php.net/session.upload-progress.cleanup
1552 | ;session.upload_progress.cleanup = On
1553 | 
1554 | ; A prefix used for the upload progress key in $_SESSION
1555 | ; Default Value: "upload_progress_"
1556 | ; Development Value: "upload_progress_"
1557 | ; Production Value: "upload_progress_"
1558 | ; http://php.net/session.upload-progress.prefix
1559 | ;session.upload_progress.prefix = "upload_progress_"
1560 | 
1561 | ; The index name (concatenated with the prefix) in $_SESSION
1562 | ; containing the upload progress information
1563 | ; Default Value: "PHP_SESSION_UPLOAD_PROGRESS"
1564 | ; Development Value: "PHP_SESSION_UPLOAD_PROGRESS"
1565 | ; Production Value: "PHP_SESSION_UPLOAD_PROGRESS"
1566 | ; http://php.net/session.upload-progress.name
1567 | ;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS"
1568 | 
1569 | ; How frequently the upload progress should be updated.
1570 | ; Given either in percentages (per-file), or in bytes
1571 | ; Default Value: "1%"
1572 | ; Development Value: "1%"
1573 | ; Production Value: "1%"
1574 | ; http://php.net/session.upload-progress.freq
1575 | ;session.upload_progress.freq =  "1%"
1576 | 
1577 | ; The minimum delay between updates, in seconds
1578 | ; Default Value: 1
1579 | ; Development Value: 1
1580 | ; Production Value: 1
1581 | ; http://php.net/session.upload-progress.min-freq
1582 | ;session.upload_progress.min_freq = "1"
1583 | 
1584 | [MSSQL]
1585 | ; Allow or prevent persistent links.
1586 | mssql.allow_persistent = On
1587 | 
1588 | ; Maximum number of persistent links.  -1 means no limit.
1589 | mssql.max_persistent = -1
1590 | 
1591 | ; Maximum number of links (persistent+non persistent).  -1 means no limit.
1592 | mssql.max_links = -1
1593 | 
1594 | ; Minimum error severity to display.
1595 | mssql.min_error_severity = 10
1596 | 
1597 | ; Minimum message severity to display.
1598 | mssql.min_message_severity = 10
1599 | 
1600 | ; Compatibility mode with old versions of PHP 3.0.
1601 | mssql.compatibility_mode = Off
1602 | 
1603 | ; Connect timeout
1604 | ;mssql.connect_timeout = 5
1605 | 
1606 | ; Query timeout
1607 | ;mssql.timeout = 60
1608 | 
1609 | ; Valid range 0 - 2147483647.  Default = 4096.
1610 | ;mssql.textlimit = 4096
1611 | 
1612 | ; Valid range 0 - 2147483647.  Default = 4096.
1613 | ;mssql.textsize = 4096
1614 | 
1615 | ; Limits the number of records in each batch.  0 = all records in one batch.
1616 | ;mssql.batchsize = 0
1617 | 
1618 | ; Specify how datetime and datetim4 columns are returned
1619 | ; On => Returns data converted to SQL server settings
1620 | ; Off => Returns values as YYYY-MM-DD hh:mm:ss
1621 | ;mssql.datetimeconvert = On
1622 | 
1623 | ; Use NT authentication when connecting to the server
1624 | mssql.secure_connection = Off
1625 | 
1626 | ; Specify max number of processes. -1 = library default
1627 | ; msdlib defaults to 25
1628 | ; FreeTDS defaults to 4096
1629 | ;mssql.max_procs = -1
1630 | 
1631 | ; Specify client character set.
1632 | ; If empty or not set the client charset from freetds.conf is used
1633 | ; This is only used when compiled with FreeTDS
1634 | ;mssql.charset = "ISO-8859-1"
1635 | 
1636 | [Assertion]
1637 | ; Assert(expr); active by default.
1638 | ; http://php.net/assert.active
1639 | ;assert.active = On
1640 | 
1641 | ; Issue a PHP warning for each failed assertion.
1642 | ; http://php.net/assert.warning
1643 | ;assert.warning = On
1644 | 
1645 | ; Don't bail out by default.
1646 | ; http://php.net/assert.bail
1647 | ;assert.bail = Off
1648 | 
1649 | ; User-function to be called if an assertion fails.
1650 | ; http://php.net/assert.callback
1651 | ;assert.callback = 0
1652 | 
1653 | ; Eval the expression with current error_reporting().  Set to true if you want
1654 | ; error_reporting(0) around the eval().
1655 | ; http://php.net/assert.quiet-eval
1656 | ;assert.quiet_eval = 0
1657 | 
1658 | [COM]
1659 | ; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs
1660 | ; http://php.net/com.typelib-file
1661 | ;com.typelib_file =
1662 | 
1663 | ; allow Distributed-COM calls
1664 | ; http://php.net/com.allow-dcom
1665 | ;com.allow_dcom = true
1666 | 
1667 | ; autoregister constants of a components typlib on com_load()
1668 | ; http://php.net/com.autoregister-typelib
1669 | ;com.autoregister_typelib = true
1670 | 
1671 | ; register constants casesensitive
1672 | ; http://php.net/com.autoregister-casesensitive
1673 | ;com.autoregister_casesensitive = false
1674 | 
1675 | ; show warnings on duplicate constant registrations
1676 | ; http://php.net/com.autoregister-verbose
1677 | ;com.autoregister_verbose = true
1678 | 
1679 | ; The default character set code-page to use when passing strings to and from COM objects.
1680 | ; Default: system ANSI code page
1681 | ;com.code_page=
1682 | 
1683 | [mbstring]
1684 | ; language for internal character representation.
1685 | ; This affects mb_send_mail() and mbstrig.detect_order.
1686 | ; http://php.net/mbstring.language
1687 | ;mbstring.language = Japanese
1688 | 
1689 | ; Use of this INI entry is deprecated, use global internal_encoding instead.
1690 | ; internal/script encoding.
1691 | ; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*)
1692 | ; If empty, default_charset or internal_encoding or iconv.internal_encoding is used.
1693 | ; The precedence is: default_charset < internal_encoding < iconv.internal_encoding
1694 | ;mbstring.internal_encoding =
1695 | 
1696 | ; Use of this INI entry is deprecated, use global input_encoding instead.
1697 | ; http input encoding.
1698 | ; mbstring.encoding_traslation = On is needed to use this setting.
1699 | ; If empty, default_charset or input_encoding or mbstring.input is used.
1700 | ; The precedence is: default_charset < intput_encoding < mbsting.http_input
1701 | ; http://php.net/mbstring.http-input
1702 | ;mbstring.http_input =
1703 | 
1704 | ; Use of this INI entry is deprecated, use global output_encoding instead.
1705 | ; http output encoding.
1706 | ; mb_output_handler must be registered as output buffer to function.
1707 | ; If empty, default_charset or output_encoding or mbstring.http_output is used.
1708 | ; The precedence is: default_charset < output_encoding < mbstring.http_output
1709 | ; To use an output encoding conversion, mbstring's output handler must be set
1710 | ; otherwise output encoding conversion cannot be performed.
1711 | ; http://php.net/mbstring.http-output
1712 | ;mbstring.http_output =
1713 | 
1714 | ; enable automatic encoding translation according to
1715 | ; mbstring.internal_encoding setting. Input chars are
1716 | ; converted to internal encoding by setting this to On.
1717 | ; Note: Do _not_ use automatic encoding translation for
1718 | ;       portable libs/applications.
1719 | ; http://php.net/mbstring.encoding-translation
1720 | ;mbstring.encoding_translation = Off
1721 | 
1722 | ; automatic encoding detection order.
1723 | ; "auto" detect order is changed according to mbstring.language
1724 | ; http://php.net/mbstring.detect-order
1725 | ;mbstring.detect_order = auto
1726 | 
1727 | ; substitute_character used when character cannot be converted
1728 | ; one from another
1729 | ; http://php.net/mbstring.substitute-character
1730 | ;mbstring.substitute_character = none
1731 | 
1732 | ; overload(replace) single byte functions by mbstring functions.
1733 | ; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(),
1734 | ; etc. Possible values are 0,1,2,4 or combination of them.
1735 | ; For example, 7 for overload everything.
1736 | ; 0: No overload
1737 | ; 1: Overload mail() function
1738 | ; 2: Overload str*() functions
1739 | ; 4: Overload ereg*() functions
1740 | ; http://php.net/mbstring.func-overload
1741 | ;mbstring.func_overload = 0
1742 | 
1743 | ; enable strict encoding detection.
1744 | ; Default: Off
1745 | ;mbstring.strict_detection = On
1746 | 
1747 | ; This directive specifies the regex pattern of content types for which mb_output_handler()
1748 | ; is activated.
1749 | ; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml)
1750 | ;mbstring.http_output_conv_mimetype=
1751 | 
1752 | [gd]
1753 | ; Tell the jpeg decode to ignore warnings and try to create
1754 | ; a gd image. The warning will then be displayed as notices
1755 | ; disabled by default
1756 | ; http://php.net/gd.jpeg-ignore-warning
1757 | ;gd.jpeg_ignore_warning = 0
1758 | 
1759 | [exif]
1760 | ; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS.
1761 | ; With mbstring support this will automatically be converted into the encoding
1762 | ; given by corresponding encode setting. When empty mbstring.internal_encoding
1763 | ; is used. For the decode settings you can distinguish between motorola and
1764 | ; intel byte order. A decode setting cannot be empty.
1765 | ; http://php.net/exif.encode-unicode
1766 | ;exif.encode_unicode = ISO-8859-15
1767 | 
1768 | ; http://php.net/exif.decode-unicode-motorola
1769 | ;exif.decode_unicode_motorola = UCS-2BE
1770 | 
1771 | ; http://php.net/exif.decode-unicode-intel
1772 | ;exif.decode_unicode_intel    = UCS-2LE
1773 | 
1774 | ; http://php.net/exif.encode-jis
1775 | ;exif.encode_jis =
1776 | 
1777 | ; http://php.net/exif.decode-jis-motorola
1778 | ;exif.decode_jis_motorola = JIS
1779 | 
1780 | ; http://php.net/exif.decode-jis-intel
1781 | ;exif.decode_jis_intel    = JIS
1782 | 
1783 | [Tidy]
1784 | ; The path to a default tidy configuration file to use when using tidy
1785 | ; http://php.net/tidy.default-config
1786 | ;tidy.default_config = /usr/local/lib/php/default.tcfg
1787 | 
1788 | ; Should tidy clean and repair output automatically?
1789 | ; WARNING: Do not use this option if you are generating non-html content
1790 | ; such as dynamic images
1791 | ; http://php.net/tidy.clean-output
1792 | tidy.clean_output = Off
1793 | 
1794 | [soap]
1795 | ; Enables or disables WSDL caching feature.
1796 | ; http://php.net/soap.wsdl-cache-enabled
1797 | soap.wsdl_cache_enabled=1
1798 | 
1799 | ; Sets the directory name where SOAP extension will put cache files.
1800 | ; http://php.net/soap.wsdl-cache-dir
1801 | soap.wsdl_cache_dir="/tmp"
1802 | 
1803 | ; (time to live) Sets the number of second while cached file will be used
1804 | ; instead of original one.
1805 | ; http://php.net/soap.wsdl-cache-ttl
1806 | soap.wsdl_cache_ttl=86400
1807 | 
1808 | ; Sets the size of the cache limit. (Max. number of WSDL files to cache)
1809 | soap.wsdl_cache_limit = 5
1810 | 
1811 | [sysvshm]
1812 | ; A default size of the shared memory segment
1813 | ;sysvshm.init_mem = 10000
1814 | 
1815 | [ldap]
1816 | ; Sets the maximum number of open links or -1 for unlimited.
1817 | ldap.max_links = -1
1818 | 
1819 | [mcrypt]
1820 | ; For more information about mcrypt settings see http://php.net/mcrypt-module-open
1821 | 
1822 | ; Directory where to load mcrypt algorithms
1823 | ; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt)
1824 | ;mcrypt.algorithms_dir=
1825 | 
1826 | ; Directory where to load mcrypt modes
1827 | ; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt)
1828 | ;mcrypt.modes_dir=
1829 | 
1830 | [dba]
1831 | ;dba.default_handler=
1832 | 
1833 | [opcache]
1834 | ; Determines if Zend OPCache is enabled
1835 | ;opcache.enable=0
1836 | 
1837 | ; Determines if Zend OPCache is enabled for the CLI version of PHP
1838 | ;opcache.enable_cli=0
1839 | 
1840 | ; The OPcache shared memory storage size.
1841 | ;opcache.memory_consumption=64
1842 | 
1843 | ; The amount of memory for interned strings in Mbytes.
1844 | ;opcache.interned_strings_buffer=4
1845 | 
1846 | ; The maximum number of keys (scripts) in the OPcache hash table.
1847 | ; Only numbers between 200 and 100000 are allowed.
1848 | ;opcache.max_accelerated_files=2000
1849 | 
1850 | ; The maximum percentage of "wasted" memory until a restart is scheduled.
1851 | ;opcache.max_wasted_percentage=5
1852 | 
1853 | ; When this directive is enabled, the OPcache appends the current working
1854 | ; directory to the script key, thus eliminating possible collisions between
1855 | ; files with the same name (basename). Disabling the directive improves
1856 | ; performance, but may break existing applications.
1857 | ;opcache.use_cwd=1
1858 | 
1859 | ; When disabled, you must reset the OPcache manually or restart the
1860 | ; webserver for changes to the filesystem to take effect.
1861 | ;opcache.validate_timestamps=1
1862 | 
1863 | ; How often (in seconds) to check file timestamps for changes to the shared
1864 | ; memory storage allocation. ("1" means validate once per second, but only
1865 | ; once per request. "0" means always validate)
1866 | ;opcache.revalidate_freq=2
1867 | 
1868 | ; Enables or disables file search in include_path optimization
1869 | ;opcache.revalidate_path=0
1870 | 
1871 | ; If disabled, all PHPDoc comments are dropped from the code to reduce the
1872 | ; size of the optimized code.
1873 | ;opcache.save_comments=1
1874 | 
1875 | ; If disabled, PHPDoc comments are not loaded from SHM, so "Doc Comments"
1876 | ; may be always stored (save_comments=1), but not loaded by applications
1877 | ; that don't need them anyway.
1878 | ;opcache.load_comments=1
1879 | 
1880 | ; If enabled, a fast shutdown sequence is used for the accelerated code
1881 | ;opcache.fast_shutdown=0
1882 | 
1883 | ; Allow file existence override (file_exists, etc.) performance feature.
1884 | ;opcache.enable_file_override=0
1885 | 
1886 | ; A bitmask, where each bit enables or disables the appropriate OPcache
1887 | ; passes
1888 | ;opcache.optimization_level=0xffffffff
1889 | 
1890 | ;opcache.inherited_hack=1
1891 | ;opcache.dups_fix=0
1892 | 
1893 | ; The location of the OPcache blacklist file (wildcards allowed).
1894 | ; Each OPcache blacklist file is a text file that holds the names of files
1895 | ; that should not be accelerated. The file format is to add each filename
1896 | ; to a new line. The filename may be a full path or just a file prefix
1897 | ; (i.e., /var/www/x  blacklists all the files and directories in /var/www
1898 | ; that start with 'x'). Line starting with a ; are ignored (comments).
1899 | ;opcache.blacklist_filename=
1900 | 
1901 | ; Allows exclusion of large files from being cached. By default all files
1902 | ; are cached.
1903 | ;opcache.max_file_size=0
1904 | 
1905 | ; Check the cache checksum each N requests.
1906 | ; The default value of "0" means that the checks are disabled.
1907 | ;opcache.consistency_checks=0
1908 | 
1909 | ; How long to wait (in seconds) for a scheduled restart to begin if the cache
1910 | ; is not being accessed.
1911 | ;opcache.force_restart_timeout=180
1912 | 
1913 | ; OPcache error_log file name. Empty string assumes "stderr".
1914 | ;opcache.error_log=
1915 | 
1916 | ; All OPcache errors go to the Web server log.
1917 | ; By default, only fatal errors (level 0) or errors (level 1) are logged.
1918 | ; You can also enable warnings (level 2), info messages (level 3) or
1919 | ; debug messages (level 4).
1920 | ;opcache.log_verbosity_level=1
1921 | 
1922 | ; Preferred Shared Memory back-end. Leave empty and let the system decide.
1923 | ;opcache.preferred_memory_model=
1924 | 
1925 | ; Protect the shared memory from unexpected writing during script execution.
1926 | ; Useful for internal debugging only.
1927 | ;opcache.protect_memory=0
1928 | 
1929 | [curl]
1930 | ; A default value for the CURLOPT_CAINFO option. This is required to be an
1931 | ; absolute path.
1932 | ;curl.cainfo =
1933 | 
1934 | [openssl]
1935 | ; The location of a Certificate Authority (CA) file on the local filesystem
1936 | ; to use when verifying the identity of SSL/TLS peers. Most users should
1937 | ; not specify a value for this directive as PHP will attempt to use the
1938 | ; OS-managed cert stores in its absence. If specified, this value may still
1939 | ; be overridden on a per-stream basis via the "cafile" SSL stream context
1940 | ; option.
1941 | ;openssl.cafile=
1942 | 
1943 | ; If openssl.cafile is not specified or if the CA file is not found, the
1944 | ; directory pointed to by openssl.capath is searched for a suitable
1945 | ; certificate. This value must be a correctly hashed certificate directory.
1946 | ; Most users should not specify a value for this directive as PHP will
1947 | ; attempt to use the OS-managed cert stores in its absence. If specified,
1948 | ; this value may still be overridden on a per-stream basis via the "capath"
1949 | ; SSL stream context option.
1950 | ;openssl.capath=
1951 | 
1952 | ; Local Variables:
1953 | ; tab-width: 4
1954 | ; End:
1955 | 


--------------------------------------------------------------------------------
/ansible/roles/php/templates/www.conf.j2:
--------------------------------------------------------------------------------
  1 | ; Start a new pool named 'www'.
  2 | ; the variable $pool can we used in any directive and will be replaced by the
  3 | ; pool name ('www' here)
  4 | [www]
  5 | 
  6 | ; Per pool prefix
  7 | ; It only applies on the following directives:
  8 | ; - 'slowlog'
  9 | ; - 'listen' (unixsocket)
 10 | ; - 'chroot'
 11 | ; - 'chdir'
 12 | ; - 'php_values'
 13 | ; - 'php_admin_values'
 14 | ; When not set, the global prefix (or /usr) applies instead.
 15 | ; Note: This directive can also be relative to the global prefix.
 16 | ; Default Value: none
 17 | ; prefix = /var/www
 18 | 
 19 | ; Unix user/group of processes
 20 | ; Note: The user is mandatory. If the group is not set, the default user's group
 21 | ;       will be used.
 22 | user = www-data
 23 | group = www-data
 24 | 
 25 | ; The address on which to accept FastCGI requests.
 26 | ; Valid syntaxes are:
 27 | ;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific address on
 28 | ;                            a specific port;
 29 | ;   'port'                 - to listen on a TCP socket to all addresses on a
 30 | ;                            specific port;
 31 | ;   '/path/to/unix/socket' - to listen on a unix socket.
 32 | ; Note: This value is mandatory.
 33 | listen = /var/run/php5-fpm.sock
 34 | 
 35 | ; Set listen(2) backlog.
 36 | ; Default Value: 65535 (-1 on FreeBSD and OpenBSD)
 37 | ;listen.backlog = 65535
 38 | 
 39 | ; Set permissions for unix socket, if one is used. In Linux, read/write
 40 | ; permissions must be set in order to allow connections from a web server. Many
 41 | ; BSD-derived systems allow connections regardless of permissions.
 42 | ; Default Values: user and group are set as the running user
 43 | ;                 mode is set to 0660
 44 | listen.owner = www-data
 45 | listen.group = www-data
 46 | ;listen.mode = 0660
 47 | 
 48 | ; List of ipv4 addresses of FastCGI clients which are allowed to connect.
 49 | ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
 50 | ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
 51 | ; must be separated by a comma. If this value is left blank, connections will be
 52 | ; accepted from any ip address.
 53 | ; Default Value: any
 54 | ; listen.allowed_clients = 127.0.0.1
 55 | 
 56 | ; Specify the nice(2) priority to apply to the pool processes (only if set)
 57 | ; The value can vary from -19 (highest priority) to 20 (lower priority)
 58 | ; Note: - It will only work if the FPM master process is launched as root
 59 | ;       - The pool processes will inherit the master process priority
 60 | ;         unless it specified otherwise
 61 | ; Default Value: no set
 62 | ; process.priority = -19
 63 | 
 64 | ; Choose how the process manager will control the number of child processes.
 65 | ; Possible Values:
 66 | ;   static  - a fixed number (pm.max_children) of child processes;
 67 | ;   dynamic - the number of child processes are set dynamically based on the
 68 | ;             following directives. With this process management, there will be
 69 | ;             always at least 1 children.
 70 | ;             pm.max_children      - the maximum number of children that can
 71 | ;                                    be alive at the same time.
 72 | ;             pm.start_servers     - the number of children created on startup.
 73 | ;             pm.min_spare_servers - the minimum number of children in 'idle'
 74 | ;                                    state (waiting to process). If the number
 75 | ;                                    of 'idle' processes is less than this
 76 | ;                                    number then some children will be created.
 77 | ;             pm.max_spare_servers - the maximum number of children in 'idle'
 78 | ;                                    state (waiting to process). If the number
 79 | ;                                    of 'idle' processes is greater than this
 80 | ;                                    number then some children will be killed.
 81 | ;  ondemand - no children are created at startup. Children will be forked when
 82 | ;             new requests will connect. The following parameter are used:
 83 | ;             pm.max_children           - the maximum number of children that
 84 | ;                                         can be alive at the same time.
 85 | ;             pm.process_idle_timeout   - The number of seconds after which
 86 | ;                                         an idle process will be killed.
 87 | ; Note: This value is mandatory.
 88 | pm = dynamic
 89 | 
 90 | ; The number of child processes to be created when pm is set to 'static' and the
 91 | ; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
 92 | ; This value sets the limit on the number of simultaneous requests that will be
 93 | ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
 94 | ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
 95 | ; CGI. The below defaults are based on a server without much resources. Don't
 96 | ; forget to tweak pm.* to fit your needs.
 97 | ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
 98 | ; Note: This value is mandatory.
 99 | pm.max_children = 10
100 | 
101 | ; The number of child processes created on startup.
102 | ; Note: Used only when pm is set to 'dynamic'
103 | ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
104 | pm.start_servers = 2
105 | 
106 | ; The desired minimum number of idle server processes.
107 | ; Note: Used only when pm is set to 'dynamic'
108 | ; Note: Mandatory when pm is set to 'dynamic'
109 | pm.min_spare_servers = 2
110 | 
111 | ; The desired maximum number of idle server processes.
112 | ; Note: Used only when pm is set to 'dynamic'
113 | ; Note: Mandatory when pm is set to 'dynamic'
114 | pm.max_spare_servers = 4
115 | 
116 | ; The number of seconds after which an idle process will be killed.
117 | ; Note: Used only when pm is set to 'ondemand'
118 | ; Default Value: 10s
119 | pm.process_idle_timeout = 6s;
120 | 
121 | ; The number of requests each child process should execute before respawning.
122 | ; This can be useful to work around memory leaks in 3rd party libraries. For
123 | ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
124 | ; Default Value: 0
125 | pm.max_requests = 1000
126 | 
127 | ; The URI to view the FPM status page. If this value is not set, no URI will be
128 | ; recognized as a status page. It shows the following informations:
129 | ;   pool                 - the name of the pool;
130 | ;   process manager      - static, dynamic or ondemand;
131 | ;   start time           - the date and time FPM has started;
132 | ;   start since          - number of seconds since FPM has started;
133 | ;   accepted conn        - the number of request accepted by the pool;
134 | ;   listen queue         - the number of request in the queue of pending
135 | ;                          connections (see backlog in listen(2));
136 | ;   max listen queue     - the maximum number of requests in the queue
137 | ;                          of pending connections since FPM has started;
138 | ;   listen queue len     - the size of the socket queue of pending connections;
139 | ;   idle processes       - the number of idle processes;
140 | ;   active processes     - the number of active processes;
141 | ;   total processes      - the number of idle + active processes;
142 | ;   max active processes - the maximum number of active processes since FPM
143 | ;                          has started;
144 | ;   max children reached - number of times, the process limit has been reached,
145 | ;                          when pm tries to start more children (works only for
146 | ;                          pm 'dynamic' and 'ondemand');
147 | ; Value are updated in real time.
148 | ; Example output:
149 | ;   pool:                 www
150 | ;   process manager:      static
151 | ;   start time:           01/Jul/2011:17:53:49 +0200
152 | ;   start since:          62636
153 | ;   accepted conn:        190460
154 | ;   listen queue:         0
155 | ;   max listen queue:     1
156 | ;   listen queue len:     42
157 | ;   idle processes:       4
158 | ;   active processes:     11
159 | ;   total processes:      15
160 | ;   max active processes: 12
161 | ;   max children reached: 0
162 | ;
163 | ; By default the status page output is formatted as text/plain. Passing either
164 | ; 'html', 'xml' or 'json' in the query string will return the corresponding
165 | ; output syntax. Example:
166 | ;   http://www.foo.bar/status
167 | ;   http://www.foo.bar/status?json
168 | ;   http://www.foo.bar/status?html
169 | ;   http://www.foo.bar/status?xml
170 | ;
171 | ; By default the status page only outputs short status. Passing 'full' in the
172 | ; query string will also return status for each pool process.
173 | ; Example:
174 | ;   http://www.foo.bar/status?full
175 | ;   http://www.foo.bar/status?json&full
176 | ;   http://www.foo.bar/status?html&full
177 | ;   http://www.foo.bar/status?xml&full
178 | ; The Full status returns for each process:
179 | ;   pid                  - the PID of the process;
180 | ;   state                - the state of the process (Idle, Running, ...);
181 | ;   start time           - the date and time the process has started;
182 | ;   start since          - the number of seconds since the process has started;
183 | ;   requests             - the number of requests the process has served;
184 | ;   request duration     - the duration in µs of the requests;
185 | ;   request method       - the request method (GET, POST, ...);
186 | ;   request URI          - the request URI with the query string;
187 | ;   content length       - the content length of the request (only with POST);
188 | ;   user                 - the user (PHP_AUTH_USER) (or '-' if not set);
189 | ;   script               - the main script called (or '-' if not set);
190 | ;   last request cpu     - the %cpu the last request consumed
191 | ;                          it's always 0 if the process is not in Idle state
192 | ;                          because CPU calculation is done when the request
193 | ;                          processing has terminated;
194 | ;   last request memory  - the max amount of memory the last request consumed
195 | ;                          it's always 0 if the process is not in Idle state
196 | ;                          because memory calculation is done when the request
197 | ;                          processing has terminated;
198 | ; If the process is in Idle state, then informations are related to the
199 | ; last request the process has served. Otherwise informations are related to
200 | ; the current request being served.
201 | ; Example output:
202 | ;   ************************
203 | ;   pid:                  31330
204 | ;   state:                Running
205 | ;   start time:           01/Jul/2011:17:53:49 +0200
206 | ;   start since:          63087
207 | ;   requests:             12808
208 | ;   request duration:     1250261
209 | ;   request method:       GET
210 | ;   request URI:          /test_mem.php?N=10000
211 | ;   content length:       0
212 | ;   user:                 -
213 | ;   script:               /home/fat/web/docs/php/test_mem.php
214 | ;   last request cpu:     0.00
215 | ;   last request memory:  0
216 | ;
217 | ; Note: There is a real-time FPM status monitoring sample web page available
218 | ;       It's available in: ${prefix}/share/fpm/status.html
219 | ;
220 | ; Note: The value must start with a leading slash (/). The value can be
221 | ;       anything, but it may not be a good idea to use the .php extension or it
222 | ;       may conflict with a real PHP file.
223 | ; Default Value: not set
224 | pm.status_path = /fpmstatus
225 | 
226 | ; The ping URI to call the monitoring page of FPM. If this value is not set, no
227 | ; URI will be recognized as a ping page. This could be used to test from outside
228 | ; that FPM is alive and responding, or to
229 | ; - create a graph of FPM availability (rrd or such);
230 | ; - remove a server from a group if it is not responding (load balancing);
231 | ; - trigger alerts for the operating team (24/7).
232 | ; Note: The value must start with a leading slash (/). The value can be
233 | ;       anything, but it may not be a good idea to use the .php extension or it
234 | ;       may conflict with a real PHP file.
235 | ; Default Value: not set
236 | ping.path = /fpmping
237 | 
238 | ; This directive may be used to customize the response of a ping request. The
239 | ; response is formatted as text/plain with a 200 response code.
240 | ; Default Value: pong
241 | ;ping.response = pong
242 | 
243 | ; The access log file
244 | ; Default: not set
245 | ;access.log = log/$pool.access.log
246 | 
247 | ; The access log format.
248 | ; The following syntax is allowed
249 | ;  %%: the '%' character
250 | ;  %C: %CPU used by the request
251 | ;      it can accept the following format:
252 | ;      - %{user}C for user CPU only
253 | ;      - %{system}C for system CPU only
254 | ;      - %{total}C  for user + system CPU (default)
255 | ;  %d: time taken to serve the request
256 | ;      it can accept the following format:
257 | ;      - %{seconds}d (default)
258 | ;      - %{miliseconds}d
259 | ;      - %{mili}d
260 | ;      - %{microseconds}d
261 | ;      - %{micro}d
262 | ;  %e: an environment variable (same as $_ENV or $_SERVER)
263 | ;      it must be associated with embraces to specify the name of the env
264 | ;      variable. Some exemples:
265 | ;      - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
266 | ;      - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
267 | ;  %f: script filename
268 | ;  %l: content-length of the request (for POST request only)
269 | ;  %m: request method
270 | ;  %M: peak of memory allocated by PHP
271 | ;      it can accept the following format:
272 | ;      - %{bytes}M (default)
273 | ;      - %{kilobytes}M
274 | ;      - %{kilo}M
275 | ;      - %{megabytes}M
276 | ;      - %{mega}M
277 | ;  %n: pool name
278 | ;  %o: output header
279 | ;      it must be associated with embraces to specify the name of the header:
280 | ;      - %{Content-Type}o
281 | ;      - %{X-Powered-By}o
282 | ;      - %{Transfert-Encoding}o
283 | ;      - ....
284 | ;  %p: PID of the child that serviced the request
285 | ;  %P: PID of the parent of the child that serviced the request
286 | ;  %q: the query string
287 | ;  %Q: the '?' character if query string exists
288 | ;  %r: the request URI (without the query string, see %q and %Q)
289 | ;  %R: remote IP address
290 | ;  %s: status (response code)
291 | ;  %t: server time the request was received
292 | ;      it can accept a strftime(3) format:
293 | ;      %d/%b/%Y:%H:%M:%S %z (default)
294 | ;  %T: time the log has been written (the request has finished)
295 | ;      it can accept a strftime(3) format:
296 | ;      %d/%b/%Y:%H:%M:%S %z (default)
297 | ;  %u: remote user
298 | ;
299 | ; Default: "%R - %u %t \"%m %r\" %s"
300 | ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
301 | 
302 | ; The log file for slow requests
303 | ; Default Value: not set
304 | ; Note: slowlog is mandatory if request_slowlog_timeout is set
305 | ;slowlog = log/$pool.log.slow
306 | 
307 | ; The timeout for serving a single request after which a PHP backtrace will be
308 | ; dumped to the 'slowlog' file. A value of '0s' means 'off'.
309 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
310 | ; Default Value: 0
311 | ;request_slowlog_timeout = 0
312 | 
313 | ; The timeout for serving a single request after which the worker process will
314 | ; be killed. This option should be used when the 'max_execution_time' ini option
315 | ; does not stop script execution for some reason. A value of '0' means 'off'.
316 | ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
317 | ; Default Value: 0
318 | ;request_terminate_timeout = 0
319 | 
320 | ; Set open file descriptor rlimit.
321 | ; Default Value: system defined value
322 | ;rlimit_files = 1024
323 | 
324 | ; Set max core size rlimit.
325 | ; Possible Values: 'unlimited' or an integer greater or equal to 0
326 | ; Default Value: system defined value
327 | ;rlimit_core = 0
328 | 
329 | ; Chroot to this directory at the start. This value must be defined as an
330 | ; absolute path. When this value is not set, chroot is not used.
331 | ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
332 | ; of its subdirectories. If the pool prefix is not set, the global prefix
333 | ; will be used instead.
334 | ; Note: chrooting is a great security feature and should be used whenever
335 | ;       possible. However, all PHP paths will be relative to the chroot
336 | ;       (error_log, sessions.save_path, ...).
337 | ; Default Value: not set
338 | ; chroot = $prefix
339 | 
340 | ; Chdir to this directory at the start.
341 | ; Note: relative path can be used.
342 | ; Default Value: current directory or / when chroot
343 | ; chdir = /
344 | 
345 | ; Redirect worker stdout and stderr into main error log. If not set, stdout and
346 | ; stderr will be redirected to /dev/null according to FastCGI specs.
347 | ; Note: on highloaded environement, this can cause some delay in the page
348 | ; process time (several ms).
349 | ; Default Value: no
350 | ;catch_workers_output = yes
351 | 
352 | ; Clear environment in FPM workers
353 | ; Prevents arbitrary environment variables from reaching FPM worker processes
354 | ; by clearing the environment in workers before env vars specified in this
355 | ; pool configuration are added.
356 | ; Setting to "no" will make all environment variables available to PHP code
357 | ; via getenv(), $_ENV and $_SERVER.
358 | ; Default Value: yes
359 | ;clear_env = no
360 | 
361 | ; Limits the extensions of the main script FPM will allow to parse. This can
362 | ; prevent configuration mistakes on the web server side. You should only limit
363 | ; FPM to .php extensions to prevent malicious users to use other extensions to
364 | ; exectute php code.
365 | ; Note: set an empty value to allow all extensions.
366 | ; Default Value: .php
367 | ;security.limit_extensions = .php .php3 .php4 .php5
368 | 
369 | ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
370 | ; the current environment.
371 | ; Default Value: clean env
372 | ;env[HOSTNAME] = $HOSTNAME
373 | ;env[PATH] = /usr/local/bin:/usr/bin:/bin
374 | ;env[TMP] = /tmp
375 | ;env[TMPDIR] = /tmp
376 | ;env[TEMP] = /tmp
377 | 
378 | ; Additional php.ini defines, specific to this pool of workers. These settings
379 | ; overwrite the values previously defined in the php.ini. The directives are the
380 | ; same as the PHP SAPI:
381 | ;   php_value/php_flag             - you can set classic ini defines which can
382 | ;                                    be overwritten from PHP call 'ini_set'.
383 | ;   php_admin_value/php_admin_flag - these directives won't be overwritten by
384 | ;                                     PHP call 'ini_set'
385 | ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
386 | 
387 | ; Defining 'extension' will load the corresponding shared extension from
388 | ; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
389 | ; overwrite previously defined php.ini values, but will append the new value
390 | ; instead.
391 | 
392 | ; Note: path INI options can be relative and will be expanded with the prefix
393 | ; (pool, global or /usr)
394 | 
395 | ; Default Value: nothing is defined by default except the values in php.ini and
396 | ;                specified at startup with the -d argument
397 | ;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
398 | ;php_flag[display_errors] = off
399 | ;php_admin_value[error_log] = /var/log/fpm-php.www.log
400 | ;php_admin_flag[log_errors] = on
401 | ;php_admin_value[memory_limit] = 32M
402 | ;php_admin_value[error_log] = /log/fpm-php.www.log
403 | ;php_admin_value[session.save_path] = /tmp/sessions
404 | ;php_admin_value[upload_tmp_dir] = /tmp


--------------------------------------------------------------------------------
/ansible/roles/postgresql/files/pg_hba.conf:
--------------------------------------------------------------------------------
  1 | # PostgreSQL Client Authentication Configuration File
  2 | # ===================================================
  3 | #
  4 | # Refer to the "Client Authentication" section in the PostgreSQL
  5 | # documentation for a complete description of this file.  A short
  6 | # synopsis follows.
  7 | #
  8 | # This file controls: which hosts are allowed to connect, how clients
  9 | # are authenticated, which PostgreSQL user names they can use, which
 10 | # databases they can access.  Records take one of these forms:
 11 | #
 12 | # local      DATABASE  USER  METHOD  [OPTIONS]
 13 | # host       DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
 14 | # hostssl    DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
 15 | # hostnossl  DATABASE  USER  ADDRESS  METHOD  [OPTIONS]
 16 | #
 17 | # (The uppercase items must be replaced by actual values.)
 18 | #
 19 | # The first field is the connection type: "local" is a Unix-domain
 20 | # socket, "host" is either a plain or SSL-encrypted TCP/IP socket,
 21 | # "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a
 22 | # plain TCP/IP socket.
 23 | #
 24 | # DATABASE can be "all", "sameuser", "samerole", "replication", a
 25 | # database name, or a comma-separated list thereof. The "all"
 26 | # keyword does not match "replication". Access to replication
 27 | # must be enabled in a separate record (see example below).
 28 | #
 29 | # USER can be "all", a user name, a group name prefixed with "+", or a
 30 | # comma-separated list thereof.  In both the DATABASE and USER fields
 31 | # you can also write a file name prefixed with "@" to include names
 32 | # from a separate file.
 33 | #
 34 | # ADDRESS specifies the set of hosts the record matches.  It can be a
 35 | # host name, or it is made up of an IP address and a CIDR mask that is
 36 | # an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that
 37 | # specifies the number of significant bits in the mask.  A host name
 38 | # that starts with a dot (.) matches a suffix of the actual host name.
 39 | # Alternatively, you can write an IP address and netmask in separate
 40 | # columns to specify the set of hosts.  Instead of a CIDR-address, you
 41 | # can write "samehost" to match any of the server's own IP addresses,
 42 | # or "samenet" to match any address in any subnet that the server is
 43 | # directly connected to.
 44 | #
 45 | # METHOD can be "trust", "reject", "md5", "password", "gss", "sspi",
 46 | # "ident", "peer", "pam", "ldap", "radius" or "cert".  Note that
 47 | # "password" sends passwords in clear text; "md5" is preferred since
 48 | # it sends encrypted passwords.
 49 | #
 50 | # OPTIONS are a set of options for the authentication in the format
 51 | # NAME=VALUE.  The available options depend on the different
 52 | # authentication methods -- refer to the "Client Authentication"
 53 | # section in the documentation for a list of which options are
 54 | # available for which authentication methods.
 55 | #
 56 | # Database and user names containing spaces, commas, quotes and other
 57 | # special characters must be quoted.  Quoting one of the keywords
 58 | # "all", "sameuser", "samerole" or "replication" makes the name lose
 59 | # its special character, and just match a database or username with
 60 | # that name.
 61 | #
 62 | # This file is read on server startup and when the postmaster receives
 63 | # a SIGHUP signal.  If you edit the file on a running system, you have
 64 | # to SIGHUP the postmaster for the changes to take effect.  You can
 65 | # use "pg_ctl reload" to do that.
 66 | 
 67 | # Put your actual configuration here
 68 | # ----------------------------------
 69 | #
 70 | # If you want to allow non-local connections, you need to add more
 71 | # "host" records.  In that case you will also need to make PostgreSQL
 72 | # listen on a non-local interface via the listen_addresses
 73 | # configuration parameter, or via the -i or -h command line switches.
 74 | 
 75 | 
 76 | 
 77 | 
 78 | # DO NOT DISABLE!
 79 | # If you change this first entry you will need to make sure that the
 80 | # database superuser can access the database using some other method.
 81 | # Noninteractive access to all databases is required during automatic
 82 | # maintenance (custom daily cronjobs, replication, and similar tasks).
 83 | #
 84 | # Database administrative login by Unix domain socket
 85 | local   all             postgres                                peer
 86 | 
 87 | # TYPE  DATABASE        USER            ADDRESS                 METHOD
 88 | 
 89 | # "local" is for Unix domain socket connections only
 90 | local   all             all                                     peer
 91 | # IPv4 local connections:
 92 | host    all             all             127.0.0.1/32            md5
 93 | # IPv6 local connections:
 94 | host    all             all             ::1/128                 md5
 95 | # Allow replication connections from localhost, by a user with the
 96 | # replication privilege.
 97 | #local   replication     postgres                                peer
 98 | #host    replication     postgres        127.0.0.1/32            md5
 99 | #host    replication     postgres        ::1/128                 md5
100 | host    all             all             10.0.2.2/32             md5


--------------------------------------------------------------------------------
/ansible/roles/postgresql/files/postgresql.conf:
--------------------------------------------------------------------------------
  1 | # -----------------------------
  2 | # PostgreSQL configuration file
  3 | # -----------------------------
  4 | #
  5 | # This file consists of lines of the form:
  6 | #
  7 | #   name = value
  8 | #
  9 | # (The "=" is optional.)  Whitespace may be used.  Comments are introduced with
 10 | # "#" anywhere on a line.  The complete list of parameter names and allowed
 11 | # values can be found in the PostgreSQL documentation.
 12 | #
 13 | # The commented-out settings shown in this file represent the default values.
 14 | # Re-commenting a setting is NOT sufficient to revert it to the default value;
 15 | # you need to reload the server.
 16 | #
 17 | # This file is read on server startup and when the server receives a SIGHUP
 18 | # signal.  If you edit the file on a running system, you have to SIGHUP the
 19 | # server for the changes to take effect, or use "pg_ctl reload".  Some
 20 | # parameters, which are marked below, require a server shutdown and restart to
 21 | # take effect.
 22 | #
 23 | # Any parameter can also be given as a command-line option to the server, e.g.,
 24 | # "postgres -c log_connections=on".  Some parameters can be changed at run time
 25 | # with the "SET" SQL command.
 26 | #
 27 | # Memory units:  kB = kilobytes        Time units:  ms  = milliseconds
 28 | #                MB = megabytes                     s   = seconds
 29 | #                GB = gigabytes                     min = minutes
 30 | #                TB = terabytes                     h   = hours
 31 | #                                                   d   = days
 32 | 
 33 | 
 34 | #------------------------------------------------------------------------------
 35 | # FILE LOCATIONS
 36 | #------------------------------------------------------------------------------
 37 | 
 38 | # The default values of these variables are driven from the -D command-line
 39 | # option or PGDATA environment variable, represented here as ConfigDir.
 40 | 
 41 | data_directory = '/var/lib/postgresql/9.4/main'		# use data in another directory
 42 | 					# (change requires restart)
 43 | hba_file = '/etc/postgresql/9.4/main/pg_hba.conf'	# host-based authentication file
 44 | 					# (change requires restart)
 45 | ident_file = '/etc/postgresql/9.4/main/pg_ident.conf'	# ident configuration file
 46 | 					# (change requires restart)
 47 | 
 48 | # If external_pid_file is not explicitly set, no extra PID file is written.
 49 | external_pid_file = '/var/run/postgresql/9.4-main.pid'			# write an extra PID file
 50 | 					# (change requires restart)
 51 | 
 52 | 
 53 | #------------------------------------------------------------------------------
 54 | # CONNECTIONS AND AUTHENTICATION
 55 | #------------------------------------------------------------------------------
 56 | 
 57 | # - Connection Settings -
 58 | 
 59 | listen_addresses = '*'		# what IP address(es) to listen on;
 60 | 					# comma-separated list of addresses;
 61 | 					# defaults to 'localhost'; use '*' for all
 62 | 					# (change requires restart)
 63 | port = 5432				# (change requires restart)
 64 | max_connections = 100			# (change requires restart)
 65 | # Note:  Increasing max_connections costs ~400 bytes of shared memory per
 66 | # connection slot, plus lock space (see max_locks_per_transaction).
 67 | #superuser_reserved_connections = 3	# (change requires restart)
 68 | unix_socket_directories = '/var/run/postgresql'	# comma-separated list of directories
 69 | 					# (change requires restart)
 70 | #unix_socket_group = ''			# (change requires restart)
 71 | #unix_socket_permissions = 0777		# begin with 0 to use octal notation
 72 | 					# (change requires restart)
 73 | #bonjour = off				# advertise server via Bonjour
 74 | 					# (change requires restart)
 75 | #bonjour_name = ''			# defaults to the computer name
 76 | 					# (change requires restart)
 77 | 
 78 | # - Security and Authentication -
 79 | 
 80 | #authentication_timeout = 1min		# 1s-600s
 81 | ssl = true				# (change requires restart)
 82 | #ssl_ciphers = 'HIGH:MEDIUM:+3DES:!aNULL' # allowed SSL ciphers
 83 | 					# (change requires restart)
 84 | #ssl_prefer_server_ciphers = on		# (change requires restart)
 85 | #ssl_ecdh_curve = 'prime256v1'		# (change requires restart)
 86 | #ssl_renegotiation_limit = 512MB	# amount of data between renegotiations
 87 | ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'		# (change requires restart)
 88 | ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key'		# (change requires restart)
 89 | #ssl_ca_file = ''			# (change requires restart)
 90 | #ssl_crl_file = ''			# (change requires restart)
 91 | #password_encryption = on
 92 | #db_user_namespace = off
 93 | 
 94 | # GSSAPI using Kerberos
 95 | #krb_server_keyfile = ''
 96 | #krb_caseins_users = off
 97 | 
 98 | # - TCP Keepalives -
 99 | # see "man 7 tcp" for details
100 | 
101 | #tcp_keepalives_idle = 0		# TCP_KEEPIDLE, in seconds;
102 | 					# 0 selects the system default
103 | #tcp_keepalives_interval = 0		# TCP_KEEPINTVL, in seconds;
104 | 					# 0 selects the system default
105 | #tcp_keepalives_count = 0		# TCP_KEEPCNT;
106 | 					# 0 selects the system default
107 | 
108 | 
109 | #------------------------------------------------------------------------------
110 | # RESOURCE USAGE (except WAL)
111 | #------------------------------------------------------------------------------
112 | 
113 | # - Memory -
114 | 
115 | shared_buffers = 128MB			# min 128kB
116 | 					# (change requires restart)
117 | #huge_pages = try			# on, off, or try
118 | 					# (change requires restart)
119 | #temp_buffers = 8MB			# min 800kB
120 | #max_prepared_transactions = 0		# zero disables the feature
121 | 					# (change requires restart)
122 | # Note:  Increasing max_prepared_transactions costs ~600 bytes of shared memory
123 | # per transaction slot, plus lock space (see max_locks_per_transaction).
124 | # It is not advisable to set max_prepared_transactions nonzero unless you
125 | # actively intend to use prepared transactions.
126 | #work_mem = 4MB				# min 64kB
127 | #maintenance_work_mem = 64MB		# min 1MB
128 | #autovacuum_work_mem = -1		# min 1MB, or -1 to use maintenance_work_mem
129 | #max_stack_depth = 2MB			# min 100kB
130 | dynamic_shared_memory_type = posix	# the default is the first option
131 | 					# supported by the operating system:
132 | 					#   posix
133 | 					#   sysv
134 | 					#   windows
135 | 					#   mmap
136 | 					# use none to disable dynamic shared memory
137 | 
138 | # - Disk -
139 | 
140 | #temp_file_limit = -1			# limits per-session temp file space
141 | 					# in kB, or -1 for no limit
142 | 
143 | # - Kernel Resource Usage -
144 | 
145 | #max_files_per_process = 1000		# min 25
146 | 					# (change requires restart)
147 | #shared_preload_libraries = ''		# (change requires restart)
148 | 
149 | # - Cost-Based Vacuum Delay -
150 | 
151 | #vacuum_cost_delay = 0			# 0-100 milliseconds
152 | #vacuum_cost_page_hit = 1		# 0-10000 credits
153 | #vacuum_cost_page_miss = 10		# 0-10000 credits
154 | #vacuum_cost_page_dirty = 20		# 0-10000 credits
155 | #vacuum_cost_limit = 200		# 1-10000 credits
156 | 
157 | # - Background Writer -
158 | 
159 | #bgwriter_delay = 200ms			# 10-10000ms between rounds
160 | #bgwriter_lru_maxpages = 100		# 0-1000 max buffers written/round
161 | #bgwriter_lru_multiplier = 2.0		# 0-10.0 multipler on buffers scanned/round
162 | 
163 | # - Asynchronous Behavior -
164 | 
165 | #effective_io_concurrency = 1		# 1-1000; 0 disables prefetching
166 | #max_worker_processes = 8
167 | 
168 | 
169 | #------------------------------------------------------------------------------
170 | # WRITE AHEAD LOG
171 | #------------------------------------------------------------------------------
172 | 
173 | # - Settings -
174 | 
175 | #wal_level = minimal			# minimal, archive, hot_standby, or logical
176 | 					# (change requires restart)
177 | #fsync = on				# turns forced synchronization on or off
178 | #synchronous_commit = on		# synchronization level;
179 | 					# off, local, remote_write, or on
180 | #wal_sync_method = fsync		# the default is the first option
181 | 					# supported by the operating system:
182 | 					#   open_datasync
183 | 					#   fdatasync (default on Linux)
184 | 					#   fsync
185 | 					#   fsync_writethrough
186 | 					#   open_sync
187 | #full_page_writes = on			# recover from partial page writes
188 | #wal_log_hints = off			# also do full page writes of non-critical updates
189 | 					# (change requires restart)
190 | #wal_buffers = -1			# min 32kB, -1 sets based on shared_buffers
191 | 					# (change requires restart)
192 | #wal_writer_delay = 200ms		# 1-10000 milliseconds
193 | 
194 | #commit_delay = 0			# range 0-100000, in microseconds
195 | #commit_siblings = 5			# range 1-1000
196 | 
197 | # - Checkpoints -
198 | 
199 | #checkpoint_segments = 3		# in logfile segments, min 1, 16MB each
200 | #checkpoint_timeout = 5min		# range 30s-1h
201 | #checkpoint_completion_target = 0.5	# checkpoint target duration, 0.0 - 1.0
202 | #checkpoint_warning = 30s		# 0 disables
203 | 
204 | # - Archiving -
205 | 
206 | #archive_mode = off		# allows archiving to be done
207 | 				# (change requires restart)
208 | #archive_command = ''		# command to use to archive a logfile segment
209 | 				# placeholders: %p = path of file to archive
210 | 				#               %f = file name only
211 | 				# e.g. 'test ! -f /mnt/server/archivedir/%f && cp %p /mnt/server/archivedir/%f'
212 | #archive_timeout = 0		# force a logfile segment switch after this
213 | 				# number of seconds; 0 disables
214 | 
215 | 
216 | #------------------------------------------------------------------------------
217 | # REPLICATION
218 | #------------------------------------------------------------------------------
219 | 
220 | # - Sending Server(s) -
221 | 
222 | # Set these on the master and on any standby that will send replication data.
223 | 
224 | #max_wal_senders = 0		# max number of walsender processes
225 | 				# (change requires restart)
226 | #wal_keep_segments = 0		# in logfile segments, 16MB each; 0 disables
227 | #wal_sender_timeout = 60s	# in milliseconds; 0 disables
228 | 
229 | #max_replication_slots = 0	# max number of replication slots
230 | 				# (change requires restart)
231 | 
232 | # - Master Server -
233 | 
234 | # These settings are ignored on a standby server.
235 | 
236 | #synchronous_standby_names = ''	# standby servers that provide sync rep
237 | 				# comma-separated list of application_name
238 | 				# from standby(s); '*' = all
239 | #vacuum_defer_cleanup_age = 0	# number of xacts by which cleanup is delayed
240 | 
241 | # - Standby Servers -
242 | 
243 | # These settings are ignored on a master server.
244 | 
245 | #hot_standby = off			# "on" allows queries during recovery
246 | 					# (change requires restart)
247 | #max_standby_archive_delay = 30s	# max delay before canceling queries
248 | 					# when reading WAL from archive;
249 | 					# -1 allows indefinite delay
250 | #max_standby_streaming_delay = 30s	# max delay before canceling queries
251 | 					# when reading streaming WAL;
252 | 					# -1 allows indefinite delay
253 | #wal_receiver_status_interval = 10s	# send replies at least this often
254 | 					# 0 disables
255 | #hot_standby_feedback = off		# send info from standby to prevent
256 | 					# query conflicts
257 | #wal_receiver_timeout = 60s		# time that receiver waits for
258 | 					# communication from master
259 | 					# in milliseconds; 0 disables
260 | 
261 | 
262 | #------------------------------------------------------------------------------
263 | # QUERY TUNING
264 | #------------------------------------------------------------------------------
265 | 
266 | # - Planner Method Configuration -
267 | 
268 | #enable_bitmapscan = on
269 | #enable_hashagg = on
270 | #enable_hashjoin = on
271 | #enable_indexscan = on
272 | #enable_indexonlyscan = on
273 | #enable_material = on
274 | #enable_mergejoin = on
275 | #enable_nestloop = on
276 | #enable_seqscan = on
277 | #enable_sort = on
278 | #enable_tidscan = on
279 | 
280 | # - Planner Cost Constants -
281 | 
282 | #seq_page_cost = 1.0			# measured on an arbitrary scale
283 | #random_page_cost = 4.0			# same scale as above
284 | #cpu_tuple_cost = 0.01			# same scale as above
285 | #cpu_index_tuple_cost = 0.005		# same scale as above
286 | #cpu_operator_cost = 0.0025		# same scale as above
287 | #effective_cache_size = 4GB
288 | 
289 | # - Genetic Query Optimizer -
290 | 
291 | #geqo = on
292 | #geqo_threshold = 12
293 | #geqo_effort = 5			# range 1-10
294 | #geqo_pool_size = 0			# selects default based on effort
295 | #geqo_generations = 0			# selects default based on effort
296 | #geqo_selection_bias = 2.0		# range 1.5-2.0
297 | #geqo_seed = 0.0			# range 0.0-1.0
298 | 
299 | # - Other Planner Options -
300 | 
301 | #default_statistics_target = 100	# range 1-10000
302 | #constraint_exclusion = partition	# on, off, or partition
303 | #cursor_tuple_fraction = 0.1		# range 0.0-1.0
304 | #from_collapse_limit = 8
305 | #join_collapse_limit = 8		# 1 disables collapsing of explicit
306 | 					# JOIN clauses
307 | 
308 | 
309 | #------------------------------------------------------------------------------
310 | # ERROR REPORTING AND LOGGING
311 | #------------------------------------------------------------------------------
312 | 
313 | # - Where to Log -
314 | 
315 | #log_destination = 'stderr'		# Valid values are combinations of
316 | 					# stderr, csvlog, syslog, and eventlog,
317 | 					# depending on platform.  csvlog
318 | 					# requires logging_collector to be on.
319 | 
320 | # This is used when logging to stderr:
321 | #logging_collector = off		# Enable capturing of stderr and csvlog
322 | 					# into log files. Required to be on for
323 | 					# csvlogs.
324 | 					# (change requires restart)
325 | 
326 | # These are only used if logging_collector is on:
327 | #log_directory = 'pg_log'		# directory where log files are written,
328 | 					# can be absolute or relative to PGDATA
329 | #log_filename = 'postgresql-%Y-%m-%d_%H%M%S.log'	# log file name pattern,
330 | 					# can include strftime() escapes
331 | #log_file_mode = 0600			# creation mode for log files,
332 | 					# begin with 0 to use octal notation
333 | #log_truncate_on_rotation = off		# If on, an existing log file with the
334 | 					# same name as the new log file will be
335 | 					# truncated rather than appended to.
336 | 					# But such truncation only occurs on
337 | 					# time-driven rotation, not on restarts
338 | 					# or size-driven rotation.  Default is
339 | 					# off, meaning append to existing files
340 | 					# in all cases.
341 | #log_rotation_age = 1d			# Automatic rotation of logfiles will
342 | 					# happen after that time.  0 disables.
343 | #log_rotation_size = 10MB		# Automatic rotation of logfiles will
344 | 					# happen after that much log output.
345 | 					# 0 disables.
346 | 
347 | # These are relevant when logging to syslog:
348 | #syslog_facility = 'LOCAL0'
349 | #syslog_ident = 'postgres'
350 | 
351 | # This is only relevant when logging to eventlog (win32):
352 | #event_source = 'PostgreSQL'
353 | 
354 | # - When to Log -
355 | 
356 | #client_min_messages = notice		# values in order of decreasing detail:
357 | 					#   debug5
358 | 					#   debug4
359 | 					#   debug3
360 | 					#   debug2
361 | 					#   debug1
362 | 					#   log
363 | 					#   notice
364 | 					#   warning
365 | 					#   error
366 | 
367 | #log_min_messages = warning		# values in order of decreasing detail:
368 | 					#   debug5
369 | 					#   debug4
370 | 					#   debug3
371 | 					#   debug2
372 | 					#   debug1
373 | 					#   info
374 | 					#   notice
375 | 					#   warning
376 | 					#   error
377 | 					#   log
378 | 					#   fatal
379 | 					#   panic
380 | 
381 | #log_min_error_statement = error	# values in order of decreasing detail:
382 | 					#   debug5
383 | 					#   debug4
384 | 					#   debug3
385 | 					#   debug2
386 | 					#   debug1
387 | 					#   info
388 | 					#   notice
389 | 					#   warning
390 | 					#   error
391 | 					#   log
392 | 					#   fatal
393 | 					#   panic (effectively off)
394 | 
395 | #log_min_duration_statement = -1	# -1 is disabled, 0 logs all statements
396 | 					# and their durations, > 0 logs only
397 | 					# statements running at least this number
398 | 					# of milliseconds
399 | 
400 | 
401 | # - What to Log -
402 | 
403 | #debug_print_parse = off
404 | #debug_print_rewritten = off
405 | #debug_print_plan = off
406 | #debug_pretty_print = on
407 | #log_checkpoints = off
408 | #log_connections = off
409 | #log_disconnections = off
410 | #log_duration = off
411 | #log_error_verbosity = default		# terse, default, or verbose messages
412 | #log_hostname = off
413 | log_line_prefix = '%t [%p-%l] %q%u@%d '			# special values:
414 | 					#   %a = application name
415 | 					#   %u = user name
416 | 					#   %d = database name
417 | 					#   %r = remote host and port
418 | 					#   %h = remote host
419 | 					#   %p = process ID
420 | 					#   %t = timestamp without milliseconds
421 | 					#   %m = timestamp with milliseconds
422 | 					#   %i = command tag
423 | 					#   %e = SQL state
424 | 					#   %c = session ID
425 | 					#   %l = session line number
426 | 					#   %s = session start timestamp
427 | 					#   %v = virtual transaction ID
428 | 					#   %x = transaction ID (0 if none)
429 | 					#   %q = stop here in non-session
430 | 					#        processes
431 | 					#   %% = '%'
432 | 					# e.g. '<%u%%%d> '
433 | #log_lock_waits = off			# log lock waits >= deadlock_timeout
434 | #log_statement = 'none'			# none, ddl, mod, all
435 | #log_temp_files = -1			# log temporary files equal or larger
436 | 					# than the specified size in kilobytes;
437 | 					# -1 disables, 0 logs all temp files
438 | log_timezone = 'UTC'
439 | 
440 | 
441 | #------------------------------------------------------------------------------
442 | # RUNTIME STATISTICS
443 | #------------------------------------------------------------------------------
444 | 
445 | # - Query/Index Statistics Collector -
446 | 
447 | #track_activities = on
448 | #track_counts = on
449 | #track_io_timing = off
450 | #track_functions = none			# none, pl, all
451 | #track_activity_query_size = 1024	# (change requires restart)
452 | #update_process_title = on
453 | stats_temp_directory = '/var/run/postgresql/9.4-main.pg_stat_tmp'
454 | 
455 | 
456 | # - Statistics Monitoring -
457 | 
458 | #log_parser_stats = off
459 | #log_planner_stats = off
460 | #log_executor_stats = off
461 | #log_statement_stats = off
462 | 
463 | 
464 | #------------------------------------------------------------------------------
465 | # AUTOVACUUM PARAMETERS
466 | #------------------------------------------------------------------------------
467 | 
468 | #autovacuum = on			# Enable autovacuum subprocess?  'on'
469 | 					# requires track_counts to also be on.
470 | #log_autovacuum_min_duration = -1	# -1 disables, 0 logs all actions and
471 | 					# their durations, > 0 logs only
472 | 					# actions running at least this number
473 | 					# of milliseconds.
474 | #autovacuum_max_workers = 3		# max number of autovacuum subprocesses
475 | 					# (change requires restart)
476 | #autovacuum_naptime = 1min		# time between autovacuum runs
477 | #autovacuum_vacuum_threshold = 50	# min number of row updates before
478 | 					# vacuum
479 | #autovacuum_analyze_threshold = 50	# min number of row updates before
480 | 					# analyze
481 | #autovacuum_vacuum_scale_factor = 0.2	# fraction of table size before vacuum
482 | #autovacuum_analyze_scale_factor = 0.1	# fraction of table size before analyze
483 | #autovacuum_freeze_max_age = 200000000	# maximum XID age before forced vacuum
484 | 					# (change requires restart)
485 | #autovacuum_multixact_freeze_max_age = 400000000	# maximum multixact age
486 | 					# before forced vacuum
487 | 					# (change requires restart)
488 | #autovacuum_vacuum_cost_delay = 20ms	# default vacuum cost delay for
489 | 					# autovacuum, in milliseconds;
490 | 					# -1 means use vacuum_cost_delay
491 | #autovacuum_vacuum_cost_limit = -1	# default vacuum cost limit for
492 | 					# autovacuum, -1 means use
493 | 					# vacuum_cost_limit
494 | 
495 | 
496 | #------------------------------------------------------------------------------
497 | # CLIENT CONNECTION DEFAULTS
498 | #------------------------------------------------------------------------------
499 | 
500 | # - Statement Behavior -
501 | 
502 | #search_path = '"$user",public'		# schema names
503 | #default_tablespace = ''		# a tablespace name, '' uses the default
504 | #temp_tablespaces = ''			# a list of tablespace names, '' uses
505 | 					# only default tablespace
506 | #check_function_bodies = on
507 | #default_transaction_isolation = 'read committed'
508 | #default_transaction_read_only = off
509 | #default_transaction_deferrable = off
510 | #session_replication_role = 'origin'
511 | #statement_timeout = 0			# in milliseconds, 0 is disabled
512 | #lock_timeout = 0			# in milliseconds, 0 is disabled
513 | #vacuum_freeze_min_age = 50000000
514 | #vacuum_freeze_table_age = 150000000
515 | #vacuum_multixact_freeze_min_age = 5000000
516 | #vacuum_multixact_freeze_table_age = 150000000
517 | #bytea_output = 'hex'			# hex, escape
518 | #xmlbinary = 'base64'
519 | #xmloption = 'content'
520 | 
521 | # - Locale and Formatting -
522 | 
523 | datestyle = 'iso, mdy'
524 | #intervalstyle = 'postgres'
525 | timezone = 'UTC'
526 | #timezone_abbreviations = 'Default'     # Select the set of available time zone
527 | 					# abbreviations.  Currently, there are
528 | 					#   Default
529 | 					#   Australia (historical usage)
530 | 					#   India
531 | 					# You can create your own file in
532 | 					# share/timezonesets/.
533 | #extra_float_digits = 0			# min -15, max 3
534 | #client_encoding = sql_ascii		# actually, defaults to database
535 | 					# encoding
536 | 
537 | # These settings are initialized by initdb, but they can be changed.
538 | lc_messages = 'en_US.UTF-8'			# locale for system error message
539 | 					# strings
540 | lc_monetary = 'en_US.UTF-8'			# locale for monetary formatting
541 | lc_numeric = 'en_US.UTF-8'			# locale for number formatting
542 | lc_time = 'en_US.UTF-8'				# locale for time formatting
543 | 
544 | # default configuration for text search
545 | default_text_search_config = 'pg_catalog.english'
546 | 
547 | # - Other Defaults -
548 | 
549 | #dynamic_library_path = '$libdir'
550 | #local_preload_libraries = ''
551 | #session_preload_libraries = ''
552 | 
553 | 
554 | #------------------------------------------------------------------------------
555 | # LOCK MANAGEMENT
556 | #------------------------------------------------------------------------------
557 | 
558 | #deadlock_timeout = 1s
559 | #max_locks_per_transaction = 64		# min 10
560 | 					# (change requires restart)
561 | # Note:  Each lock table slot uses ~270 bytes of shared memory, and there are
562 | # max_locks_per_transaction * (max_connections + max_prepared_transactions)
563 | # lock table slots.
564 | #max_pred_locks_per_transaction = 64	# min 10
565 | 					# (change requires restart)
566 | 
567 | 
568 | #------------------------------------------------------------------------------
569 | # VERSION/PLATFORM COMPATIBILITY
570 | #------------------------------------------------------------------------------
571 | 
572 | # - Previous PostgreSQL Versions -
573 | 
574 | #array_nulls = on
575 | #backslash_quote = safe_encoding	# on, off, or safe_encoding
576 | #default_with_oids = off
577 | #escape_string_warning = on
578 | #lo_compat_privileges = off
579 | #quote_all_identifiers = off
580 | #sql_inheritance = on
581 | #standard_conforming_strings = on
582 | #synchronize_seqscans = on
583 | 
584 | # - Other Platforms and Clients -
585 | 
586 | #transform_null_equals = off
587 | 
588 | 
589 | #------------------------------------------------------------------------------
590 | # ERROR HANDLING
591 | #------------------------------------------------------------------------------
592 | 
593 | #exit_on_error = off			# terminate session on any error?
594 | #restart_after_crash = on		# reinitialize after backend crash?
595 | 
596 | 
597 | #------------------------------------------------------------------------------
598 | # CONFIG FILE INCLUDES
599 | #------------------------------------------------------------------------------
600 | 
601 | # These options allow settings to be loaded from files other than the
602 | # default postgresql.conf.
603 | 
604 | #include_dir = 'conf.d'			# include files ending in '.conf' from
605 | 					# directory 'conf.d'
606 | #include_if_exists = 'exists.conf'	# include file only if it exists
607 | #include = 'special.conf'		# include file
608 | 
609 | 
610 | #------------------------------------------------------------------------------
611 | # CUSTOMIZED OPTIONS
612 | #------------------------------------------------------------------------------
613 | 
614 | # Add settings for extensions here
615 | 


--------------------------------------------------------------------------------
/ansible/roles/postgresql/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Start PostgreSQL
3 |   service: name=postgresql state=started
4 | 
5 | - name: Restart PostgreSQL
6 |   service: name=postgresql state=restarted


--------------------------------------------------------------------------------
/ansible/roles/postgresql/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependencies: []


--------------------------------------------------------------------------------
/ansible/roles/postgresql/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: Add PostgreSQL Key
 3 |   apt_key: url='https://www.postgresql.org/media/keys/ACCC4CF8.asc' state=present
 4 | 
 5 | - name: Add PostgreSQL Repository
 6 |   apt_repository: repo='deb http://apt.postgresql.org/pub/repos/apt/ trusty-pgdg main' state=present
 7 | 
 8 | - name: Install PostgreSQL
 9 |   apt: pkg={{ item }} state=installed update_cache=yes
10 |   with_items:
11 |    - postgresql-9.4
12 |    - postgresql-contrib-9.4
13 |    - python-psycopg2
14 |   notify:
15 |     - Start PostgreSQL
16 | 
17 | - name: Configure PostgreSQL
18 |   copy: src=postgresql.conf dest=/etc/postgresql/9.4/main/postgresql.conf owner=postgres group=postgres
19 |   notify:
20 |     - Restart PostgreSQL
21 | 
22 | - name: Configure Access
23 |   copy: src=pg_hba.conf dest=/etc/postgresql/9.4/main/pg_hba.conf owner=postgres group=postgres
24 |   notify:
25 |     - Restart PostgreSQL
26 | 
27 | - name: Create User
28 |   postgresql_user: name=root password={{ db_root_pass }} role_attr_flags=SUPERUSER encrypted=no
29 |   sudo_user: postgres
30 | 
31 | - name: Create Databases
32 |   postgresql_db: name={{ item }}
33 |                  encoding='UTF-8'
34 |                  lc_collate='en_US.UTF-8'
35 |                  lc_ctype='en_US.UTF-8'
36 |                  template='template0'
37 |                  owner=root
38 |   with_items: databases
39 |   when: databases|lower() != 'none'
40 |   sudo_user: postgres


--------------------------------------------------------------------------------
/ansible/roles/redis/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Start Redis
3 |   service: name=redis-server  state=started
4 | 
5 | - name: Restart Redis
6 |   service: name=redis-server  state=restarted


--------------------------------------------------------------------------------
/ansible/roles/redis/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependencies: []


--------------------------------------------------------------------------------
/ansible/roles/redis/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: Add Redis Repository
 3 |   apt_repository: repo='ppa:rwky/redis' state=present
 4 | 
 5 | - name: Install Redis
 6 |   apt: pkg={{ item }} state=installed update_cache=true
 7 |   with_items:
 8 |    - redis-server
 9 |   notify:
10 |    - Start Redis


--------------------------------------------------------------------------------
/ansible/roles/server/handlers/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Start NTP
3 |   service: name=ntp state=started enabled=yes


--------------------------------------------------------------------------------
/ansible/roles/server/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependencies: []


--------------------------------------------------------------------------------
/ansible/roles/server/tasks/main.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - name: Perform Safe Upgrade
 3 |   apt: upgrade=safe update_cache=yes
 4 | 
 5 | - name: Install Server Basics
 6 |   apt: pkg={{ item }} state=installed update_cache=true
 7 |   with_items:
 8 |     - acl
 9 |     - ack-grep
10 |     - build-essential
11 |     - curl
12 |     - git
13 |     - htop
14 |     - ntp
15 |     - python-pip
16 |     - silversearcher-ag
17 |     - tmux
18 |     - unzip
19 |     - vim
20 |     - wget
21 |   notify:
22 |     - Start NTP


--------------------------------------------------------------------------------
/ansible/roles/ssl/meta/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | dependencies: []


--------------------------------------------------------------------------------
/ansible/roles/ssl/tasks/main.yml:
--------------------------------------------------------------------------------
1 | ---
2 | - name: Create SSL Directry
3 |   file: dest=/etc/ssl/vagrantops mode=0700 state=directory owner=root group=root
4 | 
5 | - name: Create Self-Signed Certificate
6 |   command: openssl req -new -nodes -x509 -subj "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ dev_domain }}" -days 3650 -keyout /etc/ssl/vagrantops/{{ dev_domain }}.key -out /etc/ssl/vagrantops/{{ dev_domain }}.crt


--------------------------------------------------------------------------------
/config.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | - hosts: all
 3 |   user: vagrant
 4 |   sudo: yes
 5 |   roles:
 6 |     - server
 7 |     - ssl
 8 |     - redis
 9 |     - memcached
10 |     - mysql
11 |     - postgresql
12 |     - php
13 |     - nginx


--------------------------------------------------------------------------------
/docs/development.md:
--------------------------------------------------------------------------------
 1 | # Development
 2 | 
 3 | Pull Requests are welcome! *Very* welcome.
 4 | 
 5 | * Please test your changes. I know re-building VM's sucks, but hopefully this is made easier as, in theory, you can "just re-run Ansible" after making changes.
 6 | * Please ensure you have not committed changes specific to your use case, such as a hostname, network name, or variables specific to you and your projects.
 7 | 
 8 | ## Git Conventions
 9 | 
10 | The `master` branch is stable and will be in sync with the latest `tag`.
11 | 
12 | The `develop` branch is where development happens. When it's ready for release, changes on `develop` are merged to `master` and a new `tag` is created.
13 | 
14 | > **All Pull Requests** must go to the `develop` branch.
15 | 
16 | ## VagrantOps Specifics
17 | 
18 | If you want to run ansible manually while developing it, you can start up the server and ssh into it. Head to `/home/vagrant/ops/ansible` and begin editing those files.
19 | 
20 | ### Boot Process
21 | 
22 | When you start VagrantOps, the following happens:
23 | 
24 | This will download the [`vagrantops/ubuntu`](https://github.com/vagrant-ops/image-ubuntu) box (if using it for the first time), start up the server, copy the Ansible files to the server's `/home/vagrant/ops/ansible` directory and run the Ansible roles from there.
25 | 
26 | Note that this means any changes you make to the Ansible files *after* starting the server **will not** take affect unless you copy those changes to the files copied to `/home/vagrant/ops/ansible`.
27 | 
28 | Additionally, running `vagrant reload --provision` also **will not** re-copy your changes to the files at `/home/vagrant/ops/ansible`.
29 | 
30 | ### Running Ansible
31 | 
32 | After booting the server, log into your Vagrant server over ssh and run:
33 | 
34 | ```bash
35 | cd ~/ops/ansible
36 | ansible-playbook config.yml
37 | ```
38 | 
39 | As mentioned, editing the files at `/home/vagrant/ops/ansible` is the best way to hack on VagrantOps. Then you can copy those file changes to the repository Ansible files (likely found in the file share at the server's `/vagrant/ansible` location).


--------------------------------------------------------------------------------
/docs/index.md:
--------------------------------------------------------------------------------
 1 | # VagrantOps
 2 | 
 3 | Ansible-powered vagrant provisioning.
 4 | 
 5 | This project provides the ability to provision your Vagrant virtual machines with Ansible. It offers Ansible roles for common development use cases.
 6 | 
 7 | ## Benefits
 8 | 
 9 | * Provision Vagrant servers using Vagrant without installing Ansible on your host computer
10 | * Re-provision your Vagrant server without re-building the virtual machine
11 | * Host one or multiple projects on each Vagrant virtual machine
12 | * Learn some Ansible (if you want)
13 | 
14 | ## Quickstart
15 | 
16 | A [slightly more extended quickstart](/quickstart/) is found here.
17 | 
18 | **One:** Clone the Repository:
19 | 
20 | ```bash
21 | git clone git@github.com:vagrant-ops/vagrantops.git
22 | ```
23 | 
24 | **Two:** Set any variables in `ansible/group_vars/all`:
25 | 
26 | ```yaml
27 | ---
28 | # General
29 | dev_domain: nonsense.dev
30 | 
31 | # Database
32 | db_root_pass: root_user_password
33 | databases:
34 |   - my_app_db_1
35 |   - my_app_db_2
36 | ```
37 | 
38 | **Three:** Start the server:
39 | 
40 | ```bash
41 | vagrant up
42 | ```
43 | 
44 | <!--
45 | 
46 | ## Commands
47 | 
48 | * `mkdocs new [dir-name]` - Create a new project.
49 | * `mkdocs serve` - Start the live-reloading docs server.
50 | * `mkdocs build` - Build the documentation site.
51 | * `mkdocs help` - Print this help message.
52 | 
53 | ## Project layout
54 | 
55 |     mkdocs.yml    # The configuration file.
56 |     docs/
57 |         index.md  # The documentation homepage.
58 |         ...       # Other markdown pages, images and other files.
59 | -->


--------------------------------------------------------------------------------
/docs/quickstart.md:
--------------------------------------------------------------------------------
 1 | # Quickstart
 2 | 
 3 | In lieu of a nice command to run to start a new VagrantOps project (coming soon!), you'll need to clone the repository to get it. The steps are:
 4 | 
 5 | 1. Clone the repository
 6 | 2. Set any variables
 7 | 3. Start the server
 8 | 
 9 | **One:** Clone the Repository:
10 | 
11 | ```bash
12 | git clone git@github.com:vagrant-ops/vagrantops.git
13 | ```
14 | 
15 | **Two:** Set any variables in `ansible/group_vars/all`:
16 | 
17 | ```yaml
18 | ---
19 | # General
20 | dev_domain: nonsense.dev
21 | 
22 | # Database
23 | db_root_pass: root_user_password
24 | databases:
25 |   - my_app_db_1
26 |   - my_app_db_2
27 | ```
28 | 
29 | **Three:** Start the server:
30 | 
31 | ```bash
32 | vagrant up
33 | ```
34 | 
35 | ## Explanation
36 | 
37 | This will download the `vagrantops/ubuntu` box (if using it for the first time), start up the server, copy the Ansible files to the server's `/home/vagrant/ops/ansible` directory and run the ansible roles from there.
38 | 
39 | Note that this means any changes you make to the ansible files after starting the server **will not** take affect unless you copy those changes to the files copied to `/home/vagrant/ops/ansible`.
40 | 
41 | Additionally, running `vagrant reload --provision` also **will not** re-copy your changes to the files at `/home/vagrant/ops/ansible`.
42 | 
43 | I'll find a better solution to make that easier, such as file sharing.


--------------------------------------------------------------------------------
/mkdocs.yml:
--------------------------------------------------------------------------------
1 | site_name: VagrantOps
2 | theme: readthedocs


--------------------------------------------------------------------------------
/provision.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | 
3 | # Head to copied Ansible files
4 | cd /home/vagrant/ops/ansible
5 | 
6 | # Provision with Ansible
7 | ansible-playbook -s \
8 |                  -i ./hosts \
9 |                  ./config.yml


--------------------------------------------------------------------------------
/readme.md:
--------------------------------------------------------------------------------
 1 | # VagrantOps
 2 | 
 3 | An Ansible-powered provisioning system for local development.
 4 | 
 5 | ## Ansible Roles to Start With
 6 | 
 7 | * Memcached
 8 | * MySQL
 9 | * Nginx
10 | * PHP (FPM)
11 | * PostgreSQL
12 | * Ruby Dev Tools (Rails? rbenv or "best"?)
13 | * Python Dev Tools (pip, virtualenv)
14 | * Redis
15 | * Server Basics
16 | * SSL
17 | 
18 | ## File-based config
19 | 
20 | We can use a yaml file to let users define roles and variables. This will be the default and "phase 1".


--------------------------------------------------------------------------------