diff --git a/README.md b/README.md
index 3dc598a..d1b80df 100644
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ Ansible playbook for base and initial configuration of the web server hosting my
## Assumptions
Before you can run this, a few things are assumed:
-- You have a clean, minimal Ubuntu 18.04/20.04 or Debian 10/11 host up and running
+- You have a clean, minimal Ubuntu 20.04 or Debian 10/11 host up and running
- Python 3 is installed on the remote server (requirement of Ansible)
- You have a user account with password-less SSH access to the machine
- You have sudo privileges on the remote host
diff --git a/roles/common/files/update-spamhaus-lists.service b/roles/common/files/update-spamhaus-lists.service
deleted file mode 100644
index ca0bf30..0000000
--- a/roles/common/files/update-spamhaus-lists.service
+++ /dev/null
@@ -1,27 +0,0 @@
-[Unit]
-Description=Update Spamhaus lists
-# This service will fail if firewalld is not running so we use Requires to make
-# sure that firewalld is started.
-Requires=firewalld.service
-# Make sure the network is up and firewalld is started
-After=network-online.target firewalld.service
-Wants=network-online.target update-spamhaus-lists.timer
-
-[Service]
-# https://www.ctrl.blog/entry/systemd-service-hardening.html
-# Doesn't need access to /home or /root
-ProtectHome=true
-# Possibly only works on Ubuntu 18.04+
-ProtectKernelTunables=true
-ProtectSystem=full
-# Newer systemd can use ReadWritePaths to list files, but this works everywhere
-ReadWriteDirectories=/etc/firewalld/ipsets
-PrivateTmp=true
-WorkingDirectory=/var/tmp
-
-SyslogIdentifier=update-spamhaus-lists
-ExecStart=/usr/bin/flock -x update-spamhaus-lists.lck \
- /usr/local/bin/update-spamhaus-lists.sh
-
-[Install]
-WantedBy=multi-user.target
diff --git a/roles/common/files/update-spamhaus-lists.sh b/roles/common/files/update-spamhaus-lists.sh
deleted file mode 100755
index a05e679..0000000
--- a/roles/common/files/update-spamhaus-lists.sh
+++ /dev/null
@@ -1,107 +0,0 @@
-#!/usr/bin/env bash
-#
-# update-spamhaus-lists.sh v0.0.5
-#
-# Download Spamhaus DROP lists and load them into firewalld ipsets. Should work
-# with both the iptables and nftables backends.
-#
-# See: https://www.spamhaus.org/drop/
-#
-# Copyright (C) 2021 Alan Orth
-#
-# SPDX-License-Identifier: GPL-3.0-only
-
-# Exit on first error
-set -o errexit
-
-firewalld_ipsets=$(firewall-cmd --get-ipsets)
-xml_temp=$(mktemp)
-spamhaus_ipv4_ipset_path=/etc/firewalld/ipsets/spamhaus-ipv4.xml
-spamhaus_ipv6_ipset_path=/etc/firewalld/ipsets/spamhaus-ipv6.xml
-
-function download() {
- echo "Downloading $1"
- wget -q -O - "https://www.spamhaus.org/drop/$1" > "$1"
-}
-
-download drop.txt
-download edrop.txt
-download dropv6.txt
-
-if [[ -f "drop.txt" && -f "edrop.txt" ]]; then
- echo "Processing IPv4 DROP lists"
-
- # Extract all networks from drop.txt and edrop.txt, skipping blank lines and
- # comments.
- networks=$(cat drop.txt edrop.txt | sed -e '/^$/d' -e '/^;.*/d' -e 's/[[:space:]];[[:space:]].*//')
-
- # If firewalld already has this ipset we should delete it first to emulate
- # `ipset flush` (but I don't want to use that because newer hosts might be
- # using nftables and firewalld will handle that for us).
- if [[ "$firewalld_ipsets" =~ spamhaus-ipv4 ]]; then
- echo "Deleting existing spamhaus-ipv4 ipset"
- # This deletes the firewalld ipset XML file as well as the ipset itself
- firewall-cmd --permanent --delete-ipset=spamhaus-ipv4
- else
- echo "Creating placeholder spamhaus-ipv4 ipset"
- # Create a placeholder ipset so firewalld doesn't complain when we try
- # to reload the ipset later after having added a new XML definition. I
- # don't know why, but depending on the system state there may not be a
- # ipset defined and firewalld errors on INVALID_IPSET.
- firewall-cmd --permanent --new-ipset=spamhaus-ipv4 --type=hash:net --option=family=inet
- fi
-
- # I'm not proud of this, but writing the XML directly is WAY faster than
- # using firewall-cmd to add each entry one by one (and we can't add from
- # a file because many of our hosts are using old firewalld).
- cat << XML_HEAD > "$xml_temp"
-
-
-
- spamhaus-ipv4
- Spamhaus DROP and EDROP lists (IPv4).
-XML_HEAD
-
- for network in $networks; do
- echo " $network" >> "$xml_temp"
- done
-
- echo "" >> "$xml_temp"
-
- install -m 0600 "$xml_temp" "$spamhaus_ipv4_ipset_path"
-fi
-
-if [[ -f "dropv6.txt" ]]; then
- echo "Processing IPv6 DROP list"
-
- networks=$(sed -e '/^$/d' -e '/^;.*/d' -e 's/[[:space:]];[[:space:]].*//' dropv6.txt)
-
- if [[ "$firewalld_ipsets" =~ spamhaus-ipv6 ]]; then
- echo "Deleting existing spamhaus-ipv6 ipset"
- firewall-cmd --permanent --delete-ipset=spamhaus-ipv6
- else
- echo "Creating placeholder spamhaus-ipv6 ipset"
- firewall-cmd --permanent --new-ipset=spamhaus-ipv6 --type=hash:net --option=family=inet6
- fi
-
- cat << XML_HEAD > "$xml_temp"
-
-
-
- spamhaus-ipv6
- Spamhaus DROP lists (IPv6).
-XML_HEAD
-
- for network in $networks; do
- echo " $network" >> "$xml_temp"
- done
-
- echo "" >> "$xml_temp"
-
- install -m 0600 "$xml_temp" "$spamhaus_ipv6_ipset_path"
-fi
-
-echo "Reloading firewalld"
-firewall-cmd --reload
-
-rm -v drop.txt edrop.txt dropv6.txt "$xml_temp"
diff --git a/roles/common/files/update-spamhaus-lists.timer b/roles/common/files/update-spamhaus-lists.timer
deleted file mode 100644
index 626b3ae..0000000
--- a/roles/common/files/update-spamhaus-lists.timer
+++ /dev/null
@@ -1,12 +0,0 @@
-[Unit]
-Description=Update Spamhaus lists
-
-[Timer]
-# Once a day at midnight
-OnCalendar=*-*-* 00:00:00
-# Add a random delay of 0–3600 seconds
-RandomizedDelaySec=3600
-Persistent=true
-
-[Install]
-WantedBy=timers.target
diff --git a/roles/common/tasks/firewall_Ubuntu.yml b/roles/common/tasks/firewall_Ubuntu.yml
index a0f6144..69c9e62 100644
--- a/roles/common/tasks/firewall_Ubuntu.yml
+++ b/roles/common/tasks/firewall_Ubuntu.yml
@@ -1,18 +1,7 @@
---
# Ubuntu 20.04 will use nftables directly, with no firewalld.
-# Ubuntu 18.04 will use firewalld with the nftables backend.
-# Ubuntu 16.04 will use firewalld with the iptables backend.
- block:
- - name: Set Ubuntu firewall packages
- when: ansible_distribution_version is version('20.04', '<')
- ansible.builtin.set_fact:
- ubuntu_firewall_packages:
- - firewalld
- - tidy
- - fail2ban
- - python3-systemd # for fail2ban systemd backend
-
- name: Set Ubuntu firewall packages
when: ansible_distribution_version is version('20.04', '>=')
ansible.builtin.set_fact:
@@ -54,41 +43,6 @@
- restart nftables
- restart fail2ban
- - name: Copy firewalld public zone file
- when: ansible_distribution_version is version('18.04', '<=')
- ansible.builtin.template: src=public.xml.j2 dest=/etc/firewalld/zones/public.xml owner=root mode=0600
-
- - name: Format public.xml firewalld zone file
- when: ansible_distribution_version is version('18.04', '<=')
- command: tidy -xml -iq -m -w 0 /etc/firewalld/zones/public.xml
- notify:
- - restart firewalld
- - restart fail2ban
-
- - name: Copy firewalld ipsets of abusive IPs
- when: ansible_distribution_version is version('18.04', '<=')
- ansible.builtin.copy: src={{ item }} dest=/etc/firewalld/ipsets/{{ item }} owner=root group=root mode=0600
- loop:
- - abusers-ipv4.xml
- - abusers-ipv6.xml
- - spamhaus-ipv4.xml
- - spamhaus-ipv6.xml
- notify:
- - restart firewalld
- - restart fail2ban
-
- - name: Copy Spamhaus firewalld update script
- when: ansible_distribution_version is version('18.04', '<=')
- ansible.builtin.copy: src=update-spamhaus-lists.sh dest=/usr/local/bin/update-spamhaus-lists.sh mode=0755 owner=root group=root
-
- - name: Copy Spamhaus firewalld systemd units
- when: ansible_distribution_version is version('18.04', '<=')
- ansible.builtin.copy: src={{ item }} dest=/etc/systemd/system/{{ item }} mode=0644 owner=root group=root
- loop:
- - update-spamhaus-lists.service
- - update-spamhaus-lists.timer
- register: spamhaus_firewalld_systemd_units
-
- name: Copy nftables update scripts
when: ansible_distribution_version is version('20.04', '>=')
ansible.builtin.copy: src={{ item }} dest=/usr/local/bin/{{ item }} mode=0755 owner=root group=root
@@ -110,15 +64,7 @@
# need to reload to pick up service/timer/environment changes
- name: Reload systemd daemon
ansible.builtin.systemd: daemon_reload=true
- when: spamhaus_firewalld_systemd_units is changed or
- nftables_systemd_units is changed
-
- - name: Start and enable Spamhaus firewalld update timer
- when: ansible_distribution_version is version('18.04', '<=')
- ansible.builtin.systemd: name=update-spamhaus-lists.timer state=started enabled=true
- notify:
- - restart firewalld
- - restart fail2ban
+ when: nftables_systemd_units is changed
- name: Start and enable nftables update timers
when: ansible_distribution_version is version('20.04', '>=')
diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml
index b85f7c0..bfb9398 100644
--- a/roles/common/tasks/main.yml
+++ b/roles/common/tasks/main.yml
@@ -39,12 +39,6 @@
- reload sysctl
tags: sysctl
-- name: Reconfigure /etc/rc.local
- when:
- - ansible_distribution == 'Ubuntu'
- - ansible_distribution_version is version('19.04', '<=')
- ansible.builtin.template: src=rc.local_Ubuntu.j2 dest=/etc/rc.local owner=root group=root mode=0755
-
- name: Set I/O scheduler
ansible.builtin.template: src=etc/udev/rules.d/60-scheduler.rules.j2 dest=/etc/udev/rules.d/60-scheduler.rules owner=root group=root mode=0644
tags: udev
diff --git a/roles/common/tasks/packages_Ubuntu.yml b/roles/common/tasks/packages_Ubuntu.yml
index 94fb69a..b397516 100644
--- a/roles/common/tasks/packages_Ubuntu.yml
+++ b/roles/common/tasks/packages_Ubuntu.yml
@@ -50,22 +50,6 @@
when: ansible_distribution_version is version('20.04', '==')
ignore_errors: true
- - name: Set fact for packages to remove (Ubuntu <= 18.04)
- ansible.builtin.set_fact:
- ubuntu_annoying_packages:
- - whoopsie # security (CIS 4.1)
- - apport # security (CIS 4.1)
- - command-not-found # annoying
- - command-not-found-data # annoying
- - python3-commandnotfound # annoying
- - snapd # annoying (Ubuntu >= 16.04)
- - lxd # annoying (Ubuntu >= 16.04)
- - lxd-client # annoying (Ubuntu >= 16.04)
- - liblxc1 # annoying (Ubuntu >= 16.04)
- - lxc-common # annoying (Ubuntu >= 16.04)
- - lxcfs #annoying (Ubuntu >= 16.04)
- when: ansible_distribution_version is version('18.04', '<=')
-
- name: Set fact for packages to remove (Ubuntu 20.04)
ansible.builtin.set_fact:
ubuntu_annoying_packages:
diff --git a/roles/common/templates/rc.local_Ubuntu.j2 b/roles/common/templates/rc.local_Ubuntu.j2
deleted file mode 100644
index 65634df..0000000
--- a/roles/common/templates/rc.local_Ubuntu.j2
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/sh -e
-#
-# rc.local
-#
-# This script is executed at the end of each multiuser runlevel.
-# Make sure that the script will "exit 0" on success or any other
-# value on error.
-#
-# In order to enable or disable this script just change the execution
-# bits.
-#
-# By default this script does nothing.
-
-exit 0
diff --git a/roles/common/templates/sshd_config_Ubuntu-18.04.j2 b/roles/common/templates/sshd_config_Ubuntu-18.04.j2
deleted file mode 100644
index 08dc8c4..0000000
--- a/roles/common/templates/sshd_config_Ubuntu-18.04.j2
+++ /dev/null
@@ -1,133 +0,0 @@
-# $OpenBSD: sshd_config,v 1.101 2017/03/14 07:19:07 djm Exp $
-
-# This is the sshd server system-wide configuration file. See
-# sshd_config(5) for more information.
-
-# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
-
-# The strategy used for options in the default sshd_config shipped with
-# OpenSSH is to specify options with their default value where
-# possible, but leave them commented. Uncommented options override the
-# default value.
-
-#Port 22
-#AddressFamily any
-#ListenAddress 0.0.0.0
-#ListenAddress ::
-
-#HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_ed25519_key
-
-# Ciphers and keying
-#RekeyLimit default none
-
-# Logging
-#SyslogFacility AUTH
-# LogLevel VERBOSE logs user's key fingerprint on login. Needed to have a clear audit track of which key was using to log in.
-LogLevel VERBOSE
-
-# Authentication:
-
-#LoginGraceTime 2m
-PermitRootLogin prohibit-password
-#StrictModes yes
-MaxAuthTries 4
-#MaxSessions 10
-
-#PubkeyAuthentication yes
-
-# The default is to check both .ssh/authorized_keys and .ssh/authorized_keys2
-# but this is overridden so installations will only check .ssh/authorized_keys
-AuthorizedKeysFile .ssh/authorized_keys
-
-#AuthorizedPrincipalsFile none
-
-#AuthorizedKeysCommand none
-#AuthorizedKeysCommandUser nobody
-
-# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#HostbasedAuthentication no
-# Change to yes if you don't trust ~/.ssh/known_hosts for
-# HostbasedAuthentication
-#IgnoreUserKnownHosts no
-# Don't read the user's ~/.rhosts and ~/.shosts files
-#IgnoreRhosts yes
-
-# To disable tunneled clear text passwords, change to no here!
-#PasswordAuthentication yes
-#PermitEmptyPasswords no
-
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-ChallengeResponseAuthentication no
-
-# Kerberos options
-#KerberosAuthentication no
-#KerberosOrLocalPasswd yes
-#KerberosTicketCleanup yes
-#KerberosGetAFSToken no
-
-# GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
-#GSSAPIStrictAcceptorCheck yes
-#GSSAPIKeyExchange no
-
-# Set this to 'yes' to enable PAM authentication, account processing,
-# and session processing. If this is enabled, PAM authentication will
-# be allowed through the ChallengeResponseAuthentication and
-# PasswordAuthentication. Depending on your PAM configuration,
-# PAM authentication via ChallengeResponseAuthentication may bypass
-# the setting of "PermitRootLogin without-password".
-# If you just want the PAM account and session checks to run without
-# PAM authentication, then enable this but set PasswordAuthentication
-# and ChallengeResponseAuthentication to 'no'.
-UsePAM yes
-
-#AllowAgentForwarding yes
-#AllowTcpForwarding yes
-#GatewayPorts no
-X11Forwarding no
-#X11DisplayOffset 10
-#X11UseLocalhost yes
-#PermitTTY yes
-PrintMotd no
-#PrintLastLog yes
-#TCPKeepAlive yes
-#UseLogin no
-#PermitUserEnvironment no
-#Compression delayed
-#ClientAliveInterval 0
-#ClientAliveCountMax 3
-#UseDNS no
-#PidFile /var/run/sshd.pid
-#MaxStartups 10:30:100
-#PermitTunnel no
-#ChrootDirectory none
-#VersionAddendum none
-
-# no default banner path
-#Banner none
-
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-
-# override default of no subsystems
-Subsystem sftp /usr/lib/openssh/sftp-server
-
-# Example of overriding settings on a per-user basis
-#Match User anoncvs
-# X11Forwarding no
-# AllowTcpForwarding no
-# PermitTTY no
-# ForceCommand cvs server
-
-# Originally from: https://stribika.github.io/2015/01/04/secure-secure-shell.html
-# ... but with ciphers and MACs with < 256 bits removed, as NSA's Suite B now
-# does away with these! See: https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
-Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes256-ctr
-MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256
-KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
-
-# only allow shell access by provisioning user
-AllowUsers {{ provisioning_user.name }}
diff --git a/roles/nginx/templates/vhost.conf.j2 b/roles/nginx/templates/vhost.conf.j2
index b391f87..9bd1ae0 100644
--- a/roles/nginx/templates/vhost.conf.j2
+++ b/roles/nginx/templates/vhost.conf.j2
@@ -78,8 +78,6 @@ server {
{# As of Ubuntu 16.04 and Debian 9, the PHP-FPM configs are the same #}
{% if (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('16.04', '==')) or (ansible_distribution == 'Debian' and ansible_distribution_major_version is version('9', '==')) %}
fastcgi_pass unix:/run/php/php7.0-fpm-{{ domain_name }}.sock;
- {% elif ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('18.04', '==') %}
- fastcgi_pass unix:/run/php/php7.2-fpm-{{ domain_name }}.sock;
{% elif ansible_distribution == 'Debian' and ansible_distribution_version is version('10', '==') %}
fastcgi_pass unix:/run/php/php7.3-fpm-{{ domain_name }}.sock;
{% elif (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '==')) or (ansible_distribution == 'Debian' and ansible_distribution_version is version('11', '==')) %}
diff --git a/roles/php-fpm/handlers/main.yml b/roles/php-fpm/handlers/main.yml
index 7b2f7cb..55dcdb2 100644
--- a/roles/php-fpm/handlers/main.yml
+++ b/roles/php-fpm/handlers/main.yml
@@ -1,8 +1,4 @@
---
-# For Ubuntu 18.04
-- name: reload php7.2-fpm
- ansible.builtin.systemd: name=php7.2-fpm state=reloaded
-
# For Debian 10
- name: reload php7.3-fpm
ansible.builtin.systemd: name=php7.3-fpm state=reloaded
diff --git a/roles/php-fpm/tasks/Ubuntu_18.04.yml b/roles/php-fpm/tasks/Ubuntu_18.04.yml
deleted file mode 100644
index 358641a..0000000
--- a/roles/php-fpm/tasks/Ubuntu_18.04.yml
+++ /dev/null
@@ -1,35 +0,0 @@
----
-
-- block:
- - name: Set php-fpm packages
- ansible.builtin.set_fact:
- php_fpm_packages:
- - php-fpm
- # for WordPress
- - php-mysql
- - php-gd
- - php-curl
-
- - name: Install php-fpm and deps
- ansible.builtin.apt: name={{ php_fpm_packages }} state=present update_cache=true
-
- # only copy php-fpm config for vhosts that need WordPress or PHP
- - name: Copy php-fpm pool config
- ansible.builtin.template: src=php7.2-pool.conf.j2 dest=/etc/php/7.2/fpm/pool.d/{{ item.domain_name }}.conf owner=root group=root mode=0644
- loop: "{{ nginx_vhosts }}"
- when: (item.has_wordpress is defined and item.has_wordpress) or (item.needs_php is defined and item.needs_php)
- notify: reload php7.2-fpm
-
- - name: Remove default www pool
- ansible.builtin.file: path=/etc/php/7.2/fpm/pool.d/www.conf state=absent
- notify: reload php7.2-fpm
-
- # re-configure php.ini
- - name: Update php.ini
- ansible.builtin.template: src=php7.2-php.ini.j2 dest=/etc/php/7.2/fpm/php.ini owner=root group=root mode=0644
- notify: reload php7.2-fpm
-
- tags: php-fpm
- when: install_php == true
-
-# vim: set ts=2 sw=2:
diff --git a/roles/php-fpm/tasks/main.yml b/roles/php-fpm/tasks/main.yml
index 953d85b..7134816 100644
--- a/roles/php-fpm/tasks/main.yml
+++ b/roles/php-fpm/tasks/main.yml
@@ -1,5 +1,4 @@
---
-# Ubuntu 18.04 uses php-fpm 7.2
# Debian 10 uses php-fpm 7.3
# Ubuntu 20.04 uses PHP 7.4
# Debian 11 uses PHP 7.4
@@ -27,14 +26,6 @@
install_php: false
when: install_php is not defined
-- name: Configure php-fpm on Ubuntu 18.04
- ansible.builtin.include_tasks: Ubuntu_18.04.yml
- when:
- - ansible_distribution == 'Ubuntu'
- - ansible_distribution_version is version('18.04', '==')
- - install_php == true
- tags: php-fpm
-
- name: Configure php-fpm on Debian 10
ansible.builtin.include_tasks: Debian_10.yml
when:
diff --git a/roles/php-fpm/templates/php7.2-php.ini.j2 b/roles/php-fpm/templates/php7.2-php.ini.j2
deleted file mode 100644
index 9cf4572..0000000
--- a/roles/php-fpm/templates/php7.2-php.ini.j2
+++ /dev/null
@@ -1,1915 +0,0 @@
-[PHP]
-
-;;;;;;;;;;;;;;;;;;;
-; About php.ini ;
-;;;;;;;;;;;;;;;;;;;
-; PHP's initialization file, generally called php.ini, is responsible for
-; configuring many of the aspects of PHP's behavior.
-
-; PHP attempts to find and load this configuration from a number of locations.
-; The following is a summary of its search order:
-; 1. SAPI module specific location.
-; 2. The PHPRC environment variable. (As of PHP 5.2.0)
-; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0)
-; 4. Current working directory (except CLI)
-; 5. The web server's directory (for SAPI modules), or directory of PHP
-; (otherwise in Windows)
-; 6. The directory from the --with-config-file-path compile time option, or the
-; Windows directory (C:\windows or C:\winnt)
-; See the PHP docs for more specific information.
-; http://php.net/configuration.file
-
-; The syntax of the file is extremely simple. Whitespace and lines
-; beginning with a semicolon are silently ignored (as you probably guessed).
-; Section headers (e.g. [Foo]) are also silently ignored, even though
-; they might mean something in the future.
-
-; Directives following the section heading [PATH=/www/mysite] only
-; apply to PHP files in the /www/mysite directory. Directives
-; following the section heading [HOST=www.example.com] only apply to
-; PHP files served from www.example.com. Directives set in these
-; special sections cannot be overridden by user-defined INI files or
-; at runtime. Currently, [PATH=] and [HOST=] sections only work under
-; CGI/FastCGI.
-; http://php.net/ini.sections
-
-; Directives are specified using the following syntax:
-; directive = value
-; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
-; Directives are variables used to configure PHP or PHP extensions.
-; There is no name validation. If PHP can't find an expected
-; directive because it is not set or is mistyped, a default value will be used.
-
-; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
-; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
-; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a
-; previously set variable or directive (e.g. ${foo})
-
-; Expressions in the INI file are limited to bitwise operators and parentheses:
-; | bitwise OR
-; ^ bitwise XOR
-; & bitwise AND
-; ~ bitwise NOT
-; ! boolean NOT
-
-; Boolean flags can be turned on using the values 1, On, True or Yes.
-; They can be turned off using the values 0, Off, False or No.
-
-; An empty string can be denoted by simply not writing anything after the equal
-; sign, or by using the None keyword:
-
-; foo = ; sets foo to an empty string
-; foo = None ; sets foo to an empty string
-; foo = "None" ; sets foo to the string 'None'
-
-; If you use constants in your value, and these constants belong to a
-; dynamically loaded extension (either a PHP extension or a Zend extension),
-; you may only use these constants *after* the line that loads the extension.
-
-;;;;;;;;;;;;;;;;;;;
-; About this file ;
-;;;;;;;;;;;;;;;;;;;
-; PHP comes packaged with two INI files. One that is recommended to be used
-; in production environments and one that is recommended to be used in
-; development environments.
-
-; php.ini-production contains settings which hold security, performance and
-; best practices at its core. But please be aware, these settings may break
-; compatibility with older or less security conscience applications. We
-; recommending using the production ini in production and testing environments.
-
-; php.ini-development is very similar to its production variant, except it is
-; much more verbose when it comes to errors. We recommend using the
-; development version only in development environments, as errors shown to
-; application users can inadvertently leak otherwise secure information.
-
-; This is php.ini-production INI file.
-
-;;;;;;;;;;;;;;;;;;;
-; Quick Reference ;
-;;;;;;;;;;;;;;;;;;;
-; The following are all the settings which are different in either the production
-; or development versions of the INIs with respect to PHP's default behavior.
-; Please see the actual settings later in the document for more details as to why
-; we recommend these changes in PHP's behavior.
-
-; display_errors
-; Default Value: On
-; Development Value: On
-; Production Value: Off
-
-; display_startup_errors
-; Default Value: Off
-; Development Value: On
-; Production Value: Off
-
-; error_reporting
-; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
-; Development Value: E_ALL
-; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
-
-; html_errors
-; Default Value: On
-; Development Value: On
-; Production value: On
-
-; log_errors
-; Default Value: Off
-; Development Value: On
-; Production Value: On
-
-; max_input_time
-; Default Value: -1 (Unlimited)
-; Development Value: 60 (60 seconds)
-; Production Value: 60 (60 seconds)
-
-; output_buffering
-; Default Value: Off
-; Development Value: 4096
-; Production Value: 4096
-
-; register_argc_argv
-; Default Value: On
-; Development Value: Off
-; Production Value: Off
-
-; request_order
-; Default Value: None
-; Development Value: "GP"
-; Production Value: "GP"
-
-; session.gc_divisor
-; Default Value: 100
-; Development Value: 1000
-; Production Value: 1000
-
-; session.sid_bits_per_character
-; Default Value: 4
-; Development Value: 5
-; Production Value: 5
-
-; short_open_tag
-; Default Value: On
-; Development Value: Off
-; Production Value: Off
-
-; track_errors
-; Default Value: Off
-; Development Value: On
-; Production Value: Off
-
-; variables_order
-; Default Value: "EGPCS"
-; Development Value: "GPCS"
-; Production Value: "GPCS"
-
-;;;;;;;;;;;;;;;;;;;;
-; php.ini Options ;
-;;;;;;;;;;;;;;;;;;;;
-; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
-;user_ini.filename = ".user.ini"
-
-; To disable this feature set this option to empty value
-;user_ini.filename =
-
-; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes)
-;user_ini.cache_ttl = 300
-
-;;;;;;;;;;;;;;;;;;;;
-; Language Options ;
-;;;;;;;;;;;;;;;;;;;;
-
-; Enable the PHP scripting language engine under Apache.
-; http://php.net/engine
-engine = On
-
-; This directive determines whether or not PHP will recognize code between
-; tags as PHP source which should be processed as such. It is
-; generally recommended that should be used and that this feature
-; should be disabled, as enabling it may result in issues when generating XML
-; documents, however this remains supported for backward compatibility reasons.
-; Note that this directive does not control the would work.
-; http://php.net/syntax-highlighting
-;highlight.string = #DD0000
-;highlight.comment = #FF9900
-;highlight.keyword = #007700
-;highlight.default = #0000BB
-;highlight.html = #000000
-
-; If enabled, the request will be allowed to complete even if the user aborts
-; the request. Consider enabling it if executing long requests, which may end up
-; being interrupted by the user or a browser timing out. PHP's default behavior
-; is to disable this feature.
-; http://php.net/ignore-user-abort
-;ignore_user_abort = On
-
-; Determines the size of the realpath cache to be used by PHP. This value should
-; be increased on systems where PHP opens many files to reflect the quantity of
-; the file operations performed.
-; http://php.net/realpath-cache-size
-;realpath_cache_size = 4096k
-
-; Duration of time, in seconds for which to cache realpath information for a given
-; file or directory. For systems with rarely changing files, consider increasing this
-; value.
-; http://php.net/realpath-cache-ttl
-;realpath_cache_ttl = 120
-
-; Enables or disables the circular reference collector.
-; http://php.net/zend.enable-gc
-zend.enable_gc = On
-
-; If enabled, scripts may be written in encodings that are incompatible with
-; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such
-; encodings. To use this feature, mbstring extension must be enabled.
-; Default: Off
-;zend.multibyte = Off
-
-; Allows to set the default encoding for the scripts. This value will be used
-; unless "declare(encoding=...)" directive appears at the top of the script.
-; Only affects if zend.multibyte is set.
-; Default: ""
-;zend.script_encoding =
-
-;;;;;;;;;;;;;;;;;
-; Miscellaneous ;
-;;;;;;;;;;;;;;;;;
-
-; Decides whether PHP may expose the fact that it is installed on the server
-; (e.g. by adding its signature to the Web server header). It is no security
-; threat in any way, but it makes it possible to determine whether you use PHP
-; on your server or not.
-; http://php.net/expose-php
-expose_php = Off
-
-;;;;;;;;;;;;;;;;;;;
-; Resource Limits ;
-;;;;;;;;;;;;;;;;;;;
-
-; Maximum execution time of each script, in seconds
-; http://php.net/max-execution-time
-; Note: This directive is hardcoded to 0 for the CLI SAPI
-max_execution_time = 30
-
-; Maximum amount of time each script may spend parsing request data. It's a good
-; idea to limit this time on productions servers in order to eliminate unexpectedly
-; long running scripts.
-; Note: This directive is hardcoded to -1 for the CLI SAPI
-; Default Value: -1 (Unlimited)
-; Development Value: 60 (60 seconds)
-; Production Value: 60 (60 seconds)
-; http://php.net/max-input-time
-max_input_time = 60
-
-; Maximum input variable nesting level
-; http://php.net/max-input-nesting-level
-;max_input_nesting_level = 64
-
-; How many GET/POST/COOKIE input variables may be accepted
-; max_input_vars = 1000
-
-; Maximum amount of memory a script may consume (128MB)
-; http://php.net/memory-limit
-memory_limit = 128M
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-; Error handling and logging ;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-; This directive informs PHP of which errors, warnings and notices you would like
-; it to take action for. The recommended way of setting values for this
-; directive is through the use of the error level constants and bitwise
-; operators. The error level constants are below here for convenience as well as
-; some common settings and their meanings.
-; By default, PHP is set to take action on all errors, notices and warnings EXCEPT
-; those related to E_NOTICE and E_STRICT, which together cover best practices and
-; recommended coding standards in PHP. For performance reasons, this is the
-; recommend error reporting setting. Your production server shouldn't be wasting
-; resources complaining about best practices and coding standards. That's what
-; development servers and development settings are for.
-; Note: The php.ini-development file has this setting as E_ALL. This
-; means it pretty much reports everything which is exactly what you want during
-; development and early testing.
-;
-; Error Level Constants:
-; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0)
-; E_ERROR - fatal run-time errors
-; E_RECOVERABLE_ERROR - almost fatal run-time errors
-; E_WARNING - run-time warnings (non-fatal errors)
-; E_PARSE - compile-time parse errors
-; E_NOTICE - run-time notices (these are warnings which often result
-; from a bug in your code, but it's possible that it was
-; intentional (e.g., using an uninitialized variable and
-; relying on the fact it is automatically initialized to an
-; empty string)
-; E_STRICT - run-time notices, enable to have PHP suggest changes
-; to your code which will ensure the best interoperability
-; and forward compatibility of your code
-; E_CORE_ERROR - fatal errors that occur during PHP's initial startup
-; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's
-; initial startup
-; E_COMPILE_ERROR - fatal compile-time errors
-; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
-; E_USER_ERROR - user-generated error message
-; E_USER_WARNING - user-generated warning message
-; E_USER_NOTICE - user-generated notice message
-; E_DEPRECATED - warn about code that will not work in future versions
-; of PHP
-; E_USER_DEPRECATED - user-generated deprecation warnings
-;
-; Common Values:
-; E_ALL (Show all errors, warnings and notices including coding standards.)
-; E_ALL & ~E_NOTICE (Show all errors, except for notices)
-; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.)
-; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
-; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
-; Development Value: E_ALL
-; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
-; http://php.net/error-reporting
-error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
-
-; This directive controls whether or not and where PHP will output errors,
-; notices and warnings too. Error output is very useful during development, but
-; it could be very dangerous in production environments. Depending on the code
-; which is triggering the error, sensitive information could potentially leak
-; out of your application such as database usernames and passwords or worse.
-; For production environments, we recommend logging errors rather than
-; sending them to STDOUT.
-; Possible Values:
-; Off = Do not display any errors
-; stderr = Display errors to STDERR (affects only CGI/CLI binaries!)
-; On or stdout = Display errors to STDOUT
-; Default Value: On
-; Development Value: On
-; Production Value: Off
-; http://php.net/display-errors
-display_errors = Off
-
-; The display of errors which occur during PHP's startup sequence are handled
-; separately from display_errors. PHP's default behavior is to suppress those
-; errors from clients. Turning the display of startup errors on can be useful in
-; debugging configuration problems. We strongly recommend you
-; set this to 'off' for production servers.
-; Default Value: Off
-; Development Value: On
-; Production Value: Off
-; http://php.net/display-startup-errors
-display_startup_errors = Off
-
-; Besides displaying errors, PHP can also log errors to locations such as a
-; server-specific log, STDERR, or a location specified by the error_log
-; directive found below. While errors should not be displayed on productions
-; servers they should still be monitored and logging is a great way to do that.
-; Default Value: Off
-; Development Value: On
-; Production Value: On
-; http://php.net/log-errors
-log_errors = On
-
-; Set maximum length of log_errors. In error_log information about the source is
-; added. The default is 1024 and 0 allows to not apply any maximum length at all.
-; http://php.net/log-errors-max-len
-log_errors_max_len = 1024
-
-; Do not log repeated messages. Repeated errors must occur in same file on same
-; line unless ignore_repeated_source is set true.
-; http://php.net/ignore-repeated-errors
-ignore_repeated_errors = Off
-
-; Ignore source of message when ignoring repeated messages. When this setting
-; is On you will not log errors with repeated messages from different files or
-; source lines.
-; http://php.net/ignore-repeated-source
-ignore_repeated_source = Off
-
-; If this parameter is set to Off, then memory leaks will not be shown (on
-; stdout or in the log). This has only effect in a debug compile, and if
-; error reporting includes E_WARNING in the allowed list
-; http://php.net/report-memleaks
-report_memleaks = On
-
-; This setting is on by default.
-;report_zend_debug = 0
-
-; Store the last error/warning message in $php_errormsg (boolean). Setting this value
-; to On can assist in debugging and is appropriate for development servers. It should
-; however be disabled on production servers.
-; This directive is DEPRECATED.
-; Default Value: Off
-; Development Value: Off
-; Production Value: Off
-; http://php.net/track-errors
-;track_errors = Off
-
-; Turn off normal error reporting and emit XML-RPC error XML
-; http://php.net/xmlrpc-errors
-;xmlrpc_errors = 0
-
-; An XML-RPC faultCode
-;xmlrpc_error_number = 0
-
-; When PHP displays or logs an error, it has the capability of formatting the
-; error message as HTML for easier reading. This directive controls whether
-; the error message is formatted as HTML or not.
-; Note: This directive is hardcoded to Off for the CLI SAPI
-; Default Value: On
-; Development Value: On
-; Production value: On
-; http://php.net/html-errors
-html_errors = On
-
-; If html_errors is set to On *and* docref_root is not empty, then PHP
-; produces clickable error messages that direct to a page describing the error
-; or function causing the error in detail.
-; You can download a copy of the PHP manual from http://php.net/docs
-; and change docref_root to the base URL of your local copy including the
-; leading '/'. You must also specify the file extension being used including
-; the dot. PHP's default behavior is to leave these settings empty, in which
-; case no links to documentation are generated.
-; Note: Never use this feature for production boxes.
-; http://php.net/docref-root
-; Examples
-;docref_root = "/phpmanual/"
-
-; http://php.net/docref-ext
-;docref_ext = .html
-
-; String to output before an error message. PHP's default behavior is to leave
-; this setting blank.
-; http://php.net/error-prepend-string
-; Example:
-;error_prepend_string = ""
-
-; String to output after an error message. PHP's default behavior is to leave
-; this setting blank.
-; http://php.net/error-append-string
-; Example:
-;error_append_string = ""
-
-; Log errors to specified file. PHP's default behavior is to leave this value
-; empty.
-; http://php.net/error-log
-; Example:
-;error_log = php_errors.log
-; Log errors to syslog (Event Log on Windows).
-;error_log = syslog
-
-;windows.show_crt_warning
-; Default value: 0
-; Development value: 0
-; Production value: 0
-
-;;;;;;;;;;;;;;;;;
-; Data Handling ;
-;;;;;;;;;;;;;;;;;
-
-; The separator used in PHP generated URLs to separate arguments.
-; PHP's default setting is "&".
-; http://php.net/arg-separator.output
-; Example:
-;arg_separator.output = "&"
-
-; List of separator(s) used by PHP to parse input URLs into variables.
-; PHP's default setting is "&".
-; NOTE: Every character in this directive is considered as separator!
-; http://php.net/arg-separator.input
-; Example:
-;arg_separator.input = ";&"
-
-; This directive determines which super global arrays are registered when PHP
-; starts up. G,P,C,E & S are abbreviations for the following respective super
-; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty
-; paid for the registration of these arrays and because ENV is not as commonly
-; used as the others, ENV is not recommended on productions servers. You
-; can still get access to the environment variables through getenv() should you
-; need to.
-; Default Value: "EGPCS"
-; Development Value: "GPCS"
-; Production Value: "GPCS";
-; http://php.net/variables-order
-variables_order = "GPCS"
-
-; This directive determines which super global data (G,P & C) should be
-; registered into the super global array REQUEST. If so, it also determines
-; the order in which that data is registered. The values for this directive
-; are specified in the same manner as the variables_order directive,
-; EXCEPT one. Leaving this value empty will cause PHP to use the value set
-; in the variables_order directive. It does not mean it will leave the super
-; globals array REQUEST empty.
-; Default Value: None
-; Development Value: "GP"
-; Production Value: "GP"
-; http://php.net/request-order
-request_order = "GP"
-
-; This directive determines whether PHP registers $argv & $argc each time it
-; runs. $argv contains an array of all the arguments passed to PHP when a script
-; is invoked. $argc contains an integer representing the number of arguments
-; that were passed when the script was invoked. These arrays are extremely
-; useful when running scripts from the command line. When this directive is
-; enabled, registering these variables consumes CPU cycles and memory each time
-; a script is executed. For performance reasons, this feature should be disabled
-; on production servers.
-; Note: This directive is hardcoded to On for the CLI SAPI
-; Default Value: On
-; Development Value: Off
-; Production Value: Off
-; http://php.net/register-argc-argv
-register_argc_argv = Off
-
-; When enabled, the ENV, REQUEST and SERVER variables are created when they're
-; first used (Just In Time) instead of when the script starts. If these
-; variables are not used within a script, having this directive on will result
-; in a performance gain. The PHP directive register_argc_argv must be disabled
-; for this directive to have any affect.
-; http://php.net/auto-globals-jit
-auto_globals_jit = On
-
-; Whether PHP will read the POST data.
-; This option is enabled by default.
-; Most likely, you won't want to disable this option globally. It causes $_POST
-; and $_FILES to always be empty; the only way you will be able to read the
-; POST data will be through the php://input stream wrapper. This can be useful
-; to proxy requests or to process the POST data in a memory efficient fashion.
-; http://php.net/enable-post-data-reading
-;enable_post_data_reading = Off
-
-; Maximum size of POST data that PHP will accept.
-; Its value may be 0 to disable the limit. It is ignored if POST data reading
-; is disabled through enable_post_data_reading.
-; http://php.net/post-max-size
-post_max_size = 8M
-
-; Automatically add files before PHP document.
-; http://php.net/auto-prepend-file
-auto_prepend_file =
-
-; Automatically add files after PHP document.
-; http://php.net/auto-append-file
-auto_append_file =
-
-; By default, PHP will output a media type using the Content-Type header. To
-; disable this, simply set it to be empty.
-;
-; PHP's built-in default media type is set to text/html.
-; http://php.net/default-mimetype
-default_mimetype = "text/html"
-
-; PHP's default character set is set to UTF-8.
-; http://php.net/default-charset
-default_charset = "UTF-8"
-
-; PHP internal character encoding is set to empty.
-; If empty, default_charset is used.
-; http://php.net/internal-encoding
-;internal_encoding =
-
-; PHP input character encoding is set to empty.
-; If empty, default_charset is used.
-; http://php.net/input-encoding
-;input_encoding =
-
-; PHP output character encoding is set to empty.
-; If empty, default_charset is used.
-; See also output_buffer.
-; http://php.net/output-encoding
-;output_encoding =
-
-;;;;;;;;;;;;;;;;;;;;;;;;;
-; Paths and Directories ;
-;;;;;;;;;;;;;;;;;;;;;;;;;
-
-; UNIX: "/path1:/path2"
-;include_path = ".:/usr/share/php"
-;
-; Windows: "\path1;\path2"
-;include_path = ".;c:\php\includes"
-;
-; PHP's default setting for include_path is ".;/path/to/php/pear"
-; http://php.net/include-path
-
-; The root of the PHP pages, used only if nonempty.
-; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
-; if you are running php as a CGI under any web server (other than IIS)
-; see documentation for security issues. The alternate is to use the
-; cgi.force_redirect configuration below
-; http://php.net/doc-root
-doc_root =
-
-; The directory under which PHP opens the script using /~username used only
-; if nonempty.
-; http://php.net/user-dir
-user_dir =
-
-; Directory in which the loadable extensions (modules) reside.
-; http://php.net/extension-dir
-; extension_dir = "./"
-; On windows:
-; extension_dir = "ext"
-
-; Directory where the temporary files should be placed.
-; Defaults to the system default (see sys_get_temp_dir)
-; sys_temp_dir = "/tmp"
-
-; Whether or not to enable the dl() function. The dl() function does NOT work
-; properly in multithreaded servers, such as IIS or Zeus, and is automatically
-; disabled on them.
-; http://php.net/enable-dl
-enable_dl = Off
-
-; cgi.force_redirect is necessary to provide security running PHP as a CGI under
-; most web servers. Left undefined, PHP turns this on by default. You can
-; turn it off here AT YOUR OWN RISK
-; **You CAN safely turn this off for IIS, in fact, you MUST.**
-; http://php.net/cgi.force-redirect
-;cgi.force_redirect = 1
-
-; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
-; every request. PHP's default behavior is to disable this feature.
-;cgi.nph = 1
-
-; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
-; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
-; will look for to know it is OK to continue execution. Setting this variable MAY
-; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
-; http://php.net/cgi.redirect-status-env
-;cgi.redirect_status_env =
-
-; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
-; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
-; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
-; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting
-; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
-; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
-; http://php.net/cgi.fix-pathinfo
-;cgi.fix_pathinfo=1
-
-; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside
-; of the web tree and people will not be able to circumvent .htaccess security.
-; http://php.net/cgi.dicard-path
-;cgi.discard_path=1
-
-; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate
-; security tokens of the calling client. This allows IIS to define the
-; security context that the request runs under. mod_fastcgi under Apache
-; does not currently support this feature (03/17/2002)
-; Set to 1 if running under IIS. Default is zero.
-; http://php.net/fastcgi.impersonate
-;fastcgi.impersonate = 1
-
-; Disable logging through FastCGI connection. PHP's default behavior is to enable
-; this feature.
-;fastcgi.logging = 0
-
-; cgi.rfc2616_headers configuration option tells PHP what type of headers to
-; use when sending HTTP response code. If set to 0, PHP sends Status: header that
-; is supported by Apache. When this option is set to 1, PHP will send
-; RFC2616 compliant header.
-; Default is zero.
-; http://php.net/cgi.rfc2616-headers
-;cgi.rfc2616_headers = 0
-
-; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #!
-; (shebang) at the top of the running script. This line might be needed if the
-; script support running both as stand-alone script and via PHP CGI<. PHP in CGI
-; mode skips this line and ignores its content if this directive is turned on.
-; http://php.net/cgi.check-shebang-line
-;cgi.check_shebang_line=1
-
-;;;;;;;;;;;;;;;;
-; File Uploads ;
-;;;;;;;;;;;;;;;;
-
-; Whether to allow HTTP file uploads.
-; http://php.net/file-uploads
-file_uploads = On
-
-; Temporary directory for HTTP uploaded files (will use system default if not
-; specified).
-; http://php.net/upload-tmp-dir
-;upload_tmp_dir =
-
-; Maximum allowed size for uploaded files.
-; http://php.net/upload-max-filesize
-upload_max_filesize = 2M
-
-; Maximum number of files that can be uploaded via a single request
-max_file_uploads = 20
-
-;;;;;;;;;;;;;;;;;;
-; Fopen wrappers ;
-;;;;;;;;;;;;;;;;;;
-
-; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
-; http://php.net/allow-url-fopen
-allow_url_fopen = On
-
-; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
-; http://php.net/allow-url-include
-allow_url_include = Off
-
-; Define the anonymous ftp password (your email address). PHP's default setting
-; for this is empty.
-; http://php.net/from
-;from="john@doe.com"
-
-; Define the User-Agent string. PHP's default setting for this is empty.
-; http://php.net/user-agent
-;user_agent="PHP"
-
-; Default timeout for socket based streams (seconds)
-; http://php.net/default-socket-timeout
-default_socket_timeout = 60
-
-; If your scripts have to deal with files from Macintosh systems,
-; or you are running on a Mac and need to deal with files from
-; unix or win32 systems, setting this flag will cause PHP to
-; automatically detect the EOL character in those files so that
-; fgets() and file() will work regardless of the source of the file.
-; http://php.net/auto-detect-line-endings
-;auto_detect_line_endings = Off
-
-;;;;;;;;;;;;;;;;;;;;;;
-; Dynamic Extensions ;
-;;;;;;;;;;;;;;;;;;;;;;
-
-; If you wish to have an extension loaded automatically, use the following
-; syntax:
-;
-; extension=modulename
-;
-; For example:
-;
-; extension=mysqli
-;
-; When the extension library to load is not located in the default extension
-; directory, You may specify an absolute path to the library file:
-;
-; extension=/path/to/extension/mysqli.so
-;
-; Note : The syntax used in previous PHP versions ('extension=.so' and
-; 'extension='php_.dll') is supported for legacy reasons and may be
-; deprecated in a future PHP major version. So, when it is possible, please
-; move to the new ('extension=) syntax.
-;
-; Notes for Windows environments :
-;
-; - Many DLL files are located in the extensions/ (PHP 4) or ext/ (PHP 5+)
-; extension folders as well as the separate PECL DLL download (PHP 5+).
-; Be sure to appropriately set the extension_dir directive.
-;
-;extension=bz2
-;extension=curl
-;extension=fileinfo
-;extension=gd2
-;extension=gettext
-;extension=gmp
-;extension=intl
-;extension=imap
-;extension=interbase
-;extension=ldap
-;extension=mbstring
-;extension=exif ; Must be after mbstring as it depends on it
-;extension=mysqli
-;extension=oci8_12c ; Use with Oracle Database 12c Instant Client
-;extension=openssl
-;extension=pdo_firebird
-;extension=pdo_mysql
-;extension=pdo_oci
-;extension=pdo_odbc
-;extension=pdo_pgsql
-;extension=pdo_sqlite
-;extension=pgsql
-;extension=shmop
-
-; The MIBS data available in the PHP distribution must be installed.
-; See http://www.php.net/manual/en/snmp.installation.php
-;extension=snmp
-
-;extension=soap
-;extension=sockets
-;extension=sqlite3
-;extension=tidy
-;extension=xmlrpc
-;extension=xsl
-
-;;;;;;;;;;;;;;;;;;;
-; Module Settings ;
-;;;;;;;;;;;;;;;;;;;
-
-[CLI Server]
-; Whether the CLI web server uses ANSI color coding in its terminal output.
-cli_server.color = On
-
-[Date]
-; Defines the default timezone used by the date functions
-; http://php.net/date.timezone
-{% if timezone is defined %}
-date.timezone = {{ timezone }}
-{% endif %}
-
-; http://php.net/date.default-latitude
-;date.default_latitude = 31.7667
-
-; http://php.net/date.default-longitude
-;date.default_longitude = 35.2333
-
-; http://php.net/date.sunrise-zenith
-;date.sunrise_zenith = 90.583333
-
-; http://php.net/date.sunset-zenith
-;date.sunset_zenith = 90.583333
-
-[filter]
-; http://php.net/filter.default
-;filter.default = unsafe_raw
-
-; http://php.net/filter.default-flags
-;filter.default_flags =
-
-[iconv]
-; Use of this INI entry is deprecated, use global input_encoding instead.
-; If empty, default_charset or input_encoding or iconv.input_encoding is used.
-; The precedence is: default_charset < intput_encoding < iconv.input_encoding
-;iconv.input_encoding =
-
-; Use of this INI entry is deprecated, use global internal_encoding instead.
-; If empty, default_charset or internal_encoding or iconv.internal_encoding is used.
-; The precedence is: default_charset < internal_encoding < iconv.internal_encoding
-;iconv.internal_encoding =
-
-; Use of this INI entry is deprecated, use global output_encoding instead.
-; If empty, default_charset or output_encoding or iconv.output_encoding is used.
-; The precedence is: default_charset < output_encoding < iconv.output_encoding
-; To use an output encoding conversion, iconv's output handler must be set
-; otherwise output encoding conversion cannot be performed.
-;iconv.output_encoding =
-
-[intl]
-;intl.default_locale =
-; This directive allows you to produce PHP errors when some error
-; happens within intl functions. The value is the level of the error produced.
-; Default is 0, which does not produce any errors.
-;intl.error_level = E_WARNING
-;intl.use_exceptions = 0
-
-[sqlite3]
-;sqlite3.extension_dir =
-
-[Pcre]
-;PCRE library backtracking limit.
-; http://php.net/pcre.backtrack-limit
-;pcre.backtrack_limit=100000
-
-;PCRE library recursion limit.
-;Please note that if you set this value to a high number you may consume all
-;the available process stack and eventually crash PHP (due to reaching the
-;stack size limit imposed by the Operating System).
-; http://php.net/pcre.recursion-limit
-;pcre.recursion_limit=100000
-
-;Enables or disables JIT compilation of patterns. This requires the PCRE
-;library to be compiled with JIT support.
-;pcre.jit=1
-
-[Pdo]
-; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"
-; http://php.net/pdo-odbc.connection-pooling
-;pdo_odbc.connection_pooling=strict
-
-;pdo_odbc.db2_instance_name
-
-[Pdo_mysql]
-; If mysqlnd is used: Number of cache slots for the internal result set cache
-; http://php.net/pdo_mysql.cache_size
-pdo_mysql.cache_size = 2000
-
-; Default socket name for local MySQL connects. If empty, uses the built-in
-; MySQL defaults.
-; http://php.net/pdo_mysql.default-socket
-pdo_mysql.default_socket=
-
-[Phar]
-; http://php.net/phar.readonly
-;phar.readonly = On
-
-; http://php.net/phar.require-hash
-;phar.require_hash = On
-
-;phar.cache_list =
-
-[mail function]
-; For Win32 only.
-; http://php.net/smtp
-SMTP = localhost
-; http://php.net/smtp-port
-smtp_port = 25
-
-; For Win32 only.
-; http://php.net/sendmail-from
-;sendmail_from = me@example.com
-
-; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
-; http://php.net/sendmail-path
-;sendmail_path =
-
-; Force the addition of the specified parameters to be passed as extra parameters
-; to the sendmail binary. These parameters will always replace the value of
-; the 5th parameter to mail().
-;mail.force_extra_parameters =
-
-; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
-mail.add_x_header = Off
-
-; The path to a log file that will log all mail() calls. Log entries include
-; the full path of the script, line number, To address and headers.
-;mail.log =
-; Log mail to syslog (Event Log on Windows).
-;mail.log = syslog
-
-[ODBC]
-; http://php.net/odbc.default-db
-;odbc.default_db = Not yet implemented
-
-; http://php.net/odbc.default-user
-;odbc.default_user = Not yet implemented
-
-; http://php.net/odbc.default-pw
-;odbc.default_pw = Not yet implemented
-
-; Controls the ODBC cursor model.
-; Default: SQL_CURSOR_STATIC (default).
-;odbc.default_cursortype
-
-; Allow or prevent persistent links.
-; http://php.net/odbc.allow-persistent
-odbc.allow_persistent = On
-
-; Check that a connection is still valid before reuse.
-; http://php.net/odbc.check-persistent
-odbc.check_persistent = On
-
-; Maximum number of persistent links. -1 means no limit.
-; http://php.net/odbc.max-persistent
-odbc.max_persistent = -1
-
-; Maximum number of links (persistent + non-persistent). -1 means no limit.
-; http://php.net/odbc.max-links
-odbc.max_links = -1
-
-; Handling of LONG fields. Returns number of bytes to variables. 0 means
-; passthru.
-; http://php.net/odbc.defaultlrl
-odbc.defaultlrl = 4096
-
-; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char.
-; See the documentation on odbc_binmode and odbc_longreadlen for an explanation
-; of odbc.defaultlrl and odbc.defaultbinmode
-; http://php.net/odbc.defaultbinmode
-odbc.defaultbinmode = 1
-
-;birdstep.max_links = -1
-
-[Interbase]
-; Allow or prevent persistent links.
-ibase.allow_persistent = 1
-
-; Maximum number of persistent links. -1 means no limit.
-ibase.max_persistent = -1
-
-; Maximum number of links (persistent + non-persistent). -1 means no limit.
-ibase.max_links = -1
-
-; Default database name for ibase_connect().
-;ibase.default_db =
-
-; Default username for ibase_connect().
-;ibase.default_user =
-
-; Default password for ibase_connect().
-;ibase.default_password =
-
-; Default charset for ibase_connect().
-;ibase.default_charset =
-
-; Default timestamp format.
-ibase.timestampformat = "%Y-%m-%d %H:%M:%S"
-
-; Default date format.
-ibase.dateformat = "%Y-%m-%d"
-
-; Default time format.
-ibase.timeformat = "%H:%M:%S"
-
-[MySQLi]
-
-; Maximum number of persistent links. -1 means no limit.
-; http://php.net/mysqli.max-persistent
-mysqli.max_persistent = -1
-
-; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
-; http://php.net/mysqli.allow_local_infile
-;mysqli.allow_local_infile = On
-
-; Allow or prevent persistent links.
-; http://php.net/mysqli.allow-persistent
-mysqli.allow_persistent = On
-
-; Maximum number of links. -1 means no limit.
-; http://php.net/mysqli.max-links
-mysqli.max_links = -1
-
-; If mysqlnd is used: Number of cache slots for the internal result set cache
-; http://php.net/mysqli.cache_size
-mysqli.cache_size = 2000
-
-; Default port number for mysqli_connect(). If unset, mysqli_connect() will use
-; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
-; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
-; at MYSQL_PORT.
-; http://php.net/mysqli.default-port
-mysqli.default_port = 3306
-
-; Default socket name for local MySQL connects. If empty, uses the built-in
-; MySQL defaults.
-; http://php.net/mysqli.default-socket
-mysqli.default_socket =
-
-; Default host for mysql_connect() (doesn't apply in safe mode).
-; http://php.net/mysqli.default-host
-mysqli.default_host =
-
-; Default user for mysql_connect() (doesn't apply in safe mode).
-; http://php.net/mysqli.default-user
-mysqli.default_user =
-
-; Default password for mysqli_connect() (doesn't apply in safe mode).
-; Note that this is generally a *bad* idea to store passwords in this file.
-; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw")
-; and reveal this password! And of course, any users with read access to this
-; file will be able to reveal the password as well.
-; http://php.net/mysqli.default-pw
-mysqli.default_pw =
-
-; Allow or prevent reconnect
-mysqli.reconnect = Off
-
-[mysqlnd]
-; Enable / Disable collection of general statistics by mysqlnd which can be
-; used to tune and monitor MySQL operations.
-; http://php.net/mysqlnd.collect_statistics
-mysqlnd.collect_statistics = On
-
-; Enable / Disable collection of memory usage statistics by mysqlnd which can be
-; used to tune and monitor MySQL operations.
-; http://php.net/mysqlnd.collect_memory_statistics
-mysqlnd.collect_memory_statistics = Off
-
-; Records communication from all extensions using mysqlnd to the specified log
-; file.
-; http://php.net/mysqlnd.debug
-;mysqlnd.debug =
-
-; Defines which queries will be logged.
-; http://php.net/mysqlnd.log_mask
-;mysqlnd.log_mask = 0
-
-; Default size of the mysqlnd memory pool, which is used by result sets.
-; http://php.net/mysqlnd.mempool_default_size
-;mysqlnd.mempool_default_size = 16000
-
-; Size of a pre-allocated buffer used when sending commands to MySQL in bytes.
-; http://php.net/mysqlnd.net_cmd_buffer_size
-;mysqlnd.net_cmd_buffer_size = 2048
-
-; Size of a pre-allocated buffer used for reading data sent by the server in
-; bytes.
-; http://php.net/mysqlnd.net_read_buffer_size
-;mysqlnd.net_read_buffer_size = 32768
-
-; Timeout for network requests in seconds.
-; http://php.net/mysqlnd.net_read_timeout
-;mysqlnd.net_read_timeout = 31536000
-
-; SHA-256 Authentication Plugin related. File with the MySQL server public RSA
-; key.
-; http://php.net/mysqlnd.sha256_server_public_key
-;mysqlnd.sha256_server_public_key =
-
-[OCI8]
-
-; Connection: Enables privileged connections using external
-; credentials (OCI_SYSOPER, OCI_SYSDBA)
-; http://php.net/oci8.privileged-connect
-;oci8.privileged_connect = Off
-
-; Connection: The maximum number of persistent OCI8 connections per
-; process. Using -1 means no limit.
-; http://php.net/oci8.max-persistent
-;oci8.max_persistent = -1
-
-; Connection: The maximum number of seconds a process is allowed to
-; maintain an idle persistent connection. Using -1 means idle
-; persistent connections will be maintained forever.
-; http://php.net/oci8.persistent-timeout
-;oci8.persistent_timeout = -1
-
-; Connection: The number of seconds that must pass before issuing a
-; ping during oci_pconnect() to check the connection validity. When
-; set to 0, each oci_pconnect() will cause a ping. Using -1 disables
-; pings completely.
-; http://php.net/oci8.ping-interval
-;oci8.ping_interval = 60
-
-; Connection: Set this to a user chosen connection class to be used
-; for all pooled server requests with Oracle 11g Database Resident
-; Connection Pooling (DRCP). To use DRCP, this value should be set to
-; the same string for all web servers running the same application,
-; the database pool must be configured, and the connection string must
-; specify to use a pooled server.
-;oci8.connection_class =
-
-; High Availability: Using On lets PHP receive Fast Application
-; Notification (FAN) events generated when a database node fails. The
-; database must also be configured to post FAN events.
-;oci8.events = Off
-
-; Tuning: This option enables statement caching, and specifies how
-; many statements to cache. Using 0 disables statement caching.
-; http://php.net/oci8.statement-cache-size
-;oci8.statement_cache_size = 20
-
-; Tuning: Enables statement prefetching and sets the default number of
-; rows that will be fetched automatically after statement execution.
-; http://php.net/oci8.default-prefetch
-;oci8.default_prefetch = 100
-
-; Compatibility. Using On means oci_close() will not close
-; oci_connect() and oci_new_connect() connections.
-; http://php.net/oci8.old-oci-close-semantics
-;oci8.old_oci_close_semantics = Off
-
-[PostgreSQL]
-; Allow or prevent persistent links.
-; http://php.net/pgsql.allow-persistent
-pgsql.allow_persistent = On
-
-; Detect broken persistent links always with pg_pconnect().
-; Auto reset feature requires a little overheads.
-; http://php.net/pgsql.auto-reset-persistent
-pgsql.auto_reset_persistent = Off
-
-; Maximum number of persistent links. -1 means no limit.
-; http://php.net/pgsql.max-persistent
-pgsql.max_persistent = -1
-
-; Maximum number of links (persistent+non persistent). -1 means no limit.
-; http://php.net/pgsql.max-links
-pgsql.max_links = -1
-
-; Ignore PostgreSQL backends Notice message or not.
-; Notice message logging require a little overheads.
-; http://php.net/pgsql.ignore-notice
-pgsql.ignore_notice = 0
-
-; Log PostgreSQL backends Notice message or not.
-; Unless pgsql.ignore_notice=0, module cannot log notice message.
-; http://php.net/pgsql.log-notice
-pgsql.log_notice = 0
-
-[bcmath]
-; Number of decimal digits for all bcmath functions.
-; http://php.net/bcmath.scale
-bcmath.scale = 0
-
-[browscap]
-; http://php.net/browscap
-;browscap = extra/browscap.ini
-
-[Session]
-; Handler used to store/retrieve data.
-; http://php.net/session.save-handler
-session.save_handler = files
-
-; Argument passed to save_handler. In the case of files, this is the path
-; where data files are stored. Note: Windows users have to change this
-; variable in order to use PHP's session functions.
-;
-; The path can be defined as:
-;
-; session.save_path = "N;/path"
-;
-; where N is an integer. Instead of storing all the session files in
-; /path, what this will do is use subdirectories N-levels deep, and
-; store the session data in those directories. This is useful if
-; your OS has problems with many files in one directory, and is
-; a more efficient layout for servers that handle many sessions.
-;
-; NOTE 1: PHP will not create this directory structure automatically.
-; You can use the script in the ext/session dir for that purpose.
-; NOTE 2: See the section on garbage collection below if you choose to
-; use subdirectories for session storage
-;
-; The file storage module creates files using mode 600 by default.
-; You can change that by using
-;
-; session.save_path = "N;MODE;/path"
-;
-; where MODE is the octal representation of the mode. Note that this
-; does not overwrite the process's umask.
-; http://php.net/session.save-path
-;session.save_path = "/var/lib/php/sessions"
-
-; Whether to use strict session mode.
-; Strict session mode does not accept uninitialized session ID and regenerate
-; session ID if browser sends uninitialized session ID. Strict mode protects
-; applications from session fixation via session adoption vulnerability. It is
-; disabled by default for maximum compatibility, but enabling it is encouraged.
-; https://wiki.php.net/rfc/strict_sessions
-session.use_strict_mode = 0
-
-; Whether to use cookies.
-; http://php.net/session.use-cookies
-session.use_cookies = 1
-
-; http://php.net/session.cookie-secure
-;session.cookie_secure =
-
-; This option forces PHP to fetch and use a cookie for storing and maintaining
-; the session id. We encourage this operation as it's very helpful in combating
-; session hijacking when not specifying and managing your own session id. It is
-; not the be-all and end-all of session hijacking defense, but it's a good start.
-; http://php.net/session.use-only-cookies
-session.use_only_cookies = 1
-
-; Name of the session (used as cookie name).
-; http://php.net/session.name
-session.name = PHPSESSID
-
-; Initialize session on request startup.
-; http://php.net/session.auto-start
-session.auto_start = 0
-
-; Lifetime in seconds of cookie or, if 0, until browser is restarted.
-; http://php.net/session.cookie-lifetime
-session.cookie_lifetime = 0
-
-; The path for which the cookie is valid.
-; http://php.net/session.cookie-path
-session.cookie_path = /
-
-; The domain for which the cookie is valid.
-; http://php.net/session.cookie-domain
-session.cookie_domain =
-
-; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
-; http://php.net/session.cookie-httponly
-session.cookie_httponly =
-
-; Handler used to serialize data. php is the standard serializer of PHP.
-; http://php.net/session.serialize-handler
-session.serialize_handler = php
-
-; Defines the probability that the 'garbage collection' process is started
-; on every session initialization. The probability is calculated by using
-; gc_probability/gc_divisor. Where session.gc_probability is the numerator
-; and gc_divisor is the denominator in the equation. Setting this value to 1
-; when the session.gc_divisor value is 100 will give you approximately a 1% chance
-; the gc will run on any give request.
-; Default Value: 1
-; Development Value: 1
-; Production Value: 1
-; http://php.net/session.gc-probability
-session.gc_probability = 0
-
-; Defines the probability that the 'garbage collection' process is started on every
-; session initialization. The probability is calculated by using the following equation:
-; gc_probability/gc_divisor. Where session.gc_probability is the numerator and
-; session.gc_divisor is the denominator in the equation. Setting this value to 1
-; when the session.gc_divisor value is 100 will give you approximately a 1% chance
-; the gc will run on any give request. Increasing this value to 1000 will give you
-; a 0.1% chance the gc will run on any give request. For high volume production servers,
-; this is a more efficient approach.
-; Default Value: 100
-; Development Value: 1000
-; Production Value: 1000
-; http://php.net/session.gc-divisor
-session.gc_divisor = 1000
-
-; After this number of seconds, stored data will be seen as 'garbage' and
-; cleaned up by the garbage collection process.
-; http://php.net/session.gc-maxlifetime
-session.gc_maxlifetime = 1440
-
-; NOTE: If you are using the subdirectory option for storing session files
-; (see session.save_path above), then garbage collection does *not*
-; happen automatically. You will need to do your own garbage
-; collection through a shell script, cron entry, or some other method.
-; For example, the following script would is the equivalent of
-; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
-; find /path/to/sessions -cmin +24 -type f | xargs rm
-
-; Check HTTP Referer to invalidate externally stored URLs containing ids.
-; HTTP_REFERER has to contain this substring for the session to be
-; considered as valid.
-; http://php.net/session.referer-check
-session.referer_check =
-
-; Set to {nocache,private,public,} to determine HTTP caching aspects
-; or leave this empty to avoid sending anti-caching headers.
-; http://php.net/session.cache-limiter
-session.cache_limiter = nocache
-
-; Document expires after n minutes.
-; http://php.net/session.cache-expire
-session.cache_expire = 180
-
-; trans sid support is disabled by default.
-; Use of trans sid may risk your users' security.
-; Use this option with caution.
-; - User may send URL contains active session ID
-; to other person via. email/irc/etc.
-; - URL that contains active session ID may be stored
-; in publicly accessible computer.
-; - User may access your site with the same session ID
-; always using URL stored in browser's history or bookmarks.
-; http://php.net/session.use-trans-sid
-session.use_trans_sid = 0
-
-; Set session ID character length. This value could be between 22 to 256.
-; Shorter length than default is supported only for compatibility reason.
-; Users should use 32 or more chars.
-; http://php.net/session.sid-length
-; Default Value: 32
-; Development Value: 26
-; Production Value: 26
-session.sid_length = 26
-
-; The URL rewriter will look for URLs in a defined set of HTML tags.
-;