From 1f6800c47284ff83346843e277a3c47e0a5dd68c Mon Sep 17 00:00:00 2001 From: Root Date: Wed, 25 Jan 2023 21:50:30 +0000 Subject: [PATCH 01/12] env --- .gitignore | 1 + Dockerfile | 196 +++++++++ README.md | 2 +- docker-compose.yml | 30 ++ entrypoint | 0 powerdns/pdns.conf | 727 ++++++++++++++++++++++++++++++++ powerdns/pdns.d/gmysql.conf | 13 + sql/cascade.sql | 14 + sql/defailt_schema.sql | 92 ++++ supervisor/conf.d/nginx.c_onf | 7 + supervisor/conf.d/php-fpm.conf | 3 + supervisor/conf.d/powerdns.conf | 11 + supervisor/supervisord.conf | 9 + 13 files changed, 1104 insertions(+), 1 deletion(-) create mode 100644 .gitignore create mode 100644 Dockerfile create mode 100644 docker-compose.yml create mode 100644 entrypoint create mode 100644 powerdns/pdns.conf create mode 100644 powerdns/pdns.d/gmysql.conf create mode 100644 sql/cascade.sql create mode 100644 sql/defailt_schema.sql create mode 100644 supervisor/conf.d/nginx.c_onf create mode 100644 supervisor/conf.d/php-fpm.conf create mode 100644 supervisor/conf.d/powerdns.conf create mode 100644 supervisor/supervisord.conf diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b067888 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +mysqldb \ No newline at end of file diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..636ca0a --- /dev/null +++ b/Dockerfile @@ -0,0 +1,196 @@ +FROM alpine:3.17.1 as builder + +ENV POWERDNS_VER=4.7.3 + +# Install libs we need +RUN set -eux; \ + true "Installing build dependencies"; \ + apk add --no-cache \ + build-base \ + \ + boost-dev curl curl-dev geoip-dev krb5-dev openssl-dev \ + libsodium-dev lua-dev mariadb-connector-c-dev \ + protobuf-dev yaml-cpp-dev zeromq-dev mariadb-dev luajit-dev \ + libmaxminddb-dev + +# Download packages +RUN set -eux; \ + mkdir -p build; \ + cd build; \ + wget "https://downloads.powerdns.com/releases/pdns-${POWERDNS_VER}.tar.bz2"; \ + tar -jxf "pdns-${POWERDNS_VER}.tar.bz2" + + +# Build and install PowerDNS +RUN set -eux; \ + cd build; \ + cd "pdns-${POWERDNS_VER}"; \ +# Compiler flags + export CFLAGS="-march=x86-64 -mtune=generic -Os -pipe -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection -flto=auto"; \ + export CXXFLAGS="-Wp,-D_GLIBCXX_ASSERTIONS"; \ + export LDFLAGS="-Wl,-Os,--sort-common,--as-needed,-z,relro,-z,now -flto=auto"; \ + \ + ./configure \ + --prefix=/usr \ + --sysconfdir="/etc/powerdns" \ + --sbindir=/usr/sbin \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --localstatedir=/var \ + --libdir="/usr/lib/powerdns" \ + --disable-static \ + --with-modules="" \ + --with-dynmodules="bind geoip gmysql lua2 pipe remote" \ + --with-libsodium \ + --enable-tools \ + --enable-ixfrdist \ + --enable-dns-over-tls \ + --disable-dependency-tracking \ + --disable-silent-rules \ + --enable-reproducible \ + --enable-unit-tests \ + --with-service-user=powerdns \ + --with-service-group=powerdns \ + --enable-remotebackend-zeromq; \ + make V=1 -j$(nproc) -l8 CFLAGS="$CFLAGS" CXXFLAGS="$CXXFLAGS" LDFLAGS="$LDFLAGS"; \ + \ + pkgdir=/build/powerdns-root; \ + make DESTDIR="$pkgdir" install; \ + \ +# Move some things around + mv "$pkgdir"/etc/powerdns/pdns.conf-dist "$pkgdir"/etc/powerdns/pdns.conf; \ + mv "$pkgdir"/etc/powerdns/ixfrdist.example.yml "$pkgdir"/usr/share/doc/pdns/; \ +# Remove cruft + find "$pkgdir" -type f -name "*.a" -o -name "*.la" | xargs rm -fv; \ + rm -rfv \ + "$pkgdir"/usr/include \ + "$pkgdir"/usr/share/man + + +RUN set -eux; \ + cd build/powerdns-root; \ + scanelf --recursive --nobanner --osabi --etype "ET_DYN,ET_EXEC" . | awk '{print $3}' | xargs \ + strip \ + --remove-section=.comment \ + --remove-section=.note \ + -R .gnu.lto_* -R .gnu.debuglto_* \ + -N __gnu_lto_slim -N __gnu_lto_v1 \ + --strip-unneeded + +# +# Build final image +# +FROM alpine:3.17.1 + +ENV POWERADMIN_VER=3.4.2 + +# Copy in built binaries +COPY --from=builder /build/powerdns-root / + +# Copy configs +COPY supervisor /etc/supervisor +COPY powerdns /etc/powerdns + +RUN set -eux; \ + true "PowerDNS requirements"; \ + apk add --no-cache \ + boost-libs \ + geoip \ + libcurl \ + libmaxminddb-libs \ + luajit \ + mariadb-client \ + mariadb-connector-c \ + yaml-cpp \ + zeromq \ + \ + pwgen \ + supervisor \ + nginx \ + php-fpm \ + #php-mcrypt \ + php-mysqlnd \ + php81-pdo \ + php81-pdo_mysql \ + php81-gettext \ + php81-openssl \ + ; \ + true "Setup user and group"; \ + addgroup -S powerdns 2>/dev/null; \ + adduser -S -D -h /var/lib/powerdns -s /sbin/nologin -G powerdns -g powerdns powerdns 2>/dev/null; \ + \ + true "Tools"; \ + apk add --no-cache \ + bind-tools \ + ; \ + true "Cleanup"; \ + rm -f /var/cache/apk/* + +RUN set -eux; \ + true "Setup poweradmin"; \ + mkdir -p /var/www/html; \ + cd /var/www/html; \ + rm -rf /var/www/html/*; \ + wget https://github.com/poweradmin/poweradmin/archive/refs/tags/v${POWERADMIN_VER}.tar.gz; \ + tar -xf v${POWERADMIN_VER}.tar.gz && rm -f v${POWERADMIN_VER}.tar.gz; \ + mv poweradmin-${POWERADMIN_VER} poweradmin; \ + rm -R /var/www/html/poweradmin/install; \ + \ + mkdir /run/powerdns; \ + chmod 0750 /etc/powerdns; \ + chmod 0640 /etc/powerdns/pdns.conf; \ + chown -R root:powerdns /etc/powerdns; \ + chown -R powerdns:powerdns /run/powerdns + +EXPOSE 53/TCP 53/UDP 8081/TCP 80/TCP +CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisor/supervisord.conf"] + + + #&& git clone https://github.com/poweradmin/poweradmin.git . \ + #&& git checkout b27f28b2d586afb201904437605be988ee048c22 \ + + +# RUN set -eux; \ +# true "Setup configuration"; \ +# mkdir -p /etc/powerdns/conf.d; \ +# sed -ri "s!^#?\s*(disable-syslog)\s*=\s*\S*.*!\1 = yes!" /etc/powerdns/pdns.conf; \ +# grep -E "^disable-syslog = yes$" /etc/powerdns/pdns.conf; \ +# sed -ri "s!^#?\s*(log-timestamp)\s*=\s*\S*.*!\1 = yes!" /etc/powerdns/pdns.conf; \ +# grep -E "^log-timestamp = yes$" /etc/powerdns/pdns.conf; \ +# sed -ri "s!^#?\s*(include-dir)\s*=\s*\S*.*!\1 = /etc/powerdns/conf.d!" /etc/powerdns/pdns.conf; \ +# grep -E "^include-dir = /etc/powerdns/conf\.d$" /etc/powerdns/pdns.conf; \ +# sed -ri "s!^#?\s*(launch)\s*=\s*\S*.*!\1 =!" /etc/powerdns/pdns.conf; \ +# grep -E "^launch =$" /etc/powerdns/pdns.conf; \ +# sed -ri "s!^#?\s*(socket-dir)\s*=\s*\S*.*!\1 = /run/powerdns!" /etc/powerdns/pdns.conf; \ +# grep -E "^socket-dir = /run/powerdns$" /etc/powerdns/pdns.conf; \ +# sed -ri "s!^#?\s*(version-string)\s*=\s*\S*.*!\1 = anonymous!" /etc/powerdns/pdns.conf; \ +# grep -E "^version-string = anonymous$" /etc/powerdns/pdns.conf; \ +# chmod 0750 /etc/powerdns; \ +# chmod 0640 /etc/powerdns/pdns.conf; \ +# chown -R root:powerdns /etc/powerdns + + +# PowerDNS + + +# COPY usr/local/share/flexible-docker-containers/init.d/42-powerdns.sh /usr/local/share/flexible-docker-containers/init.d +# COPY usr/local/share/flexible-docker-containers/pre-init-tests.d/42-powerdns.sh /usr/local/share/flexible-docker-containers/pre-init-tests.d +# COPY usr/local/share/flexible-docker-containers/pre-init-tests.d/43-powerdns-mysql.sh /usr/local/share/flexible-docker-containers/pre-init-tests.d +# COPY usr/local/share/flexible-docker-containers/pre-init-tests.d/43-powerdns-postgres.sh /usr/local/share/flexible-docker-containers/pre-init-tests.d +# COPY usr/local/share/flexible-docker-containers/pre-init-tests.d/43-powerdns-zonefile.sh /usr/local/share/flexible-docker-containers/pre-init-tests.d +# COPY usr/local/share/flexible-docker-containers/tests.d/42-powerdns-mysql.sh /usr/local/share/flexible-docker-containers/tests.d +# COPY usr/local/share/flexible-docker-containers/tests.d/42-powerdns-postgres.sh /usr/local/share/flexible-docker-containers/tests.d +# COPY usr/local/share/flexible-docker-containers/tests.d/43-powerdns.sh /usr/local/share/flexible-docker-containers/tests.d +# COPY usr/local/share/flexible-docker-containers/tests.d/99-powerdns.sh /usr/local/share/flexible-docker-containers/tests.d +# COPY usr/local/share/flexible-docker-containers/healthcheck.d/42-powerdns.sh /usr/local/share/flexible-docker-containers/healthcheck.d +# RUN set -eux; \ +# true "Flexible Docker Containers"; \ +# if [ -n "$VERSION_INFO" ]; then echo "$VERSION_INFO" >> /.VERSION_INFO; fi; \ +# true "Permissions"; \ +# chown root:root \ +# /etc/supervisor/conf.d/powerdns.conf; \ +# chmod 0644 \ +# /etc/supervisor/conf.d/powerdns.conf; \ +# fdc set-perms + + diff --git a/README.md b/README.md index 8c615aa..cdf9a53 100644 --- a/README.md +++ b/README.md @@ -1 +1 @@ -# powerdns \ No newline at end of file +# powerdns diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..924934c --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,30 @@ +version: '3.9' +services: + + mariadb: + image: mariadb + volumes: + - ./mysqldb:/var/lib/mysql + environment: + - MYSQL_ROOT_PASSWORD=root_pass + - MYSQL_DATABASE=pdns_db + - MYSQL_USER=pdns_user + - MYSQL_PASSWORD=pdns_pass + + powerdns: + image: powerdns:latest + environment: + - POWERDNS_SERVER_ID=serverid + - POWERDNS_WEBSERVER_ALLOW_FROM=0.0.0.0/0 + - MYSQL_HOST=mariadb + - MYSQL_PORT=3306 + - MYSQL_USER=pdns_user + - MYSQL_PASSWORD=pdns_pass + - MYSQL_DATABASE=pdns_db + depends_on: + - mariadb + ports: + - 8080:8080/TCP + - 8081:8081/TCP + - 8053:53/TCP + - 8053:53/UDP diff --git a/entrypoint b/entrypoint new file mode 100644 index 0000000..e69de29 diff --git a/powerdns/pdns.conf b/powerdns/pdns.conf new file mode 100644 index 0000000..b810092 --- /dev/null +++ b/powerdns/pdns.conf @@ -0,0 +1,727 @@ +# Autogenerated configuration file template + +################################# +# ignore-unknown-settings Configuration settings to ignore if they are unknown +# +# ignore-unknown-settings= + +################################# +# 8bit-dns Allow 8bit dns queries +# +# 8bit-dns=no + +################################# +# allow-axfr-ips Allow zonetransfers only to these subnets +# +# allow-axfr-ips=127.0.0.0/8,::1 + +################################# +# allow-dnsupdate-from A global setting to allow DNS updates from these IP ranges. +# +# allow-dnsupdate-from=127.0.0.0/8,::1 + +################################# +# allow-notify-from Allow AXFR NOTIFY from these IP ranges. If empty, drop all incoming notifies. +# +# allow-notify-from=0.0.0.0/0,::/0 + +################################# +# allow-unsigned-autoprimary Allow autoprimaries to create zones without TSIG signed NOTIFY +# +# allow-unsigned-autoprimary=yes + +################################# +# allow-unsigned-notify Allow unsigned notifications for TSIG secured zones +# +# allow-unsigned-notify=yes + +################################# +# allow-unsigned-supermaster Allow supermasters to create zones without TSIG signed NOTIFY +# +# allow-unsigned-supermaster=yes + +################################# +# also-notify When notifying a zone, also notify these nameservers +# +# also-notify= + +################################# +# any-to-tcp Answer ANY queries with tc=1, shunting to TCP +# +# any-to-tcp=yes + +################################# +# api Enable/disable the REST API (including HTTP listener) +# +# api=no + +################################# +# api-key Static pre-shared authentication key for access to the REST API +# +# api-key= + +################################# +# autosecondary Act as an autosecondary (formerly superslave) +# +# autosecondary=no + +################################# +# axfr-fetch-timeout Maximum time in seconds for inbound AXFR to start or be idle after starting +# +# axfr-fetch-timeout=10 + +################################# +# axfr-lower-serial Also AXFR a zone from a master with a lower serial +# +# axfr-lower-serial=no + +################################# +# cache-ttl Seconds to store packets in the PacketCache +# +# cache-ttl=20 + +################################# +# carbon-instance If set overwrites the instance name default +# +# carbon-instance=auth + +################################# +# carbon-interval Number of seconds between carbon (graphite) updates +# +# carbon-interval=30 + +################################# +# carbon-namespace If set overwrites the first part of the carbon string +# +# carbon-namespace=pdns + +################################# +# carbon-ourname If set, overrides our reported hostname for carbon stats +# +# carbon-ourname= + +################################# +# carbon-server If set, send metrics in carbon (graphite) format to this server IP address +# +# carbon-server= + +################################# +# chroot If set, chroot to this directory for more security +# +# chroot= + +################################# +# config-dir Location of configuration directory (pdns.conf) +# +# config-dir=/etc/powerdns + +################################# +# config-name Name of this virtual configuration - will rename the binary image +# +# config-name= + +################################# +# consistent-backends Assume individual zones are not divided over backends. Send only ANY lookup operations to the backend to reduce the number of lookups +# +# consistent-backends=yes + +################################# +# control-console Debugging switch - don't use +# +# control-console=no + +################################# +# daemon Operate as a daemon +# +# daemon=no + +################################# +# default-api-rectify Default API-RECTIFY value for zones +# +# default-api-rectify=yes + +################################# +# default-ksk-algorithm Default KSK algorithm +# +# default-ksk-algorithm=ecdsa256 + +################################# +# default-ksk-size Default KSK size (0 means default) +# +# default-ksk-size=0 + +################################# +# default-publish-cdnskey Default value for PUBLISH-CDNSKEY +# +# default-publish-cdnskey= + +################################# +# default-publish-cds Default value for PUBLISH-CDS +# +# default-publish-cds= + +################################# +# default-soa-content Default SOA content +# +# default-soa-content=a.misconfigured.dns.server.invalid hostmaster.@ 0 10800 3600 604800 3600 + +################################# +# default-soa-edit Default SOA-EDIT value +# +# default-soa-edit= + +################################# +# default-soa-edit-signed Default SOA-EDIT value for signed zones +# +# default-soa-edit-signed= + +################################# +# default-ttl Seconds a result is valid if not set otherwise +# +# default-ttl=3600 + +################################# +# default-zsk-algorithm Default ZSK algorithm +# +# default-zsk-algorithm= + +################################# +# default-zsk-size Default ZSK size (0 means default) +# +# default-zsk-size=0 + +################################# +# direct-dnskey Fetch DNSKEY, CDS and CDNSKEY RRs from backend during DNSKEY or CDS/CDNSKEY synthesis +# +# direct-dnskey=no + +################################# +# disable-axfr Disable zonetransfers but do allow TCP queries +# +# disable-axfr=no + +################################# +# disable-axfr-rectify Disable the rectify step during an outgoing AXFR. Only required for regression testing. +# +# disable-axfr-rectify=no + +################################# +# disable-syslog Disable logging to syslog, useful when running inside a supervisor that logs stdout +# +disable-syslog=yes + +################################# +# distributor-threads Default number of Distributor (backend) threads to start +# +# distributor-threads=3 + +################################# +# dname-processing If we should support DNAME records +# +# dname-processing=no + +################################# +# dnssec-key-cache-ttl Seconds to cache DNSSEC keys from the database +# +# dnssec-key-cache-ttl=30 + +################################# +# dnsupdate Enable/Disable DNS update (RFC2136) support. Default is no. +# +# dnsupdate=no + +################################# +# domain-metadata-cache-ttl Seconds to cache zone metadata from the database +# +# domain-metadata-cache-ttl= + +################################# +# edns-cookie-secret When set, set a server cookie when responding to a query with a Client cookie (in hex) +# +# edns-cookie-secret= + +################################# +# edns-subnet-processing If we should act on EDNS Subnet options +# +# edns-subnet-processing=no + +################################# +# enable-lua-records Process LUA records for all zones (metadata overrides this) +# +# enable-lua-records=no + +################################# +# entropy-source If set, read entropy from this file +# +# entropy-source=/dev/urandom + +################################# +# expand-alias Expand ALIAS records +# +# expand-alias=no + +################################# +# forward-dnsupdate A global setting to allow DNS update packages that are for a Slave zone, to be forwarded to the master. +# +# forward-dnsupdate=yes + +################################# +# forward-notify IP addresses to forward received notifications to regardless of master or slave settings +# +# forward-notify= + +################################# +# guardian Run within a guardian process +# +# guardian=no + +################################# +# include-dir Include *.conf files from this directory +# +include-dir = /etc/powerdns/conf.d + +################################# +# launch Which backends to launch and order to query them in +# +launch=gmysql-dnssec + +################################# +# load-modules Load this module - supply absolute or relative path +# +# load-modules= + +################################# +# local-address Local IP addresses to which we bind +# +# local-address=0.0.0.0, :: + +################################# +# local-address-nonexist-fail Fail to start if one or more of the local-address's do not exist on this server +# +# local-address-nonexist-fail=yes + +################################# +# local-port The port on which we listen +# +# local-port=53 + +################################# +# log-dns-details If PDNS should log DNS non-erroneous details +# +# log-dns-details=no + +################################# +# log-dns-queries If PDNS should log all incoming DNS queries +# +# log-dns-queries=no + +################################# +# log-timestamp Print timestamps in log lines +# +log-timestamp=yes + +################################# +# logging-facility Log under a specific facility +# +# logging-facility= + +################################# +# loglevel Amount of logging. Higher is more. Do not set below 3 +# +# loglevel=4 + +################################# +# lua-axfr-script Script to be used to edit incoming AXFRs +# +# lua-axfr-script= + +################################# +# lua-dnsupdate-policy-script Lua script with DNS update policy handler +# +# lua-dnsupdate-policy-script= + +################################# +# lua-health-checks-expire-delay Stops doing health checks after the record hasn't been used for that delay (in seconds) +# +# lua-health-checks-expire-delay=3600 + +################################# +# lua-health-checks-interval LUA records health checks monitoring interval in seconds +# +# lua-health-checks-interval=5 + +################################# +# lua-prequery-script Lua script with prequery handler (DO NOT USE) +# +# lua-prequery-script= + +################################# +# lua-records-exec-limit LUA records scripts execution limit (instructions count). Values <= 0 mean no limit +# +# lua-records-exec-limit=1000 + +################################# +# master Act as a primary +# +# master=no + +################################# +# max-cache-entries Maximum number of entries in the query cache +# +# max-cache-entries=1000000 + +################################# +# max-ent-entries Maximum number of empty non-terminals in a zone +# +# max-ent-entries=100000 + +################################# +# max-generate-steps Maximum number of $GENERATE steps when loading a zone from a file +# +# max-generate-steps=0 + +################################# +# max-include-depth Maximum number of nested $INCLUDE directives while processing a zone file +# +# max-include-depth=20 + +################################# +# max-nsec3-iterations Limit the number of NSEC3 hash iterations +# +# max-nsec3-iterations=100 + +################################# +# max-packet-cache-entries Maximum number of entries in the packet cache +# +# max-packet-cache-entries=1000000 + +################################# +# max-queue-length Maximum queuelength before considering situation lost +# +# max-queue-length=5000 + +################################# +# max-signature-cache-entries Maximum number of signatures cache entries +# +# max-signature-cache-entries= + +################################# +# max-tcp-connection-duration Maximum time in seconds that a TCP DNS connection is allowed to stay open. +# +# max-tcp-connection-duration=0 + +################################# +# max-tcp-connections Maximum number of TCP connections +# +# max-tcp-connections=20 + +################################# +# max-tcp-connections-per-client Maximum number of simultaneous TCP connections per client +# +# max-tcp-connections-per-client=0 + +################################# +# max-tcp-transactions-per-conn Maximum number of subsequent queries per TCP connection +# +# max-tcp-transactions-per-conn=0 + +################################# +# module-dir Default directory for modules +# +# module-dir=/usr/lib/powerdns/pdns + +################################# +# negquery-cache-ttl Seconds to store negative query results in the QueryCache +# +# negquery-cache-ttl=60 + +################################# +# no-shuffle Set this to prevent random shuffling of answers - for regression testing +# +# no-shuffle=off + +################################# +# non-local-bind Enable binding to non-local addresses by using FREEBIND / BINDANY socket options +# +# non-local-bind=no + +################################# +# only-notify Only send AXFR NOTIFY to these IP addresses or netmasks +# +# only-notify=0.0.0.0/0,::/0 + +################################# +# outgoing-axfr-expand-alias Expand ALIAS records during outgoing AXFR +# +# outgoing-axfr-expand-alias=no + +################################# +# overload-queue-length Maximum queuelength moving to packetcache only +# +# overload-queue-length=0 + +################################# +# prevent-self-notification Don't send notifications to what we think is ourself +# +# prevent-self-notification=yes + +################################# +# primary Act as a primary +# +# primary=no + +################################# +# proxy-protocol-from A Proxy Protocol header is only allowed from these subnets, and is mandatory then too. +# +# proxy-protocol-from= + +################################# +# proxy-protocol-maximum-size The maximum size of a proxy protocol payload, including the TLV values +# +# proxy-protocol-maximum-size=512 + +################################# +# query-cache-ttl Seconds to store query results in the QueryCache +# +# query-cache-ttl=20 + +################################# +# query-local-address Source IP addresses for sending queries +# +# query-local-address=0.0.0.0 :: + +################################# +# query-logging Hint backends that queries should be logged +# +# query-logging=no + +################################# +# queue-limit Maximum number of milliseconds to queue a query +# +# queue-limit=1500 + +################################# +# receiver-threads Default number of receiver threads to start +# +# receiver-threads=1 + +################################# +# resolver Use this resolver for ALIAS and the internal stub resolver +# +# resolver=no + +################################# +# retrieval-threads Number of AXFR-retrieval threads for slave operation +# +# retrieval-threads=2 + +################################# +# reuseport Enable higher performance on compliant kernels by using SO_REUSEPORT allowing each receiver thread to open its own socket +# +# reuseport=no + +################################# +# rng Specify the random number generator to use. Valid values are auto,sodium,openssl,getrandom,arc4random,urandom. +# +# rng=auto + +################################# +# secondary Act as a secondary +# +# secondary=no + +################################# +# secondary-check-signature-freshness Check signatures in SOA freshness check. Sets DO flag on SOA queries. Outside some very problematic scenarios, say yes here. +# +# secondary-check-signature-freshness=yes + +################################# +# secondary-do-renotify If this secondary should send out notifications after receiving zone transfers from a primary +# +# secondary-do-renotify=no + +################################# +# security-poll-suffix Zone name from which to query security update notifications +# +# security-poll-suffix=secpoll.powerdns.com. + +################################# +# send-signed-notify Send TSIG secured NOTIFY if TSIG key is configured for a zone +# +# send-signed-notify=yes + +################################# +# server-id Returned when queried for 'id.server' TXT or NSID, defaults to hostname - disabled or custom +# +# server-id= + +################################# +# setgid If set, change group id to this gid for more security +# +# setgid= + +################################# +# setuid If set, change user id to this uid for more security +# +# setuid= + +################################# +# signing-threads Default number of signer threads to start +# +# signing-threads=3 + +################################# +# slave Act as a secondary +# +# slave=no + +################################# +# slave-cycle-interval Schedule slave freshness checks once every .. seconds +# +# slave-cycle-interval=60 + +################################# +# slave-renotify If we should send out notifications for secondaried updates +# +# slave-renotify=no + +################################# +# socket-dir Where the controlsocket will live, /var/run/pdns when unset and not chrooted +# +socket-dir = /run/powerdns + +################################# +# superslave Act as a autosecondary +# +# superslave=no + +################################# +# svc-autohints Transparently fill ipv6hint=auto ipv4hint=auto SVC params with AAAA/A records for the target name of the record (if within the same zone) +# +# svc-autohints=no + +################################# +# tcp-control-address If set, PowerDNS can be controlled over TCP on this address +# +# tcp-control-address= + +################################# +# tcp-control-port If set, PowerDNS can be controlled over TCP on this address +# +# tcp-control-port=53000 + +################################# +# tcp-control-range If set, remote control of PowerDNS is possible over these networks only +# +# tcp-control-range=127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10 + +################################# +# tcp-control-secret If set, PowerDNS can be controlled over TCP after passing this secret +# +# tcp-control-secret= + +################################# +# tcp-fast-open Enable TCP Fast Open support on the listening sockets, using the supplied numerical value as the queue size +# +# tcp-fast-open=0 + +################################# +# tcp-idle-timeout Maximum time in seconds that a TCP DNS connection is allowed to stay open while being idle +# +# tcp-idle-timeout=5 + +################################# +# traceback-handler Enable the traceback handler (Linux only) +# +# traceback-handler=yes + +################################# +# trusted-notification-proxy IP address of incoming notification proxy +# +# trusted-notification-proxy= + +################################# +# udp-truncation-threshold Maximum UDP response size before we truncate +# +# udp-truncation-threshold=1232 + +################################# +# upgrade-unknown-types Transparently upgrade known TYPExxx records. Recommended to keep off, except for PowerDNS upgrades until data sources are cleaned up +# +# upgrade-unknown-types=no + +################################# +# version-string PowerDNS version in packets - full, anonymous, powerdns or custom +# +version-string = anonymous + +################################# +# webserver Start a webserver for monitoring (api=yes also enables the HTTP listener) +# +# webserver=no + +################################# +# webserver-address IP Address of webserver/API to listen on +# +# webserver-address=127.0.0.1 + +################################# +# webserver-allow-from Webserver/API access is only allowed from these subnets +# +# webserver-allow-from=127.0.0.1,::1 + +################################# +# webserver-hash-plaintext-credentials Whether to hash passwords and api keys supplied in plaintext, to prevent keeping the plaintext version in memory at runtime +# +# webserver-hash-plaintext-credentials=no + +################################# +# webserver-loglevel Amount of logging in the webserver (none, normal, detailed) +# +# webserver-loglevel=normal + +################################# +# webserver-max-bodysize Webserver/API maximum request/response body size in megabytes +# +# webserver-max-bodysize=2 + +################################# +# webserver-password Password required for accessing the webserver +# +# webserver-password= + +################################# +# webserver-port Port of webserver/API to listen on +# +# webserver-port=8081 + +################################# +# webserver-print-arguments If the webserver should print arguments +# +# webserver-print-arguments=no + +################################# +# write-pid Write a PID file +# +# write-pid=yes + +################################# +# xfr-cycle-interval Schedule primary/secondary SOA freshness checks once every .. seconds +# +# xfr-cycle-interval=60 + +################################# +# xfr-max-received-mbytes Maximum number of megabytes received from an incoming XFR +# +# xfr-max-received-mbytes=100 + +################################# +# zone-cache-refresh-interval Seconds to cache list of known zones +# +# zone-cache-refresh-interval=300 + +################################# +# zone-metadata-cache-ttl Seconds to cache zone metadata from the database +# +# zone-metadata-cache-ttl=60 + diff --git a/powerdns/pdns.d/gmysql.conf b/powerdns/pdns.d/gmysql.conf new file mode 100644 index 0000000..891f1eb --- /dev/null +++ b/powerdns/pdns.d/gmysql.conf @@ -0,0 +1,13 @@ +# MySQL Configuration +# +# Launch gmysql backend +launch=gmysql + +# gmysql parameters +gmysql-host=${MYSQL_HOST} +gmysql-port=${MYSQL_PORT} +gmysql-dbname=${MYSQL_DATABASE} +gmysql-user=${MYSQL_USER} +gmysql-password=${MYSQL_PASSWORD} +gmysql-dnssec=yes +# gmysql-socket= diff --git a/sql/cascade.sql b/sql/cascade.sql new file mode 100644 index 0000000..8f746f8 --- /dev/null +++ b/sql/cascade.sql @@ -0,0 +1,14 @@ +/* +Using this SQL causes Mysql to create foreign keys on your database. This will +make sure that no records, comments or keys exists for domains that you already +removed. This is not enabled by default, because we're not sure what the +consequences are from a performance point of view. If you do have feedback, +please let us know how this affects your setup. + +Please note that it's not possible to apply this, before you cleaned up your +database, as the foreign keys do not exist. +*/ +ALTER TABLE records ADD CONSTRAINT `records_domain_id_ibfk` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE ON UPDATE CASCADE; +ALTER TABLE comments ADD CONSTRAINT `comments_domain_id_ibfk` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE ON UPDATE CASCADE; +ALTER TABLE domainmetadata ADD CONSTRAINT `domainmetadata_domain_id_ibfk` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE ON UPDATE CASCADE; +ALTER TABLE cryptokeys ADD CONSTRAINT `cryptokeys_domain_id_ibfk` FOREIGN KEY (`domain_id`) REFERENCES `domains` (`id`) ON DELETE CASCADE ON UPDATE CASCADE; diff --git a/sql/defailt_schema.sql b/sql/defailt_schema.sql new file mode 100644 index 0000000..0f3a6cc --- /dev/null +++ b/sql/defailt_schema.sql @@ -0,0 +1,92 @@ +CREATE TABLE domains ( + id INT AUTO_INCREMENT, + name VARCHAR(255) NOT NULL, + master VARCHAR(128) DEFAULT NULL, + last_check INT DEFAULT NULL, + type VARCHAR(8) NOT NULL, + notified_serial INT UNSIGNED DEFAULT NULL, + account VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL, + options VARCHAR(64000) DEFAULT NULL, + catalog VARCHAR(255) DEFAULT NULL, + PRIMARY KEY (id) +) Engine=InnoDB CHARACTER SET 'latin1'; + +CREATE UNIQUE INDEX name_index ON domains(name); +CREATE INDEX catalog_idx ON domains(catalog); + + +CREATE TABLE records ( + id BIGINT AUTO_INCREMENT, + domain_id INT DEFAULT NULL, + name VARCHAR(255) DEFAULT NULL, + type VARCHAR(10) DEFAULT NULL, + content VARCHAR(64000) DEFAULT NULL, + ttl INT DEFAULT NULL, + prio INT DEFAULT NULL, + disabled TINYINT(1) DEFAULT 0, + ordername VARCHAR(255) BINARY DEFAULT NULL, + auth TINYINT(1) DEFAULT 1, + PRIMARY KEY (id) +) Engine=InnoDB CHARACTER SET 'latin1'; + +CREATE INDEX nametype_index ON records(name,type); +CREATE INDEX domain_id ON records(domain_id); +CREATE INDEX ordername ON records (ordername); + + +CREATE TABLE supermasters ( + ip VARCHAR(64) NOT NULL, + nameserver VARCHAR(255) NOT NULL, + account VARCHAR(40) CHARACTER SET 'utf8' NOT NULL, + PRIMARY KEY (ip, nameserver) +) Engine=InnoDB CHARACTER SET 'latin1'; + + +CREATE TABLE comments ( + id INT AUTO_INCREMENT, + domain_id INT NOT NULL, + name VARCHAR(255) NOT NULL, + type VARCHAR(10) NOT NULL, + modified_at INT NOT NULL, + account VARCHAR(40) CHARACTER SET 'utf8' DEFAULT NULL, + comment TEXT CHARACTER SET 'utf8' NOT NULL, + PRIMARY KEY (id) +) Engine=InnoDB CHARACTER SET 'latin1'; + +CREATE INDEX comments_name_type_idx ON comments (name, type); +CREATE INDEX comments_order_idx ON comments (domain_id, modified_at); + + +CREATE TABLE domainmetadata ( + id INT AUTO_INCREMENT, + domain_id INT NOT NULL, + kind VARCHAR(32), + content TEXT, + PRIMARY KEY (id) +) Engine=InnoDB CHARACTER SET 'latin1'; + +CREATE INDEX domainmetadata_idx ON domainmetadata (domain_id, kind); + + +CREATE TABLE cryptokeys ( + id INT AUTO_INCREMENT, + domain_id INT NOT NULL, + flags INT NOT NULL, + active BOOL, + published BOOL DEFAULT 1, + content TEXT, + PRIMARY KEY(id) +) Engine=InnoDB CHARACTER SET 'latin1'; + +CREATE INDEX domainidindex ON cryptokeys(domain_id); + + +CREATE TABLE tsigkeys ( + id INT AUTO_INCREMENT, + name VARCHAR(255), + algorithm VARCHAR(50), + secret VARCHAR(255), + PRIMARY KEY (id) +) Engine=InnoDB CHARACTER SET 'latin1'; + +CREATE UNIQUE INDEX namealgoindex ON tsigkeys(name, algorithm); diff --git a/supervisor/conf.d/nginx.c_onf b/supervisor/conf.d/nginx.c_onf new file mode 100644 index 0000000..0b6eb99 --- /dev/null +++ b/supervisor/conf.d/nginx.c_onf @@ -0,0 +1,7 @@ +[program:nginx] +command = /usr/sbin/nginx + +autorestart = true + +stderr_logfile = NONE +stdout_logfile = NONE \ No newline at end of file diff --git a/supervisor/conf.d/php-fpm.conf b/supervisor/conf.d/php-fpm.conf new file mode 100644 index 0000000..26dcce9 --- /dev/null +++ b/supervisor/conf.d/php-fpm.conf @@ -0,0 +1,3 @@ +[program:php-fpm] +command = php-fpm81 -F +autorestart = true \ No newline at end of file diff --git a/supervisor/conf.d/powerdns.conf b/supervisor/conf.d/powerdns.conf new file mode 100644 index 0000000..a3f43db --- /dev/null +++ b/supervisor/conf.d/powerdns.conf @@ -0,0 +1,11 @@ +[program:powerdns] +command=/usr/sbin/pdns_server --guardian=yes + +user=powerdns +autorestart = true + +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 + +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 diff --git a/supervisor/supervisord.conf b/supervisor/supervisord.conf new file mode 100644 index 0000000..94e41f8 --- /dev/null +++ b/supervisor/supervisord.conf @@ -0,0 +1,9 @@ +[supervisord] +user = root +logfile = /var/log/supervisord.log +directory = /tmp +pidfile = /tmp/supervisord.pid +identifier = supervisor + +[include] +files = /etc/supervisor/conf.d/*.conf From 04fced8b5849ca30cf9e5b30284419eb5e576d30 Mon Sep 17 00:00:00 2001 From: Root Date: Wed, 25 Jan 2023 23:37:38 +0000 Subject: [PATCH 02/12] 8081 powerdns statistics - success --- Dockerfile | 67 ++++++++----------------------------- entrypoint | 54 ++++++++++++++++++++++++++++++ powerdns/conf.d/gmysql.conf | 13 +++++++ powerdns/pdns.d/gmysql.conf | 13 ------- 4 files changed, 81 insertions(+), 66 deletions(-) create mode 100644 powerdns/conf.d/gmysql.conf delete mode 100644 powerdns/pdns.d/gmysql.conf diff --git a/Dockerfile b/Dockerfile index 636ca0a..6a50d54 100644 --- a/Dockerfile +++ b/Dockerfile @@ -84,15 +84,22 @@ FROM alpine:3.17.1 ENV POWERADMIN_VER=3.4.2 +ENV TZ=Europe/Moscow +ENV LANG ru_RU.UTF-8 +ENV LANGUAGE ru_RU.UTF-8 +ENV LC_ALL ru_RU.UTF-8 +ENV MUSL_LOCPATH /usr/share/i18n/locales/musl + # Copy in built binaries COPY --from=builder /build/powerdns-root / # Copy configs COPY supervisor /etc/supervisor COPY powerdns /etc/powerdns +COPY entrypoint /usr/bin RUN set -eux; \ - true "PowerDNS requirements"; \ + true "PowerDNS and PowerAdmin requirements"; \ apk add --no-cache \ boost-libs \ geoip \ @@ -114,6 +121,7 @@ RUN set -eux; \ php81-pdo_mysql \ php81-gettext \ php81-openssl \ + musl musl-utils musl-locales tzdata \ ; \ true "Setup user and group"; \ addgroup -S powerdns 2>/dev/null; \ @@ -136,61 +144,14 @@ RUN set -eux; \ mv poweradmin-${POWERADMIN_VER} poweradmin; \ rm -R /var/www/html/poweradmin/install; \ \ - mkdir /run/powerdns; \ + true "Flexible Docker Containers"; \ chmod 0750 /etc/powerdns; \ chmod 0640 /etc/powerdns/pdns.conf; \ chown -R root:powerdns /etc/powerdns; \ - chown -R powerdns:powerdns /run/powerdns + chmod +x /usr/bin/entrypoint; \ + \ + cp /usr/share/zoneinfo/${TZ} /etc/localtime EXPOSE 53/TCP 53/UDP 8081/TCP 80/TCP +ENTRYPOINT [ "entrypoint" ] CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisor/supervisord.conf"] - - - #&& git clone https://github.com/poweradmin/poweradmin.git . \ - #&& git checkout b27f28b2d586afb201904437605be988ee048c22 \ - - -# RUN set -eux; \ -# true "Setup configuration"; \ -# mkdir -p /etc/powerdns/conf.d; \ -# sed -ri "s!^#?\s*(disable-syslog)\s*=\s*\S*.*!\1 = yes!" /etc/powerdns/pdns.conf; \ -# grep -E "^disable-syslog = yes$" /etc/powerdns/pdns.conf; \ -# sed -ri "s!^#?\s*(log-timestamp)\s*=\s*\S*.*!\1 = yes!" /etc/powerdns/pdns.conf; \ -# grep -E "^log-timestamp = yes$" /etc/powerdns/pdns.conf; \ -# sed -ri "s!^#?\s*(include-dir)\s*=\s*\S*.*!\1 = /etc/powerdns/conf.d!" /etc/powerdns/pdns.conf; \ -# grep -E "^include-dir = /etc/powerdns/conf\.d$" /etc/powerdns/pdns.conf; \ -# sed -ri "s!^#?\s*(launch)\s*=\s*\S*.*!\1 =!" /etc/powerdns/pdns.conf; \ -# grep -E "^launch =$" /etc/powerdns/pdns.conf; \ -# sed -ri "s!^#?\s*(socket-dir)\s*=\s*\S*.*!\1 = /run/powerdns!" /etc/powerdns/pdns.conf; \ -# grep -E "^socket-dir = /run/powerdns$" /etc/powerdns/pdns.conf; \ -# sed -ri "s!^#?\s*(version-string)\s*=\s*\S*.*!\1 = anonymous!" /etc/powerdns/pdns.conf; \ -# grep -E "^version-string = anonymous$" /etc/powerdns/pdns.conf; \ -# chmod 0750 /etc/powerdns; \ -# chmod 0640 /etc/powerdns/pdns.conf; \ -# chown -R root:powerdns /etc/powerdns - - -# PowerDNS - - -# COPY usr/local/share/flexible-docker-containers/init.d/42-powerdns.sh /usr/local/share/flexible-docker-containers/init.d -# COPY usr/local/share/flexible-docker-containers/pre-init-tests.d/42-powerdns.sh /usr/local/share/flexible-docker-containers/pre-init-tests.d -# COPY usr/local/share/flexible-docker-containers/pre-init-tests.d/43-powerdns-mysql.sh /usr/local/share/flexible-docker-containers/pre-init-tests.d -# COPY usr/local/share/flexible-docker-containers/pre-init-tests.d/43-powerdns-postgres.sh /usr/local/share/flexible-docker-containers/pre-init-tests.d -# COPY usr/local/share/flexible-docker-containers/pre-init-tests.d/43-powerdns-zonefile.sh /usr/local/share/flexible-docker-containers/pre-init-tests.d -# COPY usr/local/share/flexible-docker-containers/tests.d/42-powerdns-mysql.sh /usr/local/share/flexible-docker-containers/tests.d -# COPY usr/local/share/flexible-docker-containers/tests.d/42-powerdns-postgres.sh /usr/local/share/flexible-docker-containers/tests.d -# COPY usr/local/share/flexible-docker-containers/tests.d/43-powerdns.sh /usr/local/share/flexible-docker-containers/tests.d -# COPY usr/local/share/flexible-docker-containers/tests.d/99-powerdns.sh /usr/local/share/flexible-docker-containers/tests.d -# COPY usr/local/share/flexible-docker-containers/healthcheck.d/42-powerdns.sh /usr/local/share/flexible-docker-containers/healthcheck.d -# RUN set -eux; \ -# true "Flexible Docker Containers"; \ -# if [ -n "$VERSION_INFO" ]; then echo "$VERSION_INFO" >> /.VERSION_INFO; fi; \ -# true "Permissions"; \ -# chown root:root \ -# /etc/supervisor/conf.d/powerdns.conf; \ -# chmod 0644 \ -# /etc/supervisor/conf.d/powerdns.conf; \ -# fdc set-perms - - diff --git a/entrypoint b/entrypoint index e69de29..acd2644 100644 --- a/entrypoint +++ b/entrypoint @@ -0,0 +1,54 @@ +#!/bin/sh + +# Setup run directory +if [ ! -d /run/powerdns ]; then + mkdir -p /run/powerdns +fi +chown -R powerdns:powerdns /run/powerdns +chmod 0755 /run/powerdns + + +#Setup mysql env + +if [ -n "$MYSQL_HOST" ]; then + sed -i "s!MYSQL_HOST!${MYSQL_HOST}!" /etc/powerdns/conf.d/gmysql.conf +fi +if [ -n "$MYSQL_PORT" ]; then + sed -i "s!MYSQL_PORT!${MYSQL_PORT}!" /etc/powerdns/conf.d/gmysql.conf +fi +if [ -n "$MYSQL_DATABASE" ]; then + sed -i "s!MYSQL_DATABASE!${MYSQL_DATABASE}!" /etc/powerdns/conf.d/gmysql.conf +fi +if [ -n "$MYSQL_USER" ]; then + sed -i "s!MYSQL_USER!${MYSQL_USER}!" /etc/powerdns/conf.d/gmysql.conf +fi +if [ -n "$MYSQL_PASSWORD" ]; then + sed -i "s!MYSQL_PASSWORD!${MYSQL_PASSWORD}!" /etc/powerdns/conf.d/gmysql.conf +fi + +# Setup web access +if [ ! -f /etc/powerdns/conf.d/webserver.conf ] && [ -n "$POWERDNS_WEBSERVER_ALLOW_FROM" ]; then + # Check if we got a password + if [ -z "$POWERDNS_WEBSERVER_PASSWORD" ]; then + POWERDNS_WEBSERVER_PASSWORD=$(pwgen 16 1) + fdc_notice "PowerDNS webserver password: $POWERDNS_WEBSERVER_PASSWORD" + fi + # Check if we got a API key + if [ -z "$POWERDNS_API_KEY" ]; then + POWERDNS_API_KEY=$(pwgen 16 1) + fdc_notice "PowerDNS webserver API key: $POWERDNS_API_KEY" + fi + + cat < /etc/powerdns/conf.d/webserver.conf +webserver = yes +webserver-address = 0.0.0.0 +webserver-allow-from = $POWERDNS_WEBSERVER_ALLOW_FROM +webserver-loglevel = normal +webserver-password = $POWERDNS_WEBSERVER_PASSWORD +webserver-port=8081 +api = yes +api-key = $POWERDNS_API_KEY +EOF +fi + +exec "$@" diff --git a/powerdns/conf.d/gmysql.conf b/powerdns/conf.d/gmysql.conf new file mode 100644 index 0000000..07b8b38 --- /dev/null +++ b/powerdns/conf.d/gmysql.conf @@ -0,0 +1,13 @@ +# MySQL Configuration +# +# Launch gmysql backend +launch=gmysql + +# gmysql parameters +gmysql-host=MYSQL_HOST +gmysql-port=MYSQL_PORT +gmysql-dbname=MYSQL_DATABASE +gmysql-user=MYSQL_USER +gmysql-password=MYSQL_PASSWORD +gmysql-dnssec=yes +# gmysql-socket= diff --git a/powerdns/pdns.d/gmysql.conf b/powerdns/pdns.d/gmysql.conf deleted file mode 100644 index 891f1eb..0000000 --- a/powerdns/pdns.d/gmysql.conf +++ /dev/null @@ -1,13 +0,0 @@ -# MySQL Configuration -# -# Launch gmysql backend -launch=gmysql - -# gmysql parameters -gmysql-host=${MYSQL_HOST} -gmysql-port=${MYSQL_PORT} -gmysql-dbname=${MYSQL_DATABASE} -gmysql-user=${MYSQL_USER} -gmysql-password=${MYSQL_PASSWORD} -gmysql-dnssec=yes -# gmysql-socket= From fac6d6caa7aea9719584b57cac4a356ffcc11d21 Mon Sep 17 00:00:00 2001 From: Root Date: Thu, 26 Jan 2023 00:41:12 +0000 Subject: [PATCH 03/12] nginx --- Dockerfile | 31 +- docker-compose.yml | 2 +- nginx/fastcgi_params | 44 + nginx/nginx.conf | 51 + nginx/vhost.conf | 43 + php/php-cli.ini | 1932 +++++++++++++++++ php/php.ini | 1930 ++++++++++++++++ poweradmin/config.inc.php | 77 + sql/{defailt_schema.sql => pdns_schema.sql} | 0 sql/poweradmin.sql | 119 + supervisor/conf.d/{nginx.c_onf => nginx.conf} | 2 +- 11 files changed, 4219 insertions(+), 12 deletions(-) create mode 100644 nginx/fastcgi_params create mode 100644 nginx/nginx.conf create mode 100644 nginx/vhost.conf create mode 100644 php/php-cli.ini create mode 100644 php/php.ini create mode 100644 poweradmin/config.inc.php rename sql/{defailt_schema.sql => pdns_schema.sql} (100%) create mode 100644 sql/poweradmin.sql rename supervisor/conf.d/{nginx.c_onf => nginx.conf} (73%) diff --git a/Dockerfile b/Dockerfile index 6a50d54..8802570 100644 --- a/Dockerfile +++ b/Dockerfile @@ -90,14 +90,6 @@ ENV LANGUAGE ru_RU.UTF-8 ENV LC_ALL ru_RU.UTF-8 ENV MUSL_LOCPATH /usr/share/i18n/locales/musl -# Copy in built binaries -COPY --from=builder /build/powerdns-root / - -# Copy configs -COPY supervisor /etc/supervisor -COPY powerdns /etc/powerdns -COPY entrypoint /usr/bin - RUN set -eux; \ true "PowerDNS and PowerAdmin requirements"; \ apk add --no-cache \ @@ -114,9 +106,10 @@ RUN set -eux; \ pwgen \ supervisor \ nginx \ - php-fpm \ + php81 \ + php81-fpm \ #php-mcrypt \ - php-mysqlnd \ + php81-mysqlnd \ php81-pdo \ php81-pdo_mysql \ php81-gettext \ @@ -134,6 +127,24 @@ RUN set -eux; \ true "Cleanup"; \ rm -f /var/cache/apk/* +# Copy in built binaries +COPY --from=builder /build/powerdns-root / + +# Copy configs +COPY supervisor /etc/supervisor +COPY powerdns /etc/powerdns +COPY entrypoint /usr/bin + +#nginx +#COPY nginx/nginx.conf /etc/nginx/nginx.conf +#COPY nginx/vhost.conf /etc/nginx/sites-enabled/vhost.conf +#COPY nginx/fastcgi_params /etc/nginx/fastcgi_params + +#php +#COPY php/php.ini /etc/php81/php.ini +#COPY php/php-cli.ini /etc/php/7.0/cli/php.ini + + RUN set -eux; \ true "Setup poweradmin"; \ mkdir -p /var/www/html; \ diff --git a/docker-compose.yml b/docker-compose.yml index 924934c..29df59e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -24,7 +24,7 @@ services: depends_on: - mariadb ports: - - 8080:8080/TCP + - 80:80/TCP - 8081:8081/TCP - 8053:53/TCP - 8053:53/UDP diff --git a/nginx/fastcgi_params b/nginx/fastcgi_params new file mode 100644 index 0000000..2703e3a --- /dev/null +++ b/nginx/fastcgi_params @@ -0,0 +1,44 @@ +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param PATH_INFO $fastcgi_script_name; +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; + +# SERVER_PORT needs to be commented out and has to be determined from other fields (e.g. HTTP_HOST) +# Otherwise it points invalid port when container port is mapped to different port on host machine, +# which might result with invalid links generated in a PHP app. +#fastcgi_param SERVER_PORT $server_port; + +# Using $http_host instead of $server_name - $server_name doesn't work correctly when using regexps in vhosts' server_name declaration. +#fastcgi_param SERVER_NAME $server_name; +fastcgi_param SERVER_NAME $http_host; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; + +fastcgi_index index.php; +fastcgi_connect_timeout 10; +fastcgi_send_timeout 600; +fastcgi_read_timeout 600; +fastcgi_buffer_size 32k; +fastcgi_buffers 32 4k; +fastcgi_busy_buffers_size 64k; +fastcgi_temp_file_write_size 256k; +fastcgi_intercept_errors on; +fastcgi_pass_header on; +fastcgi_keep_conn on; diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100644 index 0000000..1d608df --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,51 @@ +daemon off; +pid /var/run/nginx.pid; + +user www-data; +error_log /var/log/nginx/error.log; + +worker_processes auto; +events { + multi_accept on; + use epoll; + worker_connections 1024; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + gzip on; + gzip_http_version 1.0; + gzip_comp_level 4; + gzip_min_length 1024; + gzip_proxied any; + gzip_vary off; + gzip_types text/plain text/css application/x-javascript text/xml application/xml application/rss+xml application/atom+xml text/javascript application/javascript application/json text/mathml; + + gzip_static on; + + client_body_buffer_size 5M; + client_max_body_size 256M; + + proxy_buffer_size 32k; + proxy_buffers 16 32k; + + server_tokens off; + + sendfile on; + + server_names_hash_bucket_size 128; + types_hash_max_size 2048; + types_hash_bucket_size 64; + + tcp_nopush on; + tcp_nodelay on; + + keepalive_timeout 15; + + include /etc/nginx/conf.d/*.conf; + include /etc/nginx/sites-enabled/*; +} \ No newline at end of file diff --git a/nginx/vhost.conf b/nginx/vhost.conf new file mode 100644 index 0000000..cccecc8 --- /dev/null +++ b/nginx/vhost.conf @@ -0,0 +1,43 @@ +upstream php-upstream { + server unix:/var/run/php/php7.0-fpm.sock; +} + +server { + listen 80 default_server; + + root /var/www/html; + index index.html index.php; + + location ~ \.php$ { + include fastcgi_params; + fastcgi_pass php-upstream; + } + + # Somehow it's not inherited by vhosts (server{} context) when using with 'stderr' value. + # Therefore it's re-defined here to avoid specyfing it for each vhost. + error_log stderr notice; + + # no access to .hidden files (eg .htaccess) + location ~ /\. { + deny all; + log_not_found off; + } + + # static content: + # - images + # - flash + # - fonts + # - css/js + location ~* \.(?:jpe?g|gif|png|ico|swf|svg|eot|ttf|otf|woff|htc|css|js)$ { + expires max; + } + + location = /favicon.ico { + log_not_found off; + } + + location = /robots.txt { + allow all; + log_not_found off; + } +} diff --git a/php/php-cli.ini b/php/php-cli.ini new file mode 100644 index 0000000..0d08f96 --- /dev/null +++ b/php/php-cli.ini @@ -0,0 +1,1932 @@ +[PHP] + +;;;;;;;;;;;;;;;;;;; +; About php.ini ; +;;;;;;;;;;;;;;;;;;; +; PHP's initialization file, generally called php.ini, is responsible for +; configuring many of the aspects of PHP's behavior. + +; PHP attempts to find and load this configuration from a number of locations. +; The following is a summary of its search order: +; 1. SAPI module specific location. +; 2. The PHPRC environment variable. (As of PHP 5.2.0) +; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) +; 4. Current working directory (except CLI) +; 5. The web server's directory (for SAPI modules), or directory of PHP +; (otherwise in Windows) +; 6. The directory from the --with-config-file-path compile time option, or the +; Windows directory (C:\windows or C:\winnt) +; See the PHP docs for more specific information. +; http://php.net/configuration.file + +; The syntax of the file is extremely simple. Whitespace and lines +; beginning with a semicolon are silently ignored (as you probably guessed). +; Section headers (e.g. [Foo]) are also silently ignored, even though +; they might mean something in the future. + +; Directives following the section heading [PATH=/www/mysite] only +; apply to PHP files in the /www/mysite directory. Directives +; following the section heading [HOST=www.example.com] only apply to +; PHP files served from www.example.com. Directives set in these +; special sections cannot be overridden by user-defined INI files or +; at runtime. Currently, [PATH=] and [HOST=] sections only work under +; CGI/FastCGI. +; http://php.net/ini.sections + +; Directives are specified using the following syntax: +; directive = value +; Directive names are *case sensitive* - foo=bar is different from FOO=bar. +; Directives are variables used to configure PHP or PHP extensions. +; There is no name validation. If PHP can't find an expected +; directive because it is not set or is mistyped, a default value will be used. + +; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one +; of the INI constants (On, Off, True, False, Yes, No and None) or an expression +; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a +; previously set variable or directive (e.g. ${foo}) + +; Expressions in the INI file are limited to bitwise operators and parentheses: +; | bitwise OR +; ^ bitwise XOR +; & bitwise AND +; ~ bitwise NOT +; ! boolean NOT + +; Boolean flags can be turned on using the values 1, On, True or Yes. +; They can be turned off using the values 0, Off, False or No. + +; An empty string can be denoted by simply not writing anything after the equal +; sign, or by using the None keyword: + +; foo = ; sets foo to an empty string +; foo = None ; sets foo to an empty string +; foo = "None" ; sets foo to the string 'None' + +; If you use constants in your value, and these constants belong to a +; dynamically loaded extension (either a PHP extension or a Zend extension), +; you may only use these constants *after* the line that loads the extension. + +;;;;;;;;;;;;;;;;;;; +; About this file ; +;;;;;;;;;;;;;;;;;;; +; PHP comes packaged with two INI files. One that is recommended to be used +; in production environments and one that is recommended to be used in +; development environments. + +; php.ini-production contains settings which hold security, performance and +; best practices at its core. But please be aware, these settings may break +; compatibility with older or less security conscience applications. We +; recommending using the production ini in production and testing environments. + +; php.ini-development is very similar to its production variant, except it's +; much more verbose when it comes to errors. We recommending using the +; development version only in development environments as errors shown to +; application users can inadvertently leak otherwise secure information. + +; This is php.ini-production INI file. + +;;;;;;;;;;;;;;;;;;; +; Quick Reference ; +;;;;;;;;;;;;;;;;;;; +; The following are all the settings which are different in either the production +; or development versions of the INIs with respect to PHP's default behavior. +; Please see the actual settings later in the document for more details as to why +; we recommend these changes in PHP's behavior. + +; display_errors +; Default Value: On +; Development Value: On +; Production Value: Off + +; display_startup_errors +; Default Value: Off +; Development Value: On +; Production Value: Off + +; error_reporting +; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT + +; html_errors +; Default Value: On +; Development Value: On +; Production value: On + +; log_errors +; Default Value: Off +; Development Value: On +; Production Value: On + +; max_input_time +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) + +; output_buffering +; Default Value: Off +; Development Value: 4096 +; Production Value: 4096 + +; register_argc_argv +; Default Value: On +; Development Value: Off +; Production Value: Off + +; request_order +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" + +; session.bug_compat_42 +; Default Value: On +; Development Value: On +; Production Value: Off + +; session.bug_compat_warn +; Default Value: On +; Development Value: On +; Production Value: Off + +; session.gc_divisor +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 + +; session.hash_bits_per_character +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 + +; short_open_tag +; Default Value: On +; Development Value: Off +; Production Value: Off + +; track_errors +; Default Value: Off +; Development Value: On +; Production Value: Off + +; url_rewriter.tags +; Default Value: "a=href,area=href,frame=src,form=,fieldset=" +; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" +; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" + +; variables_order +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS" + +;;;;;;;;;;;;;;;;;;;; +; php.ini Options ; +;;;;;;;;;;;;;;;;;;;; +; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" +;user_ini.filename = ".user.ini" + +; To disable this feature set this option to empty value +;user_ini.filename = + +; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) +;user_ini.cache_ttl = 300 + +;;;;;;;;;;;;;;;;;;;; +; Language Options ; +;;;;;;;;;;;;;;;;;;;; + +; Enable the PHP scripting language engine under Apache. +; http://php.net/engine +engine = On + +; This directive determines whether or not PHP will recognize code between +; tags as PHP source which should be processed as such. It is +; generally recommended that should be used and that this feature +; should be disabled, as enabling it may result in issues when generating XML +; documents, however this remains supported for backward compatibility reasons. +; Note that this directive does not control the tags. +; http://php.net/asp-tags +asp_tags = Off + +; The number of significant digits displayed in floating point numbers. +; http://php.net/precision +precision = 14 + +; Output buffering is a mechanism for controlling how much output data +; (excluding headers and cookies) PHP should keep internally before pushing that +; data to the client. If your application's output exceeds this setting, PHP +; will send that data in chunks of roughly the size you specify. +; Turning on this setting and managing its maximum buffer size can yield some +; interesting side-effects depending on your application and web server. +; You may be able to send headers and cookies after you've already sent output +; through print or echo. You also may see performance benefits if your server is +; emitting less packets due to buffered output versus PHP streaming the output +; as it gets it. On production servers, 4096 bytes is a good setting for performance +; reasons. +; Note: Output buffering can also be controlled via Output Buffering Control +; functions. +; Possible Values: +; On = Enabled and buffer is unlimited. (Use with caution) +; Off = Disabled +; Integer = Enables the buffer and sets its maximum size in bytes. +; Note: This directive is hardcoded to Off for the CLI SAPI +; Default Value: Off +; Development Value: 4096 +; Production Value: 4096 +; http://php.net/output-buffering +output_buffering = 4096 + +; You can redirect all of the output of your scripts to a function. For +; example, if you set output_handler to "mb_output_handler", character +; encoding will be transparently converted to the specified encoding. +; Setting any output handler automatically turns on output buffering. +; Note: People who wrote portable scripts should not depend on this ini +; directive. Instead, explicitly set the output handler using ob_start(). +; Using this ini directive may cause problems unless you know what script +; is doing. +; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler" +; and you cannot use both "ob_gzhandler" and "zlib.output_compression". +; Note: output_handler must be empty if this is set 'On' !!!! +; Instead you must use zlib.output_handler. +; http://php.net/output-handler +;output_handler = + +; Transparent output compression using the zlib library +; Valid values for this option are 'off', 'on', or a specific buffer size +; to be used for compression (default is 4KB) +; Note: Resulting chunk size may vary due to nature of compression. PHP +; outputs chunks that are few hundreds bytes each as a result of +; compression. If you prefer a larger chunk size for better +; performance, enable output_buffering in addition. +; Note: You need to use zlib.output_handler instead of the standard +; output_handler, or otherwise the output will be corrupted. +; http://php.net/zlib.output-compression +zlib.output_compression = Off + +; http://php.net/zlib.output-compression-level +;zlib.output_compression_level = -1 + +; You cannot specify additional output handlers if zlib.output_compression +; is activated here. This setting does the same as output_handler but in +; a different order. +; http://php.net/zlib.output-handler +;zlib.output_handler = + +; Implicit flush tells PHP to tell the output layer to flush itself +; automatically after every output block. This is equivalent to calling the +; PHP function flush() after each and every call to print() or echo() and each +; and every HTML block. Turning this option on has serious performance +; implications and is generally recommended for debugging purposes only. +; http://php.net/implicit-flush +; Note: This directive is hardcoded to On for the CLI SAPI +implicit_flush = Off + +; The unserialize callback function will be called (with the undefined class' +; name as parameter), if the unserializer finds an undefined class +; which should be instantiated. A warning appears if the specified function is +; not defined, or if the function doesn't include/implement the missing class. +; So only set this entry, if you really want to implement such a +; callback-function. +unserialize_callback_func = + +; When floats & doubles are serialized store serialize_precision significant +; digits after the floating point. The default value ensures that when floats +; are decoded with unserialize, the data will remain the same. +serialize_precision = 17 + +; open_basedir, if set, limits all file operations to the defined directory +; and below. This directive makes most sense if used in a per-directory +; or per-virtualhost web server configuration file. This directive is +; *NOT* affected by whether Safe Mode is turned On or Off. +; http://php.net/open-basedir +;open_basedir = + +; This directive allows you to disable certain functions for security reasons. +; It receives a comma-delimited list of function names. This directive is +; *NOT* affected by whether Safe Mode is turned On or Off. +; http://php.net/disable-functions +disable_functions = + +; This directive allows you to disable certain classes for security reasons. +; It receives a comma-delimited list of class names. This directive is +; *NOT* affected by whether Safe Mode is turned On or Off. +; http://php.net/disable-classes +disable_classes = + +; Colors for Syntax Highlighting mode. Anything that's acceptable in +; would work. +; http://php.net/syntax-highlighting +;highlight.string = #DD0000 +;highlight.comment = #FF9900 +;highlight.keyword = #007700 +;highlight.default = #0000BB +;highlight.html = #000000 + +; If enabled, the request will be allowed to complete even if the user aborts +; the request. Consider enabling it if executing long requests, which may end up +; being interrupted by the user or a browser timing out. PHP's default behavior +; is to disable this feature. +; http://php.net/ignore-user-abort +;ignore_user_abort = On + +; Determines the size of the realpath cache to be used by PHP. This value should +; be increased on systems where PHP opens many files to reflect the quantity of +; the file operations performed. +; http://php.net/realpath-cache-size +;realpath_cache_size = 16k + +; Duration of time, in seconds for which to cache realpath information for a given +; file or directory. For systems with rarely changing files, consider increasing this +; value. +; http://php.net/realpath-cache-ttl +;realpath_cache_ttl = 120 + +; Enables or disables the circular reference collector. +; http://php.net/zend.enable-gc +zend.enable_gc = On + +; If enabled, scripts may be written in encodings that are incompatible with +; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such +; encodings. To use this feature, mbstring extension must be enabled. +; Default: Off +;zend.multibyte = Off + +; Allows to set the default encoding for the scripts. This value will be used +; unless "declare(encoding=...)" directive appears at the top of the script. +; Only affects if zend.multibyte is set. +; Default: "" +;zend.script_encoding = + +;;;;;;;;;;;;;;;;; +; Miscellaneous ; +;;;;;;;;;;;;;;;;; + +; Decides whether PHP may expose the fact that it is installed on the server +; (e.g. by adding its signature to the Web server header). It is no security +; threat in any way, but it makes it possible to determine whether you use PHP +; on your server or not. +; http://php.net/expose-php +expose_php = On + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; + +; Maximum execution time of each script, in seconds +; http://php.net/max-execution-time +; Note: This directive is hardcoded to 0 for the CLI SAPI +max_execution_time = 30 + +; Maximum amount of time each script may spend parsing request data. It's a good +; idea to limit this time on productions servers in order to eliminate unexpectedly +; long running scripts. +; Note: This directive is hardcoded to -1 for the CLI SAPI +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) +; http://php.net/max-input-time +max_input_time = 60 + +; Maximum input variable nesting level +; http://php.net/max-input-nesting-level +;max_input_nesting_level = 64 + +; How many GET/POST/COOKIE input variables may be accepted +; max_input_vars = 1000 + +; Maximum amount of memory a script may consume (128MB) +; http://php.net/memory-limit +memory_limit = -1 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +; This directive informs PHP of which errors, warnings and notices you would like +; it to take action for. The recommended way of setting values for this +; directive is through the use of the error level constants and bitwise +; operators. The error level constants are below here for convenience as well as +; some common settings and their meanings. +; By default, PHP is set to take action on all errors, notices and warnings EXCEPT +; those related to E_NOTICE and E_STRICT, which together cover best practices and +; recommended coding standards in PHP. For performance reasons, this is the +; recommend error reporting setting. Your production server shouldn't be wasting +; resources complaining about best practices and coding standards. That's what +; development servers and development settings are for. +; Note: The php.ini-development file has this setting as E_ALL. This +; means it pretty much reports everything which is exactly what you want during +; development and early testing. +; +; Error Level Constants: +; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) +; E_ERROR - fatal run-time errors +; E_RECOVERABLE_ERROR - almost fatal run-time errors +; E_WARNING - run-time warnings (non-fatal errors) +; E_PARSE - compile-time parse errors +; E_NOTICE - run-time notices (these are warnings which often result +; from a bug in your code, but it's possible that it was +; intentional (e.g., using an uninitialized variable and +; relying on the fact it's automatically initialized to an +; empty string) +; E_STRICT - run-time notices, enable to have PHP suggest changes +; to your code which will ensure the best interoperability +; and forward compatibility of your code +; E_CORE_ERROR - fatal errors that occur during PHP's initial startup +; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's +; initial startup +; E_COMPILE_ERROR - fatal compile-time errors +; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) +; E_USER_ERROR - user-generated error message +; E_USER_WARNING - user-generated warning message +; E_USER_NOTICE - user-generated notice message +; E_DEPRECATED - warn about code that will not work in future versions +; of PHP +; E_USER_DEPRECATED - user-generated deprecation warnings +; +; Common Values: +; E_ALL (Show all errors, warnings and notices including coding standards.) +; E_ALL & ~E_NOTICE (Show all errors, except for notices) +; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) +; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) +; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT +; http://php.net/error-reporting +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT + +; This directive controls whether or not and where PHP will output errors, +; notices and warnings too. Error output is very useful during development, but +; it could be very dangerous in production environments. Depending on the code +; which is triggering the error, sensitive information could potentially leak +; out of your application such as database usernames and passwords or worse. +; It's recommended that errors be logged on production servers rather than +; having the errors sent to STDOUT. +; Possible Values: +; Off = Do not display any errors +; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) +; On or stdout = Display errors to STDOUT +; Default Value: On +; Development Value: On +; Production Value: Off +; http://php.net/display-errors +display_errors = Off + +; The display of errors which occur during PHP's startup sequence are handled +; separately from display_errors. PHP's default behavior is to suppress those +; errors from clients. Turning the display of startup errors on can be useful in +; debugging configuration problems. But, it's strongly recommended that you +; leave this setting off on production servers. +; Default Value: Off +; Development Value: On +; Production Value: Off +; http://php.net/display-startup-errors +display_startup_errors = Off + +; Besides displaying errors, PHP can also log errors to locations such as a +; server-specific log, STDERR, or a location specified by the error_log +; directive found below. While errors should not be displayed on productions +; servers they should still be monitored and logging is a great way to do that. +; Default Value: Off +; Development Value: On +; Production Value: On +; http://php.net/log-errors +log_errors = On + +; Set maximum length of log_errors. In error_log information about the source is +; added. The default is 1024 and 0 allows to not apply any maximum length at all. +; http://php.net/log-errors-max-len +log_errors_max_len = 1024 + +; Do not log repeated messages. Repeated errors must occur in same file on same +; line unless ignore_repeated_source is set true. +; http://php.net/ignore-repeated-errors +ignore_repeated_errors = Off + +; Ignore source of message when ignoring repeated messages. When this setting +; is On you will not log errors with repeated messages from different files or +; source lines. +; http://php.net/ignore-repeated-source +ignore_repeated_source = Off + +; If this parameter is set to Off, then memory leaks will not be shown (on +; stdout or in the log). This has only effect in a debug compile, and if +; error reporting includes E_WARNING in the allowed list +; http://php.net/report-memleaks +report_memleaks = On + +; This setting is on by default. +;report_zend_debug = 0 + +; Store the last error/warning message in $php_errormsg (boolean). Setting this value +; to On can assist in debugging and is appropriate for development servers. It should +; however be disabled on production servers. +; Default Value: Off +; Development Value: On +; Production Value: Off +; http://php.net/track-errors +track_errors = Off + +; Turn off normal error reporting and emit XML-RPC error XML +; http://php.net/xmlrpc-errors +;xmlrpc_errors = 0 + +; An XML-RPC faultCode +;xmlrpc_error_number = 0 + +; When PHP displays or logs an error, it has the capability of formatting the +; error message as HTML for easier reading. This directive controls whether +; the error message is formatted as HTML or not. +; Note: This directive is hardcoded to Off for the CLI SAPI +; Default Value: On +; Development Value: On +; Production value: On +; http://php.net/html-errors +html_errors = On + +; If html_errors is set to On *and* docref_root is not empty, then PHP +; produces clickable error messages that direct to a page describing the error +; or function causing the error in detail. +; You can download a copy of the PHP manual from http://php.net/docs +; and change docref_root to the base URL of your local copy including the +; leading '/'. You must also specify the file extension being used including +; the dot. PHP's default behavior is to leave these settings empty, in which +; case no links to documentation are generated. +; Note: Never use this feature for production boxes. +; http://php.net/docref-root +; Examples +;docref_root = "/phpmanual/" + +; http://php.net/docref-ext +;docref_ext = .html + +; String to output before an error message. PHP's default behavior is to leave +; this setting blank. +; http://php.net/error-prepend-string +; Example: +;error_prepend_string = "" + +; String to output after an error message. PHP's default behavior is to leave +; this setting blank. +; http://php.net/error-append-string +; Example: +;error_append_string = "" + +; Log errors to specified file. PHP's default behavior is to leave this value +; empty. +; http://php.net/error-log +; Example: +;error_log = php_errors.log +; Log errors to syslog (Event Log on NT, not valid in Windows 95). +;error_log = syslog + +;windows.show_crt_warning +; Default value: 0 +; Development value: 0 +; Production value: 0 + +;;;;;;;;;;;;;;;;; +; Data Handling ; +;;;;;;;;;;;;;;;;; + +; The separator used in PHP generated URLs to separate arguments. +; PHP's default setting is "&". +; http://php.net/arg-separator.output +; Example: +;arg_separator.output = "&" + +; List of separator(s) used by PHP to parse input URLs into variables. +; PHP's default setting is "&". +; NOTE: Every character in this directive is considered as separator! +; http://php.net/arg-separator.input +; Example: +;arg_separator.input = ";&" + +; This directive determines which super global arrays are registered when PHP +; starts up. G,P,C,E & S are abbreviations for the following respective super +; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty +; paid for the registration of these arrays and because ENV is not as commonly +; used as the others, ENV is not recommended on productions servers. You +; can still get access to the environment variables through getenv() should you +; need to. +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS"; +; http://php.net/variables-order +variables_order = "GPCS" + +; This directive determines which super global data (G,P,C,E & S) should +; be registered into the super global array REQUEST. If so, it also determines +; the order in which that data is registered. The values for this directive are +; specified in the same manner as the variables_order directive, EXCEPT one. +; Leaving this value empty will cause PHP to use the value set in the +; variables_order directive. It does not mean it will leave the super globals +; array REQUEST empty. +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" +; http://php.net/request-order +request_order = "GP" + +; This directive determines whether PHP registers $argv & $argc each time it +; runs. $argv contains an array of all the arguments passed to PHP when a script +; is invoked. $argc contains an integer representing the number of arguments +; that were passed when the script was invoked. These arrays are extremely +; useful when running scripts from the command line. When this directive is +; enabled, registering these variables consumes CPU cycles and memory each time +; a script is executed. For performance reasons, this feature should be disabled +; on production servers. +; Note: This directive is hardcoded to On for the CLI SAPI +; Default Value: On +; Development Value: Off +; Production Value: Off +; http://php.net/register-argc-argv +register_argc_argv = Off + +; When enabled, the ENV, REQUEST and SERVER variables are created when they're +; first used (Just In Time) instead of when the script starts. If these +; variables are not used within a script, having this directive on will result +; in a performance gain. The PHP directive register_argc_argv must be disabled +; for this directive to have any affect. +; http://php.net/auto-globals-jit +auto_globals_jit = On + +; Whether PHP will read the POST data. +; This option is enabled by default. +; Most likely, you won't want to disable this option globally. It causes $_POST +; and $_FILES to always be empty; the only way you will be able to read the +; POST data will be through the php://input stream wrapper. This can be useful +; to proxy requests or to process the POST data in a memory efficient fashion. +; http://php.net/enable-post-data-reading +;enable_post_data_reading = Off + +; Maximum size of POST data that PHP will accept. +; Its value may be 0 to disable the limit. It is ignored if POST data reading +; is disabled through enable_post_data_reading. +; http://php.net/post-max-size +post_max_size = 8M + +; Automatically add files before PHP document. +; http://php.net/auto-prepend-file +auto_prepend_file = + +; Automatically add files after PHP document. +; http://php.net/auto-append-file +auto_append_file = + +; By default, PHP will output a character encoding using +; the Content-type: header. To disable sending of the charset, simply +; set it to be empty. +; +; PHP's built-in default is text/html +; http://php.net/default-mimetype +default_mimetype = "text/html" + +; PHP's default character set is set to empty. +; http://php.net/default-charset +;default_charset = "UTF-8" + +; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is +; to disable this feature. If post reading is disabled through +; enable_post_data_reading, $HTTP_RAW_POST_DATA is *NOT* populated. +; http://php.net/always-populate-raw-post-data +;always_populate_raw_post_data = On + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; + +; UNIX: "/path1:/path2" +;include_path = ".:/usr/share/php" +; +; Windows: "\path1;\path2" +;include_path = ".;c:\php\includes" +; +; PHP's default setting for include_path is ".;/path/to/php/pear" +; http://php.net/include-path + +; The root of the PHP pages, used only if nonempty. +; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root +; if you are running php as a CGI under any web server (other than IIS) +; see documentation for security issues. The alternate is to use the +; cgi.force_redirect configuration below +; http://php.net/doc-root +doc_root = + +; The directory under which PHP opens the script using /~username used only +; if nonempty. +; http://php.net/user-dir +user_dir = + +; Directory in which the loadable extensions (modules) reside. +; http://php.net/extension-dir +; extension_dir = "./" +; On windows: +; extension_dir = "ext" + +; Directory where the temporary files should be placed. +; Defaults to the system default (see sys_get_temp_dir) +; sys_temp_dir = "/tmp" + +; Whether or not to enable the dl() function. The dl() function does NOT work +; properly in multithreaded servers, such as IIS or Zeus, and is automatically +; disabled on them. +; http://php.net/enable-dl +enable_dl = Off + +; cgi.force_redirect is necessary to provide security running PHP as a CGI under +; most web servers. Left undefined, PHP turns this on by default. You can +; turn it off here AT YOUR OWN RISK +; **You CAN safely turn this off for IIS, in fact, you MUST.** +; http://php.net/cgi.force-redirect +;cgi.force_redirect = 1 + +; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +; every request. PHP's default behavior is to disable this feature. +;cgi.nph = 1 + +; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +; will look for to know it is OK to continue execution. Setting this variable MAY +; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +; http://php.net/cgi.redirect-status-env +;cgi.redirect_status_env = + +; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting +; of zero causes PHP to behave as before. Default is 1. You should fix your scripts +; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +; http://php.net/cgi.fix-pathinfo +;cgi.fix_pathinfo=1 + +; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate +; security tokens of the calling client. This allows IIS to define the +; security context that the request runs under. mod_fastcgi under Apache +; does not currently support this feature (03/17/2002) +; Set to 1 if running under IIS. Default is zero. +; http://php.net/fastcgi.impersonate +;fastcgi.impersonate = 1 + +; Disable logging through FastCGI connection. PHP's default behavior is to enable +; this feature. +;fastcgi.logging = 0 + +; cgi.rfc2616_headers configuration option tells PHP what type of headers to +; use when sending HTTP response code. If it's set 0 PHP sends Status: header that +; is supported by Apache. When this option is set to 1 PHP will send +; RFC2616 compliant header. +; Default is zero. +; http://php.net/cgi.rfc2616-headers +;cgi.rfc2616_headers = 0 + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; + +; Whether to allow HTTP file uploads. +; http://php.net/file-uploads +file_uploads = On + +; Temporary directory for HTTP uploaded files (will use system default if not +; specified). +; http://php.net/upload-tmp-dir +;upload_tmp_dir = + +; Maximum allowed size for uploaded files. +; http://php.net/upload-max-filesize +upload_max_filesize = 2M + +; Maximum number of files that can be uploaded via a single request +max_file_uploads = 20 + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; + +; Whether to allow the treatment of URLs (like http:// or ftp://) as files. +; http://php.net/allow-url-fopen +allow_url_fopen = On + +; Whether to allow include/require to open URLs (like http:// or ftp://) as files. +; http://php.net/allow-url-include +allow_url_include = Off + +; Define the anonymous ftp password (your email address). PHP's default setting +; for this is empty. +; http://php.net/from +;from="john@doe.com" + +; Define the User-Agent string. PHP's default setting for this is empty. +; http://php.net/user-agent +;user_agent="PHP" + +; Default timeout for socket based streams (seconds) +; http://php.net/default-socket-timeout +default_socket_timeout = 60 + +; If your scripts have to deal with files from Macintosh systems, +; or you are running on a Mac and need to deal with files from +; unix or win32 systems, setting this flag will cause PHP to +; automatically detect the EOL character in those files so that +; fgets() and file() will work regardless of the source of the file. +; http://php.net/auto-detect-line-endings +;auto_detect_line_endings = Off + +;;;;;;;;;;;;;;;;;;;;;; +; Dynamic Extensions ; +;;;;;;;;;;;;;;;;;;;;;; + +; If you wish to have an extension loaded automatically, use the following +; syntax: +; +; extension=modulename.extension +; +; For example, on Windows: +; +; extension=msql.dll +; +; ... or under UNIX: +; +; extension=msql.so +; +; ... or with a path: +; +; extension=/path/to/extension/msql.so +; +; If you only provide the name of the extension, PHP will look for it in its +; default extension directory. +; + +;;;;;;;;;;;;;;;;;;; +; Module Settings ; +;;;;;;;;;;;;;;;;;;; + +[CLI Server] +; Whether the CLI web server uses ANSI color coding in its terminal output. +cli_server.color = On + +[Date] +; Defines the default timezone used by the date functions +; http://php.net/date.timezone +date.timezone = "Europe/Berlin" + +; http://php.net/date.default-latitude +;date.default_latitude = 31.7667 + +; http://php.net/date.default-longitude +;date.default_longitude = 35.2333 + +; http://php.net/date.sunrise-zenith +;date.sunrise_zenith = 90.583333 + +; http://php.net/date.sunset-zenith +;date.sunset_zenith = 90.583333 + +[filter] +; http://php.net/filter.default +;filter.default = unsafe_raw + +; http://php.net/filter.default-flags +;filter.default_flags = + +[iconv] +;iconv.input_encoding = ISO-8859-1 +;iconv.internal_encoding = ISO-8859-1 +;iconv.output_encoding = ISO-8859-1 + +[intl] +;intl.default_locale = +; This directive allows you to produce PHP errors when some error +; happens within intl functions. The value is the level of the error produced. +; Default is 0, which does not produce any errors. +;intl.error_level = E_WARNING + +[sqlite] +; http://php.net/sqlite.assoc-case +;sqlite.assoc_case = 0 + +[sqlite3] +;sqlite3.extension_dir = + +[Pcre] +;PCRE library backtracking limit. +; http://php.net/pcre.backtrack-limit +;pcre.backtrack_limit=100000 + +;PCRE library recursion limit. +;Please note that if you set this value to a high number you may consume all +;the available process stack and eventually crash PHP (due to reaching the +;stack size limit imposed by the Operating System). +; http://php.net/pcre.recursion-limit +;pcre.recursion_limit=100000 + +[Pdo] +; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" +; http://php.net/pdo-odbc.connection-pooling +;pdo_odbc.connection_pooling=strict + +;pdo_odbc.db2_instance_name + +[Pdo_mysql] +; If mysqlnd is used: Number of cache slots for the internal result set cache +; http://php.net/pdo_mysql.cache_size +pdo_mysql.cache_size = 2000 + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; http://php.net/pdo_mysql.default-socket +pdo_mysql.default_socket= + +[Phar] +; http://php.net/phar.readonly +;phar.readonly = On + +; http://php.net/phar.require-hash +;phar.require_hash = On + +;phar.cache_list = + +[mail function] +; For Win32 only. +; http://php.net/smtp +SMTP = localhost +; http://php.net/smtp-port +smtp_port = 25 + +; For Win32 only. +; http://php.net/sendmail-from +;sendmail_from = me@example.com + +; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). +; http://php.net/sendmail-path +;sendmail_path = + +; Force the addition of the specified parameters to be passed as extra parameters +; to the sendmail binary. These parameters will always replace the value of +; the 5th parameter to mail(), even in safe mode. +;mail.force_extra_parameters = + +; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename +mail.add_x_header = On + +; The path to a log file that will log all mail() calls. Log entries include +; the full path of the script, line number, To address and headers. +;mail.log = +; Log mail to syslog (Event Log on NT, not valid in Windows 95). +;mail.log = syslog + +[SQL] +; http://php.net/sql.safe-mode +sql.safe_mode = Off + +[ODBC] +; http://php.net/odbc.default-db +;odbc.default_db = Not yet implemented + +; http://php.net/odbc.default-user +;odbc.default_user = Not yet implemented + +; http://php.net/odbc.default-pw +;odbc.default_pw = Not yet implemented + +; Controls the ODBC cursor model. +; Default: SQL_CURSOR_STATIC (default). +;odbc.default_cursortype + +; Allow or prevent persistent links. +; http://php.net/odbc.allow-persistent +odbc.allow_persistent = On + +; Check that a connection is still valid before reuse. +; http://php.net/odbc.check-persistent +odbc.check_persistent = On + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/odbc.max-persistent +odbc.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; http://php.net/odbc.max-links +odbc.max_links = -1 + +; Handling of LONG fields. Returns number of bytes to variables. 0 means +; passthru. +; http://php.net/odbc.defaultlrl +odbc.defaultlrl = 4096 + +; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. +; See the documentation on odbc_binmode and odbc_longreadlen for an explanation +; of odbc.defaultlrl and odbc.defaultbinmode +; http://php.net/odbc.defaultbinmode +odbc.defaultbinmode = 1 + +;birdstep.max_links = -1 + +[Interbase] +; Allow or prevent persistent links. +ibase.allow_persistent = 1 + +; Maximum number of persistent links. -1 means no limit. +ibase.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +ibase.max_links = -1 + +; Default database name for ibase_connect(). +;ibase.default_db = + +; Default username for ibase_connect(). +;ibase.default_user = + +; Default password for ibase_connect(). +;ibase.default_password = + +; Default charset for ibase_connect(). +;ibase.default_charset = + +; Default timestamp format. +ibase.timestampformat = "%Y-%m-%d %H:%M:%S" + +; Default date format. +ibase.dateformat = "%Y-%m-%d" + +; Default time format. +ibase.timeformat = "%H:%M:%S" + +[MySQL] +; Allow accessing, from PHP's perspective, local files with LOAD DATA statements +; http://php.net/mysql.allow_local_infile +mysql.allow_local_infile = On + +; Allow or prevent persistent links. +; http://php.net/mysql.allow-persistent +mysql.allow_persistent = On + +; If mysqlnd is used: Number of cache slots for the internal result set cache +; http://php.net/mysql.cache_size +mysql.cache_size = 2000 + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/mysql.max-persistent +mysql.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; http://php.net/mysql.max-links +mysql.max_links = -1 + +; Default port number for mysql_connect(). If unset, mysql_connect() will use +; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the +; compile-time value defined MYSQL_PORT (in that order). Win32 will only look +; at MYSQL_PORT. +; http://php.net/mysql.default-port +mysql.default_port = + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; http://php.net/mysql.default-socket +mysql.default_socket = + +; Default host for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysql.default-host +mysql.default_host = + +; Default user for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysql.default-user +mysql.default_user = + +; Default password for mysql_connect() (doesn't apply in safe mode). +; Note that this is generally a *bad* idea to store passwords in this file. +; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password") +; and reveal this password! And of course, any users with read access to this +; file will be able to reveal the password as well. +; http://php.net/mysql.default-password +mysql.default_password = + +; Maximum time (in seconds) for connect timeout. -1 means no limit +; http://php.net/mysql.connect-timeout +mysql.connect_timeout = 60 + +; Trace mode. When trace_mode is active (=On), warnings for table/index scans and +; SQL-Errors will be displayed. +; http://php.net/mysql.trace-mode +mysql.trace_mode = Off + +[MySQLi] + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/mysqli.max-persistent +mysqli.max_persistent = -1 + +; Allow accessing, from PHP's perspective, local files with LOAD DATA statements +; http://php.net/mysqli.allow_local_infile +;mysqli.allow_local_infile = On + +; Allow or prevent persistent links. +; http://php.net/mysqli.allow-persistent +mysqli.allow_persistent = On + +; Maximum number of links. -1 means no limit. +; http://php.net/mysqli.max-links +mysqli.max_links = -1 + +; If mysqlnd is used: Number of cache slots for the internal result set cache +; http://php.net/mysqli.cache_size +mysqli.cache_size = 2000 + +; Default port number for mysqli_connect(). If unset, mysqli_connect() will use +; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the +; compile-time value defined MYSQL_PORT (in that order). Win32 will only look +; at MYSQL_PORT. +; http://php.net/mysqli.default-port +mysqli.default_port = 3306 + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; http://php.net/mysqli.default-socket +mysqli.default_socket = + +; Default host for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysqli.default-host +mysqli.default_host = + +; Default user for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysqli.default-user +mysqli.default_user = + +; Default password for mysqli_connect() (doesn't apply in safe mode). +; Note that this is generally a *bad* idea to store passwords in this file. +; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") +; and reveal this password! And of course, any users with read access to this +; file will be able to reveal the password as well. +; http://php.net/mysqli.default-pw +mysqli.default_pw = + +; Allow or prevent reconnect +mysqli.reconnect = Off + +[mysqlnd] +; Enable / Disable collection of general statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +; http://php.net/mysqlnd.collect_statistics +mysqlnd.collect_statistics = On + +; Enable / Disable collection of memory usage statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +; http://php.net/mysqlnd.collect_memory_statistics +mysqlnd.collect_memory_statistics = Off + +; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. +; http://php.net/mysqlnd.net_cmd_buffer_size +;mysqlnd.net_cmd_buffer_size = 2048 + +; Size of a pre-allocated buffer used for reading data sent by the server in +; bytes. +; http://php.net/mysqlnd.net_read_buffer_size +;mysqlnd.net_read_buffer_size = 32768 + +[OCI8] + +; Connection: Enables privileged connections using external +; credentials (OCI_SYSOPER, OCI_SYSDBA) +; http://php.net/oci8.privileged-connect +;oci8.privileged_connect = Off + +; Connection: The maximum number of persistent OCI8 connections per +; process. Using -1 means no limit. +; http://php.net/oci8.max-persistent +;oci8.max_persistent = -1 + +; Connection: The maximum number of seconds a process is allowed to +; maintain an idle persistent connection. Using -1 means idle +; persistent connections will be maintained forever. +; http://php.net/oci8.persistent-timeout +;oci8.persistent_timeout = -1 + +; Connection: The number of seconds that must pass before issuing a +; ping during oci_pconnect() to check the connection validity. When +; set to 0, each oci_pconnect() will cause a ping. Using -1 disables +; pings completely. +; http://php.net/oci8.ping-interval +;oci8.ping_interval = 60 + +; Connection: Set this to a user chosen connection class to be used +; for all pooled server requests with Oracle 11g Database Resident +; Connection Pooling (DRCP). To use DRCP, this value should be set to +; the same string for all web servers running the same application, +; the database pool must be configured, and the connection string must +; specify to use a pooled server. +;oci8.connection_class = + +; High Availability: Using On lets PHP receive Fast Application +; Notification (FAN) events generated when a database node fails. The +; database must also be configured to post FAN events. +;oci8.events = Off + +; Tuning: This option enables statement caching, and specifies how +; many statements to cache. Using 0 disables statement caching. +; http://php.net/oci8.statement-cache-size +;oci8.statement_cache_size = 20 + +; Tuning: Enables statement prefetching and sets the default number of +; rows that will be fetched automatically after statement execution. +; http://php.net/oci8.default-prefetch +;oci8.default_prefetch = 100 + +; Compatibility. Using On means oci_close() will not close +; oci_connect() and oci_new_connect() connections. +; http://php.net/oci8.old-oci-close-semantics +;oci8.old_oci_close_semantics = Off + +[PostgreSQL] +; Allow or prevent persistent links. +; http://php.net/pgsql.allow-persistent +pgsql.allow_persistent = On + +; Detect broken persistent links always with pg_pconnect(). +; Auto reset feature requires a little overheads. +; http://php.net/pgsql.auto-reset-persistent +pgsql.auto_reset_persistent = Off + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/pgsql.max-persistent +pgsql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +; http://php.net/pgsql.max-links +pgsql.max_links = -1 + +; Ignore PostgreSQL backends Notice message or not. +; Notice message logging require a little overheads. +; http://php.net/pgsql.ignore-notice +pgsql.ignore_notice = 0 + +; Log PostgreSQL backends Notice message or not. +; Unless pgsql.ignore_notice=0, module cannot log notice message. +; http://php.net/pgsql.log-notice +pgsql.log_notice = 0 + +[Sybase-CT] +; Allow or prevent persistent links. +; http://php.net/sybct.allow-persistent +sybct.allow_persistent = On + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/sybct.max-persistent +sybct.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; http://php.net/sybct.max-links +sybct.max_links = -1 + +; Minimum server message severity to display. +; http://php.net/sybct.min-server-severity +sybct.min_server_severity = 10 + +; Minimum client message severity to display. +; http://php.net/sybct.min-client-severity +sybct.min_client_severity = 10 + +; Set per-context timeout +; http://php.net/sybct.timeout +;sybct.timeout= + +;sybct.packet_size + +; The maximum time in seconds to wait for a connection attempt to succeed before returning failure. +; Default: one minute +;sybct.login_timeout= + +; The name of the host you claim to be connecting from, for display by sp_who. +; Default: none +;sybct.hostname= + +; Allows you to define how often deadlocks are to be retried. -1 means "forever". +; Default: 0 +;sybct.deadlock_retry_count= + +[bcmath] +; Number of decimal digits for all bcmath functions. +; http://php.net/bcmath.scale +bcmath.scale = 0 + +[browscap] +; http://php.net/browscap +;browscap = extra/browscap.ini + +[Session] +; Handler used to store/retrieve data. +; http://php.net/session.save-handler +session.save_handler = files + +; Argument passed to save_handler. In the case of files, this is the path +; where data files are stored. Note: Windows users have to change this +; variable in order to use PHP's session functions. +; +; The path can be defined as: +; +; session.save_path = "N;/path" +; +; where N is an integer. Instead of storing all the session files in +; /path, what this will do is use subdirectories N-levels deep, and +; store the session data in those directories. This is useful if you +; or your OS have problems with lots of files in one directory, and is +; a more efficient layout for servers that handle lots of sessions. +; +; NOTE 1: PHP will not create this directory structure automatically. +; You can use the script in the ext/session dir for that purpose. +; NOTE 2: See the section on garbage collection below if you choose to +; use subdirectories for session storage +; +; The file storage module creates files using mode 600 by default. +; You can change that by using +; +; session.save_path = "N;MODE;/path" +; +; where MODE is the octal representation of the mode. Note that this +; does not overwrite the process's umask. +; http://php.net/session.save-path +;session.save_path = "/var/lib/php5" + +; Whether to use strict session mode. +; Strict session mode does not accept uninitialized session ID and regenerate +; session ID if browser sends uninitialized session ID. Strict mode protects +; applications from session fixation via session adoption vulnerability. It is +; disabled by default for maximum compatibility, but enabling it is encouraged. +; https://wiki.php.net/rfc/strict_sessions +session.use_strict_mode = 0 + +; Whether to use cookies. +; http://php.net/session.use-cookies +session.use_cookies = 1 + +; http://php.net/session.cookie-secure +;session.cookie_secure = + +; This option forces PHP to fetch and use a cookie for storing and maintaining +; the session id. We encourage this operation as it's very helpful in combating +; session hijacking when not specifying and managing your own session id. It is +; not the end all be all of session hijacking defense, but it's a good start. +; http://php.net/session.use-only-cookies +session.use_only_cookies = 1 + +; Name of the session (used as cookie name). +; http://php.net/session.name +session.name = PHPSESSID + +; Initialize session on request startup. +; http://php.net/session.auto-start +session.auto_start = 0 + +; Lifetime in seconds of cookie or, if 0, until browser is restarted. +; http://php.net/session.cookie-lifetime +session.cookie_lifetime = 0 + +; The path for which the cookie is valid. +; http://php.net/session.cookie-path +session.cookie_path = / + +; The domain for which the cookie is valid. +; http://php.net/session.cookie-domain +session.cookie_domain = + +; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. +; http://php.net/session.cookie-httponly +session.cookie_httponly = + +; Handler used to serialize data. php is the standard serializer of PHP. +; http://php.net/session.serialize-handler +session.serialize_handler = php + +; Defines the probability that the 'garbage collection' process is started +; on every session initialization. The probability is calculated by using +; gc_probability/gc_divisor. Where session.gc_probability is the numerator +; and gc_divisor is the denominator in the equation. Setting this value to 1 +; when the session.gc_divisor value is 100 will give you approximately a 1% chance +; the gc will run on any give request. +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; http://php.net/session.gc-probability +session.gc_probability = 0 + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using the following equation: +; gc_probability/gc_divisor. Where session.gc_probability is the numerator and +; session.gc_divisor is the denominator in the equation. Setting this value to 1 +; when the session.gc_divisor value is 100 will give you approximately a 1% chance +; the gc will run on any give request. Increasing this value to 1000 will give you +; a 0.1% chance the gc will run on any give request. For high volume production servers, +; this is a more efficient approach. +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 +; http://php.net/session.gc-divisor +session.gc_divisor = 1000 + +; After this number of seconds, stored data will be seen as 'garbage' and +; cleaned up by the garbage collection process. +; http://php.net/session.gc-maxlifetime +session.gc_maxlifetime = 1440 + +; NOTE: If you are using the subdirectory option for storing session files +; (see session.save_path above), then garbage collection does *not* +; happen automatically. You will need to do your own garbage +; collection through a shell script, cron entry, or some other method. +; For example, the following script would is the equivalent of +; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; find /path/to/sessions -cmin +24 -type f | xargs rm + +; PHP 4.2 and less have an undocumented feature/bug that allows you to +; to initialize a session variable in the global scope. +; PHP 4.3 and later will warn you, if this feature is used. +; You can disable the feature and the warning separately. At this time, +; the warning is only displayed, if bug_compat_42 is enabled. This feature +; introduces some serious security problems if not handled correctly. It's +; recommended that you do not use this feature on production servers. But you +; should enable this on development servers and enable the warning as well. If you +; do not enable the feature on development servers, you won't be warned when it's +; used and debugging errors caused by this can be difficult to track down. +; Default Value: On +; Development Value: On +; Production Value: Off +; http://php.net/session.bug-compat-42 +session.bug_compat_42 = Off + +; This setting controls whether or not you are warned by PHP when initializing a +; session value into the global space. session.bug_compat_42 must be enabled before +; these warnings can be issued by PHP. See the directive above for more information. +; Default Value: On +; Development Value: On +; Production Value: Off +; http://php.net/session.bug-compat-warn +session.bug_compat_warn = Off + +; Check HTTP Referer to invalidate externally stored URLs containing ids. +; HTTP_REFERER has to contain this substring for the session to be +; considered as valid. +; http://php.net/session.referer-check +session.referer_check = + +; How many bytes to read from the file. +; http://php.net/session.entropy-length +;session.entropy_length = 32 + +; Specified here to create the session id. +; http://php.net/session.entropy-file +; Defaults to /dev/urandom +; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom +; If neither are found at compile time, the default is no entropy file. +; On windows, setting the entropy_length setting will activate the +; Windows random source (using the CryptoAPI) +;session.entropy_file = /dev/urandom + +; Set to {nocache,private,public,} to determine HTTP caching aspects +; or leave this empty to avoid sending anti-caching headers. +; http://php.net/session.cache-limiter +session.cache_limiter = nocache + +; Document expires after n minutes. +; http://php.net/session.cache-expire +session.cache_expire = 180 + +; trans sid support is disabled by default. +; Use of trans sid may risk your users security. +; Use this option with caution. +; - User may send URL contains active session ID +; to other person via. email/irc/etc. +; - URL that contains active session ID may be stored +; in publicly accessible computer. +; - User may access your site with the same session ID +; always using URL stored in browser's history or bookmarks. +; http://php.net/session.use-trans-sid +session.use_trans_sid = 0 + +; Select a hash function for use in generating session ids. +; Possible Values +; 0 (MD5 128 bits) +; 1 (SHA-1 160 bits) +; This option may also be set to the name of any hash function supported by +; the hash extension. A list of available hashes is returned by the hash_algos() +; function. +; http://php.net/session.hash-function +session.hash_function = 0 + +; Define how many bits are stored in each character when converting +; the binary hash data to something readable. +; Possible values: +; 4 (4 bits: 0-9, a-f) +; 5 (5 bits: 0-9, a-v) +; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 +; http://php.net/session.hash-bits-per-character +session.hash_bits_per_character = 5 + +; The URL rewriter will look for URLs in a defined set of HTML tags. +; form/fieldset are special; if you include them here, the rewriter will +; add a hidden field with the info which is otherwise appended +; to URLs. If you want XHTML conformity, remove the form entry. +; Note that all valid entries require a "=", even if no value follows. +; Default Value: "a=href,area=href,frame=src,form=,fieldset=" +; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" +; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" +; http://php.net/url-rewriter.tags +url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" + +; Enable upload progress tracking in $_SESSION +; Default Value: On +; Development Value: On +; Production Value: On +; http://php.net/session.upload-progress.enabled +;session.upload_progress.enabled = On + +; Cleanup the progress information as soon as all POST data has been read +; (i.e. upload completed). +; Default Value: On +; Development Value: On +; Production Value: On +; http://php.net/session.upload-progress.cleanup +;session.upload_progress.cleanup = On + +; A prefix used for the upload progress key in $_SESSION +; Default Value: "upload_progress_" +; Development Value: "upload_progress_" +; Production Value: "upload_progress_" +; http://php.net/session.upload-progress.prefix +;session.upload_progress.prefix = "upload_progress_" + +; The index name (concatenated with the prefix) in $_SESSION +; containing the upload progress information +; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" +; http://php.net/session.upload-progress.name +;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" + +; How frequently the upload progress should be updated. +; Given either in percentages (per-file), or in bytes +; Default Value: "1%" +; Development Value: "1%" +; Production Value: "1%" +; http://php.net/session.upload-progress.freq +;session.upload_progress.freq = "1%" + +; The minimum delay between updates, in seconds +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; http://php.net/session.upload-progress.min-freq +;session.upload_progress.min_freq = "1" + +[MSSQL] +; Allow or prevent persistent links. +mssql.allow_persistent = On + +; Maximum number of persistent links. -1 means no limit. +mssql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +mssql.max_links = -1 + +; Minimum error severity to display. +mssql.min_error_severity = 10 + +; Minimum message severity to display. +mssql.min_message_severity = 10 + +; Compatibility mode with old versions of PHP 3.0. +mssql.compatibility_mode = Off + +; Connect timeout +;mssql.connect_timeout = 5 + +; Query timeout +;mssql.timeout = 60 + +; Valid range 0 - 2147483647. Default = 4096. +;mssql.textlimit = 4096 + +; Valid range 0 - 2147483647. Default = 4096. +;mssql.textsize = 4096 + +; Limits the number of records in each batch. 0 = all records in one batch. +;mssql.batchsize = 0 + +; Specify how datetime and datetim4 columns are returned +; On => Returns data converted to SQL server settings +; Off => Returns values as YYYY-MM-DD hh:mm:ss +;mssql.datetimeconvert = On + +; Use NT authentication when connecting to the server +mssql.secure_connection = Off + +; Specify max number of processes. -1 = library default +; msdlib defaults to 25 +; FreeTDS defaults to 4096 +;mssql.max_procs = -1 + +; Specify client character set. +; If empty or not set the client charset from freetds.conf is used +; This is only used when compiled with FreeTDS +;mssql.charset = "ISO-8859-1" + +[Assertion] +; Assert(expr); active by default. +; http://php.net/assert.active +;assert.active = On + +; Issue a PHP warning for each failed assertion. +; http://php.net/assert.warning +;assert.warning = On + +; Don't bail out by default. +; http://php.net/assert.bail +;assert.bail = Off + +; User-function to be called if an assertion fails. +; http://php.net/assert.callback +;assert.callback = 0 + +; Eval the expression with current error_reporting(). Set to true if you want +; error_reporting(0) around the eval(). +; http://php.net/assert.quiet-eval +;assert.quiet_eval = 0 + +[COM] +; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs +; http://php.net/com.typelib-file +;com.typelib_file = + +; allow Distributed-COM calls +; http://php.net/com.allow-dcom +;com.allow_dcom = true + +; autoregister constants of a components typlib on com_load() +; http://php.net/com.autoregister-typelib +;com.autoregister_typelib = true + +; register constants casesensitive +; http://php.net/com.autoregister-casesensitive +;com.autoregister_casesensitive = false + +; show warnings on duplicate constant registrations +; http://php.net/com.autoregister-verbose +;com.autoregister_verbose = true + +; The default character set code-page to use when passing strings to and from COM objects. +; Default: system ANSI code page +;com.code_page= + +[mbstring] +; language for internal character representation. +; http://php.net/mbstring.language +;mbstring.language = Japanese + +; internal/script encoding. +; Some encoding cannot work as internal encoding. +; (e.g. SJIS, BIG5, ISO-2022-*) +; http://php.net/mbstring.internal-encoding +;mbstring.internal_encoding = UTF-8 + +; http input encoding. +; http://php.net/mbstring.http-input +;mbstring.http_input = UTF-8 + +; http output encoding. mb_output_handler must be +; registered as output buffer to function +; http://php.net/mbstring.http-output +;mbstring.http_output = pass + +; enable automatic encoding translation according to +; mbstring.internal_encoding setting. Input chars are +; converted to internal encoding by setting this to On. +; Note: Do _not_ use automatic encoding translation for +; portable libs/applications. +; http://php.net/mbstring.encoding-translation +;mbstring.encoding_translation = Off + +; automatic encoding detection order. +; auto means +; http://php.net/mbstring.detect-order +;mbstring.detect_order = auto + +; substitute_character used when character cannot be converted +; one from another +; http://php.net/mbstring.substitute-character +;mbstring.substitute_character = none + +; overload(replace) single byte functions by mbstring functions. +; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), +; etc. Possible values are 0,1,2,4 or combination of them. +; For example, 7 for overload everything. +; 0: No overload +; 1: Overload mail() function +; 2: Overload str*() functions +; 4: Overload ereg*() functions +; http://php.net/mbstring.func-overload +;mbstring.func_overload = 0 + +; enable strict encoding detection. +;mbstring.strict_detection = On + +; This directive specifies the regex pattern of content types for which mb_output_handler() +; is activated. +; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) +;mbstring.http_output_conv_mimetype= + +[gd] +; Tell the jpeg decode to ignore warnings and try to create +; a gd image. The warning will then be displayed as notices +; disabled by default +; http://php.net/gd.jpeg-ignore-warning +;gd.jpeg_ignore_warning = 0 + +[exif] +; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. +; With mbstring support this will automatically be converted into the encoding +; given by corresponding encode setting. When empty mbstring.internal_encoding +; is used. For the decode settings you can distinguish between motorola and +; intel byte order. A decode setting cannot be empty. +; http://php.net/exif.encode-unicode +;exif.encode_unicode = ISO-8859-15 + +; http://php.net/exif.decode-unicode-motorola +;exif.decode_unicode_motorola = UCS-2BE + +; http://php.net/exif.decode-unicode-intel +;exif.decode_unicode_intel = UCS-2LE + +; http://php.net/exif.encode-jis +;exif.encode_jis = + +; http://php.net/exif.decode-jis-motorola +;exif.decode_jis_motorola = JIS + +; http://php.net/exif.decode-jis-intel +;exif.decode_jis_intel = JIS + +[Tidy] +; The path to a default tidy configuration file to use when using tidy +; http://php.net/tidy.default-config +;tidy.default_config = /usr/local/lib/php/default.tcfg + +; Should tidy clean and repair output automatically? +; WARNING: Do not use this option if you are generating non-html content +; such as dynamic images +; http://php.net/tidy.clean-output +tidy.clean_output = Off + +[soap] +; Enables or disables WSDL caching feature. +; http://php.net/soap.wsdl-cache-enabled +soap.wsdl_cache_enabled=1 + +; Sets the directory name where SOAP extension will put cache files. +; http://php.net/soap.wsdl-cache-dir +soap.wsdl_cache_dir="/tmp" + +; (time to live) Sets the number of second while cached file will be used +; instead of original one. +; http://php.net/soap.wsdl-cache-ttl +soap.wsdl_cache_ttl=86400 + +; Sets the size of the cache limit. (Max. number of WSDL files to cache) +soap.wsdl_cache_limit = 5 + +[sysvshm] +; A default size of the shared memory segment +;sysvshm.init_mem = 10000 + +[ldap] +; Sets the maximum number of open links or -1 for unlimited. +ldap.max_links = -1 + +[mcrypt] +; For more information about mcrypt settings see http://php.net/mcrypt-module-open + +; Directory where to load mcrypt algorithms +; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) +;mcrypt.algorithms_dir= + +; Directory where to load mcrypt modes +; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) +;mcrypt.modes_dir= + +[dba] +;dba.default_handler= + +[opcache] +; Determines if Zend OPCache is enabled +;opcache.enable=0 + +; Determines if Zend OPCache is enabled for the CLI version of PHP +;opcache.enable_cli=0 + +; The OPcache shared memory storage size. +;opcache.memory_consumption=64 + +; The amount of memory for interned strings in Mbytes. +;opcache.interned_strings_buffer=4 + +; The maximum number of keys (scripts) in the OPcache hash table. +; Only numbers between 200 and 100000 are allowed. +;opcache.max_accelerated_files=2000 + +; The maximum percentage of "wasted" memory until a restart is scheduled. +;opcache.max_wasted_percentage=5 + +; When this directive is enabled, the OPcache appends the current working +; directory to the script key, thus eliminating possible collisions between +; files with the same name (basename). Disabling the directive improves +; performance, but may break existing applications. +;opcache.use_cwd=1 + +; When disabled, you must reset the OPcache manually or restart the +; webserver for changes to the filesystem to take effect. +;opcache.validate_timestamps=1 + +; How often (in seconds) to check file timestamps for changes to the shared +; memory storage allocation. ("1" means validate once per second, but only +; once per request. "0" means always validate) +;opcache.revalidate_freq=2 + +; Enables or disables file search in include_path optimization +;opcache.revalidate_path=0 + +; If disabled, all PHPDoc comments are dropped from the code to reduce the +; size of the optimized code. +;opcache.save_comments=1 + +; If disabled, PHPDoc comments are not loaded from SHM, so "Doc Comments" +; may be always stored (save_comments=1), but not loaded by applications +; that don't need them anyway. +;opcache.load_comments=1 + +; If enabled, a fast shutdown sequence is used for the accelerated code +;opcache.fast_shutdown=0 + +; Allow file existence override (file_exists, etc.) performance feature. +;opcache.enable_file_override=0 + +; A bitmask, where each bit enables or disables the appropriate OPcache +; passes +;opcache.optimization_level=0xffffffff + +;opcache.inherited_hack=1 +;opcache.dups_fix=0 + +; The location of the OPcache blacklist file (wildcards allowed). +; Each OPcache blacklist file is a text file that holds the names of files +; that should not be accelerated. The file format is to add each filename +; to a new line. The filename may be a full path or just a file prefix +; (i.e., /var/www/x blacklists all the files and directories in /var/www +; that start with 'x'). Line starting with a ; are ignored (comments). +;opcache.blacklist_filename= + +; Allows exclusion of large files from being cached. By default all files +; are cached. +;opcache.max_file_size=0 + +; Check the cache checksum each N requests. +; The default value of "0" means that the checks are disabled. +;opcache.consistency_checks=0 + +; How long to wait (in seconds) for a scheduled restart to begin if the cache +; is not being accessed. +;opcache.force_restart_timeout=180 + +; OPcache error_log file name. Empty string assumes "stderr". +;opcache.error_log= + +; All OPcache errors go to the Web server log. +; By default, only fatal errors (level 0) or errors (level 1) are logged. +; You can also enable warnings (level 2), info messages (level 3) or +; debug messages (level 4). +;opcache.log_verbosity_level=1 + +; Preferred Shared Memory back-end. Leave empty and let the system decide. +;opcache.preferred_memory_model= + +; Protect the shared memory from unexpected writing during script execution. +; Useful for internal debugging only. +;opcache.protect_memory=0 + +[curl] +; A default value for the CURLOPT_CAINFO option. This is required to be an +; absolute path. +;curl.cainfo = + +; Local Variables: +; tab-width: 4 +; End: + +apc.enable_cli=1 diff --git a/php/php.ini b/php/php.ini new file mode 100644 index 0000000..af842c7 --- /dev/null +++ b/php/php.ini @@ -0,0 +1,1930 @@ +[PHP] + +;;;;;;;;;;;;;;;;;;; +; About php.ini ; +;;;;;;;;;;;;;;;;;;; +; PHP's initialization file, generally called php.ini, is responsible for +; configuring many of the aspects of PHP's behavior. + +; PHP attempts to find and load this configuration from a number of locations. +; The following is a summary of its search order: +; 1. SAPI module specific location. +; 2. The PHPRC environment variable. (As of PHP 5.2.0) +; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) +; 4. Current working directory (except CLI) +; 5. The web server's directory (for SAPI modules), or directory of PHP +; (otherwise in Windows) +; 6. The directory from the --with-config-file-path compile time option, or the +; Windows directory (C:\windows or C:\winnt) +; See the PHP docs for more specific information. +; http://php.net/configuration.file + +; The syntax of the file is extremely simple. Whitespace and lines +; beginning with a semicolon are silently ignored (as you probably guessed). +; Section headers (e.g. [Foo]) are also silently ignored, even though +; they might mean something in the future. + +; Directives following the section heading [PATH=/www/mysite] only +; apply to PHP files in the /www/mysite directory. Directives +; following the section heading [HOST=www.example.com] only apply to +; PHP files served from www.example.com. Directives set in these +; special sections cannot be overridden by user-defined INI files or +; at runtime. Currently, [PATH=] and [HOST=] sections only work under +; CGI/FastCGI. +; http://php.net/ini.sections + +; Directives are specified using the following syntax: +; directive = value +; Directive names are *case sensitive* - foo=bar is different from FOO=bar. +; Directives are variables used to configure PHP or PHP extensions. +; There is no name validation. If PHP can't find an expected +; directive because it is not set or is mistyped, a default value will be used. + +; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one +; of the INI constants (On, Off, True, False, Yes, No and None) or an expression +; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a +; previously set variable or directive (e.g. ${foo}) + +; Expressions in the INI file are limited to bitwise operators and parentheses: +; | bitwise OR +; ^ bitwise XOR +; & bitwise AND +; ~ bitwise NOT +; ! boolean NOT + +; Boolean flags can be turned on using the values 1, On, True or Yes. +; They can be turned off using the values 0, Off, False or No. + +; An empty string can be denoted by simply not writing anything after the equal +; sign, or by using the None keyword: + +; foo = ; sets foo to an empty string +; foo = None ; sets foo to an empty string +; foo = "None" ; sets foo to the string 'None' + +; If you use constants in your value, and these constants belong to a +; dynamically loaded extension (either a PHP extension or a Zend extension), +; you may only use these constants *after* the line that loads the extension. + +;;;;;;;;;;;;;;;;;;; +; About this file ; +;;;;;;;;;;;;;;;;;;; +; PHP comes packaged with two INI files. One that is recommended to be used +; in production environments and one that is recommended to be used in +; development environments. + +; php.ini-production contains settings which hold security, performance and +; best practices at its core. But please be aware, these settings may break +; compatibility with older or less security conscience applications. We +; recommending using the production ini in production and testing environments. + +; php.ini-development is very similar to its production variant, except it's +; much more verbose when it comes to errors. We recommending using the +; development version only in development environments as errors shown to +; application users can inadvertently leak otherwise secure information. + +; This is php.ini-production INI file. + +;;;;;;;;;;;;;;;;;;; +; Quick Reference ; +;;;;;;;;;;;;;;;;;;; +; The following are all the settings which are different in either the production +; or development versions of the INIs with respect to PHP's default behavior. +; Please see the actual settings later in the document for more details as to why +; we recommend these changes in PHP's behavior. + +; display_errors +; Default Value: On +; Development Value: On +; Production Value: Off + +; display_startup_errors +; Default Value: Off +; Development Value: On +; Production Value: Off + +; error_reporting +; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT + +; html_errors +; Default Value: On +; Development Value: On +; Production value: On + +; log_errors +; Default Value: Off +; Development Value: On +; Production Value: On + +; max_input_time +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) + +; output_buffering +; Default Value: Off +; Development Value: 4096 +; Production Value: 4096 + +; register_argc_argv +; Default Value: On +; Development Value: Off +; Production Value: Off + +; request_order +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" + +; session.bug_compat_42 +; Default Value: On +; Development Value: On +; Production Value: Off + +; session.bug_compat_warn +; Default Value: On +; Development Value: On +; Production Value: Off + +; session.gc_divisor +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 + +; session.hash_bits_per_character +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 + +; short_open_tag +; Default Value: On +; Development Value: Off +; Production Value: Off + +; track_errors +; Default Value: Off +; Development Value: On +; Production Value: Off + +; url_rewriter.tags +; Default Value: "a=href,area=href,frame=src,form=,fieldset=" +; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" +; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" + +; variables_order +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS" + +;;;;;;;;;;;;;;;;;;;; +; php.ini Options ; +;;;;;;;;;;;;;;;;;;;; +; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" +;user_ini.filename = ".user.ini" + +; To disable this feature set this option to empty value +;user_ini.filename = + +; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) +;user_ini.cache_ttl = 300 + +;;;;;;;;;;;;;;;;;;;; +; Language Options ; +;;;;;;;;;;;;;;;;;;;; + +; Enable the PHP scripting language engine under Apache. +; http://php.net/engine +engine = On + +; This directive determines whether or not PHP will recognize code between +; tags as PHP source which should be processed as such. It is +; generally recommended that should be used and that this feature +; should be disabled, as enabling it may result in issues when generating XML +; documents, however this remains supported for backward compatibility reasons. +; Note that this directive does not control the tags. +; http://php.net/asp-tags +asp_tags = Off + +; The number of significant digits displayed in floating point numbers. +; http://php.net/precision +precision = 14 + +; Output buffering is a mechanism for controlling how much output data +; (excluding headers and cookies) PHP should keep internally before pushing that +; data to the client. If your application's output exceeds this setting, PHP +; will send that data in chunks of roughly the size you specify. +; Turning on this setting and managing its maximum buffer size can yield some +; interesting side-effects depending on your application and web server. +; You may be able to send headers and cookies after you've already sent output +; through print or echo. You also may see performance benefits if your server is +; emitting less packets due to buffered output versus PHP streaming the output +; as it gets it. On production servers, 4096 bytes is a good setting for performance +; reasons. +; Note: Output buffering can also be controlled via Output Buffering Control +; functions. +; Possible Values: +; On = Enabled and buffer is unlimited. (Use with caution) +; Off = Disabled +; Integer = Enables the buffer and sets its maximum size in bytes. +; Note: This directive is hardcoded to Off for the CLI SAPI +; Default Value: Off +; Development Value: 4096 +; Production Value: 4096 +; http://php.net/output-buffering +output_buffering = 4096 + +; You can redirect all of the output of your scripts to a function. For +; example, if you set output_handler to "mb_output_handler", character +; encoding will be transparently converted to the specified encoding. +; Setting any output handler automatically turns on output buffering. +; Note: People who wrote portable scripts should not depend on this ini +; directive. Instead, explicitly set the output handler using ob_start(). +; Using this ini directive may cause problems unless you know what script +; is doing. +; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler" +; and you cannot use both "ob_gzhandler" and "zlib.output_compression". +; Note: output_handler must be empty if this is set 'On' !!!! +; Instead you must use zlib.output_handler. +; http://php.net/output-handler +;output_handler = + +; Transparent output compression using the zlib library +; Valid values for this option are 'off', 'on', or a specific buffer size +; to be used for compression (default is 4KB) +; Note: Resulting chunk size may vary due to nature of compression. PHP +; outputs chunks that are few hundreds bytes each as a result of +; compression. If you prefer a larger chunk size for better +; performance, enable output_buffering in addition. +; Note: You need to use zlib.output_handler instead of the standard +; output_handler, or otherwise the output will be corrupted. +; http://php.net/zlib.output-compression +zlib.output_compression = Off + +; http://php.net/zlib.output-compression-level +;zlib.output_compression_level = -1 + +; You cannot specify additional output handlers if zlib.output_compression +; is activated here. This setting does the same as output_handler but in +; a different order. +; http://php.net/zlib.output-handler +;zlib.output_handler = + +; Implicit flush tells PHP to tell the output layer to flush itself +; automatically after every output block. This is equivalent to calling the +; PHP function flush() after each and every call to print() or echo() and each +; and every HTML block. Turning this option on has serious performance +; implications and is generally recommended for debugging purposes only. +; http://php.net/implicit-flush +; Note: This directive is hardcoded to On for the CLI SAPI +implicit_flush = Off + +; The unserialize callback function will be called (with the undefined class' +; name as parameter), if the unserializer finds an undefined class +; which should be instantiated. A warning appears if the specified function is +; not defined, or if the function doesn't include/implement the missing class. +; So only set this entry, if you really want to implement such a +; callback-function. +unserialize_callback_func = + +; When floats & doubles are serialized store serialize_precision significant +; digits after the floating point. The default value ensures that when floats +; are decoded with unserialize, the data will remain the same. +serialize_precision = 17 + +; open_basedir, if set, limits all file operations to the defined directory +; and below. This directive makes most sense if used in a per-directory +; or per-virtualhost web server configuration file. This directive is +; *NOT* affected by whether Safe Mode is turned On or Off. +; http://php.net/open-basedir +;open_basedir = + +; This directive allows you to disable certain functions for security reasons. +; It receives a comma-delimited list of function names. This directive is +; *NOT* affected by whether Safe Mode is turned On or Off. +; http://php.net/disable-functions +disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority, + +; This directive allows you to disable certain classes for security reasons. +; It receives a comma-delimited list of class names. This directive is +; *NOT* affected by whether Safe Mode is turned On or Off. +; http://php.net/disable-classes +disable_classes = + +; Colors for Syntax Highlighting mode. Anything that's acceptable in +; would work. +; http://php.net/syntax-highlighting +;highlight.string = #DD0000 +;highlight.comment = #FF9900 +;highlight.keyword = #007700 +;highlight.default = #0000BB +;highlight.html = #000000 + +; If enabled, the request will be allowed to complete even if the user aborts +; the request. Consider enabling it if executing long requests, which may end up +; being interrupted by the user or a browser timing out. PHP's default behavior +; is to disable this feature. +; http://php.net/ignore-user-abort +;ignore_user_abort = On + +; Determines the size of the realpath cache to be used by PHP. This value should +; be increased on systems where PHP opens many files to reflect the quantity of +; the file operations performed. +; http://php.net/realpath-cache-size +;realpath_cache_size = 16k + +; Duration of time, in seconds for which to cache realpath information for a given +; file or directory. For systems with rarely changing files, consider increasing this +; value. +; http://php.net/realpath-cache-ttl +;realpath_cache_ttl = 120 + +; Enables or disables the circular reference collector. +; http://php.net/zend.enable-gc +zend.enable_gc = On + +; If enabled, scripts may be written in encodings that are incompatible with +; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such +; encodings. To use this feature, mbstring extension must be enabled. +; Default: Off +;zend.multibyte = Off + +; Allows to set the default encoding for the scripts. This value will be used +; unless "declare(encoding=...)" directive appears at the top of the script. +; Only affects if zend.multibyte is set. +; Default: "" +;zend.script_encoding = + +;;;;;;;;;;;;;;;;; +; Miscellaneous ; +;;;;;;;;;;;;;;;;; + +; Decides whether PHP may expose the fact that it is installed on the server +; (e.g. by adding its signature to the Web server header). It is no security +; threat in any way, but it makes it possible to determine whether you use PHP +; on your server or not. +; http://php.net/expose-php +expose_php = On + +;;;;;;;;;;;;;;;;;;; +; Resource Limits ; +;;;;;;;;;;;;;;;;;;; + +; Maximum execution time of each script, in seconds +; http://php.net/max-execution-time +; Note: This directive is hardcoded to 0 for the CLI SAPI +max_execution_time = 240 + +; Maximum amount of time each script may spend parsing request data. It's a good +; idea to limit this time on productions servers in order to eliminate unexpectedly +; long running scripts. +; Note: This directive is hardcoded to -1 for the CLI SAPI +; Default Value: -1 (Unlimited) +; Development Value: 60 (60 seconds) +; Production Value: 60 (60 seconds) +; http://php.net/max-input-time +max_input_time = 60 + +; Maximum input variable nesting level +; http://php.net/max-input-nesting-level +;max_input_nesting_level = 64 + +; How many GET/POST/COOKIE input variables may be accepted +; max_input_vars = 1000 + +; Maximum amount of memory a script may consume (128MB) +; http://php.net/memory-limit +memory_limit = 512M + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +; Error handling and logging ; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +; This directive informs PHP of which errors, warnings and notices you would like +; it to take action for. The recommended way of setting values for this +; directive is through the use of the error level constants and bitwise +; operators. The error level constants are below here for convenience as well as +; some common settings and their meanings. +; By default, PHP is set to take action on all errors, notices and warnings EXCEPT +; those related to E_NOTICE and E_STRICT, which together cover best practices and +; recommended coding standards in PHP. For performance reasons, this is the +; recommend error reporting setting. Your production server shouldn't be wasting +; resources complaining about best practices and coding standards. That's what +; development servers and development settings are for. +; Note: The php.ini-development file has this setting as E_ALL. This +; means it pretty much reports everything which is exactly what you want during +; development and early testing. +; +; Error Level Constants: +; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) +; E_ERROR - fatal run-time errors +; E_RECOVERABLE_ERROR - almost fatal run-time errors +; E_WARNING - run-time warnings (non-fatal errors) +; E_PARSE - compile-time parse errors +; E_NOTICE - run-time notices (these are warnings which often result +; from a bug in your code, but it's possible that it was +; intentional (e.g., using an uninitialized variable and +; relying on the fact it's automatically initialized to an +; empty string) +; E_STRICT - run-time notices, enable to have PHP suggest changes +; to your code which will ensure the best interoperability +; and forward compatibility of your code +; E_CORE_ERROR - fatal errors that occur during PHP's initial startup +; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's +; initial startup +; E_COMPILE_ERROR - fatal compile-time errors +; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) +; E_USER_ERROR - user-generated error message +; E_USER_WARNING - user-generated warning message +; E_USER_NOTICE - user-generated notice message +; E_DEPRECATED - warn about code that will not work in future versions +; of PHP +; E_USER_DEPRECATED - user-generated deprecation warnings +; +; Common Values: +; E_ALL (Show all errors, warnings and notices including coding standards.) +; E_ALL & ~E_NOTICE (Show all errors, except for notices) +; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) +; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) +; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED +; Development Value: E_ALL +; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT +; http://php.net/error-reporting +error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT + +; This directive controls whether or not and where PHP will output errors, +; notices and warnings too. Error output is very useful during development, but +; it could be very dangerous in production environments. Depending on the code +; which is triggering the error, sensitive information could potentially leak +; out of your application such as database usernames and passwords or worse. +; It's recommended that errors be logged on production servers rather than +; having the errors sent to STDOUT. +; Possible Values: +; Off = Do not display any errors +; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) +; On or stdout = Display errors to STDOUT +; Default Value: On +; Development Value: On +; Production Value: Off +; http://php.net/display-errors +display_errors = Off + +; The display of errors which occur during PHP's startup sequence are handled +; separately from display_errors. PHP's default behavior is to suppress those +; errors from clients. Turning the display of startup errors on can be useful in +; debugging configuration problems. But, it's strongly recommended that you +; leave this setting off on production servers. +; Default Value: Off +; Development Value: On +; Production Value: Off +; http://php.net/display-startup-errors +display_startup_errors = Off + +; Besides displaying errors, PHP can also log errors to locations such as a +; server-specific log, STDERR, or a location specified by the error_log +; directive found below. While errors should not be displayed on productions +; servers they should still be monitored and logging is a great way to do that. +; Default Value: Off +; Development Value: On +; Production Value: On +; http://php.net/log-errors +log_errors = On + +; Set maximum length of log_errors. In error_log information about the source is +; added. The default is 1024 and 0 allows to not apply any maximum length at all. +; http://php.net/log-errors-max-len +log_errors_max_len = 1024 + +; Do not log repeated messages. Repeated errors must occur in same file on same +; line unless ignore_repeated_source is set true. +; http://php.net/ignore-repeated-errors +ignore_repeated_errors = Off + +; Ignore source of message when ignoring repeated messages. When this setting +; is On you will not log errors with repeated messages from different files or +; source lines. +; http://php.net/ignore-repeated-source +ignore_repeated_source = Off + +; If this parameter is set to Off, then memory leaks will not be shown (on +; stdout or in the log). This has only effect in a debug compile, and if +; error reporting includes E_WARNING in the allowed list +; http://php.net/report-memleaks +report_memleaks = On + +; This setting is on by default. +;report_zend_debug = 0 + +; Store the last error/warning message in $php_errormsg (boolean). Setting this value +; to On can assist in debugging and is appropriate for development servers. It should +; however be disabled on production servers. +; Default Value: Off +; Development Value: On +; Production Value: Off +; http://php.net/track-errors +track_errors = Off + +; Turn off normal error reporting and emit XML-RPC error XML +; http://php.net/xmlrpc-errors +;xmlrpc_errors = 0 + +; An XML-RPC faultCode +;xmlrpc_error_number = 0 + +; When PHP displays or logs an error, it has the capability of formatting the +; error message as HTML for easier reading. This directive controls whether +; the error message is formatted as HTML or not. +; Note: This directive is hardcoded to Off for the CLI SAPI +; Default Value: On +; Development Value: On +; Production value: On +; http://php.net/html-errors +html_errors = On + +; If html_errors is set to On *and* docref_root is not empty, then PHP +; produces clickable error messages that direct to a page describing the error +; or function causing the error in detail. +; You can download a copy of the PHP manual from http://php.net/docs +; and change docref_root to the base URL of your local copy including the +; leading '/'. You must also specify the file extension being used including +; the dot. PHP's default behavior is to leave these settings empty, in which +; case no links to documentation are generated. +; Note: Never use this feature for production boxes. +; http://php.net/docref-root +; Examples +;docref_root = "/phpmanual/" + +; http://php.net/docref-ext +;docref_ext = .html + +; String to output before an error message. PHP's default behavior is to leave +; this setting blank. +; http://php.net/error-prepend-string +; Example: +;error_prepend_string = "" + +; String to output after an error message. PHP's default behavior is to leave +; this setting blank. +; http://php.net/error-append-string +; Example: +;error_append_string = "" + +; Log errors to specified file. PHP's default behavior is to leave this value +; empty. +; http://php.net/error-log +; Example: +;error_log = php_errors.log +; Log errors to syslog (Event Log on NT, not valid in Windows 95). +;error_log = syslog + +;windows.show_crt_warning +; Default value: 0 +; Development value: 0 +; Production value: 0 + +;;;;;;;;;;;;;;;;; +; Data Handling ; +;;;;;;;;;;;;;;;;; + +; The separator used in PHP generated URLs to separate arguments. +; PHP's default setting is "&". +; http://php.net/arg-separator.output +; Example: +;arg_separator.output = "&" + +; List of separator(s) used by PHP to parse input URLs into variables. +; PHP's default setting is "&". +; NOTE: Every character in this directive is considered as separator! +; http://php.net/arg-separator.input +; Example: +;arg_separator.input = ";&" + +; This directive determines which super global arrays are registered when PHP +; starts up. G,P,C,E & S are abbreviations for the following respective super +; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty +; paid for the registration of these arrays and because ENV is not as commonly +; used as the others, ENV is not recommended on productions servers. You +; can still get access to the environment variables through getenv() should you +; need to. +; Default Value: "EGPCS" +; Development Value: "GPCS" +; Production Value: "GPCS"; +; http://php.net/variables-order +variables_order = "GPCS" + +; This directive determines which super global data (G,P,C,E & S) should +; be registered into the super global array REQUEST. If so, it also determines +; the order in which that data is registered. The values for this directive are +; specified in the same manner as the variables_order directive, EXCEPT one. +; Leaving this value empty will cause PHP to use the value set in the +; variables_order directive. It does not mean it will leave the super globals +; array REQUEST empty. +; Default Value: None +; Development Value: "GP" +; Production Value: "GP" +; http://php.net/request-order +request_order = "GP" + +; This directive determines whether PHP registers $argv & $argc each time it +; runs. $argv contains an array of all the arguments passed to PHP when a script +; is invoked. $argc contains an integer representing the number of arguments +; that were passed when the script was invoked. These arrays are extremely +; useful when running scripts from the command line. When this directive is +; enabled, registering these variables consumes CPU cycles and memory each time +; a script is executed. For performance reasons, this feature should be disabled +; on production servers. +; Note: This directive is hardcoded to On for the CLI SAPI +; Default Value: On +; Development Value: Off +; Production Value: Off +; http://php.net/register-argc-argv +register_argc_argv = Off + +; When enabled, the ENV, REQUEST and SERVER variables are created when they're +; first used (Just In Time) instead of when the script starts. If these +; variables are not used within a script, having this directive on will result +; in a performance gain. The PHP directive register_argc_argv must be disabled +; for this directive to have any affect. +; http://php.net/auto-globals-jit +auto_globals_jit = On + +; Whether PHP will read the POST data. +; This option is enabled by default. +; Most likely, you won't want to disable this option globally. It causes $_POST +; and $_FILES to always be empty; the only way you will be able to read the +; POST data will be through the php://input stream wrapper. This can be useful +; to proxy requests or to process the POST data in a memory efficient fashion. +; http://php.net/enable-post-data-reading +;enable_post_data_reading = Off + +; Maximum size of POST data that PHP will accept. +; Its value may be 0 to disable the limit. It is ignored if POST data reading +; is disabled through enable_post_data_reading. +; http://php.net/post-max-size +post_max_size = 100M + +; Automatically add files before PHP document. +; http://php.net/auto-prepend-file +auto_prepend_file = + +; Automatically add files after PHP document. +; http://php.net/auto-append-file +auto_append_file = + +; By default, PHP will output a character encoding using +; the Content-type: header. To disable sending of the charset, simply +; set it to be empty. +; +; PHP's built-in default is text/html +; http://php.net/default-mimetype +default_mimetype = "text/html" + +; PHP's default character set is set to empty. +; http://php.net/default-charset +;default_charset = "UTF-8" + +; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is +; to disable this feature. If post reading is disabled through +; enable_post_data_reading, $HTTP_RAW_POST_DATA is *NOT* populated. +; http://php.net/always-populate-raw-post-data +;always_populate_raw_post_data = On + +;;;;;;;;;;;;;;;;;;;;;;;;; +; Paths and Directories ; +;;;;;;;;;;;;;;;;;;;;;;;;; + +; UNIX: "/path1:/path2" +;include_path = ".:/usr/share/php" +; +; Windows: "\path1;\path2" +;include_path = ".;c:\php\includes" +; +; PHP's default setting for include_path is ".;/path/to/php/pear" +; http://php.net/include-path + +; The root of the PHP pages, used only if nonempty. +; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root +; if you are running php as a CGI under any web server (other than IIS) +; see documentation for security issues. The alternate is to use the +; cgi.force_redirect configuration below +; http://php.net/doc-root +doc_root = + +; The directory under which PHP opens the script using /~username used only +; if nonempty. +; http://php.net/user-dir +user_dir = + +; Directory in which the loadable extensions (modules) reside. +; http://php.net/extension-dir +; extension_dir = "./" +; On windows: +; extension_dir = "ext" + +; Directory where the temporary files should be placed. +; Defaults to the system default (see sys_get_temp_dir) +; sys_temp_dir = "/tmp" + +; Whether or not to enable the dl() function. The dl() function does NOT work +; properly in multithreaded servers, such as IIS or Zeus, and is automatically +; disabled on them. +; http://php.net/enable-dl +enable_dl = Off + +; cgi.force_redirect is necessary to provide security running PHP as a CGI under +; most web servers. Left undefined, PHP turns this on by default. You can +; turn it off here AT YOUR OWN RISK +; **You CAN safely turn this off for IIS, in fact, you MUST.** +; http://php.net/cgi.force-redirect +;cgi.force_redirect = 1 + +; if cgi.nph is enabled it will force cgi to always sent Status: 200 with +; every request. PHP's default behavior is to disable this feature. +;cgi.nph = 1 + +; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape +; (iPlanet) web servers, you MAY need to set an environment variable name that PHP +; will look for to know it is OK to continue execution. Setting this variable MAY +; cause security issues, KNOW WHAT YOU ARE DOING FIRST. +; http://php.net/cgi.redirect-status-env +;cgi.redirect_status_env = + +; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's +; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok +; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting +; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting +; of zero causes PHP to behave as before. Default is 1. You should fix your scripts +; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. +; http://php.net/cgi.fix-pathinfo +;cgi.fix_pathinfo=1 + +; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate +; security tokens of the calling client. This allows IIS to define the +; security context that the request runs under. mod_fastcgi under Apache +; does not currently support this feature (03/17/2002) +; Set to 1 if running under IIS. Default is zero. +; http://php.net/fastcgi.impersonate +;fastcgi.impersonate = 1 + +; Disable logging through FastCGI connection. PHP's default behavior is to enable +; this feature. +;fastcgi.logging = 0 + +; cgi.rfc2616_headers configuration option tells PHP what type of headers to +; use when sending HTTP response code. If it's set 0 PHP sends Status: header that +; is supported by Apache. When this option is set to 1 PHP will send +; RFC2616 compliant header. +; Default is zero. +; http://php.net/cgi.rfc2616-headers +;cgi.rfc2616_headers = 0 + +;;;;;;;;;;;;;;;; +; File Uploads ; +;;;;;;;;;;;;;;;; + +; Whether to allow HTTP file uploads. +; http://php.net/file-uploads +file_uploads = On + +; Temporary directory for HTTP uploaded files (will use system default if not +; specified). +; http://php.net/upload-tmp-dir +;upload_tmp_dir = + +; Maximum allowed size for uploaded files. +; http://php.net/upload-max-filesize +upload_max_filesize = 100M + +; Maximum number of files that can be uploaded via a single request +max_file_uploads = 20 + +;;;;;;;;;;;;;;;;;; +; Fopen wrappers ; +;;;;;;;;;;;;;;;;;; + +; Whether to allow the treatment of URLs (like http:// or ftp://) as files. +; http://php.net/allow-url-fopen +allow_url_fopen = On + +; Whether to allow include/require to open URLs (like http:// or ftp://) as files. +; http://php.net/allow-url-include +allow_url_include = Off + +; Define the anonymous ftp password (your email address). PHP's default setting +; for this is empty. +; http://php.net/from +;from="john@doe.com" + +; Define the User-Agent string. PHP's default setting for this is empty. +; http://php.net/user-agent +;user_agent="PHP" + +; Default timeout for socket based streams (seconds) +; http://php.net/default-socket-timeout +default_socket_timeout = 60 + +; If your scripts have to deal with files from Macintosh systems, +; or you are running on a Mac and need to deal with files from +; unix or win32 systems, setting this flag will cause PHP to +; automatically detect the EOL character in those files so that +; fgets() and file() will work regardless of the source of the file. +; http://php.net/auto-detect-line-endings +;auto_detect_line_endings = Off + +;;;;;;;;;;;;;;;;;;;;;; +; Dynamic Extensions ; +;;;;;;;;;;;;;;;;;;;;;; + +; If you wish to have an extension loaded automatically, use the following +; syntax: +; +; extension=modulename.extension +; +; For example, on Windows: +; +; extension=msql.dll +; +; ... or under UNIX: +; +; extension=msql.so +; +; ... or with a path: +; +; extension=/path/to/extension/msql.so +; +; If you only provide the name of the extension, PHP will look for it in its +; default extension directory. +; + +;;;;;;;;;;;;;;;;;;; +; Module Settings ; +;;;;;;;;;;;;;;;;;;; + +[CLI Server] +; Whether the CLI web server uses ANSI color coding in its terminal output. +cli_server.color = On + +[Date] +; Defines the default timezone used by the date functions +; http://php.net/date.timezone +date.timezone = "Europe/Berlin" + +; http://php.net/date.default-latitude +;date.default_latitude = 31.7667 + +; http://php.net/date.default-longitude +;date.default_longitude = 35.2333 + +; http://php.net/date.sunrise-zenith +;date.sunrise_zenith = 90.583333 + +; http://php.net/date.sunset-zenith +;date.sunset_zenith = 90.583333 + +[filter] +; http://php.net/filter.default +;filter.default = unsafe_raw + +; http://php.net/filter.default-flags +;filter.default_flags = + +[iconv] +;iconv.input_encoding = ISO-8859-1 +;iconv.internal_encoding = ISO-8859-1 +;iconv.output_encoding = ISO-8859-1 + +[intl] +;intl.default_locale = +; This directive allows you to produce PHP errors when some error +; happens within intl functions. The value is the level of the error produced. +; Default is 0, which does not produce any errors. +;intl.error_level = E_WARNING + +[sqlite] +; http://php.net/sqlite.assoc-case +;sqlite.assoc_case = 0 + +[sqlite3] +;sqlite3.extension_dir = + +[Pcre] +;PCRE library backtracking limit. +; http://php.net/pcre.backtrack-limit +;pcre.backtrack_limit=100000 + +;PCRE library recursion limit. +;Please note that if you set this value to a high number you may consume all +;the available process stack and eventually crash PHP (due to reaching the +;stack size limit imposed by the Operating System). +; http://php.net/pcre.recursion-limit +;pcre.recursion_limit=100000 + +[Pdo] +; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" +; http://php.net/pdo-odbc.connection-pooling +;pdo_odbc.connection_pooling=strict + +;pdo_odbc.db2_instance_name + +[Pdo_mysql] +; If mysqlnd is used: Number of cache slots for the internal result set cache +; http://php.net/pdo_mysql.cache_size +pdo_mysql.cache_size = 2000 + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; http://php.net/pdo_mysql.default-socket +pdo_mysql.default_socket= + +[Phar] +; http://php.net/phar.readonly +;phar.readonly = On + +; http://php.net/phar.require-hash +;phar.require_hash = On + +;phar.cache_list = + +[mail function] +; For Win32 only. +; http://php.net/smtp +SMTP = localhost +; http://php.net/smtp-port +smtp_port = 25 + +; For Win32 only. +; http://php.net/sendmail-from +;sendmail_from = me@example.com + +; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). +; http://php.net/sendmail-path +;sendmail_path = + +; Force the addition of the specified parameters to be passed as extra parameters +; to the sendmail binary. These parameters will always replace the value of +; the 5th parameter to mail(), even in safe mode. +;mail.force_extra_parameters = + +; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename +mail.add_x_header = On + +; The path to a log file that will log all mail() calls. Log entries include +; the full path of the script, line number, To address and headers. +;mail.log = +; Log mail to syslog (Event Log on NT, not valid in Windows 95). +;mail.log = syslog + +[SQL] +; http://php.net/sql.safe-mode +sql.safe_mode = Off + +[ODBC] +; http://php.net/odbc.default-db +;odbc.default_db = Not yet implemented + +; http://php.net/odbc.default-user +;odbc.default_user = Not yet implemented + +; http://php.net/odbc.default-pw +;odbc.default_pw = Not yet implemented + +; Controls the ODBC cursor model. +; Default: SQL_CURSOR_STATIC (default). +;odbc.default_cursortype + +; Allow or prevent persistent links. +; http://php.net/odbc.allow-persistent +odbc.allow_persistent = On + +; Check that a connection is still valid before reuse. +; http://php.net/odbc.check-persistent +odbc.check_persistent = On + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/odbc.max-persistent +odbc.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; http://php.net/odbc.max-links +odbc.max_links = -1 + +; Handling of LONG fields. Returns number of bytes to variables. 0 means +; passthru. +; http://php.net/odbc.defaultlrl +odbc.defaultlrl = 4096 + +; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. +; See the documentation on odbc_binmode and odbc_longreadlen for an explanation +; of odbc.defaultlrl and odbc.defaultbinmode +; http://php.net/odbc.defaultbinmode +odbc.defaultbinmode = 1 + +;birdstep.max_links = -1 + +[Interbase] +; Allow or prevent persistent links. +ibase.allow_persistent = 1 + +; Maximum number of persistent links. -1 means no limit. +ibase.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +ibase.max_links = -1 + +; Default database name for ibase_connect(). +;ibase.default_db = + +; Default username for ibase_connect(). +;ibase.default_user = + +; Default password for ibase_connect(). +;ibase.default_password = + +; Default charset for ibase_connect(). +;ibase.default_charset = + +; Default timestamp format. +ibase.timestampformat = "%Y-%m-%d %H:%M:%S" + +; Default date format. +ibase.dateformat = "%Y-%m-%d" + +; Default time format. +ibase.timeformat = "%H:%M:%S" + +[MySQL] +; Allow accessing, from PHP's perspective, local files with LOAD DATA statements +; http://php.net/mysql.allow_local_infile +mysql.allow_local_infile = On + +; Allow or prevent persistent links. +; http://php.net/mysql.allow-persistent +mysql.allow_persistent = On + +; If mysqlnd is used: Number of cache slots for the internal result set cache +; http://php.net/mysql.cache_size +mysql.cache_size = 2000 + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/mysql.max-persistent +mysql.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; http://php.net/mysql.max-links +mysql.max_links = -1 + +; Default port number for mysql_connect(). If unset, mysql_connect() will use +; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the +; compile-time value defined MYSQL_PORT (in that order). Win32 will only look +; at MYSQL_PORT. +; http://php.net/mysql.default-port +mysql.default_port = + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; http://php.net/mysql.default-socket +mysql.default_socket = + +; Default host for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysql.default-host +mysql.default_host = + +; Default user for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysql.default-user +mysql.default_user = + +; Default password for mysql_connect() (doesn't apply in safe mode). +; Note that this is generally a *bad* idea to store passwords in this file. +; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password") +; and reveal this password! And of course, any users with read access to this +; file will be able to reveal the password as well. +; http://php.net/mysql.default-password +mysql.default_password = + +; Maximum time (in seconds) for connect timeout. -1 means no limit +; http://php.net/mysql.connect-timeout +mysql.connect_timeout = 60 + +; Trace mode. When trace_mode is active (=On), warnings for table/index scans and +; SQL-Errors will be displayed. +; http://php.net/mysql.trace-mode +mysql.trace_mode = Off + +[MySQLi] + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/mysqli.max-persistent +mysqli.max_persistent = -1 + +; Allow accessing, from PHP's perspective, local files with LOAD DATA statements +; http://php.net/mysqli.allow_local_infile +;mysqli.allow_local_infile = On + +; Allow or prevent persistent links. +; http://php.net/mysqli.allow-persistent +mysqli.allow_persistent = On + +; Maximum number of links. -1 means no limit. +; http://php.net/mysqli.max-links +mysqli.max_links = -1 + +; If mysqlnd is used: Number of cache slots for the internal result set cache +; http://php.net/mysqli.cache_size +mysqli.cache_size = 2000 + +; Default port number for mysqli_connect(). If unset, mysqli_connect() will use +; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the +; compile-time value defined MYSQL_PORT (in that order). Win32 will only look +; at MYSQL_PORT. +; http://php.net/mysqli.default-port +mysqli.default_port = 3306 + +; Default socket name for local MySQL connects. If empty, uses the built-in +; MySQL defaults. +; http://php.net/mysqli.default-socket +mysqli.default_socket = + +; Default host for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysqli.default-host +mysqli.default_host = + +; Default user for mysql_connect() (doesn't apply in safe mode). +; http://php.net/mysqli.default-user +mysqli.default_user = + +; Default password for mysqli_connect() (doesn't apply in safe mode). +; Note that this is generally a *bad* idea to store passwords in this file. +; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") +; and reveal this password! And of course, any users with read access to this +; file will be able to reveal the password as well. +; http://php.net/mysqli.default-pw +mysqli.default_pw = + +; Allow or prevent reconnect +mysqli.reconnect = Off + +[mysqlnd] +; Enable / Disable collection of general statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +; http://php.net/mysqlnd.collect_statistics +mysqlnd.collect_statistics = On + +; Enable / Disable collection of memory usage statistics by mysqlnd which can be +; used to tune and monitor MySQL operations. +; http://php.net/mysqlnd.collect_memory_statistics +mysqlnd.collect_memory_statistics = Off + +; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. +; http://php.net/mysqlnd.net_cmd_buffer_size +;mysqlnd.net_cmd_buffer_size = 2048 + +; Size of a pre-allocated buffer used for reading data sent by the server in +; bytes. +; http://php.net/mysqlnd.net_read_buffer_size +;mysqlnd.net_read_buffer_size = 32768 + +[OCI8] + +; Connection: Enables privileged connections using external +; credentials (OCI_SYSOPER, OCI_SYSDBA) +; http://php.net/oci8.privileged-connect +;oci8.privileged_connect = Off + +; Connection: The maximum number of persistent OCI8 connections per +; process. Using -1 means no limit. +; http://php.net/oci8.max-persistent +;oci8.max_persistent = -1 + +; Connection: The maximum number of seconds a process is allowed to +; maintain an idle persistent connection. Using -1 means idle +; persistent connections will be maintained forever. +; http://php.net/oci8.persistent-timeout +;oci8.persistent_timeout = -1 + +; Connection: The number of seconds that must pass before issuing a +; ping during oci_pconnect() to check the connection validity. When +; set to 0, each oci_pconnect() will cause a ping. Using -1 disables +; pings completely. +; http://php.net/oci8.ping-interval +;oci8.ping_interval = 60 + +; Connection: Set this to a user chosen connection class to be used +; for all pooled server requests with Oracle 11g Database Resident +; Connection Pooling (DRCP). To use DRCP, this value should be set to +; the same string for all web servers running the same application, +; the database pool must be configured, and the connection string must +; specify to use a pooled server. +;oci8.connection_class = + +; High Availability: Using On lets PHP receive Fast Application +; Notification (FAN) events generated when a database node fails. The +; database must also be configured to post FAN events. +;oci8.events = Off + +; Tuning: This option enables statement caching, and specifies how +; many statements to cache. Using 0 disables statement caching. +; http://php.net/oci8.statement-cache-size +;oci8.statement_cache_size = 20 + +; Tuning: Enables statement prefetching and sets the default number of +; rows that will be fetched automatically after statement execution. +; http://php.net/oci8.default-prefetch +;oci8.default_prefetch = 100 + +; Compatibility. Using On means oci_close() will not close +; oci_connect() and oci_new_connect() connections. +; http://php.net/oci8.old-oci-close-semantics +;oci8.old_oci_close_semantics = Off + +[PostgreSQL] +; Allow or prevent persistent links. +; http://php.net/pgsql.allow-persistent +pgsql.allow_persistent = On + +; Detect broken persistent links always with pg_pconnect(). +; Auto reset feature requires a little overheads. +; http://php.net/pgsql.auto-reset-persistent +pgsql.auto_reset_persistent = Off + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/pgsql.max-persistent +pgsql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +; http://php.net/pgsql.max-links +pgsql.max_links = -1 + +; Ignore PostgreSQL backends Notice message or not. +; Notice message logging require a little overheads. +; http://php.net/pgsql.ignore-notice +pgsql.ignore_notice = 0 + +; Log PostgreSQL backends Notice message or not. +; Unless pgsql.ignore_notice=0, module cannot log notice message. +; http://php.net/pgsql.log-notice +pgsql.log_notice = 0 + +[Sybase-CT] +; Allow or prevent persistent links. +; http://php.net/sybct.allow-persistent +sybct.allow_persistent = On + +; Maximum number of persistent links. -1 means no limit. +; http://php.net/sybct.max-persistent +sybct.max_persistent = -1 + +; Maximum number of links (persistent + non-persistent). -1 means no limit. +; http://php.net/sybct.max-links +sybct.max_links = -1 + +; Minimum server message severity to display. +; http://php.net/sybct.min-server-severity +sybct.min_server_severity = 10 + +; Minimum client message severity to display. +; http://php.net/sybct.min-client-severity +sybct.min_client_severity = 10 + +; Set per-context timeout +; http://php.net/sybct.timeout +;sybct.timeout= + +;sybct.packet_size + +; The maximum time in seconds to wait for a connection attempt to succeed before returning failure. +; Default: one minute +;sybct.login_timeout= + +; The name of the host you claim to be connecting from, for display by sp_who. +; Default: none +;sybct.hostname= + +; Allows you to define how often deadlocks are to be retried. -1 means "forever". +; Default: 0 +;sybct.deadlock_retry_count= + +[bcmath] +; Number of decimal digits for all bcmath functions. +; http://php.net/bcmath.scale +bcmath.scale = 0 + +[browscap] +; http://php.net/browscap +;browscap = extra/browscap.ini + +[Session] +; Handler used to store/retrieve data. +; http://php.net/session.save-handler +session.save_handler = files + +; Argument passed to save_handler. In the case of files, this is the path +; where data files are stored. Note: Windows users have to change this +; variable in order to use PHP's session functions. +; +; The path can be defined as: +; +; session.save_path = "N;/path" +; +; where N is an integer. Instead of storing all the session files in +; /path, what this will do is use subdirectories N-levels deep, and +; store the session data in those directories. This is useful if you +; or your OS have problems with lots of files in one directory, and is +; a more efficient layout for servers that handle lots of sessions. +; +; NOTE 1: PHP will not create this directory structure automatically. +; You can use the script in the ext/session dir for that purpose. +; NOTE 2: See the section on garbage collection below if you choose to +; use subdirectories for session storage +; +; The file storage module creates files using mode 600 by default. +; You can change that by using +; +; session.save_path = "N;MODE;/path" +; +; where MODE is the octal representation of the mode. Note that this +; does not overwrite the process's umask. +; http://php.net/session.save-path +;session.save_path = "/var/lib/php5" + +; Whether to use strict session mode. +; Strict session mode does not accept uninitialized session ID and regenerate +; session ID if browser sends uninitialized session ID. Strict mode protects +; applications from session fixation via session adoption vulnerability. It is +; disabled by default for maximum compatibility, but enabling it is encouraged. +; https://wiki.php.net/rfc/strict_sessions +session.use_strict_mode = 0 + +; Whether to use cookies. +; http://php.net/session.use-cookies +session.use_cookies = 1 + +; http://php.net/session.cookie-secure +;session.cookie_secure = + +; This option forces PHP to fetch and use a cookie for storing and maintaining +; the session id. We encourage this operation as it's very helpful in combating +; session hijacking when not specifying and managing your own session id. It is +; not the end all be all of session hijacking defense, but it's a good start. +; http://php.net/session.use-only-cookies +session.use_only_cookies = 1 + +; Name of the session (used as cookie name). +; http://php.net/session.name +session.name = PHPSESSID + +; Initialize session on request startup. +; http://php.net/session.auto-start +session.auto_start = 0 + +; Lifetime in seconds of cookie or, if 0, until browser is restarted. +; http://php.net/session.cookie-lifetime +session.cookie_lifetime = 0 + +; The path for which the cookie is valid. +; http://php.net/session.cookie-path +session.cookie_path = / + +; The domain for which the cookie is valid. +; http://php.net/session.cookie-domain +session.cookie_domain = + +; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. +; http://php.net/session.cookie-httponly +session.cookie_httponly = + +; Handler used to serialize data. php is the standard serializer of PHP. +; http://php.net/session.serialize-handler +session.serialize_handler = php + +; Defines the probability that the 'garbage collection' process is started +; on every session initialization. The probability is calculated by using +; gc_probability/gc_divisor. Where session.gc_probability is the numerator +; and gc_divisor is the denominator in the equation. Setting this value to 1 +; when the session.gc_divisor value is 100 will give you approximately a 1% chance +; the gc will run on any give request. +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; http://php.net/session.gc-probability +session.gc_probability = 0 + +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using the following equation: +; gc_probability/gc_divisor. Where session.gc_probability is the numerator and +; session.gc_divisor is the denominator in the equation. Setting this value to 1 +; when the session.gc_divisor value is 100 will give you approximately a 1% chance +; the gc will run on any give request. Increasing this value to 1000 will give you +; a 0.1% chance the gc will run on any give request. For high volume production servers, +; this is a more efficient approach. +; Default Value: 100 +; Development Value: 1000 +; Production Value: 1000 +; http://php.net/session.gc-divisor +session.gc_divisor = 1000 + +; After this number of seconds, stored data will be seen as 'garbage' and +; cleaned up by the garbage collection process. +; http://php.net/session.gc-maxlifetime +session.gc_maxlifetime = 1440 + +; NOTE: If you are using the subdirectory option for storing session files +; (see session.save_path above), then garbage collection does *not* +; happen automatically. You will need to do your own garbage +; collection through a shell script, cron entry, or some other method. +; For example, the following script would is the equivalent of +; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; find /path/to/sessions -cmin +24 -type f | xargs rm + +; PHP 4.2 and less have an undocumented feature/bug that allows you to +; to initialize a session variable in the global scope. +; PHP 4.3 and later will warn you, if this feature is used. +; You can disable the feature and the warning separately. At this time, +; the warning is only displayed, if bug_compat_42 is enabled. This feature +; introduces some serious security problems if not handled correctly. It's +; recommended that you do not use this feature on production servers. But you +; should enable this on development servers and enable the warning as well. If you +; do not enable the feature on development servers, you won't be warned when it's +; used and debugging errors caused by this can be difficult to track down. +; Default Value: On +; Development Value: On +; Production Value: Off +; http://php.net/session.bug-compat-42 +session.bug_compat_42 = Off + +; This setting controls whether or not you are warned by PHP when initializing a +; session value into the global space. session.bug_compat_42 must be enabled before +; these warnings can be issued by PHP. See the directive above for more information. +; Default Value: On +; Development Value: On +; Production Value: Off +; http://php.net/session.bug-compat-warn +session.bug_compat_warn = Off + +; Check HTTP Referer to invalidate externally stored URLs containing ids. +; HTTP_REFERER has to contain this substring for the session to be +; considered as valid. +; http://php.net/session.referer-check +session.referer_check = + +; How many bytes to read from the file. +; http://php.net/session.entropy-length +;session.entropy_length = 32 + +; Specified here to create the session id. +; http://php.net/session.entropy-file +; Defaults to /dev/urandom +; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom +; If neither are found at compile time, the default is no entropy file. +; On windows, setting the entropy_length setting will activate the +; Windows random source (using the CryptoAPI) +;session.entropy_file = /dev/urandom + +; Set to {nocache,private,public,} to determine HTTP caching aspects +; or leave this empty to avoid sending anti-caching headers. +; http://php.net/session.cache-limiter +session.cache_limiter = nocache + +; Document expires after n minutes. +; http://php.net/session.cache-expire +session.cache_expire = 180 + +; trans sid support is disabled by default. +; Use of trans sid may risk your users security. +; Use this option with caution. +; - User may send URL contains active session ID +; to other person via. email/irc/etc. +; - URL that contains active session ID may be stored +; in publicly accessible computer. +; - User may access your site with the same session ID +; always using URL stored in browser's history or bookmarks. +; http://php.net/session.use-trans-sid +session.use_trans_sid = 0 + +; Select a hash function for use in generating session ids. +; Possible Values +; 0 (MD5 128 bits) +; 1 (SHA-1 160 bits) +; This option may also be set to the name of any hash function supported by +; the hash extension. A list of available hashes is returned by the hash_algos() +; function. +; http://php.net/session.hash-function +session.hash_function = 0 + +; Define how many bits are stored in each character when converting +; the binary hash data to something readable. +; Possible values: +; 4 (4 bits: 0-9, a-f) +; 5 (5 bits: 0-9, a-v) +; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") +; Default Value: 4 +; Development Value: 5 +; Production Value: 5 +; http://php.net/session.hash-bits-per-character +session.hash_bits_per_character = 5 + +; The URL rewriter will look for URLs in a defined set of HTML tags. +; form/fieldset are special; if you include them here, the rewriter will +; add a hidden field with the info which is otherwise appended +; to URLs. If you want XHTML conformity, remove the form entry. +; Note that all valid entries require a "=", even if no value follows. +; Default Value: "a=href,area=href,frame=src,form=,fieldset=" +; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" +; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" +; http://php.net/url-rewriter.tags +url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" + +; Enable upload progress tracking in $_SESSION +; Default Value: On +; Development Value: On +; Production Value: On +; http://php.net/session.upload-progress.enabled +;session.upload_progress.enabled = On + +; Cleanup the progress information as soon as all POST data has been read +; (i.e. upload completed). +; Default Value: On +; Development Value: On +; Production Value: On +; http://php.net/session.upload-progress.cleanup +;session.upload_progress.cleanup = On + +; A prefix used for the upload progress key in $_SESSION +; Default Value: "upload_progress_" +; Development Value: "upload_progress_" +; Production Value: "upload_progress_" +; http://php.net/session.upload-progress.prefix +;session.upload_progress.prefix = "upload_progress_" + +; The index name (concatenated with the prefix) in $_SESSION +; containing the upload progress information +; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" +; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" +; http://php.net/session.upload-progress.name +;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" + +; How frequently the upload progress should be updated. +; Given either in percentages (per-file), or in bytes +; Default Value: "1%" +; Development Value: "1%" +; Production Value: "1%" +; http://php.net/session.upload-progress.freq +;session.upload_progress.freq = "1%" + +; The minimum delay between updates, in seconds +; Default Value: 1 +; Development Value: 1 +; Production Value: 1 +; http://php.net/session.upload-progress.min-freq +;session.upload_progress.min_freq = "1" + +[MSSQL] +; Allow or prevent persistent links. +mssql.allow_persistent = On + +; Maximum number of persistent links. -1 means no limit. +mssql.max_persistent = -1 + +; Maximum number of links (persistent+non persistent). -1 means no limit. +mssql.max_links = -1 + +; Minimum error severity to display. +mssql.min_error_severity = 10 + +; Minimum message severity to display. +mssql.min_message_severity = 10 + +; Compatibility mode with old versions of PHP 3.0. +mssql.compatibility_mode = Off + +; Connect timeout +;mssql.connect_timeout = 5 + +; Query timeout +;mssql.timeout = 60 + +; Valid range 0 - 2147483647. Default = 4096. +;mssql.textlimit = 4096 + +; Valid range 0 - 2147483647. Default = 4096. +;mssql.textsize = 4096 + +; Limits the number of records in each batch. 0 = all records in one batch. +;mssql.batchsize = 0 + +; Specify how datetime and datetim4 columns are returned +; On => Returns data converted to SQL server settings +; Off => Returns values as YYYY-MM-DD hh:mm:ss +;mssql.datetimeconvert = On + +; Use NT authentication when connecting to the server +mssql.secure_connection = Off + +; Specify max number of processes. -1 = library default +; msdlib defaults to 25 +; FreeTDS defaults to 4096 +;mssql.max_procs = -1 + +; Specify client character set. +; If empty or not set the client charset from freetds.conf is used +; This is only used when compiled with FreeTDS +;mssql.charset = "ISO-8859-1" + +[Assertion] +; Assert(expr); active by default. +; http://php.net/assert.active +;assert.active = On + +; Issue a PHP warning for each failed assertion. +; http://php.net/assert.warning +;assert.warning = On + +; Don't bail out by default. +; http://php.net/assert.bail +;assert.bail = Off + +; User-function to be called if an assertion fails. +; http://php.net/assert.callback +;assert.callback = 0 + +; Eval the expression with current error_reporting(). Set to true if you want +; error_reporting(0) around the eval(). +; http://php.net/assert.quiet-eval +;assert.quiet_eval = 0 + +[COM] +; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs +; http://php.net/com.typelib-file +;com.typelib_file = + +; allow Distributed-COM calls +; http://php.net/com.allow-dcom +;com.allow_dcom = true + +; autoregister constants of a components typlib on com_load() +; http://php.net/com.autoregister-typelib +;com.autoregister_typelib = true + +; register constants casesensitive +; http://php.net/com.autoregister-casesensitive +;com.autoregister_casesensitive = false + +; show warnings on duplicate constant registrations +; http://php.net/com.autoregister-verbose +;com.autoregister_verbose = true + +; The default character set code-page to use when passing strings to and from COM objects. +; Default: system ANSI code page +;com.code_page= + +[mbstring] +; language for internal character representation. +; http://php.net/mbstring.language +;mbstring.language = Japanese + +; internal/script encoding. +; Some encoding cannot work as internal encoding. +; (e.g. SJIS, BIG5, ISO-2022-*) +; http://php.net/mbstring.internal-encoding +;mbstring.internal_encoding = UTF-8 + +; http input encoding. +; http://php.net/mbstring.http-input +;mbstring.http_input = UTF-8 + +; http output encoding. mb_output_handler must be +; registered as output buffer to function +; http://php.net/mbstring.http-output +;mbstring.http_output = pass + +; enable automatic encoding translation according to +; mbstring.internal_encoding setting. Input chars are +; converted to internal encoding by setting this to On. +; Note: Do _not_ use automatic encoding translation for +; portable libs/applications. +; http://php.net/mbstring.encoding-translation +;mbstring.encoding_translation = Off + +; automatic encoding detection order. +; auto means +; http://php.net/mbstring.detect-order +;mbstring.detect_order = auto + +; substitute_character used when character cannot be converted +; one from another +; http://php.net/mbstring.substitute-character +;mbstring.substitute_character = none + +; overload(replace) single byte functions by mbstring functions. +; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), +; etc. Possible values are 0,1,2,4 or combination of them. +; For example, 7 for overload everything. +; 0: No overload +; 1: Overload mail() function +; 2: Overload str*() functions +; 4: Overload ereg*() functions +; http://php.net/mbstring.func-overload +;mbstring.func_overload = 0 + +; enable strict encoding detection. +;mbstring.strict_detection = On + +; This directive specifies the regex pattern of content types for which mb_output_handler() +; is activated. +; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) +;mbstring.http_output_conv_mimetype= + +[gd] +; Tell the jpeg decode to ignore warnings and try to create +; a gd image. The warning will then be displayed as notices +; disabled by default +; http://php.net/gd.jpeg-ignore-warning +;gd.jpeg_ignore_warning = 0 + +[exif] +; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. +; With mbstring support this will automatically be converted into the encoding +; given by corresponding encode setting. When empty mbstring.internal_encoding +; is used. For the decode settings you can distinguish between motorola and +; intel byte order. A decode setting cannot be empty. +; http://php.net/exif.encode-unicode +;exif.encode_unicode = ISO-8859-15 + +; http://php.net/exif.decode-unicode-motorola +;exif.decode_unicode_motorola = UCS-2BE + +; http://php.net/exif.decode-unicode-intel +;exif.decode_unicode_intel = UCS-2LE + +; http://php.net/exif.encode-jis +;exif.encode_jis = + +; http://php.net/exif.decode-jis-motorola +;exif.decode_jis_motorola = JIS + +; http://php.net/exif.decode-jis-intel +;exif.decode_jis_intel = JIS + +[Tidy] +; The path to a default tidy configuration file to use when using tidy +; http://php.net/tidy.default-config +;tidy.default_config = /usr/local/lib/php/default.tcfg + +; Should tidy clean and repair output automatically? +; WARNING: Do not use this option if you are generating non-html content +; such as dynamic images +; http://php.net/tidy.clean-output +tidy.clean_output = Off + +[soap] +; Enables or disables WSDL caching feature. +; http://php.net/soap.wsdl-cache-enabled +soap.wsdl_cache_enabled=1 + +; Sets the directory name where SOAP extension will put cache files. +; http://php.net/soap.wsdl-cache-dir +soap.wsdl_cache_dir="/tmp" + +; (time to live) Sets the number of second while cached file will be used +; instead of original one. +; http://php.net/soap.wsdl-cache-ttl +soap.wsdl_cache_ttl=86400 + +; Sets the size of the cache limit. (Max. number of WSDL files to cache) +soap.wsdl_cache_limit = 5 + +[sysvshm] +; A default size of the shared memory segment +;sysvshm.init_mem = 10000 + +[ldap] +; Sets the maximum number of open links or -1 for unlimited. +ldap.max_links = -1 + +[mcrypt] +; For more information about mcrypt settings see http://php.net/mcrypt-module-open + +; Directory where to load mcrypt algorithms +; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) +;mcrypt.algorithms_dir= + +; Directory where to load mcrypt modes +; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) +;mcrypt.modes_dir= + +[dba] +;dba.default_handler= + +[opcache] +; Determines if Zend OPCache is enabled +;opcache.enable=0 + +; Determines if Zend OPCache is enabled for the CLI version of PHP +;opcache.enable_cli=0 + +; The OPcache shared memory storage size. +;opcache.memory_consumption=64 + +; The amount of memory for interned strings in Mbytes. +;opcache.interned_strings_buffer=4 + +; The maximum number of keys (scripts) in the OPcache hash table. +; Only numbers between 200 and 100000 are allowed. +;opcache.max_accelerated_files=2000 + +; The maximum percentage of "wasted" memory until a restart is scheduled. +;opcache.max_wasted_percentage=5 + +; When this directive is enabled, the OPcache appends the current working +; directory to the script key, thus eliminating possible collisions between +; files with the same name (basename). Disabling the directive improves +; performance, but may break existing applications. +;opcache.use_cwd=1 + +; When disabled, you must reset the OPcache manually or restart the +; webserver for changes to the filesystem to take effect. +;opcache.validate_timestamps=1 + +; How often (in seconds) to check file timestamps for changes to the shared +; memory storage allocation. ("1" means validate once per second, but only +; once per request. "0" means always validate) +;opcache.revalidate_freq=2 + +; Enables or disables file search in include_path optimization +;opcache.revalidate_path=0 + +; If disabled, all PHPDoc comments are dropped from the code to reduce the +; size of the optimized code. +;opcache.save_comments=1 + +; If disabled, PHPDoc comments are not loaded from SHM, so "Doc Comments" +; may be always stored (save_comments=1), but not loaded by applications +; that don't need them anyway. +;opcache.load_comments=1 + +; If enabled, a fast shutdown sequence is used for the accelerated code +;opcache.fast_shutdown=0 + +; Allow file existence override (file_exists, etc.) performance feature. +;opcache.enable_file_override=0 + +; A bitmask, where each bit enables or disables the appropriate OPcache +; passes +;opcache.optimization_level=0xffffffff + +;opcache.inherited_hack=1 +;opcache.dups_fix=0 + +; The location of the OPcache blacklist file (wildcards allowed). +; Each OPcache blacklist file is a text file that holds the names of files +; that should not be accelerated. The file format is to add each filename +; to a new line. The filename may be a full path or just a file prefix +; (i.e., /var/www/x blacklists all the files and directories in /var/www +; that start with 'x'). Line starting with a ; are ignored (comments). +;opcache.blacklist_filename= + +; Allows exclusion of large files from being cached. By default all files +; are cached. +;opcache.max_file_size=0 + +; Check the cache checksum each N requests. +; The default value of "0" means that the checks are disabled. +;opcache.consistency_checks=0 + +; How long to wait (in seconds) for a scheduled restart to begin if the cache +; is not being accessed. +;opcache.force_restart_timeout=180 + +; OPcache error_log file name. Empty string assumes "stderr". +;opcache.error_log= + +; All OPcache errors go to the Web server log. +; By default, only fatal errors (level 0) or errors (level 1) are logged. +; You can also enable warnings (level 2), info messages (level 3) or +; debug messages (level 4). +;opcache.log_verbosity_level=1 + +; Preferred Shared Memory back-end. Leave empty and let the system decide. +;opcache.preferred_memory_model= + +; Protect the shared memory from unexpected writing during script execution. +; Useful for internal debugging only. +;opcache.protect_memory=0 + +[curl] +; A default value for the CURLOPT_CAINFO option. This is required to be an +; absolute path. +;curl.cainfo = + +; Local Variables: +; tab-width: 4 +; End: diff --git a/poweradmin/config.inc.php b/poweradmin/config.inc.php new file mode 100644 index 0000000..000478b --- /dev/null +++ b/poweradmin/config.inc.php @@ -0,0 +1,77 @@ + + * @copyright 2010-2014 Poweradmin Development Team + * @license http://opensource.org/licenses/GPL-3.0 GPL + */ +// NOTE: Do not edit this file, otherwise it's very likely your changes +// will be overwritten with an upgrade. +// Instead, create the file "inc/config.inc.php" and set the variables you +// want to set there. Your changes will override the defaults provided by us. +// Better description of available configuration settings you can find here: +// +// Database settings +$db_host = '{{MYSQL_HOST}}'; +$db_port = '{{MYSQL_PORT}}'; +$db_user = '{{MYSQL_USER}}'; +$db_pass = '{{MYSQL_PASSWORD}}'; +$db_name = '{{MYSQL_DB}}'; +$db_type = 'mysql'; +//$db_file = ''; # used only for SQLite, provide full path to database file +//$db_debug = false; # show all SQL queries +//$db_ssl_ca = ''; + +// Security settings +// This should be changed upon install +$session_key = 'vo4healj4es7ga5hew7w'; +$password_encryption = 'md5'; // or md5salt + +// Interface settings +$iface_lang = 'en_EN'; +$iface_style = 'example'; +$iface_rowamount = 50; +$iface_expire = 1800; +$iface_zonelist_serial = false; +$iface_title = 'Poweradmin'; +$iface_add_reverse_record = true; + +// Predefined DNS settings +$dns_hostmaster = '{{POWERADMIN_HOSTMASTER}}'; +$dns_ns1 = '{{POWERADMIN_NS1}}'; +$dns_ns2 = '{{POWERADMIN_NS2}}'; +$dns_ttl = 86400; +$dns_fancy = false; +$dns_strict_tld_check = false; +$dns_top_level_tld_check = false; // Don't allow to create top level TLDs +$dns_third_level_check = false; + +// Timezone settings +// See for help. +//$timezone = 'UTC'; + +// Logging settings +// Syslog usage - writes authentication attempts to syslog +// This facility could be used in combination with fail2ban to +// ban IPs with break-in attempts +$syslog_use = false; +$syslog_ident = 'poweradmin'; +// On Windows usually only LOG_USER is available +$syslog_facility = LOG_USER; + +// PowerDNSSEC settings +$pdnssec_use = true; +$pdnssec_command = '/usr/bin/pdnsutil'; + +// LDAP settings +$ldap_use = false; +$ldap_debug = false; +$ldap_uri = 'ldap://domaincontroller.example.com'; +$ldap_basedn = 'OU=Users,DC=example,DC=com'; +$ldap_binddn = 'GROUP\lookupuser'; +$ldap_bindpw = 'some_password'; +$ldap_user_attribute = 'sAMAccountName'; +$ldap_proto = 3; diff --git a/sql/defailt_schema.sql b/sql/pdns_schema.sql similarity index 100% rename from sql/defailt_schema.sql rename to sql/pdns_schema.sql diff --git a/sql/poweradmin.sql b/sql/poweradmin.sql new file mode 100644 index 0000000..edc8c26 --- /dev/null +++ b/sql/poweradmin.sql @@ -0,0 +1,119 @@ +-- PowerAdmin +-- MySQL Database Structure +-- + +CREATE TABLE users ( + id INTEGER NOT NULL AUTO_INCREMENT, + username VARCHAR(64) NOT NULL, + `password` VARCHAR(128) NOT NULL, + fullname VARCHAR(255) NOT NULL, + email VARCHAR(255) NOT NULL, + description TEXT NOT NULL, + perm_templ TINYINT NOT NULL, + active TINYINT NOT NULL, + use_ldap TINYINT NOT NULL, + PRIMARY KEY (id) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; + +START TRANSACTION; + INSERT INTO users ( id, username, `password`, fullname, email + , description, perm_templ, active, use_ldap ) + VALUES ( 1, 'admin', '21232f297a57a5a743894a0e4a801fc3', 'Administrator' + , 'admin@example.net', 'Administrator with full rights.', 1, 1, 0 ); +COMMIT; + +CREATE TABLE perm_items ( + id INTEGER NOT NULL AUTO_INCREMENT, + name VARCHAR(64) NOT NULL, + descr TEXT NOT NULL, + PRIMARY KEY (id) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; + +START TRANSACTION; + INSERT INTO perm_items ( id, name, descr ) VALUES ( 41, 'zone_master_add', 'User is allowed to add new master zones.' ); + INSERT INTO perm_items ( id, name, descr ) VALUES ( 42, 'zone_slave_add', 'User is allowed to add new slave zones.' ); + INSERT INTO perm_items ( id, name, descr ) VALUES ( 43, 'zone_content_view_own', 'User is allowed to see the content and meta data of zones he owns.' ); + INSERT INTO perm_items ( id, name, descr ) VALUES ( 44, 'zone_content_edit_own', 'User is allowed to edit the content of zones he owns.' ); + INSERT INTO perm_items ( id, name, descr ) VALUES ( 45, 'zone_meta_edit_own', 'User is allowed to edit the meta data of zones he owns.' ); + INSERT INTO perm_items ( id, name, descr ) VALUES ( 46, 'zone_content_view_others', 'User is allowed to see the content and meta data of zones he does not own.' ); + INSERT INTO perm_items ( id, name, descr ) VALUES ( 47, 'zone_content_edit_others', 'User is allowed to edit the content of zones he does not own.' ); + INSERT INTO perm_items ( id, name, descr ) VALUES ( 48, 'zone_meta_edit_others', 'User is allowed to edit the meta data of zones he does not own.' ); + INSERT INTO perm_items ( id, name, descr ) VALUES ( 49, 'search', 'User is allowed to perform searches.' ); + INSERT INTO perm_items ( id, name, descr ) VALUES ( 50, 'supermaster_view', 'User is allowed to view supermasters.' ); + INSERT INTO perm_items ( id, name, descr ) VALUES ( 51, 'supermaster_add', 'User is allowed to add new supermasters.' ); + INSERT INTO perm_items ( id, name, descr ) VALUES ( 52, 'supermaster_edit', 'User is allowed to edit supermasters.' ); + INSERT INTO perm_items ( id, name, descr ) VALUES ( 53, 'user_is_ueberuser', 'User has full access. God-like. Redeemer.' ); + INSERT INTO perm_items ( id, name, descr ) VALUES ( 54, 'user_view_others', 'User is allowed to see other users and their details.' ); + INSERT INTO perm_items ( id, name, descr ) VALUES ( 55, 'user_add_new', 'User is allowed to add new users.' ); + INSERT INTO perm_items ( id, name, descr ) VALUES ( 56, 'user_edit_own', 'User is allowed to edit their own details.' ); + INSERT INTO perm_items ( id, name, descr ) VALUES ( 57, 'user_edit_others', 'User is allowed to edit other users.' ); + INSERT INTO perm_items ( id, name, descr ) VALUES ( 58, 'user_passwd_edit_others', 'User is allowed to edit the password of other users.' ); + INSERT INTO perm_items ( id, name, descr ) VALUES ( 59, 'user_edit_templ_perm', 'User is allowed to change the permission template that is assigned to a user.' ); + INSERT INTO perm_items ( id, name, descr ) VALUES ( 60, 'templ_perm_add', 'User is allowed to add new permission templates.' ); + INSERT INTO perm_items ( id, name, descr ) VALUES ( 61, 'templ_perm_edit', 'User is allowed to edit existing permission templates.' ); +COMMIT; + +CREATE TABLE perm_templ ( + id INTEGER NOT NULL AUTO_INCREMENT, + name VARCHAR(128) NOT NULL, + descr TEXT NOT NULL, + PRIMARY KEY (id) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; + +START TRANSACTION; + INSERT INTO perm_templ ( id, name, descr ) + VALUES ( 1, 'Administrator' + , 'Administrator template with full rights.' ); +COMMIT; + +CREATE TABLE perm_templ_items ( + id INTEGER NOT NULL AUTO_INCREMENT, + templ_id INTEGER NOT NULL, + perm_id INTEGER NOT NULL, + PRIMARY KEY (id) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; + +START TRANSACTION; + INSERT INTO perm_templ_items ( id, templ_id, perm_id ) + VALUES ( 1, 1, 53 ); +COMMIT; + +CREATE TABLE zones ( + id INTEGER NOT NULL AUTO_INCREMENT, + domain_id INTEGER NOT NULL, + owner INTEGER NOT NULL, + `comment` TEXT, + zone_templ_id INTEGER NOT NULL, + PRIMARY KEY (id), + KEY owner (owner) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; + +CREATE TABLE zone_templ ( + id INTEGER NOT NULL AUTO_INCREMENT, + name VARCHAR(128) NOT NULL, + descr TEXT NOT NULL, + owner INTEGER NOT NULL, + PRIMARY KEY (id) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; + +CREATE TABLE zone_templ_records ( + id INTEGER NOT NULL AUTO_INCREMENT, + zone_templ_id INTEGER NOT NULL, + name VARCHAR(255) NOT NULL, + `type` VARCHAR(6) NOT NULL, + content VARCHAR(255) NOT NULL, + ttl INTEGER NOT NULL, + prio INTEGER NOT NULL, + PRIMARY KEY (id) +) ENGINE=InnoDB DEFAULT CHARSET=latin1; + +CREATE TABLE records_zone_templ ( + domain_id INTEGER NOT NULL, + record_id INTEGER NOT NULL, + zone_templ_id INTEGER NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1; + +CREATE TABLE migrations ( + version VARCHAR(255) NOT NULL, + apply_time INTEGER NOT NULL +) ENGINE=InnoDB DEFAULT CHARSET=latin1; \ No newline at end of file diff --git a/supervisor/conf.d/nginx.c_onf b/supervisor/conf.d/nginx.conf similarity index 73% rename from supervisor/conf.d/nginx.c_onf rename to supervisor/conf.d/nginx.conf index 0b6eb99..53af243 100644 --- a/supervisor/conf.d/nginx.c_onf +++ b/supervisor/conf.d/nginx.conf @@ -1,5 +1,5 @@ [program:nginx] -command = /usr/sbin/nginx +command = /usr/sbin/nginx -g autorestart = true From ffaac6c1b350dd26cfad44bcadfcecd432547b35 Mon Sep 17 00:00:00 2001 From: Root Date: Thu, 26 Jan 2023 02:00:32 +0000 Subject: [PATCH 04/12] off --- Dockerfile | 4 +- docker-compose.yml | 2 + nginx/fastcgi.conf | 26 + nginx/fastcgi_params | 27 +- nginx/http.d/default.conf | 28 + nginx/mime.types | 99 ++ nginx/nginx.conf | 120 +- nginx/scgi_params | 17 + nginx/uwsgi_params | 17 + nginx/vhost.conf | 43 - php/php.ini | 1930 ------------------------------ php81/conf.d/00_gettext.ini | 1 + php81/conf.d/00_openssl.ini | 1 + php81/conf.d/00_pdo.ini | 1 + php81/conf.d/01_mysqlnd.ini | 1 + php81/conf.d/02_pdo_mysql.ini | 1 + php81/php-fpm.conf | 143 +++ php81/php-fpm.d/www.conf | 463 +++++++ php/php-cli.ini => php81/php.ini | 1353 +++++++++++---------- supervisor/conf.d/nginx.conf | 7 +- 20 files changed, 1585 insertions(+), 2699 deletions(-) create mode 100644 nginx/fastcgi.conf create mode 100644 nginx/http.d/default.conf create mode 100644 nginx/mime.types create mode 100644 nginx/scgi_params create mode 100644 nginx/uwsgi_params delete mode 100644 nginx/vhost.conf delete mode 100644 php/php.ini create mode 100644 php81/conf.d/00_gettext.ini create mode 100644 php81/conf.d/00_openssl.ini create mode 100644 php81/conf.d/00_pdo.ini create mode 100644 php81/conf.d/01_mysqlnd.ini create mode 100644 php81/conf.d/02_pdo_mysql.ini create mode 100644 php81/php-fpm.conf create mode 100644 php81/php-fpm.d/www.conf rename php/php-cli.ini => php81/php.ini (61%) diff --git a/Dockerfile b/Dockerfile index 8802570..ebaf841 100644 --- a/Dockerfile +++ b/Dockerfile @@ -136,12 +136,12 @@ COPY powerdns /etc/powerdns COPY entrypoint /usr/bin #nginx -#COPY nginx/nginx.conf /etc/nginx/nginx.conf +COPY nginx /etc/nginx #COPY nginx/vhost.conf /etc/nginx/sites-enabled/vhost.conf #COPY nginx/fastcgi_params /etc/nginx/fastcgi_params #php -#COPY php/php.ini /etc/php81/php.ini +COPY php81 /etc/php81 #COPY php/php-cli.ini /etc/php/7.0/cli/php.ini diff --git a/docker-compose.yml b/docker-compose.yml index 29df59e..d6e4a9f 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,6 +13,8 @@ services: powerdns: image: powerdns:latest + volumes: + - ./nginx:/etc/nginx environment: - POWERDNS_SERVER_ID=serverid - POWERDNS_WEBSERVER_ALLOW_FROM=0.0.0.0/0 diff --git a/nginx/fastcgi.conf b/nginx/fastcgi.conf new file mode 100644 index 0000000..091738c --- /dev/null +++ b/nginx/fastcgi.conf @@ -0,0 +1,26 @@ + +fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; +fastcgi_param QUERY_STRING $query_string; +fastcgi_param REQUEST_METHOD $request_method; +fastcgi_param CONTENT_TYPE $content_type; +fastcgi_param CONTENT_LENGTH $content_length; + +fastcgi_param SCRIPT_NAME $fastcgi_script_name; +fastcgi_param REQUEST_URI $request_uri; +fastcgi_param DOCUMENT_URI $document_uri; +fastcgi_param DOCUMENT_ROOT $document_root; +fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; +fastcgi_param HTTPS $https if_not_empty; + +fastcgi_param GATEWAY_INTERFACE CGI/1.1; +fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; + +fastcgi_param REMOTE_ADDR $remote_addr; +fastcgi_param REMOTE_PORT $remote_port; +fastcgi_param SERVER_ADDR $server_addr; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; + +# PHP only, required if PHP was built with --enable-force-cgi-redirect +fastcgi_param REDIRECT_STATUS 200; diff --git a/nginx/fastcgi_params b/nginx/fastcgi_params index 2703e3a..28decb9 100644 --- a/nginx/fastcgi_params +++ b/nginx/fastcgi_params @@ -1,15 +1,15 @@ + fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; -fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; +fastcgi_param REQUEST_SCHEME $scheme; fastcgi_param HTTPS $https if_not_empty; fastcgi_param GATEWAY_INTERFACE CGI/1.1; @@ -18,27 +18,8 @@ fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; - -# SERVER_PORT needs to be commented out and has to be determined from other fields (e.g. HTTP_HOST) -# Otherwise it points invalid port when container port is mapped to different port on host machine, -# which might result with invalid links generated in a PHP app. -#fastcgi_param SERVER_PORT $server_port; - -# Using $http_host instead of $server_name - $server_name doesn't work correctly when using regexps in vhosts' server_name declaration. -#fastcgi_param SERVER_NAME $server_name; -fastcgi_param SERVER_NAME $http_host; +fastcgi_param SERVER_PORT $server_port; +fastcgi_param SERVER_NAME $server_name; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200; - -fastcgi_index index.php; -fastcgi_connect_timeout 10; -fastcgi_send_timeout 600; -fastcgi_read_timeout 600; -fastcgi_buffer_size 32k; -fastcgi_buffers 32 4k; -fastcgi_busy_buffers_size 64k; -fastcgi_temp_file_write_size 256k; -fastcgi_intercept_errors on; -fastcgi_pass_header on; -fastcgi_keep_conn on; diff --git a/nginx/http.d/default.conf b/nginx/http.d/default.conf new file mode 100644 index 0000000..51d1506 --- /dev/null +++ b/nginx/http.d/default.conf @@ -0,0 +1,28 @@ +# This is a default site configuration which will simply return 404, preventing +# chance access to any other virtualhost. + +server { + listen 80 default_server; + root /var/www/html/; + index index.html index.php; + + location / { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + try_files $uri $uri/ =404; + } + + location ~ \.php$ { + include fastcgi_params; + fastcgi_pass 127.0.0.1:9000; + } + + location ~* \.(?:jpe?g|gif|png|ico|swf|svg|eot|ttf|otf|woff|htc|css|js)$ { + expires max; + } + + # You may need this to prevent return 404 recursion. + location = /404.html { + internal; + } +} diff --git a/nginx/mime.types b/nginx/mime.types new file mode 100644 index 0000000..1c00d70 --- /dev/null +++ b/nginx/mime.types @@ -0,0 +1,99 @@ + +types { + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; + + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; + + image/avif avif; + image/png png; + image/svg+xml svg svgz; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/webp webp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + + font/woff woff; + font/woff2 woff2; + + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.oasis.opendocument.graphics odg; + application/vnd.oasis.opendocument.presentation odp; + application/vnd.oasis.opendocument.spreadsheet ods; + application/vnd.oasis.opendocument.text odt; + application/vnd.openxmlformats-officedocument.presentationml.presentation + pptx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet + xlsx; + application/vnd.openxmlformats-officedocument.wordprocessingml.document + docx; + application/vnd.wap.wmlc wmlc; + application/wasm wasm; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; + + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; + + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; + + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; +} diff --git a/nginx/nginx.conf b/nginx/nginx.conf index 1d608df..919bd59 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -1,51 +1,103 @@ -daemon off; -pid /var/run/nginx.pid; +# /etc/nginx/nginx.conf -user www-data; -error_log /var/log/nginx/error.log; +user nginx; +# Set number of worker processes automatically based on number of CPU cores. worker_processes auto; + +# Enables the use of JIT for regular expressions to speed-up their processing. +pcre_jit on; + +# Configures default error logger. +error_log /var/log/nginx/error.log warn; + +# Includes files with directives to load dynamic modules. +include /etc/nginx/modules/*.conf; + +# Include files with config snippets into the root context. +include /etc/nginx/conf.d/*.conf; + events { - multi_accept on; - use epoll; - worker_connections 1024; + # The maximum number of simultaneous connections that can be opened by + # a worker process. + worker_connections 1024; } http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - access_log /var/log/nginx/access.log; - error_log /var/log/nginx/error.log; + # Includes mapping of file name extensions to MIME types of responses + # and defines the default type. + include /etc/nginx/mime.types; + default_type application/octet-stream; + + # Name servers used to resolve names of upstream servers into addresses. + # It's also needed when using tcpsocket and udpsocket in Lua modules. + #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001; + + # Don't tell nginx version to the clients. Default is 'on'. + server_tokens off; + + # Specifies the maximum accepted body size of a client request, as + # indicated by the request header Content-Length. If the stated content + # length is greater than this size, then the client receives the HTTP + # error code 413. Set to 0 to disable. Default is '1m'. + client_max_body_size 1m; + + # Sendfile copies data between one FD and other from within the kernel, + # which is more efficient than read() + write(). Default is off. + sendfile on; - gzip on; - gzip_http_version 1.0; - gzip_comp_level 4; - gzip_min_length 1024; - gzip_proxied any; - gzip_vary off; - gzip_types text/plain text/css application/x-javascript text/xml application/xml application/rss+xml application/atom+xml text/javascript application/javascript application/json text/mathml; + # Causes nginx to attempt to send its HTTP response head in one packet, + # instead of using partial frames. Default is 'off'. + tcp_nopush on; - gzip_static on; - client_body_buffer_size 5M; - client_max_body_size 256M; + # Enables the specified protocols. Default is TLSv1 TLSv1.1 TLSv1.2. + # TIP: If you're not obligated to support ancient clients, remove TLSv1.1. + ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; - proxy_buffer_size 32k; - proxy_buffers 16 32k; + # Path of the file with Diffie-Hellman parameters for EDH ciphers. + # TIP: Generate with: `openssl dhparam -out /etc/ssl/nginx/dh2048.pem 2048` + #ssl_dhparam /etc/ssl/nginx/dh2048.pem; - server_tokens off; + # Specifies that our cipher suits should be preferred over client ciphers. + # Default is 'off'. + ssl_prefer_server_ciphers on; - sendfile on; + # Enables a shared SSL cache with size that can hold around 8000 sessions. + # Default is 'none'. + ssl_session_cache shared:SSL:2m; - server_names_hash_bucket_size 128; - types_hash_max_size 2048; - types_hash_bucket_size 64; + # Specifies a time during which a client may reuse the session parameters. + # Default is '5m'. + ssl_session_timeout 1h; - tcp_nopush on; - tcp_nodelay on; + # Disable TLS session tickets (they are insecure). Default is 'on'. + ssl_session_tickets off; - keepalive_timeout 15; - include /etc/nginx/conf.d/*.conf; - include /etc/nginx/sites-enabled/*; -} \ No newline at end of file + # Enable gzipping of responses. + #gzip on; + + # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'. + gzip_vary on; + + + # Helper variable for proxying websockets. + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + + # Specifies the main log format. + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + # Sets the path, format, and configuration for a buffered log write. + access_log /var/log/nginx/access.log main; + + + # Includes virtual hosts configs. + include /etc/nginx/http.d/*.conf; +} diff --git a/nginx/scgi_params b/nginx/scgi_params new file mode 100644 index 0000000..6d4ce4f --- /dev/null +++ b/nginx/scgi_params @@ -0,0 +1,17 @@ + +scgi_param REQUEST_METHOD $request_method; +scgi_param REQUEST_URI $request_uri; +scgi_param QUERY_STRING $query_string; +scgi_param CONTENT_TYPE $content_type; + +scgi_param DOCUMENT_URI $document_uri; +scgi_param DOCUMENT_ROOT $document_root; +scgi_param SCGI 1; +scgi_param SERVER_PROTOCOL $server_protocol; +scgi_param REQUEST_SCHEME $scheme; +scgi_param HTTPS $https if_not_empty; + +scgi_param REMOTE_ADDR $remote_addr; +scgi_param REMOTE_PORT $remote_port; +scgi_param SERVER_PORT $server_port; +scgi_param SERVER_NAME $server_name; diff --git a/nginx/uwsgi_params b/nginx/uwsgi_params new file mode 100644 index 0000000..09c732c --- /dev/null +++ b/nginx/uwsgi_params @@ -0,0 +1,17 @@ + +uwsgi_param QUERY_STRING $query_string; +uwsgi_param REQUEST_METHOD $request_method; +uwsgi_param CONTENT_TYPE $content_type; +uwsgi_param CONTENT_LENGTH $content_length; + +uwsgi_param REQUEST_URI $request_uri; +uwsgi_param PATH_INFO $document_uri; +uwsgi_param DOCUMENT_ROOT $document_root; +uwsgi_param SERVER_PROTOCOL $server_protocol; +uwsgi_param REQUEST_SCHEME $scheme; +uwsgi_param HTTPS $https if_not_empty; + +uwsgi_param REMOTE_ADDR $remote_addr; +uwsgi_param REMOTE_PORT $remote_port; +uwsgi_param SERVER_PORT $server_port; +uwsgi_param SERVER_NAME $server_name; diff --git a/nginx/vhost.conf b/nginx/vhost.conf deleted file mode 100644 index cccecc8..0000000 --- a/nginx/vhost.conf +++ /dev/null @@ -1,43 +0,0 @@ -upstream php-upstream { - server unix:/var/run/php/php7.0-fpm.sock; -} - -server { - listen 80 default_server; - - root /var/www/html; - index index.html index.php; - - location ~ \.php$ { - include fastcgi_params; - fastcgi_pass php-upstream; - } - - # Somehow it's not inherited by vhosts (server{} context) when using with 'stderr' value. - # Therefore it's re-defined here to avoid specyfing it for each vhost. - error_log stderr notice; - - # no access to .hidden files (eg .htaccess) - location ~ /\. { - deny all; - log_not_found off; - } - - # static content: - # - images - # - flash - # - fonts - # - css/js - location ~* \.(?:jpe?g|gif|png|ico|swf|svg|eot|ttf|otf|woff|htc|css|js)$ { - expires max; - } - - location = /favicon.ico { - log_not_found off; - } - - location = /robots.txt { - allow all; - log_not_found off; - } -} diff --git a/php/php.ini b/php/php.ini deleted file mode 100644 index af842c7..0000000 --- a/php/php.ini +++ /dev/null @@ -1,1930 +0,0 @@ -[PHP] - -;;;;;;;;;;;;;;;;;;; -; About php.ini ; -;;;;;;;;;;;;;;;;;;; -; PHP's initialization file, generally called php.ini, is responsible for -; configuring many of the aspects of PHP's behavior. - -; PHP attempts to find and load this configuration from a number of locations. -; The following is a summary of its search order: -; 1. SAPI module specific location. -; 2. The PHPRC environment variable. (As of PHP 5.2.0) -; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0) -; 4. Current working directory (except CLI) -; 5. The web server's directory (for SAPI modules), or directory of PHP -; (otherwise in Windows) -; 6. The directory from the --with-config-file-path compile time option, or the -; Windows directory (C:\windows or C:\winnt) -; See the PHP docs for more specific information. -; http://php.net/configuration.file - -; The syntax of the file is extremely simple. Whitespace and lines -; beginning with a semicolon are silently ignored (as you probably guessed). -; Section headers (e.g. [Foo]) are also silently ignored, even though -; they might mean something in the future. - -; Directives following the section heading [PATH=/www/mysite] only -; apply to PHP files in the /www/mysite directory. Directives -; following the section heading [HOST=www.example.com] only apply to -; PHP files served from www.example.com. Directives set in these -; special sections cannot be overridden by user-defined INI files or -; at runtime. Currently, [PATH=] and [HOST=] sections only work under -; CGI/FastCGI. -; http://php.net/ini.sections - -; Directives are specified using the following syntax: -; directive = value -; Directive names are *case sensitive* - foo=bar is different from FOO=bar. -; Directives are variables used to configure PHP or PHP extensions. -; There is no name validation. If PHP can't find an expected -; directive because it is not set or is mistyped, a default value will be used. - -; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one -; of the INI constants (On, Off, True, False, Yes, No and None) or an expression -; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a -; previously set variable or directive (e.g. ${foo}) - -; Expressions in the INI file are limited to bitwise operators and parentheses: -; | bitwise OR -; ^ bitwise XOR -; & bitwise AND -; ~ bitwise NOT -; ! boolean NOT - -; Boolean flags can be turned on using the values 1, On, True or Yes. -; They can be turned off using the values 0, Off, False or No. - -; An empty string can be denoted by simply not writing anything after the equal -; sign, or by using the None keyword: - -; foo = ; sets foo to an empty string -; foo = None ; sets foo to an empty string -; foo = "None" ; sets foo to the string 'None' - -; If you use constants in your value, and these constants belong to a -; dynamically loaded extension (either a PHP extension or a Zend extension), -; you may only use these constants *after* the line that loads the extension. - -;;;;;;;;;;;;;;;;;;; -; About this file ; -;;;;;;;;;;;;;;;;;;; -; PHP comes packaged with two INI files. One that is recommended to be used -; in production environments and one that is recommended to be used in -; development environments. - -; php.ini-production contains settings which hold security, performance and -; best practices at its core. But please be aware, these settings may break -; compatibility with older or less security conscience applications. We -; recommending using the production ini in production and testing environments. - -; php.ini-development is very similar to its production variant, except it's -; much more verbose when it comes to errors. We recommending using the -; development version only in development environments as errors shown to -; application users can inadvertently leak otherwise secure information. - -; This is php.ini-production INI file. - -;;;;;;;;;;;;;;;;;;; -; Quick Reference ; -;;;;;;;;;;;;;;;;;;; -; The following are all the settings which are different in either the production -; or development versions of the INIs with respect to PHP's default behavior. -; Please see the actual settings later in the document for more details as to why -; we recommend these changes in PHP's behavior. - -; display_errors -; Default Value: On -; Development Value: On -; Production Value: Off - -; display_startup_errors -; Default Value: Off -; Development Value: On -; Production Value: Off - -; error_reporting -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT - -; html_errors -; Default Value: On -; Development Value: On -; Production value: On - -; log_errors -; Default Value: Off -; Development Value: On -; Production Value: On - -; max_input_time -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) - -; output_buffering -; Default Value: Off -; Development Value: 4096 -; Production Value: 4096 - -; register_argc_argv -; Default Value: On -; Development Value: Off -; Production Value: Off - -; request_order -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" - -; session.bug_compat_42 -; Default Value: On -; Development Value: On -; Production Value: Off - -; session.bug_compat_warn -; Default Value: On -; Development Value: On -; Production Value: Off - -; session.gc_divisor -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 - -; session.hash_bits_per_character -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 - -; short_open_tag -; Default Value: On -; Development Value: Off -; Production Value: Off - -; track_errors -; Default Value: Off -; Development Value: On -; Production Value: Off - -; url_rewriter.tags -; Default Value: "a=href,area=href,frame=src,form=,fieldset=" -; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" -; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" - -; variables_order -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS" - -;;;;;;;;;;;;;;;;;;;; -; php.ini Options ; -;;;;;;;;;;;;;;;;;;;; -; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" -;user_ini.filename = ".user.ini" - -; To disable this feature set this option to empty value -;user_ini.filename = - -; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) -;user_ini.cache_ttl = 300 - -;;;;;;;;;;;;;;;;;;;; -; Language Options ; -;;;;;;;;;;;;;;;;;;;; - -; Enable the PHP scripting language engine under Apache. -; http://php.net/engine -engine = On - -; This directive determines whether or not PHP will recognize code between -; tags as PHP source which should be processed as such. It is -; generally recommended that should be used and that this feature -; should be disabled, as enabling it may result in issues when generating XML -; documents, however this remains supported for backward compatibility reasons. -; Note that this directive does not control the tags. -; http://php.net/asp-tags -asp_tags = Off - -; The number of significant digits displayed in floating point numbers. -; http://php.net/precision -precision = 14 - -; Output buffering is a mechanism for controlling how much output data -; (excluding headers and cookies) PHP should keep internally before pushing that -; data to the client. If your application's output exceeds this setting, PHP -; will send that data in chunks of roughly the size you specify. -; Turning on this setting and managing its maximum buffer size can yield some -; interesting side-effects depending on your application and web server. -; You may be able to send headers and cookies after you've already sent output -; through print or echo. You also may see performance benefits if your server is -; emitting less packets due to buffered output versus PHP streaming the output -; as it gets it. On production servers, 4096 bytes is a good setting for performance -; reasons. -; Note: Output buffering can also be controlled via Output Buffering Control -; functions. -; Possible Values: -; On = Enabled and buffer is unlimited. (Use with caution) -; Off = Disabled -; Integer = Enables the buffer and sets its maximum size in bytes. -; Note: This directive is hardcoded to Off for the CLI SAPI -; Default Value: Off -; Development Value: 4096 -; Production Value: 4096 -; http://php.net/output-buffering -output_buffering = 4096 - -; You can redirect all of the output of your scripts to a function. For -; example, if you set output_handler to "mb_output_handler", character -; encoding will be transparently converted to the specified encoding. -; Setting any output handler automatically turns on output buffering. -; Note: People who wrote portable scripts should not depend on this ini -; directive. Instead, explicitly set the output handler using ob_start(). -; Using this ini directive may cause problems unless you know what script -; is doing. -; Note: You cannot use both "mb_output_handler" with "ob_iconv_handler" -; and you cannot use both "ob_gzhandler" and "zlib.output_compression". -; Note: output_handler must be empty if this is set 'On' !!!! -; Instead you must use zlib.output_handler. -; http://php.net/output-handler -;output_handler = - -; Transparent output compression using the zlib library -; Valid values for this option are 'off', 'on', or a specific buffer size -; to be used for compression (default is 4KB) -; Note: Resulting chunk size may vary due to nature of compression. PHP -; outputs chunks that are few hundreds bytes each as a result of -; compression. If you prefer a larger chunk size for better -; performance, enable output_buffering in addition. -; Note: You need to use zlib.output_handler instead of the standard -; output_handler, or otherwise the output will be corrupted. -; http://php.net/zlib.output-compression -zlib.output_compression = Off - -; http://php.net/zlib.output-compression-level -;zlib.output_compression_level = -1 - -; You cannot specify additional output handlers if zlib.output_compression -; is activated here. This setting does the same as output_handler but in -; a different order. -; http://php.net/zlib.output-handler -;zlib.output_handler = - -; Implicit flush tells PHP to tell the output layer to flush itself -; automatically after every output block. This is equivalent to calling the -; PHP function flush() after each and every call to print() or echo() and each -; and every HTML block. Turning this option on has serious performance -; implications and is generally recommended for debugging purposes only. -; http://php.net/implicit-flush -; Note: This directive is hardcoded to On for the CLI SAPI -implicit_flush = Off - -; The unserialize callback function will be called (with the undefined class' -; name as parameter), if the unserializer finds an undefined class -; which should be instantiated. A warning appears if the specified function is -; not defined, or if the function doesn't include/implement the missing class. -; So only set this entry, if you really want to implement such a -; callback-function. -unserialize_callback_func = - -; When floats & doubles are serialized store serialize_precision significant -; digits after the floating point. The default value ensures that when floats -; are decoded with unserialize, the data will remain the same. -serialize_precision = 17 - -; open_basedir, if set, limits all file operations to the defined directory -; and below. This directive makes most sense if used in a per-directory -; or per-virtualhost web server configuration file. This directive is -; *NOT* affected by whether Safe Mode is turned On or Off. -; http://php.net/open-basedir -;open_basedir = - -; This directive allows you to disable certain functions for security reasons. -; It receives a comma-delimited list of function names. This directive is -; *NOT* affected by whether Safe Mode is turned On or Off. -; http://php.net/disable-functions -disable_functions = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority, - -; This directive allows you to disable certain classes for security reasons. -; It receives a comma-delimited list of class names. This directive is -; *NOT* affected by whether Safe Mode is turned On or Off. -; http://php.net/disable-classes -disable_classes = - -; Colors for Syntax Highlighting mode. Anything that's acceptable in -; would work. -; http://php.net/syntax-highlighting -;highlight.string = #DD0000 -;highlight.comment = #FF9900 -;highlight.keyword = #007700 -;highlight.default = #0000BB -;highlight.html = #000000 - -; If enabled, the request will be allowed to complete even if the user aborts -; the request. Consider enabling it if executing long requests, which may end up -; being interrupted by the user or a browser timing out. PHP's default behavior -; is to disable this feature. -; http://php.net/ignore-user-abort -;ignore_user_abort = On - -; Determines the size of the realpath cache to be used by PHP. This value should -; be increased on systems where PHP opens many files to reflect the quantity of -; the file operations performed. -; http://php.net/realpath-cache-size -;realpath_cache_size = 16k - -; Duration of time, in seconds for which to cache realpath information for a given -; file or directory. For systems with rarely changing files, consider increasing this -; value. -; http://php.net/realpath-cache-ttl -;realpath_cache_ttl = 120 - -; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc -zend.enable_gc = On - -; If enabled, scripts may be written in encodings that are incompatible with -; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such -; encodings. To use this feature, mbstring extension must be enabled. -; Default: Off -;zend.multibyte = Off - -; Allows to set the default encoding for the scripts. This value will be used -; unless "declare(encoding=...)" directive appears at the top of the script. -; Only affects if zend.multibyte is set. -; Default: "" -;zend.script_encoding = - -;;;;;;;;;;;;;;;;; -; Miscellaneous ; -;;;;;;;;;;;;;;;;; - -; Decides whether PHP may expose the fact that it is installed on the server -; (e.g. by adding its signature to the Web server header). It is no security -; threat in any way, but it makes it possible to determine whether you use PHP -; on your server or not. -; http://php.net/expose-php -expose_php = On - -;;;;;;;;;;;;;;;;;;; -; Resource Limits ; -;;;;;;;;;;;;;;;;;;; - -; Maximum execution time of each script, in seconds -; http://php.net/max-execution-time -; Note: This directive is hardcoded to 0 for the CLI SAPI -max_execution_time = 240 - -; Maximum amount of time each script may spend parsing request data. It's a good -; idea to limit this time on productions servers in order to eliminate unexpectedly -; long running scripts. -; Note: This directive is hardcoded to -1 for the CLI SAPI -; Default Value: -1 (Unlimited) -; Development Value: 60 (60 seconds) -; Production Value: 60 (60 seconds) -; http://php.net/max-input-time -max_input_time = 60 - -; Maximum input variable nesting level -; http://php.net/max-input-nesting-level -;max_input_nesting_level = 64 - -; How many GET/POST/COOKIE input variables may be accepted -; max_input_vars = 1000 - -; Maximum amount of memory a script may consume (128MB) -; http://php.net/memory-limit -memory_limit = 512M - -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; -; Error handling and logging ; -;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; - -; This directive informs PHP of which errors, warnings and notices you would like -; it to take action for. The recommended way of setting values for this -; directive is through the use of the error level constants and bitwise -; operators. The error level constants are below here for convenience as well as -; some common settings and their meanings. -; By default, PHP is set to take action on all errors, notices and warnings EXCEPT -; those related to E_NOTICE and E_STRICT, which together cover best practices and -; recommended coding standards in PHP. For performance reasons, this is the -; recommend error reporting setting. Your production server shouldn't be wasting -; resources complaining about best practices and coding standards. That's what -; development servers and development settings are for. -; Note: The php.ini-development file has this setting as E_ALL. This -; means it pretty much reports everything which is exactly what you want during -; development and early testing. -; -; Error Level Constants: -; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0) -; E_ERROR - fatal run-time errors -; E_RECOVERABLE_ERROR - almost fatal run-time errors -; E_WARNING - run-time warnings (non-fatal errors) -; E_PARSE - compile-time parse errors -; E_NOTICE - run-time notices (these are warnings which often result -; from a bug in your code, but it's possible that it was -; intentional (e.g., using an uninitialized variable and -; relying on the fact it's automatically initialized to an -; empty string) -; E_STRICT - run-time notices, enable to have PHP suggest changes -; to your code which will ensure the best interoperability -; and forward compatibility of your code -; E_CORE_ERROR - fatal errors that occur during PHP's initial startup -; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's -; initial startup -; E_COMPILE_ERROR - fatal compile-time errors -; E_COMPILE_WARNING - compile-time warnings (non-fatal errors) -; E_USER_ERROR - user-generated error message -; E_USER_WARNING - user-generated warning message -; E_USER_NOTICE - user-generated notice message -; E_DEPRECATED - warn about code that will not work in future versions -; of PHP -; E_USER_DEPRECATED - user-generated deprecation warnings -; -; Common Values: -; E_ALL (Show all errors, warnings and notices including coding standards.) -; E_ALL & ~E_NOTICE (Show all errors, except for notices) -; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) -; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED -; Development Value: E_ALL -; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT -; http://php.net/error-reporting -error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT - -; This directive controls whether or not and where PHP will output errors, -; notices and warnings too. Error output is very useful during development, but -; it could be very dangerous in production environments. Depending on the code -; which is triggering the error, sensitive information could potentially leak -; out of your application such as database usernames and passwords or worse. -; It's recommended that errors be logged on production servers rather than -; having the errors sent to STDOUT. -; Possible Values: -; Off = Do not display any errors -; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) -; On or stdout = Display errors to STDOUT -; Default Value: On -; Development Value: On -; Production Value: Off -; http://php.net/display-errors -display_errors = Off - -; The display of errors which occur during PHP's startup sequence are handled -; separately from display_errors. PHP's default behavior is to suppress those -; errors from clients. Turning the display of startup errors on can be useful in -; debugging configuration problems. But, it's strongly recommended that you -; leave this setting off on production servers. -; Default Value: Off -; Development Value: On -; Production Value: Off -; http://php.net/display-startup-errors -display_startup_errors = Off - -; Besides displaying errors, PHP can also log errors to locations such as a -; server-specific log, STDERR, or a location specified by the error_log -; directive found below. While errors should not be displayed on productions -; servers they should still be monitored and logging is a great way to do that. -; Default Value: Off -; Development Value: On -; Production Value: On -; http://php.net/log-errors -log_errors = On - -; Set maximum length of log_errors. In error_log information about the source is -; added. The default is 1024 and 0 allows to not apply any maximum length at all. -; http://php.net/log-errors-max-len -log_errors_max_len = 1024 - -; Do not log repeated messages. Repeated errors must occur in same file on same -; line unless ignore_repeated_source is set true. -; http://php.net/ignore-repeated-errors -ignore_repeated_errors = Off - -; Ignore source of message when ignoring repeated messages. When this setting -; is On you will not log errors with repeated messages from different files or -; source lines. -; http://php.net/ignore-repeated-source -ignore_repeated_source = Off - -; If this parameter is set to Off, then memory leaks will not be shown (on -; stdout or in the log). This has only effect in a debug compile, and if -; error reporting includes E_WARNING in the allowed list -; http://php.net/report-memleaks -report_memleaks = On - -; This setting is on by default. -;report_zend_debug = 0 - -; Store the last error/warning message in $php_errormsg (boolean). Setting this value -; to On can assist in debugging and is appropriate for development servers. It should -; however be disabled on production servers. -; Default Value: Off -; Development Value: On -; Production Value: Off -; http://php.net/track-errors -track_errors = Off - -; Turn off normal error reporting and emit XML-RPC error XML -; http://php.net/xmlrpc-errors -;xmlrpc_errors = 0 - -; An XML-RPC faultCode -;xmlrpc_error_number = 0 - -; When PHP displays or logs an error, it has the capability of formatting the -; error message as HTML for easier reading. This directive controls whether -; the error message is formatted as HTML or not. -; Note: This directive is hardcoded to Off for the CLI SAPI -; Default Value: On -; Development Value: On -; Production value: On -; http://php.net/html-errors -html_errors = On - -; If html_errors is set to On *and* docref_root is not empty, then PHP -; produces clickable error messages that direct to a page describing the error -; or function causing the error in detail. -; You can download a copy of the PHP manual from http://php.net/docs -; and change docref_root to the base URL of your local copy including the -; leading '/'. You must also specify the file extension being used including -; the dot. PHP's default behavior is to leave these settings empty, in which -; case no links to documentation are generated. -; Note: Never use this feature for production boxes. -; http://php.net/docref-root -; Examples -;docref_root = "/phpmanual/" - -; http://php.net/docref-ext -;docref_ext = .html - -; String to output before an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-prepend-string -; Example: -;error_prepend_string = "" - -; String to output after an error message. PHP's default behavior is to leave -; this setting blank. -; http://php.net/error-append-string -; Example: -;error_append_string = "" - -; Log errors to specified file. PHP's default behavior is to leave this value -; empty. -; http://php.net/error-log -; Example: -;error_log = php_errors.log -; Log errors to syslog (Event Log on NT, not valid in Windows 95). -;error_log = syslog - -;windows.show_crt_warning -; Default value: 0 -; Development value: 0 -; Production value: 0 - -;;;;;;;;;;;;;;;;; -; Data Handling ; -;;;;;;;;;;;;;;;;; - -; The separator used in PHP generated URLs to separate arguments. -; PHP's default setting is "&". -; http://php.net/arg-separator.output -; Example: -;arg_separator.output = "&" - -; List of separator(s) used by PHP to parse input URLs into variables. -; PHP's default setting is "&". -; NOTE: Every character in this directive is considered as separator! -; http://php.net/arg-separator.input -; Example: -;arg_separator.input = ";&" - -; This directive determines which super global arrays are registered when PHP -; starts up. G,P,C,E & S are abbreviations for the following respective super -; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty -; paid for the registration of these arrays and because ENV is not as commonly -; used as the others, ENV is not recommended on productions servers. You -; can still get access to the environment variables through getenv() should you -; need to. -; Default Value: "EGPCS" -; Development Value: "GPCS" -; Production Value: "GPCS"; -; http://php.net/variables-order -variables_order = "GPCS" - -; This directive determines which super global data (G,P,C,E & S) should -; be registered into the super global array REQUEST. If so, it also determines -; the order in which that data is registered. The values for this directive are -; specified in the same manner as the variables_order directive, EXCEPT one. -; Leaving this value empty will cause PHP to use the value set in the -; variables_order directive. It does not mean it will leave the super globals -; array REQUEST empty. -; Default Value: None -; Development Value: "GP" -; Production Value: "GP" -; http://php.net/request-order -request_order = "GP" - -; This directive determines whether PHP registers $argv & $argc each time it -; runs. $argv contains an array of all the arguments passed to PHP when a script -; is invoked. $argc contains an integer representing the number of arguments -; that were passed when the script was invoked. These arrays are extremely -; useful when running scripts from the command line. When this directive is -; enabled, registering these variables consumes CPU cycles and memory each time -; a script is executed. For performance reasons, this feature should be disabled -; on production servers. -; Note: This directive is hardcoded to On for the CLI SAPI -; Default Value: On -; Development Value: Off -; Production Value: Off -; http://php.net/register-argc-argv -register_argc_argv = Off - -; When enabled, the ENV, REQUEST and SERVER variables are created when they're -; first used (Just In Time) instead of when the script starts. If these -; variables are not used within a script, having this directive on will result -; in a performance gain. The PHP directive register_argc_argv must be disabled -; for this directive to have any affect. -; http://php.net/auto-globals-jit -auto_globals_jit = On - -; Whether PHP will read the POST data. -; This option is enabled by default. -; Most likely, you won't want to disable this option globally. It causes $_POST -; and $_FILES to always be empty; the only way you will be able to read the -; POST data will be through the php://input stream wrapper. This can be useful -; to proxy requests or to process the POST data in a memory efficient fashion. -; http://php.net/enable-post-data-reading -;enable_post_data_reading = Off - -; Maximum size of POST data that PHP will accept. -; Its value may be 0 to disable the limit. It is ignored if POST data reading -; is disabled through enable_post_data_reading. -; http://php.net/post-max-size -post_max_size = 100M - -; Automatically add files before PHP document. -; http://php.net/auto-prepend-file -auto_prepend_file = - -; Automatically add files after PHP document. -; http://php.net/auto-append-file -auto_append_file = - -; By default, PHP will output a character encoding using -; the Content-type: header. To disable sending of the charset, simply -; set it to be empty. -; -; PHP's built-in default is text/html -; http://php.net/default-mimetype -default_mimetype = "text/html" - -; PHP's default character set is set to empty. -; http://php.net/default-charset -;default_charset = "UTF-8" - -; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is -; to disable this feature. If post reading is disabled through -; enable_post_data_reading, $HTTP_RAW_POST_DATA is *NOT* populated. -; http://php.net/always-populate-raw-post-data -;always_populate_raw_post_data = On - -;;;;;;;;;;;;;;;;;;;;;;;;; -; Paths and Directories ; -;;;;;;;;;;;;;;;;;;;;;;;;; - -; UNIX: "/path1:/path2" -;include_path = ".:/usr/share/php" -; -; Windows: "\path1;\path2" -;include_path = ".;c:\php\includes" -; -; PHP's default setting for include_path is ".;/path/to/php/pear" -; http://php.net/include-path - -; The root of the PHP pages, used only if nonempty. -; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root -; if you are running php as a CGI under any web server (other than IIS) -; see documentation for security issues. The alternate is to use the -; cgi.force_redirect configuration below -; http://php.net/doc-root -doc_root = - -; The directory under which PHP opens the script using /~username used only -; if nonempty. -; http://php.net/user-dir -user_dir = - -; Directory in which the loadable extensions (modules) reside. -; http://php.net/extension-dir -; extension_dir = "./" -; On windows: -; extension_dir = "ext" - -; Directory where the temporary files should be placed. -; Defaults to the system default (see sys_get_temp_dir) -; sys_temp_dir = "/tmp" - -; Whether or not to enable the dl() function. The dl() function does NOT work -; properly in multithreaded servers, such as IIS or Zeus, and is automatically -; disabled on them. -; http://php.net/enable-dl -enable_dl = Off - -; cgi.force_redirect is necessary to provide security running PHP as a CGI under -; most web servers. Left undefined, PHP turns this on by default. You can -; turn it off here AT YOUR OWN RISK -; **You CAN safely turn this off for IIS, in fact, you MUST.** -; http://php.net/cgi.force-redirect -;cgi.force_redirect = 1 - -; if cgi.nph is enabled it will force cgi to always sent Status: 200 with -; every request. PHP's default behavior is to disable this feature. -;cgi.nph = 1 - -; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape -; (iPlanet) web servers, you MAY need to set an environment variable name that PHP -; will look for to know it is OK to continue execution. Setting this variable MAY -; cause security issues, KNOW WHAT YOU ARE DOING FIRST. -; http://php.net/cgi.redirect-status-env -;cgi.redirect_status_env = - -; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's -; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok -; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting -; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting -; of zero causes PHP to behave as before. Default is 1. You should fix your scripts -; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. -; http://php.net/cgi.fix-pathinfo -;cgi.fix_pathinfo=1 - -; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate -; security tokens of the calling client. This allows IIS to define the -; security context that the request runs under. mod_fastcgi under Apache -; does not currently support this feature (03/17/2002) -; Set to 1 if running under IIS. Default is zero. -; http://php.net/fastcgi.impersonate -;fastcgi.impersonate = 1 - -; Disable logging through FastCGI connection. PHP's default behavior is to enable -; this feature. -;fastcgi.logging = 0 - -; cgi.rfc2616_headers configuration option tells PHP what type of headers to -; use when sending HTTP response code. If it's set 0 PHP sends Status: header that -; is supported by Apache. When this option is set to 1 PHP will send -; RFC2616 compliant header. -; Default is zero. -; http://php.net/cgi.rfc2616-headers -;cgi.rfc2616_headers = 0 - -;;;;;;;;;;;;;;;; -; File Uploads ; -;;;;;;;;;;;;;;;; - -; Whether to allow HTTP file uploads. -; http://php.net/file-uploads -file_uploads = On - -; Temporary directory for HTTP uploaded files (will use system default if not -; specified). -; http://php.net/upload-tmp-dir -;upload_tmp_dir = - -; Maximum allowed size for uploaded files. -; http://php.net/upload-max-filesize -upload_max_filesize = 100M - -; Maximum number of files that can be uploaded via a single request -max_file_uploads = 20 - -;;;;;;;;;;;;;;;;;; -; Fopen wrappers ; -;;;;;;;;;;;;;;;;;; - -; Whether to allow the treatment of URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-fopen -allow_url_fopen = On - -; Whether to allow include/require to open URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-include -allow_url_include = Off - -; Define the anonymous ftp password (your email address). PHP's default setting -; for this is empty. -; http://php.net/from -;from="john@doe.com" - -; Define the User-Agent string. PHP's default setting for this is empty. -; http://php.net/user-agent -;user_agent="PHP" - -; Default timeout for socket based streams (seconds) -; http://php.net/default-socket-timeout -default_socket_timeout = 60 - -; If your scripts have to deal with files from Macintosh systems, -; or you are running on a Mac and need to deal with files from -; unix or win32 systems, setting this flag will cause PHP to -; automatically detect the EOL character in those files so that -; fgets() and file() will work regardless of the source of the file. -; http://php.net/auto-detect-line-endings -;auto_detect_line_endings = Off - -;;;;;;;;;;;;;;;;;;;;;; -; Dynamic Extensions ; -;;;;;;;;;;;;;;;;;;;;;; - -; If you wish to have an extension loaded automatically, use the following -; syntax: -; -; extension=modulename.extension -; -; For example, on Windows: -; -; extension=msql.dll -; -; ... or under UNIX: -; -; extension=msql.so -; -; ... or with a path: -; -; extension=/path/to/extension/msql.so -; -; If you only provide the name of the extension, PHP will look for it in its -; default extension directory. -; - -;;;;;;;;;;;;;;;;;;; -; Module Settings ; -;;;;;;;;;;;;;;;;;;; - -[CLI Server] -; Whether the CLI web server uses ANSI color coding in its terminal output. -cli_server.color = On - -[Date] -; Defines the default timezone used by the date functions -; http://php.net/date.timezone -date.timezone = "Europe/Berlin" - -; http://php.net/date.default-latitude -;date.default_latitude = 31.7667 - -; http://php.net/date.default-longitude -;date.default_longitude = 35.2333 - -; http://php.net/date.sunrise-zenith -;date.sunrise_zenith = 90.583333 - -; http://php.net/date.sunset-zenith -;date.sunset_zenith = 90.583333 - -[filter] -; http://php.net/filter.default -;filter.default = unsafe_raw - -; http://php.net/filter.default-flags -;filter.default_flags = - -[iconv] -;iconv.input_encoding = ISO-8859-1 -;iconv.internal_encoding = ISO-8859-1 -;iconv.output_encoding = ISO-8859-1 - -[intl] -;intl.default_locale = -; This directive allows you to produce PHP errors when some error -; happens within intl functions. The value is the level of the error produced. -; Default is 0, which does not produce any errors. -;intl.error_level = E_WARNING - -[sqlite] -; http://php.net/sqlite.assoc-case -;sqlite.assoc_case = 0 - -[sqlite3] -;sqlite3.extension_dir = - -[Pcre] -;PCRE library backtracking limit. -; http://php.net/pcre.backtrack-limit -;pcre.backtrack_limit=100000 - -;PCRE library recursion limit. -;Please note that if you set this value to a high number you may consume all -;the available process stack and eventually crash PHP (due to reaching the -;stack size limit imposed by the Operating System). -; http://php.net/pcre.recursion-limit -;pcre.recursion_limit=100000 - -[Pdo] -; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" -; http://php.net/pdo-odbc.connection-pooling -;pdo_odbc.connection_pooling=strict - -;pdo_odbc.db2_instance_name - -[Pdo_mysql] -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/pdo_mysql.cache_size -pdo_mysql.cache_size = 2000 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/pdo_mysql.default-socket -pdo_mysql.default_socket= - -[Phar] -; http://php.net/phar.readonly -;phar.readonly = On - -; http://php.net/phar.require-hash -;phar.require_hash = On - -;phar.cache_list = - -[mail function] -; For Win32 only. -; http://php.net/smtp -SMTP = localhost -; http://php.net/smtp-port -smtp_port = 25 - -; For Win32 only. -; http://php.net/sendmail-from -;sendmail_from = me@example.com - -; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). -; http://php.net/sendmail-path -;sendmail_path = - -; Force the addition of the specified parameters to be passed as extra parameters -; to the sendmail binary. These parameters will always replace the value of -; the 5th parameter to mail(), even in safe mode. -;mail.force_extra_parameters = - -; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename -mail.add_x_header = On - -; The path to a log file that will log all mail() calls. Log entries include -; the full path of the script, line number, To address and headers. -;mail.log = -; Log mail to syslog (Event Log on NT, not valid in Windows 95). -;mail.log = syslog - -[SQL] -; http://php.net/sql.safe-mode -sql.safe_mode = Off - -[ODBC] -; http://php.net/odbc.default-db -;odbc.default_db = Not yet implemented - -; http://php.net/odbc.default-user -;odbc.default_user = Not yet implemented - -; http://php.net/odbc.default-pw -;odbc.default_pw = Not yet implemented - -; Controls the ODBC cursor model. -; Default: SQL_CURSOR_STATIC (default). -;odbc.default_cursortype - -; Allow or prevent persistent links. -; http://php.net/odbc.allow-persistent -odbc.allow_persistent = On - -; Check that a connection is still valid before reuse. -; http://php.net/odbc.check-persistent -odbc.check_persistent = On - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/odbc.max-persistent -odbc.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://php.net/odbc.max-links -odbc.max_links = -1 - -; Handling of LONG fields. Returns number of bytes to variables. 0 means -; passthru. -; http://php.net/odbc.defaultlrl -odbc.defaultlrl = 4096 - -; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. -; See the documentation on odbc_binmode and odbc_longreadlen for an explanation -; of odbc.defaultlrl and odbc.defaultbinmode -; http://php.net/odbc.defaultbinmode -odbc.defaultbinmode = 1 - -;birdstep.max_links = -1 - -[Interbase] -; Allow or prevent persistent links. -ibase.allow_persistent = 1 - -; Maximum number of persistent links. -1 means no limit. -ibase.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -ibase.max_links = -1 - -; Default database name for ibase_connect(). -;ibase.default_db = - -; Default username for ibase_connect(). -;ibase.default_user = - -; Default password for ibase_connect(). -;ibase.default_password = - -; Default charset for ibase_connect(). -;ibase.default_charset = - -; Default timestamp format. -ibase.timestampformat = "%Y-%m-%d %H:%M:%S" - -; Default date format. -ibase.dateformat = "%Y-%m-%d" - -; Default time format. -ibase.timeformat = "%H:%M:%S" - -[MySQL] -; Allow accessing, from PHP's perspective, local files with LOAD DATA statements -; http://php.net/mysql.allow_local_infile -mysql.allow_local_infile = On - -; Allow or prevent persistent links. -; http://php.net/mysql.allow-persistent -mysql.allow_persistent = On - -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/mysql.cache_size -mysql.cache_size = 2000 - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/mysql.max-persistent -mysql.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://php.net/mysql.max-links -mysql.max_links = -1 - -; Default port number for mysql_connect(). If unset, mysql_connect() will use -; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the -; compile-time value defined MYSQL_PORT (in that order). Win32 will only look -; at MYSQL_PORT. -; http://php.net/mysql.default-port -mysql.default_port = - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/mysql.default-socket -mysql.default_socket = - -; Default host for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysql.default-host -mysql.default_host = - -; Default user for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysql.default-user -mysql.default_user = - -; Default password for mysql_connect() (doesn't apply in safe mode). -; Note that this is generally a *bad* idea to store passwords in this file. -; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password") -; and reveal this password! And of course, any users with read access to this -; file will be able to reveal the password as well. -; http://php.net/mysql.default-password -mysql.default_password = - -; Maximum time (in seconds) for connect timeout. -1 means no limit -; http://php.net/mysql.connect-timeout -mysql.connect_timeout = 60 - -; Trace mode. When trace_mode is active (=On), warnings for table/index scans and -; SQL-Errors will be displayed. -; http://php.net/mysql.trace-mode -mysql.trace_mode = Off - -[MySQLi] - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/mysqli.max-persistent -mysqli.max_persistent = -1 - -; Allow accessing, from PHP's perspective, local files with LOAD DATA statements -; http://php.net/mysqli.allow_local_infile -;mysqli.allow_local_infile = On - -; Allow or prevent persistent links. -; http://php.net/mysqli.allow-persistent -mysqli.allow_persistent = On - -; Maximum number of links. -1 means no limit. -; http://php.net/mysqli.max-links -mysqli.max_links = -1 - -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/mysqli.cache_size -mysqli.cache_size = 2000 - -; Default port number for mysqli_connect(). If unset, mysqli_connect() will use -; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the -; compile-time value defined MYSQL_PORT (in that order). Win32 will only look -; at MYSQL_PORT. -; http://php.net/mysqli.default-port -mysqli.default_port = 3306 - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/mysqli.default-socket -mysqli.default_socket = - -; Default host for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-host -mysqli.default_host = - -; Default user for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-user -mysqli.default_user = - -; Default password for mysqli_connect() (doesn't apply in safe mode). -; Note that this is generally a *bad* idea to store passwords in this file. -; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") -; and reveal this password! And of course, any users with read access to this -; file will be able to reveal the password as well. -; http://php.net/mysqli.default-pw -mysqli.default_pw = - -; Allow or prevent reconnect -mysqli.reconnect = Off - -[mysqlnd] -; Enable / Disable collection of general statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_statistics -mysqlnd.collect_statistics = On - -; Enable / Disable collection of memory usage statistics by mysqlnd which can be -; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_memory_statistics -mysqlnd.collect_memory_statistics = Off - -; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. -; http://php.net/mysqlnd.net_cmd_buffer_size -;mysqlnd.net_cmd_buffer_size = 2048 - -; Size of a pre-allocated buffer used for reading data sent by the server in -; bytes. -; http://php.net/mysqlnd.net_read_buffer_size -;mysqlnd.net_read_buffer_size = 32768 - -[OCI8] - -; Connection: Enables privileged connections using external -; credentials (OCI_SYSOPER, OCI_SYSDBA) -; http://php.net/oci8.privileged-connect -;oci8.privileged_connect = Off - -; Connection: The maximum number of persistent OCI8 connections per -; process. Using -1 means no limit. -; http://php.net/oci8.max-persistent -;oci8.max_persistent = -1 - -; Connection: The maximum number of seconds a process is allowed to -; maintain an idle persistent connection. Using -1 means idle -; persistent connections will be maintained forever. -; http://php.net/oci8.persistent-timeout -;oci8.persistent_timeout = -1 - -; Connection: The number of seconds that must pass before issuing a -; ping during oci_pconnect() to check the connection validity. When -; set to 0, each oci_pconnect() will cause a ping. Using -1 disables -; pings completely. -; http://php.net/oci8.ping-interval -;oci8.ping_interval = 60 - -; Connection: Set this to a user chosen connection class to be used -; for all pooled server requests with Oracle 11g Database Resident -; Connection Pooling (DRCP). To use DRCP, this value should be set to -; the same string for all web servers running the same application, -; the database pool must be configured, and the connection string must -; specify to use a pooled server. -;oci8.connection_class = - -; High Availability: Using On lets PHP receive Fast Application -; Notification (FAN) events generated when a database node fails. The -; database must also be configured to post FAN events. -;oci8.events = Off - -; Tuning: This option enables statement caching, and specifies how -; many statements to cache. Using 0 disables statement caching. -; http://php.net/oci8.statement-cache-size -;oci8.statement_cache_size = 20 - -; Tuning: Enables statement prefetching and sets the default number of -; rows that will be fetched automatically after statement execution. -; http://php.net/oci8.default-prefetch -;oci8.default_prefetch = 100 - -; Compatibility. Using On means oci_close() will not close -; oci_connect() and oci_new_connect() connections. -; http://php.net/oci8.old-oci-close-semantics -;oci8.old_oci_close_semantics = Off - -[PostgreSQL] -; Allow or prevent persistent links. -; http://php.net/pgsql.allow-persistent -pgsql.allow_persistent = On - -; Detect broken persistent links always with pg_pconnect(). -; Auto reset feature requires a little overheads. -; http://php.net/pgsql.auto-reset-persistent -pgsql.auto_reset_persistent = Off - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/pgsql.max-persistent -pgsql.max_persistent = -1 - -; Maximum number of links (persistent+non persistent). -1 means no limit. -; http://php.net/pgsql.max-links -pgsql.max_links = -1 - -; Ignore PostgreSQL backends Notice message or not. -; Notice message logging require a little overheads. -; http://php.net/pgsql.ignore-notice -pgsql.ignore_notice = 0 - -; Log PostgreSQL backends Notice message or not. -; Unless pgsql.ignore_notice=0, module cannot log notice message. -; http://php.net/pgsql.log-notice -pgsql.log_notice = 0 - -[Sybase-CT] -; Allow or prevent persistent links. -; http://php.net/sybct.allow-persistent -sybct.allow_persistent = On - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/sybct.max-persistent -sybct.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://php.net/sybct.max-links -sybct.max_links = -1 - -; Minimum server message severity to display. -; http://php.net/sybct.min-server-severity -sybct.min_server_severity = 10 - -; Minimum client message severity to display. -; http://php.net/sybct.min-client-severity -sybct.min_client_severity = 10 - -; Set per-context timeout -; http://php.net/sybct.timeout -;sybct.timeout= - -;sybct.packet_size - -; The maximum time in seconds to wait for a connection attempt to succeed before returning failure. -; Default: one minute -;sybct.login_timeout= - -; The name of the host you claim to be connecting from, for display by sp_who. -; Default: none -;sybct.hostname= - -; Allows you to define how often deadlocks are to be retried. -1 means "forever". -; Default: 0 -;sybct.deadlock_retry_count= - -[bcmath] -; Number of decimal digits for all bcmath functions. -; http://php.net/bcmath.scale -bcmath.scale = 0 - -[browscap] -; http://php.net/browscap -;browscap = extra/browscap.ini - -[Session] -; Handler used to store/retrieve data. -; http://php.net/session.save-handler -session.save_handler = files - -; Argument passed to save_handler. In the case of files, this is the path -; where data files are stored. Note: Windows users have to change this -; variable in order to use PHP's session functions. -; -; The path can be defined as: -; -; session.save_path = "N;/path" -; -; where N is an integer. Instead of storing all the session files in -; /path, what this will do is use subdirectories N-levels deep, and -; store the session data in those directories. This is useful if you -; or your OS have problems with lots of files in one directory, and is -; a more efficient layout for servers that handle lots of sessions. -; -; NOTE 1: PHP will not create this directory structure automatically. -; You can use the script in the ext/session dir for that purpose. -; NOTE 2: See the section on garbage collection below if you choose to -; use subdirectories for session storage -; -; The file storage module creates files using mode 600 by default. -; You can change that by using -; -; session.save_path = "N;MODE;/path" -; -; where MODE is the octal representation of the mode. Note that this -; does not overwrite the process's umask. -; http://php.net/session.save-path -;session.save_path = "/var/lib/php5" - -; Whether to use strict session mode. -; Strict session mode does not accept uninitialized session ID and regenerate -; session ID if browser sends uninitialized session ID. Strict mode protects -; applications from session fixation via session adoption vulnerability. It is -; disabled by default for maximum compatibility, but enabling it is encouraged. -; https://wiki.php.net/rfc/strict_sessions -session.use_strict_mode = 0 - -; Whether to use cookies. -; http://php.net/session.use-cookies -session.use_cookies = 1 - -; http://php.net/session.cookie-secure -;session.cookie_secure = - -; This option forces PHP to fetch and use a cookie for storing and maintaining -; the session id. We encourage this operation as it's very helpful in combating -; session hijacking when not specifying and managing your own session id. It is -; not the end all be all of session hijacking defense, but it's a good start. -; http://php.net/session.use-only-cookies -session.use_only_cookies = 1 - -; Name of the session (used as cookie name). -; http://php.net/session.name -session.name = PHPSESSID - -; Initialize session on request startup. -; http://php.net/session.auto-start -session.auto_start = 0 - -; Lifetime in seconds of cookie or, if 0, until browser is restarted. -; http://php.net/session.cookie-lifetime -session.cookie_lifetime = 0 - -; The path for which the cookie is valid. -; http://php.net/session.cookie-path -session.cookie_path = / - -; The domain for which the cookie is valid. -; http://php.net/session.cookie-domain -session.cookie_domain = - -; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. -; http://php.net/session.cookie-httponly -session.cookie_httponly = - -; Handler used to serialize data. php is the standard serializer of PHP. -; http://php.net/session.serialize-handler -session.serialize_handler = php - -; Defines the probability that the 'garbage collection' process is started -; on every session initialization. The probability is calculated by using -; gc_probability/gc_divisor. Where session.gc_probability is the numerator -; and gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.gc-probability -session.gc_probability = 0 - -; Defines the probability that the 'garbage collection' process is started on every -; session initialization. The probability is calculated by using the following equation: -; gc_probability/gc_divisor. Where session.gc_probability is the numerator and -; session.gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. Increasing this value to 1000 will give you -; a 0.1% chance the gc will run on any give request. For high volume production servers, -; this is a more efficient approach. -; Default Value: 100 -; Development Value: 1000 -; Production Value: 1000 -; http://php.net/session.gc-divisor -session.gc_divisor = 1000 - -; After this number of seconds, stored data will be seen as 'garbage' and -; cleaned up by the garbage collection process. -; http://php.net/session.gc-maxlifetime -session.gc_maxlifetime = 1440 - -; NOTE: If you are using the subdirectory option for storing session files -; (see session.save_path above), then garbage collection does *not* -; happen automatically. You will need to do your own garbage -; collection through a shell script, cron entry, or some other method. -; For example, the following script would is the equivalent of -; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): -; find /path/to/sessions -cmin +24 -type f | xargs rm - -; PHP 4.2 and less have an undocumented feature/bug that allows you to -; to initialize a session variable in the global scope. -; PHP 4.3 and later will warn you, if this feature is used. -; You can disable the feature and the warning separately. At this time, -; the warning is only displayed, if bug_compat_42 is enabled. This feature -; introduces some serious security problems if not handled correctly. It's -; recommended that you do not use this feature on production servers. But you -; should enable this on development servers and enable the warning as well. If you -; do not enable the feature on development servers, you won't be warned when it's -; used and debugging errors caused by this can be difficult to track down. -; Default Value: On -; Development Value: On -; Production Value: Off -; http://php.net/session.bug-compat-42 -session.bug_compat_42 = Off - -; This setting controls whether or not you are warned by PHP when initializing a -; session value into the global space. session.bug_compat_42 must be enabled before -; these warnings can be issued by PHP. See the directive above for more information. -; Default Value: On -; Development Value: On -; Production Value: Off -; http://php.net/session.bug-compat-warn -session.bug_compat_warn = Off - -; Check HTTP Referer to invalidate externally stored URLs containing ids. -; HTTP_REFERER has to contain this substring for the session to be -; considered as valid. -; http://php.net/session.referer-check -session.referer_check = - -; How many bytes to read from the file. -; http://php.net/session.entropy-length -;session.entropy_length = 32 - -; Specified here to create the session id. -; http://php.net/session.entropy-file -; Defaults to /dev/urandom -; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom -; If neither are found at compile time, the default is no entropy file. -; On windows, setting the entropy_length setting will activate the -; Windows random source (using the CryptoAPI) -;session.entropy_file = /dev/urandom - -; Set to {nocache,private,public,} to determine HTTP caching aspects -; or leave this empty to avoid sending anti-caching headers. -; http://php.net/session.cache-limiter -session.cache_limiter = nocache - -; Document expires after n minutes. -; http://php.net/session.cache-expire -session.cache_expire = 180 - -; trans sid support is disabled by default. -; Use of trans sid may risk your users security. -; Use this option with caution. -; - User may send URL contains active session ID -; to other person via. email/irc/etc. -; - URL that contains active session ID may be stored -; in publicly accessible computer. -; - User may access your site with the same session ID -; always using URL stored in browser's history or bookmarks. -; http://php.net/session.use-trans-sid -session.use_trans_sid = 0 - -; Select a hash function for use in generating session ids. -; Possible Values -; 0 (MD5 128 bits) -; 1 (SHA-1 160 bits) -; This option may also be set to the name of any hash function supported by -; the hash extension. A list of available hashes is returned by the hash_algos() -; function. -; http://php.net/session.hash-function -session.hash_function = 0 - -; Define how many bits are stored in each character when converting -; the binary hash data to something readable. -; Possible values: -; 4 (4 bits: 0-9, a-f) -; 5 (5 bits: 0-9, a-v) -; 6 (6 bits: 0-9, a-z, A-Z, "-", ",") -; Default Value: 4 -; Development Value: 5 -; Production Value: 5 -; http://php.net/session.hash-bits-per-character -session.hash_bits_per_character = 5 - -; The URL rewriter will look for URLs in a defined set of HTML tags. -; form/fieldset are special; if you include them here, the rewriter will -; add a hidden field with the info which is otherwise appended -; to URLs. If you want XHTML conformity, remove the form entry. -; Note that all valid entries require a "=", even if no value follows. -; Default Value: "a=href,area=href,frame=src,form=,fieldset=" -; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" -; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" -; http://php.net/url-rewriter.tags -url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" - -; Enable upload progress tracking in $_SESSION -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.enabled -;session.upload_progress.enabled = On - -; Cleanup the progress information as soon as all POST data has been read -; (i.e. upload completed). -; Default Value: On -; Development Value: On -; Production Value: On -; http://php.net/session.upload-progress.cleanup -;session.upload_progress.cleanup = On - -; A prefix used for the upload progress key in $_SESSION -; Default Value: "upload_progress_" -; Development Value: "upload_progress_" -; Production Value: "upload_progress_" -; http://php.net/session.upload-progress.prefix -;session.upload_progress.prefix = "upload_progress_" - -; The index name (concatenated with the prefix) in $_SESSION -; containing the upload progress information -; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" -; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" -; http://php.net/session.upload-progress.name -;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" - -; How frequently the upload progress should be updated. -; Given either in percentages (per-file), or in bytes -; Default Value: "1%" -; Development Value: "1%" -; Production Value: "1%" -; http://php.net/session.upload-progress.freq -;session.upload_progress.freq = "1%" - -; The minimum delay between updates, in seconds -; Default Value: 1 -; Development Value: 1 -; Production Value: 1 -; http://php.net/session.upload-progress.min-freq -;session.upload_progress.min_freq = "1" - -[MSSQL] -; Allow or prevent persistent links. -mssql.allow_persistent = On - -; Maximum number of persistent links. -1 means no limit. -mssql.max_persistent = -1 - -; Maximum number of links (persistent+non persistent). -1 means no limit. -mssql.max_links = -1 - -; Minimum error severity to display. -mssql.min_error_severity = 10 - -; Minimum message severity to display. -mssql.min_message_severity = 10 - -; Compatibility mode with old versions of PHP 3.0. -mssql.compatibility_mode = Off - -; Connect timeout -;mssql.connect_timeout = 5 - -; Query timeout -;mssql.timeout = 60 - -; Valid range 0 - 2147483647. Default = 4096. -;mssql.textlimit = 4096 - -; Valid range 0 - 2147483647. Default = 4096. -;mssql.textsize = 4096 - -; Limits the number of records in each batch. 0 = all records in one batch. -;mssql.batchsize = 0 - -; Specify how datetime and datetim4 columns are returned -; On => Returns data converted to SQL server settings -; Off => Returns values as YYYY-MM-DD hh:mm:ss -;mssql.datetimeconvert = On - -; Use NT authentication when connecting to the server -mssql.secure_connection = Off - -; Specify max number of processes. -1 = library default -; msdlib defaults to 25 -; FreeTDS defaults to 4096 -;mssql.max_procs = -1 - -; Specify client character set. -; If empty or not set the client charset from freetds.conf is used -; This is only used when compiled with FreeTDS -;mssql.charset = "ISO-8859-1" - -[Assertion] -; Assert(expr); active by default. -; http://php.net/assert.active -;assert.active = On - -; Issue a PHP warning for each failed assertion. -; http://php.net/assert.warning -;assert.warning = On - -; Don't bail out by default. -; http://php.net/assert.bail -;assert.bail = Off - -; User-function to be called if an assertion fails. -; http://php.net/assert.callback -;assert.callback = 0 - -; Eval the expression with current error_reporting(). Set to true if you want -; error_reporting(0) around the eval(). -; http://php.net/assert.quiet-eval -;assert.quiet_eval = 0 - -[COM] -; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs -; http://php.net/com.typelib-file -;com.typelib_file = - -; allow Distributed-COM calls -; http://php.net/com.allow-dcom -;com.allow_dcom = true - -; autoregister constants of a components typlib on com_load() -; http://php.net/com.autoregister-typelib -;com.autoregister_typelib = true - -; register constants casesensitive -; http://php.net/com.autoregister-casesensitive -;com.autoregister_casesensitive = false - -; show warnings on duplicate constant registrations -; http://php.net/com.autoregister-verbose -;com.autoregister_verbose = true - -; The default character set code-page to use when passing strings to and from COM objects. -; Default: system ANSI code page -;com.code_page= - -[mbstring] -; language for internal character representation. -; http://php.net/mbstring.language -;mbstring.language = Japanese - -; internal/script encoding. -; Some encoding cannot work as internal encoding. -; (e.g. SJIS, BIG5, ISO-2022-*) -; http://php.net/mbstring.internal-encoding -;mbstring.internal_encoding = UTF-8 - -; http input encoding. -; http://php.net/mbstring.http-input -;mbstring.http_input = UTF-8 - -; http output encoding. mb_output_handler must be -; registered as output buffer to function -; http://php.net/mbstring.http-output -;mbstring.http_output = pass - -; enable automatic encoding translation according to -; mbstring.internal_encoding setting. Input chars are -; converted to internal encoding by setting this to On. -; Note: Do _not_ use automatic encoding translation for -; portable libs/applications. -; http://php.net/mbstring.encoding-translation -;mbstring.encoding_translation = Off - -; automatic encoding detection order. -; auto means -; http://php.net/mbstring.detect-order -;mbstring.detect_order = auto - -; substitute_character used when character cannot be converted -; one from another -; http://php.net/mbstring.substitute-character -;mbstring.substitute_character = none - -; overload(replace) single byte functions by mbstring functions. -; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), -; etc. Possible values are 0,1,2,4 or combination of them. -; For example, 7 for overload everything. -; 0: No overload -; 1: Overload mail() function -; 2: Overload str*() functions -; 4: Overload ereg*() functions -; http://php.net/mbstring.func-overload -;mbstring.func_overload = 0 - -; enable strict encoding detection. -;mbstring.strict_detection = On - -; This directive specifies the regex pattern of content types for which mb_output_handler() -; is activated. -; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) -;mbstring.http_output_conv_mimetype= - -[gd] -; Tell the jpeg decode to ignore warnings and try to create -; a gd image. The warning will then be displayed as notices -; disabled by default -; http://php.net/gd.jpeg-ignore-warning -;gd.jpeg_ignore_warning = 0 - -[exif] -; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. -; With mbstring support this will automatically be converted into the encoding -; given by corresponding encode setting. When empty mbstring.internal_encoding -; is used. For the decode settings you can distinguish between motorola and -; intel byte order. A decode setting cannot be empty. -; http://php.net/exif.encode-unicode -;exif.encode_unicode = ISO-8859-15 - -; http://php.net/exif.decode-unicode-motorola -;exif.decode_unicode_motorola = UCS-2BE - -; http://php.net/exif.decode-unicode-intel -;exif.decode_unicode_intel = UCS-2LE - -; http://php.net/exif.encode-jis -;exif.encode_jis = - -; http://php.net/exif.decode-jis-motorola -;exif.decode_jis_motorola = JIS - -; http://php.net/exif.decode-jis-intel -;exif.decode_jis_intel = JIS - -[Tidy] -; The path to a default tidy configuration file to use when using tidy -; http://php.net/tidy.default-config -;tidy.default_config = /usr/local/lib/php/default.tcfg - -; Should tidy clean and repair output automatically? -; WARNING: Do not use this option if you are generating non-html content -; such as dynamic images -; http://php.net/tidy.clean-output -tidy.clean_output = Off - -[soap] -; Enables or disables WSDL caching feature. -; http://php.net/soap.wsdl-cache-enabled -soap.wsdl_cache_enabled=1 - -; Sets the directory name where SOAP extension will put cache files. -; http://php.net/soap.wsdl-cache-dir -soap.wsdl_cache_dir="/tmp" - -; (time to live) Sets the number of second while cached file will be used -; instead of original one. -; http://php.net/soap.wsdl-cache-ttl -soap.wsdl_cache_ttl=86400 - -; Sets the size of the cache limit. (Max. number of WSDL files to cache) -soap.wsdl_cache_limit = 5 - -[sysvshm] -; A default size of the shared memory segment -;sysvshm.init_mem = 10000 - -[ldap] -; Sets the maximum number of open links or -1 for unlimited. -ldap.max_links = -1 - -[mcrypt] -; For more information about mcrypt settings see http://php.net/mcrypt-module-open - -; Directory where to load mcrypt algorithms -; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) -;mcrypt.algorithms_dir= - -; Directory where to load mcrypt modes -; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) -;mcrypt.modes_dir= - -[dba] -;dba.default_handler= - -[opcache] -; Determines if Zend OPCache is enabled -;opcache.enable=0 - -; Determines if Zend OPCache is enabled for the CLI version of PHP -;opcache.enable_cli=0 - -; The OPcache shared memory storage size. -;opcache.memory_consumption=64 - -; The amount of memory for interned strings in Mbytes. -;opcache.interned_strings_buffer=4 - -; The maximum number of keys (scripts) in the OPcache hash table. -; Only numbers between 200 and 100000 are allowed. -;opcache.max_accelerated_files=2000 - -; The maximum percentage of "wasted" memory until a restart is scheduled. -;opcache.max_wasted_percentage=5 - -; When this directive is enabled, the OPcache appends the current working -; directory to the script key, thus eliminating possible collisions between -; files with the same name (basename). Disabling the directive improves -; performance, but may break existing applications. -;opcache.use_cwd=1 - -; When disabled, you must reset the OPcache manually or restart the -; webserver for changes to the filesystem to take effect. -;opcache.validate_timestamps=1 - -; How often (in seconds) to check file timestamps for changes to the shared -; memory storage allocation. ("1" means validate once per second, but only -; once per request. "0" means always validate) -;opcache.revalidate_freq=2 - -; Enables or disables file search in include_path optimization -;opcache.revalidate_path=0 - -; If disabled, all PHPDoc comments are dropped from the code to reduce the -; size of the optimized code. -;opcache.save_comments=1 - -; If disabled, PHPDoc comments are not loaded from SHM, so "Doc Comments" -; may be always stored (save_comments=1), but not loaded by applications -; that don't need them anyway. -;opcache.load_comments=1 - -; If enabled, a fast shutdown sequence is used for the accelerated code -;opcache.fast_shutdown=0 - -; Allow file existence override (file_exists, etc.) performance feature. -;opcache.enable_file_override=0 - -; A bitmask, where each bit enables or disables the appropriate OPcache -; passes -;opcache.optimization_level=0xffffffff - -;opcache.inherited_hack=1 -;opcache.dups_fix=0 - -; The location of the OPcache blacklist file (wildcards allowed). -; Each OPcache blacklist file is a text file that holds the names of files -; that should not be accelerated. The file format is to add each filename -; to a new line. The filename may be a full path or just a file prefix -; (i.e., /var/www/x blacklists all the files and directories in /var/www -; that start with 'x'). Line starting with a ; are ignored (comments). -;opcache.blacklist_filename= - -; Allows exclusion of large files from being cached. By default all files -; are cached. -;opcache.max_file_size=0 - -; Check the cache checksum each N requests. -; The default value of "0" means that the checks are disabled. -;opcache.consistency_checks=0 - -; How long to wait (in seconds) for a scheduled restart to begin if the cache -; is not being accessed. -;opcache.force_restart_timeout=180 - -; OPcache error_log file name. Empty string assumes "stderr". -;opcache.error_log= - -; All OPcache errors go to the Web server log. -; By default, only fatal errors (level 0) or errors (level 1) are logged. -; You can also enable warnings (level 2), info messages (level 3) or -; debug messages (level 4). -;opcache.log_verbosity_level=1 - -; Preferred Shared Memory back-end. Leave empty and let the system decide. -;opcache.preferred_memory_model= - -; Protect the shared memory from unexpected writing during script execution. -; Useful for internal debugging only. -;opcache.protect_memory=0 - -[curl] -; A default value for the CURLOPT_CAINFO option. This is required to be an -; absolute path. -;curl.cainfo = - -; Local Variables: -; tab-width: 4 -; End: diff --git a/php81/conf.d/00_gettext.ini b/php81/conf.d/00_gettext.ini new file mode 100644 index 0000000..549944c --- /dev/null +++ b/php81/conf.d/00_gettext.ini @@ -0,0 +1 @@ +extension=gettext diff --git a/php81/conf.d/00_openssl.ini b/php81/conf.d/00_openssl.ini new file mode 100644 index 0000000..355624b --- /dev/null +++ b/php81/conf.d/00_openssl.ini @@ -0,0 +1 @@ +extension=openssl diff --git a/php81/conf.d/00_pdo.ini b/php81/conf.d/00_pdo.ini new file mode 100644 index 0000000..ef45300 --- /dev/null +++ b/php81/conf.d/00_pdo.ini @@ -0,0 +1 @@ +extension=pdo diff --git a/php81/conf.d/01_mysqlnd.ini b/php81/conf.d/01_mysqlnd.ini new file mode 100644 index 0000000..d09bf60 --- /dev/null +++ b/php81/conf.d/01_mysqlnd.ini @@ -0,0 +1 @@ +extension=mysqlnd diff --git a/php81/conf.d/02_pdo_mysql.ini b/php81/conf.d/02_pdo_mysql.ini new file mode 100644 index 0000000..3c0b799 --- /dev/null +++ b/php81/conf.d/02_pdo_mysql.ini @@ -0,0 +1 @@ +extension=pdo_mysql diff --git a/php81/php-fpm.conf b/php81/php-fpm.conf new file mode 100644 index 0000000..5a8a6da --- /dev/null +++ b/php81/php-fpm.conf @@ -0,0 +1,143 @@ +;;;;;;;;;;;;;;;;;;;;; +; FPM Configuration ; +;;;;;;;;;;;;;;;;;;;;; + +; All relative paths in this configuration file are relative to PHP's install +; prefix (/usr). This prefix can be dynamically changed by using the +; '-p' argument from the command line. + +;;;;;;;;;;;;;;;;;; +; Global Options ; +;;;;;;;;;;;;;;;;;; + +[global] +; Pid file +; Note: the default prefix is /var +; Default Value: none +;pid = run/php-fpm81.pid + +; Error log file +; If it's set to "syslog", log is sent to syslogd instead of being written +; into a local file. +; Note: the default prefix is /var +; Default Value: log/php81/error.log +;error_log = log/php81/error.log + +; syslog_facility is used to specify what type of program is logging the +; message. This lets syslogd specify that messages from different facilities +; will be handled differently. +; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON) +; Default Value: daemon +;syslog.facility = daemon + +; syslog_ident is prepended to every message. If you have multiple FPM +; instances running on the same server, you can change the default value +; which must suit common needs. +; Default Value: php-fpm81 +;syslog.ident = php-fpm81 + +; Log level +; Possible Values: alert, error, warning, notice, debug +; Default Value: notice +;log_level = notice + +; Log limit on number of characters in the single line (log entry). If the +; line is over the limit, it is wrapped on multiple lines. The limit is for +; all logged characters including message prefix and suffix if present. However +; the new line character does not count into it as it is present only when +; logging to a file descriptor. It means the new line character is not present +; when logging to syslog. +; Default Value: 1024 +;log_limit = 4096 + +; Log buffering specifies if the log line is buffered which means that the +; line is written in a single write operation. If the value is false, then the +; data is written directly into the file descriptor. It is an experimental +; option that can potentially improve logging performance and memory usage +; for some heavy logging scenarios. This option is ignored if logging to syslog +; as it has to be always buffered. +; Default value: yes +;log_buffering = no + +; If this number of child processes exit with SIGSEGV or SIGBUS within the time +; interval set by emergency_restart_interval then FPM will restart. A value +; of '0' means 'Off'. +; Default Value: 0 +;emergency_restart_threshold = 0 + +; Interval of time used by emergency_restart_interval to determine when +; a graceful restart will be initiated. This can be useful to work around +; accidental corruptions in an accelerator's shared memory. +; Available Units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;emergency_restart_interval = 0 + +; Time limit for child processes to wait for a reaction on signals from master. +; Available units: s(econds), m(inutes), h(ours), or d(ays) +; Default Unit: seconds +; Default Value: 0 +;process_control_timeout = 0 + +; The maximum number of processes FPM will fork. This has been designed to control +; the global number of processes when using dynamic PM within a lot of pools. +; Use it with caution. +; Note: A value of 0 indicates no limit +; Default Value: 0 +; process.max = 128 + +; Specify the nice(2) priority to apply to the master process (only if set) +; The value can vary from -19 (highest priority) to 20 (lowest priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool process will inherit the master process priority +; unless specified otherwise +; Default Value: no set +; process.priority = -19 + +; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging. +; Default Value: yes +;daemonize = yes + +; Set open file descriptor rlimit for the master process. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit for the master process. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Specify the event mechanism FPM will use. The following is available: +; - select (any POSIX os) +; - poll (any POSIX os) +; - epoll (linux >= 2.5.44) +; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0) +; - /dev/poll (Solaris >= 7) +; - port (Solaris >= 10) +; Default Value: not set (auto detection) +;events.mechanism = epoll + +; When FPM is built with systemd integration, specify the interval, +; in seconds, between health report notification to systemd. +; Set to 0 to disable. +; Available Units: s(econds), m(inutes), h(ours) +; Default Unit: seconds +; Default value: 10 +;systemd_interval = 10 + +;;;;;;;;;;;;;;;;;;;; +; Pool Definitions ; +;;;;;;;;;;;;;;;;;;;; + +; Multiple pools of child processes may be started with different listening +; ports and different management options. The name of the pool will be +; used in logs and stats. There is no limitation on the number of pools which +; FPM can handle. Your system will tell you anyway :) + +; Include one or more files. If glob(3) exists, it is used to include a bunch of +; files from a glob(3) pattern. This directive can be used everywhere in the +; file. +; Relative path can also be used. They will be prefixed by: +; - the global prefix if it's been set (-p argument) +; - /usr otherwise +include=/etc/php81/php-fpm.d/*.conf diff --git a/php81/php-fpm.d/www.conf b/php81/php-fpm.d/www.conf new file mode 100644 index 0000000..eee27ab --- /dev/null +++ b/php81/php-fpm.d/www.conf @@ -0,0 +1,463 @@ +; Start a new pool named 'www'. +; the variable $pool can be used in any directive and will be replaced by the +; pool name ('www' here) +[www] + +; Per pool prefix +; It only applies on the following directives: +; - 'access.log' +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = nobody +group = nobody + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = 127.0.0.1:9000 + +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. +; Default Values: user and group are set as the running user +; mode is set to 0660 +;listen.owner = nobody +;listen.group = nobody +;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is different than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; pm.max_spawn_rate - the maximum number of rate to spawn child +; processes at once. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 5 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: (min_spare_servers + max_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of rate to spawn child processes at once. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +; Default Value: 32 +;pm.max_spawn_rate = 32 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +;pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following information: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: /usr/share/php81/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The address on which to accept FastCGI status request. This creates a new +; invisible pool that can handle requests independently. This is useful +; if the main pool is busy with long running requests because it is still possible +; to get the status before finishing the long running requests. +; +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Default Value: value of the listen option +;pm.status_listen = 127.0.0.1:9001 + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/php81/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{milliseconds}d +; - %{milli}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some examples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: output header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsulated in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsulated in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +;slowlog = log/php81/$pool.slow.log + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_slowlog_timeout = 0 + +; Depth of slow log stack trace. +; Default Value: 20 +;request_slowlog_trace_depth = 20 + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +;request_terminate_timeout = 0 + +; The timeout set by 'request_terminate_timeout' ini option is not engaged after +; application calls 'fastcgi_finish_request' or when application has finished and +; shutdown functions are being called (registered via register_shutdown_function). +; This option will enable timeout limit to be applied unconditionally +; even in such cases. +; Default Value: no +;request_terminate_timeout_track_finished = no + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +;chdir = /var/www + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environment, this can cause some delay in the page +; process time (several ms). +; Default Value: no +;catch_workers_output = yes + +; Decorate worker output with prefix and suffix containing information about +; the child that writes to the log and if stdout or stderr is used as well as +; log level and time. This options is used only if catch_workers_output is yes. +; Settings to "no" will output data as written to the stdout or stderr. +; Default value: yes +;decorate_workers_output = no + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; execute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/php81/$pool.error.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/php/php-cli.ini b/php81/php.ini similarity index 61% rename from php/php-cli.ini rename to php81/php.ini index 0d08f96..df543c9 100644 --- a/php/php-cli.ini +++ b/php81/php.ini @@ -15,9 +15,9 @@ ; 5. The web server's directory (for SAPI modules), or directory of PHP ; (otherwise in Windows) ; 6. The directory from the --with-config-file-path compile time option, or the -; Windows directory (C:\windows or C:\winnt) +; Windows directory (usually C:\windows) ; See the PHP docs for more specific information. -; http://php.net/configuration.file +; https://php.net/configuration.file ; The syntax of the file is extremely simple. Whitespace and lines ; beginning with a semicolon are silently ignored (as you probably guessed). @@ -31,7 +31,7 @@ ; special sections cannot be overridden by user-defined INI files or ; at runtime. Currently, [PATH=] and [HOST=] sections only work under ; CGI/FastCGI. -; http://php.net/ini.sections +; https://php.net/ini.sections ; Directives are specified using the following syntax: ; directive = value @@ -58,9 +58,9 @@ ; An empty string can be denoted by simply not writing anything after the equal ; sign, or by using the None keyword: -; foo = ; sets foo to an empty string -; foo = None ; sets foo to an empty string -; foo = "None" ; sets foo to the string 'None' +; foo = ; sets foo to an empty string +; foo = None ; sets foo to an empty string +; foo = "None" ; sets foo to the string 'None' ; If you use constants in your value, and these constants belong to a ; dynamically loaded extension (either a PHP extension or a Zend extension), @@ -78,16 +78,17 @@ ; compatibility with older or less security conscience applications. We ; recommending using the production ini in production and testing environments. -; php.ini-development is very similar to its production variant, except it's -; much more verbose when it comes to errors. We recommending using the -; development version only in development environments as errors shown to +; php.ini-development is very similar to its production variant, except it is +; much more verbose when it comes to errors. We recommend using the +; development version only in development environments, as errors shown to ; application users can inadvertently leak otherwise secure information. -; This is php.ini-production INI file. +; This is the php.ini-production INI file. ;;;;;;;;;;;;;;;;;;; ; Quick Reference ; ;;;;;;;;;;;;;;;;;;; + ; The following are all the settings which are different in either the production ; or development versions of the INIs with respect to PHP's default behavior. ; Please see the actual settings later in the document for more details as to why @@ -99,20 +100,15 @@ ; Production Value: Off ; display_startup_errors -; Default Value: Off +; Default Value: On ; Development Value: On ; Production Value: Off ; error_reporting -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED +; Default Value: E_ALL ; Development Value: E_ALL ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT -; html_errors -; Default Value: On -; Development Value: On -; Production value: On - ; log_errors ; Default Value: Off ; Development Value: On @@ -138,22 +134,12 @@ ; Development Value: "GP" ; Production Value: "GP" -; session.bug_compat_42 -; Default Value: On -; Development Value: On -; Production Value: Off - -; session.bug_compat_warn -; Default Value: On -; Development Value: On -; Production Value: Off - ; session.gc_divisor ; Default Value: 100 ; Development Value: 1000 ; Production Value: 1000 -; session.hash_bits_per_character +; session.sid_bits_per_character ; Default Value: 4 ; Development Value: 5 ; Production Value: 5 @@ -163,28 +149,28 @@ ; Development Value: Off ; Production Value: Off -; track_errors -; Default Value: Off -; Development Value: On -; Production Value: Off - -; url_rewriter.tags -; Default Value: "a=href,area=href,frame=src,form=,fieldset=" -; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" -; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" - ; variables_order ; Default Value: "EGPCS" ; Development Value: "GPCS" ; Production Value: "GPCS" +; zend.exception_ignore_args +; Default Value: Off +; Development Value: Off +; Production Value: On + +; zend.exception_string_param_max_len +; Default Value: 15 +; Development Value: 15 +; Production Value: 0 + ;;;;;;;;;;;;;;;;;;;; ; php.ini Options ; ;;;;;;;;;;;;;;;;;;;; ; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini" ;user_ini.filename = ".user.ini" -; To disable this feature set this option to empty value +; To disable this feature set this option to an empty value ;user_ini.filename = ; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes) @@ -195,7 +181,7 @@ ;;;;;;;;;;;;;;;;;;;; ; Enable the PHP scripting language engine under Apache. -; http://php.net/engine +; https://php.net/engine engine = On ; This directive determines whether or not PHP will recognize code between @@ -208,15 +194,11 @@ engine = On ; Default Value: On ; Development Value: Off ; Production Value: Off -; http://php.net/short-open-tag +; https://php.net/short-open-tag short_open_tag = Off -; Allow ASP-style <% %> tags. -; http://php.net/asp-tags -asp_tags = Off - ; The number of significant digits displayed in floating point numbers. -; http://php.net/precision +; https://php.net/precision precision = 14 ; Output buffering is a mechanism for controlling how much output data @@ -240,7 +222,7 @@ precision = 14 ; Default Value: Off ; Development Value: 4096 ; Production Value: 4096 -; http://php.net/output-buffering +; https://php.net/output-buffering output_buffering = 4096 ; You can redirect all of the output of your scripts to a function. For @@ -255,9 +237,26 @@ output_buffering = 4096 ; and you cannot use both "ob_gzhandler" and "zlib.output_compression". ; Note: output_handler must be empty if this is set 'On' !!!! ; Instead you must use zlib.output_handler. -; http://php.net/output-handler +; https://php.net/output-handler ;output_handler = +; URL rewriter function rewrites URL on the fly by using +; output buffer. You can set target tags by this configuration. +; "form" tag is special tag. It will add hidden input tag to pass values. +; Refer to session.trans_sid_tags for usage. +; Default Value: "form=" +; Development Value: "form=" +; Production Value: "form=" +;url_rewriter.tags + +; URL rewriter will not rewrite absolute URL nor form by default. To enable +; absolute URL rewrite, allowed hosts must be defined at RUNTIME. +; Refer to session.trans_sid_hosts for more details. +; Default Value: "" +; Development Value: "" +; Production Value: "" +;url_rewriter.hosts + ; Transparent output compression using the zlib library ; Valid values for this option are 'off', 'on', or a specific buffer size ; to be used for compression (default is 4KB) @@ -267,16 +266,16 @@ output_buffering = 4096 ; performance, enable output_buffering in addition. ; Note: You need to use zlib.output_handler instead of the standard ; output_handler, or otherwise the output will be corrupted. -; http://php.net/zlib.output-compression +; https://php.net/zlib.output-compression zlib.output_compression = Off -; http://php.net/zlib.output-compression-level +; https://php.net/zlib.output-compression-level ;zlib.output_compression_level = -1 ; You cannot specify additional output handlers if zlib.output_compression ; is activated here. This setting does the same as output_handler but in ; a different order. -; http://php.net/zlib.output-handler +; https://php.net/zlib.output-handler ;zlib.output_handler = ; Implicit flush tells PHP to tell the output layer to flush itself @@ -284,7 +283,7 @@ zlib.output_compression = Off ; PHP function flush() after each and every call to print() or echo() and each ; and every HTML block. Turning this option on has serious performance ; implications and is generally recommended for debugging purposes only. -; http://php.net/implicit-flush +; https://php.net/implicit-flush ; Note: This directive is hardcoded to On for the CLI SAPI implicit_flush = Off @@ -296,33 +295,41 @@ implicit_flush = Off ; callback-function. unserialize_callback_func = -; When floats & doubles are serialized store serialize_precision significant +; The unserialize_max_depth specifies the default depth limit for unserialized +; structures. Setting the depth limit too high may result in stack overflows +; during unserialization. The unserialize_max_depth ini setting can be +; overridden by the max_depth option on individual unserialize() calls. +; A value of 0 disables the depth limit. +;unserialize_max_depth = 4096 + +; When floats & doubles are serialized, store serialize_precision significant ; digits after the floating point. The default value ensures that when floats ; are decoded with unserialize, the data will remain the same. -serialize_precision = 17 +; The value is also used for json_encode when encoding double values. +; If -1 is used, then dtoa mode 0 is used which automatically select the best +; precision. +serialize_precision = -1 ; open_basedir, if set, limits all file operations to the defined directory ; and below. This directive makes most sense if used in a per-directory -; or per-virtualhost web server configuration file. This directive is -; *NOT* affected by whether Safe Mode is turned On or Off. -; http://php.net/open-basedir +; or per-virtualhost web server configuration file. +; Note: disables the realpath cache +; https://php.net/open-basedir ;open_basedir = -; This directive allows you to disable certain functions for security reasons. -; It receives a comma-delimited list of function names. This directive is -; *NOT* affected by whether Safe Mode is turned On or Off. -; http://php.net/disable-functions +; This directive allows you to disable certain functions. +; It receives a comma-delimited list of function names. +; https://php.net/disable-functions disable_functions = -; This directive allows you to disable certain classes for security reasons. -; It receives a comma-delimited list of class names. This directive is -; *NOT* affected by whether Safe Mode is turned On or Off. -; http://php.net/disable-classes +; This directive allows you to disable certain classes. +; It receives a comma-delimited list of class names. +; https://php.net/disable-classes disable_classes = ; Colors for Syntax Highlighting mode. Anything that's acceptable in ; would work. -; http://php.net/syntax-highlighting +; https://php.net/syntax-highlighting ;highlight.string = #DD0000 ;highlight.comment = #FF9900 ;highlight.keyword = #007700 @@ -333,37 +340,54 @@ disable_classes = ; the request. Consider enabling it if executing long requests, which may end up ; being interrupted by the user or a browser timing out. PHP's default behavior ; is to disable this feature. -; http://php.net/ignore-user-abort +; https://php.net/ignore-user-abort ;ignore_user_abort = On ; Determines the size of the realpath cache to be used by PHP. This value should ; be increased on systems where PHP opens many files to reflect the quantity of ; the file operations performed. -; http://php.net/realpath-cache-size -;realpath_cache_size = 16k +; Note: if open_basedir is set, the cache is disabled +; https://php.net/realpath-cache-size +;realpath_cache_size = 4096k ; Duration of time, in seconds for which to cache realpath information for a given ; file or directory. For systems with rarely changing files, consider increasing this ; value. -; http://php.net/realpath-cache-ttl +; https://php.net/realpath-cache-ttl ;realpath_cache_ttl = 120 ; Enables or disables the circular reference collector. -; http://php.net/zend.enable-gc +; https://php.net/zend.enable-gc zend.enable_gc = On ; If enabled, scripts may be written in encodings that are incompatible with ; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such ; encodings. To use this feature, mbstring extension must be enabled. -; Default: Off ;zend.multibyte = Off ; Allows to set the default encoding for the scripts. This value will be used ; unless "declare(encoding=...)" directive appears at the top of the script. ; Only affects if zend.multibyte is set. -; Default: "" ;zend.script_encoding = +; Allows to include or exclude arguments from stack traces generated for exceptions. +; In production, it is recommended to turn this setting on to prohibit the output +; of sensitive information in stack traces +; Default Value: Off +; Development Value: Off +; Production Value: On +zend.exception_ignore_args = On + +; Allows setting the maximum string length in an argument of a stringified stack trace +; to a value between 0 and 1000000. +; This has no effect when zend.exception_ignore_args is enabled. +; Default Value: 15 +; Development Value: 15 +; Production Value: 0 +; In production, it is recommended to set this to 0 to reduce the output +; of sensitive information in stack traces. +zend.exception_string_param_max_len = 0 + ;;;;;;;;;;;;;;;;; ; Miscellaneous ; ;;;;;;;;;;;;;;;;; @@ -372,7 +396,7 @@ zend.enable_gc = On ; (e.g. by adding its signature to the Web server header). It is no security ; threat in any way, but it makes it possible to determine whether you use PHP ; on your server or not. -; http://php.net/expose-php +; https://php.net/expose-php expose_php = On ;;;;;;;;;;;;;;;;;;; @@ -380,7 +404,7 @@ expose_php = On ;;;;;;;;;;;;;;;;;;; ; Maximum execution time of each script, in seconds -; http://php.net/max-execution-time +; https://php.net/max-execution-time ; Note: This directive is hardcoded to 0 for the CLI SAPI max_execution_time = 30 @@ -391,19 +415,19 @@ max_execution_time = 30 ; Default Value: -1 (Unlimited) ; Development Value: 60 (60 seconds) ; Production Value: 60 (60 seconds) -; http://php.net/max-input-time +; https://php.net/max-input-time max_input_time = 60 ; Maximum input variable nesting level -; http://php.net/max-input-nesting-level +; https://php.net/max-input-nesting-level ;max_input_nesting_level = 64 ; How many GET/POST/COOKIE input variables may be accepted -; max_input_vars = 1000 +;max_input_vars = 1000 -; Maximum amount of memory a script may consume (128MB) -; http://php.net/memory-limit -memory_limit = -1 +; Maximum amount of memory a script may consume +; https://php.net/memory-limit +memory_limit = 128M ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; ; Error handling and logging ; @@ -433,7 +457,7 @@ memory_limit = -1 ; E_NOTICE - run-time notices (these are warnings which often result ; from a bug in your code, but it's possible that it was ; intentional (e.g., using an uninitialized variable and -; relying on the fact it's automatically initialized to an +; relying on the fact it is automatically initialized to an ; empty string) ; E_STRICT - run-time notices, enable to have PHP suggest changes ; to your code which will ensure the best interoperability @@ -455,10 +479,10 @@ memory_limit = -1 ; E_ALL & ~E_NOTICE (Show all errors, except for notices) ; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.) ; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors) -; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED +; Default Value: E_ALL ; Development Value: E_ALL ; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT -; http://php.net/error-reporting +; https://php.net/error-reporting error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT ; This directive controls whether or not and where PHP will output errors, @@ -466,8 +490,8 @@ error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT ; it could be very dangerous in production environments. Depending on the code ; which is triggering the error, sensitive information could potentially leak ; out of your application such as database usernames and passwords or worse. -; It's recommended that errors be logged on production servers rather than -; having the errors sent to STDOUT. +; For production environments, we recommend logging errors rather than +; sending them to STDOUT. ; Possible Values: ; Off = Do not display any errors ; stderr = Display errors to STDERR (affects only CGI/CLI binaries!) @@ -475,18 +499,16 @@ error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT ; Default Value: On ; Development Value: On ; Production Value: Off -; http://php.net/display-errors +; https://php.net/display-errors display_errors = Off ; The display of errors which occur during PHP's startup sequence are handled -; separately from display_errors. PHP's default behavior is to suppress those -; errors from clients. Turning the display of startup errors on can be useful in -; debugging configuration problems. But, it's strongly recommended that you -; leave this setting off on production servers. -; Default Value: Off +; separately from display_errors. We strongly recommend you set this to 'off' +; for production servers to avoid leaking configuration details. +; Default Value: On ; Development Value: On ; Production Value: Off -; http://php.net/display-startup-errors +; https://php.net/display-startup-errors display_startup_errors = Off ; Besides displaying errors, PHP can also log errors to locations such as a @@ -496,45 +518,31 @@ display_startup_errors = Off ; Default Value: Off ; Development Value: On ; Production Value: On -; http://php.net/log-errors +; https://php.net/log-errors log_errors = On -; Set maximum length of log_errors. In error_log information about the source is -; added. The default is 1024 and 0 allows to not apply any maximum length at all. -; http://php.net/log-errors-max-len -log_errors_max_len = 1024 - ; Do not log repeated messages. Repeated errors must occur in same file on same ; line unless ignore_repeated_source is set true. -; http://php.net/ignore-repeated-errors +; https://php.net/ignore-repeated-errors ignore_repeated_errors = Off ; Ignore source of message when ignoring repeated messages. When this setting ; is On you will not log errors with repeated messages from different files or ; source lines. -; http://php.net/ignore-repeated-source +; https://php.net/ignore-repeated-source ignore_repeated_source = Off ; If this parameter is set to Off, then memory leaks will not be shown (on -; stdout or in the log). This has only effect in a debug compile, and if +; stdout or in the log). This is only effective in a debug compile, and if ; error reporting includes E_WARNING in the allowed list -; http://php.net/report-memleaks +; https://php.net/report-memleaks report_memleaks = On -; This setting is on by default. +; This setting is off by default. ;report_zend_debug = 0 -; Store the last error/warning message in $php_errormsg (boolean). Setting this value -; to On can assist in debugging and is appropriate for development servers. It should -; however be disabled on production servers. -; Default Value: Off -; Development Value: On -; Production Value: Off -; http://php.net/track-errors -track_errors = Off - ; Turn off normal error reporting and emit XML-RPC error XML -; http://php.net/xmlrpc-errors +; https://php.net/xmlrpc-errors ;xmlrpc_errors = 0 ; An XML-RPC faultCode @@ -544,48 +552,65 @@ track_errors = Off ; error message as HTML for easier reading. This directive controls whether ; the error message is formatted as HTML or not. ; Note: This directive is hardcoded to Off for the CLI SAPI -; Default Value: On -; Development Value: On -; Production value: On -; http://php.net/html-errors -html_errors = On +; https://php.net/html-errors +;html_errors = On ; If html_errors is set to On *and* docref_root is not empty, then PHP ; produces clickable error messages that direct to a page describing the error ; or function causing the error in detail. -; You can download a copy of the PHP manual from http://php.net/docs +; You can download a copy of the PHP manual from https://php.net/docs ; and change docref_root to the base URL of your local copy including the ; leading '/'. You must also specify the file extension being used including ; the dot. PHP's default behavior is to leave these settings empty, in which ; case no links to documentation are generated. ; Note: Never use this feature for production boxes. -; http://php.net/docref-root +; https://php.net/docref-root ; Examples ;docref_root = "/phpmanual/" -; http://php.net/docref-ext +; https://php.net/docref-ext ;docref_ext = .html ; String to output before an error message. PHP's default behavior is to leave ; this setting blank. -; http://php.net/error-prepend-string +; https://php.net/error-prepend-string ; Example: ;error_prepend_string = "" ; String to output after an error message. PHP's default behavior is to leave ; this setting blank. -; http://php.net/error-append-string +; https://php.net/error-append-string ; Example: ;error_append_string = "" ; Log errors to specified file. PHP's default behavior is to leave this value ; empty. -; http://php.net/error-log +; https://php.net/error-log ; Example: ;error_log = php_errors.log -; Log errors to syslog (Event Log on NT, not valid in Windows 95). +; Log errors to syslog (Event Log on Windows). ;error_log = syslog +; The syslog ident is a string which is prepended to every message logged +; to syslog. Only used when error_log is set to syslog. +;syslog.ident = php + +; The syslog facility is used to specify what type of program is logging +; the message. Only used when error_log is set to syslog. +;syslog.facility = user + +; Set this to disable filtering control characters (the default). +; Some loggers only accept NVT-ASCII, others accept anything that's not +; control characters. If your logger accepts everything, then no filtering +; is needed at all. +; Allowed values are: +; ascii (all printable ASCII characters and NL) +; no-ctrl (all characters except control characters) +; all (all characters) +; raw (like "all", but messages are not split at newlines) +; https://php.net/syslog.filter +;syslog.filter = ascii + ;windows.show_crt_warning ; Default value: 0 ; Development value: 0 @@ -597,14 +622,14 @@ html_errors = On ; The separator used in PHP generated URLs to separate arguments. ; PHP's default setting is "&". -; http://php.net/arg-separator.output +; https://php.net/arg-separator.output ; Example: ;arg_separator.output = "&" ; List of separator(s) used by PHP to parse input URLs into variables. ; PHP's default setting is "&". ; NOTE: Every character in this directive is considered as separator! -; http://php.net/arg-separator.input +; https://php.net/arg-separator.input ; Example: ;arg_separator.input = ";&" @@ -618,20 +643,20 @@ html_errors = On ; Default Value: "EGPCS" ; Development Value: "GPCS" ; Production Value: "GPCS"; -; http://php.net/variables-order +; https://php.net/variables-order variables_order = "GPCS" -; This directive determines which super global data (G,P,C,E & S) should -; be registered into the super global array REQUEST. If so, it also determines -; the order in which that data is registered. The values for this directive are -; specified in the same manner as the variables_order directive, EXCEPT one. -; Leaving this value empty will cause PHP to use the value set in the -; variables_order directive. It does not mean it will leave the super globals -; array REQUEST empty. +; This directive determines which super global data (G,P & C) should be +; registered into the super global array REQUEST. If so, it also determines +; the order in which that data is registered. The values for this directive +; are specified in the same manner as the variables_order directive, +; EXCEPT one. Leaving this value empty will cause PHP to use the value set +; in the variables_order directive. It does not mean it will leave the super +; globals array REQUEST empty. ; Default Value: None ; Development Value: "GP" ; Production Value: "GP" -; http://php.net/request-order +; https://php.net/request-order request_order = "GP" ; This directive determines whether PHP registers $argv & $argc each time it @@ -646,15 +671,15 @@ request_order = "GP" ; Default Value: On ; Development Value: Off ; Production Value: Off -; http://php.net/register-argc-argv +; https://php.net/register-argc-argv register_argc_argv = Off ; When enabled, the ENV, REQUEST and SERVER variables are created when they're ; first used (Just In Time) instead of when the script starts. If these ; variables are not used within a script, having this directive on will result ; in a performance gain. The PHP directive register_argc_argv must be disabled -; for this directive to have any affect. -; http://php.net/auto-globals-jit +; for this directive to have any effect. +; https://php.net/auto-globals-jit auto_globals_jit = On ; Whether PHP will read the POST data. @@ -663,88 +688,97 @@ auto_globals_jit = On ; and $_FILES to always be empty; the only way you will be able to read the ; POST data will be through the php://input stream wrapper. This can be useful ; to proxy requests or to process the POST data in a memory efficient fashion. -; http://php.net/enable-post-data-reading +; https://php.net/enable-post-data-reading ;enable_post_data_reading = Off ; Maximum size of POST data that PHP will accept. ; Its value may be 0 to disable the limit. It is ignored if POST data reading ; is disabled through enable_post_data_reading. -; http://php.net/post-max-size +; https://php.net/post-max-size post_max_size = 8M ; Automatically add files before PHP document. -; http://php.net/auto-prepend-file +; https://php.net/auto-prepend-file auto_prepend_file = ; Automatically add files after PHP document. -; http://php.net/auto-append-file +; https://php.net/auto-append-file auto_append_file = -; By default, PHP will output a character encoding using -; the Content-type: header. To disable sending of the charset, simply -; set it to be empty. +; By default, PHP will output a media type using the Content-Type header. To +; disable this, simply set it to be empty. ; -; PHP's built-in default is text/html -; http://php.net/default-mimetype +; PHP's built-in default media type is set to text/html. +; https://php.net/default-mimetype default_mimetype = "text/html" -; PHP's default character set is set to empty. -; http://php.net/default-charset -;default_charset = "UTF-8" +; PHP's default character set is set to UTF-8. +; https://php.net/default-charset +default_charset = "UTF-8" + +; PHP internal character encoding is set to empty. +; If empty, default_charset is used. +; https://php.net/internal-encoding +;internal_encoding = + +; PHP input character encoding is set to empty. +; If empty, default_charset is used. +; https://php.net/input-encoding +;input_encoding = -; Always populate the $HTTP_RAW_POST_DATA variable. PHP's default behavior is -; to disable this feature. If post reading is disabled through -; enable_post_data_reading, $HTTP_RAW_POST_DATA is *NOT* populated. -; http://php.net/always-populate-raw-post-data -;always_populate_raw_post_data = On +; PHP output character encoding is set to empty. +; If empty, default_charset is used. +; See also output_buffer. +; https://php.net/output-encoding +;output_encoding = ;;;;;;;;;;;;;;;;;;;;;;;;; ; Paths and Directories ; ;;;;;;;;;;;;;;;;;;;;;;;;; ; UNIX: "/path1:/path2" -;include_path = ".:/usr/share/php" +include_path = ".:/usr/share/php81" ; ; Windows: "\path1;\path2" ;include_path = ".;c:\php\includes" ; ; PHP's default setting for include_path is ".;/path/to/php/pear" -; http://php.net/include-path +; https://php.net/include-path ; The root of the PHP pages, used only if nonempty. ; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root ; if you are running php as a CGI under any web server (other than IIS) ; see documentation for security issues. The alternate is to use the ; cgi.force_redirect configuration below -; http://php.net/doc-root +; https://php.net/doc-root doc_root = ; The directory under which PHP opens the script using /~username used only ; if nonempty. -; http://php.net/user-dir +; https://php.net/user-dir user_dir = ; Directory in which the loadable extensions (modules) reside. -; http://php.net/extension-dir -; extension_dir = "./" +; https://php.net/extension-dir +;extension_dir = "./" ; On windows: -; extension_dir = "ext" +;extension_dir = "ext" ; Directory where the temporary files should be placed. ; Defaults to the system default (see sys_get_temp_dir) -; sys_temp_dir = "/tmp" +;sys_temp_dir = "/tmp" ; Whether or not to enable the dl() function. The dl() function does NOT work ; properly in multithreaded servers, such as IIS or Zeus, and is automatically ; disabled on them. -; http://php.net/enable-dl +; https://php.net/enable-dl enable_dl = Off ; cgi.force_redirect is necessary to provide security running PHP as a CGI under ; most web servers. Left undefined, PHP turns this on by default. You can ; turn it off here AT YOUR OWN RISK ; **You CAN safely turn this off for IIS, in fact, you MUST.** -; http://php.net/cgi.force-redirect +; https://php.net/cgi.force-redirect ;cgi.force_redirect = 1 ; if cgi.nph is enabled it will force cgi to always sent Status: 200 with @@ -755,7 +789,7 @@ enable_dl = Off ; (iPlanet) web servers, you MAY need to set an environment variable name that PHP ; will look for to know it is OK to continue execution. Setting this variable MAY ; cause security issues, KNOW WHAT YOU ARE DOING FIRST. -; http://php.net/cgi.redirect-status-env +; https://php.net/cgi.redirect-status-env ;cgi.redirect_status_env = ; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's @@ -764,15 +798,19 @@ enable_dl = Off ; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting ; of zero causes PHP to behave as before. Default is 1. You should fix your scripts ; to use SCRIPT_FILENAME rather than PATH_TRANSLATED. -; http://php.net/cgi.fix-pathinfo +; https://php.net/cgi.fix-pathinfo ;cgi.fix_pathinfo=1 -; FastCGI under IIS (on WINNT based OS) supports the ability to impersonate +; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside +; of the web tree and people will not be able to circumvent .htaccess security. +;cgi.discard_path=1 + +; FastCGI under IIS supports the ability to impersonate ; security tokens of the calling client. This allows IIS to define the ; security context that the request runs under. mod_fastcgi under Apache ; does not currently support this feature (03/17/2002) ; Set to 1 if running under IIS. Default is zero. -; http://php.net/fastcgi.impersonate +; https://php.net/fastcgi.impersonate ;fastcgi.impersonate = 1 ; Disable logging through FastCGI connection. PHP's default behavior is to enable @@ -780,28 +818,35 @@ enable_dl = Off ;fastcgi.logging = 0 ; cgi.rfc2616_headers configuration option tells PHP what type of headers to -; use when sending HTTP response code. If it's set 0 PHP sends Status: header that -; is supported by Apache. When this option is set to 1 PHP will send +; use when sending HTTP response code. If set to 0, PHP sends Status: header that +; is supported by Apache. When this option is set to 1, PHP will send ; RFC2616 compliant header. ; Default is zero. -; http://php.net/cgi.rfc2616-headers +; https://php.net/cgi.rfc2616-headers ;cgi.rfc2616_headers = 0 +; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #! +; (shebang) at the top of the running script. This line might be needed if the +; script support running both as stand-alone script and via PHP CGI<. PHP in CGI +; mode skips this line and ignores its content if this directive is turned on. +; https://php.net/cgi.check-shebang-line +;cgi.check_shebang_line=1 + ;;;;;;;;;;;;;;;; ; File Uploads ; ;;;;;;;;;;;;;;;; ; Whether to allow HTTP file uploads. -; http://php.net/file-uploads +; https://php.net/file-uploads file_uploads = On ; Temporary directory for HTTP uploaded files (will use system default if not ; specified). -; http://php.net/upload-tmp-dir +; https://php.net/upload-tmp-dir ;upload_tmp_dir = ; Maximum allowed size for uploaded files. -; http://php.net/upload-max-filesize +; https://php.net/upload-max-filesize upload_max_filesize = 2M ; Maximum number of files that can be uploaded via a single request @@ -812,24 +857,24 @@ max_file_uploads = 20 ;;;;;;;;;;;;;;;;;; ; Whether to allow the treatment of URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-fopen +; https://php.net/allow-url-fopen allow_url_fopen = On -; Whether to allow include/require to open URLs (like http:// or ftp://) as files. -; http://php.net/allow-url-include +; Whether to allow include/require to open URLs (like https:// or ftp://) as files. +; https://php.net/allow-url-include allow_url_include = Off ; Define the anonymous ftp password (your email address). PHP's default setting ; for this is empty. -; http://php.net/from +; https://php.net/from ;from="john@doe.com" ; Define the User-Agent string. PHP's default setting for this is empty. -; http://php.net/user-agent +; https://php.net/user-agent ;user_agent="PHP" ; Default timeout for socket based streams (seconds) -; http://php.net/default-socket-timeout +; https://php.net/default-socket-timeout default_socket_timeout = 60 ; If your scripts have to deal with files from Macintosh systems, @@ -837,7 +882,7 @@ default_socket_timeout = 60 ; unix or win32 systems, setting this flag will cause PHP to ; automatically detect the EOL character in those files so that ; fgets() and file() will work regardless of the source of the file. -; http://php.net/auto-detect-line-endings +; https://php.net/auto-detect-line-endings ;auto_detect_line_endings = Off ;;;;;;;;;;;;;;;;;;;;;; @@ -847,23 +892,72 @@ default_socket_timeout = 60 ; If you wish to have an extension loaded automatically, use the following ; syntax: ; -; extension=modulename.extension +; extension=modulename ; -; For example, on Windows: +; For example: ; -; extension=msql.dll +; extension=mysqli ; -; ... or under UNIX: +; When the extension library to load is not located in the default extension +; directory, You may specify an absolute path to the library file: ; -; extension=msql.so +; extension=/path/to/extension/mysqli.so ; -; ... or with a path: +; Note : The syntax used in previous PHP versions ('extension=.so' and +; 'extension='php_.dll') is supported for legacy reasons and may be +; deprecated in a future PHP major version. So, when it is possible, please +; move to the new ('extension=) syntax. ; -; extension=/path/to/extension/msql.so +; Notes for Windows environments : ; -; If you only provide the name of the extension, PHP will look for it in its -; default extension directory. +; - Many DLL files are located in the extensions/ (PHP 4) or ext/ (PHP 5+) +; extension folders as well as the separate PECL DLL download (PHP 5+). +; Be sure to appropriately set the extension_dir directive. ; +;extension=bz2 + +; The ldap extension must be before curl if OpenSSL 1.0.2 and OpenLDAP is used +; otherwise it results in segfault when unloading after using SASL. +; See https://github.com/php/php-src/issues/8620 for more info. +;extension=ldap + +;extension=curl +;extension=ffi +;extension=ftp +;extension=fileinfo +;extension=gd +;extension=gettext +;extension=gmp +;extension=intl +;extension=imap +;extension=mbstring +;extension=exif ; Must be after mbstring as it depends on it +;extension=mysqli +;extension=oci8_12c ; Use with Oracle Database 12c Instant Client +;extension=oci8_19 ; Use with Oracle Database 19 Instant Client +;extension=odbc +;extension=openssl +;extension=pdo_firebird +;extension=pdo_mysql +;extension=pdo_oci +;extension=pdo_odbc +;extension=pdo_pgsql +;extension=pdo_sqlite +;extension=pgsql +;extension=shmop + +; The MIBS data available in the PHP distribution must be installed. +; See https://www.php.net/manual/en/snmp.installation.php +;extension=snmp + +;extension=soap +;extension=sockets +;extension=sodium +;extension=sqlite3 +;extension=tidy +;extension=xsl + +;zend_extension=opcache ;;;;;;;;;;;;;;;;;;; ; Module Settings ; @@ -875,32 +969,52 @@ cli_server.color = On [Date] ; Defines the default timezone used by the date functions -; http://php.net/date.timezone -date.timezone = "Europe/Berlin" +; https://php.net/date.timezone +;date.timezone = -; http://php.net/date.default-latitude +; https://php.net/date.default-latitude ;date.default_latitude = 31.7667 -; http://php.net/date.default-longitude +; https://php.net/date.default-longitude ;date.default_longitude = 35.2333 -; http://php.net/date.sunrise-zenith -;date.sunrise_zenith = 90.583333 +; https://php.net/date.sunrise-zenith +;date.sunrise_zenith = 90.833333 -; http://php.net/date.sunset-zenith -;date.sunset_zenith = 90.583333 +; https://php.net/date.sunset-zenith +;date.sunset_zenith = 90.833333 [filter] -; http://php.net/filter.default +; https://php.net/filter.default ;filter.default = unsafe_raw -; http://php.net/filter.default-flags +; https://php.net/filter.default-flags ;filter.default_flags = [iconv] -;iconv.input_encoding = ISO-8859-1 -;iconv.internal_encoding = ISO-8859-1 -;iconv.output_encoding = ISO-8859-1 +; Use of this INI entry is deprecated, use global input_encoding instead. +; If empty, default_charset or input_encoding or iconv.input_encoding is used. +; The precedence is: default_charset < input_encoding < iconv.input_encoding +;iconv.input_encoding = + +; Use of this INI entry is deprecated, use global internal_encoding instead. +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;iconv.internal_encoding = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; If empty, default_charset or output_encoding or iconv.output_encoding is used. +; The precedence is: default_charset < output_encoding < iconv.output_encoding +; To use an output encoding conversion, iconv's output handler must be set +; otherwise output encoding conversion cannot be performed. +;iconv.output_encoding = + +[imap] +; rsh/ssh logins are disabled by default. Use this INI entry if you want to +; enable them. Note that the IMAP library does not filter mailbox names before +; passing them to rsh/ssh command, thus passing untrusted data to this function +; with rsh/ssh enabled is insecure. +;imap.enable_insecure_rsh=0 [intl] ;intl.default_locale = @@ -908,93 +1022,94 @@ date.timezone = "Europe/Berlin" ; happens within intl functions. The value is the level of the error produced. ; Default is 0, which does not produce any errors. ;intl.error_level = E_WARNING - -[sqlite] -; http://php.net/sqlite.assoc-case -;sqlite.assoc_case = 0 +;intl.use_exceptions = 0 [sqlite3] +; Directory pointing to SQLite3 extensions +; https://php.net/sqlite3.extension-dir ;sqlite3.extension_dir = +; SQLite defensive mode flag (only available from SQLite 3.26+) +; When the defensive flag is enabled, language features that allow ordinary +; SQL to deliberately corrupt the database file are disabled. This forbids +; writing directly to the schema, shadow tables (eg. FTS data tables), or +; the sqlite_dbpage virtual table. +; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html +; (for older SQLite versions, this flag has no use) +;sqlite3.defensive = 1 + [Pcre] -;PCRE library backtracking limit. -; http://php.net/pcre.backtrack-limit +; PCRE library backtracking limit. +; https://php.net/pcre.backtrack-limit ;pcre.backtrack_limit=100000 -;PCRE library recursion limit. -;Please note that if you set this value to a high number you may consume all -;the available process stack and eventually crash PHP (due to reaching the -;stack size limit imposed by the Operating System). -; http://php.net/pcre.recursion-limit +; PCRE library recursion limit. +; Please note that if you set this value to a high number you may consume all +; the available process stack and eventually crash PHP (due to reaching the +; stack size limit imposed by the Operating System). +; https://php.net/pcre.recursion-limit ;pcre.recursion_limit=100000 +; Enables or disables JIT compilation of patterns. This requires the PCRE +; library to be compiled with JIT support. +;pcre.jit=1 + [Pdo] ; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off" -; http://php.net/pdo-odbc.connection-pooling +; https://php.net/pdo-odbc.connection-pooling ;pdo_odbc.connection_pooling=strict -;pdo_odbc.db2_instance_name - [Pdo_mysql] -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/pdo_mysql.cache_size -pdo_mysql.cache_size = 2000 - ; Default socket name for local MySQL connects. If empty, uses the built-in ; MySQL defaults. -; http://php.net/pdo_mysql.default-socket pdo_mysql.default_socket= [Phar] -; http://php.net/phar.readonly +; https://php.net/phar.readonly ;phar.readonly = On -; http://php.net/phar.require-hash +; https://php.net/phar.require-hash ;phar.require_hash = On ;phar.cache_list = [mail function] ; For Win32 only. -; http://php.net/smtp +; https://php.net/smtp SMTP = localhost -; http://php.net/smtp-port +; https://php.net/smtp-port smtp_port = 25 ; For Win32 only. -; http://php.net/sendmail-from +; https://php.net/sendmail-from ;sendmail_from = me@example.com ; For Unix only. You may supply arguments as well (default: "sendmail -t -i"). -; http://php.net/sendmail-path +; https://php.net/sendmail-path ;sendmail_path = ; Force the addition of the specified parameters to be passed as extra parameters ; to the sendmail binary. These parameters will always replace the value of -; the 5th parameter to mail(), even in safe mode. +; the 5th parameter to mail(). ;mail.force_extra_parameters = ; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename -mail.add_x_header = On +mail.add_x_header = Off ; The path to a log file that will log all mail() calls. Log entries include ; the full path of the script, line number, To address and headers. ;mail.log = -; Log mail to syslog (Event Log on NT, not valid in Windows 95). +; Log mail to syslog (Event Log on Windows). ;mail.log = syslog -[SQL] -; http://php.net/sql.safe-mode -sql.safe_mode = Off - [ODBC] -; http://php.net/odbc.default-db +; https://php.net/odbc.default-db ;odbc.default_db = Not yet implemented -; http://php.net/odbc.default-user +; https://php.net/odbc.default-user ;odbc.default_user = Not yet implemented -; http://php.net/odbc.default-pw +; https://php.net/odbc.default-pw ;odbc.default_pw = Not yet implemented ; Controls the ODBC cursor model. @@ -1002,163 +1117,72 @@ sql.safe_mode = Off ;odbc.default_cursortype ; Allow or prevent persistent links. -; http://php.net/odbc.allow-persistent +; https://php.net/odbc.allow-persistent odbc.allow_persistent = On ; Check that a connection is still valid before reuse. -; http://php.net/odbc.check-persistent +; https://php.net/odbc.check-persistent odbc.check_persistent = On ; Maximum number of persistent links. -1 means no limit. -; http://php.net/odbc.max-persistent +; https://php.net/odbc.max-persistent odbc.max_persistent = -1 ; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://php.net/odbc.max-links +; https://php.net/odbc.max-links odbc.max_links = -1 ; Handling of LONG fields. Returns number of bytes to variables. 0 means ; passthru. -; http://php.net/odbc.defaultlrl +; https://php.net/odbc.defaultlrl odbc.defaultlrl = 4096 ; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char. ; See the documentation on odbc_binmode and odbc_longreadlen for an explanation ; of odbc.defaultlrl and odbc.defaultbinmode -; http://php.net/odbc.defaultbinmode +; https://php.net/odbc.defaultbinmode odbc.defaultbinmode = 1 -;birdstep.max_links = -1 - -[Interbase] -; Allow or prevent persistent links. -ibase.allow_persistent = 1 - -; Maximum number of persistent links. -1 means no limit. -ibase.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -ibase.max_links = -1 - -; Default database name for ibase_connect(). -;ibase.default_db = - -; Default username for ibase_connect(). -;ibase.default_user = - -; Default password for ibase_connect(). -;ibase.default_password = - -; Default charset for ibase_connect(). -;ibase.default_charset = - -; Default timestamp format. -ibase.timestampformat = "%Y-%m-%d %H:%M:%S" - -; Default date format. -ibase.dateformat = "%Y-%m-%d" - -; Default time format. -ibase.timeformat = "%H:%M:%S" - -[MySQL] -; Allow accessing, from PHP's perspective, local files with LOAD DATA statements -; http://php.net/mysql.allow_local_infile -mysql.allow_local_infile = On - -; Allow or prevent persistent links. -; http://php.net/mysql.allow-persistent -mysql.allow_persistent = On - -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/mysql.cache_size -mysql.cache_size = 2000 - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/mysql.max-persistent -mysql.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://php.net/mysql.max-links -mysql.max_links = -1 - -; Default port number for mysql_connect(). If unset, mysql_connect() will use -; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the -; compile-time value defined MYSQL_PORT (in that order). Win32 will only look -; at MYSQL_PORT. -; http://php.net/mysql.default-port -mysql.default_port = - -; Default socket name for local MySQL connects. If empty, uses the built-in -; MySQL defaults. -; http://php.net/mysql.default-socket -mysql.default_socket = - -; Default host for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysql.default-host -mysql.default_host = - -; Default user for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysql.default-user -mysql.default_user = - -; Default password for mysql_connect() (doesn't apply in safe mode). -; Note that this is generally a *bad* idea to store passwords in this file. -; *Any* user with PHP access can run 'echo get_cfg_var("mysql.default_password") -; and reveal this password! And of course, any users with read access to this -; file will be able to reveal the password as well. -; http://php.net/mysql.default-password -mysql.default_password = - -; Maximum time (in seconds) for connect timeout. -1 means no limit -; http://php.net/mysql.connect-timeout -mysql.connect_timeout = 60 - -; Trace mode. When trace_mode is active (=On), warnings for table/index scans and -; SQL-Errors will be displayed. -; http://php.net/mysql.trace-mode -mysql.trace_mode = Off - [MySQLi] ; Maximum number of persistent links. -1 means no limit. -; http://php.net/mysqli.max-persistent +; https://php.net/mysqli.max-persistent mysqli.max_persistent = -1 ; Allow accessing, from PHP's perspective, local files with LOAD DATA statements -; http://php.net/mysqli.allow_local_infile +; https://php.net/mysqli.allow_local_infile ;mysqli.allow_local_infile = On +; It allows the user to specify a folder where files that can be sent via LOAD DATA +; LOCAL can exist. It is ignored if mysqli.allow_local_infile is enabled. +;mysqli.local_infile_directory = + ; Allow or prevent persistent links. -; http://php.net/mysqli.allow-persistent +; https://php.net/mysqli.allow-persistent mysqli.allow_persistent = On ; Maximum number of links. -1 means no limit. -; http://php.net/mysqli.max-links +; https://php.net/mysqli.max-links mysqli.max_links = -1 -; If mysqlnd is used: Number of cache slots for the internal result set cache -; http://php.net/mysqli.cache_size -mysqli.cache_size = 2000 - ; Default port number for mysqli_connect(). If unset, mysqli_connect() will use ; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the ; compile-time value defined MYSQL_PORT (in that order). Win32 will only look ; at MYSQL_PORT. -; http://php.net/mysqli.default-port +; https://php.net/mysqli.default-port mysqli.default_port = 3306 ; Default socket name for local MySQL connects. If empty, uses the built-in ; MySQL defaults. -; http://php.net/mysqli.default-socket +; https://php.net/mysqli.default-socket mysqli.default_socket = -; Default host for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-host +; Default host for mysqli_connect() (doesn't apply in safe mode). +; https://php.net/mysqli.default-host mysqli.default_host = -; Default user for mysql_connect() (doesn't apply in safe mode). -; http://php.net/mysqli.default-user +; Default user for mysqli_connect() (doesn't apply in safe mode). +; https://php.net/mysqli.default-user mysqli.default_user = ; Default password for mysqli_connect() (doesn't apply in safe mode). @@ -1166,55 +1190,74 @@ mysqli.default_user = ; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw") ; and reveal this password! And of course, any users with read access to this ; file will be able to reveal the password as well. -; http://php.net/mysqli.default-pw +; https://php.net/mysqli.default-pw mysqli.default_pw = ; Allow or prevent reconnect mysqli.reconnect = Off +; If this option is enabled, closing a persistent connection will rollback +; any pending transactions of this connection, before it is put back +; into the persistent connection pool. +;mysqli.rollback_on_cached_plink = Off + [mysqlnd] ; Enable / Disable collection of general statistics by mysqlnd which can be ; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_statistics mysqlnd.collect_statistics = On ; Enable / Disable collection of memory usage statistics by mysqlnd which can be ; used to tune and monitor MySQL operations. -; http://php.net/mysqlnd.collect_memory_statistics mysqlnd.collect_memory_statistics = Off +; Records communication from all extensions using mysqlnd to the specified log +; file. +; https://php.net/mysqlnd.debug +;mysqlnd.debug = + +; Defines which queries will be logged. +;mysqlnd.log_mask = 0 + +; Default size of the mysqlnd memory pool, which is used by result sets. +;mysqlnd.mempool_default_size = 16000 + ; Size of a pre-allocated buffer used when sending commands to MySQL in bytes. -; http://php.net/mysqlnd.net_cmd_buffer_size ;mysqlnd.net_cmd_buffer_size = 2048 ; Size of a pre-allocated buffer used for reading data sent by the server in ; bytes. -; http://php.net/mysqlnd.net_read_buffer_size ;mysqlnd.net_read_buffer_size = 32768 +; Timeout for network requests in seconds. +;mysqlnd.net_read_timeout = 31536000 + +; SHA-256 Authentication Plugin related. File with the MySQL server public RSA +; key. +;mysqlnd.sha256_server_public_key = + [OCI8] ; Connection: Enables privileged connections using external ; credentials (OCI_SYSOPER, OCI_SYSDBA) -; http://php.net/oci8.privileged-connect +; https://php.net/oci8.privileged-connect ;oci8.privileged_connect = Off ; Connection: The maximum number of persistent OCI8 connections per ; process. Using -1 means no limit. -; http://php.net/oci8.max-persistent +; https://php.net/oci8.max-persistent ;oci8.max_persistent = -1 ; Connection: The maximum number of seconds a process is allowed to ; maintain an idle persistent connection. Using -1 means idle ; persistent connections will be maintained forever. -; http://php.net/oci8.persistent-timeout +; https://php.net/oci8.persistent-timeout ;oci8.persistent_timeout = -1 ; Connection: The number of seconds that must pass before issuing a ; ping during oci_pconnect() to check the connection validity. When ; set to 0, each oci_pconnect() will cause a ping. Using -1 disables ; pings completely. -; http://php.net/oci8.ping-interval +; https://php.net/oci8.ping-interval ;oci8.ping_interval = 60 ; Connection: Set this to a user chosen connection class to be used @@ -1232,98 +1275,59 @@ mysqlnd.collect_memory_statistics = Off ; Tuning: This option enables statement caching, and specifies how ; many statements to cache. Using 0 disables statement caching. -; http://php.net/oci8.statement-cache-size +; https://php.net/oci8.statement-cache-size ;oci8.statement_cache_size = 20 ; Tuning: Enables statement prefetching and sets the default number of ; rows that will be fetched automatically after statement execution. -; http://php.net/oci8.default-prefetch +; https://php.net/oci8.default-prefetch ;oci8.default_prefetch = 100 ; Compatibility. Using On means oci_close() will not close ; oci_connect() and oci_new_connect() connections. -; http://php.net/oci8.old-oci-close-semantics +; https://php.net/oci8.old-oci-close-semantics ;oci8.old_oci_close_semantics = Off [PostgreSQL] ; Allow or prevent persistent links. -; http://php.net/pgsql.allow-persistent +; https://php.net/pgsql.allow-persistent pgsql.allow_persistent = On ; Detect broken persistent links always with pg_pconnect(). ; Auto reset feature requires a little overheads. -; http://php.net/pgsql.auto-reset-persistent +; https://php.net/pgsql.auto-reset-persistent pgsql.auto_reset_persistent = Off ; Maximum number of persistent links. -1 means no limit. -; http://php.net/pgsql.max-persistent +; https://php.net/pgsql.max-persistent pgsql.max_persistent = -1 ; Maximum number of links (persistent+non persistent). -1 means no limit. -; http://php.net/pgsql.max-links +; https://php.net/pgsql.max-links pgsql.max_links = -1 ; Ignore PostgreSQL backends Notice message or not. ; Notice message logging require a little overheads. -; http://php.net/pgsql.ignore-notice +; https://php.net/pgsql.ignore-notice pgsql.ignore_notice = 0 ; Log PostgreSQL backends Notice message or not. ; Unless pgsql.ignore_notice=0, module cannot log notice message. -; http://php.net/pgsql.log-notice +; https://php.net/pgsql.log-notice pgsql.log_notice = 0 -[Sybase-CT] -; Allow or prevent persistent links. -; http://php.net/sybct.allow-persistent -sybct.allow_persistent = On - -; Maximum number of persistent links. -1 means no limit. -; http://php.net/sybct.max-persistent -sybct.max_persistent = -1 - -; Maximum number of links (persistent + non-persistent). -1 means no limit. -; http://php.net/sybct.max-links -sybct.max_links = -1 - -; Minimum server message severity to display. -; http://php.net/sybct.min-server-severity -sybct.min_server_severity = 10 - -; Minimum client message severity to display. -; http://php.net/sybct.min-client-severity -sybct.min_client_severity = 10 - -; Set per-context timeout -; http://php.net/sybct.timeout -;sybct.timeout= - -;sybct.packet_size - -; The maximum time in seconds to wait for a connection attempt to succeed before returning failure. -; Default: one minute -;sybct.login_timeout= - -; The name of the host you claim to be connecting from, for display by sp_who. -; Default: none -;sybct.hostname= - -; Allows you to define how often deadlocks are to be retried. -1 means "forever". -; Default: 0 -;sybct.deadlock_retry_count= - [bcmath] ; Number of decimal digits for all bcmath functions. -; http://php.net/bcmath.scale +; https://php.net/bcmath.scale bcmath.scale = 0 [browscap] -; http://php.net/browscap +; https://php.net/browscap ;browscap = extra/browscap.ini [Session] ; Handler used to store/retrieve data. -; http://php.net/session.save-handler +; https://php.net/session.save-handler session.save_handler = files ; Argument passed to save_handler. In the case of files, this is the path @@ -1336,9 +1340,9 @@ session.save_handler = files ; ; where N is an integer. Instead of storing all the session files in ; /path, what this will do is use subdirectories N-levels deep, and -; store the session data in those directories. This is useful if you -; or your OS have problems with lots of files in one directory, and is -; a more efficient layout for servers that handle lots of sessions. +; store the session data in those directories. This is useful if +; your OS has problems with many files in one directory, and is +; a more efficient layout for servers that handle many sessions. ; ; NOTE 1: PHP will not create this directory structure automatically. ; You can use the script in the ext/session dir for that purpose. @@ -1352,153 +1356,116 @@ session.save_handler = files ; ; where MODE is the octal representation of the mode. Note that this ; does not overwrite the process's umask. -; http://php.net/session.save-path -;session.save_path = "/var/lib/php5" +; https://php.net/session.save-path +;session.save_path = "/tmp" ; Whether to use strict session mode. -; Strict session mode does not accept uninitialized session ID and regenerate -; session ID if browser sends uninitialized session ID. Strict mode protects -; applications from session fixation via session adoption vulnerability. It is -; disabled by default for maximum compatibility, but enabling it is encouraged. +; Strict session mode does not accept an uninitialized session ID, and +; regenerates the session ID if the browser sends an uninitialized session ID. +; Strict mode protects applications from session fixation via a session adoption +; vulnerability. It is disabled by default for maximum compatibility, but +; enabling it is encouraged. ; https://wiki.php.net/rfc/strict_sessions session.use_strict_mode = 0 ; Whether to use cookies. -; http://php.net/session.use-cookies +; https://php.net/session.use-cookies session.use_cookies = 1 -; http://php.net/session.cookie-secure +; https://php.net/session.cookie-secure ;session.cookie_secure = ; This option forces PHP to fetch and use a cookie for storing and maintaining ; the session id. We encourage this operation as it's very helpful in combating ; session hijacking when not specifying and managing your own session id. It is -; not the end all be all of session hijacking defense, but it's a good start. -; http://php.net/session.use-only-cookies +; not the be-all and end-all of session hijacking defense, but it's a good start. +; https://php.net/session.use-only-cookies session.use_only_cookies = 1 ; Name of the session (used as cookie name). -; http://php.net/session.name +; https://php.net/session.name session.name = PHPSESSID ; Initialize session on request startup. -; http://php.net/session.auto-start +; https://php.net/session.auto-start session.auto_start = 0 ; Lifetime in seconds of cookie or, if 0, until browser is restarted. -; http://php.net/session.cookie-lifetime +; https://php.net/session.cookie-lifetime session.cookie_lifetime = 0 ; The path for which the cookie is valid. -; http://php.net/session.cookie-path +; https://php.net/session.cookie-path session.cookie_path = / ; The domain for which the cookie is valid. -; http://php.net/session.cookie-domain +; https://php.net/session.cookie-domain session.cookie_domain = -; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript. -; http://php.net/session.cookie-httponly +; Whether or not to add the httpOnly flag to the cookie, which makes it +; inaccessible to browser scripting languages such as JavaScript. +; https://php.net/session.cookie-httponly session.cookie_httponly = -; Handler used to serialize data. php is the standard serializer of PHP. -; http://php.net/session.serialize-handler +; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF) +; Current valid values are "Strict", "Lax" or "None". When using "None", +; make sure to include the quotes, as `none` is interpreted like `false` in ini files. +; https://tools.ietf.org/html/draft-west-first-party-cookies-07 +session.cookie_samesite = + +; Handler used to serialize data. php is the standard serializer of PHP. +; https://php.net/session.serialize-handler session.serialize_handler = php -; Defines the probability that the 'garbage collection' process is started -; on every session initialization. The probability is calculated by using -; gc_probability/gc_divisor. Where session.gc_probability is the numerator -; and gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. +; Defines the probability that the 'garbage collection' process is started on every +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. ; Default Value: 1 ; Development Value: 1 ; Production Value: 1 -; http://php.net/session.gc-probability -session.gc_probability = 0 +; https://php.net/session.gc-probability +session.gc_probability = 1 ; Defines the probability that the 'garbage collection' process is started on every -; session initialization. The probability is calculated by using the following equation: -; gc_probability/gc_divisor. Where session.gc_probability is the numerator and -; session.gc_divisor is the denominator in the equation. Setting this value to 1 -; when the session.gc_divisor value is 100 will give you approximately a 1% chance -; the gc will run on any give request. Increasing this value to 1000 will give you -; a 0.1% chance the gc will run on any give request. For high volume production servers, -; this is a more efficient approach. +; session initialization. The probability is calculated by using gc_probability/gc_divisor, +; e.g. 1/100 means there is a 1% chance that the GC process starts on each request. +; For high volume production servers, using a value of 1000 is a more efficient approach. ; Default Value: 100 ; Development Value: 1000 ; Production Value: 1000 -; http://php.net/session.gc-divisor +; https://php.net/session.gc-divisor session.gc_divisor = 1000 ; After this number of seconds, stored data will be seen as 'garbage' and ; cleaned up by the garbage collection process. -; http://php.net/session.gc-maxlifetime +; https://php.net/session.gc-maxlifetime session.gc_maxlifetime = 1440 ; NOTE: If you are using the subdirectory option for storing session files ; (see session.save_path above), then garbage collection does *not* ; happen automatically. You will need to do your own garbage ; collection through a shell script, cron entry, or some other method. -; For example, the following script would is the equivalent of -; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): +; For example, the following script is the equivalent of setting +; session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes): ; find /path/to/sessions -cmin +24 -type f | xargs rm -; PHP 4.2 and less have an undocumented feature/bug that allows you to -; to initialize a session variable in the global scope. -; PHP 4.3 and later will warn you, if this feature is used. -; You can disable the feature and the warning separately. At this time, -; the warning is only displayed, if bug_compat_42 is enabled. This feature -; introduces some serious security problems if not handled correctly. It's -; recommended that you do not use this feature on production servers. But you -; should enable this on development servers and enable the warning as well. If you -; do not enable the feature on development servers, you won't be warned when it's -; used and debugging errors caused by this can be difficult to track down. -; Default Value: On -; Development Value: On -; Production Value: Off -; http://php.net/session.bug-compat-42 -session.bug_compat_42 = Off - -; This setting controls whether or not you are warned by PHP when initializing a -; session value into the global space. session.bug_compat_42 must be enabled before -; these warnings can be issued by PHP. See the directive above for more information. -; Default Value: On -; Development Value: On -; Production Value: Off -; http://php.net/session.bug-compat-warn -session.bug_compat_warn = Off - ; Check HTTP Referer to invalidate externally stored URLs containing ids. ; HTTP_REFERER has to contain this substring for the session to be ; considered as valid. -; http://php.net/session.referer-check +; https://php.net/session.referer-check session.referer_check = -; How many bytes to read from the file. -; http://php.net/session.entropy-length -;session.entropy_length = 32 - -; Specified here to create the session id. -; http://php.net/session.entropy-file -; Defaults to /dev/urandom -; On systems that don't have /dev/urandom but do have /dev/arandom, this will default to /dev/arandom -; If neither are found at compile time, the default is no entropy file. -; On windows, setting the entropy_length setting will activate the -; Windows random source (using the CryptoAPI) -;session.entropy_file = /dev/urandom - ; Set to {nocache,private,public,} to determine HTTP caching aspects ; or leave this empty to avoid sending anti-caching headers. -; http://php.net/session.cache-limiter +; https://php.net/session.cache-limiter session.cache_limiter = nocache ; Document expires after n minutes. -; http://php.net/session.cache-expire +; https://php.net/session.cache-expire session.cache_expire = 180 ; trans sid support is disabled by default. -; Use of trans sid may risk your users security. +; Use of trans sid may risk your users' security. ; Use this option with caution. ; - User may send URL contains active session ID ; to other person via. email/irc/etc. @@ -1506,18 +1473,42 @@ session.cache_expire = 180 ; in publicly accessible computer. ; - User may access your site with the same session ID ; always using URL stored in browser's history or bookmarks. -; http://php.net/session.use-trans-sid +; https://php.net/session.use-trans-sid session.use_trans_sid = 0 -; Select a hash function for use in generating session ids. -; Possible Values -; 0 (MD5 128 bits) -; 1 (SHA-1 160 bits) -; This option may also be set to the name of any hash function supported by -; the hash extension. A list of available hashes is returned by the hash_algos() -; function. -; http://php.net/session.hash-function -session.hash_function = 0 +; Set session ID character length. This value could be between 22 to 256. +; Shorter length than default is supported only for compatibility reason. +; Users should use 32 or more chars. +; https://php.net/session.sid-length +; Default Value: 32 +; Development Value: 26 +; Production Value: 26 +session.sid_length = 26 + +; The URL rewriter will look for URLs in a defined set of HTML tags. +;
is special; if you include them here, the rewriter will +; add a hidden field with the info which is otherwise appended +; to URLs. tag's action attribute URL will not be modified +; unless it is specified. +; Note that all valid entries require a "=", even if no value follows. +; Default Value: "a=href,area=href,frame=src,form=" +; Development Value: "a=href,area=href,frame=src,form=" +; Production Value: "a=href,area=href,frame=src,form=" +; https://php.net/url-rewriter.tags +session.trans_sid_tags = "a=href,area=href,frame=src,form=" + +; URL rewriter does not rewrite absolute URLs by default. +; To enable rewrites for absolute paths, target hosts must be specified +; at RUNTIME. i.e. use ini_set() +; tags is special. PHP will check action attribute's URL regardless +; of session.trans_sid_tags setting. +; If no host is defined, HTTP_HOST will be used for allowed host. +; Example value: php.net,www.php.net,wiki.php.net +; Use "," for multiple hosts. No spaces are allowed. +; Default Value: "" +; Development Value: "" +; Production Value: "" +;session.trans_sid_hosts="" ; Define how many bits are stored in each character when converting ; the binary hash data to something readable. @@ -1528,25 +1519,14 @@ session.hash_function = 0 ; Default Value: 4 ; Development Value: 5 ; Production Value: 5 -; http://php.net/session.hash-bits-per-character -session.hash_bits_per_character = 5 - -; The URL rewriter will look for URLs in a defined set of HTML tags. -; form/fieldset are special; if you include them here, the rewriter will -; add a hidden field with the info which is otherwise appended -; to URLs. If you want XHTML conformity, remove the form entry. -; Note that all valid entries require a "=", even if no value follows. -; Default Value: "a=href,area=href,frame=src,form=,fieldset=" -; Development Value: "a=href,area=href,frame=src,input=src,form=fakeentry" -; Production Value: "a=href,area=href,frame=src,input=src,form=fakeentry" -; http://php.net/url-rewriter.tags -url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" +; https://php.net/session.hash-bits-per-character +session.sid_bits_per_character = 5 ; Enable upload progress tracking in $_SESSION ; Default Value: On ; Development Value: On ; Production Value: On -; http://php.net/session.upload-progress.enabled +; https://php.net/session.upload-progress.enabled ;session.upload_progress.enabled = On ; Cleanup the progress information as soon as all POST data has been read @@ -1554,14 +1534,14 @@ url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" ; Default Value: On ; Development Value: On ; Production Value: On -; http://php.net/session.upload-progress.cleanup +; https://php.net/session.upload-progress.cleanup ;session.upload_progress.cleanup = On ; A prefix used for the upload progress key in $_SESSION ; Default Value: "upload_progress_" ; Development Value: "upload_progress_" ; Production Value: "upload_progress_" -; http://php.net/session.upload-progress.prefix +; https://php.net/session.upload-progress.prefix ;session.upload_progress.prefix = "upload_progress_" ; The index name (concatenated with the prefix) in $_SESSION @@ -1569,7 +1549,7 @@ url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" ; Default Value: "PHP_SESSION_UPLOAD_PROGRESS" ; Development Value: "PHP_SESSION_UPLOAD_PROGRESS" ; Production Value: "PHP_SESSION_UPLOAD_PROGRESS" -; http://php.net/session.upload-progress.name +; https://php.net/session.upload-progress.name ;session.upload_progress.name = "PHP_SESSION_UPLOAD_PROGRESS" ; How frequently the upload progress should be updated. @@ -1577,178 +1557,152 @@ url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry" ; Default Value: "1%" ; Development Value: "1%" ; Production Value: "1%" -; http://php.net/session.upload-progress.freq +; https://php.net/session.upload-progress.freq ;session.upload_progress.freq = "1%" ; The minimum delay between updates, in seconds ; Default Value: 1 ; Development Value: 1 ; Production Value: 1 -; http://php.net/session.upload-progress.min-freq +; https://php.net/session.upload-progress.min-freq ;session.upload_progress.min_freq = "1" -[MSSQL] -; Allow or prevent persistent links. -mssql.allow_persistent = On - -; Maximum number of persistent links. -1 means no limit. -mssql.max_persistent = -1 - -; Maximum number of links (persistent+non persistent). -1 means no limit. -mssql.max_links = -1 - -; Minimum error severity to display. -mssql.min_error_severity = 10 - -; Minimum message severity to display. -mssql.min_message_severity = 10 - -; Compatibility mode with old versions of PHP 3.0. -mssql.compatibility_mode = Off - -; Connect timeout -;mssql.connect_timeout = 5 - -; Query timeout -;mssql.timeout = 60 - -; Valid range 0 - 2147483647. Default = 4096. -;mssql.textlimit = 4096 - -; Valid range 0 - 2147483647. Default = 4096. -;mssql.textsize = 4096 - -; Limits the number of records in each batch. 0 = all records in one batch. -;mssql.batchsize = 0 - -; Specify how datetime and datetim4 columns are returned -; On => Returns data converted to SQL server settings -; Off => Returns values as YYYY-MM-DD hh:mm:ss -;mssql.datetimeconvert = On - -; Use NT authentication when connecting to the server -mssql.secure_connection = Off - -; Specify max number of processes. -1 = library default -; msdlib defaults to 25 -; FreeTDS defaults to 4096 -;mssql.max_procs = -1 - -; Specify client character set. -; If empty or not set the client charset from freetds.conf is used -; This is only used when compiled with FreeTDS -;mssql.charset = "ISO-8859-1" +; Only write session data when session data is changed. Enabled by default. +; https://php.net/session.lazy-write +;session.lazy_write = On [Assertion] +; Switch whether to compile assertions at all (to have no overhead at run-time) +; -1: Do not compile at all +; 0: Jump over assertion at run-time +; 1: Execute assertions +; Changing from or to a negative value is only possible in php.ini! (For turning assertions on and off at run-time, see assert.active, when zend.assertions = 1) +; Default Value: 1 +; Development Value: 1 +; Production Value: -1 +; https://php.net/zend.assertions +zend.assertions = -1 + ; Assert(expr); active by default. -; http://php.net/assert.active +; https://php.net/assert.active ;assert.active = On -; Issue a PHP warning for each failed assertion. -; http://php.net/assert.warning +; Throw an AssertionError on failed assertions +; https://php.net/assert.exception +;assert.exception = On + +; Issue a PHP warning for each failed assertion. (Overridden by assert.exception if active) +; https://php.net/assert.warning ;assert.warning = On ; Don't bail out by default. -; http://php.net/assert.bail +; https://php.net/assert.bail ;assert.bail = Off ; User-function to be called if an assertion fails. -; http://php.net/assert.callback +; https://php.net/assert.callback ;assert.callback = 0 -; Eval the expression with current error_reporting(). Set to true if you want -; error_reporting(0) around the eval(). -; http://php.net/assert.quiet-eval -;assert.quiet_eval = 0 - [COM] ; path to a file containing GUIDs, IIDs or filenames of files with TypeLibs -; http://php.net/com.typelib-file +; https://php.net/com.typelib-file ;com.typelib_file = ; allow Distributed-COM calls -; http://php.net/com.allow-dcom +; https://php.net/com.allow-dcom ;com.allow_dcom = true -; autoregister constants of a components typlib on com_load() -; http://php.net/com.autoregister-typelib +; autoregister constants of a component's typelib on com_load() +; https://php.net/com.autoregister-typelib ;com.autoregister_typelib = true ; register constants casesensitive -; http://php.net/com.autoregister-casesensitive +; https://php.net/com.autoregister-casesensitive ;com.autoregister_casesensitive = false ; show warnings on duplicate constant registrations -; http://php.net/com.autoregister-verbose +; https://php.net/com.autoregister-verbose ;com.autoregister_verbose = true ; The default character set code-page to use when passing strings to and from COM objects. ; Default: system ANSI code page ;com.code_page= +; The version of the .NET framework to use. The value of the setting are the first three parts +; of the framework's version number, separated by dots, and prefixed with "v", e.g. "v4.0.30319". +;com.dotnet_version= + [mbstring] ; language for internal character representation. -; http://php.net/mbstring.language +; This affects mb_send_mail() and mbstring.detect_order. +; https://php.net/mbstring.language ;mbstring.language = Japanese +; Use of this INI entry is deprecated, use global internal_encoding instead. ; internal/script encoding. -; Some encoding cannot work as internal encoding. -; (e.g. SJIS, BIG5, ISO-2022-*) -; http://php.net/mbstring.internal-encoding -;mbstring.internal_encoding = UTF-8 +; Some encoding cannot work as internal encoding. (e.g. SJIS, BIG5, ISO-2022-*) +; If empty, default_charset or internal_encoding or iconv.internal_encoding is used. +; The precedence is: default_charset < internal_encoding < iconv.internal_encoding +;mbstring.internal_encoding = +; Use of this INI entry is deprecated, use global input_encoding instead. ; http input encoding. -; http://php.net/mbstring.http-input -;mbstring.http_input = UTF-8 - -; http output encoding. mb_output_handler must be -; registered as output buffer to function -; http://php.net/mbstring.http-output -;mbstring.http_output = pass +; mbstring.encoding_translation = On is needed to use this setting. +; If empty, default_charset or input_encoding or mbstring.input is used. +; The precedence is: default_charset < input_encoding < mbstring.http_input +; https://php.net/mbstring.http-input +;mbstring.http_input = + +; Use of this INI entry is deprecated, use global output_encoding instead. +; http output encoding. +; mb_output_handler must be registered as output buffer to function. +; If empty, default_charset or output_encoding or mbstring.http_output is used. +; The precedence is: default_charset < output_encoding < mbstring.http_output +; To use an output encoding conversion, mbstring's output handler must be set +; otherwise output encoding conversion cannot be performed. +; https://php.net/mbstring.http-output +;mbstring.http_output = ; enable automatic encoding translation according to ; mbstring.internal_encoding setting. Input chars are ; converted to internal encoding by setting this to On. ; Note: Do _not_ use automatic encoding translation for ; portable libs/applications. -; http://php.net/mbstring.encoding-translation +; https://php.net/mbstring.encoding-translation ;mbstring.encoding_translation = Off ; automatic encoding detection order. -; auto means -; http://php.net/mbstring.detect-order +; "auto" detect order is changed according to mbstring.language +; https://php.net/mbstring.detect-order ;mbstring.detect_order = auto ; substitute_character used when character cannot be converted ; one from another -; http://php.net/mbstring.substitute-character +; https://php.net/mbstring.substitute-character ;mbstring.substitute_character = none -; overload(replace) single byte functions by mbstring functions. -; mail(), ereg(), etc are overloaded by mb_send_mail(), mb_ereg(), -; etc. Possible values are 0,1,2,4 or combination of them. -; For example, 7 for overload everything. -; 0: No overload -; 1: Overload mail() function -; 2: Overload str*() functions -; 4: Overload ereg*() functions -; http://php.net/mbstring.func-overload -;mbstring.func_overload = 0 - -; enable strict encoding detection. -;mbstring.strict_detection = On +; Enable strict encoding detection. +;mbstring.strict_detection = Off ; This directive specifies the regex pattern of content types for which mb_output_handler() ; is activated. -; Default: mbstring.http_output_conv_mimetype=^(text/|application/xhtml\+xml) -;mbstring.http_output_conv_mimetype= +; Default: mbstring.http_output_conv_mimetypes=^(text/|application/xhtml\+xml) +;mbstring.http_output_conv_mimetypes= + +; This directive specifies maximum stack depth for mbstring regular expressions. It is similar +; to the pcre.recursion_limit for PCRE. +;mbstring.regex_stack_limit=100000 + +; This directive specifies maximum retry count for mbstring regular expressions. It is similar +; to the pcre.backtrack_limit for PCRE. +;mbstring.regex_retry_limit=1000000 [gd] ; Tell the jpeg decode to ignore warnings and try to create ; a gd image. The warning will then be displayed as notices ; disabled by default -; http://php.net/gd.jpeg-ignore-warning -;gd.jpeg_ignore_warning = 0 +; https://php.net/gd.jpeg-ignore-warning +;gd.jpeg_ignore_warning = 1 [exif] ; Exif UNICODE user comments are handled as UCS-2BE/UCS-2LE and JIS as JIS. @@ -1756,47 +1710,47 @@ mssql.secure_connection = Off ; given by corresponding encode setting. When empty mbstring.internal_encoding ; is used. For the decode settings you can distinguish between motorola and ; intel byte order. A decode setting cannot be empty. -; http://php.net/exif.encode-unicode +; https://php.net/exif.encode-unicode ;exif.encode_unicode = ISO-8859-15 -; http://php.net/exif.decode-unicode-motorola +; https://php.net/exif.decode-unicode-motorola ;exif.decode_unicode_motorola = UCS-2BE -; http://php.net/exif.decode-unicode-intel +; https://php.net/exif.decode-unicode-intel ;exif.decode_unicode_intel = UCS-2LE -; http://php.net/exif.encode-jis +; https://php.net/exif.encode-jis ;exif.encode_jis = -; http://php.net/exif.decode-jis-motorola +; https://php.net/exif.decode-jis-motorola ;exif.decode_jis_motorola = JIS -; http://php.net/exif.decode-jis-intel +; https://php.net/exif.decode-jis-intel ;exif.decode_jis_intel = JIS [Tidy] ; The path to a default tidy configuration file to use when using tidy -; http://php.net/tidy.default-config +; https://php.net/tidy.default-config ;tidy.default_config = /usr/local/lib/php/default.tcfg ; Should tidy clean and repair output automatically? ; WARNING: Do not use this option if you are generating non-html content ; such as dynamic images -; http://php.net/tidy.clean-output +; https://php.net/tidy.clean-output tidy.clean_output = Off [soap] ; Enables or disables WSDL caching feature. -; http://php.net/soap.wsdl-cache-enabled +; https://php.net/soap.wsdl-cache-enabled soap.wsdl_cache_enabled=1 ; Sets the directory name where SOAP extension will put cache files. -; http://php.net/soap.wsdl-cache-dir +; https://php.net/soap.wsdl-cache-dir soap.wsdl_cache_dir="/tmp" ; (time to live) Sets the number of second while cached file will be used ; instead of original one. -; http://php.net/soap.wsdl-cache-ttl +; https://php.net/soap.wsdl-cache-ttl soap.wsdl_cache_ttl=86400 ; Sets the size of the cache limit. (Max. number of WSDL files to cache) @@ -1810,36 +1764,25 @@ soap.wsdl_cache_limit = 5 ; Sets the maximum number of open links or -1 for unlimited. ldap.max_links = -1 -[mcrypt] -; For more information about mcrypt settings see http://php.net/mcrypt-module-open - -; Directory where to load mcrypt algorithms -; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) -;mcrypt.algorithms_dir= - -; Directory where to load mcrypt modes -; Default: Compiled in into libmcrypt (usually /usr/local/lib/libmcrypt) -;mcrypt.modes_dir= - [dba] ;dba.default_handler= [opcache] ; Determines if Zend OPCache is enabled -;opcache.enable=0 +;opcache.enable=1 ; Determines if Zend OPCache is enabled for the CLI version of PHP ;opcache.enable_cli=0 ; The OPcache shared memory storage size. -;opcache.memory_consumption=64 +;opcache.memory_consumption=128 ; The amount of memory for interned strings in Mbytes. -;opcache.interned_strings_buffer=4 +;opcache.interned_strings_buffer=8 ; The maximum number of keys (scripts) in the OPcache hash table. -; Only numbers between 200 and 100000 are allowed. -;opcache.max_accelerated_files=2000 +; Only numbers between 200 and 1000000 are allowed. +;opcache.max_accelerated_files=10000 ; The maximum percentage of "wasted" memory until a restart is scheduled. ;opcache.max_wasted_percentage=5 @@ -1866,22 +1809,18 @@ ldap.max_links = -1 ; size of the optimized code. ;opcache.save_comments=1 -; If disabled, PHPDoc comments are not loaded from SHM, so "Doc Comments" -; may be always stored (save_comments=1), but not loaded by applications -; that don't need them anyway. -;opcache.load_comments=1 - -; If enabled, a fast shutdown sequence is used for the accelerated code -;opcache.fast_shutdown=0 +; If enabled, compilation warnings (including notices and deprecations) will +; be recorded and replayed each time a file is included. Otherwise, compilation +; warnings will only be emitted when the file is first cached. +;opcache.record_warnings=0 ; Allow file existence override (file_exists, etc.) performance feature. ;opcache.enable_file_override=0 ; A bitmask, where each bit enables or disables the appropriate OPcache ; passes -;opcache.optimization_level=0xffffffff +;opcache.optimization_level=0x7FFFBFFF -;opcache.inherited_hack=1 ;opcache.dups_fix=0 ; The location of the OPcache blacklist file (wildcards allowed). @@ -1920,13 +1859,97 @@ ldap.max_links = -1 ; Useful for internal debugging only. ;opcache.protect_memory=0 +; Allows calling OPcache API functions only from PHP scripts which path is +; started from specified string. The default "" means no restriction +;opcache.restrict_api= + +; Mapping base of shared memory segments (for Windows only). All the PHP +; processes have to map shared memory into the same address space. This +; directive allows to manually fix the "Unable to reattach to base address" +; errors. +;opcache.mmap_base= + +; Facilitates multiple OPcache instances per user (for Windows only). All PHP +; processes with the same cache ID and user share an OPcache instance. +;opcache.cache_id= + +; Enables and sets the second level cache directory. +; It should improve performance when SHM memory is full, at server restart or +; SHM reset. The default "" disables file based caching. +;opcache.file_cache= + +; Enables or disables opcode caching in shared memory. +;opcache.file_cache_only=0 + +; Enables or disables checksum validation when script loaded from file cache. +;opcache.file_cache_consistency_checks=1 + +; Implies opcache.file_cache_only=1 for a certain process that failed to +; reattach to the shared memory (for Windows only). Explicitly enabled file +; cache is required. +;opcache.file_cache_fallback=1 + +; Enables or disables copying of PHP code (text segment) into HUGE PAGES. +; This should improve performance, but requires appropriate OS configuration. +;opcache.huge_code_pages=1 + +; Validate cached file permissions. +;opcache.validate_permission=0 + +; Prevent name collisions in chroot'ed environment. +;opcache.validate_root=0 + +; If specified, it produces opcode dumps for debugging different stages of +; optimizations. +;opcache.opt_debug_level=0 + +; Specifies a PHP script that is going to be compiled and executed at server +; start-up. +; https://php.net/opcache.preload +;opcache.preload= + +; Preloading code as root is not allowed for security reasons. This directive +; facilitates to let the preloading to be run as another user. +; https://php.net/opcache.preload_user +;opcache.preload_user= + +; Prevents caching files that are less than this number of seconds old. It +; protects from caching of incompletely updated files. In case all file updates +; on your site are atomic, you may increase performance by setting it to "0". +;opcache.file_update_protection=2 + +; Absolute path used to store shared lockfiles (for *nix only). +;opcache.lockfile_path=/tmp + [curl] ; A default value for the CURLOPT_CAINFO option. This is required to be an ; absolute path. ;curl.cainfo = -; Local Variables: -; tab-width: 4 -; End: - -apc.enable_cli=1 +[openssl] +; The location of a Certificate Authority (CA) file on the local filesystem +; to use when verifying the identity of SSL/TLS peers. Most users should +; not specify a value for this directive as PHP will attempt to use the +; OS-managed cert stores in its absence. If specified, this value may still +; be overridden on a per-stream basis via the "cafile" SSL stream context +; option. +;openssl.cafile= + +; If openssl.cafile is not specified or if the CA file is not found, the +; directory pointed to by openssl.capath is searched for a suitable +; certificate. This value must be a correctly hashed certificate directory. +; Most users should not specify a value for this directive as PHP will +; attempt to use the OS-managed cert stores in its absence. If specified, +; this value may still be overridden on a per-stream basis via the "capath" +; SSL stream context option. +;openssl.capath= + +[ffi] +; FFI API restriction. Possible values: +; "preload" - enabled in CLI scripts and preloaded files (default) +; "false" - always disabled +; "true" - always enabled +;ffi.enable=preload + +; List of headers files to preload, wildcard patterns allowed. +;ffi.preload= diff --git a/supervisor/conf.d/nginx.conf b/supervisor/conf.d/nginx.conf index 53af243..6530667 100644 --- a/supervisor/conf.d/nginx.conf +++ b/supervisor/conf.d/nginx.conf @@ -1,7 +1,10 @@ [program:nginx] -command = /usr/sbin/nginx -g +command = /usr/sbin/nginx -g "daemon off;" -autorestart = true +autostart=true +autorestart=true +user=root +priority=400 stderr_logfile = NONE stdout_logfile = NONE \ No newline at end of file From e61c2bc1f537652c7b1b6e2195c2267b4a7efe3e Mon Sep 17 00:00:00 2001 From: Root Date: Thu, 26 Jan 2023 23:59:34 +0000 Subject: [PATCH 05/12] poweradmin job --- Dockerfile | 24 +++----- docker-compose.yml | 2 - entrypoint | 9 ++- nginx/fastcgi.conf | 26 --------- nginx/fastcgi_params | 25 -------- nginx/http.d/default.conf | 19 +++++- nginx/mime.types | 99 ------------------------------- nginx/nginx.conf | 103 --------------------------------- nginx/scgi_params | 17 ------ nginx/uwsgi_params | 17 ------ php81/conf.d/00_gettext.ini | 1 - php81/conf.d/00_openssl.ini | 1 - php81/conf.d/00_pdo.ini | 1 - php81/conf.d/01_mysqlnd.ini | 1 - php81/conf.d/02_pdo_mysql.ini | 1 - php81/php-fpm.d/www.conf | 4 +- poweradmin/config.inc.php | 74 ++++------------------- supervisor/conf.d/nginx.conf | 7 ++- supervisor/conf.d/php-fpm.conf | 8 ++- 19 files changed, 57 insertions(+), 382 deletions(-) delete mode 100644 nginx/fastcgi.conf delete mode 100644 nginx/fastcgi_params delete mode 100644 nginx/mime.types delete mode 100644 nginx/nginx.conf delete mode 100644 nginx/scgi_params delete mode 100644 nginx/uwsgi_params delete mode 100644 php81/conf.d/00_gettext.ini delete mode 100644 php81/conf.d/00_openssl.ini delete mode 100644 php81/conf.d/00_pdo.ini delete mode 100644 php81/conf.d/01_mysqlnd.ini delete mode 100644 php81/conf.d/02_pdo_mysql.ini diff --git a/Dockerfile b/Dockerfile index ebaf841..5b93ba2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -109,11 +109,15 @@ RUN set -eux; \ php81 \ php81-fpm \ #php-mcrypt \ + php81-intl \ + php81-iconv \ php81-mysqlnd \ php81-pdo \ php81-pdo_mysql \ php81-gettext \ php81-openssl \ + php81-session \ + php81-tokenizer \ musl musl-utils musl-locales tzdata \ ; \ true "Setup user and group"; \ @@ -127,42 +131,30 @@ RUN set -eux; \ true "Cleanup"; \ rm -f /var/cache/apk/* -# Copy in built binaries COPY --from=builder /build/powerdns-root / - -# Copy configs COPY supervisor /etc/supervisor COPY powerdns /etc/powerdns COPY entrypoint /usr/bin - -#nginx COPY nginx /etc/nginx -#COPY nginx/vhost.conf /etc/nginx/sites-enabled/vhost.conf -#COPY nginx/fastcgi_params /etc/nginx/fastcgi_params - -#php COPY php81 /etc/php81 -#COPY php/php-cli.ini /etc/php/7.0/cli/php.ini - RUN set -eux; \ - true "Setup poweradmin"; \ mkdir -p /var/www/html; \ cd /var/www/html; \ - rm -rf /var/www/html/*; \ wget https://github.com/poweradmin/poweradmin/archive/refs/tags/v${POWERADMIN_VER}.tar.gz; \ tar -xf v${POWERADMIN_VER}.tar.gz && rm -f v${POWERADMIN_VER}.tar.gz; \ mv poweradmin-${POWERADMIN_VER} poweradmin; \ - rm -R /var/www/html/poweradmin/install; \ + rm -rf /var/www/html/poweradmin/install/; \ \ - true "Flexible Docker Containers"; \ chmod 0750 /etc/powerdns; \ chmod 0640 /etc/powerdns/pdns.conf; \ chown -R root:powerdns /etc/powerdns; \ + chown -R nginx:nginx /var/www/html; \ chmod +x /usr/bin/entrypoint; \ - \ cp /usr/share/zoneinfo/${TZ} /etc/localtime +COPY poweradmin /var/www/html/poweradmin + EXPOSE 53/TCP 53/UDP 8081/TCP 80/TCP ENTRYPOINT [ "entrypoint" ] CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisor/supervisord.conf"] diff --git a/docker-compose.yml b/docker-compose.yml index d6e4a9f..29df59e 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -13,8 +13,6 @@ services: powerdns: image: powerdns:latest - volumes: - - ./nginx:/etc/nginx environment: - POWERDNS_SERVER_ID=serverid - POWERDNS_WEBSERVER_ALLOW_FROM=0.0.0.0/0 diff --git a/entrypoint b/entrypoint index acd2644..4204558 100644 --- a/entrypoint +++ b/entrypoint @@ -7,25 +7,32 @@ fi chown -R powerdns:powerdns /run/powerdns chmod 0755 /run/powerdns - #Setup mysql env if [ -n "$MYSQL_HOST" ]; then sed -i "s!MYSQL_HOST!${MYSQL_HOST}!" /etc/powerdns/conf.d/gmysql.conf + sed -i "s!{{MYSQL_HOST}}!${MYSQL_HOST}!" /var/www/html/poweradmin/config.inc.php fi if [ -n "$MYSQL_PORT" ]; then sed -i "s!MYSQL_PORT!${MYSQL_PORT}!" /etc/powerdns/conf.d/gmysql.conf + sed -i "s!{{MYSQL_PORT}}!${MYSQL_PORT}!" /var/www/html/poweradmin/config.inc.php fi if [ -n "$MYSQL_DATABASE" ]; then sed -i "s!MYSQL_DATABASE!${MYSQL_DATABASE}!" /etc/powerdns/conf.d/gmysql.conf + sed -i "s!{{MYSQL_DB}}!${MYSQL_DATABASE}!" /var/www/html/poweradmin/config.inc.php fi if [ -n "$MYSQL_USER" ]; then sed -i "s!MYSQL_USER!${MYSQL_USER}!" /etc/powerdns/conf.d/gmysql.conf + sed -i "s!{{MYSQL_USER}}!${MYSQL_USER}!" /var/www/html/poweradmin/config.inc.php fi if [ -n "$MYSQL_PASSWORD" ]; then sed -i "s!MYSQL_PASSWORD!${MYSQL_PASSWORD}!" /etc/powerdns/conf.d/gmysql.conf + sed -i "s!{{MYSQL_PASSWORD}}!${MYSQL_PASSWORD}!" /var/www/html/poweradmin/config.inc.php fi + SESSION_KEY=`pwgen 32 1` + sed -i "s!{{SESSION_KEY}}!${SESSION_KEY}!" /var/www/html/poweradmin/config.inc.php + # Setup web access if [ ! -f /etc/powerdns/conf.d/webserver.conf ] && [ -n "$POWERDNS_WEBSERVER_ALLOW_FROM" ]; then # Check if we got a password diff --git a/nginx/fastcgi.conf b/nginx/fastcgi.conf deleted file mode 100644 index 091738c..0000000 --- a/nginx/fastcgi.conf +++ /dev/null @@ -1,26 +0,0 @@ - -fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/nginx/fastcgi_params b/nginx/fastcgi_params deleted file mode 100644 index 28decb9..0000000 --- a/nginx/fastcgi_params +++ /dev/null @@ -1,25 +0,0 @@ - -fastcgi_param QUERY_STRING $query_string; -fastcgi_param REQUEST_METHOD $request_method; -fastcgi_param CONTENT_TYPE $content_type; -fastcgi_param CONTENT_LENGTH $content_length; - -fastcgi_param SCRIPT_NAME $fastcgi_script_name; -fastcgi_param REQUEST_URI $request_uri; -fastcgi_param DOCUMENT_URI $document_uri; -fastcgi_param DOCUMENT_ROOT $document_root; -fastcgi_param SERVER_PROTOCOL $server_protocol; -fastcgi_param REQUEST_SCHEME $scheme; -fastcgi_param HTTPS $https if_not_empty; - -fastcgi_param GATEWAY_INTERFACE CGI/1.1; -fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; - -fastcgi_param REMOTE_ADDR $remote_addr; -fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param SERVER_ADDR $server_addr; -fastcgi_param SERVER_PORT $server_port; -fastcgi_param SERVER_NAME $server_name; - -# PHP only, required if PHP was built with --enable-force-cgi-redirect -fastcgi_param REDIRECT_STATUS 200; diff --git a/nginx/http.d/default.conf b/nginx/http.d/default.conf index 51d1506..a5fa0f4 100644 --- a/nginx/http.d/default.conf +++ b/nginx/http.d/default.conf @@ -1,8 +1,12 @@ # This is a default site configuration which will simply return 404, preventing # chance access to any other virtualhost. +upstream php { + server 127.0.0.1:9000; +} server { listen 80 default_server; + root /var/www/html/; index index.html index.php; @@ -13,8 +17,19 @@ server { } location ~ \.php$ { - include fastcgi_params; - fastcgi_pass 127.0.0.1:9000; + include fastcgi_params; + fastcgi_pass php; + fastcgi_index index.php; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + + fastcgi_buffer_size 32k; + fastcgi_buffers 4 32k; + fastcgi_cache_valid 200 60m; + } + + location ~ /\. { + deny all; + log_not_found off; } location ~* \.(?:jpe?g|gif|png|ico|swf|svg|eot|ttf|otf|woff|htc|css|js)$ { diff --git a/nginx/mime.types b/nginx/mime.types deleted file mode 100644 index 1c00d70..0000000 --- a/nginx/mime.types +++ /dev/null @@ -1,99 +0,0 @@ - -types { - text/html html htm shtml; - text/css css; - text/xml xml; - image/gif gif; - image/jpeg jpeg jpg; - application/javascript js; - application/atom+xml atom; - application/rss+xml rss; - - text/mathml mml; - text/plain txt; - text/vnd.sun.j2me.app-descriptor jad; - text/vnd.wap.wml wml; - text/x-component htc; - - image/avif avif; - image/png png; - image/svg+xml svg svgz; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/webp webp; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; - - font/woff woff; - font/woff2 woff2; - - application/java-archive jar war ear; - application/json json; - application/mac-binhex40 hqx; - application/msword doc; - application/pdf pdf; - application/postscript ps eps ai; - application/rtf rtf; - application/vnd.apple.mpegurl m3u8; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; - application/vnd.ms-excel xls; - application/vnd.ms-fontobject eot; - application/vnd.ms-powerpoint ppt; - application/vnd.oasis.opendocument.graphics odg; - application/vnd.oasis.opendocument.presentation odp; - application/vnd.oasis.opendocument.spreadsheet ods; - application/vnd.oasis.opendocument.text odt; - application/vnd.openxmlformats-officedocument.presentationml.presentation - pptx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet - xlsx; - application/vnd.openxmlformats-officedocument.wordprocessingml.document - docx; - application/vnd.wap.wmlc wmlc; - application/wasm wasm; - application/x-7z-compressed 7z; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/xhtml+xml xhtml; - application/xspf+xml xspf; - application/zip zip; - - application/octet-stream bin exe dll; - application/octet-stream deb; - application/octet-stream dmg; - application/octet-stream iso img; - application/octet-stream msi msp msm; - - audio/midi mid midi kar; - audio/mpeg mp3; - audio/ogg ogg; - audio/x-m4a m4a; - audio/x-realaudio ra; - - video/3gpp 3gpp 3gp; - video/mp2t ts; - video/mp4 mp4; - video/mpeg mpeg mpg; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-m4v m4v; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; -} diff --git a/nginx/nginx.conf b/nginx/nginx.conf deleted file mode 100644 index 919bd59..0000000 --- a/nginx/nginx.conf +++ /dev/null @@ -1,103 +0,0 @@ -# /etc/nginx/nginx.conf - -user nginx; - -# Set number of worker processes automatically based on number of CPU cores. -worker_processes auto; - -# Enables the use of JIT for regular expressions to speed-up their processing. -pcre_jit on; - -# Configures default error logger. -error_log /var/log/nginx/error.log warn; - -# Includes files with directives to load dynamic modules. -include /etc/nginx/modules/*.conf; - -# Include files with config snippets into the root context. -include /etc/nginx/conf.d/*.conf; - -events { - # The maximum number of simultaneous connections that can be opened by - # a worker process. - worker_connections 1024; -} - -http { - # Includes mapping of file name extensions to MIME types of responses - # and defines the default type. - include /etc/nginx/mime.types; - default_type application/octet-stream; - - # Name servers used to resolve names of upstream servers into addresses. - # It's also needed when using tcpsocket and udpsocket in Lua modules. - #resolver 1.1.1.1 1.0.0.1 2606:4700:4700::1111 2606:4700:4700::1001; - - # Don't tell nginx version to the clients. Default is 'on'. - server_tokens off; - - # Specifies the maximum accepted body size of a client request, as - # indicated by the request header Content-Length. If the stated content - # length is greater than this size, then the client receives the HTTP - # error code 413. Set to 0 to disable. Default is '1m'. - client_max_body_size 1m; - - # Sendfile copies data between one FD and other from within the kernel, - # which is more efficient than read() + write(). Default is off. - sendfile on; - - # Causes nginx to attempt to send its HTTP response head in one packet, - # instead of using partial frames. Default is 'off'. - tcp_nopush on; - - - # Enables the specified protocols. Default is TLSv1 TLSv1.1 TLSv1.2. - # TIP: If you're not obligated to support ancient clients, remove TLSv1.1. - ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3; - - # Path of the file with Diffie-Hellman parameters for EDH ciphers. - # TIP: Generate with: `openssl dhparam -out /etc/ssl/nginx/dh2048.pem 2048` - #ssl_dhparam /etc/ssl/nginx/dh2048.pem; - - # Specifies that our cipher suits should be preferred over client ciphers. - # Default is 'off'. - ssl_prefer_server_ciphers on; - - # Enables a shared SSL cache with size that can hold around 8000 sessions. - # Default is 'none'. - ssl_session_cache shared:SSL:2m; - - # Specifies a time during which a client may reuse the session parameters. - # Default is '5m'. - ssl_session_timeout 1h; - - # Disable TLS session tickets (they are insecure). Default is 'on'. - ssl_session_tickets off; - - - # Enable gzipping of responses. - #gzip on; - - # Set the Vary HTTP header as defined in the RFC 2616. Default is 'off'. - gzip_vary on; - - - # Helper variable for proxying websockets. - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; - } - - - # Specifies the main log format. - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - # Sets the path, format, and configuration for a buffered log write. - access_log /var/log/nginx/access.log main; - - - # Includes virtual hosts configs. - include /etc/nginx/http.d/*.conf; -} diff --git a/nginx/scgi_params b/nginx/scgi_params deleted file mode 100644 index 6d4ce4f..0000000 --- a/nginx/scgi_params +++ /dev/null @@ -1,17 +0,0 @@ - -scgi_param REQUEST_METHOD $request_method; -scgi_param REQUEST_URI $request_uri; -scgi_param QUERY_STRING $query_string; -scgi_param CONTENT_TYPE $content_type; - -scgi_param DOCUMENT_URI $document_uri; -scgi_param DOCUMENT_ROOT $document_root; -scgi_param SCGI 1; -scgi_param SERVER_PROTOCOL $server_protocol; -scgi_param REQUEST_SCHEME $scheme; -scgi_param HTTPS $https if_not_empty; - -scgi_param REMOTE_ADDR $remote_addr; -scgi_param REMOTE_PORT $remote_port; -scgi_param SERVER_PORT $server_port; -scgi_param SERVER_NAME $server_name; diff --git a/nginx/uwsgi_params b/nginx/uwsgi_params deleted file mode 100644 index 09c732c..0000000 --- a/nginx/uwsgi_params +++ /dev/null @@ -1,17 +0,0 @@ - -uwsgi_param QUERY_STRING $query_string; -uwsgi_param REQUEST_METHOD $request_method; -uwsgi_param CONTENT_TYPE $content_type; -uwsgi_param CONTENT_LENGTH $content_length; - -uwsgi_param REQUEST_URI $request_uri; -uwsgi_param PATH_INFO $document_uri; -uwsgi_param DOCUMENT_ROOT $document_root; -uwsgi_param SERVER_PROTOCOL $server_protocol; -uwsgi_param REQUEST_SCHEME $scheme; -uwsgi_param HTTPS $https if_not_empty; - -uwsgi_param REMOTE_ADDR $remote_addr; -uwsgi_param REMOTE_PORT $remote_port; -uwsgi_param SERVER_PORT $server_port; -uwsgi_param SERVER_NAME $server_name; diff --git a/php81/conf.d/00_gettext.ini b/php81/conf.d/00_gettext.ini deleted file mode 100644 index 549944c..0000000 --- a/php81/conf.d/00_gettext.ini +++ /dev/null @@ -1 +0,0 @@ -extension=gettext diff --git a/php81/conf.d/00_openssl.ini b/php81/conf.d/00_openssl.ini deleted file mode 100644 index 355624b..0000000 --- a/php81/conf.d/00_openssl.ini +++ /dev/null @@ -1 +0,0 @@ -extension=openssl diff --git a/php81/conf.d/00_pdo.ini b/php81/conf.d/00_pdo.ini deleted file mode 100644 index ef45300..0000000 --- a/php81/conf.d/00_pdo.ini +++ /dev/null @@ -1 +0,0 @@ -extension=pdo diff --git a/php81/conf.d/01_mysqlnd.ini b/php81/conf.d/01_mysqlnd.ini deleted file mode 100644 index d09bf60..0000000 --- a/php81/conf.d/01_mysqlnd.ini +++ /dev/null @@ -1 +0,0 @@ -extension=mysqlnd diff --git a/php81/conf.d/02_pdo_mysql.ini b/php81/conf.d/02_pdo_mysql.ini deleted file mode 100644 index 3c0b799..0000000 --- a/php81/conf.d/02_pdo_mysql.ini +++ /dev/null @@ -1 +0,0 @@ -extension=pdo_mysql diff --git a/php81/php-fpm.d/www.conf b/php81/php-fpm.d/www.conf index eee27ab..e321b06 100644 --- a/php81/php-fpm.d/www.conf +++ b/php81/php-fpm.d/www.conf @@ -20,8 +20,8 @@ ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. -user = nobody -group = nobody +user = nginx +group = nginx ; The address on which to accept FastCGI requests. ; Valid syntaxes are: diff --git a/poweradmin/config.inc.php b/poweradmin/config.inc.php index 000478b..8c9303e 100644 --- a/poweradmin/config.inc.php +++ b/poweradmin/config.inc.php @@ -1,77 +1,23 @@ - * @copyright 2010-2014 Poweradmin Development Team - * @license http://opensource.org/licenses/GPL-3.0 GPL - */ -// NOTE: Do not edit this file, otherwise it's very likely your changes -// will be overwritten with an upgrade. -// Instead, create the file "inc/config.inc.php" and set the variables you -// want to set there. Your changes will override the defaults provided by us. -// Better description of available configuration settings you can find here: -// -// Database settings $db_host = '{{MYSQL_HOST}}'; -$db_port = '{{MYSQL_PORT}}'; +$db_name = '{{MYSQL_DB}}'; $db_user = '{{MYSQL_USER}}'; $db_pass = '{{MYSQL_PASSWORD}}'; -$db_name = '{{MYSQL_DB}}'; $db_type = 'mysql'; -//$db_file = ''; # used only for SQLite, provide full path to database file -//$db_debug = false; # show all SQL queries -//$db_ssl_ca = ''; -// Security settings -// This should be changed upon install -$session_key = 'vo4healj4es7ga5hew7w'; -$password_encryption = 'md5'; // or md5salt +$session_key = '{{SESSION_KEY}}'; -// Interface settings $iface_lang = 'en_EN'; -$iface_style = 'example'; -$iface_rowamount = 50; -$iface_expire = 1800; -$iface_zonelist_serial = false; -$iface_title = 'Poweradmin'; -$iface_add_reverse_record = true; - -// Predefined DNS settings -$dns_hostmaster = '{{POWERADMIN_HOSTMASTER}}'; -$dns_ns1 = '{{POWERADMIN_NS1}}'; -$dns_ns2 = '{{POWERADMIN_NS2}}'; -$dns_ttl = 86400; -$dns_fancy = false; -$dns_strict_tld_check = false; -$dns_top_level_tld_check = false; // Don't allow to create top level TLDs -$dns_third_level_check = false; +$iface_style = 'ignite'; -// Timezone settings -// See for help. -//$timezone = 'UTC'; +$dns_hostmaster = 'guest'; +$dns_ns1 = '8.8.8.8'; +$dns_ns2 = '8.8.4.4'; -// Logging settings -// Syslog usage - writes authentication attempts to syslog -// This facility could be used in combination with fail2ban to -// ban IPs with break-in attempts -$syslog_use = false; -$syslog_ident = 'poweradmin'; -// On Windows usually only LOG_USER is available -$syslog_facility = LOG_USER; +$timezone = 'Europe/Moscow'; -// PowerDNSSEC settings -$pdnssec_use = true; +$pdnssec_use = false; +$pdnssec_debug = false; $pdnssec_command = '/usr/bin/pdnsutil'; -// LDAP settings -$ldap_use = false; -$ldap_debug = false; -$ldap_uri = 'ldap://domaincontroller.example.com'; -$ldap_basedn = 'OU=Users,DC=example,DC=com'; -$ldap_binddn = 'GROUP\lookupuser'; -$ldap_bindpw = 'some_password'; -$ldap_user_attribute = 'sAMAccountName'; -$ldap_proto = 3; +$ignore_install_dir = true; \ No newline at end of file diff --git a/supervisor/conf.d/nginx.conf b/supervisor/conf.d/nginx.conf index 6530667..8a2892b 100644 --- a/supervisor/conf.d/nginx.conf +++ b/supervisor/conf.d/nginx.conf @@ -6,5 +6,8 @@ autorestart=true user=root priority=400 -stderr_logfile = NONE -stdout_logfile = NONE \ No newline at end of file +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 + +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 \ No newline at end of file diff --git a/supervisor/conf.d/php-fpm.conf b/supervisor/conf.d/php-fpm.conf index 26dcce9..ba61497 100644 --- a/supervisor/conf.d/php-fpm.conf +++ b/supervisor/conf.d/php-fpm.conf @@ -1,3 +1,9 @@ [program:php-fpm] command = php-fpm81 -F -autorestart = true \ No newline at end of file +autorestart = true + +stderr_logfile=/dev/stderr +stderr_logfile_maxbytes=0 + +stdout_logfile=/dev/stdout +stdout_logfile_maxbytes=0 \ No newline at end of file From 0a2e42c5ed87cd2a6a7d64708837cdddfc3cbd15 Mon Sep 17 00:00:00 2001 From: Root Date: Fri, 27 Jan 2023 02:43:39 +0000 Subject: [PATCH 06/12] dnssec --- Dockerfile | 24 ++++++++++++++-------- entrypoint | 37 ++++++++++++++++++++++++++------- nginx/http.d/default.conf | 43 ++++++++++++++++++++++----------------- php81/php-fpm.d/www.conf | 4 ++-- poweradmin/config.inc.php | 2 +- 5 files changed, 72 insertions(+), 38 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5b93ba2..c23cb67 100644 --- a/Dockerfile +++ b/Dockerfile @@ -102,6 +102,7 @@ RUN set -eux; \ mariadb-connector-c \ yaml-cpp \ zeromq \ + openssl \ \ pwgen \ supervisor \ @@ -118,6 +119,9 @@ RUN set -eux; \ php81-openssl \ php81-session \ php81-tokenizer \ + php81-mbstring \ + php81-xml \ + composer \ musl musl-utils musl-locales tzdata \ ; \ true "Setup user and group"; \ @@ -131,21 +135,23 @@ RUN set -eux; \ true "Cleanup"; \ rm -f /var/cache/apk/* +RUN set -eux; \ + mkdir -p /var/www/html; \ + cd /var/www/html; \ + wget https://github.com/poweradmin/poweradmin/archive/refs/tags/v${POWERADMIN_VER}.tar.gz; \ + tar -xf v${POWERADMIN_VER}.tar.gz && rm -f v${POWERADMIN_VER}.tar.gz; \ + mv poweradmin-${POWERADMIN_VER} poweradmin; \ + rm -rf /var/www/html/poweradmin/install/ + COPY --from=builder /build/powerdns-root / COPY supervisor /etc/supervisor COPY powerdns /etc/powerdns COPY entrypoint /usr/bin COPY nginx /etc/nginx COPY php81 /etc/php81 +COPY poweradmin /var/www/html/poweradmin/inc RUN set -eux; \ - mkdir -p /var/www/html; \ - cd /var/www/html; \ - wget https://github.com/poweradmin/poweradmin/archive/refs/tags/v${POWERADMIN_VER}.tar.gz; \ - tar -xf v${POWERADMIN_VER}.tar.gz && rm -f v${POWERADMIN_VER}.tar.gz; \ - mv poweradmin-${POWERADMIN_VER} poweradmin; \ - rm -rf /var/www/html/poweradmin/install/; \ - \ chmod 0750 /etc/powerdns; \ chmod 0640 /etc/powerdns/pdns.conf; \ chown -R root:powerdns /etc/powerdns; \ @@ -153,8 +159,8 @@ RUN set -eux; \ chmod +x /usr/bin/entrypoint; \ cp /usr/share/zoneinfo/${TZ} /etc/localtime -COPY poweradmin /var/www/html/poweradmin +EXPOSE 53 8081 80 +EXPOSE 53/UDP -EXPOSE 53/TCP 53/UDP 8081/TCP 80/TCP ENTRYPOINT [ "entrypoint" ] CMD ["/usr/bin/supervisord", "-n", "-c", "/etc/supervisor/supervisord.conf"] diff --git a/entrypoint b/entrypoint index 4204558..8b8cc90 100644 --- a/entrypoint +++ b/entrypoint @@ -1,5 +1,29 @@ #!/bin/sh +#Defaults +# mysql +MYSQL_HOST=${MYSQL_HOST:-localhost} +MYSQL_PORT=${MYSQL_PORT:-3306} +MYSQL_DATABASE=${MYSQL_DATABASE:-pdns} +MYSQL_USER=${MYSQL_USER:-pdns} +MYSQL_PASSWORD=${MYSQL_PASSWORD:-pdns} + +#php +SESSION_KEY=`pwgen 32 1` + + +PDNS_ALLOW_AXFR_IPS=${PDNS_ALLOW_AXFR_IPS:-127.0.0.1} +PDNS_MASTER=${PDNS_MASTER:-yes} +PDNS_SLAVE=${PDNS_SLAVE:-no} +PDNS_CACHE_TTL=${PDNS_CACHE_TTL:-20} +PDNS_DISTRIBUTOR_THREADS=${PDNS_DISTRIBUTOR_THREADS:-3} +PDNS_RECURSIVE_CACHE_TTL=${PDNS_RECURSIVE_CACHE_TTL:-10} +PDNS_ALLOW_RECURSION=${PDNS_ALLOW_RECURSION:-127.0.0.1} +PDNS_RECURSOR=${PDNS_RECURSOR:-no} +POWERADMIN_HOSTMASTER=${POWERADMIN_HOSTMASTER:-} +POWERADMIN_NS1=${POWERADMIN_NS1:-} +POWERADMIN_NS2=${POWERADMIN_NS2:-} + # Setup run directory if [ ! -d /run/powerdns ]; then mkdir -p /run/powerdns @@ -11,27 +35,26 @@ chmod 0755 /run/powerdns if [ -n "$MYSQL_HOST" ]; then sed -i "s!MYSQL_HOST!${MYSQL_HOST}!" /etc/powerdns/conf.d/gmysql.conf - sed -i "s!{{MYSQL_HOST}}!${MYSQL_HOST}!" /var/www/html/poweradmin/config.inc.php + sed -i "s!{{MYSQL_HOST}}!${MYSQL_HOST}!" /var/www/html/poweradmin/inc/config.inc.php fi if [ -n "$MYSQL_PORT" ]; then sed -i "s!MYSQL_PORT!${MYSQL_PORT}!" /etc/powerdns/conf.d/gmysql.conf - sed -i "s!{{MYSQL_PORT}}!${MYSQL_PORT}!" /var/www/html/poweradmin/config.inc.php + sed -i "s!{{MYSQL_PORT}}!${MYSQL_PORT}!" /var/www/html/poweradmin/inc/config.inc.php fi if [ -n "$MYSQL_DATABASE" ]; then sed -i "s!MYSQL_DATABASE!${MYSQL_DATABASE}!" /etc/powerdns/conf.d/gmysql.conf - sed -i "s!{{MYSQL_DB}}!${MYSQL_DATABASE}!" /var/www/html/poweradmin/config.inc.php + sed -i "s!{{MYSQL_DB}}!${MYSQL_DATABASE}!" /var/www/html/poweradmin/inc/config.inc.php fi if [ -n "$MYSQL_USER" ]; then sed -i "s!MYSQL_USER!${MYSQL_USER}!" /etc/powerdns/conf.d/gmysql.conf - sed -i "s!{{MYSQL_USER}}!${MYSQL_USER}!" /var/www/html/poweradmin/config.inc.php + sed -i "s!{{MYSQL_USER}}!${MYSQL_USER}!" /var/www/html/poweradmin/inc/config.inc.php fi if [ -n "$MYSQL_PASSWORD" ]; then sed -i "s!MYSQL_PASSWORD!${MYSQL_PASSWORD}!" /etc/powerdns/conf.d/gmysql.conf - sed -i "s!{{MYSQL_PASSWORD}}!${MYSQL_PASSWORD}!" /var/www/html/poweradmin/config.inc.php + sed -i "s!{{MYSQL_PASSWORD}}!${MYSQL_PASSWORD}!" /var/www/html/poweradmin/inc/config.inc.php fi - SESSION_KEY=`pwgen 32 1` - sed -i "s!{{SESSION_KEY}}!${SESSION_KEY}!" /var/www/html/poweradmin/config.inc.php + sed -i "s!{{SESSION_KEY}}!${SESSION_KEY}!" /var/www/html/poweradmin/inc/config.inc.php # Setup web access if [ ! -f /etc/powerdns/conf.d/webserver.conf ] && [ -n "$POWERDNS_WEBSERVER_ALLOW_FROM" ]; then diff --git a/nginx/http.d/default.conf b/nginx/http.d/default.conf index a5fa0f4..550470f 100644 --- a/nginx/http.d/default.conf +++ b/nginx/http.d/default.conf @@ -1,5 +1,3 @@ -# This is a default site configuration which will simply return 404, preventing -# chance access to any other virtualhost. upstream php { server 127.0.0.1:9000; } @@ -10,34 +8,41 @@ server { root /var/www/html/; index index.html index.php; + location ~ /\. { + deny all; + log_not_found off; + } + + location ~* /\.(ht|svn|hg) { + deny all; + access_log off; + log_not_found off; + } + + location ~ (/\.gitignore|/\.git) { + deny all; + access_log off; + log_not_found off; + } + + location ~* \.(?:jpe?g|gif|png|ico|swf|svg|eot|ttf|otf|woff|htc|css|js)$ { + expires max; + } + location / { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - try_files $uri $uri/ =404; + try_files $uri $uri/ /index.php; } location ~ \.php$ { + try_files $uri = 404; include fastcgi_params; fastcgi_pass php; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + include /etc/nginx/fastcgi_params; fastcgi_buffer_size 32k; fastcgi_buffers 4 32k; fastcgi_cache_valid 200 60m; } - - location ~ /\. { - deny all; - log_not_found off; - } - - location ~* \.(?:jpe?g|gif|png|ico|swf|svg|eot|ttf|otf|woff|htc|css|js)$ { - expires max; - } - - # You may need this to prevent return 404 recursion. - location = /404.html { - internal; - } } diff --git a/php81/php-fpm.d/www.conf b/php81/php-fpm.d/www.conf index e321b06..4d3b750 100644 --- a/php81/php-fpm.d/www.conf +++ b/php81/php-fpm.d/www.conf @@ -20,8 +20,8 @@ ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. -user = nginx -group = nginx +user = powerdns +group = powerdns ; The address on which to accept FastCGI requests. ; Valid syntaxes are: diff --git a/poweradmin/config.inc.php b/poweradmin/config.inc.php index 8c9303e..406c4c4 100644 --- a/poweradmin/config.inc.php +++ b/poweradmin/config.inc.php @@ -16,7 +16,7 @@ $timezone = 'Europe/Moscow'; -$pdnssec_use = false; +$pdnssec_use = true; $pdnssec_debug = false; $pdnssec_command = '/usr/bin/pdnsutil'; From d9f94e89ec9dc1affdf55bd1aea811688f3dd7f4 Mon Sep 17 00:00:00 2001 From: Root Date: Sat, 28 Jan 2023 00:36:11 +0000 Subject: [PATCH 07/12] poweradmin ? entrypoint fix --- Dockerfile | 30 ++++++------- docker-compose.yml | 38 +++++++++++++++-- entrypoint | 89 ++++++++++++++++++++++++--------------- poweradmin/config.inc.php | 20 ++++----- 4 files changed, 114 insertions(+), 63 deletions(-) diff --git a/Dockerfile b/Dockerfile index c23cb67..512ea55 100644 --- a/Dockerfile +++ b/Dockerfile @@ -109,7 +109,6 @@ RUN set -eux; \ nginx \ php81 \ php81-fpm \ - #php-mcrypt \ php81-intl \ php81-iconv \ php81-mysqlnd \ @@ -121,19 +120,11 @@ RUN set -eux; \ php81-tokenizer \ php81-mbstring \ php81-xml \ - composer \ - musl musl-utils musl-locales tzdata \ - ; \ - true "Setup user and group"; \ - addgroup -S powerdns 2>/dev/null; \ - adduser -S -D -h /var/lib/powerdns -s /sbin/nologin -G powerdns -g powerdns powerdns 2>/dev/null; \ - \ - true "Tools"; \ - apk add --no-cache \ - bind-tools \ - ; \ - true "Cleanup"; \ - rm -f /var/cache/apk/* + \ + composer musl musl-utils musl-locales tzdata \ + #bind-tools; \ + rm -f /var/cache/apk/*; \ + rm -rf /var/www/localhost RUN set -eux; \ mkdir -p /var/www/html; \ @@ -150,14 +141,21 @@ COPY entrypoint /usr/bin COPY nginx /etc/nginx COPY php81 /etc/php81 COPY poweradmin /var/www/html/poweradmin/inc +COPY sql /sql + RUN set -eux; \ + addgroup -S powerdns 2>/dev/null; \ + adduser -S -D -h /var/lib/powerdns -s /sbin/nologin -G powerdns -g powerdns powerdns 2>/dev/null; \ + cp /usr/share/zoneinfo/${TZ} /etc/localtime; \ + chmod +x /usr/bin/entrypoint; \ + mkdir -p /run/powerdns; \ chmod 0750 /etc/powerdns; \ chmod 0640 /etc/powerdns/pdns.conf; \ + chmod 0755 /run/powerdns; \ chown -R root:powerdns /etc/powerdns; \ chown -R nginx:nginx /var/www/html; \ - chmod +x /usr/bin/entrypoint; \ - cp /usr/share/zoneinfo/${TZ} /etc/localtime + chown -R powerdns:powerdns /run/powerdns EXPOSE 53 8081 80 EXPOSE 53/UDP diff --git a/docker-compose.yml b/docker-compose.yml index 29df59e..08779e2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,10 +1,27 @@ version: '3.9' + +networks: + powerdns: + name: powerdns + driver: bridge +# driver_opts: +# com.docker.network.enable_ipv6: "true" +# ipam: +# driver: default +# config: +# - subnet: 172.16.238.0/24 +# gateway: 172.16.238.1 +# - subnet: "2001:3984:3989::/64" +# gateway: "2001:3984:3989::1" + services: mariadb: image: mariadb volumes: - ./mysqldb:/var/lib/mysql + networks: + - powerdns environment: - MYSQL_ROOT_PASSWORD=root_pass - MYSQL_DATABASE=pdns_db @@ -13,14 +30,27 @@ services: powerdns: image: powerdns:latest + networks: + - powerdns environment: - - POWERDNS_SERVER_ID=serverid - - POWERDNS_WEBSERVER_ALLOW_FROM=0.0.0.0/0 - MYSQL_HOST=mariadb - - MYSQL_PORT=3306 + - MYSQL_DATABASE=pdns_db - MYSQL_USER=pdns_user - MYSQL_PASSWORD=pdns_pass - - MYSQL_DATABASE=pdns_db + + - PDNS_ALLOW_AXFR_IPS=127.0.0.1 + - PDNS_MASTER=yes + - PDNS_SLAVE=no + - PDNS_CACHE_TTL=20 + - PDNS_DISTRIBUTOR_THREADS=3 + - PDNS_RECURSIVE_CACHE_TTL=10 + - PDNS_ALLOW_RECURSION=127.0.0.1 + - PDNS_RECURSOR=no + + - POWERADMIN_HOSTMASTER=admin@adm.net + - POWERADMIN_IFACE_LANG=ru_RU + - POWERADMIN_NS1=8.8.8.8 + - POWERADMIN_NS2=8.8.4.4 depends_on: - mariadb ports: diff --git a/entrypoint b/entrypoint index 8b8cc90..6231a94 100644 --- a/entrypoint +++ b/entrypoint @@ -1,16 +1,18 @@ #!/bin/sh -#Defaults -# mysql +TZ=${TZ:-Europe/Moscow} + MYSQL_HOST=${MYSQL_HOST:-localhost} MYSQL_PORT=${MYSQL_PORT:-3306} MYSQL_DATABASE=${MYSQL_DATABASE:-pdns} MYSQL_USER=${MYSQL_USER:-pdns} MYSQL_PASSWORD=${MYSQL_PASSWORD:-pdns} -#php -SESSION_KEY=`pwgen 32 1` - +POWERADMIN_IFACE_LANG=${POWERADMIN_IFACE_LANG:-en_EN} +POWERADMIN_HOSTMASTER=${POWERADMIN_HOSTMASTER:-} +POWERADMIN_NS1=${POWERADMIN_NS1:-} +POWERADMIN_NS2=${POWERADMIN_NS2:-} +POWERADMIN_SESSION_KEY=${POWER_ADMIN:-`pwgen 32 1`} PDNS_ALLOW_AXFR_IPS=${PDNS_ALLOW_AXFR_IPS:-127.0.0.1} PDNS_MASTER=${PDNS_MASTER:-yes} @@ -20,41 +22,62 @@ PDNS_DISTRIBUTOR_THREADS=${PDNS_DISTRIBUTOR_THREADS:-3} PDNS_RECURSIVE_CACHE_TTL=${PDNS_RECURSIVE_CACHE_TTL:-10} PDNS_ALLOW_RECURSION=${PDNS_ALLOW_RECURSION:-127.0.0.1} PDNS_RECURSOR=${PDNS_RECURSOR:-no} -POWERADMIN_HOSTMASTER=${POWERADMIN_HOSTMASTER:-} -POWERADMIN_NS1=${POWERADMIN_NS1:-} -POWERADMIN_NS2=${POWERADMIN_NS2:-} -# Setup run directory -if [ ! -d /run/powerdns ]; then - mkdir -p /run/powerdns -fi -chown -R powerdns:powerdns /run/powerdns -chmod 0755 /run/powerdns -#Setup mysql env +cp /usr/share/zoneinfo/${TZ} /etc/localtime; \ +ENV LANG ${POWERADMIN_IFACE_LANG}.UTF-8 +ENV LANGUAGE ${POWERADMIN_IFACE_LANG}.UTF-8 +ENV LC_ALL ${POWERADMIN_IFACE_LANG}.UTF-8 +ENV MUSL_LOCPATH /usr/share/i18n/locales/musl -if [ -n "$MYSQL_HOST" ]; then - sed -i "s!MYSQL_HOST!${MYSQL_HOST}!" /etc/powerdns/conf.d/gmysql.conf - sed -i "s!{{MYSQL_HOST}}!${MYSQL_HOST}!" /var/www/html/poweradmin/inc/config.inc.php -fi -if [ -n "$MYSQL_PORT" ]; then - sed -i "s!MYSQL_PORT!${MYSQL_PORT}!" /etc/powerdns/conf.d/gmysql.conf - sed -i "s!{{MYSQL_PORT}}!${MYSQL_PORT}!" /var/www/html/poweradmin/inc/config.inc.php -fi -if [ -n "$MYSQL_DATABASE" ]; then - sed -i "s!MYSQL_DATABASE!${MYSQL_DATABASE}!" /etc/powerdns/conf.d/gmysql.conf - sed -i "s!{{MYSQL_DB}}!${MYSQL_DATABASE}!" /var/www/html/poweradmin/inc/config.inc.php +sed -i "s!MYSQL_HOST!${MYSQL_HOST}!" /etc/powerdns/conf.d/gmysql.conf +sed -i "s!MYSQL_PORT!${MYSQL_PORT}!" /etc/powerdns/conf.d/gmysql.conf +sed -i "s!MYSQL_DATABASE!${MYSQL_DATABASE}!" /etc/powerdns/conf.d/gmysql.conf +sed -i "s!MYSQL_USER!${MYSQL_USER}!" /etc/powerdns/conf.d/gmysql.conf +sed -i "s!MYSQL_PASSWORD!${MYSQL_PASSWORD}!" /etc/powerdns/conf.d/gmysql.conf + +sed -i "s!MYSQL_HOST!${MYSQL_HOST}!" /var/www/html/poweradmin/inc/config.inc.php +sed -i "s!MYSQL_PORT!${MYSQL_PORT}!" /var/www/html/poweradmin/inc/config.inc.php +sed -i "s!MYSQL_DATABASE!${MYSQL_DATABASE}!" /var/www/html/poweradmin/inc/config.inc.php +sed -i "s!MYSQL_USER!${MYSQL_USER}!" /var/www/html/poweradmin/inc/config.inc.php +sed -i "s!MYSQL_PASSWORD!${MYSQL_PASSWORD}!" /var/www/html/poweradmin/inc/config.inc.php + +sed -i "s!POWERADMIN_SESSION_KEY!${POWERADMIN_SESSION_KEY}!" /var/www/html/poweradmin/inc/config.inc.php +sed -i "s!POWERADMIN_IFACE_LANG!${POWERADMIN_IFACE_LANG}!" /var/www/html/poweradmin/inc/config.inc.php +sed -i "s!POWERADMIN_HOSTMASTER!${POWERADMIN_HOSTMASTER}!" /var/www/html/poweradmin/inc/config.inc.php +sed -i "s!POWERADMIN_NS1!${POWERADMIN_NS1}!" /var/www/html/poweradmin/inc/config.inc.php +sed -i "s!POWERADMIN_NS2!${POWERADMIN_NS2}!" /var/www/html/poweradmin/inc/config.inc.php +sed -i "s!TZ!${TZ}!" /var/www/html/poweradmin/inc/config.inc.php + +until nc -z ${MYSQL_HOST} ${MYSQL_PORT}; do + echo "$(date) - waiting for a response from mysql" + sleep 1 +done + +if mysql -h ${MYSQL_HOST} -u ${MYSQL_USER} -p${MYSQL_PASSWORD} "${MYSQL_DATABASE}" >/dev/null 2>&1 Date: Sat, 28 Jan 2023 01:04:48 +0000 Subject: [PATCH 08/12] form code --- Dockerfile | 155 ++++++++++++++++++-------------------- poweradmin/config.inc.php | 4 +- 2 files changed, 74 insertions(+), 85 deletions(-) diff --git a/Dockerfile b/Dockerfile index 512ea55..caf7a79 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,84 +2,74 @@ FROM alpine:3.17.1 as builder ENV POWERDNS_VER=4.7.3 -# Install libs we need RUN set -eux; \ - true "Installing build dependencies"; \ apk add --no-cache \ - build-base \ - \ - boost-dev curl curl-dev geoip-dev krb5-dev openssl-dev \ - libsodium-dev lua-dev mariadb-connector-c-dev \ - protobuf-dev yaml-cpp-dev zeromq-dev mariadb-dev luajit-dev \ - libmaxminddb-dev - -# Download packages + build-base \ + \ + boost-dev curl curl-dev geoip-dev krb5-dev openssl-dev \ + libsodium-dev lua-dev mariadb-connector-c-dev \ + protobuf-dev yaml-cpp-dev zeromq-dev mariadb-dev luajit-dev \ + libmaxminddb-dev + RUN set -eux; \ mkdir -p build; \ cd build; \ wget "https://downloads.powerdns.com/releases/pdns-${POWERDNS_VER}.tar.bz2"; \ tar -jxf "pdns-${POWERDNS_VER}.tar.bz2" - -# Build and install PowerDNS RUN set -eux; \ cd build; \ cd "pdns-${POWERDNS_VER}"; \ -# Compiler flags export CFLAGS="-march=x86-64 -mtune=generic -Os -pipe -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=2 -Wformat -Werror=format-security -fstack-clash-protection -fcf-protection -flto=auto"; \ export CXXFLAGS="-Wp,-D_GLIBCXX_ASSERTIONS"; \ export LDFLAGS="-Wl,-Os,--sort-common,--as-needed,-z,relro,-z,now -flto=auto"; \ \ ./configure \ - --prefix=/usr \ - --sysconfdir="/etc/powerdns" \ - --sbindir=/usr/sbin \ - --mandir=/usr/share/man \ - --infodir=/usr/share/info \ - --localstatedir=/var \ - --libdir="/usr/lib/powerdns" \ - --disable-static \ - --with-modules="" \ - --with-dynmodules="bind geoip gmysql lua2 pipe remote" \ - --with-libsodium \ - --enable-tools \ - --enable-ixfrdist \ - --enable-dns-over-tls \ - --disable-dependency-tracking \ - --disable-silent-rules \ - --enable-reproducible \ - --enable-unit-tests \ - --with-service-user=powerdns \ - --with-service-group=powerdns \ - --enable-remotebackend-zeromq; \ + --prefix=/usr \ + --sysconfdir="/etc/powerdns" \ + --sbindir=/usr/sbin \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --localstatedir=/var \ + --libdir="/usr/lib/powerdns" \ + --disable-static \ + --with-modules="" \ + --with-dynmodules="bind geoip gmysql lua2 pipe remote" \ + --with-libsodium \ + --enable-tools \ + --enable-ixfrdist \ + --enable-dns-over-tls \ + --disable-dependency-tracking \ + --disable-silent-rules \ + --enable-reproducible \ + --enable-unit-tests \ + --with-service-user=powerdns \ + --with-service-group=powerdns \ + --enable-remotebackend-zeromq; \ make V=1 -j$(nproc) -l8 CFLAGS="$CFLAGS" CXXFLAGS="$CXXFLAGS" LDFLAGS="$LDFLAGS"; \ \ pkgdir=/build/powerdns-root; \ make DESTDIR="$pkgdir" install; \ \ -# Move some things around mv "$pkgdir"/etc/powerdns/pdns.conf-dist "$pkgdir"/etc/powerdns/pdns.conf; \ mv "$pkgdir"/etc/powerdns/ixfrdist.example.yml "$pkgdir"/usr/share/doc/pdns/; \ -# Remove cruft find "$pkgdir" -type f -name "*.a" -o -name "*.la" | xargs rm -fv; \ rm -rfv \ - "$pkgdir"/usr/include \ - "$pkgdir"/usr/share/man - + "$pkgdir"/usr/include \ + "$pkgdir"/usr/share/man RUN set -eux; \ cd build/powerdns-root; \ scanelf --recursive --nobanner --osabi --etype "ET_DYN,ET_EXEC" . | awk '{print $3}' | xargs \ - strip \ - --remove-section=.comment \ - --remove-section=.note \ - -R .gnu.lto_* -R .gnu.debuglto_* \ - -N __gnu_lto_slim -N __gnu_lto_v1 \ - --strip-unneeded - -# -# Build final image -# + strip \ + --remove-section=.comment \ + --remove-section=.note \ + -R .gnu.lto_* -R .gnu.debuglto_* \ + -N __gnu_lto_slim -N __gnu_lto_v1 \ + --strip-unneeded + + + FROM alpine:3.17.1 ENV POWERADMIN_VER=3.4.2 @@ -93,38 +83,37 @@ ENV MUSL_LOCPATH /usr/share/i18n/locales/musl RUN set -eux; \ true "PowerDNS and PowerAdmin requirements"; \ apk add --no-cache \ - boost-libs \ - geoip \ - libcurl \ - libmaxminddb-libs \ - luajit \ - mariadb-client \ - mariadb-connector-c \ - yaml-cpp \ - zeromq \ - openssl \ - \ - pwgen \ - supervisor \ - nginx \ - php81 \ - php81-fpm \ - php81-intl \ - php81-iconv \ - php81-mysqlnd \ - php81-pdo \ - php81-pdo_mysql \ - php81-gettext \ - php81-openssl \ - php81-session \ - php81-tokenizer \ - php81-mbstring \ - php81-xml \ - \ - composer musl musl-utils musl-locales tzdata \ - #bind-tools; \ - rm -f /var/cache/apk/*; \ - rm -rf /var/www/localhost + boost-libs \ + geoip \ + libcurl \ + libmaxminddb-libs \ + luajit \ + mariadb-client \ + mariadb-connector-c \ + yaml-cpp \ + zeromq \ + openssl \ + \ + pwgen \ + supervisor \ + nginx \ + php81 \ + php81-fpm \ + php81-intl \ + php81-iconv \ + php81-mysqlnd \ + php81-pdo \ + php81-pdo_mysql \ + php81-gettext \ + php81-openssl \ + php81-session \ + php81-tokenizer \ + php81-mbstring \ + php81-xml \ + \ + composer musl musl-utils musl-locales tzdata \ + #bind-tools; \ + rm -f /var/cache/apk/* RUN set -eux; \ mkdir -p /var/www/html; \ @@ -151,9 +140,9 @@ RUN set -eux; \ chmod +x /usr/bin/entrypoint; \ mkdir -p /run/powerdns; \ chmod 0750 /etc/powerdns; \ - chmod 0640 /etc/powerdns/pdns.conf; \ + chmod 0640 /etc/powerdns/pdns.conf; \ chmod 0755 /run/powerdns; \ - chown -R root:powerdns /etc/powerdns; \ + chown -R root:powerdns /etc/powerdns; \ chown -R nginx:nginx /var/www/html; \ chown -R powerdns:powerdns /run/powerdns diff --git a/poweradmin/config.inc.php b/poweradmin/config.inc.php index ff49774..869c917 100644 --- a/poweradmin/config.inc.php +++ b/poweradmin/config.inc.php @@ -8,7 +8,7 @@ $session_key = 'POWERADMIN_SESSION_KEY'; $iface_lang = 'POWERADMIN_IFACE_LANG'; -$iface_style = 'ignite'; +$iface_style = 'ignite'; $dns_hostmaster = 'POWERADMIN_HOSTMASTER'; $dns_ns1 = 'POWERADMIN_NS1'; @@ -20,4 +20,4 @@ $pdnssec_debug = false; $pdnssec_command = '/usr/bin/pdnsutil'; -$ignore_install_dir = true; \ No newline at end of file +$ignore_install_dir = true; From c1aad689fa368a6a4a0894bcdf6b94a47a91835e Mon Sep 17 00:00:00 2001 From: Root Date: Sat, 28 Jan 2023 05:16:33 +0000 Subject: [PATCH 09/12] add pitch bug correction --- Dockerfile | 14 +++-- docker-compose.yml | 8 ++- entrypoint | 99 ++++++++++++++++++++------------ nfo/dnssec.png | Bin 0 -> 76947 bytes poweradmin/config.inc.php | 6 +- poweradmin/dnssec_add_key.diff | 8 +++ poweradmin/dnssec_edit_key.diff | 8 +++ 7 files changed, 98 insertions(+), 45 deletions(-) create mode 100644 nfo/dnssec.png create mode 100644 poweradmin/dnssec_add_key.diff create mode 100644 poweradmin/dnssec_edit_key.diff diff --git a/Dockerfile b/Dockerfile index caf7a79..d69824e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -81,7 +81,6 @@ ENV LC_ALL ru_RU.UTF-8 ENV MUSL_LOCPATH /usr/share/i18n/locales/musl RUN set -eux; \ - true "PowerDNS and PowerAdmin requirements"; \ apk add --no-cache \ boost-libs \ geoip \ @@ -111,8 +110,7 @@ RUN set -eux; \ php81-mbstring \ php81-xml \ \ - composer musl musl-utils musl-locales tzdata \ - #bind-tools; \ + composer musl musl-utils musl-locales tzdata patch; \ rm -f /var/cache/apk/* RUN set -eux; \ @@ -132,7 +130,6 @@ COPY php81 /etc/php81 COPY poweradmin /var/www/html/poweradmin/inc COPY sql /sql - RUN set -eux; \ addgroup -S powerdns 2>/dev/null; \ adduser -S -D -h /var/lib/powerdns -s /sbin/nologin -G powerdns -g powerdns powerdns 2>/dev/null; \ @@ -146,6 +143,15 @@ RUN set -eux; \ chown -R nginx:nginx /var/www/html; \ chown -R powerdns:powerdns /run/powerdns +#bug source correction +RUN set -eux;\ + # ERROR 1074 (42000) Column length too big (max = 21844); use BLOB or TEXT instead + sed -i "s!VARCHAR(64000) DEFAULT NULL!TEXT(64000) DEFAULT NULL!g" /sql/pdns_schema.sql; \ + # BUGs Undefined constant id,error + patch /var/www/html/poweradmin/dnssec_add_key.php /var/www/html/poweradmin/inc/dnssec_add_key.diff; \ + patch /var/www/html/poweradmin/dnssec_edit_key.php /var/www/html/poweradmin/inc/dnssec_edit_key.diff; \ + rm -r /var/www/html/poweradmin/inc/dnssec_add_key.diff /var/www/html/poweradmin/inc/dnssec_edit_key.diff + EXPOSE 53 8081 80 EXPOSE 53/UDP diff --git a/docker-compose.yml b/docker-compose.yml index 08779e2..4c8ee6c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -47,10 +47,12 @@ services: - PDNS_ALLOW_RECURSION=127.0.0.1 - PDNS_RECURSOR=no - - POWERADMIN_HOSTMASTER=admin@adm.net + - POWERADMIN_HOSTMASTER=email.admmin.soa + - POWERADMIN_IFACE_STYLE=spark + #- POWERADMIN_IFACE_INDEX=list - POWERADMIN_IFACE_LANG=ru_RU - - POWERADMIN_NS1=8.8.8.8 - - POWERADMIN_NS2=8.8.4.4 + - POWERADMIN_NS1=ns1.example.com + - POWERADMIN_NS2=ns2.example.com depends_on: - mariadb ports: diff --git a/entrypoint b/entrypoint index 6231a94..bed87b3 100644 --- a/entrypoint +++ b/entrypoint @@ -9,6 +9,8 @@ MYSQL_USER=${MYSQL_USER:-pdns} MYSQL_PASSWORD=${MYSQL_PASSWORD:-pdns} POWERADMIN_IFACE_LANG=${POWERADMIN_IFACE_LANG:-en_EN} +POWERADMIN_IFACE_STYLE=${POWERADMIN_IFACE_STYLE:-ignite} +POWERADMIN_IFACE_INDEX=${POWERADMIN_IFACE_INDEX:-cards} POWERADMIN_HOSTMASTER=${POWERADMIN_HOSTMASTER:-} POWERADMIN_NS1=${POWERADMIN_NS1:-} POWERADMIN_NS2=${POWERADMIN_NS2:-} @@ -24,11 +26,25 @@ PDNS_ALLOW_RECURSION=${PDNS_ALLOW_RECURSION:-127.0.0.1} PDNS_RECURSOR=${PDNS_RECURSOR:-no} -cp /usr/share/zoneinfo/${TZ} /etc/localtime; \ -ENV LANG ${POWERADMIN_IFACE_LANG}.UTF-8 -ENV LANGUAGE ${POWERADMIN_IFACE_LANG}.UTF-8 -ENV LC_ALL ${POWERADMIN_IFACE_LANG}.UTF-8 -ENV MUSL_LOCPATH /usr/share/i18n/locales/musl +cp /usr/share/zoneinfo/${TZ} /etc/localtime + +LANG=${POWERADMIN_IFACE_LANG}.UTF-8 +LANGUAGE=${POWERADMIN_IFACE_LANG}.UTF-8 +LC_ALL=${POWERADMIN_IFACE_LANG}.UTF-8 +MUSL_LOCPATH=/usr/share/i18n/locales/musl + +export LANG +export LANGUAGE +export LC_ALL +export MUSL_LOCPATH + +#ERROR 1074 (42000) Column length too big (max = 21844); use BLOB or TEXT instead +sed -i "s!VARCHAR(64000) DEFAULT NULL!TEXT(64000) DEFAULT NULL!g" /sql/pdns_schema.sql +#BUG Ungefined constant +sed -i "s!$this->redirect('dnssec.php', [id => $zone_id]);!$this->redirect('dnssec.php', ['id' => $zone_id]);!" + +sed -i "s!latin1!utf8mb4!g" /sql/pdns_schema.sql +sed -i "s!latin1!utf8mb4!g" /sql/poweradmin.sql sed -i "s!MYSQL_HOST!${MYSQL_HOST}!" /etc/powerdns/conf.d/gmysql.conf sed -i "s!MYSQL_PORT!${MYSQL_PORT}!" /etc/powerdns/conf.d/gmysql.conf @@ -44,6 +60,8 @@ sed -i "s!MYSQL_PASSWORD!${MYSQL_PASSWORD}!" /var/www/html/poweradmin/inc/config sed -i "s!POWERADMIN_SESSION_KEY!${POWERADMIN_SESSION_KEY}!" /var/www/html/poweradmin/inc/config.inc.php sed -i "s!POWERADMIN_IFACE_LANG!${POWERADMIN_IFACE_LANG}!" /var/www/html/poweradmin/inc/config.inc.php +sed -i "s!POWERADMIN_IFACE_STYLE!${POWERADMIN_IFACE_STYLE}!" /var/www/html/poweradmin/inc/config.inc.php +sed -i "s!POWERADMIN_IFACE_INDEX!${POWERADMIN_IFACE_INDEX}!" /var/www/html/poweradmin/inc/config.inc.php sed -i "s!POWERADMIN_HOSTMASTER!${POWERADMIN_HOSTMASTER}!" /var/www/html/poweradmin/inc/config.inc.php sed -i "s!POWERADMIN_NS1!${POWERADMIN_NS1}!" /var/www/html/poweradmin/inc/config.inc.php sed -i "s!POWERADMIN_NS2!${POWERADMIN_NS2}!" /var/www/html/poweradmin/inc/config.inc.php @@ -63,45 +81,54 @@ else mysql -h ${MYSQL_HOST} -u ${MYSQL_USER} -p${MYSQL_PASSWORD} ${MYSQL_DATABASE} < /sql/poweradmin.sql fi +echo "check powerdns database table" CHECK_TABLE=`mysql -h ${MYSQL_HOST} -u ${MYSQL_USER} -p${MYSQL_PASSWORD} ${MYSQL_DATABASE} -e "CHECK TABLE domains;" | grep "doesn't exist" | awk {'print $3'}` -if [ ${CHECK_TABLE} == "Error" ]; then +if [ "${CHECK_TABLE}" == "Error" ]; then + echo "update tables powerdns schema" mysql -h ${MYSQL_HOST} -u ${MYSQL_USER} -p${MYSQL_PASSWORD} ${MYSQL_DATABASE} < /sql/pdns_schema.sql fi +echo "check poweradmin database table" CHECK_TABLE=`mysql -h ${MYSQL_HOST} -u ${MYSQL_USER} -p${MYSQL_PASSWORD} ${MYSQL_DATABASE} -e "CHECK TABLE users;" | grep "doesn't exist" | awk {'print $3'}` -if [ ${CHECK_TABLE} == "Error" ]; then +if [ "${CHECK_TABLE}" == "Error" ]; then + echo "update tables poweradmin schema" mysql -h ${MYSQL_HOST} -u ${MYSQL_USER} -p${MYSQL_PASSWORD} ${MYSQL_DATABASE} < /sql/poweradmin.sql fi -rm -rf /sql +#mysql -h ${MYSQL_HOST} -u ${MYSQL_USER} -p${MYSQL_PASSWORD} ${MYSQL_DATABASE} < /sql/cascade.sql +#rm -rf /sql +# +# bcrypt 12 (admin/admin) +# # INSERT INTO users ( id, username, `password`, fullname, email, description, perm_templ, active, use_ldap ) -# VALUES ( 1, 'admin', '21232f297a57a5a743894a0e4a801fc3', 'Administrator', 'admin@example.net', 'Administrator with full rights.', 1, 1, 0 ); +# VALUES ( 1, 'admin', '21232f297a57a5a743894a0e4a801fc3', 'Administrator', 'admin@example.net', 'Administrator with full rights.', 1, 1, 0 ); # INSERT INTO perm_templ ( id, name, descr ) VALUES ( 1, 'Administrator', 'Administrator template with full rights.' ); - - -# Setup web access -if [ ! -f /etc/powerdns/conf.d/webserver.conf ] && [ -n "$POWERDNS_WEBSERVER_ALLOW_FROM" ]; then - # Check if we got a password - if [ -z "$POWERDNS_WEBSERVER_PASSWORD" ]; then - POWERDNS_WEBSERVER_PASSWORD=$(pwgen 16 1) - fdc_notice "PowerDNS webserver password: $POWERDNS_WEBSERVER_PASSWORD" - fi - # Check if we got a API key - if [ -z "$POWERDNS_API_KEY" ]; then - POWERDNS_API_KEY=$(pwgen 16 1) - fdc_notice "PowerDNS webserver API key: $POWERDNS_API_KEY" - fi - - cat < /etc/powerdns/conf.d/webserver.conf -webserver = yes -webserver-address = 0.0.0.0 -webserver-allow-from = $POWERDNS_WEBSERVER_ALLOW_FROM -webserver-loglevel = normal -webserver-password = $POWERDNS_WEBSERVER_PASSWORD -webserver-port=8081 -api = yes -api-key = $POWERDNS_API_KEY -EOF -fi - +# + +# +# # Setup web access +# if [ ! -f /etc/powerdns/conf.d/webserver.conf ] && [ -n "$POWERDNS_WEBSERVER_ALLOW_FROM" ]; then +# # Check if we got a password +# if [ -z "$POWERDNS_WEBSERVER_PASSWORD" ]; then +# POWERDNS_WEBSERVER_PASSWORD=$(pwgen 16 1) +# fdc_notice "PowerDNS webserver password: $POWERDNS_WEBSERVER_PASSWORD" +# fi +# # Check if we got a API key +# if [ -z "$POWERDNS_API_KEY" ]; then +# POWERDNS_API_KEY=$(pwgen 16 1) +# fdc_notice "PowerDNS webserver API key: $POWERDNS_API_KEY" +# fi +# +# cat < /etc/powerdns/conf.d/webserver.conf +# webserver = yes +# webserver-address = 0.0.0.0 +# webserver-allow-from = $POWERDNS_WEBSERVER_ALLOW_FROM +# webserver-loglevel = normal +# webserver-password = $POWERDNS_WEBSERVER_PASSWORD +# webserver-port=8081 +# api = yes +# api-key = $POWERDNS_API_KEY +# EOF +# fi +# exec "$@" diff --git a/nfo/dnssec.png b/nfo/dnssec.png new file mode 100644 index 0000000000000000000000000000000000000000..de80e78492a1e8d7a9f7a29d0713af34e49bb094 GIT binary patch literal 76947 zcmd42bx<7byC$4WaF^gDxVw{JLvRLnCwO3RcQU~p26sYmx4|X2LxQ^#f(L@@PR{N* zo8LL--TG?l`(vxRYMLIp=jrRY{l4yS6(t!=G*Yx@&z@n*$x5m{dxpsP?Adb@6eRc+ zmvBk3XU`~~$w`W9cp4pMA^VzZ-aM|E%X_bwCyZULqA!uLf(Xb6%fnu&K8B$%GV}X? zLL?xFH|=6)rj$ybHk>!obzfKo@h>Qzq>a)(?Y1Xmw5N@lTTT{kzwxJD7;P@{ooK!q z_dC|dLyMHIM+F(+5F2UGc0OKI(b3Q-(krAgqN1WYAIx>o$BJBf8jLz{DsNT_og|i3 zJvIsdS`R!+$XQ-FVMJ=_^v}T&qI{0`Uym?70P0J|FYb2TuT#+yC&ZpIX&D$sK1+n| zbgV5iOo-kY%pd*w_>+e7+ouiS6_H=>8|we&DU=WhH4x&QD_ckL-+lW(e;C4!z^LM^ z9`_9OpAN~WXNbdLpRERHfq;KHUNSZ#%YH=or-NGhBfz5fTbmSz{_Y6_~_`gH*f8h%W!_5VfaGf8f{^L4jKLY5k{uzllU@wYFZWOV% zyTU&rK?{UHef}8aJ*lj+`MvOR_>RKJ>7l7{|D?>;J^(%i2w6D|9@GLO78aS|0?PKaV3lxE&;d_ z6ESlC3?5uivHwX*;n)9P5me4~fCVU0X4zi32$g}BR@S+;=epJ3o(=U{#?&-#{_whn zP8uU|p{Dcn4vU#-$Ue%8Gii2K%i7-EL&&0ag&r%^j?*Ok+Q4s)ZYaEc&*e2AUvqv1 z=589BI5acnIYr%7n+Mshf|}Z|M;ejU=g7TSa+Jd;^&6kQPft&BF+T{{Z(YlA9#45! z%&ozKeEek=G<<|JRVv#>>@$&}f6EMz9FN!$GPz|=5xW=J!0Afs8vmyk0-8C%M=>4K`w& zTZQOzT}u9oaD7*P{}oYQ%9Nl^gH`prWTa;9bSNQ#hMxY?FAssogW$c7K`paadCuVUEqsj6J96{Zjqw@M%Hh7GoA7y6I(m!!HM5nC~lF10?TPzIWgtxBL!7 zmFK{TR)l+wHwAS`rum3sD?+!M)VK_B)+-AU0RpY><0G$#AqethKela&#Hq*99umI3 zr+!bsc+vOyl~%&7fFGpj%JxA7aV{+g;bhHk!r|n!iGKqjRvW^d2tIkg$dk$PFGdQ1 z1_u{Xi;2ytIA(NJeT*PKRod;D`u!G1Pr>8YdwjC6iHc7)wP=aqMrA5&(b2cRf^WJC zv?x~Vi+|?*=9GHt2A*4+&`rIja4TeU z95gRUJpZ|PAo?xzy&IJ_u1?>&B>DkF=RoJMC-C=Z@IxVnTU8qSwbHLT-RnP_Tq7Qg z$TqBRjL}3nc)+f#^u}tYco(8S_fqUu7jW6y1Bt^3-(9{L6V-@PF)?PNHzBvKH#-if zGd!w8+}v)~er|O81J-Q|3U&~YzMG8WA#MCQlv+4I8xu-YfKakg&NBI2}1eZD7SVOlntaSvz++wtT{vc^k=jB>Gp!Uc=on!tf7E z?NGk*&+M?@-$JRU{EQK42)aj2b*unUOiyaL7o1w~AC>ZToV7CEeLf zO6kWN{g1X!T!_PjVgB}EzCU`ZAGPnMT1ZbO>$8u3zM#&H>C(pr&@DImQA`S5*u7!M z4B@LBt8SZQGl?0vmbnZ6vIVjsdK?P{e-Ws2ZY}d+_>{a=QCad?)shX5*cag*HPPGX zpxHKajc}uM1RW(Tl^tBZcZuGrCwUObh5^o4a*N|Uns33w|G z(s4sa>#$B+@XyBBcP(Taap@iMEpC`Z7o0z-9bQ_24F^VTf?5e_LP_?6DxbshD7 zHS=+QpZ?vq_V;!@o=x^d(iPZqtEUTnFDEc@3CuLP)T8At#8+7|-D3ht(5z;uAYIbA zt;BE?%Wy0^GJk>T=IvJweZ(5G>wb8Z`=xPcnFhNQ&lwr>{{YdpyVKM8^epQ{($lNG ze(ctVTf1SkB_3m9YtSQt{BQq7UDr!J)evTt5EqWHB))CIznvUXHgFUrQ42D`!tDCE zDf;WD@5%z8$#Y9wu@AQgMiyA#RiT0Z;sZ$(prBbPM3dHkT2W!e?_#Z_WEFua8k0Fj zJQdbdis-Ep(c3ccF6R{&IhW2-LJik&xigFeGSfuV$OG4YR+md^nPz9M2Nv;()!k^yr>B<}SDAUW6W=1aXQ zzkR9q^ynaY=UYrOya?c)+xOWxMx$6v0-iBWLO3=&1`%ic!opFU%sTkJ*sw}K^t<$~J`o0(AOgY{3xU?Kcl)mFjjdtGMWdv& zoPwy=E~l5#`d}mc?wZ^~9F7fU`;ez^?wUGN#ECU3a0J{d4>XY#=j;PqFr{*N6HvVS zl&S_GMgh@2Ha^fUAQvO1s*YiQm!2^Ixpa<;Up==z$O6@!BP^J2oA_@bp_ce#nX0bW z$F8jj=%@n^4XQq)B-$VrYkjgwi^E7^^Lxg*#e&5TQDbABp6vEr*XYu!kc-v{JpvR= z+S%G(iWb8d6gd$X$*t(UJ_AX7cfsTWJlQ(Ai-jORB1o-BbIj`^`z6vVRgjDU-+d(q z>bshBE_@5u6sEQT09|=}LS{P-qf=YmgC|;I*VRjK+($V|6)1VxMQ++OvjIfy?pKSO zPr@FtmLH>5*~tf^aL3AaEq*KmaC`WA+fYmS(9Y;h2(`+-pL&&5A!UgXnRjL~kbTwY zg$}IxszZ3j?0k{9G}1%x>eB}!p_u5uLUhVn1Zrv(y}rWZTF0`FtqMlmGZulT|Cj>WP!C05G_NN=y_!7YYRCsfqGOnV$|ugP;KCN&z%p16wMzQMMQv5(X4c#= z)<#|3K?5IB!5*PKy%xG=F2=4AP6c?tDgLjZO)~rINA$#1j<#F=H8KgcXc}H4sOYv1 zqL?vn$jqzP=DdzR^@%EQm0xb}Vuiyd`@0K-zeX(71;>ztWJqgqDN^d(Ip8|&r#dtLI%UD3T0>CFt;13Ikb3Kr+ZZPZ?YE)jwfT*(U-=2PUF`7%-Dhz=}A&-VgdTFCmjSHqb0- z117dW-CPYYaZk5&!sgGGO_?oCl5l-iK!GziH2DJt8v*C(dTHfZi-+lsI4r=!=&AyY zWWQDOTA!W7XQDAR&Gh1A|HqN?FP?X}K*n#d$-HhzL(vABZ{65|M0qxPONWt3*FoL~ z%hQ>y9sfx|4|L37 zwp*soVLo8x&Y_ER@*&9UX9%!HJQ^bMid>EPeBk{J2Z&6z&2BQK=_onhJC@hXK9pHS zZ%Y6fpK+ohN3YVm>cX;Z!Vy9KmzdQ`!G$Cl3VoaAwCoWLj_41dz>2@)iT}v@&Kcm3dyq@9 zy9)cLr$QQzM;VglG^kNL-K1wZne>`(H1Hk$`dE65j^mLNohE}8Se_uXLbpr8K91mT zbNau7KFVkC2QHKT?PLDa`Tr}Ghx1mT*UU^#`26<#|Dgy1bj9~PJPE)6e?$$IqFL;I zLrupY*S5t_D8DlKM4~!ero*J+68yzUQ;`0z7lDY&0Q-hYEn?;NyYBjQ zZ*3X@Q@MdXsG*X;E0w8VECtr1e9-nw=1w2kz9D38v~7nmzS`LtSt@4Q+Q2W+<7iM; z$r&Uc<3`Pn>8gKS$9)`%kQV~4ixumlVFmr=tlo3t7iara39|5mhQD`WSz=`RP~a5j zIJP&L1ZTjG`q?X1;@?WHp7D-sjk)=K!_Nql0n7n&GvB)mUy%-PIeBN|qs9Rf@!*xJ z0`wk}zYRYIJ76cJJSB4`Ma~p-w4N?#wX};c4XyS5-UDsjKV!EOi`S){o6b&dX=o5V zNx|$#eh$mOx0dcOP*=yJz~5wr3%%(l_?lC7=&_)Gt(kHaHPNsJbe5fidos0sj}!*X zeK=RUL}{+y-+mVTX{DF>`Ei1d;hUHY1k)7w{qu%GF`0kgAM>Xw_N6cCQwjX@lT_FS z75sCfZ|j>Jr8Fx1^n37D_21gJ83}*Nwcdp6L1zkG6Yc8-Y3;*<*^B$P+< z_wW%`GuCDqhpSiHz9h$`l^DK2@$YN96eAWcJ;vHc9!3#KB8NvbR_{qAm?lBw{rnm#WT7 z=(Lu$#|9_((qQ5DCHouiYhclYvvcTRDk{FkV4QEw($OSJLy;1Bf&}uVoW74j*7mdp ziI_<(1{-5ye&S1Odz-{s9xL;;W5Z2nzEGip)RL+@oBb$V!~UhoO(;>0UyIp^?m?5j zUVe?-)vom$?_VEzJ$e|vE$Rs=D9Fa`5E*{@&97_Z|Ja$;&uudKl7!2w%+s|!WpvfI6^ctssw1uU^+HSq2@ z^z&hmY!1ZD0V^X{Z{H_Dv*Xzu`Sd1U6P}S`3S+; z&%{rUlmG>otl9?7X^A-^EJcyZ;bh(VSWSxQ+=^I7YbNIsZi$T=7vJ}%6#6!ip7*DphXHf3sR#F7xi)rx+j4(x>oqFlVS7K9CfuW=F>m9 z`a1!0xhxCY9UNU^v?WD@-q5zl{XjQ$W=1j-OB~Dshb6n1m^7gpoQLm-=Lkhq`gY^Zn zI3O?rD2XuKZPH^g{zi9l^O6Wh#gR{vJn@_?n4w*(zs2G@bv?8IDbaDj#r5Z zR|$2BUcn6uGxuB0SXh}crl9XyC<#nb*Skx~d4HR0q1{D>S5c_Err2UnRtK`*Q@9=( zHS@{23u-a>F?6D_HEpe4*TtOpa;Oj!Y(7*=fJ1)eT9d2rHP9|2wr}OI8J!YfH9}V1 zKb@!LTOmq)U&%81B z)zcH#m4cBuNu#eCr6wfbK%Y~6BZH_R4*5)m%42naz)tI(O7~-|l?__f)=x2hfVq>5 z{fP)Gpk<#DQUu(tL8!<4;g(hbfQ!qhsiTHlLOQGdn}{tiSQAVHaXz0v4N00Q;}D(O zs3c<>DV)u5`N5HR;ZP2ZIII2GqeeBpAq#b@3Z++hn~5cnSzcAaWzcE{D<)eyBOoHN zx7}JdT1oykE0;U{COdekvE>|zxuj$-#LWiZpq3+GE~(aG;uyZgoo2f<<{!~)TlgWv zI!!5MZW~Y8UflME5k533%mT1YL+8if`Ot%?I0Q@7h6X+5i4*ko#en;H)xat}1wBN0 zf@A$?bMZK&W zoCt?koV4w@jJxyD?IMyJs@RJ!Gkt0?RxOXr#_~hZHiV4(T&lBd*9X1<;8Eems2{ga zlW#+zq*6WB@`x~6;*0jl!&tZuQUeMId?+DjZ8wqA)oRS^ugg!-USTnmS2CMuUMEkB ze~mO(Wod8wjCeMTzM}6FP0FKWIVw8gIHToZX$%(23cTU`-T5R+g`Q$a$**Ho8LDZ? zQqE%rV{Lt3kSNhK<8{!Z$+9d~PMAn!u`#b@3ihfMzN;G{o(^{edPXEuyuM ztd4scUa+NcHO1a*QOprR#tuM!yZN!7dH1;A?wEyVHD9+8Gq1{8l~kd(?Qlh#x~==W zQgU0@tkzu`w_oxH-)|QVZAfK<;oK%?iAn&A*RT7DSat1%KT<3=&Y=Wzz9Ot!5^w-A z20=Xyu*Sm?Hle`k1MzBbJ4u4m?_0jStC7rQ;U+f$s^nizZ^Bew)#!{K?1LuUVp_{w z7YPpW{Z2XYLH(vE2^2)uZsB9EuJ2r2 z9ud`qp8SUve=#{}guJ#daKH7SE7_)VO7<}>-y%!lRp^jY!+O-h6LD+TBah`#wi&-` z-nPBhs9Fq94m4BDRp<(w*H)|B@s%k(bQHMhOAULgZl~l`QXqZ|KBpl3iAEmaqF3n= zurB1qCpr4!b&Bw+27|uH=Yc?M?c95LG~rS`Qi}|sbJ0ADs_U3QfJJ>J#()%n_S+mn zo>s0wn{P0#XD6X)ewvDOU(w;Rf$qf_ITCz?&)X2q+kUz zyKF)KX^shae;}HnB)LH^Jgs%P+%xA1rJ4!GIo{igq@IhnxP4zu*^$;VR+oIl6 z!DD1hz-I&OPlgAYnNvP~ets3?s{vobnXr_Kaw|;$ov7)yi!%_g8Gdl3BNRG8B zsdO;A2#(P$q>4Ad73T9zh%`Kl@u0Hp-)QO#kUChznr^y%ms_53ZDF16n8jtTzk)lo zd`(i*4Dh-C(7ylMpXs=K4~J9$)IaVJ%)8Pc8LGklRF&W9Cld-JnS@Yj*^r-#Tfg=% zFn72&50jDffa$>76X{Rmtcln?&Kxf`UD!skMxXX~v4Z&8#p-~S6_}aVAjDy?8uv~a z%&Ir!V1<*|jMXiFP$fgBlLgbK1NX-M)7Zv{n9XUuXQ4t~= zqtEl$P-;Xrhb}*P z+R*Fp`jnfz278A2e2gtah}$Itn`fpP%g)9Yy4)u0^}^|im&UD}K+!#qkdJJ(gMCIb zssGmlYT~U*DVKCcMtaofA)=!(S+HQRPrR-^{_=G)e9K{(3gYhe$apWUTW##h>~vNJ z+}84`bYt~4O5KJ9r&U=D{A8o%Oe11D!ao`~QfO?bfK(uO3zp#0QuDjyXld$<_uw+E z(p?(SIuLrTkuvV}|>BJ77ZCgmyH%z?7cicS;Z&9iQfpQT=%n@simm z?Y7;AFj%w?MLFGAo>R*%n;vyl`*j;H@3hB#7Qlk_C@4D?)(9wQ@fT2P=^_T2K5z{! zUR&4jc{~BCXWmE-bNG^UZwnOI_hZvu&7hk+c-o)9=mhgk@FXWpPLlZjwmO3NhBw7 ziCvQ6no$4JfI2(zot!Om()2@T@-~zRN9ebNn!tmQw6g*mDjSS@dxx(7q_TWrlJn?b zb3B#0p?|7+w#^u-EH;POGFzs5d!-bh{Gmi#2o&83+a4u=@w!YhQ4W10*c{f6c*_U%-CTpZ|Llt47m@Q)6F6F$}D7baCCDmo@_In^v1VGonj@ zULeD?V&F9!ZNC?a6H`^05Y3v>SbPq@#;_kr7vgYP0?!UUEUVp|9pdPP&dMvMtIlk- z)Rt|gZijWAz_xX|#`Ej;h6Q0%dnLNxsslhbO1@num*y;|mQD+~ww%7>D;GRCUA|@r zOF+DSbVx=fEybYX{l+yTdb)qnL{W$tkBFmIvEyI=8(~rP`FY)tu5%5KrW#)wgK3xO zGeYF0m8z7*gq^@4k~346c3*(YM8D`NcG-7h6W@WQgCHJ4WAtI+`YV?5o`7`lj#J8& zK|8syScvFvd^_i7vlmz5nIbPLpGJx4*NQn38ozbwcA)j^DbLllzJt{23*W~f$mUX@ zNLBz#-pNQUq_Kxn=8y~Gq~*G8)J1LWbGwt(DHIQ zAUt(VcxH0^i4K~SU?&`Rll-22b@sOKXW{Xc4Q#*4oC*@zKe!xm9YL3T9TC4iYwU-F zPXSvy-v8-s^mu$ll3a27i+p&|X7=JRQ+NRZvN(!gT4O$-m}y=PW-;*Q9qmFSGPY@= zw|8h9otBiY`@x<_b#qgDoAgAoi--=-{9W;Wj)2?ywWd>ayg6X>86zX1Gk3MWcPtDB zE~KAv$VwG$b1EB>8)=euti6S)hK^t~MaS$S@ zFqDEQe?D|*xi9dCB|TO3e3~?y_=&@4M=a6TR|UEqKgm5wiM~x=F0wf_wiqlU5>G7q z`16Kc$Llr!@{D26D$|9!Lom=ALfb-?Z*sWX%jYV^fG)4>j9bp1lUVQP@nvj|k~=$; zI72KL=Z*x$%>fCasz~P|FEqM?+kMSC43e}f#=s==grRz2ZLLUxNd!0RmIN!Vps(nwG2zRU(dAHhH@%LpVvpCr3IL2pYG9%ppH(dKY^_POr@*4zbhMrm{dJ1{`t{i9fURh(G` zn=@Vi*?7L|4KJ&4=ku#u?y$Toe(wYNdY31W7{Bi`?cx}S!}iJ?{<8462m4RlliBH+ zwh_~c>9kia6%2~zXtL5?Zw!9;TB4pnGZ2-e>+)kr8imWkY9eSRE6ul8p?d3%^ULYY zbnxJhxUWP>Un~210W3#Y#EDzdN z9cNl{QB3ps7gt643s++AN&;%+b2+LmbQj)8EA-D9`+fJcHc5VG5b$H;_RH0aMxS-) z^Ygy+AR3iY#2q0g4z z0D_Qy-P}$L@Lv~;v$5?FQK-zM{;Xjr6lhNq@c;K_^` zbpk9zmgi;&M8G3NLReMVcVs%ogc6=@Eb9P)n0pjcXMd&Ixi;+C&zNdrr${Hl@q&Y_ zW5J$~x4+qk{16FqD#k*9)>SKOLp$wgT3^O_$|!-Ntn6V8d@ccqk)swker6Q@|3Aw+)dEBpa+e+9}K*=(*!0eik>pg4uWy@V82XIz6jCzJ#n=)5ZdiK>nqnk)T?q^@HrUarDG*efqO2+dmz*!K;L^{B(3RY_1O0Y|FN z7`88X*J5thIdt;+7cD`z-kDrjx$#l;c{v1FY`;YkmSat*e8yQ~a04~(d=#yjqu@mt zrfrHTBeo_akg$XK&^>&ul9DoU>r|2yva|-dn!aY^-cGVG?9T%f2$|J-e&yZUPJm*K zDAXZ<%S@JGM&L=zoH#9+m_*}xwAmC2uAt>(`Fiw3=JHn`fj7?(hK1BzEJVxk$k+&X zm>exurzdGWzN$?ztCXT&2jXCY*VA5*xt^>JC?hQ=R|ST75EBM=04x{>uFbqe43-8Y z?%N8mKI2hdM$1=^P}HLB(BND%v+9mGKv0Ue+VOS!HFNI?S&7!7-&%4ZPJ3u%C2~xrsqW;^8OOh#T;dt_Z6eZs6c8*g!@Vfy|Qc(JSE zcx!~R@Qq2Ozt1i>ffABRjROM|=n)!JpW&g9+Bv^pv&UQsGiOw%`);2wM|G^b@|jxP z_X8EHFd-|nzfhXC^9?m-HFsUt7_iP&ODmD2J0-%NV9;{q84HS={@CCsZ*LuQuhsJO z>!)vPJyGL+HxZH1WMibg>*pyCLU=C6aycDbjCC%~QB6TRj%#zN8SbHmA+f}Ew2BLP zc}Y2}<8a>z<9!uMY*FC&z0#pLFw8PRxCy1K+V5~se9L5RyEsi1t~r=gZ+Lh{s;4!a zbo;)^o_xvX#M~j~!Ad`oa40LPpy_GW9axUU>U}YDxI}})0z*7Lz4hQRD(Dn_=p(wQ z*yTXl=`I*?$~LF`@lz@69G1t$#GssIPkxI8J?K62$F{K32}Rh92P#)x&`8HfhlSoq z&mKqAa?@bd(XV?Qj8!=AHwoyw!6PojVS`?!*{0cjL&w`~xh>J8OekxK=f;=pm$UC6 z+{y0mCI%MqA!-$m=`sd;1Pr)E-;luXz~7}?qhr2-d19DWh77$>{-7AXLuhSGyO1JSS0bh!BCR}!mwBAn8w z$QL)fD;DK%ggo3>RAxupwGpU6i>o1OZ1_(AWUI4;U|#hwwJsfER_od`+?kN5sS zqk!NYZ{euaX?KDSF$XXp+&9}>Q0IHx5vMG~;X1nkon%prSRIzsi09pZCkMY|h)g|PDBJFChf=dBD?`2#BZ zH{~8~Rm5S-L&#dU-lU!Z4kfty&0Ew&91Mye*f!?An%zRHw*i5q1kCD)S|!9WisPF# z4qiZFGKcXyvA!cGZpF`2+PQ56?6aiWX9JFRT97l#`#WYGmGpuHAjuCM1&A|GE!3)K z@)~DT?r|B)_kgOC@JK>^Lh5VJMjBg(d#@p^Npkg?{I^H%%ZFEwt!Uj2)$pw$rt(+% z_X^H*_}c`iR0V1%78~y-S4lApyo+TW0Y%_W)Ajtq?-YTn&W&nz;iDZ_Z0vVOz?)m!=^8_2=77@mU%xb1($&R8=l@DfzMaX5`Aj8a-bMy=cBHF0ywz zmBsp1XeKjZHEz$sV@uiCJ7;g;#JQPt_sRM_X}l0~3v4QVo~~?3`d?;)iS~rBV%DJ4 zOoXzplD*fqwziy-ii-6w!IgmS7f3jgpYy^E95Kov+y|&$mKCcsyq5p5qaF0@|Brv1R)Aoe~O(Ij++k zqeYz^#f*4gy}p(^7mwXQOI$1n@lX56$*|DGQHrQ*rXH9n>|PGy2BIbURRg)cNh%`@ zx0I~ClxNg8>bl)p*zc9X9~ zT}E~$f`}EcV}*GzY)kuz3$&77^%d$!*V}xx=X0N1fO|ZP>9{-Y^#V{ycd85|azJU2 zFw(PavW2^ujCkTA%g2YX7hY+&2Ru48{ki2?HxfGPN*@Wf2ckRPS(n*-&*{}Yi)adE z#UW#5n2IB3)Y*fF_ef1@;Mx?QIL{p)M|FNS(ttIUS89X~0bGn?9|gm60v#`z!aOZ- z2>3R}@T_VLBJ5k0VFW6A8i`HpELE=gQs=UY)GwiOPZV zBhL9CVd#l|B2*1B|I*&Ck%bpt@knwtUrvoqbw$vdpVAV!4vSU{@W$L0^G0o`oz4VJ79WABGfQ`r|UGO4lnl5bH82a&Wr3A+dUw=40 z+P6MTq=1Gg&dsj;kECLn`Mk@N<z>P3#1MIlVob-}o@pSrDWy*NRKsMP_% zc$s>%d8cgY^FQ31xYvr0C!P-z46^$v$`|^=E~Dltk1-YNN2CV*{Yd4#&E!o+%Kae6X#A3$E1XmJjlTPy zu`t<%iT}(Syd-bBk-O$7moPEGw!Mn zYE)Lvb+IyD*rHppcIdXP#Xf3qc3?e}G?mFYcRWX*UZXx8lMYK}QaQ2Oa^UzBjBABw zb}J+~<7c1pHBJ85Mwke>qxC@o!aYBe^gqP~-rMz4Og#FVRuBioMhRk8X`v*x$s-sW zBx|FU?ayco`{Hd?RGI{$AYiBk7rpW>2I0e|I-rp``W4n~i>?K0Y{ZCDKaDU>h>^MJ@#FjNx#>Jgbet)s_xDpj{^&(&JCn zAJ`H$)cn|bJBM)SS2ziTL%bI|`V-Fy7-zEdq*_2+qHaEwpUSRSs^9w(vv2ABpka!p z4;>2qb)(-TR^~`@NPM7^9fW8}x+$nPBKEz(a!2dx91P{&euaa^gOh&nEJ$puxV_O& z6i)lxi0aeM)#y4Ms1BMwi}rS~9gW1zIHS=i+6db-#{TY%JuA5~Hq)mciB?G=H~vx6 zI<34;$KSm%o>3*lHN6H8UT30!GfWmjITv33%cR12BCr@>p}e%~RHOJcqiOdBtMU4M z-5xrGTZiIam>;G1!z~|5A4Mf|axzXg&Cha1mHz%k=R{f@W%y82|CEh0``^SOE)bkU zFv@P&iM^b~t;WpZDeY|339r3m;Zq^*X96rbIY6VXj{5R3^JE(`;|2IzyJ{6Qp1pk#wfKle_(o^Ooa_g`GFJy!72Xw#3^d+*H5QpPb`z-n- zJw3`YTKXsNll#%6gcaRVuwg2>7)dV=;4*(s@JIfophy2fC;M{(L zu5aS2UB91_8Igi#^!nDj-8=Vle6$eyb`cP+&es@5_ao+rN8Zypc3c5mbCa3UK zR0~n4ezW6)x#J`ZQi9WWDHs2cf*J@mJpYCSiS9YfyG-vgHJ|*hj5fa5S=n?4T_KR`e z8|qqr7l+=NGiPpEoC`Q`(hqn}AOFTPF!&>yf}6SnzH{P+UwGE7*zJ1MyQk{g}>=YIdRVtC2TQ3h~Z;>+(<;x z68|{02l1qW|BI0p^!I;d#r>}<|Gz!u+X-MtQ#*hjsm5{e@Av&r=P$(9YdW8}%I*Jc zP&L>^(tb70v9yl;UsV2I_Wdg*wTi0N>sj0X5bVD<@9*;#_&6r?F7PiF*uTo<|K*&c z>btL52DC|A4)MuRLz`Xy#sqw>uU;c)b0s(aIVbW}Co(f4lrg8yYH(h%^(F0m_uePB ztyG|OhD;2c42XTK$CNZHn9Woq4WPw|{v#7xrH%@J;}RJ2F(RShH%0vD7i>BCg;IOO zLUH6!e5~+~$DePzuVh!kVnJQWu{SFc%u0`wX)I6Y(<4aAJi*0rgIF>0EduPdbR#}? zCC&+DpM1<5S%s|R0ICvjJ2%aWi2UxaAdE8=H8aa8mR8#?J}Tjfc$8T1N|aJX};FT=JClxYp&FQ$Z1Uqh6L${tta_GI*o< zZ|sqXAnGI9pp6iZNX+9TR$91Sv61t#9Cs){xf^N}-W*MsXdNyvTJ)YmjEy$?^IZ{- zOl6;_3B2?BPcy+kL%xQiHx3PIx(tOO+y?z&0J=`9cscw|6Wt4p?&W|p0Iv=8$D;~e%A|8Su-Vz!<+-qsa>=_sz<8(UMrwMHw-3{%{9EN@W#bS* z+F?^^v|yt<Bs$$E%wV*`q%Bmz&*jv`1 z7|aGIaU3Y6b4y4^y`C#rQ#{a;Gqj67z4AT86*=)6c@$~g-ahTgdL;i~Hzt3B*ke9A zF9%J}X0QA~zqKsnz6}&C)=7bTMr4HBeeYaD273D8pEdZj6jvjO+ZtxP4)!aQGnxb< z#Jc9#sIJO$ss)9GBb&cDx|e4`QVR=%Sc&a2Y;Xsl+RDrIh7&E3tJzkS=L7ujx|ifA zs2HRGTzp3Kkmxw3Da&v&YAr=g3kHbV-a${SgX)I!{^;-RZx9h@06?A=WU19K`qm-7 z{++9^+kG*W!rM%xq4C$$Fuob*&3P(`%uFtyj?54pUH=9RTmB4lU=yf*!Qy1e2r{$Q zqu@S{lO_@nPQLim08c_`p;H)T4p}GlB)dbXVG0C07MqTO=7&K{rSijt7i9$%FwMlJ z!{*4H>F_UVy5YGa%sN;UOu_Tm4)(enNdy*#x8!2hr5I#fi^T^lD*d;jXy}f_NfR6| z-T$2n;AX6t%B#4#*ika2+JZ!|vx;n17vnrCHgJB996%!A#7FjlivjupC*!KB3WBzTZV{M~oE5PcBTMG!gO{z>Ey0nTSXU(vz|ZTQkVbW)_hVA|@gCW4CYy-~HGJ~p zZca{v2Iy7g9P8}f1w^ET2}=SMNrWDeYoAB68|QKM8f-mj)>Zr{EY;qda0PsK z)_I>DB^OUeM+Zw7OiapR`OTSAkum!hQ50 zg7^+r&BjVfWur+_98}u?CyDl;#}Imfm)_v=GYC-JS=5y4KR|hV@}O`UWo`h<`OL-p z!Fbkt?Z_8vYgsr9W1F937bYM59$)%*ju|p# zKhJt4bl?EDXm=T$OAOEPe$l~4d%2$z;_s29g@CVEo4iYb7H+4PjS6})hF?mVhb`8Q z8>w5MHVb@yv&%|(8J*8dbhfI6EDrj=A;=5$DiAOn92{WG9eXm`C^jB;kGvm3*1oVe zXo4wml`~^gEYES-tuUZ(EE@W5Hkp*Xb-&Mt6TJSQX|T46lK7S#wwcxHm}UYgp+dbU z2mlK?e7{jMaz~=V7_azpQe%Ugk(NZWBv6GOMwtjR^xxR2)(~CpEAY7)9@*jSM*F~s zLiooeP<=}{fUM3<7~f#M`E(GhH!~oy7YXlpEG(w8WV&RRm;>4kX4Z2jNWX7uFi_<_`Z<}m1H!N_DpvDU8vdD%*opx?!9!E0 zsDp9}6_ioT$wvYSvk)4>a}}TO+uYG?poEo+0j~;j9&wK+A>;+ZiLUYo(-H)XF26&D z$#rP$4ervX=Vqi6vs==3u}GNVLKYqR;g!z!!SCE&`>ahiJ#??w*R;yS>#}b+>uz_f zc7%Iu*i;+Do2-M~EQJ$4dse4o30%2Vb+V2rMrRe~Cl}iU^SIxe4~>pbe& zkR+(~$o+iaCL_G6OtxfttSSo>2oJ!Hf#|wjPEsJeBV-)#6}OG< zgBmTq32A;)Sb8cTcQmLRQL$J5()NLtmCexfH^SrNa$F=)RGmNF&5{_y(9DuVwqBp4 zj#ajwu39NS=|H_Wu=KS@pgFk@@xx5;a!hB$>j5054FATLZ8yzEFnl)TfplORz^aJj z4Y#?jX>D8Z!&X(X$WEeUXxriZ0^5>j6x5k`Bj#TCk>rFWen z!7M694kK|e;<*^k+py&JO(87!Xi*C{IT1XGGsX`ifvEM#5m2<$wd{ihA&VJ-*KwrE z&IkQ`;;kCsn)ojRk@O5qqD~mexH511X1FOV#}i+Y*;n0N9!e^V%!dmtyn1F>g&3&~ zRH=+_Tw7c$Db-snxh^g!Y*BMRS!Boboac_zn`hb`J1|a>?!7u>fpDi^s(u@ribR7z zw?CW}t_ZbbzlN8l2%fnexgY&(bN9B*g^4`nvHaSpBiIdH2_q?W+U7kS+f!f7SJkr| zPvfxR$~RVn8Q}*V@X!@)&wqZgX??^zij2ny??pzCw!Y8O5B4my>Eg4vwH=aPvhi~z zuCdXD$AY&x@Wur)^LSRM3MOgK&2_v)6OjgqQv?GrcgizyMc4G|soZ;3A{Sf*<15?w zqE`w|CG*3zN)Au3qC`4z)ZO}xry+u=ME&EUre~GbhxJr07hdlut(gNI{hT2Cc!()u z@zY&Lzk%}DLty9dJSUvREd5U?OXbr^hPT{+(3)v<9khMeS|^c~%b>NW1ljHzNSul3`?8%fa}=9H)ggc8LM2iH~p#~;IP(5)($zu^g%q@g8J)D;a0 z7$lkYa3P}d>)L{#BfqZ1nh$pNX2+2*AX;31D0?TVopQqoYxUFc9KFw49DUg6>(*zu zFBPH2!3S6{FJ}`|+rg+h_yoy+6f^?I5P{lPvm zmiE6*3L6TC!_tZ>VWb&VC0z9xZj28yc`*^nq*lD>@3t&;q+9&B-<9n|wbYjt^VWZ8 z+U}y(4CaJ|sk2NXhMktMukCl26~LkTuq5-)%wBli| z+&#EEY#;=8cXx;29taZL9X9S7+=Dy8edF%Iy?4&r&+T*G>bkeO>VD~}`)Lh+#~ zPwg1IyNy?A$ z)`s_|u`YT~-rlPyGP(}y&*uN~iKd{l5m(k^l@GaNTjD)ADls52O7%Tqw9YW4_$9JG zTaC=UrP7k5)o^CAi_Wc2IK0jmYZ1b6ye}k02fxn!`<0LCAY)mMXJpF^%~sln5y7Xp z!fdZR2X z2UI5k?8~?+8T{(8d+b4s4whZmrW2tK?@3gPFfq^Tgt(4BS#anaJ=8}IHckA(+I7w) z^hOEUKsBozyPBJiuBW+1P4_St-cCf7AQuFS~_>^}X zTPMUCMM=ef3M-U2AL3PLXtxUci|EO?xpfnsTsD-5=GfqRvIK2DlRJ@obKO^}&?Wgc zaHEZf`hw_lyy(18JSo$B3UVjLH4_`yMwf4sh%gMA7r|K1k8HWGP ze6?X{8(}VVZ}boM^x>OMhue1)(E;Byuh;p5Xm~dHu2}@<85?;_R97?)6s(f*Bq+06 z&<`rHVzLE&LV_9&KKcO+OIn3=G=>a4%8F*4Eo*#Xo60Bx0fU7a|K)JWqZ4M*ACVpn zX9Z5_p{gQj52f~Qnv(b1u(;i`wfjOX?^(!=B)I1*lWCm*_WJrZp#V2OT5&tQuv_)5 z8J%xcRl>UhDe4v(pD9)`_kq|;3Zl|K3= zNlhpns4}X7PhrYuVpoolsrQp|GvjD+gu|8O1N_sd(50z33gdKZ&I94+dCUGpK@^i? z4{DtAQZar~!++gi?byOy7+lh2vFHXGcZ!SI+i zTI$Ws_7IBkY_k^ZXj?BskIA$<5w?Xl#35 zkLKrw8ko@wz-HUW`~?p(t9A6N3-9n~ktWMAeGEpfcm+imnb(+iOD#TOG)+ew^y^>O z!dj-nDDln(CECR+L@o@Udspie@5CU$uJ{`9j@c^=@&MH78hn^}VtuzSILeKJaG3Y- zc+K+z0!wT`Mw1~@@Al!>JSLzbPqatICj%qb{0oAz{%)4H5S1yJbyntTvd$Zw;KUz!y-b{Qm;z3~wqt1jP}^m}hniJLcr(mpCU zGVX0-$J=PbC9AlwV2jFyY5Q!~bCh=QU5C1YtF947SJ!skxK?EWuP$RiSAXbV2a#BS zV+}lhZQ(*%R99WmwexFw#L1M+8oHooJg)3t`5eRQ%8r}$PzE2wUcHBuLAWKz#vECz z|3OZu2Gv_U3>m9?R!rAbZH1utUF(EvTSf&e{*qB-BK{fkws6riCofR-u#w>P2eXXC zHJfvvnWtZdiA2i`hs8(!52#CCWmMCRuS+0kMmqpOBW@#6Lzn$SpYJShlg*kYxl>H? zOSS>|yv~ZzwA=PKd8z$tXXk~pYX&8a=*JIw(U& z#ewNmlqF{rz#JVX-DT-gR=T3kJ4d#DhAs?pq4z)%jo zB^iWp$W#?r*o6886>7J6le>%bim_2H&~H~ry7f=Q{?Gi6@&Cmh1($Ir-HRpp5u_we znOv0WK8uiFzT%l|T11*()+kGw8oXg`w;?4p3;f*EK^Xl6X6>R|*U^;k`qr4#Ibm@k54o^bPRhAML8He(Dy|&rW zfRaS<5Fb-MwFy<~ZZ^1#*S|K0r%Ry7 zn3SJFNsy?b-`;FANf11~SmkK-%ZZ*ySPZn%ggN4#(brTTIp~Ltl$o>e7qLsqqPWJu zm1pvu&!1-$($|e z@cu7n1Ac-|Ha#Cb{9V^Nn-=OiD^(3(p&OIf0BcJLMG`pYehXUsHoop?zk%IAh?FFX zIUw;p2O%liiG?}SubVA^kP$P?;a#wQ#FYgXOowLH?~kM}qc`btYDmfck)qdr!PaXK zL2`EJ-qO+If5*gcI(O-=-u?wMT6_xY;=a%F7pT*42H&2 z8R8JGu*vG?V_iG-5x@2_?3^4Az7D+WmH7lU=XPMKjEa1Y`A9oRn`O-_#4$fkg0{mxjG7 z^%|Y!D<^$-dhDAZUrKg;Qn1cX4FG?X?M=%7*>=RacJ76yUkT^=3q``dV**Ahmi8C} z6PTy_+-Y_bz*8Sp0q|mA#1)xyxGF!(fI5CQo)_c~xzZgnK}sUrWEV!SzRDGC*J!?x zB=aTQieWsR`K7Qv`5tEa237aRAv}4Nywo3ZXMBkF0*RcEA9l2*rON386^1HIz7B8> z`AkJiF(ow@>;?oyeX8|({LT)2z9Jt^==HSA*21aCA_qbMhPK(XjAWeZ2-9g~7l(~rn( zDY8lc{;21`$fU(*Lzw@g_S0J+OMx;JsB_x+-Hg`U@?{9`Ode&_3MBd3m}7AWu@Pp_ zI9S&6SU6B=+A?EWV{LK9*s_35C_E!|d_(hDcveUxsZrfnd$DX(Yn7&s?{sj*hBu_S z$^N*uKPx&!bI)=Luqo-wkhRm=>V>g8geT4RLfv%43}?=4lG>I*=nN{Ngz5QgDql&ZzJ=yob}sHQ0Q_L7aLN(zZO|#55|F3FJJRLN3Iis zACe+4EG8$t0HHPFax&pG;FwZq?=<7XAq~$d9p2 z?qE5uCrgW0g5_~p@-Lv}t9YdB2&bV&q@-hE11QKwqn+pe2;NLE1eELl;r#r)p2!k> zrbubSBn>7z&Fn9ks7V7ubL+L}J+Lp%l!L`OKllk^3G5e9F1nbASC0nXlk-t8Qi|6G zzJ%TxX9{C{Es*#LC_{98gVKENrc|DEt(ANE2qS}g*F)-8KVf?_ql4h65#+)M(`6_M z?2yneU)>STU^UXTT2gyLO3EYJLH>&L)C#>2%9EEnduCEd|J5Cn4if~}kpV#~gHxPY z`u1M1YCSo@`iVq1y$@A?(dnwTdvazHYx{VgRsE($5GC9Yzjo|(j}C#83Rka<%7Cg6 zZUAai06=b9#5l?kW_a8|C#Cl& zMR8Qf^i{Pp zs;Quzp-niokG$bNV3(oQhUAtDT9H3cuKtr?MxCnPN$G%@xF7N7?GI)@gl0w(*peFO zU5%jXr)=EaY41981Q#j%S1_q6%Nn(2V{$o(^Ub@cXiEsT+bu4IyiUWDHrFmwF(~5z zWml`578Mf?Jlk_+hh8vwWH%mveQ|G;zf%{XiHj^MNrc=J3X6;I^Y9fm%?Ie$o=xgP zz=}jfw*vi3SBa<>kbc^Q&YrRg+5NJat`V*cB(S4eYnWTHt+Y_)dm%NHU$(iWLrQ=oOPl38 zj{Q5fpJRQv@A394f5^S0ZYMJcyjDzN3_21=f8T$SK3~@JA{`?#^DV` zaU8X?aE9*N*B;Il@_H=0?j|~Mpzp1+!;TtR;)#Gg`iHhqn7DM$-ePv(4Do-9X`93Y zhM}n00Tr96G5;`isAoxjI5o{O_)=!j?PIFU-tGl?&i+B1X!{HXq;5jwrpue7^sg3n z1tAJV40AoF^d`!43l;r?LjNxmL{W~zIgV~O*7Ys|VFbD6Sx@bSIsRap4k`Lgb-KFE z(H4m2*kdx6;g+c-XRr1g87t6(S9>T z=HL%aQKBQiAG``1F6+(q_J&dUW?(fXrVlX&h`xQ`-{!R`wnMLcAEf0k#9Qb*hC64G zo-}C*vE4tX#PIsbmJ(4~<4n=G2Cw`CjE8pmOl+pW~s|-dNr~AN^)8kYvRjeqOZ0#PsPV$ zO8ge?>Vo`v%&g-y1F`NN2ch^&mUQh4^jZgcU>N-SOBrngh6y-1LSO%p?_aKFFgvyQ zd70!tKnk#@0L)HdvCC-6iL2n`6C8hw1U+fno6V%1Z$sW zPS=a^j%Dzfl2yCVr=79&x=yIBm&8@jr#X?ef2srRf(h*&=LEK9I#3+eQ3vaEGUBO9 zY}TSNXe7mS zU_Y26{|68Z7G0xpG<;caL5%W_q7C<-@ty9Af2Ze2gPY8?N|?PyhP{RD zPKLy^Zo8xtT+@-FFyf}9mk!!Anz!JMN1Eqj_o}tQN!u)a-cy_3U&|2hGk$Shz z?{>v3)+4m86~#R>5q?cTi(c^_3n5IOA$Z^a<>#I#@fIa8PSmn0#RNyyF?di#KbSN3 zOUTnD!f##2I#FtFu`jV{l)i`bWdAU&+GA_D#%-t(t6*=1={4g&Ci-@H4}Y5XdUlN{ z0Ym|llu$)E_wVo((o7rkm7A=zT^M!rA_(ph7=b5OkHV){J{TS<`W=m>n@^$$10JpA zW(Cx(iXMa!Q07u4_zZtBGV;F|8A77`e`1u1h+vHJuECE4cNL~1!sl&q>m#Whx1X^n zekHm;2_cLcXD6cA6_?ccjssW@BpM9Bv5LKbb(DZLV94XtHvhjZINktoI2Rp=njo%| zAUS;WU6G7$GI`tT6Pon`Hl27cC*3DMoQ1*+L8<@GBfFHUoP>}2;JIL%)XEYY8H z38;nW#jLo2aAs9 z4YYxa@)HI3(@@Eb@ZXE2`YrpHl|zgR^8icOClKcI`~~AeNn*il`ynED_=WNYP5*s) zmIB899Ys@Ma0ee!Qm`-djmy)26#&MhL*&6#EDd}9qe)k4U~u~n3-Dk3(~VG2;+SEo zF(HVW+v6~T@yQ?Cj*SGNB{6b$JZnQ5^DfcR3&x>4*CScBlT3;n8S#N!i7dh;m1Ag$ zmho@HS(U&IM8mee6aO~`2mrN?!7H#s0(LhfRu-VgV!sy7(%PrbexMw3Q>-&~&R+|WBwkj6n7qMJ8Q_0=AE7L)|FjP|V9VN+wP3v1Jaq-}! z9OjhZ=R3UI6U)SsiMWH@H^mY@R8lS-i(DSVCObVAOPL=9CS7?b+b_wfG8P&dCFM+7 z?SJL%W;bZ$az25D(&7sX&C1HE6V?Shq`-=ClG#z?a_OArZ73sSxYBZQ8RegryASNk z=vX+8>8@cTQ{jnbGFQ1hDn-9oq{wBn$=18N4(!|wmthT=k*?U-+M}AwuxU%)Cr>Un zKj=nQX6fPc_~-wk#Xp%owMnt59NBt(F09XATPj#+T4Q3GSt@*fXdn{u>?w6*lAfeW z4-wK2P2(V+p4A%1}4fOo4N za~Y!u!!uZN?`g&Lsud{|$2co7y7R!jJ(|CL14J*+yD|RZ7$hh6@(%tIjVI;&?OiOj zY|}32gmrql8Mj1fpNGS0WrNYRh3}eU zwt-~3Q`S#Z685M;#T>DVtqc!?;GCPwulkp*gE6^M;%vE-P1dhA^}I(@_vz%~VajG| z*hjZ{E!`wVu9gaLyBVnphWfA_t@|DNkvY|^6$15L*%Rv?{LKWI_!5yRRciN%^$FWu z*-|lRI)Ul0sBec5><<*@&$WF6Sl>WU?GeG^N~@D`kwF0*;>5Qwzw_E(-mnUw3v-vg3M$! z3}gpjVbwG=W~S{!S*Zt7u^3|^vUZ(wdEGxluFD0E?k0U*K?$5uGL)oA)E4T;f!y6U zJ=fLMwK}Y|>lrmW{rQEsFOH6zJTH=ytcMlOW`ArDZ8B4`nDu&I%5hBru z5&A$wNvE7qg;#tYXZE5UgWpP;l9_CllY>B(HM8DEr|_>Wca-@Qbss}j>7Ht>*KKZ^ zmGvzXi{(nLTQp>@eox&ag|2GxHXz#DVEoQ(908i$y$o0xqAPj)VC3Smk#lQo3@ng0 zh^=W3tQQdKXl2&wj!-SBz@@1SD@aaFq4TU*UW!Phqcp80pq=8_7_)1#aPy0ZfLf>D zJmWf;(7E|K0lOlH07PlPzwUl}B2aQc#kO5>VgFc_hmr7&?u}K2x0z7kdjtDS32zeEN|}S>mY$X z1a%({sLA*ijGukL%>{t9TZ*G?h1CGH-Et+1vtj_eyR@}Bb4rrqD(3dyxM?HS-wV+v zYwq)p#xxWZA58V2SUr@zl3_FSUHgWPdUCRnnA_O>@${RHy*=Y{PIt>1osN(Kf6ky; z4fD^<&%1Nx#kAkS?ah1a&mlI~%l&FYg5O+gvhG}=^)W*;|CMRCE_tDhydTLV>x{@x;8k6)7?QyQe`31l^Tlt$?fp6 z?Y4pYaS2Q`mEYExuM_BPq#EZeR5$OOpaSQ-^1^r)2X2;K%SZsXRy_By{e@;3!agK` zHyyyzq(Rj$7t~?i>Pje(o-3$QLUC~|nfUvKE-v86M;=}$5(FiqJMLL8=bbR@a6%DZ zXNN42)5ERR2h1#USi2w5x@49h^)&;I@NEvQ;sQnhe~yODe)L^naYMgxZgWgjI+4{j zYC=v8I2OYn%aom^Hfhz;kp;4AS*Q$>Bf-Q#y+YB6LuBTgnqaQzi@uOek+@8fB%!1% zsoD^esn|ZJ8oJmJ^m-p`|Ga#6v|=SkSgn zv+@Aq2d}C_B&|Z)GmOgUyBk7Fo-FzT$$nU%l+Mg>Sic_MucP@)|4ByhU~xfq;M?`T z`l0^S>B8aD@Ra%)D^(M>_E8TgoA}Iy?qu}DQALSaeZ@(0L`I%{H>r&vMEzd=P9(eLHmtqtpBdUWvuyLw5V57U9jEj3s9S~O}yY3gZ!mP>H9*_k*}ZruUB{T z1zpq6rHlE2L`6rXaBypqW-6^nQ11Ss%U9pCvDS=MxhEQGa*^m_-ur*s9-B?jFt>H@S=Ujqsq8S^e*Ch5Ns zO{wI*;vjY3e42+aYa%eAcVC@wLTsr&ve&tZSL1tU`myXL@O`1VNZ^C5D$xCga?V5! ziq8L`TzUoFSL`AC8Z%qa&uVE0 zW}ZVhWV@;263??s&oSZ}i~g4i&FgqkYYs&9BY7)C4o9C3^6pr#w^nOrQ9>F{AXV@# ztwH{;e3Lmjx;_ANM}7|j?eyTV8Sp7beNrA(@Y)M*>-y^91^Te36)rn^u}>u=mUN|i zh)Hc6Um%7Z4pkkLkgvGSXN#N ze7*EMn-u&ti4)lAh08+cG|oc$kx4%ytB!l#!6RpK_Od?cy8e8lQG73UoB&NxGYt2` z8ZFqA`|g&JQ)?K`$U&{|)}FxJs2ijc5pToJ@kbAWbiHf$r%MYGE283|ztgS~+jfEA8RA%t43~mCnRCW1)X(0t>N-q1dav%!_WQ>> zFD-}-!X!t4O&M5%#B1p4+fmYZIKj0z>wk0qw({z7>*MHgB=gyfYC^Z6K^0AA^5;0q zjEgfm({TG|Wlyg$z5qo^MfQ@BaDcxSrOTtueP8}J!BKG%b8ZFE={3eh+kmOonyCve zAdx@%5y794qz%5I=7rogWpw4f+Ex0(JP4yd*HXK7)PAnftLNO*Ok`sXmh=`wxFbr- zDWSuJKcilSzvEQVn0l>7-fGM!zm~!ef89qf{AuWqc_yzr`MeYzp~mr;irsu2*~zzd z5rfDHu!h2Z&frVgCmjD;+d5s8!+*-5<5)P~Zf!~pfoz7?b z;O}Ac=SZGUtEJFHmg>Xk-vJ$W#fqPL4iIO&p^}hOE6E~@GVU6EcAO6%l8$~VV^FAg z{kh8UxGSCuyzW{TNIIZ~{v0}(#gW))#-$2GeI;4fnm8m*;}OGgW|~TdM`) z!Xe;+cy5Cq{`%1mlFnArH<=)8qsnY%F{k7(yEzfGqG9$sTV3&ui)$zf)@n^&Ijnmp zxxb1ZT7A+dlOk4l0g|qh|Myrn0sEDHvNP7edB?;U<%>@<06Hln<2_oTD08b77xuv} z2)_D`){%#->geY*{nyk1zbzKHq~?tLqmz^mGdupNp&O^JC^T&gc%lJzrFrk#ozTld zkV$YiX9J~bPj2Ex5Tn9+AGbx9;jea;lmXa>$x!~tbdN!np9E=^GdC$9;KMwIHZLU6 z&L#Z^-%!W0M_Q@-q8iL!b!t9a{?16wmdC&R(0|YF!g+pPI$k9-u2wM0))(~9|9J%k zy&o>@xX&QFU(tPg87^aC#Ch{SPK4nAUJb}Vv$)aMty}DTKVB1&| zm>}Lw_ytrFT2#?4#U{}G`H5!H+M}Va84s(}cbXt@#8LIEg;e#WP2$qOBWtmhs~>Pn z2`MyNU7|tx1FTtj*mydDTpJ{yJ~PN|PNEmoW1`k44QcR|;22)#S`!Z{!FO48-H>OvB_ z#F$iT(e%{LWkE3?`$)qjxfj=!hXKl%Qt{mK(JxN8uSmb1QpgQkviUtpbeqoPfK*pv z?RsN{RHsqqyDbTygaL^%Be9e+S{QFZq&Ezj(F6^9V!ymlQzLJ@DwV%t0ul4Jx zffFfkb^*~83L-n~Ng#ZsKYCo|Yf^Qqj^x=@32Tk&sn@JeY2tP5=T6{nv#2u~z{f7? z4r|Tx3B~LLK7ZJ*YU~UAlefZd0(c(omHvs|5xuvn7nZ~EqMZ(8& zXAZ7nOQPaCKErQZlH%T>vk7;b5Rd8t`1~ti|H}fw9F# z)2)jBLhKAak1pK{1I?WiYcv_h+uws*6K-3)7I#+B5s~UW!LIAoEq634ksWz41C=dO zQ=dFFTnuEG!faXBg3VAgHG*>VT-UIM8kbgW&qrfQ9jorC;LWu>d70Ybdf+#VW9Sth zx<=m}4Z7i2Oqj#ukbtMFYcQkJevnDG+8#=NlfgEnND36_R0m}Z0}90{wNyw9Z^K0> zzIv+1NIzEJw9CPF7~q=W2n{7zhlzF?@q26H=qS_mfLt zL)aHL2pOR#rMjmHE)qEEmUKw&>MRT7 zsGyfp8&nd}-c@ee*C)jSiC=x#yQweGMhD2z>J7y7?t|N{N2~iVPjE(uY!CpjbsKsz zMk8?jW;yv(hM1FW2+e9f3tVky!@m&<uAUDwFTm!9ew9rS|3*5u5McXaIDcd{)XDK%O82`);uu3+umxGr%?Z1 zWNRt5@^-zN6f$Xjl#);aQh5`JZnHTsA<`&I@}aCi6EZe{yrYp94B;{8p%Y|CU?~}e zh|&i)=cMfy72+&8`=@Okw-Je*pDIr$x<0IS5pl1stws6z>I#$#Is&Ng_`_sQtAFfL zl@#|@xS$bBps5U9svTTWmlT%&=+|S)?sFlwAI$PXauV>qcf%gp@=Xa${biNYLE<&8 zcNig*xES!zwJLMdVd!CB$Ftdx?mDbG?_dD^BA(P~)C%}`kh-VjDtST1Y}O}H8$%)p zNM&xqDLX>D;hS15W!teraFGP7f=?HD6jgY+>t%wSR-Z)Hirq-d)*Ld}0<(Uwf%jZO z8{&3bNy6L`|DOjt4{ckdoLbzr!(DK z(+}w7g#Ikr@v#ZU)Vi{z>7%I*MTf8G%39Kk`LXMeqrX=;%ph-U=QEY?_6f^7SCrBF ze!Acd^gz!p>p+%{YLEaX#}yOv_CsU=+F_S&XcDo@*8#*~nu?D?9W2NYB)Luk&8We` z!C6^`#Y;@2!5&sZ^U*Ce_E~g9h1#meE}p)^qF1(CSIaYn5ay+OY9(>^pFE=pWVs;# zU7s}os~Pm&L6ZA=fZV1H_}jqHXnfKF&#a;46$o>Rz{AYao;PfX3&=yed;gm`4OpO^ z=Q%@K0e9^0a(ouZD3an~)$U_=p=U1O=c!z%8v%IW9pmP5>ZUdChn&P113wWsAR}Cy z58Uq=Or_91(?4826Jd-+U!fk=m%mW#^;}>&yp@&vmc#vVgG&Mt?Z}L?`VMd21jsku z&~)JNRc0eEyx;+y!^Hi^L?G52#F!@odMe@}_e|p>zS_#?L1oyfiuE0`MID3^6mtK` z2Y-24RPF)xtftS>(wL{;1tS03gYDk98f{ZaZ|H?kPVSdo9FT;h(XuO zT7moyv6NoZetcmTy*4QF#bLx{5|>e6N@OT&cvr|;_BuYaeokT)!jT*Iq*uC-3#Z^v zi;CMSddSVV=%;Z72H=O%757C)M~EW0u~rj1kG%8q6?XEFfCb+kOI;2@KMfBC%CI@z zTF|n9BjcY6YN$_+Foo_-Wk2_UWS_Mpg}EIesly^&MLg_RVWjkr=9BnqUK6%<4jtOa*{8b3Lx-Z4=euCOR48J{>$ z$A}H2r|HP>TppoCy4lZgZT#rtGx2DKp$Ux7fshe?&4P`LPw6lJbK%VnnUsT#6mtgl z^epr*t8u)>%0TGr8~AA5?>ViULlkj25U5Xi#(&t%F8P_F`qP?Koyj}aq{%k{B_+{J z+{*cOO_SbX-6S<{I|ux*Kh3<{YxXyPa=LJpx-=o|0BH1a4@gZ6el#m9d2J*oT zLLl(j2_ijmaQzG`QQq60$8J9|#n$oo0y)YW62lQS7iC-ua`{G~_#T6Y`{jOo{cSjGYrgGdFpXS87!}NpMLqC2$wx@&FRmR!J)n`L(Pu z_Pqe3$(M%=#OH~^4=v*u<6N}YiC{kk_u^anvFyX8nb2_NKP&(d2QO8UL6mgS6vU-E zuNqST0!G~PGjDkm2k-?=5VvMXIKvv^HltjS;8^0F_&FbPwCd7xxAuAp+J!%~s2el8 z_-Wx3sE_^hhe&L6Ln7@l0Fr^UhDlQ*;*GRJBr$Imy`wagIgp*VOVbQHA3#PA-gnpu zLBf=-gTEtoBuhIQ)Np(^N#775G<7lV`n_(RW)oDm)W7R_pd#>1NH8~h-$=%?LNkMu zwUvvJ{8+I!1;cJHziq~;GgtqDbuCv)_g!q7D1QcaXo0L+9sf zdXH%p^)7q2G`swq5@hh^3r-=2p%r{PmwNW&l&sCPvBVO|2L$TBGR60Kpjj8R8Ar!l zz~2wh>?2HI$mA#V$*|gTiZ69)!%#2agUPC35+JN01c6N(cQUt_)s#0{Y>Q$t!qaMl zBp_*;)^A1yo>%0iX-T=N^~Qz5^)8S=m_2NCOa^k_Mg473X_sl&x5hFKs|ph+V=Jrs z6VC3SBcG^xijU;c^~{@y(~OQ9n5OK8)7wNqfQ`Llf}T|!BoxCJKn0D6hUlSwC^{xF z+DhLl?+8JC&`Ja!?z#1XU;gRhRMfUnJ9((F*_OlgH^#Oav|eL-ex=-A$ezzMd7$fE z(=DfP7ihTyHtE#usEVYrz2t;~hWld~>lY(oSv3V+X2zs=zRzCz_3*BU4MvguZlj=l zz5c_Q@5ueFS1k`1-PrsvQzl>!o50_&n90s|htA)~7$7qu2Wr%FH)^kALE`(PT3Tv} zLE(4GfGR$UdRa&g$fTeq0`J8Q5QNO#lkI3n894J+F^>ck60<-IRtddSt+!YU+{mzJ zab6aKVCiLfiKM`sv5zE>pT9PM1nSLU8k{aQ(E^r{6zhHr*wTG?q!*7ft+yB?#q90G zFo;4`%e4F5t?BFm-|PT0+14prRYXrDkVz^$U8}WnxD-PNAO}Z z+C>+LG5%dj8CdUpSTzjoRWWPU+!E4? zLPr>{%keV9@NlhqiQS1$cGJP10tuD~b++;u$VaF1?~{R8Sw^_%%HHPQ*mRD6xPxzMmyLg2HC{lyhmbz<2~5nnDAF^ON(Cq_{!qgwow%HaA-$=%Yd1Y_eZ z&srPJ}%*)tTMRF$2?f;xgm%GEm9eP_}su^G&PA7|LV=8qTT{7!NeQ zPG*mikBi4`Bs1t=cQ{M=np1aZLpo(DIfGi62nA{Q1iSIj=k&}ZGm%MXYar1UV_{0s zCD=X^23q2{1n2O1iRpLiNImfHirE3G)h%}f!?Qp^kTgEhKG1Z_!QAwG14ZL{9hMwq z-OaX%gd-42#Bf$)EQADv$H~nX5_(~vD8-Wy@IhLLgYPqlP{`BIr;V9c&L8E6#K6E% z1uis7Tt$3e48!Wrx0sK?tpw4n+pN0n#EY<-!{9HLe0yp;jJ0LMn>w1{8cIIu)Q?=( zcMU2wRD`6CjqO~1^kMn9$mA1uA0_U$^y_|L*DOWn%Xp`ahg}! zxugNwhdoUTP7v={=B;cm>O?@p-Hi~wVY>C&ThpYg+zgKKjh@(-E7y4lf(CYodua~l zV?u7e==Le0@{fgXJuGV zQK0W4C7;YD^6di~qTUfZ=)?Mu|6CvIfg04gu35|&bz~4%aho0@XZ_EFJC#9iqZ_MT;2$g5EZoYu_=JKhg#-}CvZX%;b+ zGT1IP<4pfZdqO&V{pONEa{;mP3S7616S>~UlN91hdWQA1?h1ZMd$(oz+_(Bzc0QlR z8KR~6+dV|xc90xIh_U@zbBA$p4nZ9j?Q`61YDna&^rt?6`4c`_!#D0`@xcu;v&_7r z6w4VeeJ8Yu3v$~10tDFrq@LT^-yPH9o;=Oufitr>G^^mtRnH>QjR5fGHn30#Y-$*= zpCSMGA;ZAABv8tS;uL4A7CakiA&V3eEKTX7=2xf}maqs{Q>mYTd}1{OTiZO_%LI>7@HH3oE{lTN>D zbL=Q0lvU@4n~D_G)-#oloeoIxvK%zq&1a6VZy~~xn!2wQi**n}%Cweyj#sZ@_#5O6 zu14u)sJj|!<}K3fj#KprRrgj&g5<>~rWI72$g|45994FIN%BvYof)CaiZ0z}(j{E; zcuIHW{n*l?5mXrbcCYrpokVcn=d(>Rd$`uK1Z;K=6o>ucRueOg4nZ2Q~W9 z59aBPA79xn{94L;RzrNBR#^&xB#A9i&9iymZ+ZRY8A{0o$BOxzsVF&tG+z9E)+*DuQ;6z9_t@OL-3 z^LRkf39aj!x6_d!J?KC}CUt43tziAz9QiwAyz>H^180zohQDjHP}Eo==aoXE$LBpc zmFR<=nPOkm7Grpy#ZqY)O}ipZxV5p{PsZlHQSi7Gkfa*I9<`YQ~-ysqg~@uKbmHZx|RLuZBDLRlB`r6YEa z8HXM$i;0LsuB#0AIE+?eA=OOux>I}bDa5FhQuJhN1fCBsK(TT02=1_@gE{N~SQWI_jo3RWwxmKjHJc0GJe$H@7C`18p zic(FE^No9hdOy~Za(@Y$lXa>P1NWTA5yLWF!+8jy7pFobe^oR@HSu|Zl}Y1Zl)T;2 zM-=|XhQ+}s(UX##wakAk7vPXe6%+_+6x75r1lt5<|J?_4fe?AmNni-x$PePqg7P55 zXB{E1H}up2+$=Mcm!)7JX>d)3MIy*Z1pr~rI#C=Y@gF6U8R1|6@M~2)1_VHM1fP?U zL3u6m6?6@GuH;l6w73ATff8yXh0AdI7`w~jT`@jT284`ba>6Tk3G2~BLIB<*C(Oiv zXKpw+n)uJpZ+LLy??gMugp#h+n+Pc4Vz1dk@)wnFg2FmU${=KFijYQ$-NMiJS=}a! z9*HM$e)wh(F<(@H1Ctu`%ZlLk`4$C2$QaVopZ$BWe=G4*0{4QnA9+UH)|EumVKP%W z$_iJ4_yx@+K*L)Ij9VGV;v@+S0_mo^<79urJ@UP;sRifr-3k$uK#Y=%PzywY+lh{i z0XTxjEJFNe75=~1WMB=rL#GwrTsjJ%pyUqjX*#4h> z{#UPK!2@_?DhluE3PlJ10Cl)?39EFc4B*rIYqphv;A&-Q;QxC+z%d%%W%nPeEl|cC zA2)cInb7E9Pm58?bFM6Z40*dW@#N1QBBxN4+e;*fu_^a_hbklY_Wr~!U4_N=uSQp= zfLmCTGUGz>-}^uaTVC>#B4(?g)SqrCL8}Z@M4ChGPR%HArL)+0)nD-%&jMJUYCQQQ z23`tB5cR`v5PX#AyZ!Pc>gR0&#V?7){ymQy_xC0p``)43GeLGtqRMD~f|`_%emlKfln&4YE`j7M&$zv-^JF&7 zfQrR8hS&&zzi8fOp>!&EJO0lt_}~8uGExT5uiEj#DDnTWl7D~Z@BjbrFRq#w_%g@T z3=d?SG5?=5@NeZU1V|lEQzG|=oaALk=~Y5}6vAwIwC!VE|9xiu$5;l^u?Aw7(lK02 zTY=}N6!Wt7|Fnk~ux+XUh@wjL|3zaCdH&jZ=8cQV|KdT6|BJP^4$7-(7JYdjNN@rK z2~O|?cYSaR4#6R~1$T$w?!g}1J-EBOdvJFW-0$Msci*$$_f(x*x9a{yQLxs`>Y47D z>Hc*On8xDYVm!x$P3fL4Vtyd45{)3^d8VgCyc7X>8i4RVQPG?pGtgjpJDbqt<}d__ zDg305R}{MB;|e(b(1VCozjWXs&C*cufgX z(4paBblR+~6d{)7I2^t7sTG>*>qv6K%cEZBcr|^gMbVM}RBU8JSgC$KnGF?pYT7eh z7CCEnZ8Z;_A+1cj?utKX{_HQ3RmXC*Y;_%qzWS%GdAd5{du8)$_g5YCyGNZ`svy;U;R5)q@<**o?}AH_}!+%_h>vPEFUf20Vcn1NtRFZL+1d*HlE8+Es_3ssm|B@GaF&Xkpnk=EE^>D+|#U!&-bKb zl~7q*#g?tE{%3b%F|89?2`+yR^sv6AE1!~Q4F+d^afAh z_Xc|^J{(wRl~;a^W$#nAaYsvw^xojojL4smK^M+JO7TKNMtrkfNH2i4!zFPe4PeN2 zgG!}Bk@jc)bU&4I2v5I_Gf_m!G}hi*3w|??FPqF1H4+n}tgf*8Ufwv000kkW?p&x7L*CdZs^^Md$oDAaP)fg$ zPk)A!mWC!bP8sAOI!*xA_UA7>!P-Vzd;e{lp0&4GuT5;!e9+;+JDu$iLpfvgaHzQ@g3?2{D(yhAR~gW z6Z673gZ^u$S1!+Y0c9!Xw(akcbY54$v)@AlA|P)SK)><^4ZjlEMzWh7e(ESjpZYeq zu19Xl$jeY?sUiH?C;2;#8QwW9HH2KB{+>!DeKX1g6j8PCbErofU&MmaPowvDvRawwHE^AX{w_6+D^goq$QbIW zGn1zovQ&e6T)r*nuR6;uy;H$RL}qsD`!~U_x)otJXTCH7!24S%D$(k z@R<2yxqVIC+>TvO&Wpb=xLlGG1)J+Fdv3&3~^`3e&VZkkaSdeAv6$}NB-z-9-M>wIB48qpMqhd z$U;YwSH@TTnb_Mqw=s4peWB;a>wdG7IgS}sfy4%DAE1$?(jiQkG>Gzkd}|B1V(O`- z=Sj`TIk;M%)to*P?wxDH+c?(l$Vv|9R$}H)tZHi(HcfdV;0r+Tgd%*5RzXsz7RH?F zs;VVI%`l^V(5U$6RpVK%k$pP31Wm)MQQs+*{1IQQ%*}IQrGaD5P6$0wJklSoAg{eW zo$Hq5!064TloZr6B@@pDC6ntPM&_P21LxqnHYlmNh*p<^k)#q{MlK3pV}k5~3!87_ z?78%~SuF->AR`3cY-5s|W|EuOzl_FFlHzDma5tk+7?J%b!~r&5;3LA+dDLyQxJp0) z@_Y&&I%kqEidsrV@~mx)Amv8Sn-=@LbwD2w3M-qBzFR{XX$ieEB0oWKkJJ3~mkmv0 zyDK%`@-g=yK0bE$ufsc9A}s0rVG_WdJu7@l##hWJ{=W6#Yw%&GZvH^mi^5`3hN847 za^7hxY~jIBzGCGOd6DUTNxZ|k6*Ieo>|!FRiV!s)DRxQn6|cH|FSSI9xIR-;pF-&x!R`jFa7qf_2;Td1kJ5z03d8>oq|Wn zQplkqQGRGZymLz6QF2dOY}nOy!K|83iM&2po!ekr(goDX)wOhz$+pH_{Da|KxGz>v z{h42VQFS9syf8*SpUb`t_gjYMs!gHo9D=gHag`jjK_1P_t3ekUR(?Tc?b|db5s_`2 zVw$R{^KENITyTLY?CB)CKk`bVFIej1sLoiSf`*2eYxD0q@yZ-Q@r&eK@MZ+N?np+c zL}J3#;ttU9wtpm9G0xMwxfsZBEZ*_vi0_6M>a~xhj)*jcwxVLziMJ)@9a(XUKCVxA$WKrp0pi8oD;_lnZ+j@ygIj{{g~;A zXteXk@_#%^4^*d#$4FFnHu{cdaDh<9qPfTvMfHE#YT(J*=j=3;mz0TmnapDlv=JxQ zxYS|+?laUU#Dfor)Kv}ksP<(UDvM~*MiZ6*=A9egTHiT6CFRCLM*LgNlUIlO%Pk7U z$qRFU>e-E312*}3ntD^<7ZsjarZOmr+3wSv!Z3ynk6NAjEpzc^Qs1FIen}emw%-L# zk2~uCDoL3O-_VaPYVWw=fN<2GP$^&(IR-w`z&{8up1)`%==YvQU#a6i*Dr=^7af;p zX`R)Qd(doc54ysVUoDBsF592)B!YD7&V||w0Ehdd5sCKKUF$sJEo|nDP`$I|8u;qA zbF}W;AT77|>BklXZXCH}-wAVBi1*(GQeBG;NB85E!H&^XM*Toz0_gr;Nklt_E|yJ? zf)&GCTZD^m{?Gh)ILs7t(xA8lX@0r5p+a?}mq z)~aj|61n7XZ7c+8AX-E`(tqPZMeV9W-!k9pfg0E z!nf^u6vwBE_DH7+xlzfHqUITz;w-2>uk7J$VX9IthRqx~K=mZcA9L--9Jh=#OPO=a zF_h=d1wQlg5X|6QEc3)Uo3{!Db`44tzrC^Yg`;L;doll#$)GVzQ_SZ7DHt;OynO=q z82ymIlzv*>7)5OWzH6L7xc^xjd&x;jAtG0OsaFG?@sigVxoU2E;^<^- zit(~8!2qtB85ZKDejrIFpal-ut%{jI92aLt-W363GcSPkj|8q(nt*#YQs(yWC>4Z~ zT}a@Q5%RZ%9ADCKjy}>+zd%EpGk)1EyW@%H$f4g$-QjupQUSd7rk_EH_SjuoQ^_w!XCG!#rhtYHA-qte%6`MX^{nDUy84YFgO3Ii^2#2> z1uaw$ECNOCBgt^YH)p5EwdS=;Se%9zZ>UX1w|O# z53aUP+j_pYaoOyx!$ATjz+NVyfDzo^5OyV+76TSIv`!-op&+#5Q{}~Z-I{nW;EVt^ zc^&?93}likiHFYKbL0Wb;jAG@+%+;834I#Rih@Ms8Iwk&K7Zu25b_UrKJoYdHoXui z=CWJdHM+FVKwj6)Qamb}lx$F?>7pYonSUz@oTH!52vfi6QCPoR!%=OX=WG#bwbI~RdD$M9^}tTr~E zbjQJx!d`UYER;m*KNItX4u3NStfbBs7ux-Vyrr&y_i&#s*|6k+<*J^msZo z8LG}5L%Cic!}4yxc-gBY+VSNbzr2I8qi6(Dc=XC*a;RbTE>hS%r>|7>{)!_wK} zAGg*OV#SaV`)?MYrPiJ)(_=<^f8Xnyj}{WA^JBv&xGqDhF+ho;^=E^BohP$P9y zWfKN5t0Ir__D!|P&;FKs8p~BSW5`TXGFiqNCf2#*nNid+QYM39R6|d&XeeSrMud{MLa_tJp}tv9lQvyVP^d? zpmvx^dz*Rum1vO~&{S2huNQ1Q!D{a+Os^<4g8imx!G>+HGe*lNTrKVt0e=@3P6M=G zqeo58xQAAeoC4%~X5nIaXO~2=gG!V+%M95yDyZt#ddID_F@>6tC`e>{fYUJf4inPGP^r`@zBgFxz0Vn zqxN9oq)V-{7O5<`KL3knkJHIA{UiFc?y<_Fd~z#aUQ3AVu#V3k`0b9^&N2=iyme=Vme|mwo^?{; zD!#^->I0aRd8czc)xWe0a1aTQnIOH z2&22S>iUdK?i%iM^WvM%zPgCC3C6g37Zm=O=f3_-e5Vc7kc{PiFIl4st_$9P`e7-0 zVz+me+0(82%BRB6oB6~($TOOt^k#S<@97j=?``t;#_48q0coR*q5R(Aj z9{guVskJ&}pPKXrU6i*-+^+IVT~mcF_jFicWZ?WN6h!8q3+E}ry*Ci}ApvPA z%2qHOgzour91Ho=X65cPjQka0RZsya-z#GTK{bl+=7S?AjMOvl^#}tEa(dpJDHbLE z6Q&fu0|T#&bBWFMX3-0Y-%jC=pAg+D0@8yR*b3TT2j3%os@Sh6i-($YJ0*n;tm-WT zR8HmhB-gx9zS$?6&&59D`Jb;z9q?3~If3pG<-O2+j_AQk%Mu{k|(BOlWi zPPo0X^BJ-@fARDwg9OEab~t{$==t}(5dLZh89WK>oAk6kE&n%>+W3@#r++}Q13 z+NA|Kv+|!52)G*z_&T4(K<8lG^dWs3ZSw;0QP#VhZ$~J2iZA3DF>M~Y*x3Y{+SA=T zaqe|fR1N(EN8Q~$%4)Q$RZPvGA}RxE{isZek}BhBZ8oRyac{sklHf~v(EbD86ibl& z*h0uqYH3yWNzjk_d~D(kk8qWQ9c>bfy}eXc%da?5h}O$D^-nJ8CJbuDh})cQ1Ex<7 zu+%JYMw2%Feb!nJIt3dx1Ir6Nq^3NqBu8e(hKo4qW6_HN;9gaDsvVXFZtb*)+l{d zTwq8Ulza^WS3^U@CsQ8;i&BpoMtSVsoNk>dDm#?A`PSMWxm`^ORe${L-M97Jy#~65 za@U)TBjY+21WKu2(Z;t9i0ah`y4`|Edqa$YXko=Tuq^;`lPR|@&S^c=Br_|<^R{7} zLBo z02O1wW~Dqx3QP-CB@xPQYb5|&{TX*VJ{WhIU84XU|MQDm0l zyP*k9_ACC~c;H6;On75~g-rX#<*{*@;+y0Pmd|P;HFkO$cL$?Y0TXCTWP@ZBck1Wf zV=!|aeJ8&RqCEbQtTUo3L;B@AhXn+vJ5}@WG(n>+uaGAkC4@|LO}0!u&!LF;y1i-b z`zbhT%=kpJyZsE%F|ItMQ@Cm1>|BGRPm_4jb=@lpc4ce`2Hd&oOnv_H`!9LJHnLej(Rlk_)YpmQF@9P_k(-{M z5N9X6zm@A)Gl7!-6ODq4FRCk~tFdmzjrw#;3bki>%i*5t1Smmsf;f99;8ewy2fQ>C z!pPT<((>Zt!sBCJ_A$+YJEVGR4H+l*<%l#8c96KG-(Eno5REE0hhC+POS*s|N~kRqmQO zCUkdSBV*<1(5tIxx3D?Ym5C$;4rap}E$Wu(&88FyoT3Wh1bpeYz0=pD<*lvdtETQ= z`2Y}Vl}49luMsQ!;Oxo^a7$6|V0%#kAQS}wC@Fheir-F@9z6JP_6E}ONVrUx`8_;Y ziUKpk`o^@BMDvz}Hsy*^s73&Z(^)FuJ&v4v@>E@!10L<^TY2_A*@CG*?O!Jt-sso{ zRIlYF*^hU?TzGc81Kju3iQD?-OqHVeI-yKfaKIw;8CTm(%WeG7W$A!P-B+v2GIwky8n`i@}?|N39rYJ;!>a zX(1y7?J)ZPc)?%&`95;YY%OCNR+O~m&P%ze&4MyJUUX;KAs^`J z7cF^lqc<=dQoNIZsxo}m@3q1C5?9DP=JQw2h2E=aWh-HM7V5BnW0tok?3w3U6egYr zotYmy>rZ`-cK@%-L{QruhfB4eQ_MtU_n1HrlQ&GM$Gcy40zQYT6XPE*FWxc~XCY-G zhgM+Y`BS6IBWgK<@j`z`Orz5eNnSL*`*q=-O6&5`j$X{ul$y7!K?2^+kz{1XlvVLM zm`OR1ww-ESaB=NtQas`Wr%C_;&aSqIPCNG$D3&RAgN%R2he0bL^+gAb0fC2Tjw~me z8j}luaaayX$?1x*TL*jEV9@DkdzL&W!C9c@j6OSsQtzpdQRmZkN~P>x>kFh-2sW6nEtF4(E!)Z+6S6~A@Kw%=wU4helgyE-<)1()E-GrnfBTpw3(M=-r1in_m^&@s7^rhG)59SH-G6Q3>g zWGV&OXaUH_#+E2lAq|g!nArBBAsA2n7OrdMWy=Oap4k!rgz4Z(j{yFIZwq)&*}{quf@1$jZphS zg}BoKKi+c&C9hEl_k65unO>c!ao)3!KwS-W>jeY8Ll07}-}9X5@zKrtTjcPc?1E3G zsACtnEhxktu87Nexp3UgP*S-Z>n*WzFo?{VkF-K#?NCwTqXeLxZw&Wm3pgn9r#rQ1 z4K8iHV(pe_i@Q%cU%BU|oV4I0zea@>gLLAM@L=ckw*%rz{Pmh2g)34u%uM2Vkr8Qm@gwF1a#)3gD z)fLT*Mp|hi>ohjLm?NvRljdr*xI6|&qNxiUM|5;_g!aZEK!=rJccM<@@bwMV>*;uXo4@>&duwh1DL zC)gbA(_0zcph4)S7mP`BQ3($!Gd*k{(E6(&-X^B$0@uQ^<^&b5n;Y2EODmUStfGF? zxn-AyID4HR_|@_-0ztDK{=vIgX@mHNbX7nMBMtVy*vQ~il(UJoLf&Y|f1#1v@^+dc z?0Lrz+1!a7me_Ll){PoS-r9jTc?x~pFz>%4vK&+L3W2sT^au0JLGtb1i5^Cn-d zelHU|MPel24?`uX39PHlc##CpTu_JS>?Awr;6Q{gFkBq$6d+VWTl?(($<7&`Rb{Y1 zB1bvnB0X@ZZu`1k3?rqB2L9hzw;zI_3J?V?nB_c7WXDXd4_5tHZ!oP`?t_6cUqU>?SG*HY*B(HC?!c#$Kc;FX?Dsj1WQbm1Kt8Sgsu1=24EZLfBn`FYh9~ z3$`FjsH1&`wV!EUG7RZGka}$tXYWQ$6T9mdc|lTR$?B{-#IyxQBY4}LB7(8T)8D|_ z|4l~3yH6~K_XmDTp4X=fZEYT=YLcI3rkDP zdjx1L?50w~U7(Ca@n}XKPG!LSetb_t zBwikG8FZstHwK11Kiy%pQ5Cf_CjAJZbIyR@jsUzo-@L~#2d|NZHljMGqr+y-r?#K% z^-@kFZ3((@n8XbxSIPeihb+e)y!(uJ8E=513$xIKXwdXQ)PeJI2{UuMqzs_n$~Qe> z<`zsQ+aH)1kewSP#{80k1h!Is!O0>np_rGPA$ngZbz*g+~$k`GXKQZi=JLQ76j@o`az? zD^0vnI&O3T4D!S_28XAmt--AxPPib8|p^AG5Eptn1_Kosz!X*%RB)`WiDslMj(Y} zeEF|8zxW{hS=RYsE77vzYEiXnN%5YUyTD#==|jH67$RIa)IcJ}^^TJL!uiGd_VQ7e zz3OrpXh(IUwcxVLZ3mix3hL+D8&2Li9W9Av=Qq2L(oojqP`{6%LKAmljYw;BsTh+&+31KTk1y;8%qW;`u|io&Wf;Mj9Tf zy!$#%ZA*^)>|>BiHIvQLNAMraIohQI`QHW20Uv#)N`}8Uy`nqBv?M-LLHbfk{}X=$1YN`bgusU3e8aoMSSErk~EuXP~KDW6i+Fmw+$M z?hgrl{MP?BK9Nh;h)&3!PRujP0f9+Yq@k^z(q~FD?}xnrAv4&<Ao> zu!)`b<^2pmO4NKnxD?j8$?M#|IF?xZpA#P)7A_oM{@_QH-T5Ylj)Mx>pOmP@YT#kL z+bTj)TrGg^s?c)Yguy{P-Zrv+rry3l+qTsXBS_<80!Bqa`Wk>3LAn6MIE6zi_2GZY z;8n7(=+vS(Xy;rOpmpM5Cvku-T#NE?eFfCdEeC)YR|_fo|0%j)X#TGNAr=KoxIX$e zlVBYQDDZ>xpO@GG>bhSEbk_Y-GQmI5Pylh(@ojNUrMB#M%(cF5iw-z*C;bfP2Mxfq z%FG8*@sU^C-xiYMSO{9IxGt5 zui&Z-SA~k)`H$>SDxH5Hc4ygOTtJEV>f3j~K%f}t0aqi5dux?J5X)!?MIr=t~_xa<& zA7|&E_}K+7Ed7dgtKg!hiINo=u8a&?`I)KzfURw9p`jWlUQ5ykKY_MyUuoqh+poED z|7-|G78DoM;>q&kBnZ8j z7H5^s!GRQ1Eu9`;L|WK?ei*$B`9#A{o|w7KN}YD?Yskfxo& zpx267`}P6+Q?T!p>c6<-jlmDqXV3I}ZUA>2bS!hJp;VS}`L$`o8u2$G07+Zt63-+) zXwK&f05AMMfR96omIVzFbP^`j$fdr+rca8X>)g`xJD_%h+G3t}g?Pbq*-xQjOUtX_ zHtB+UUEr^eqRQ`9G?Zpu(qf2!;RJ&L+s90jFUkGSiH3fR7+=OM6mk}YbgegZ3oQY1 zwy<;jPWicF2q`m0LiIryq)zpe)dW$(LeP3es7`-Nj{g%P{viP@B7&^Rg3MUJPv)2> zR%B58)5jLbS1bhi*GKkyB%%HxN_ z;U}|1Do#%geq)r^_T}9$#KMxOOgK&|>hVVGj6&0r? zE2b5Uj9>``?4p5+nc6AFgp^+(Lj6%h3Kk+Pa~}7lu2#)<-`1?y;62K*=T{bt+OvOn zEHzs+7i7ITcG6MJ>6h7`@=hIHvL)m?oBm#{AWU8{F4SbR%gUyn$_5`F6U&ey{{RKa(yGY^%cR5VkX~7s|+9)F@2-PXYV3m}T{p*RQw)%lx zo8mN!>FvNI79O^!OhiO{n8n#h5hjSoddgOTL>}vW_Q|Ker27VZ9jp)!6mT(C@{j$t zS2wDxj?o}_6`{9L<1u@sop1lJi=wQc^PYP8)6?;P5*qyW?S`y?b&>`tmjSSs$6;=E zrPPe)ub@`rw?R87R32?!=fIQ{d>SS$Y&0rzNk6G2Rz?Ip&Mc(K7=Gn5)mMNqG9MIO z3&pL&?Hy?jqQuMZqxz`m=!l&rU@z4GmDRDXLLpx3TM6k)-URo5*KuXlpD|sk(nC>ERf$<7kPK7R5)MK=rm&bc zTAxEmQbA$FFYP;`H92;HIxR~JT+p}9tD4%3tnGg|hDP`{ZJ=G{}&o`y@O?2gv)vY z=HIm5NJtLTKzT*Q(JeK(J!3=$YruETa>UFoJZh?fe30UJZxbg{VTv4OwR){)v~x%# zAwO=Z65STCwrhiQSJ7}~$I{!Ag#HkEqpqbsW`~~L0kvBV9o;0S&S1_2;cq#*eg{Y& z;Oexo&CG5+8)h?YQN;im8Nr-j=PS0%?R$#3njIkLP?+>%?-#iJs>A7Do^PqQ&cECQ z)1;3yp%?dWdbE^7%#F0K&Ac9;zJcPO`Guzh6gt{pN8OAa;G!@-4TdjX{E?s9W$QF% zPBz<^!afgf%Dg6wVOau7Eyz|B1cZUqH<%g?hQ;(NSXKL?WB5est+e)><^WPoMC2n= z$MASFu1$0vwgBtg|7HQ2s+C8cK91~cc)C-w@ewu$IDq1-f3@Mdoi5tqby4bj{&B27?Y=3jtnB2_ zm!bpA`GhD)cLhx>l1Ta>+0S&iiS1U_(mezNx$ovz5sS%m&{>=0aoU*9DpF!O78nmX z&OM-i{c~nbZ#dO(E>*~J9X%iOPs^+U%mp|LTnCofhzEW=q}9BAzbLJZRq2b)LNE{> zff)qK-_S%7|NRE{Xx3wrqOPeqFsB2{i?aqon@Nb}!xbgyFn9;%@}bfVq({6IdPSDY z@439DltTk<=8Rno%=*&(2@re12DgO-?V$MMMK-e~+`bKXK?P=`g3D;Qf^87T=y&LR(WIuG}Mc zFJLy*a9xpc_veg}*rkFgLAPRCnX5#1(hWHE`7{Q5jOf7ue_SWTiy& zRtxW_^)lsXM#BhAj9sTak3!S|-)AXpC!A2c()KOlX>&EYi;8G}4=uyI8Ot8DemyV} zK!H^-P!RL<-PCAC2CtJ^>u;dgAh1`?0b8HKKiZk!)p8U*^ooj*y@|6ue1H93_u`qy zTn!+1qP%f~>IzJXPae}$;jAwJYZ^Uzc;9QnX!g;-whYKRtfGH-kyuj`+PF(odc#$x z@xRqfby=Bz|7U%CE;}lB=+0UJNFk-EY5QyxtCk8~n?s!S-r(K0i*8k!SRi~PdCzz+ zsvJA-`Sjfpl(5CImQdyXg()64yMTBe-Wn@`=Y-7WsvRR$(0K++!D@Kcos`<=uT+__ znJN~7EbJqk{8-SQwxbajp*fnTQ~dH8)Q*UM6D4H2|;dj@HhQ-yWd zQoUF&Ty7U4EjrBw7iPQ&B0knF}cZ!qMwt(9QW_o@My_Jag40oD!`@yQ9dKA*b zCC{-mcnbF?`|?rR?Zq8d?5*gz?1oGqRI;e5g%0Ho3ozFs(G(j=t7O~J+H3A-cA#Fp zl7uioJne;Ol;&EWrW`dJca0CEO#Wo3#hwtFR~GC0t8K`A1CLnNY@^>*TfX0D z1ijIWUdE&wd0E};Gz*GlQ2@jeJJOqxtj*GM-T6Bk$*x&*f{sOLUhDN3*K~7g2~aAc zB3a+8y3F^Q&D|T-Tb*v~2}s|mU?G2c^#O>(K0?bgi=;3br6Asw)~Yp)M7IMxGbxH_ z8~^9VTHn=u-;$K z5RRA&`JV|16GdC%MV(m<(wRpmzrCGB?f%*^(4r}^%lX8DGJ6$efSUu3$wF#K(TGlzHjzvF*c^r~ z2ar6z*Xvp8H8@0&W3y2rEl73jG{QMIr|YrAFPV~XajbJ`ST}b835hRcaITJy@41~1 zSxK~EdwcpPlPWRy3D$;TE-Cy_CqZ=OFSt6gI`pTzmcci#70S7266PxIIvDmexE*(} z&tWr53IC{=6L{4hmbP8UqYpr-L44qf6KOrz_{!W#J|s& z<%wRw1e<}yb;70cbUBoPf_B}ZIA}xs!Bjz^&@l48UhwhARh(;t!W6R6XG4!D@?+b- zV|~mt=PItu2W=YczB;iRArlQ1UG8_JuMj3QvPCOvYfDC;L||nkEqwh%*|Cw#10MWg zn-0FtW)T-Dtk2W}=OOBC2v=2M^t~A4$N-^aS_hBcB0GEsYRFWqGhiAsGoNn*;=%T! zB;k?5gI5C;4YntTnWNH0o#K0p=5zVwAtAU)+cL zYSV-;@HqX+&S+IwV*=>X<&?l12+y zcLE$=ppT8;`a$1W7WN!KkiC=JNnu0@mIY34_H)5@RSw)mNvwTw*n2yH3EsmyqHYEn z)-53u^=|RWptF`$8f*yx)N1j9UBta<`E~2=6tq9F`6qcLK<4)ELjixG+Bqmd z_whqA!*iIqI6t^9-pG(6FSfigX{5kQd_$C&USud;o@D=WS#v*r>lM;Ao^`KSFW9{_o@f2 zHF<*|Upm7aM$=0w6iH@Qm}X@$zIptXBYS7c4KB{%3v<#D=RpRaAw*^6iLoR%lI*`& zpMC0BZm44S_{buByr5?s7#K$>le)QPm5f(k)BD*vIoTFT)7V&Qijh?&HCK<4%2@2+ zWo%$;pz2cu0Z+`y8NXZx z3tP5WM$aRAbDk+NB3yxfv$A_|so;7)3wrS`)9>*kJi+82TYMo$=aTBa9$Kg7iU%iZ z%^g>*4Ni6j3i*#A7pYt3jC1yfSC?$m)SjCgVZh}~L~pK3GG{K!D>2bZPn$Gf1j0M7 zk(!-oWrgAO#xK>qomJJ;8jwG{t@Jyc*04|r2wk*P?}eZco>0mp8?(Yr$!3hY-oA_9 zZR#Q?Ltf0Qty8A26IEUb*Yzr_{_g!lF^cJKy?cU>5B{&SukLr-KYzqnGV)A2s%Ae| zjh{u1n!U4-)a zy%>&26RHU9GeZjf>D-`ZeTAHSO8?Y;S@3{_aA@HAIQQ8a&KPEd)Gi6=ov8-2`-N9@ zBm*N*&seh{L|w`}C7eh=!Al4a+p|1%8JAnXX1|@~G@_&Bt(5246oX04*D5ieqeObr zedBW7eAxR3QG0`)yE(aU)^Ch#>o0N}&e-}oQMf|zBQ*-D$ZV51$rLHba!$|GuHFs} zC0WJt97szhdH(R=v5Z!#a<;Z59my}FY%EN+YbnV-a=%#-c;r}V119=z{ z)xIaKu=arjnP*0X{ylO74762v&!Z=?|GHCfrw;m$@--ypf+tjUS9O^;Mk=OS5t+!H z+*Ji*@eA!%-H+OihqZ$8r%4=nqYUtZLq@`GL?K*d9Ez*M%Y>w&Pvvpjx|AWURcfKl zX$(7-Xre!1!3aJ^ABgH{BBf6w`L0PhU-O-JELNiYaXT1t9@f`OmTUxesr%Z<5 z#(Jzjns0rGF4heuFHXY}I;P!AQi;OrR}d@`h!UI5J}(VucyDUOx=kvn<`Uy?GR`rz zXy4z?kkvT+(QV~I%yaOEUR0LTKKwhB$^)+7utsJ<26?~6XQSgxBuod5Gx`ySAqEht zyLms7Qtinad>YNE69TPnVNd?p2ny;K?a$QKJ`-+i>@s6?Bhmf(irbN!pIouBM|9uh zaR?TjC7w~$B;H6PA-g68-p4WsI<={#(Ag_68$$8BuVAf+l?NefgFyQ<)C^Hy;&l*= zU23SshtL=A7!Z^Q^Bo?zv;2O;G3}*qo>*txe?t|_{j05Z)~j|S8$2CGLe(EAI%E(X ztA6{i5uGbeN_Gh?5^GK5U(ZCKOrBug)v1NLY18i%#eIA` z8Z@Ht(+h!&|14oU1LMyDHOrekvADh`NBdFs#$bGuH8#Rey4XAM0*{h5_-F@P=30u# zW`$K8czb^c=mmirZ11_68U)DxgpqKUu}XDuSzB!0DmBA5&!y+O{+Yt9Vs;d^G<-mQggHli@E zIowB?eEu{wDmSn~>5A@={$py0fAyQ#dJwIw01aLII7V5a*~!wcU8~?eSF5Yfx<4Ay zLNp-Oq{RxbJ86|PcE-=B!ls9~MEIo6`g|{mXXf9EemL{L*?r(FN9Bopu+?{WCFrut z7ax^VlGj0Sb;Zjju8rJljqV*g%+G6!3_v@ybp@A^LNnp zvK7ajvC-OY)#xh1P+_4do*x4mEgh|eDAbkmWUy%lti3Tl3SlX7!nlTktcA?|p>f5# zYVor+v3|`m=|lcfL@5~@V&`?`cqwY3>4?Rz`Tdr_g_8IZnU$+(`9w}w*=Za(c=PF> z5X&S>b$Ore4W1O{Q6NrnXZdFa_g?w-&QZ^ol+*4i%}qrV9u&MyFuG#cfqu z7r6;^LG^UzuYb{87AdGh>%JB^p55713jV0lxa@uL!p_|skB+e?Wu6#&qhPvg#OhIy?3zJt!7UeM$l^D#NeFXl5Mf<^{{MKecwQb_+u##A~)qqDxihMcj6U(ao1!2o6nBa%ij4w!hpdyfb-*kqMl` z|G^Ahv_(rkn#IhT`z^1h+*L#Qlf`{4VLwyQG*P6ZvP5b||9o;7;?Ph7zanfthNeKA znuu{q_gZCWv+jNCR1VxK}he*gc1LMEW0LI_tA&~!0KbYSOwHaOK!Sr#}O$6BuQHt)t#lV$DaoHX0 zrK1^ahZOCZW|{SO&EJ6w?+3$jnZ;dgv=8^1`-G7e?9OPg7BAv*Qa4s%(2f=M)8(DI z2hWyEg4Iz(_wzV8%479mjitS=lKhxhPfmVX2HfC5`p?rNHC^)2N0{Jocf{)Oe33-b z`|8h}D^^(_xM7XXpWVBYW5A5>7WRHHBd@sk%Wz8wk$(DG4n8dGPo!5*ZqBQjQK9M~ z=%l1})Ulk#*zo1{ph!CU8Sx<(*YQaRoeRV7-i>Q9xsa)G8l457LS0MQFxTE6N=4l?(M5}jBrFQOK zDDr$6`$?qBoNspGm;Av*B~p5VgF36Vlg!6_L?ciB&@iNk2NGCEx+|gy{F+t#owVgQWJh2`8Boj$z@c37yGJof?#VnnS^A&;` z;mOKh9t|qLFSnQxm*)SGjrqY$A^d;wb(Udq1$MN zF?It|lej1%lsR{1p*awXm9cJl~Bh9)p>`0^`C)A+U z=9!Y9cUk<>r;;5%u@dbbC~dkzFcK3ip%F_lza0|D^fED<^34UEbqQ;#(4KLDElKEE zGQ?oTha%jrjSNjJ&b=~=dOy@y5YG7VS237WGqP9s$kHy+@MyVC>{LQ92KyAHzn{PjgZJ>%vJj|HMMLN^WulUs9 z(GlN;L`$r$APf6AXqFRGU${a{U_f%IrRa_?c~IqH_7V5ejetX3zxSzF?EaPjJMj_W z#0fZv)dl8GN3rY~9+$avyN1E|Jx{zJ+UOAlE?nUVi{SH>V3BY$xq;A72*O)<=;SG> z<|Etp4POzl*p4J-OrS5egE9c#C;=ixw&t|Mt3!qD38%wg1@<7yX&t$I8BO^v+uYErQo`O6wC} zUM@7@vkkSql&g7s@EW>pan%r}P9yOYXet%{Ucl+tKU*`r!+A_RP@>GL#%JS!HxJq7 z3O%>wfAOFs1ES-ZD?u!cSDARj!P_sure5u{a1NT(5lf)-q@6+QAQ&GrA;?0tDJ0%| zmFSLEIfoB}Sr)HMRhm`KGhMN;a)msq0ON;YHgxquz$PR*vyhJ*{URb*IniVcN|64` zM&E$|p2V4Q`Obn%>{nxOBoQCDlOH&d4db>arl>_jT^+ykZs+c2KXBB024Q7_uo$ed zL1#K8qX#QA*oTAsm|rr-Uztk(F_fl|zJ(ojy5`o4$3n0psH9UZ*3M;yr-Oo0y|#F` zJkGzxPl*H*)j|~*hzAZzJ4MJJk;gx=?;T|GSjT;5>b2CYVo_VNRI~_hLX+EfR^|F; z7uXbcEo1}o&SHNQ3!8n^mD_VOc9a|t_{GO1;+BP}n;I(dc8m7lfdz~u|84%!pkjDs zY)iNYvMqm$iiLZ@Ijm$8e)aRNa5&~eWTG|jN{kX^cPc3u!W(<-_3}dW0rd($5ia0J z3}mbT7RfTn_%T>xFWJew%IA|j$O#WYAgB2-M%ce%#wg;(qg>iB_v3@vnmr#haX7SB zBm9if>Eu#9;FNn(ho5BazzWhP3lX<=W#{BqW(H3X+ThISDw2xh$UWR47yI5>DUTFeNqV0 zEfO;B$NQ*AWf#E*nD{Y%94Tw zy2fko!S9x%Am51~N=Hn&sb`e1n4jie35C3W&^1&ST7?o}$eG~Ss3=-sn>?0i#42Yp zureH_gbr!;+Hr&{VI&n@FlCaBE5E(g6BDE!;`;$PVU`oZj<-{K}Ex_%v}oNA@G5Nw_X0a2wQyWZJ6N>&(r&e%yqI^25k9GXICCL?)j<4#DNbair z>n-bPcaVN3ZgteRW)hM50?r&BHh%SJiTsSZ@lqX?>PoO8(1iq;9Jg3$Q$rzUk^Xih z{@D+{Hy+c$=Lc(Ej3dQe*M=Din^h|x4CHOZ%Bsp3aVU)j+Nq}Z9#s@?Jwmqjfw4$|MB^%hn17FDC4`hMEYJ$FXB70+(XlDhVwupVvtUd@W7U}50&HVc6jhQ=cUM9IDzDN)nTjz(ek+8mz=$eO;1Hv5Jhq@PQ^D^*Y{m*f`jA=g8IM+0 z_-)e8-qMza#v2XsF5#hVe9#X(BZQH$E)J}^dtyYf#F9JOBll$Nt2-B>j{_^Hl49}p zlQV?AptJo#q@`w#B>}9ZwtNjCwTWN7**T!uKq?tBd_r?wSyM>hY(!ID{#68r?#PnD z5i{+@_NEjC75W;d!8bUpth)Z=n#i5W02AEI{)DZJpHI^#b_y@av(Q2y{K(@`%Vn4Q zMEBTv^f)aX5hod+kOnPDS)Ei@vqt+kw4>8DNhqMUc;EBxb^;Rjkjb8Ig=N*rRc&82 zPOMwXNhyew?oQJ0qJ6su9rECmE(=lkpQsf??&F3Pf#wORU$31}6)2Z~Id6)&(-9Pd zH9@fuZHc+EwK^QE+}$;m_O5oAZ}(eQFjfzP74LNDgENNHbYxO+TJfHi!g0)xNV zJpmzycv}bd@tLB&1M)jFfk1c+#M1R%at&))pFZVPcY7nkJZX00XvtSuw;zjyk6y`e zQF4(3F@*Xh>I9W zl&>M_GZH-N@Nk7{%8Svk5Me|`#Zy5b9`f&xA1SG@2p%j>E}Xo`z8bIA_8t8{S%7Xs z#h5esf;=3ldy*MVJu0|DV^t=5F+TfW9CEsr=F1fgqDl%X6PuN2NYdp6Ux)x}f}=YA z^XAX75U^md6GiOFv}Qp_N+k95XHsSo_0OEdY=Gm12!AjX0NX>CiGTd$TLeDNNj4GO zbLdb{j(N%7^Sm;_pN&*!@e{0;z;g-3##?RQXa5p2Q1JJA250@UY`0@+48CJK`&E{7xpeCQCef^>IbRQ-E z5RNd6oUHJsqCqD?0ew|9cisZm$(*YzR*B44y*6D@Bz5V774+N04f?!Cyd+uy(Jo3R z%0ybJucWa`YIOT$^cy$vI)hTnuYkvYj+v8#f`G$C{kPWqTRj1p$pWp7l1k_UOzzL` z|12Yf0@@(_4F!qC&OOLQ=t5a=hC4DAZSsgwtF!)cS}Tq!EuK1mt$ zO;B2om+BppB_${X(){pH6KAU~izFY!nwzePTPA=H0uPRpjoYiaaUMra+s!pgVVg<-(P+0qhxc5`)=)3%<)zHzqqbomaml^1BUCTd4Lq;y*_oQd+>JzuYulE%>uSEdpR1ns)9< zcW%c{l>5*l+QlrO^fXnf*_Iq#7%zS-bo{sn3Cf~ZLe6fn7wYx5Wu0>|Q#(6zZbYW?9 zRYjECbi$e9{UR9B8m()ze4t-giX-yF05JSi=HC>^@tj$?j z&c5=kTS5wHnZ}Wu5N-Tsd(&v(wxQg1<)FE@B}#8)_6sb3NYX5|%5=q}_TaC!)b5pb z^N*%Y3xzUGS@GefT=Z=7*C!+q+jxwQ?=-VV7KpLPeHhcUP2~>lVlI2yZyB=OXr?y= z?@vO*qS%-DUL~l&+Qhvab+UY{N=+v&cUkd+*2rA(ZtK1^ZNYvsxm7)C7$UDr$xE#+ zDk^IHkd{>Iwmxs-HtGPqOZH7N9ocK&IZj<@VpwRco4T@TA?D!aRqvJMM>wW&II$T! zYUjhe`dIV(73ZLEi3K@7XOU%Adq|3oR(q&$LllxThcV0IZx5nWr!rce9wsOtTw~=a zWC|2U*F2et$FG?wUU?rH2AV^VQr3A#%4%1IzSYX++&^gSbKvro9_uAK0TUXe&pMq8 z-;j-wUkB^e01@FCU^(%f=qrP1{7)-Phm9L_h_fhuEtO<#UWb zcP2tjO-RTzHzye7*%bi2AG2M@2jV!5hx0N|e%;3K-)p25lXU36o}Jmh(A27%S3fS# zYQLL_`%M46w(e4gAj!D>4wdalGimRZUqV7sDm@Y8iT4>PZp)L`GE;47r|rZ+!76~Ugn z*z66cC8CgUJnuvIE77JAhl2}7U}R>F54WH3`e5t@EKPN|g2564vxxAk#LIMee2sX= z0MF@|P*8xa$!!{ZLR^sllw^G3UEbkTTS{41D+~ZeSN}l|q}Y8-Bvq-Tm54IdmnCTZM(cWiWcAkB*ZIL$M3ie z1RPjk@r3Zo!NKsf;TFezswMaHWIQ3C58$=K>fAgqRk?&Lv*ufE`o*ms!D6y^34`(C zXWr#5WmzO9c^C$)_UEwud6l&$Q?(Bb-(O~5eGQ07eC@-`Nh$3mMip~+F#((x4-IYO zV0dD4uB(l5^Ni{u;_zmJ-JlkeZAKnc46U$(mk%J+Hh_#zvw3req$7?-TQ2B<9s}Y(^VHhb`QduaCoPy zF9ut(Nb0;R%5IWghx|sSbIGw8^Au3dHiq-YI8J)Q5>0Z)Brw=7n@gRm(li86h z9b*NN+MHGvW|hM+!aKLEip7Y>tmgLg&5o6HfBO}78*|foAPBnlQd<4#E>`dJ_LWhB zxay@9Fywzaneo5ullge8O-aA5Ep>C3oE#jneuG_JnQ717o|STp5#azwWH(B7l@wS2J(7SDA&{hQ)<4f`Wp7tldn*78Z4sXE2KHl@&R2HRY~3v%zj2BX2{P z^BOA9#D-+Es29jEIGkn{el^Gmfg?*1rV-l5*NZ2y5{Y=75~`Lw1~XEH4mC=xlf*w* zn~E#$v8SXh%Wug(DU}gkJV^r)V*Eos&q-GbWfd8m9d^%W%8eXUS`#~7QIqwTq3%S~ zopMjac@AxuPOZ*U;aaVeG`G~Ug4pAe3&s~K%(;g=Ab-WG(`9t|n!v9;b6E|~!Tqbcv=plkn$Qm@xV+HNx4IpUb|04P`Q;gC ze%=hxq4`|pC7D(=8(4?t$XX=O3;fzl^EOx2)1%ftu~~fsw%x}Coj;S3v)q3DLZv5t zVadR{LmkdoF9n$jR`=5f7jL~|zcb!!mKr|6xS_|Z2nvu06ek;PYO>xqzD(56c>6ht z)E+c~s?A7Ym)f%2W=?zayiLBWOPMs>X3-RRi9m#B_6_w_AdP0$K96x~{8Hf63|wvv zRN~$Z4N~l6ATUYQ3Y9K}yi5wfcNFuF3Wl~)9pezp2V3O?W2AevF~ zdwKP$g0p;@J9nN&6R!VI@SO_^WsSFAPFy|x!ahMjNQ^(OQ~#;Z8@vmO3w{Tad&PZV zDt!xT(SqC50{5hmtO<;czaiOy&uQ}y->rpWQEX}k6;^vpRG=4+XWt%BlOxr&<;gmK zT%b>nt*YwYyLDVn3qCrG2zI75A47H`7qC>+T3u}(v7JPj+WEkQm#Z|xtNPC321S39 zEHS9)vn07!2NPvOZ~nHh#hycrQ0KjQ>F5W`cPZQKrki^8r$ZcE&Rchz75e*+-Z|qd z@R3t2wwIGRveFV#DVQIO?;3~W{Y<&vY_ivH9S1isoOIMpm!OyHf88CcWxMT()Ld^t zXh>eFlT9OF7@6UF{=>g^UmQ!hR@ac-V&*MZOxnUaJ>8CDa$w?7Y<-U@8MIbMv~2IG zy_g$M|0AlmvT{lWOPrewqkh(bUg*f;LjrhngzM5ylyuXnQ)i8{J^XCyiO)Cbm18JOrRN2b zJv3p_)drPVe|fGHXA*$vP=>FW@QkjMLWl*Pu2*JH$HQmA?6y%twyXr2<~g6y2ZVba zv!%yG`yuRbjSSLo-&YsUNLv^fDxM6nDL*mE<#$l?+C8#vVzR7f|S%%p1s)+-ZM9WRReq*Xmd7`)S6 zce#CxObJT@ZJ1NN((|H3BAMSFy?s5ZteII_4(5M9>;9NPR39um|@?+=17G^+eO4YDP+6m77dr4_t>q@r?Rwx=Om{)$~}JmTq2*c z!Mli)Y@ud&>WfT>p2q{5uyG$6!YqKVK_;HZHW${y>c`sto;J1#IJ9(jdW`R}&{f>)RJvuFKcgI`9rq5_4K5S{t-8*iN2nx;_I&?0@ zc5MFYi>=kBG|wzjZw$BReTUl$&riN-_do?q>gqLbNMw978x`kR_f({`oD`yR>g)4+ zqL3zHlJd@<0&@6A*NDHhYdXA2q#ow#TIiqK)Wq7Zm+~9dJoE7qK*2gY`DN7H)}e&_%4frY?gHR4fzLAawB~2M|a~m&sEwQ$5j~2M1$*x?YU5Fw?^`8e<+sj zF#)T;Ji}LmN_U5>y+4g_ko%OdS)PW4=$Cs#@|m zA1uBm=hb8zr!>DIK~|a>Ptq#tJD6^78p^z=Q?gX=`?;D=HY{xcE0FiUw;wJkY_j)CdIIEB7Vr#Ba7i>E37_473~zKDX>5b?4Uka)E35 zwz7zuj9XPk4E8=B!`TMiWMLcD*@KH&20vm}%-Z7#4XpxNSTZs{<(830pibBa9n~zR z)Tz={FVc3FucIv@hDW`l%jLB3c=9tT<5~V#`rU)6WUOpG#8jBqo(;1~)GVaob+~qI zEbry54_ksP+x+h&#m&6#HayHpo%jaHBYh!GBrG4=_0^Mvhj=$-e|;jvqEecDA62KU z_sw!YvkK+Qc%v;3HAu_5ls+keRk9wECv$@)Yz;AQW*4v z#Vie(J05tk*f$X)mvFHZMs96IZx-VkSFz zENFhWT^I_|H7lqyjdYdiLP{opD(}mfkWmRZ-$@3~o)aGV*S>wg9XNC@B%|q;Zo1}I z2aoWt^B-;#znnWLJJB0^G%EO&O?S9WvU#>;39tbKurooiT1_Hm0`NC3bVlnha>MLd z0t-2z=Ak*0=q@&-gC`#f+{^i8;YLj{qHgFZ*YC^Nc5$$%XGE};{qKyZU~`Id+Hf!A zJ%mLCQFk?7`lm%#WhqgWMaPiZ9rv~^skA*Ds*ntc#GW^aj_8LunF`-#hB%O5U`0D@ z%b-1aBY-yzu8-~e)hoM8{ZHMko^X`cR{{@MzG<;M@3d`eS_$OYMKEGM0@(Z~;dgnA zJvC3-zz(yn8OMeN<3j%Xb#N8Y-*t-S@;42^^7;YUruozNXH!%-Rxhtq-Ckt)1gl;F zR!eZ)o+$~e7krj@--$Tb-){yMj}G}V&*Vd~IjOB$F#Um$e{l*?o8p^)A!nKd^99k{ z@1aOTh&gzXdRXkzyDkWci-eQnU`ovxy$7S)m@0hHd0m&CepV-P`U>5VpNrC#mKKsm zauby{j_?7|nXP!Ju@zPmK4S>r0_PH!g)V;>&o6hcuSRJh*6?|!Z>HwegA_TTF#_qe zur%Mkni`8Mmi?6WGt1^%FLvh}-%s@-Vt_kUGS29%T5?CVDY`O*D{uc)^{y3I!Zb1zdXIHLop7`I=qLG zD0C+YZ{Y^Pldq;|FJzlQcVCYMkH)nSKpUwJoj6xpsmSWRehAVJ@kWDWl6adG&h9tL z!gUfE*LlN)z?kbkMc|?bgq?1P80^k5@vlBehs-C?0sObKstQb*0P^u7$118<*7 zg>Lz#qvJ@VQS!Lfo7znYxjytqU}bgc#B=hi9j9Fc<-AG!w9<|dOMvNg&9*VO`(?&m z6gJIYY1>EJtnI-6nI~p-EAk+u?eY!m#xR6HKgvCs*PUGOv?kPuCm#s%fD4Lq>T6@T zKH-bqU>6+Vgl631Uqu%+bi#kTdS>)fw5k7RaZS{8nC6pE=w^2up1ZZLo38DDuFlG+;sVAg ze46d|%xK^=wD0^!zCZbqeP+y5^aK2%G{hYc7|JnN*h_$VuGfpon5_T)+UMcONt2%O zLad_*(Q*R!N_Cj}C&n1rMZmooC~pjOK!t2NRZywL6PgMw;#jYjifBS-*FvrmXi;Fv z;+hCOwHy(fIO~(=$3=a{i8t)uhWeUX%SJiqoV;RgkaONjIDPF4dZkL)cx75%`S1(S zDY(`3YG+A*i!5o@>TCYh$~#b~W;05ZxbqkMi28a1amBP+PXfxRvd;Y&%F5$+w^q?# z9V+w*ufsioGb-_P-l@I^Z<}k`v!&?{r*DQA*^(s-2#X zQx9(PaAZ(uvWfwJLOwKR9) zwVL4^(|Ss6Jhr9E$vb8aH+&C#O}toS_uGKZoLM-}Q!O*pK#xkmjKkgep-I7V*Wy9f z2M{btZt{sc0IMNFBiKXuO`jo%P#P{!;Rwqgm2Mx%C?-=!#_Edcl|-8jC5QLR*E$Ss zL&gQ+>_0ZdX=SjU>Y8(HD^{1TJ;EBBuRX8z7<(0bUPng%v2V7T%HV+=przl`QpzIn zS|)B_+Xd3#>Km0o-WYDhm?4yX3{u7->(ZPxf zuTti2>YKvyU;or?-gjISn?z))P{oe^I&qV=y@0%m#b|vyK9E+?;hIlfZ~Kf?m4NJx(J1biKg{L+Dm39GgAvbyAB|9R#e#EK%_DAvD|(Cvhnb z=@B-M3Az5}!^LH&KniyOmwuT13_+a4Asuby!FtqYP-yZ&G-NoPR7~yCNt9~XltMA( zmF^FR#g=6KutRdY$B_SGr=0+Hx`ua6EyfaQ@&o47Vo%ro(zYSepc@2_#BcK2!A|F@ z{@jJEjWhWh`czEq@id&(6dhU$$jNm_fgSLp!Y5ynYR$-3TWU-asWz9y70>Hx^05^+ z?bG6iU2Vq)nSHA5hH@@%ZB)K2terFysB|cCl5cP~#~Bilfgh6Gwz0{as;uJr)Wj|W z@9MoXmJIEO@_1Nk10 zMSFiz$y5nyFfbpz8aGf=+zVkX=kMwg#ncrbHouv}c=W(u{xoBcL;ktG$fj>(DXRA6 z{4Z+QyPdN_r4;;cR@1IgA_=*1t})}ZYlqsLGGNC<$K$z~&3iN+1EN9Hq{i9VFTBe2$b9p*zLK=4UPk+Z2a*We6@_YUoO6l3S7 zMh;5JIiZPxa_@do(E?*nfLF}dW2vfnH(sktjIg=e4$5jT#X-evyP19$QrhCF0-RQo zh3p*1wX5L651mPrlg0I7LkGmSZH}J;(h_5-fwg>*`YrCzp8cpvOS$f4-c1)F|5H{m zN9rn%wrPCpP*;>v`NIp!PRm~tJ0@Ar@!S-KW$1YiA$?9biD`lzuV6T=AB89hojBDL zdylSBc8`u*54V|V6;isQi$xJUI8W@{lbY#ikr#+Uuz$rw;iu!%;j7n$6=F6RBfZdFz|BZ8KKV89%`lat_^)C?Bo>(4GxOsw+FJG0&0T41de;e(_fr zPs86fOM0CZnA4`NQdYh%nD!P!!|c22KQbL)4kOMM!_2zNZL^4`*r3>%POwyi1ZKJe zeWY*ze(jfd#*T4fhUOwNH}~J>+2ejJ#{AJ%wO?h5ZlPtV^<|%EYQ*+eFYNVP`fnj5 zNyWE}f~bv8;&S6NtbHqcyF*7ELU4sEl92=e9sy$W^J1oLaHx|&ndDL}G1FKXfOtSd zd2K%YC~~@(uCOu^6hy}%AYsvs?=knh(}6DP?0G!!f>2pSjChS z7=l)2>9xm{W-1CbS3>X(u`A;3fiwv3^iKyrIPQ2;IJtc2mIgqNbFJK(%YEf8A z?3F_}Wp|;KG<&O5_~b)=JA6r+>2`8;?7C}1gMc-z$|>$SyIZ@H)2rqGJYVR^I9Mu? zYF>=BVRD+Bkx~!JG(A+6GdOxy`nr4uwd);U`nHIF<^4W7UEgI^A2f7eEl+fvXNsC{ z9(#b$9o=mE)(qioJG`pvR{mq_0ABaJP(}M8Pa)?+V`2BcH!rPNK->sK2m(U zWOc{IaxJ?OpUMimN8XFi9itY9@=^RO!jva3``>RK3!dX0gzc<-xu$F*QOi5paBg#9 z;#%(GhJ3|&&M=yB(qVa`cYZO%(ZqmRk^_1i2GDL`iQwCv4Edu8`!a#c$A$2gb`SjR z9cKWTJN#%i>q$UP>)`$fEFJo!KnjQ#mhcTev6m<)s*7k@kzBp7U=(D=yzyX53s*t& zbLE3;AXTDxEhpL-b%#f{JR{|(zQmZq^lBS2SZhf|FWLDWEd50rRa)+3I@f$DDb5_y zy&Oc%Hz2`IOvESIMls&%T~a#p4s-7Lc)ETI;$U4NrE$1Y@i<}g60_v@O+SgU#-yy& zpj}A{>xb;w$3U$ppFM?>4gxtxYCO6HV0e~-z5|B{nos&oYGpqLdjK_2Rfq19nRjMe z|K_>bf;$+MT7AR?#^NM43OLVCxbS6w?1PnNS!x~l5ZVug%XIF`Ztg1>u7P5@Wp-f4V#hDaZC;3jw#a8L*%82V zqBgqn^COaj^tV*ApU5DSsAiELrc=+`SOA_IHFRgPi2Ev-dO#Dxex>ULb%I5b_EEsq zrvcC{tKUfuoR=`J{D06p!1su-zu9eH^;MjRk%`A(PNULrGwt%b`XiOGN6LX?d*Zy) z=s?PaS0cMuDJ%KS!%Gt3brPD%edw_TQ&$v7Y-02uJfy)RFcb}Lcfh(Aco_=>Z2l`b z*+y$Bmq7R%#NPT?5ND~9@x1|EM)i{L!ytYSEqC>F(b0n^_5JTibLH-#*fqygaQ zOs}q@dTyOVZ~s+IG)d%tf!LqC8SxQ`A}v|L&^Osiue^5mZ@GeVJc)L@HH7is%L_#1 z!}X5fI=iTsKV7-rFPl_Ko;lS?ji{K7B?Ng~zwMvyt|^Kb2TQ6{KL82o^DsbM4d?i& zTfiA<%Y~{cVo=vQ-T}3$+tQU9M?_0v?MIbJY`c)yCwwRBZ>OD*GrbqYYS;VSYSYr8 zN&tuLviY0Cj*|2BudN9?b^VKg8+!%=tbEe(N}FCus^AVsG`^j$_@YFPlsq+Wzx~T) z?APWD@0v2#;E_{;D%d5dz7U5%?xTIHJ{7*^E=rUH@1?sVLgyr;bQ=3GBZ~_c24uJN z3d3_{5_s?Cw?0)4Dq%TXwjLZiEn$wIxB?)Q5y%a5;boyK9R9me8R$mbm)MH#JRz{6RrLU_{g->BZ|&-y!e^3G+syEA>07SgndEv zmE_DX%g7==&I}>vZH@TPt8;0=T#o?E{cc~R%yp8-;z8{{_L=LbZ5`hC^f6{lc!eWT; zUMHdo2wqt(!|FtNbW}@4Ts5WjhUT2Rpmi+sBb0#Jk@Bu(L06>}$;po<@*=x282{~S z08CUav5(?UOw{is20+d|1GY|(5jT?jy_^K<OlJ@kd(jDNJTe4)oeFahrT&C`jS>ko(Mr!EGV z!IX~059HxpyGravq36S)Z*o^heIiZ7{sC_@IkdX=4`?XK)IE#xToxso$yUl|j};NY zLty#{V9R5;0H;L|KprFV7gy>b1;B_b&+V_YfPcG*9iRddZ_n-X`n{?z3RFop`33zi z8WzO%yH8%u528x~NVJV_yN)2-rXI}3(Qj1u6%d8R#dGm+$JR3b z^ec%U?UOoqh_F%4Z! ze~C!=kG>uw2Qbja{vU(le>L|HHaAxI3{c-W{;F4|Qh)sL&zlItFvSD(X+&Fv&Yvy$ z^Cp1VqQl4mQv~jZ#Vry4I?6u{pTKVfKqR0VGKqrbKMFQJS<}CA!%E+DJ+aZlJ%urrP~qjI{)ym2(hM zH{3t$^zZhO`hES4-i}0i{KZ-S4{2fjHYk{Z?*HQ&Sa~2d!PaCk;C~lSP8@=wA}1Dv zIQW0RhSV0&5MSc2pK?s{v7%O|A$TdEt^Wh_6+|8dPvSbR!a1{DdZxgAq5`F!ZC z*b5Kgmq4mtp2J4r|*Ih?xP4lp! ztdqJ8Bjfnj|G6GmFzI^{^ZtPWl28>LXv7`^>2g$UP2DXmr%q7lF3nV2;)&FNegCSY ziYzCRHSu?>=Md?37N6TonSmbzwe`rqlY#z|w7OY}nvTtGnPtG?(ORS<{h)9unff$m zigw#ZC`#Ckg=*z1qQ{t5RMgas<_aVE3BEMXA%l5qA9q`UlSKQYDI!Ce;`7XZ!@m}1toaR%8A$kl0!CiW-8AF!?I zg;dNk>qfGepv=bBagLaZc)Jv_- zoM@>@2^5{fnxu7GOo`p~rY7a2aWI zFnBH%=3o1q3)AI4I1@j0+23;E+g>m>qlp9J=k@~&%lYI>H!6xRy}3BSit~rg&1XfH zD5+Ny=bGH5D)WWKBEMdTg_pg@NR%XGgA+Y`J>J|XB_B`r;%>k-v{9k+R#m6++4!k_ z&VGg`kESg!J!;ZjOy@}Au}`YznS+AJuFY_kzy148LHlXCz8@1T?abPZ)?Cr$+i5(e z9rw)#$7yGY$w_$1S9uQd3GwmDZf6e)7J98a854y$Il{{i*T|jkfh1`1wU>Wc+CMe= zBW#+gVo`5cMcV{3PWvWUt5MEFXi0EHO_r;Ef-jknu@w#mrI}FO7OJ)V6mZfM9ct5I!RT9 zIx?xgUUgt(Bx$tsM&wberq;wG2}tjDDlrSpl;9cB{rs-OkFb8u>U1oV>qogwCkumm z6>Fo=(Gyz20QdB;ivVp-i)R>`+YB$T=40h8%1wC=$*r#H85e-)mJi@*E zZhgBM!@D^98a*r&Aw^^5_A4|%z<&09DjVj$lw4BnsXayfNra6L=yHlf$hI%)bTXpa zpejUcw(+86ivlx@+h7QSh>o1lBa=e5S5vW!ZKJ}x=UL}qZ@Kj;4Jz@mWsA*i|3P8% zs<0|urEnG4QySb;p_fvzcPIc?*vSDb16F174Hj-^Q&p2bcwWp4kPW$4Rd+niz3beD z*rd~Q>3EgKEqC&<%kVmxv1mM;@i*`1(lCh^Dl2NWyl%$)PXnAVhadIpL=Cxy0iob| zqtkpeP5W})tl$z4r^_tbL7dUg1E1wNn}5lLkkQ(34^j7_)eQ`1x4;_5s6qzPF?X+$ zWJu9=X-_BVoDmyj+WnRHg{uZJn$b>e1lkthUfJGo?F zf7(oBT>|Uz^)X9|T0|dyOvn$J-N@yxkl(QLzQv?(7KK{L0pXvc|XpCYCw_=B16G{gP^ zzRG&_(&%u>SuC-m{j1NUIY7`$P%XcZ;&53#J_X|8Q*NZPKnii&vDax3Ss8US0aHR> zOq}+y*E^6Jk07)9F4MTN*hR@B6tF%fPJa z;#P&xqcvfzi$)?oaq&fCoGd1m_RGc!|2FoSimuD<(GKTIJj^tAG>732Xt>PytT&x5 zLh+RgE`wttFE(~4(Bh04)ZHpYG_!Lid9pli!?5u2saZNtqFIfTf~(sf{33gJ*1lc_ zX{@k$1M~Zb$~o*rA^9g%!xPVfR-Y)#+KM-C^!=5&_)%wALBN(aSId3&1I?!IEBR1z z&5acmwQ|4z-UsUc|H#6~(bM9r7^Y~L@NBw)F_#^`$e|q`$0zX`c8NC%nx&}dIrm>N z=uCt~U}(Bj>wbJ#q@q3Mou^K4Kb(_nY9<;_pucS67+|GZEj;Glth`~a!67EE-B)Ur z4RX|J)7+S*uwrYglZ$qUkiGv&&PUEf_M&EVbY`}20u`fZliY{mRwbXLn!BHhJHJcE zA{`~{lZwQH-Tw+Cfm(efi zhB)2MVbjmSfu%24Vvfm9=L(&7?IL8#ZV6CVm{_|6|7CuXC$O@p{#Ee0Y3SRY{9@+nKRkqLP9o6b5 zyE12wmGw9WTfJso@TVY;tZQDg&JQh*PJ$FSXsMbjUWm3NFf2GTEG-fO#0#nklH#$g zUPZ2SJ0zq$HTS?`QiGjfSYM1TVqPeutZMSR#?Z6(&{-~@v^QEl?uI*qSxf&)3LJY<1SBsM)1*Jy>8&eo;e&XS)wqv`?K`ylZ+Stx${9cB)fi=mlag_hcb2m+P2}|spAqACjSEAl5ZSu@+ zNyFO|5P25I6zYqgAWbttDNntTXjvWl6&*ycv-t3X*luC{PC6dGkCgrCeM^_IK{2v` z`$;~2xx(FSfA4f#Gj^^($gge5=)y&R|Heow>t@zm&2c7+Ic~sL2O&Ffg{xMUrNSY> z@Fki6U6X>Vt!+?>A~D}aB4}F{J#LWhaV_mIbL+F2jW&oc8MTc>Rdk{{Io-y=o3nTx zzS6kF;$iLNSp6ErScp-TJ$4~{tbD!u_8nd@(buujJ|Gn##S18ihA{vpuSoabmBqoG z^TgPS$oV|2gA?j(Z7{C8vZp(8wR)8N_;(w)U?}nI$wtwDaDvUu3-d|_9{_1yUrW?z z0mZ;Y9mFx@xe2@HcWRTm58=E31DlBItI<7N=}eXcnv=c`nvlbM{AtvuxlEr&ilRIk z(I;iFx}7+{9@l_qr=8WuWax=2EdK1j{ye%iNqzl90wr`+>AuZqUig1oq|=Qc?3Q(DBQbNZroxDT21lIe>-~rd3#s; z5nJ23F>);J(uw^Zr32!9i3S>AD~Y5BSB&fIt_Kd%ONctqjKsPh;pD8%ZZOAdevE?P zRN&*W8oG$g&rWBW0}tjYfc|x(Mx14>L`I#Fv~%Q7sAiXxto4p+?@1B->O`L_jwi7{ zUCkpkYA2wO;2<8`g*PHd7!A&zMjL;r`7SSjugvdrGP;38GrX8UC z-IuGn4{DjQV3}RNK>5f6^w0l%r)cr`hEIKa3cg68nc?LhU%yZplEC)y@E5hOM7^NX zVoPsY<5Vi)3^MNtg>unT(t@OWj#J&c^HuS_gA_AY%Vg%ERNOzXzSbarhI$!o^PJHY zqhEaf=OA_mNq6<;TRtwvJ|r#!3ShIP@9gbLoRNh-Q*HuT-p{pI#bnM0&fR6v5r8O5 zD>pkuzrfop-JvU|)l#*^sBbiN3K%t|edQ0U3~MUQOt=${6c@dG2}g#RVJ@D73hc*Yq3jM;E>u z2Ktg6-|zK(w+!Q*6PVFnH2u*SXNcQ(Az2urS_opTaSx)ih6a2R3;+P&P=r=dl zC6C%zT@cO0)uRyh5+)|>n9o0YuBm>=jZ;w^>Psu?QF~D36!Ks*P72=dB@I8x4XsSl z+o0ztbJ)J&oX|;rBxww#$Y??{+>2+L`ezuF5ZG$XMSh^aV`FK``3&`KS9>#!~20;2%o!FN(zVCpxZSW>u)?vn}z)9~Z~A|fFn78gFE$&azC z&D~iXO1eQ=JSnrnZ03-oe&tB_;sAxs6nkTp55VELF-;BfsS|R@R-+uOYnDZ49Ko^-raTc_zFgZ-0qkY&CNsCw%rm0c2RcsK{Gtq%j zcsPWVC^KXqtKG)`hkbA8$jgKR*Hh25dUbVStK@8%cDU-dJhOOX5i)sM1rm4>J@9oMgcWvYqa0ZoyOqE(o?zf3uX&}KCxIk%jLquAOi3%tjH zvBbx#^W73+V!AZZ&d0iTVe}>iLnS;Ix4g51uj?%3Uf+7bX%!a?&;@p`=nG`5h*VfU z%oo8%2gkUKeN%fzAjFe>i^qr^7_jgU*rgatDX>B!(VpVlFV^rm>(s33!pYOYg6Q88 zVQ}G-l-Gv-c+;juY_=%2)cMlXt1G#=7#7I-vZ3@Mh$RRGiTSz$X@LDPK-SjQE71tr zE?A^zU00DA*tviTJ7oGa{*aAZEyqA%7iyo~LQ^K5+^fuiO7b;CY+NdTf%iwf;KZ!B z3E)3Yhj0-J!E(09zA#S>({jSw?X1Y|MM4Y59&-q4DG|Gg)G!@csQv+W4?&hYjlJ0nHwOX9p~7SxBri5 z4W#mH^69q;_#^p+@2f!@BG}(M^k)~@?rV=k($*73-}Hgj$?#Rh{bnpxa9PPoUcOiU z$6Io4Cw}uwIA?s>h1c(#Fs-%LcW$0b7k2Fv zUP^i-p{52=u(D!#?}pZ}_EXCvzBR7jnrotzyO#iauGLboYT*}&jt~)~wR2qy(O`z1 zKpapW6umFzo+Xj{9aR%<`bK{9R zc;FZi*OCmlW^=RqieEkIjrtIIrNVgjF%2Z#fk9CCb#sLRv$*(7C0j8u@n)YY)}|tO z^f6QIo|^VHQ@1alb0nn|%O8}awC{hd7v>OSx?F)-IJ(Y+k`A3vb3hX4Qo literal 0 HcmV?d00001 diff --git a/poweradmin/config.inc.php b/poweradmin/config.inc.php index 869c917..7b7189c 100644 --- a/poweradmin/config.inc.php +++ b/poweradmin/config.inc.php @@ -8,7 +8,8 @@ $session_key = 'POWERADMIN_SESSION_KEY'; $iface_lang = 'POWERADMIN_IFACE_LANG'; -$iface_style = 'ignite'; +$iface_style = 'POWERADMIN_IFACE_STYLE'; +$iface_index = 'POWERADMIN_IFACE_INDEX'; $dns_hostmaster = 'POWERADMIN_HOSTMASTER'; $dns_ns1 = 'POWERADMIN_NS1'; @@ -20,4 +21,5 @@ $pdnssec_debug = false; $pdnssec_command = '/usr/bin/pdnsutil'; -$ignore_install_dir = true; +$ignore_install_dir = false; +#$display_stats = true; diff --git a/poweradmin/dnssec_add_key.diff b/poweradmin/dnssec_add_key.diff new file mode 100644 index 0000000..2d126be --- /dev/null +++ b/poweradmin/dnssec_add_key.diff @@ -0,0 +1,8 @@ +92c92 +< $this->redirect('dnssec.php', [id => $zone_id]); +--- +> $this->redirect('dnssec.php', ['id' => $zone_id]); +94c94 +< $this->setMessage('dnssec_add_key', error, _('Failed to add new DNSSEC key.')); +--- +> $this->setMessage('dnssec_add_key', 'error', _('Failed to add new DNSSEC key.')); diff --git a/poweradmin/dnssec_edit_key.diff b/poweradmin/dnssec_edit_key.diff new file mode 100644 index 0000000..bcdf311 --- /dev/null +++ b/poweradmin/dnssec_edit_key.diff @@ -0,0 +1,8 @@ +84c84 +< $this->redirect('dnssec.php', [id => $zone_id]); +--- +> $this->redirect('dnssec.php', ['id' => $zone_id]); +89c89 +< $this->redirect('dnssec.php', [id => $zone_id]); +--- +> $this->redirect('dnssec.php', ['id' => $zone_id]); From d0e10f84a88688d13a65884156384e89a881b2f2 Mon Sep 17 00:00:00 2001 From: Root Date: Sat, 28 Jan 2023 05:53:50 +0000 Subject: [PATCH 10/12] minor edits --- Dockerfile | 16 +++++++++++++++- docker-compose.yml | 2 ++ nginx/http.d/default.conf | 6 +++--- poweradmin/config.inc.php | 2 +- 4 files changed, 21 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index d69824e..01220cb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -144,7 +144,7 @@ RUN set -eux; \ chown -R powerdns:powerdns /run/powerdns #bug source correction -RUN set -eux;\ +RUN set -eux; \ # ERROR 1074 (42000) Column length too big (max = 21844); use BLOB or TEXT instead sed -i "s!VARCHAR(64000) DEFAULT NULL!TEXT(64000) DEFAULT NULL!g" /sql/pdns_schema.sql; \ # BUGs Undefined constant id,error @@ -152,6 +152,20 @@ RUN set -eux;\ patch /var/www/html/poweradmin/dnssec_edit_key.php /var/www/html/poweradmin/inc/dnssec_edit_key.diff; \ rm -r /var/www/html/poweradmin/inc/dnssec_add_key.diff /var/www/html/poweradmin/inc/dnssec_edit_key.diff +#clear source +RUN set -eux; \ + rm -rf /var/www/html/poweradmin/.git; \ + rm -rf /var/www/html/poweradmin/migrations; \ + rm -rf /var/www/html/poweradmin/sql; \ + rm -rf /var/www/html/poweradmin/tests; \ + rm -rf /var/www/html/poweradmin/vagrant; \ + rm -r /var/www/html/poweradmin/.gitignore; \ + rm -r /var/www/html/poweradmin/README.md; \ + rm -r /var/www/html/poweradmin/VAGRANT.md; \ + rm -r /var/www/html/poweradmin/Vagrantfile; \ + rm -r /var/www/html/poweradmin/Dockerfile + + EXPOSE 53 8081 80 EXPOSE 53/UDP diff --git a/docker-compose.yml b/docker-compose.yml index 4c8ee6c..5739e99 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -33,6 +33,8 @@ services: networks: - powerdns environment: + - TZ=Europe/Moscow + - MYSQL_HOST=mariadb - MYSQL_DATABASE=pdns_db - MYSQL_USER=pdns_user diff --git a/nginx/http.d/default.conf b/nginx/http.d/default.conf index 550470f..32c403f 100644 --- a/nginx/http.d/default.conf +++ b/nginx/http.d/default.conf @@ -20,9 +20,9 @@ server { } location ~ (/\.gitignore|/\.git) { - deny all; - access_log off; - log_not_found off; + deny all; + access_log off; + log_not_found off; } location ~* \.(?:jpe?g|gif|png|ico|swf|svg|eot|ttf|otf|woff|htc|css|js)$ { diff --git a/poweradmin/config.inc.php b/poweradmin/config.inc.php index 7b7189c..4921d32 100644 --- a/poweradmin/config.inc.php +++ b/poweradmin/config.inc.php @@ -22,4 +22,4 @@ $pdnssec_command = '/usr/bin/pdnsutil'; $ignore_install_dir = false; -#$display_stats = true; +$display_stats = false; From fa36aa6781039341cdf130afb8e61f84eda1b78c Mon Sep 17 00:00:00 2001 From: RootShell-coder Date: Mon, 30 Jan 2023 05:33:16 +0300 Subject: [PATCH 11/12] powerdns --- Dockerfile | 6 ++- docker-compose.yml | 25 +++++++----- entrypoint | 73 ++++++++++++++++++---------------- powerdns/conf.d/dns.conf | 6 +++ powerdns/conf.d/webserver.conf | 8 ++++ powerdns/pdns.conf | 3 +- 6 files changed, 73 insertions(+), 48 deletions(-) create mode 100644 powerdns/conf.d/dns.conf create mode 100644 powerdns/conf.d/webserver.conf diff --git a/Dockerfile b/Dockerfile index 01220cb..925cc9d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -110,7 +110,7 @@ RUN set -eux; \ php81-mbstring \ php81-xml \ \ - composer musl musl-utils musl-locales tzdata patch; \ + composer musl musl-utils musl-locales tzdata patch bind-tools; \ rm -f /var/cache/apk/* RUN set -eux; \ @@ -145,6 +145,8 @@ RUN set -eux; \ #bug source correction RUN set -eux; \ + sed -i "s!latin1!utf8mb4!g" /sql/pdns_schema.sql; \ + sed -i "s!latin1!utf8mb4!g" /sql/poweradmin.sql; \ # ERROR 1074 (42000) Column length too big (max = 21844); use BLOB or TEXT instead sed -i "s!VARCHAR(64000) DEFAULT NULL!TEXT(64000) DEFAULT NULL!g" /sql/pdns_schema.sql; \ # BUGs Undefined constant id,error @@ -166,7 +168,7 @@ RUN set -eux; \ rm -r /var/www/html/poweradmin/Dockerfile -EXPOSE 53 8081 80 +EXPOSE 53 EXPOSE 53/UDP ENTRYPOINT [ "entrypoint" ] diff --git a/docker-compose.yml b/docker-compose.yml index 5739e99..47b9a3b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -34,24 +34,29 @@ services: - powerdns environment: - TZ=Europe/Moscow - + - MYSQL_HOST=mariadb - MYSQL_DATABASE=pdns_db - MYSQL_USER=pdns_user - MYSQL_PASSWORD=pdns_pass - - PDNS_ALLOW_AXFR_IPS=127.0.0.1 + - PDNS_ALLOW_AXFR_IPS=127.0.0.1/32, 172.17.0.1/32 - PDNS_MASTER=yes - - PDNS_SLAVE=no + - PDNS_SLAVE=yes - PDNS_CACHE_TTL=20 - PDNS_DISTRIBUTOR_THREADS=3 - - PDNS_RECURSIVE_CACHE_TTL=10 - - PDNS_ALLOW_RECURSION=127.0.0.1 - - PDNS_RECURSOR=no + - PDNS_ALLOW_DNSUPDATE_FROM=127.0.0.1/32, 172.17.0.33/23 + + - PDNS_WEBSERVER_ENABLE=yes + - PDNS_WEBSERVER_IP=0.0.0.0 + - PDNS_WEBSERVER_ALLOW_FROM=127.0.0.1/32, 172.17.0.1/32 + - PDNS_WEBSERVER_PASSWORD=adminpass + - PDNS_WEBSERVER_PORT=8080 + - PDNS_WEBSERVER_API_ENABLE=no + - PDNS_WEBSERVER_API_KEY=adminapikey - POWERADMIN_HOSTMASTER=email.admmin.soa - POWERADMIN_IFACE_STYLE=spark - #- POWERADMIN_IFACE_INDEX=list - POWERADMIN_IFACE_LANG=ru_RU - POWERADMIN_NS1=ns1.example.com - POWERADMIN_NS2=ns2.example.com @@ -59,6 +64,6 @@ services: - mariadb ports: - 80:80/TCP - - 8081:8081/TCP - - 8053:53/TCP - - 8053:53/UDP + - 8080:8080/TCP + - 53:53/TCP + - 53:53/UDP diff --git a/entrypoint b/entrypoint index bed87b3..62cc182 100644 --- a/entrypoint +++ b/entrypoint @@ -2,12 +2,14 @@ TZ=${TZ:-Europe/Moscow} +#mysql MYSQL_HOST=${MYSQL_HOST:-localhost} MYSQL_PORT=${MYSQL_PORT:-3306} MYSQL_DATABASE=${MYSQL_DATABASE:-pdns} MYSQL_USER=${MYSQL_USER:-pdns} MYSQL_PASSWORD=${MYSQL_PASSWORD:-pdns} +#poweradmin POWERADMIN_IFACE_LANG=${POWERADMIN_IFACE_LANG:-en_EN} POWERADMIN_IFACE_STYLE=${POWERADMIN_IFACE_STYLE:-ignite} POWERADMIN_IFACE_INDEX=${POWERADMIN_IFACE_INDEX:-cards} @@ -16,15 +18,27 @@ POWERADMIN_NS1=${POWERADMIN_NS1:-} POWERADMIN_NS2=${POWERADMIN_NS2:-} POWERADMIN_SESSION_KEY=${POWER_ADMIN:-`pwgen 32 1`} +#pdns PDNS_ALLOW_AXFR_IPS=${PDNS_ALLOW_AXFR_IPS:-127.0.0.1} PDNS_MASTER=${PDNS_MASTER:-yes} PDNS_SLAVE=${PDNS_SLAVE:-no} PDNS_CACHE_TTL=${PDNS_CACHE_TTL:-20} PDNS_DISTRIBUTOR_THREADS=${PDNS_DISTRIBUTOR_THREADS:-3} +PDNS_ALLOW_DNSUPDATE_FROM=${PDNS_ALLOW_DNSUPDATE_FROM:-127.0.0.1} + +#pdns recursor PDNS_RECURSIVE_CACHE_TTL=${PDNS_RECURSIVE_CACHE_TTL:-10} PDNS_ALLOW_RECURSION=${PDNS_ALLOW_RECURSION:-127.0.0.1} PDNS_RECURSOR=${PDNS_RECURSOR:-no} +#pdns webserver +PDNS_WEBSERVER_ENABLE=${PDNS_WEBSERVER_ENABLE:-no} +PDNS_WEBSERVER_IP=${PDNS_WEBSERVER_IP:-127.0.0.1} +PDNS_WEBSERVER_ALLOW_FROM=${PDNS_WEBSERVER_ALLOW_FROM:-127.0.0.1} +PDNS_WEBSERVER_PASSWORD=${PDNS_WEBSERVER_PASSWORD:-`pwgen 8 1`} +PDNS_WEBSERVER_PORT=${PDNS_WEBSERVER_PORT:-8081} +PDNS_WEBSERVER_API_ENABLE=${PDNS_WEBSERVER_API_ENABLE:-no} +PDNS_WEBSERVER_API_KEY=${PDNS_WEBSERVER_API_KEY:-`pwgen 32 1`} cp /usr/share/zoneinfo/${TZ} /etc/localtime @@ -38,20 +52,30 @@ export LANGUAGE export LC_ALL export MUSL_LOCPATH -#ERROR 1074 (42000) Column length too big (max = 21844); use BLOB or TEXT instead -sed -i "s!VARCHAR(64000) DEFAULT NULL!TEXT(64000) DEFAULT NULL!g" /sql/pdns_schema.sql -#BUG Ungefined constant -sed -i "s!$this->redirect('dnssec.php', [id => $zone_id]);!$this->redirect('dnssec.php', ['id' => $zone_id]);!" - -sed -i "s!latin1!utf8mb4!g" /sql/pdns_schema.sql -sed -i "s!latin1!utf8mb4!g" /sql/poweradmin.sql - +#pdns mysql sed -i "s!MYSQL_HOST!${MYSQL_HOST}!" /etc/powerdns/conf.d/gmysql.conf sed -i "s!MYSQL_PORT!${MYSQL_PORT}!" /etc/powerdns/conf.d/gmysql.conf sed -i "s!MYSQL_DATABASE!${MYSQL_DATABASE}!" /etc/powerdns/conf.d/gmysql.conf sed -i "s!MYSQL_USER!${MYSQL_USER}!" /etc/powerdns/conf.d/gmysql.conf sed -i "s!MYSQL_PASSWORD!${MYSQL_PASSWORD}!" /etc/powerdns/conf.d/gmysql.conf +#pdns webserver +sed -i "s!PDNS_WEBSERVER_ENABLE!${PDNS_WEBSERVER_ENABLE}!" /etc/powerdns/conf.d/webserver.conf +sed -i "s!PDNS_WEBSERVER_IP!${PDNS_WEBSERVER_IP}!" /etc/powerdns/conf.d/webserver.conf +sed -i "s!PDNS_WEBSERVER_ALLOW_FROM!${PDNS_WEBSERVER_ALLOW_FROM}!" /etc/powerdns/conf.d/webserver.conf +sed -i "s!PDNS_WEBSERVER_PASSWORD!${PDNS_WEBSERVER_PASSWORD}!" /etc/powerdns/conf.d/webserver.conf +sed -i "s!PDNS_WEBSERVER_PORT!${PDNS_WEBSERVER_PORT}!" /etc/powerdns/conf.d/webserver.conf +sed -i "s!PDNS_WEBSERVER_API_ENABLE!${PDNS_WEBSERVER_API_ENABLE}!" /etc/powerdns/conf.d/webserver.conf +sed -i "s!PDNS_WEBSERVER_API_KEY!${PDNS_WEBSERVER_API_KEY}!" /etc/powerdns/conf.d/webserver.conf + +#pdns +sed -i "s!PDNS_ALLOW_AXFR_IPS!${PDNS_ALLOW_AXFR_IPS}!" /etc/powerdns/conf.d/dns.conf +sed -i "s!PDNS_MASTER!${PDNS_MASTER}!" /etc/powerdns/conf.d/dns.conf +sed -i "s!PDNS_SLAVE!${PDNS_SLAVE}!" /etc/powerdns/conf.d/dns.conf +sed -i "s!PDNS_CACHE_TTL!${PDNS_CACHE_TTL}!" /etc/powerdns/conf.d/dns.conf +sed -i "s!PDNS_DISTRIBUTOR_THREADS!${PDNS_DISTRIBUTOR_THREADS}!" /etc/powerdns/conf.d/dns.conf + +#poweradmin sed -i "s!MYSQL_HOST!${MYSQL_HOST}!" /var/www/html/poweradmin/inc/config.inc.php sed -i "s!MYSQL_PORT!${MYSQL_PORT}!" /var/www/html/poweradmin/inc/config.inc.php sed -i "s!MYSQL_DATABASE!${MYSQL_DATABASE}!" /var/www/html/poweradmin/inc/config.inc.php @@ -65,6 +89,8 @@ sed -i "s!POWERADMIN_IFACE_INDEX!${POWERADMIN_IFACE_INDEX}!" /var/www/html/power sed -i "s!POWERADMIN_HOSTMASTER!${POWERADMIN_HOSTMASTER}!" /var/www/html/poweradmin/inc/config.inc.php sed -i "s!POWERADMIN_NS1!${POWERADMIN_NS1}!" /var/www/html/poweradmin/inc/config.inc.php sed -i "s!POWERADMIN_NS2!${POWERADMIN_NS2}!" /var/www/html/poweradmin/inc/config.inc.php + +#other sed -i "s!TZ!${TZ}!" /var/www/html/poweradmin/inc/config.inc.php until nc -z ${MYSQL_HOST} ${MYSQL_PORT}; do @@ -105,30 +131,9 @@ fi # INSERT INTO perm_templ ( id, name, descr ) VALUES ( 1, 'Administrator', 'Administrator template with full rights.' ); # -# -# # Setup web access -# if [ ! -f /etc/powerdns/conf.d/webserver.conf ] && [ -n "$POWERDNS_WEBSERVER_ALLOW_FROM" ]; then -# # Check if we got a password -# if [ -z "$POWERDNS_WEBSERVER_PASSWORD" ]; then -# POWERDNS_WEBSERVER_PASSWORD=$(pwgen 16 1) -# fdc_notice "PowerDNS webserver password: $POWERDNS_WEBSERVER_PASSWORD" -# fi -# # Check if we got a API key -# if [ -z "$POWERDNS_API_KEY" ]; then -# POWERDNS_API_KEY=$(pwgen 16 1) -# fdc_notice "PowerDNS webserver API key: $POWERDNS_API_KEY" -# fi -# -# cat < /etc/powerdns/conf.d/webserver.conf -# webserver = yes -# webserver-address = 0.0.0.0 -# webserver-allow-from = $POWERDNS_WEBSERVER_ALLOW_FROM -# webserver-loglevel = normal -# webserver-password = $POWERDNS_WEBSERVER_PASSWORD -# webserver-port=8081 -# api = yes -# api-key = $POWERDNS_API_KEY -# EOF -# fi -# +echo "*****" +echo "POWERDNS WEBSERVER PASSWORD = "${PDNS_WEBSERVER_PASSWORD} +echo "POWERDNS WEBSERVER API KEY = "${PDNS_WEBSERVER_API_KEY} +echo "*****" + exec "$@" diff --git a/powerdns/conf.d/dns.conf b/powerdns/conf.d/dns.conf new file mode 100644 index 0000000..e7c6c14 --- /dev/null +++ b/powerdns/conf.d/dns.conf @@ -0,0 +1,6 @@ +allow-axfr-ips=PDNS_ALLOW_AXFR_IPS +master=PDNS_MASTER +slave=PDNS_SLAVE +cache-ttl=PDNS_CACHE_TTL +distributor-threads=PDNS_DISTRIBUTOR_THREADS +allow-dnsupdate-from=PDNS_ALLOW_DNSUPDATE-FROM diff --git a/powerdns/conf.d/webserver.conf b/powerdns/conf.d/webserver.conf new file mode 100644 index 0000000..aaef593 --- /dev/null +++ b/powerdns/conf.d/webserver.conf @@ -0,0 +1,8 @@ +webserver = PDNS_WEBSERVER_ENABLE +webserver-address = PDNS_WEBSERVER_IP +webserver-allow-from = PDNS_WEBSERVER_ALLOW_FROM +webserver-loglevel = normal +webserver-password = PDNS_WEBSERVER_PASSWORD +webserver-port = PDNS_WEBSERVER_PORT +api = PDNS_WEBSERVER_API_ENABLE +api-key = PDNS_WEBSERVER_API_KEY diff --git a/powerdns/pdns.conf b/powerdns/pdns.conf index b810092..a03aded 100644 --- a/powerdns/pdns.conf +++ b/powerdns/pdns.conf @@ -133,7 +133,7 @@ ################################# # daemon Operate as a daemon # -# daemon=no +daemon=no ################################# # default-api-rectify Default API-RECTIFY value for zones @@ -724,4 +724,3 @@ version-string = anonymous # zone-metadata-cache-ttl Seconds to cache zone metadata from the database # # zone-metadata-cache-ttl=60 - From 909b9aadca1b61bd53da27861a9b721193921e35 Mon Sep 17 00:00:00 2001 From: RootShell-coder Date: Mon, 30 Jan 2023 05:40:46 +0300 Subject: [PATCH 12/12] ci --- .github/workflows/docker.yml | 37 ++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/workflows/docker.yml diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml new file mode 100644 index 0000000..9363670 --- /dev/null +++ b/.github/workflows/docker.yml @@ -0,0 +1,37 @@ +name: powerdns + +on: + push: + branches: + - + "master" + +env: + IMAGE_NAME: "powerdns" + VERSION: "latest" +jobs: + push: + name: Build and push to Docker Hub + runs-on: ubuntu-latest + steps: + - + name: Checkout repository + uses: actions/checkout@v3 + - + name: Build image + run: DOCKER_BUILDKIT=1 docker build . --file Dockerfile -t ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }} + - + name: Login to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + - + name: Push Image to Docker Hub + run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }} + - + name: Tag image + run: docker tag ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:${{ env.VERSION }} ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:$(date +%Y%m%d) + - + name: Push tag Image to Docker Hub + run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}:$(date +%Y%m%d)