diff --git a/.env.dist b/.env.dist
index 54fee77a..d204228e 100644
--- a/.env.dist
+++ b/.env.dist
@@ -71,10 +71,6 @@ SSH_PASSWORDLESS=false
# Your RSA Public key.
RSA_PUB_KEY="copy your ssh public rsa key here"
-# Hash length (bits), supported value 2048 | 4096 (take longer times)
-# length of bits used for generating RSA key / Diffie-Helman params.
-KEY_HASH_LENGTH=2048
-
[nginx]
INSTALL_NGINX=true
@@ -144,12 +140,16 @@ LUA_RESTY_LRUCACHE_VERSION="v0.11"
NGX_HTTP_PASSENGER=false
NGX_HTTP_REDIS2=false
NGX_HTTP_SUBS_FILTER=true
-NGX_HTTP_UPSTREAM_FAIR=true
+NGX_HTTP_UPSTREAM_FAIR=false
NGX_HTTP_VTS=true
NGX_HTTP_XSLT_FILTER=true
NGX_MAIL=true
NGX_NCHAN=false
+
+# For Nginx latest v1.23 or greater, try using NPS v1.14.33.1-RC1 or master
+NGX_PAGESPEED_VERSION="v1.13.35.2-stable"
NGX_PAGESPEED=false
+
NGX_RTMP=false
NGX_STREAM=true
@@ -279,9 +279,12 @@ FTP_SERVER_VERSION="latest"
# Enable FTP over TLS.
FTP_SSL_ENABLE=true
+# Enable passv mode.
+FTP_PASV_MODE=true
+
# Range of passv ports.
FTP_MIN_PORT=45000
-FTP_MAX_PORT=45999
+FTP_MAX_PORT=45099
[dns]
# TODO: Install DNS server.
@@ -296,9 +299,16 @@ INSTALL_SPFDKIM=true
SENDER_DOMAIN=""
[certbot]
+# Install Let's Encrypt SSL certificate is mandatory.
INSTALL_CERTBOT=true
+
+# Path to live certificate for production server.
HOSTNAME_CERT_PATH=""
+# Hash length (bits), supported value 2048 | 4096 (take longer times)
+# length of bits used for generating RSA key / Diffie-Helman params.
+KEY_HASH_LENGTH=2048
+
[firewall]
INSTALL_FW=true
@@ -312,4 +322,4 @@ INSTALL_FAIL2BAN=true
# Available installer: repo | source.
FAIL2BAN_INSTALLER="source"
-FAIL2BAN_VERSION="0.11.2"
+FAIL2BAN_VERSION="1.0.2"
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 5c3dd91c..a6c5c93b 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -61,9 +61,8 @@ jobs:
shellcheck -s bash -x remove.sh
shellcheck -s bash -x bin/lemper-*.sh
shellcheck -s bash -x lib/lemper-*.sh
- shellcheck -s bash -x scripts/helper.sh
- shellcheck -s bash -x scripts/cleanup_server.sh
- shellcheck -s bash -x scripts/secure_server.sh
+ shellcheck -s bash -x scripts/utils.sh
+ shellcheck -s bash -x scripts/server_*.sh
shellcheck -s bash -x scripts/install_*.sh
shellcheck -s bash -x scripts/remove_*.sh
# Simple Unit Tests
@@ -72,6 +71,6 @@ jobs:
TERM: xterm-256color
run: |
set -ex
- sudo bash scripts/cleanup_server.sh
+ sudo bash scripts/server_cleanup.sh
sudo bash scripts/install_dependencies.sh
sudo bash shunit2/run_test.sh
diff --git a/.gitignore b/.gitignore
index c8900cc6..ee1dcaa7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,6 +3,7 @@
.env.bak
.env.save
.travis.yml
+dev-notes.md
install.log
lemper.log
lemper_install.log
diff --git a/etc/nginx/fastcgi_cache b/etc/nginx/fastcgi_cache
index cdf6b19f..d4ebdf46 100644
--- a/etc/nginx/fastcgi_cache
+++ b/etc/nginx/fastcgi_cache
@@ -18,8 +18,8 @@ log_format cache '$remote_addr - $upstream_cache_status [$time_local] '
# Purge cache for request method.
map $request_method $purge_method {
- PURGE 1;
default 0;
+ PURGE 1;
}
# Skip caching for request method.
diff --git a/etc/nginx/fastcgi_https_map b/etc/nginx/fastcgi_https_map
index 5b21ef93..9075f03a 100644
--- a/etc/nginx/fastcgi_https_map
+++ b/etc/nginx/fastcgi_https_map
@@ -5,3 +5,8 @@ map $scheme $server_https {
default off;
https on;
}
+
+map $http_x_forwarded_proto $proto_https {
+ default $scheme;
+ https https;
+}
diff --git a/etc/nginx/fastcgi_params b/etc/nginx/fastcgi_params
index c1c5bb33..e78e2ad2 100644
--- a/etc/nginx/fastcgi_params
+++ b/etc/nginx/fastcgi_params
@@ -3,7 +3,8 @@
# Comment out HTTPS line for PHP behind SSL https.
#fastcgi_param HTTPS on; # old pre .03 method
-#fastcgi_param HTTPS $server_https; # new .04+ map method
+fastcgi_param HTTPS $server_https; # new .04+ map method
+fastcgi_param HTTP_X_FORWARDED_PROTO $proto_https;
# Comment out PATH_TRANSLATED line if /etc/php5/fpm/php.ini sets following:
# cgi.fix_pathinfo=0
diff --git a/etc/nginx/http_proxy_ips b/etc/nginx/http_proxy_ips
index f2fe4970..0dced640 100644
--- a/etc/nginx/http_proxy_ips
+++ b/etc/nginx/http_proxy_ips
@@ -1,6 +1,6 @@
## Designed to be included to /etc/nginx/nginx.conf http{} or server{} block
-# Varnish HTTP Accelerator
+# HTTP Accelerator or Load Balancer.
set_real_ip_from 127.0.0.1/32;
# Header
diff --git a/etc/nginx/includes/compression_brotli.conf b/etc/nginx/includes/compression_brotli.conf
index 92b0ee0f..8b4b8531 100644
--- a/etc/nginx/includes/compression_brotli.conf
+++ b/etc/nginx/includes/compression_brotli.conf
@@ -66,9 +66,9 @@ brotli_buffers 16 8k;
brotli_window 512k;
# Up the minimum length a little to account for gzip overhead
-# this means anything smaller than 1024 bytes won't be compressed.
+# this means anything smaller than 256 bytes won't be compressed.
# The default is 20 bytes, which is sooo tiny it's a waste to compress.
-brotli_min_length 1024;
+brotli_min_length 256;
# Custom header.
add_header X-Powered-By "LEMPer/Brotli";
diff --git a/etc/nginx/includes/compression_gzip.conf b/etc/nginx/includes/compression_gzip.conf
index f3086214..c58ca38d 100644
--- a/etc/nginx/includes/compression_gzip.conf
+++ b/etc/nginx/includes/compression_gzip.conf
@@ -79,9 +79,9 @@ gzip_vary on;
gzip_buffers 16 8k;
# Up the minimum length a little to account for gzip overhead
-# this means anything smaller than 1024 bytes won't be compressed.
+# this means anything smaller than 256 bytes won't be compressed.
# The default is 20 bytes, which is sooo tiny it's a waste to compress.
-gzip_min_length 1024;
+gzip_min_length 256;
# Custom header.
add_header X-Powered-By "LEMPer/Gzip";
diff --git a/etc/nginx/includes/fastcgi_cache.conf b/etc/nginx/includes/fastcgi_cache.conf
index 708ec4f2..f28004e3 100644
--- a/etc/nginx/includes/fastcgi_cache.conf
+++ b/etc/nginx/includes/fastcgi_cache.conf
@@ -16,8 +16,8 @@ fastcgi_no_cache $http_pragma $http_authorization;
fastcgi_cache_purge $purge_method;
-# Ignore header
-fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
+# Ignore header (Added Pragma, crosscheck first)
+fastcgi_ignore_headers Cache-Control Expires Pragma Set-Cookie;
# Header status
add_header X-FastCGI-Cache $upstream_cache_status;
diff --git a/etc/nginx/includes/ssl.conf b/etc/nginx/includes/ssl.conf
index a1f34285..ffefe3f8 100644
--- a/etc/nginx/includes/ssl.conf
+++ b/etc/nginx/includes/ssl.conf
@@ -1,8 +1,10 @@
# Enables SSL (deprecated on http2).
#ssl on;
+# --- Common definitions for HTTPS content --- #
+
# Optimize SSL by caching session parameters for 10 minutes. This cuts down on the number of expensive SSL handshakes.
-ssl_session_cache shared:LEMPer_SSL:10m; # a 1mb cache can hold about 4000 sessions
+ssl_session_cache shared:LEMPer_SSL:50m; # a 1mb cache can hold about 4000 sessions
ssl_session_timeout 1d;
# SSL buffer size was added in 1.5.9
@@ -14,25 +16,33 @@ ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, minimum recommendation 2048 bits.
ssl_dhparam /etc/nginx/ssl/dhparam-2048.pem;
-# If you need to support older browsers (IE6) you may need to add
-# SSLv2 SSLv3 TLSv1 TLSv1.1 to the list of protocols below.
-ssl_protocols TLSv1.2 TLSv1.3;
+# --- Protocols & Ciphers [start] --- #
-# Enables server-side protection from BEAST attacks.
-# http://blog.ivanristic.com/2013/09/is-beast-still-a-threat.html
+# Maximum client support [enabled by default]
+# Supports Firefox 1, Android 2.3, Chrome 1, Edge 12, IE8 on Windows XP, Java 6, OpenSSL 0.9.8, Opera 5 & Safari 1
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
+ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
ssl_prefer_server_ciphers on;
-# Ciphers set to best allow protection from Beast, while providing forwarding secrecy,
-# as defined by Mozilla (Intermediate Set) - https://wiki.mozilla.org/Security/Server_Side_TLS#Nginx
-ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
+# Intermediate client support [disabled by default]
+# Supports Firefox 27, Android 4.4.2, Chrome 31, Edge, IE 11 on Windows 7, Java 8u31, OpenSSL 1.0.1, Opera 20 & Safari 9
+#ssl_protocols TLSv1.2 TLSv1.3;
+#ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
+#ssl_prefer_server_ciphers off;
+
+# Modern client support [disabled by default]
+# Supports Firefox 63, Android 10.0, Chrome 70, Edge 75, Java 11, OpenSSL 1.1.1, Opera 57 & Safari 12.1
+#ssl_protocols TLSv1.3;
+#ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
+#ssl_prefer_server_ciphers off;
# Specifies a curve for ECDHE ciphers, default is auto.
ssl_ecdh_curve prime256v1:secp384r1;
# Enable OCSP stapling (mechanism by which a site can convey certificate revocation information to visitors in a privacy-preserving, scalable manner)
# http://blog.mozilla.org/security/2013/07/29/ocsp-stapling-in-firefox/
-ssl_stapling on;
-ssl_stapling_verify on;
+#ssl_stapling on;
+#ssl_stapling_verify on;
# Reduce SSL buffer size.
ssl_buffer_size 4k; # Default = 16k
@@ -55,4 +65,4 @@ resolver_timeout 5s;
# This header tells browsers to cache the certificate for a year and to connect exclusively via HTTPS.
#add_header Strict-Transport-Security "max-age=31536000;" always;
# This version tells browsers to treat all subdomains the same as this site and to load exclusively over HTTPS
-add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload;";
\ No newline at end of file
+add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload;";
diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf
index 879fbb24..3870d261 100644
--- a/etc/nginx/nginx.conf
+++ b/etc/nginx/nginx.conf
@@ -60,6 +60,8 @@ http {
# Optimization settings.
aio threads;
sendfile on;
+ # Limit the amount of data transferred in a single sendfile() call to 1MB.
+ sendfile_max_chunk 1m;
tcp_nopush on;
tcp_nodelay on;
client_body_buffer_size 128k;
@@ -80,8 +82,8 @@ http {
# Enable Compression.
# gzip (default) or brotli (requires Nginx installed with brotli module).
- # TODO: Move to per site config.
- #include /etc/nginx/comp_gzip;
+ # Moved to per site config.
+ ##include /etc/nginx/compression_gzip;
# Uncomment to enable FastCGI cache. If disabled, do not use the cached vhost setting.
include /etc/nginx/fastcgi_cache;
@@ -91,7 +93,7 @@ http {
# Upstream, ex: for Node.JS application server.
# TODO: Move to per site config.
- #include /etc/nginx/upstream;
+ ##include /etc/nginx/upstream;
# SSL map.
include /etc/nginx/fastcgi_https_map;
diff --git a/etc/nginx/sites-available/default b/etc/nginx/sites-available/default
index 6dec3964..e48fdcbc 100644
--- a/etc/nginx/sites-available/default
+++ b/etc/nginx/sites-available/default
@@ -11,8 +11,8 @@ server {
#ssl_certificate_key /etc/letsencrypt/live/localhost.localdomain/privkey.pem;
#ssl_trusted_certificate /etc/letsencrypt/live/localhost.localdomain/fullchain.pem;
- access_log /var/log/nginx/localhost.access.log;
- error_log /var/log/nginx/localhost.error.log;
+ access_log /var/log/nginx/localhost.access.log combined buffer=32k;
+ error_log /var/log/nginx/localhost.error.log error;
root /usr/share/nginx/html;
index index.php index.html index.htm;
@@ -24,15 +24,28 @@ server {
include /etc/nginx/vhost/site_default.conf;
- location ~ ^/(status|ping)$ {
+ # Nginx basic status monitoring.
+ location = /nginx_status {
+ stub_status;
+ allow all;
+ auth_basic "Denied";
+ auth_basic_user_file /srv/.htpasswd;
+ access_log off;
+ log_not_found off;
+ }
+
+ # PHP-FPM status monitoring.
+ location ~ ^/php-fpm_(status|ping)$ {
include /etc/nginx/fastcgi_params;
- fastcgi_pass unix:/run/php/php7.4-fpm.sock;
+ fastcgi_pass unix:/run/php/php8.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $fastcgi_script_name;
allow all;
auth_basic "Denied";
auth_basic_user_file /srv/.htpasswd;
+ access_log off;
+ log_not_found off;
}
location ~ \.php81$ {
@@ -46,7 +59,7 @@ server {
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
}
- location ~ \.php80$ {
+ location ~ \.(php|php80)$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
@@ -56,7 +69,7 @@ server {
fastcgi_pass unix:/run/php/php8.0-fpm.sock;
}
- location ~ \.(php|php74)$ {
+ location ~ \.php74$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
@@ -132,8 +145,8 @@ server {
index index.php index.html index.htm;
# Log Settings.
- access_log /var/log/nginx/localhost.access.log;
- error_log /var/log/nginx/localhost.error.log;
+ access_log /var/log/nginx/localhost.access.log combined buffer=32k;
+ error_log /var/log/nginx/localhost.error.log error;
location /lcp {
try_files $uri $uri/ /index.php?$args;
@@ -161,7 +174,7 @@ server {
# Uncomment to Enable PHP FastCGI cache.
#include /etc/nginx/includes/fastcgi_cache.conf;
- fastcgi_pass unix:/run/php/php7.4-fpm.sock;
+ fastcgi_pass unix:/run/php/php8.0-fpm.sock;
}
}
@@ -175,7 +188,7 @@ server {
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
}
- location ~ \.php80$ {
+ location ~ \.(php|php80)$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
@@ -185,7 +198,7 @@ server {
fastcgi_pass unix:/run/php/php8.0-fpm.sock;
}
- location ~ \.(php|php74)$ {
+ location ~ \.php74$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
diff --git a/etc/openssl/ca.conf b/etc/openssl/ca.conf
new file mode 100644
index 00000000..da3c2832
--- /dev/null
+++ b/etc/openssl/ca.conf
@@ -0,0 +1,20 @@
+[ca]
+default_ca = CA_default # The default ca section
+
+[CA_default]
+default_days = 36500 # How long to certify for
+
+[req]
+default_bits = 2048
+default_md = sha256
+distinguished_name = ca_dn
+prompt = no
+
+[ca_dn]
+C = ID
+ST = Jakarta
+L = Jakarta
+O = LEMPer
+OU = LEMPer Stack
+CN = demo.lemper.cloud
+emailAddress = cert@lemper.cloud
diff --git a/etc/openssl/cert.conf b/etc/openssl/cert.conf
new file mode 100644
index 00000000..8fa9e596
--- /dev/null
+++ b/etc/openssl/cert.conf
@@ -0,0 +1,7 @@
+authorityKeyIdentifier=keyid,issuer
+basicConstraints=CA:FALSE
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = demo.lemper.cloud
diff --git a/etc/openssl/csr.conf b/etc/openssl/csr.conf
new file mode 100644
index 00000000..6de7c714
--- /dev/null
+++ b/etc/openssl/csr.conf
@@ -0,0 +1,23 @@
+[req]
+default_bits = 2048
+default_md = sha256
+distinguished_name = dn
+prompt = no
+req_extensions = req_ext
+
+[dn]
+C = ID
+ST = Jakarta
+L = Jakarta
+O = LEMPer
+OU = LEMPer Stack
+CN = demo.lemper.cloud
+
+[req_ext]
+subjectAltName = @alt_names
+
+[alt_names]
+DNS.1 = demo.lemper.cloud
+DNS.2 = www.demo.lemper.cloud
+IP.1 = 192.168.1.1
+IP.2 = 192.168.1.1
diff --git a/etc/php/5.6/fpm/pool.d/lemper.conf b/etc/php/5.6/fpm/pool.d/lemper.conf
index c3ec932c..ccde45e0 100644
--- a/etc/php/5.6/fpm/pool.d/lemper.conf
+++ b/etc/php/5.6/fpm/pool.d/lemper.conf
@@ -18,8 +18,8 @@ pm.max_spare_servers = 20
pm.process_idle_timeout = 30s
pm.max_requests = 500
-pm.status_path = /status
-ping.path = /ping
+pm.status_path = /php-fpm_status
+ping.path = /php-fpm_ping
slowlog = /home/lemper/logs/php/php5.6-fpm_slow.log
request_slowlog_timeout = 10s
diff --git a/etc/php/5.6/fpm/pool.d/www.conf b/etc/php/5.6/fpm/pool.d/www.conf
index a89d675e..b59e3674 100644
--- a/etc/php/5.6/fpm/pool.d/www.conf
+++ b/etc/php/5.6/fpm/pool.d/www.conf
@@ -201,7 +201,7 @@ pm.max_requests = 500
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /fpm_status
-pm.status_path = /status
+pm.status_path = /php-fpm_status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
@@ -214,7 +214,7 @@ pm.status_path = /status
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
-ping.path = /ping
+ping.path = /php-fpm_ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
diff --git a/etc/php/7.0/fpm/pool.d/lemper.conf b/etc/php/7.0/fpm/pool.d/lemper.conf
index efc6e804..2bb33792 100644
--- a/etc/php/7.0/fpm/pool.d/lemper.conf
+++ b/etc/php/7.0/fpm/pool.d/lemper.conf
@@ -18,8 +18,8 @@ pm.max_spare_servers = 20
pm.process_idle_timeout = 30s
pm.max_requests = 500
-pm.status_path = /status
-ping.path = /ping
+pm.status_path = /php-fpm_status
+ping.path = /php-fpm_ping
slowlog = /home/lemper/logs/php/php7.0-fpm_slow.log
request_slowlog_timeout = 10s
diff --git a/etc/php/7.0/fpm/pool.d/www.conf b/etc/php/7.0/fpm/pool.d/www.conf
index 42026405..6264c25f 100644
--- a/etc/php/7.0/fpm/pool.d/www.conf
+++ b/etc/php/7.0/fpm/pool.d/www.conf
@@ -230,7 +230,7 @@ pm.max_spare_servers = 3
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
-pm.status_path = /status
+pm.status_path = /php-fpm_status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
@@ -243,7 +243,7 @@ pm.status_path = /status
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
-ping.path = /ping
+ping.path = /php-fpm_ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
diff --git a/etc/php/7.1/fpm/pool.d/lemper.conf b/etc/php/7.1/fpm/pool.d/lemper.conf
index 39f3ef05..aa9be1e4 100644
--- a/etc/php/7.1/fpm/pool.d/lemper.conf
+++ b/etc/php/7.1/fpm/pool.d/lemper.conf
@@ -18,8 +18,8 @@ pm.max_spare_servers = 20
pm.process_idle_timeout = 30s
pm.max_requests = 500
-pm.status_path = /status
-ping.path = /ping
+pm.status_path = /php-fpm_status
+ping.path = /php-fpm_ping
slowlog = /home/lemper/logs/php/php7.1-fpm_slow.log
request_slowlog_timeout = 10s
diff --git a/etc/php/7.1/fpm/pool.d/www.conf b/etc/php/7.1/fpm/pool.d/www.conf
index 604a35eb..2de7c27f 100644
--- a/etc/php/7.1/fpm/pool.d/www.conf
+++ b/etc/php/7.1/fpm/pool.d/www.conf
@@ -230,7 +230,7 @@ pm.max_spare_servers = 3
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
-pm.status_path = /status
+pm.status_path = /php-fpm_status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
@@ -243,7 +243,7 @@ pm.status_path = /status
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
-ping.path = /ping
+ping.path = /php-fpm_ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
diff --git a/etc/php/7.2/fpm/pool.d/lemper.conf b/etc/php/7.2/fpm/pool.d/lemper.conf
index 4bc564d2..d5be5108 100644
--- a/etc/php/7.2/fpm/pool.d/lemper.conf
+++ b/etc/php/7.2/fpm/pool.d/lemper.conf
@@ -18,8 +18,8 @@ pm.max_spare_servers = 20
pm.process_idle_timeout = 30s
pm.max_requests = 500
-pm.status_path = /status
-ping.path = /ping
+pm.status_path = /php-fpm_status
+ping.path = /php-fpm_ping
slowlog = /home/lemper/logs/php/php7.2-fpm_slow.log
request_slowlog_timeout = 10s
diff --git a/etc/php/7.2/fpm/pool.d/www.conf b/etc/php/7.2/fpm/pool.d/www.conf
index 956350f0..1bde0dbc 100644
--- a/etc/php/7.2/fpm/pool.d/www.conf
+++ b/etc/php/7.2/fpm/pool.d/www.conf
@@ -230,7 +230,7 @@ pm.max_spare_servers = 3
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
-pm.status_path = /status
+pm.status_path = /php-fpm_status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
@@ -243,7 +243,7 @@ pm.status_path = /status
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
-ping.path = /ping
+ping.path = /php-fpm_ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
diff --git a/etc/php/7.3/fpm/pool.d/lemper.conf b/etc/php/7.3/fpm/pool.d/lemper.conf
index 5064c21c..7d7dad0f 100644
--- a/etc/php/7.3/fpm/pool.d/lemper.conf
+++ b/etc/php/7.3/fpm/pool.d/lemper.conf
@@ -18,8 +18,8 @@ pm.max_spare_servers = 20
pm.process_idle_timeout = 30s
pm.max_requests = 500
-pm.status_path = /status
-ping.path = /ping
+pm.status_path = /php-fpm_status
+ping.path = /php-fpm_ping
slowlog = /home/lemper/logs/php/php7.3-fpm_slow.log
request_slowlog_timeout = 10s
diff --git a/etc/php/7.3/fpm/pool.d/www.conf b/etc/php/7.3/fpm/pool.d/www.conf
index c119cce7..800bedf2 100644
--- a/etc/php/7.3/fpm/pool.d/www.conf
+++ b/etc/php/7.3/fpm/pool.d/www.conf
@@ -236,7 +236,7 @@ pm.max_spare_servers = 3
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
-pm.status_path = /status
+pm.status_path = /php-fpm_status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
@@ -249,7 +249,7 @@ pm.status_path = /status
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
-ping.path = /ping
+ping.path = /php-fpm_ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
diff --git a/etc/php/7.4/fpm/pool.d/lemper.conf b/etc/php/7.4/fpm/pool.d/lemper.conf
index 2d490ffb..d69a2bdb 100644
--- a/etc/php/7.4/fpm/pool.d/lemper.conf
+++ b/etc/php/7.4/fpm/pool.d/lemper.conf
@@ -18,8 +18,8 @@ pm.max_spare_servers = 20
pm.process_idle_timeout = 30s
pm.max_requests = 500
-pm.status_path = /status
-ping.path = /ping
+pm.status_path = /php-fpm_status
+ping.path = /php-fpm_ping
slowlog = /home/lemper/logs/php/php7.4-fpm_slow.log
request_slowlog_timeout = 10s
diff --git a/etc/php/7.4/fpm/pool.d/www.conf b/etc/php/7.4/fpm/pool.d/www.conf
index 80a85d76..699f9ffe 100644
--- a/etc/php/7.4/fpm/pool.d/www.conf
+++ b/etc/php/7.4/fpm/pool.d/www.conf
@@ -236,7 +236,7 @@ pm.max_spare_servers = 3
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
-pm.status_path = /status
+pm.status_path = /php-fpm_status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
@@ -249,7 +249,7 @@ pm.status_path = /status
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
-ping.path = /ping
+ping.path = /php-fpm_ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
diff --git a/etc/php/8.0/fpm/php-fpm.conf b/etc/php/8.0/fpm/php-fpm.conf
index c501100b..18e81ee6 100644
--- a/etc/php/8.0/fpm/php-fpm.conf
+++ b/etc/php/8.0/fpm/php-fpm.conf
@@ -21,7 +21,7 @@ pid = /run/php/php8.0-fpm.pid
; into a local file.
; Note: the default prefix is /var
; Default Value: log/php-fpm.log
-error_log = /var/log/php/php8.0-fpm.log
+error_log = /var/log/php/php8.0-fpm_error.log
; syslog_facility is used to specify what type of program is logging the
; message. This lets syslogd specify that messages from different facilities
diff --git a/etc/php/8.0/fpm/pool.d/lemper.conf b/etc/php/8.0/fpm/pool.d/lemper.conf
index 181ffd45..032358ce 100644
--- a/etc/php/8.0/fpm/pool.d/lemper.conf
+++ b/etc/php/8.0/fpm/pool.d/lemper.conf
@@ -15,11 +15,12 @@ pm.max_children = 30
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 20
-pm.process_idle_timeout = 30s
+; Note: Used only when pm is set to 'ondemand'
+;pm.process_idle_timeout = 30s
pm.max_requests = 500
-pm.status_path = /status
-ping.path = /ping
+pm.status_path = /php-fpm_status
+ping.path = /php-fpm_ping
slowlog = /home/lemper/logs/php/php8.0-fpm_slow.log
request_slowlog_timeout = 10s
@@ -37,17 +38,16 @@ php_admin_value[open_basedir] = /home/lemper
;php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,passthru,popen,proc_open,shell_exec,system
;php_admin_value[disable_classes] =
php_admin_flag[log_errors] = on
-php_admin_value[error_log] = /home/lemper/logs/php/php8.0-fpm.log
+php_admin_value[error_log] = /home/lemper/logs/php/php8.0-fpm_error.log
php_admin_value[sys_temp_dir] = /home/lemper/.lemper/tmp
php_admin_value[upload_tmp_dir] = /home/lemper/.lemper/tmp
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
-php_admin_value[opcache.file_cache] = /home/lemper/.lemper/tmp/php_opcache
; Configuration below can be overwritten from PHP call 'ini_set'.
php_flag[short_open_tag] = off
php_value[max_execution_time] = 300
php_value[max_input_time] = 60
-php_value[memory_limit] = 128M
+php_value[memory_limit] = 256M
php_value[post_max_size] = 50M
php_flag[file_uploads] = on
php_value[upload_max_filesize] = 50M
@@ -57,4 +57,8 @@ php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT
php_flag[display_errors] = on
php_flag[cgi.fix_pathinfo] = 1
php_value[date.timezone] = UTC
-php_value[session.save_path] = /home/lemper/.lemper/tmp/php_sessions
+php_value[session.save_handler] = files
+php_value[session.save_path] = /home/lemper/.lemper/php/sessions
+php_value[soap.wsdl_cache_dir] = /home/lemper/.lemper/php/wsdlcache
+php_value[opcache.file_cache] = /home/lemper/.lemper/php/opcache
+php_value[opcache.error_log] = /home/lemper/logs/php/php8.0-opcache_error.log
diff --git a/etc/php/8.0/fpm/pool.d/www.conf b/etc/php/8.0/fpm/pool.d/www.conf
index d25d3494..cdb2bb32 100644
--- a/etc/php/8.0/fpm/pool.d/www.conf
+++ b/etc/php/8.0/fpm/pool.d/www.conf
@@ -33,7 +33,7 @@ group = www-data
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
-listen = /run/php/php8.0-fpm.sock
+listen = /run/php/php8.0-fpm.$pool.sock
; Set listen(2) backlog.
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
@@ -47,6 +47,7 @@ listen = /run/php/php8.0-fpm.sock
listen.owner = www-data
listen.group = www-data
;listen.mode = 0660
+
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
@@ -236,7 +237,7 @@ pm.max_spare_servers = 3
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
-pm.status_path = /status
+pm.status_path = /php-fpm_status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
@@ -249,7 +250,7 @@ pm.status_path = /status
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
-ping.path = /ping
+ping.path = /php-fpm_ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
@@ -435,11 +436,10 @@ php_admin_value[open_basedir] = /usr/share/nginx/html
;php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,passthru,popen,proc_open,shell_exec,system
;php_admin_value[disable_classes] =
php_admin_flag[log_errors] = on
-php_admin_value[error_log] = /var/log/php/php8.0-fpm.$pool.log
+php_admin_value[error_log] = /var/log/php/php8.0-fpm.$pool_error.log
php_admin_value[sys_temp_dir] = /usr/share/nginx/html/.lemper/tmp
php_admin_value[upload_tmp_dir] = /usr/share/nginx/html/.lemper/tmp
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
-php_admin_value[opcache.file_cache] = /usr/share/nginx/html/.lemper/tmp/php_opcache
; Configuration below can be overwritten from PHP call 'ini_set'.
php_flag[short_open_tag] = off
@@ -455,4 +455,7 @@ php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT
php_flag[display_errors] = on
php_flag[cgi.fix_pathinfo] = 1
php_value[date.timezone] = UTC
-php_value[session.save_path] = /usr/share/nginx/html/.lemper/tmp/php_sessions
+php_value[session.save_handler] = files
+php_value[session.save_path] = /usr/share/nginx/html/.lemper/php/sessions
+php_value[soap.wsdl_cache_dir] = /usr/share/nginx/html/.lemper/php/wsdlcache
+php_value[opcache.file_cache] = /usr/share/nginx/html/.lemper/php/opcache
diff --git a/etc/php/8.1/fpm/pool.d/lemper.conf b/etc/php/8.1/fpm/pool.d/lemper.conf
index f5bd373a..2f2bf762 100644
--- a/etc/php/8.1/fpm/pool.d/lemper.conf
+++ b/etc/php/8.1/fpm/pool.d/lemper.conf
@@ -18,8 +18,8 @@ pm.max_spare_servers = 20
pm.process_idle_timeout = 30s
pm.max_requests = 500
-pm.status_path = /status
-ping.path = /ping
+pm.status_path = /php-fpm_status
+ping.path = /php-fpm_ping
slowlog = /home/lemper/logs/php/php8.1-fpm_slow.log
request_slowlog_timeout = 10s
diff --git a/etc/php/8.1/fpm/pool.d/www.conf b/etc/php/8.1/fpm/pool.d/www.conf
index 8240fb83..d77e62fd 100644
--- a/etc/php/8.1/fpm/pool.d/www.conf
+++ b/etc/php/8.1/fpm/pool.d/www.conf
@@ -46,7 +46,8 @@ listen = /run/php/php8.1-fpm.sock
; mode is set to 0660
listen.owner = www-data
listen.group = www-data
-;listen.mode = 0660
+listen.mode = 0660
+
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
@@ -236,7 +237,7 @@ pm.max_spare_servers = 3
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
-pm.status_path = /status
+pm.status_path = /php-fpm_status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
@@ -249,7 +250,7 @@ pm.status_path = /status
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
-ping.path = /ping
+ping.path = /php-fpm_ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
@@ -435,11 +436,10 @@ php_admin_value[open_basedir] = /usr/share/nginx/html
;php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,exec,passthru,popen,proc_open,shell_exec,system
;php_admin_value[disable_classes] =
php_admin_flag[log_errors] = on
-php_admin_value[error_log] = /var/log/php/php8.1-fpm.$pool.log
+php_admin_value[error_log] = /var/log/php/php8.0-fpm.$pool_error.log
php_admin_value[sys_temp_dir] = /usr/share/nginx/html/.lemper/tmp
php_admin_value[upload_tmp_dir] = /usr/share/nginx/html/.lemper/tmp
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
-php_admin_value[opcache.file_cache] = /usr/share/nginx/html/.lemper/tmp/php_opcache
; Configuration below can be overwritten from PHP call 'ini_set'.
php_flag[short_open_tag] = off
@@ -455,4 +455,7 @@ php_value[error_reporting] = E_ALL & ~E_DEPRECATED & ~E_STRICT
php_flag[display_errors] = on
php_flag[cgi.fix_pathinfo] = 1
php_value[date.timezone] = UTC
-php_value[session.save_path] = /usr/share/nginx/html/.lemper/tmp/php_sessions
+php_value[session.save_handler] = files
+php_value[session.save_path] = /usr/share/nginx/html/.lemper/php/sessions
+php_value[soap.wsdl_cache_dir] = /usr/share/nginx/html/.lemper/php/wsdlcache
+php_value[opcache.file_cache] = /usr/share/nginx/html/.lemper/php/opcache
diff --git a/etc/php/8.2/fpm/php-fpm.conf b/etc/php/8.2/fpm/php-fpm.conf
new file mode 100644
index 00000000..e5cfcc5f
--- /dev/null
+++ b/etc/php/8.2/fpm/php-fpm.conf
@@ -0,0 +1,146 @@
+;;;;;;;;;;;;;;;;;;;;;
+; FPM Configuration ;
+;;;;;;;;;;;;;;;;;;;;;
+
+; All relative paths in this configuration file are relative to PHP's install
+; prefix (/usr). This prefix can be dynamically changed by using the
+; '-p' argument from the command line.
+
+;;;;;;;;;;;;;;;;;;
+; Global Options ;
+;;;;;;;;;;;;;;;;;;
+
+[global]
+; Pid file
+; Note: the default prefix is /var
+; Default Value: none
+pid = /run/php/php8.2-fpm.pid
+
+; Error log file
+; If it's set to "syslog", log is sent to syslogd instead of being written
+; into a local file.
+; Note: the default prefix is /var
+; Default Value: log/php-fpm.log
+error_log = /var/log/php/php8.2-fpm.log
+
+; syslog_facility is used to specify what type of program is logging the
+; message. This lets syslogd specify that messages from different facilities
+; will be handled differently.
+; See syslog(3) for possible values (ex daemon equiv LOG_DAEMON)
+; Default Value: daemon
+;syslog.facility = daemon
+
+; syslog_ident is prepended to every message. If you have multiple FPM
+; instances running on the same server, you can change the default value
+; which must suit common needs.
+; Default Value: php-fpm
+;syslog.ident = php-fpm
+
+; Log level
+; Possible Values: alert, error, warning, notice, debug
+; Default Value: notice
+;log_level = notice
+
+; Log limit on number of characters in the single line (log entry). If the
+; line is over the limit, it is wrapped on multiple lines. The limit is for
+; all logged characters including message prefix and suffix if present. However
+; the new line character does not count into it as it is present only when
+; logging to a file descriptor. It means the new line character is not present
+; when logging to syslog.
+; Default Value: 1024
+;log_limit = 4096
+
+; Log buffering specifies if the log line is buffered which means that the
+; line is written in a single write operation. If the value is false, then the
+; data is written directly into the file descriptor. It is an experimental
+; option that can potentionaly improve logging performance and memory usage
+; for some heavy logging scenarios. This option is ignored if logging to syslog
+; as it has to be always buffered.
+; Default value: yes
+;log_buffering = no
+
+; If this number of child processes exit with SIGSEGV or SIGBUS within the time
+; interval set by emergency_restart_interval then FPM will restart. A value
+; of '0' means 'Off'.
+; Default Value: 0
+;emergency_restart_threshold = 0
+emergency_restart_threshold = 10
+
+; Interval of time used by emergency_restart_interval to determine when
+; a graceful restart will be initiated. This can be useful to work around
+; accidental corruptions in an accelerator's shared memory.
+; Available Units: s(econds), m(inutes), h(ours), or d(ays)
+; Default Unit: seconds
+; Default Value: 0
+;emergency_restart_interval = 0
+emergency_restart_interval = 60
+
+; Time limit for child processes to wait for a reaction on signals from master.
+; Available units: s(econds), m(inutes), h(ours), or d(ays)
+; Default Unit: seconds
+; Default Value: 0
+;process_control_timeout = 0
+process_control_timeout = 10
+
+; The maximum number of processes FPM will fork. This has been designed to control
+; the global number of processes when using dynamic PM within a lot of pools.
+; Use it with caution.
+; Note: A value of 0 indicates no limit
+; Default Value: 0
+; process.max = 128
+
+; Specify the nice(2) priority to apply to the master process (only if set)
+; The value can vary from -19 (highest priority) to 20 (lowest priority)
+; Note: - It will only work if the FPM master process is launched as root
+; - The pool process will inherit the master process priority
+; unless specified otherwise
+; Default Value: no set
+; process.priority = -19
+
+; Send FPM to background. Set to 'no' to keep FPM in foreground for debugging.
+; Default Value: yes
+;daemonize = yes
+
+; Set open file descriptor rlimit for the master process.
+; Default Value: system defined value
+;rlimit_files = 1024
+
+; Set max core size rlimit for the master process.
+; Possible Values: 'unlimited' or an integer greater or equal to 0
+; Default Value: system defined value
+;rlimit_core = 0
+
+; Specify the event mechanism FPM will use. The following is available:
+; - select (any POSIX os)
+; - poll (any POSIX os)
+; - epoll (linux >= 2.5.44)
+; - kqueue (FreeBSD >= 4.1, OpenBSD >= 2.9, NetBSD >= 2.0)
+; - /dev/poll (Solaris >= 7)
+; - port (Solaris >= 10)
+; Default Value: not set (auto detection)
+;events.mechanism = epoll
+
+; When FPM is built with systemd integration, specify the interval,
+; in seconds, between health report notification to systemd.
+; Set to 0 to disable.
+; Available Units: s(econds), m(inutes), h(ours)
+; Default Unit: seconds
+; Default value: 10
+;systemd_interval = 10
+
+;;;;;;;;;;;;;;;;;;;;
+; Pool Definitions ;
+;;;;;;;;;;;;;;;;;;;;
+
+; Multiple pools of child processes may be started with different listening
+; ports and different management options. The name of the pool will be
+; used in logs and stats. There is no limitation on the number of pools which
+; FPM can handle. Your system will tell you anyway :)
+
+; Include one or more files. If glob(3) exists, it is used to include a bunch of
+; files from a glob(3) pattern. This directive can be used everywhere in the
+; file.
+; Relative path can also be used. They will be prefixed by:
+; - the global prefix if it's been set (-p argument)
+; - /usr otherwise
+include=/etc/php/8.2/fpm/pool.d/*.conf
diff --git a/etc/php/8.2/fpm/php.ini b/etc/php/8.2/fpm/php.ini
new file mode 100644
index 00000000..6420ae6e
--- /dev/null
+++ b/etc/php/8.2/fpm/php.ini
@@ -0,0 +1,1936 @@
+[PHP]
+
+;;;;;;;;;;;;;;;;;;;
+; About php.ini ;
+;;;;;;;;;;;;;;;;;;;
+; PHP's initialization file, generally called php.ini, is responsible for
+; configuring many of the aspects of PHP's behavior.
+
+; PHP attempts to find and load this configuration from a number of locations.
+; The following is a summary of its search order:
+; 1. SAPI module specific location.
+; 2. The PHPRC environment variable. (As of PHP 5.2.0)
+; 3. A number of predefined registry keys on Windows (As of PHP 5.2.0)
+; 4. Current working directory (except CLI)
+; 5. The web server's directory (for SAPI modules), or directory of PHP
+; (otherwise in Windows)
+; 6. The directory from the --with-config-file-path compile time option, or the
+; Windows directory (usually C:\windows)
+; See the PHP docs for more specific information.
+; http://php.net/configuration.file
+
+; The syntax of the file is extremely simple. Whitespace and lines
+; beginning with a semicolon are silently ignored (as you probably guessed).
+; Section headers (e.g. [Foo]) are also silently ignored, even though
+; they might mean something in the future.
+
+; Directives following the section heading [PATH=/www/mysite] only
+; apply to PHP files in the /www/mysite directory. Directives
+; following the section heading [HOST=www.example.com] only apply to
+; PHP files served from www.example.com. Directives set in these
+; special sections cannot be overridden by user-defined INI files or
+; at runtime. Currently, [PATH=] and [HOST=] sections only work under
+; CGI/FastCGI.
+; http://php.net/ini.sections
+
+; Directives are specified using the following syntax:
+; directive = value
+; Directive names are *case sensitive* - foo=bar is different from FOO=bar.
+; Directives are variables used to configure PHP or PHP extensions.
+; There is no name validation. If PHP can't find an expected
+; directive because it is not set or is mistyped, a default value will be used.
+
+; The value can be a string, a number, a PHP constant (e.g. E_ALL or M_PI), one
+; of the INI constants (On, Off, True, False, Yes, No and None) or an expression
+; (e.g. E_ALL & ~E_NOTICE), a quoted string ("bar"), or a reference to a
+; previously set variable or directive (e.g. ${foo})
+
+; Expressions in the INI file are limited to bitwise operators and parentheses:
+; | bitwise OR
+; ^ bitwise XOR
+; & bitwise AND
+; ~ bitwise NOT
+; ! boolean NOT
+
+; Boolean flags can be turned on using the values 1, On, True or Yes.
+; They can be turned off using the values 0, Off, False or No.
+
+; An empty string can be denoted by simply not writing anything after the equal
+; sign, or by using the None keyword:
+
+; foo = ; sets foo to an empty string
+; foo = None ; sets foo to an empty string
+; foo = "None" ; sets foo to the string 'None'
+
+; If you use constants in your value, and these constants belong to a
+; dynamically loaded extension (either a PHP extension or a Zend extension),
+; you may only use these constants *after* the line that loads the extension.
+
+;;;;;;;;;;;;;;;;;;;
+; About this file ;
+;;;;;;;;;;;;;;;;;;;
+; PHP comes packaged with two INI files. One that is recommended to be used
+; in production environments and one that is recommended to be used in
+; development environments.
+
+; php.ini-production contains settings which hold security, performance and
+; best practices at its core. But please be aware, these settings may break
+; compatibility with older or less security conscience applications. We
+; recommending using the production ini in production and testing environments.
+
+; php.ini-development is very similar to its production variant, except it is
+; much more verbose when it comes to errors. We recommend using the
+; development version only in development environments, as errors shown to
+; application users can inadvertently leak otherwise secure information.
+
+; This is the php.ini-production INI file.
+
+;;;;;;;;;;;;;;;;;;;
+; Quick Reference ;
+;;;;;;;;;;;;;;;;;;;
+; The following are all the settings which are different in either the production
+; or development versions of the INIs with respect to PHP's default behavior.
+; Please see the actual settings later in the document for more details as to why
+; we recommend these changes in PHP's behavior.
+
+; display_errors
+; Default Value: On
+; Development Value: On
+; Production Value: Off
+
+; display_startup_errors
+; Default Value: Off
+; Development Value: On
+; Production Value: Off
+
+; error_reporting
+; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
+; Development Value: E_ALL
+; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
+
+; log_errors
+; Default Value: Off
+; Development Value: On
+; Production Value: On
+
+; max_input_time
+; Default Value: -1 (Unlimited)
+; Development Value: 60 (60 seconds)
+; Production Value: 60 (60 seconds)
+
+; output_buffering
+; Default Value: Off
+; Development Value: 4096
+; Production Value: 4096
+
+; register_argc_argv
+; Default Value: On
+; Development Value: Off
+; Production Value: Off
+
+; request_order
+; Default Value: None
+; Development Value: "GP"
+; Production Value: "GP"
+
+; session.gc_divisor
+; Default Value: 100
+; Development Value: 1000
+; Production Value: 1000
+
+; session.sid_bits_per_character
+; Default Value: 4
+; Development Value: 5
+; Production Value: 5
+
+; short_open_tag
+; Default Value: On
+; Development Value: Off
+; Production Value: Off
+
+; track_errors
+; Default Value: Off
+; Development Value: On
+; Production Value: Off
+
+; variables_order
+; Default Value: "EGPCS"
+; Development Value: "GPCS"
+; Production Value: "GPCS"
+
+;;;;;;;;;;;;;;;;;;;;
+; php.ini Options ;
+;;;;;;;;;;;;;;;;;;;;
+; Name for user-defined php.ini (.htaccess) files. Default is ".user.ini"
+;user_ini.filename = ".user.ini"
+
+; To disable this feature set this option to an empty value
+;user_ini.filename =
+
+; TTL for user-defined php.ini files (time-to-live) in seconds. Default is 300 seconds (5 minutes)
+;user_ini.cache_ttl = 300
+
+;;;;;;;;;;;;;;;;;;;;
+; Language Options ;
+;;;;;;;;;;;;;;;;;;;;
+
+; Enable the PHP scripting language engine under Apache.
+; http://php.net/engine
+engine = On
+
+; This directive determines whether or not PHP will recognize code between
+; tags as PHP source which should be processed as such. It is
+; generally recommended that should be used and that this feature
+; should be disabled, as enabling it may result in issues when generating XML
+; documents, however this remains supported for backward compatibility reasons.
+; Note that this directive does not control the would work.
+; http://php.net/syntax-highlighting
+;highlight.string = #DD0000
+;highlight.comment = #FF9900
+;highlight.keyword = #007700
+;highlight.default = #0000BB
+;highlight.html = #000000
+
+; If enabled, the request will be allowed to complete even if the user aborts
+; the request. Consider enabling it if executing long requests, which may end up
+; being interrupted by the user or a browser timing out. PHP's default behavior
+; is to disable this feature.
+; http://php.net/ignore-user-abort
+;ignore_user_abort = On
+
+; Determines the size of the realpath cache to be used by PHP. This value should
+; be increased on systems where PHP opens many files to reflect the quantity of
+; the file operations performed.
+; Note: if open_basedir is set, the cache is disabled
+; http://php.net/realpath-cache-size
+;realpath_cache_size = 4096k
+
+; Duration of time, in seconds for which to cache realpath information for a given
+; file or directory. For systems with rarely changing files, consider increasing this
+; value.
+; http://php.net/realpath-cache-ttl
+;realpath_cache_ttl = 120
+
+; Enables or disables the circular reference collector.
+; http://php.net/zend.enable-gc
+zend.enable_gc = On
+
+; If enabled, scripts may be written in encodings that are incompatible with
+; the scanner. CP936, Big5, CP949 and Shift_JIS are the examples of such
+; encodings. To use this feature, mbstring extension must be enabled.
+; Default: Off
+;zend.multibyte = Off
+
+; Allows to set the default encoding for the scripts. This value will be used
+; unless "declare(encoding=...)" directive appears at the top of the script.
+; Only affects if zend.multibyte is set.
+; Default: ""
+;zend.script_encoding =
+
+; Allows to include or exclude arguments from stack traces generated for exceptions
+; Default: Off
+; In production, it is recommended to turn this setting on to prohibit the output
+; of sensitive information in stack traces
+zend.exception_ignore_args = On
+
+;;;;;;;;;;;;;;;;;
+; Miscellaneous ;
+;;;;;;;;;;;;;;;;;
+
+; Decides whether PHP may expose the fact that it is installed on the server
+; (e.g. by adding its signature to the Web server header). It is no security
+; threat in any way, but it makes it possible to determine whether you use PHP
+; on your server or not.
+; http://php.net/expose-php
+expose_php = Off
+
+;;;;;;;;;;;;;;;;;;;
+; Resource Limits ;
+;;;;;;;;;;;;;;;;;;;
+
+; Maximum execution time of each script, in seconds
+; http://php.net/max-execution-time
+; Note: This directive is hardcoded to 0 for the CLI SAPI
+max_execution_time = 30
+
+; Maximum amount of time each script may spend parsing request data. It's a good
+; idea to limit this time on productions servers in order to eliminate unexpectedly
+; long running scripts.
+; Note: This directive is hardcoded to -1 for the CLI SAPI
+; Default Value: -1 (Unlimited)
+; Development Value: 60 (60 seconds)
+; Production Value: 60 (60 seconds)
+; http://php.net/max-input-time
+max_input_time = 60
+
+; Maximum input variable nesting level
+; http://php.net/max-input-nesting-level
+;max_input_nesting_level = 64
+
+; How many GET/POST/COOKIE input variables may be accepted
+;max_input_vars = 1000
+
+; Maximum amount of memory a script may consume (128MB)
+; http://php.net/memory-limit
+memory_limit = 128M
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+; Error handling and logging ;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; This directive informs PHP of which errors, warnings and notices you would like
+; it to take action for. The recommended way of setting values for this
+; directive is through the use of the error level constants and bitwise
+; operators. The error level constants are below here for convenience as well as
+; some common settings and their meanings.
+; By default, PHP is set to take action on all errors, notices and warnings EXCEPT
+; those related to E_NOTICE and E_STRICT, which together cover best practices and
+; recommended coding standards in PHP. For performance reasons, this is the
+; recommend error reporting setting. Your production server shouldn't be wasting
+; resources complaining about best practices and coding standards. That's what
+; development servers and development settings are for.
+; Note: The php.ini-development file has this setting as E_ALL. This
+; means it pretty much reports everything which is exactly what you want during
+; development and early testing.
+;
+; Error Level Constants:
+; E_ALL - All errors and warnings (includes E_STRICT as of PHP 5.4.0)
+; E_ERROR - fatal run-time errors
+; E_RECOVERABLE_ERROR - almost fatal run-time errors
+; E_WARNING - run-time warnings (non-fatal errors)
+; E_PARSE - compile-time parse errors
+; E_NOTICE - run-time notices (these are warnings which often result
+; from a bug in your code, but it's possible that it was
+; intentional (e.g., using an uninitialized variable and
+; relying on the fact it is automatically initialized to an
+; empty string)
+; E_STRICT - run-time notices, enable to have PHP suggest changes
+; to your code which will ensure the best interoperability
+; and forward compatibility of your code
+; E_CORE_ERROR - fatal errors that occur during PHP's initial startup
+; E_CORE_WARNING - warnings (non-fatal errors) that occur during PHP's
+; initial startup
+; E_COMPILE_ERROR - fatal compile-time errors
+; E_COMPILE_WARNING - compile-time warnings (non-fatal errors)
+; E_USER_ERROR - user-generated error message
+; E_USER_WARNING - user-generated warning message
+; E_USER_NOTICE - user-generated notice message
+; E_DEPRECATED - warn about code that will not work in future versions
+; of PHP
+; E_USER_DEPRECATED - user-generated deprecation warnings
+;
+; Common Values:
+; E_ALL (Show all errors, warnings and notices including coding standards.)
+; E_ALL & ~E_NOTICE (Show all errors, except for notices)
+; E_ALL & ~E_NOTICE & ~E_STRICT (Show all errors, except for notices and coding standards warnings.)
+; E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR (Show only errors)
+; Default Value: E_ALL & ~E_NOTICE & ~E_STRICT & ~E_DEPRECATED
+; Development Value: E_ALL
+; Production Value: E_ALL & ~E_DEPRECATED & ~E_STRICT
+; http://php.net/error-reporting
+error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
+
+; This directive controls whether or not and where PHP will output errors,
+; notices and warnings too. Error output is very useful during development, but
+; it could be very dangerous in production environments. Depending on the code
+; which is triggering the error, sensitive information could potentially leak
+; out of your application such as database usernames and passwords or worse.
+; For production environments, we recommend logging errors rather than
+; sending them to STDOUT.
+; Possible Values:
+; Off = Do not display any errors
+; stderr = Display errors to STDERR (affects only CGI/CLI binaries!)
+; On or stdout = Display errors to STDOUT
+; Default Value: On
+; Development Value: On
+; Production Value: Off
+; http://php.net/display-errors
+display_errors = Off
+
+; The display of errors which occur during PHP's startup sequence are handled
+; separately from display_errors. PHP's default behavior is to suppress those
+; errors from clients. Turning the display of startup errors on can be useful in
+; debugging configuration problems. We strongly recommend you
+; set this to 'off' for production servers.
+; Default Value: Off
+; Development Value: On
+; Production Value: Off
+; http://php.net/display-startup-errors
+display_startup_errors = Off
+
+; Besides displaying errors, PHP can also log errors to locations such as a
+; server-specific log, STDERR, or a location specified by the error_log
+; directive found below. While errors should not be displayed on productions
+; servers they should still be monitored and logging is a great way to do that.
+; Default Value: Off
+; Development Value: On
+; Production Value: On
+; http://php.net/log-errors
+log_errors = On
+
+; Set maximum length of log_errors. In error_log information about the source is
+; added. The default is 1024 and 0 allows to not apply any maximum length at all.
+; http://php.net/log-errors-max-len
+log_errors_max_len = 1024
+
+; Do not log repeated messages. Repeated errors must occur in same file on same
+; line unless ignore_repeated_source is set true.
+; http://php.net/ignore-repeated-errors
+ignore_repeated_errors = Off
+
+; Ignore source of message when ignoring repeated messages. When this setting
+; is On you will not log errors with repeated messages from different files or
+; source lines.
+; http://php.net/ignore-repeated-source
+ignore_repeated_source = Off
+
+; If this parameter is set to Off, then memory leaks will not be shown (on
+; stdout or in the log). This is only effective in a debug compile, and if
+; error reporting includes E_WARNING in the allowed list
+; http://php.net/report-memleaks
+report_memleaks = On
+
+; This setting is on by default.
+;report_zend_debug = 0
+
+; Store the last error/warning message in $php_errormsg (boolean). Setting this value
+; to On can assist in debugging and is appropriate for development servers. It should
+; however be disabled on production servers.
+; This directive is DEPRECATED.
+; Default Value: Off
+; Development Value: Off
+; Production Value: Off
+; http://php.net/track-errors
+;track_errors = Off
+
+; Turn off normal error reporting and emit XML-RPC error XML
+; http://php.net/xmlrpc-errors
+;xmlrpc_errors = 0
+
+; An XML-RPC faultCode
+;xmlrpc_error_number = 0
+
+; When PHP displays or logs an error, it has the capability of formatting the
+; error message as HTML for easier reading. This directive controls whether
+; the error message is formatted as HTML or not.
+; Note: This directive is hardcoded to Off for the CLI SAPI
+; http://php.net/html-errors
+;html_errors = On
+
+; If html_errors is set to On *and* docref_root is not empty, then PHP
+; produces clickable error messages that direct to a page describing the error
+; or function causing the error in detail.
+; You can download a copy of the PHP manual from http://php.net/docs
+; and change docref_root to the base URL of your local copy including the
+; leading '/'. You must also specify the file extension being used including
+; the dot. PHP's default behavior is to leave these settings empty, in which
+; case no links to documentation are generated.
+; Note: Never use this feature for production boxes.
+; http://php.net/docref-root
+; Examples
+;docref_root = "/phpmanual/"
+
+; http://php.net/docref-ext
+;docref_ext = .html
+
+; String to output before an error message. PHP's default behavior is to leave
+; this setting blank.
+; http://php.net/error-prepend-string
+; Example:
+;error_prepend_string = ""
+
+; String to output after an error message. PHP's default behavior is to leave
+; this setting blank.
+; http://php.net/error-append-string
+; Example:
+;error_append_string = ""
+
+; Log errors to specified file. PHP's default behavior is to leave this value
+; empty.
+; http://php.net/error-log
+; Example:
+;error_log = php_errors.log
+; Log errors to syslog (Event Log on Windows).
+;error_log = syslog
+
+; The syslog ident is a string which is prepended to every message logged
+; to syslog. Only used when error_log is set to syslog.
+;syslog.ident = php
+
+; The syslog facility is used to specify what type of program is logging
+; the message. Only used when error_log is set to syslog.
+;syslog.facility = user
+
+; Set this to disable filtering control characters (the default).
+; Some loggers only accept NVT-ASCII, others accept anything that's not
+; control characters. If your logger accepts everything, then no filtering
+; is needed at all.
+; Allowed values are:
+; ascii (all printable ASCII characters and NL)
+; no-ctrl (all characters except control characters)
+; all (all characters)
+; raw (like "all", but messages are not split at newlines)
+; http://php.net/syslog.filter
+;syslog.filter = ascii
+
+;windows.show_crt_warning
+; Default value: 0
+; Development value: 0
+; Production value: 0
+
+;;;;;;;;;;;;;;;;;
+; Data Handling ;
+;;;;;;;;;;;;;;;;;
+
+; The separator used in PHP generated URLs to separate arguments.
+; PHP's default setting is "&".
+; http://php.net/arg-separator.output
+; Example:
+;arg_separator.output = "&"
+
+; List of separator(s) used by PHP to parse input URLs into variables.
+; PHP's default setting is "&".
+; NOTE: Every character in this directive is considered as separator!
+; http://php.net/arg-separator.input
+; Example:
+;arg_separator.input = ";&"
+
+; This directive determines which super global arrays are registered when PHP
+; starts up. G,P,C,E & S are abbreviations for the following respective super
+; globals: GET, POST, COOKIE, ENV and SERVER. There is a performance penalty
+; paid for the registration of these arrays and because ENV is not as commonly
+; used as the others, ENV is not recommended on productions servers. You
+; can still get access to the environment variables through getenv() should you
+; need to.
+; Default Value: "EGPCS"
+; Development Value: "GPCS"
+; Production Value: "GPCS";
+; http://php.net/variables-order
+variables_order = "GPCS"
+
+; This directive determines which super global data (G,P & C) should be
+; registered into the super global array REQUEST. If so, it also determines
+; the order in which that data is registered. The values for this directive
+; are specified in the same manner as the variables_order directive,
+; EXCEPT one. Leaving this value empty will cause PHP to use the value set
+; in the variables_order directive. It does not mean it will leave the super
+; globals array REQUEST empty.
+; Default Value: None
+; Development Value: "GP"
+; Production Value: "GP"
+; http://php.net/request-order
+request_order = "GP"
+
+; This directive determines whether PHP registers $argv & $argc each time it
+; runs. $argv contains an array of all the arguments passed to PHP when a script
+; is invoked. $argc contains an integer representing the number of arguments
+; that were passed when the script was invoked. These arrays are extremely
+; useful when running scripts from the command line. When this directive is
+; enabled, registering these variables consumes CPU cycles and memory each time
+; a script is executed. For performance reasons, this feature should be disabled
+; on production servers.
+; Note: This directive is hardcoded to On for the CLI SAPI
+; Default Value: On
+; Development Value: Off
+; Production Value: Off
+; http://php.net/register-argc-argv
+register_argc_argv = Off
+
+; When enabled, the ENV, REQUEST and SERVER variables are created when they're
+; first used (Just In Time) instead of when the script starts. If these
+; variables are not used within a script, having this directive on will result
+; in a performance gain. The PHP directive register_argc_argv must be disabled
+; for this directive to have any effect.
+; http://php.net/auto-globals-jit
+auto_globals_jit = On
+
+; Whether PHP will read the POST data.
+; This option is enabled by default.
+; Most likely, you won't want to disable this option globally. It causes $_POST
+; and $_FILES to always be empty; the only way you will be able to read the
+; POST data will be through the php://input stream wrapper. This can be useful
+; to proxy requests or to process the POST data in a memory efficient fashion.
+; http://php.net/enable-post-data-reading
+;enable_post_data_reading = Off
+
+; Maximum size of POST data that PHP will accept.
+; Its value may be 0 to disable the limit. It is ignored if POST data reading
+; is disabled through enable_post_data_reading.
+; http://php.net/post-max-size
+post_max_size = 10M
+
+; Automatically add files before PHP document.
+; http://php.net/auto-prepend-file
+auto_prepend_file =
+
+; Automatically add files after PHP document.
+; http://php.net/auto-append-file
+auto_append_file =
+
+; By default, PHP will output a media type using the Content-Type header. To
+; disable this, simply set it to be empty.
+;
+; PHP's built-in default media type is set to text/html.
+; http://php.net/default-mimetype
+default_mimetype = "text/html"
+
+; PHP's default character set is set to UTF-8.
+; http://php.net/default-charset
+default_charset = "UTF-8"
+
+; PHP internal character encoding is set to empty.
+; If empty, default_charset is used.
+; http://php.net/internal-encoding
+;internal_encoding =
+
+; PHP input character encoding is set to empty.
+; If empty, default_charset is used.
+; http://php.net/input-encoding
+;input_encoding =
+
+; PHP output character encoding is set to empty.
+; If empty, default_charset is used.
+; See also output_buffer.
+; http://php.net/output-encoding
+;output_encoding =
+
+;;;;;;;;;;;;;;;;;;;;;;;;;
+; Paths and Directories ;
+;;;;;;;;;;;;;;;;;;;;;;;;;
+
+; UNIX: "/path1:/path2"
+;include_path = ".:/usr/share/php"
+;
+; Windows: "\path1;\path2"
+;include_path = ".;c:\php\includes"
+;
+; PHP's default setting for include_path is ".;/path/to/php/pear"
+; http://php.net/include-path
+
+; The root of the PHP pages, used only if nonempty.
+; if PHP was not compiled with FORCE_REDIRECT, you SHOULD set doc_root
+; if you are running php as a CGI under any web server (other than IIS)
+; see documentation for security issues. The alternate is to use the
+; cgi.force_redirect configuration below
+; http://php.net/doc-root
+doc_root =
+
+; The directory under which PHP opens the script using /~username used only
+; if nonempty.
+; http://php.net/user-dir
+user_dir =
+
+; Directory in which the loadable extensions (modules) reside.
+; http://php.net/extension-dir
+;extension_dir = "./"
+; On windows:
+;extension_dir = "ext"
+
+; Directory where the temporary files should be placed.
+; Defaults to the system default (see sys_get_temp_dir)
+;sys_temp_dir = "/tmp"
+
+; Whether or not to enable the dl() function. The dl() function does NOT work
+; properly in multithreaded servers, such as IIS or Zeus, and is automatically
+; disabled on them.
+; http://php.net/enable-dl
+enable_dl = Off
+
+; cgi.force_redirect is necessary to provide security running PHP as a CGI under
+; most web servers. Left undefined, PHP turns this on by default. You can
+; turn it off here AT YOUR OWN RISK
+; **You CAN safely turn this off for IIS, in fact, you MUST.**
+; http://php.net/cgi.force-redirect
+;cgi.force_redirect = 1
+
+; if cgi.nph is enabled it will force cgi to always sent Status: 200 with
+; every request. PHP's default behavior is to disable this feature.
+;cgi.nph = 1
+
+; if cgi.force_redirect is turned on, and you are not running under Apache or Netscape
+; (iPlanet) web servers, you MAY need to set an environment variable name that PHP
+; will look for to know it is OK to continue execution. Setting this variable MAY
+; cause security issues, KNOW WHAT YOU ARE DOING FIRST.
+; http://php.net/cgi.redirect-status-env
+;cgi.redirect_status_env =
+
+; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
+; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
+; what PATH_INFO is. For more information on PATH_INFO, see the cgi specs. Setting
+; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting
+; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
+; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
+; http://php.net/cgi.fix-pathinfo
+;cgi.fix_pathinfo=1
+
+; if cgi.discard_path is enabled, the PHP CGI binary can safely be placed outside
+; of the web tree and people will not be able to circumvent .htaccess security.
+;cgi.discard_path=1
+
+; FastCGI under IIS supports the ability to impersonate
+; security tokens of the calling client. This allows IIS to define the
+; security context that the request runs under. mod_fastcgi under Apache
+; does not currently support this feature (03/17/2002)
+; Set to 1 if running under IIS. Default is zero.
+; http://php.net/fastcgi.impersonate
+;fastcgi.impersonate = 1
+
+; Disable logging through FastCGI connection. PHP's default behavior is to enable
+; this feature.
+;fastcgi.logging = 0
+
+; cgi.rfc2616_headers configuration option tells PHP what type of headers to
+; use when sending HTTP response code. If set to 0, PHP sends Status: header that
+; is supported by Apache. When this option is set to 1, PHP will send
+; RFC2616 compliant header.
+; Default is zero.
+; http://php.net/cgi.rfc2616-headers
+;cgi.rfc2616_headers = 0
+
+; cgi.check_shebang_line controls whether CGI PHP checks for line starting with #!
+; (shebang) at the top of the running script. This line might be needed if the
+; script support running both as stand-alone script and via PHP CGI<. PHP in CGI
+; mode skips this line and ignores its content if this directive is turned on.
+; http://php.net/cgi.check-shebang-line
+;cgi.check_shebang_line=1
+
+;;;;;;;;;;;;;;;;
+; File Uploads ;
+;;;;;;;;;;;;;;;;
+
+; Whether to allow HTTP file uploads.
+; http://php.net/file-uploads
+file_uploads = On
+
+; Temporary directory for HTTP uploaded files (will use system default if not
+; specified).
+; http://php.net/upload-tmp-dir
+;upload_tmp_dir =
+
+; Maximum allowed size for uploaded files.
+; http://php.net/upload-max-filesize
+upload_max_filesize = 10M
+
+; Maximum number of files that can be uploaded via a single request
+max_file_uploads = 20
+
+;;;;;;;;;;;;;;;;;;
+; Fopen wrappers ;
+;;;;;;;;;;;;;;;;;;
+
+; Whether to allow the treatment of URLs (like http:// or ftp://) as files.
+; http://php.net/allow-url-fopen
+allow_url_fopen = On
+
+; Whether to allow include/require to open URLs (like http:// or ftp://) as files.
+; http://php.net/allow-url-include
+allow_url_include = Off
+
+; Define the anonymous ftp password (your email address). PHP's default setting
+; for this is empty.
+; http://php.net/from
+;from="john@doe.com"
+
+; Define the User-Agent string. PHP's default setting for this is empty.
+; http://php.net/user-agent
+;user_agent="PHP"
+
+; Default timeout for socket based streams (seconds)
+; http://php.net/default-socket-timeout
+default_socket_timeout = 60
+
+; If your scripts have to deal with files from Macintosh systems,
+; or you are running on a Mac and need to deal with files from
+; unix or win32 systems, setting this flag will cause PHP to
+; automatically detect the EOL character in those files so that
+; fgets() and file() will work regardless of the source of the file.
+; http://php.net/auto-detect-line-endings
+;auto_detect_line_endings = Off
+
+;;;;;;;;;;;;;;;;;;;;;;
+; Dynamic Extensions ;
+;;;;;;;;;;;;;;;;;;;;;;
+
+; If you wish to have an extension loaded automatically, use the following
+; syntax:
+;
+; extension=modulename
+;
+; For example:
+;
+; extension=mysqli
+;
+; When the extension library to load is not located in the default extension
+; directory, You may specify an absolute path to the library file:
+;
+; extension=/path/to/extension/mysqli.so
+;
+; Note : The syntax used in previous PHP versions ('extension=.so' and
+; 'extension='php_.dll') is supported for legacy reasons and may be
+; deprecated in a future PHP major version. So, when it is possible, please
+; move to the new ('extension=) syntax.
+;
+; Notes for Windows environments :
+;
+; - Many DLL files are located in the extensions/ (PHP 4) or ext/ (PHP 5+)
+; extension folders as well as the separate PECL DLL download (PHP 5+).
+; Be sure to appropriately set the extension_dir directive.
+;
+;extension=bz2
+;extension=curl
+;extension=fileinfo
+;extension=gd2
+;extension=gettext
+;extension=gmp
+;extension=intl
+;extension=imap
+;extension=ldap
+;extension=mbstring
+;extension=exif ; Must be after mbstring as it depends on it
+;extension=mysqli
+;extension=oci8_12c ; Use with Oracle Database 12c Instant Client
+;extension=odbc
+;extension=openssl
+;extension=pdo_firebird
+;extension=pdo_mysql
+;extension=pdo_oci
+;extension=pdo_odbc
+;extension=pdo_pgsql
+;extension=pdo_sqlite
+;extension=pgsql
+;extension=shmop
+
+; The MIBS data available in the PHP distribution must be installed.
+; See http://www.php.net/manual/en/snmp.installation.php
+;extension=snmp
+
+;extension=soap
+;extension=sockets
+;extension=sodium
+;extension=sqlite3
+;extension=tidy
+;extension=xmlrpc
+;extension=xsl
+
+;;;;;;;;;;;;;;;;;;;
+; Module Settings ;
+;;;;;;;;;;;;;;;;;;;
+
+[CLI Server]
+; Whether the CLI web server uses ANSI color coding in its terminal output.
+cli_server.color = On
+
+[Date]
+; Defines the default timezone used by the date functions
+; http://php.net/date.timezone
+;date.timezone =
+
+; http://php.net/date.default-latitude
+;date.default_latitude = 31.7667
+
+; http://php.net/date.default-longitude
+;date.default_longitude = 35.2333
+
+; http://php.net/date.sunrise-zenith
+;date.sunrise_zenith = 90.583333
+
+; http://php.net/date.sunset-zenith
+;date.sunset_zenith = 90.583333
+
+[filter]
+; http://php.net/filter.default
+;filter.default = unsafe_raw
+
+; http://php.net/filter.default-flags
+;filter.default_flags =
+
+[iconv]
+; Use of this INI entry is deprecated, use global input_encoding instead.
+; If empty, default_charset or input_encoding or iconv.input_encoding is used.
+; The precedence is: default_charset < input_encoding < iconv.input_encoding
+;iconv.input_encoding =
+
+; Use of this INI entry is deprecated, use global internal_encoding instead.
+; If empty, default_charset or internal_encoding or iconv.internal_encoding is used.
+; The precedence is: default_charset < internal_encoding < iconv.internal_encoding
+;iconv.internal_encoding =
+
+; Use of this INI entry is deprecated, use global output_encoding instead.
+; If empty, default_charset or output_encoding or iconv.output_encoding is used.
+; The precedence is: default_charset < output_encoding < iconv.output_encoding
+; To use an output encoding conversion, iconv's output handler must be set
+; otherwise output encoding conversion cannot be performed.
+;iconv.output_encoding =
+
+[imap]
+; rsh/ssh logins are disabled by default. Use this INI entry if you want to
+; enable them. Note that the IMAP library does not filter mailbox names before
+; passing them to rsh/ssh command, thus passing untrusted data to this function
+; with rsh/ssh enabled is insecure.
+;imap.enable_insecure_rsh=0
+
+[intl]
+;intl.default_locale =
+; This directive allows you to produce PHP errors when some error
+; happens within intl functions. The value is the level of the error produced.
+; Default is 0, which does not produce any errors.
+;intl.error_level = E_WARNING
+;intl.use_exceptions = 0
+
+[sqlite3]
+; Directory pointing to SQLite3 extensions
+; http://php.net/sqlite3.extension-dir
+;sqlite3.extension_dir =
+
+; SQLite defensive mode flag (only available from SQLite 3.26+)
+; When the defensive flag is enabled, language features that allow ordinary
+; SQL to deliberately corrupt the database file are disabled. This forbids
+; writing directly to the schema, shadow tables (eg. FTS data tables), or
+; the sqlite_dbpage virtual table.
+; https://www.sqlite.org/c3ref/c_dbconfig_defensive.html
+; (for older SQLite versions, this flag has no use)
+;sqlite3.defensive = 1
+
+[Pcre]
+; PCRE library backtracking limit.
+; http://php.net/pcre.backtrack-limit
+;pcre.backtrack_limit=100000
+
+; PCRE library recursion limit.
+; Please note that if you set this value to a high number you may consume all
+; the available process stack and eventually crash PHP (due to reaching the
+; stack size limit imposed by the Operating System).
+; http://php.net/pcre.recursion-limit
+;pcre.recursion_limit=100000
+
+; Enables or disables JIT compilation of patterns. This requires the PCRE
+; library to be compiled with JIT support.
+;pcre.jit=1
+
+[Pdo]
+; Whether to pool ODBC connections. Can be one of "strict", "relaxed" or "off"
+; http://php.net/pdo-odbc.connection-pooling
+;pdo_odbc.connection_pooling=strict
+
+;pdo_odbc.db2_instance_name
+
+[Pdo_mysql]
+; Default socket name for local MySQL connects. If empty, uses the built-in
+; MySQL defaults.
+pdo_mysql.default_socket=
+
+[Phar]
+; http://php.net/phar.readonly
+;phar.readonly = On
+
+; http://php.net/phar.require-hash
+;phar.require_hash = On
+
+;phar.cache_list =
+
+[mail function]
+; For Win32 only.
+; http://php.net/smtp
+SMTP = localhost
+; http://php.net/smtp-port
+smtp_port = 25
+
+; For Win32 only.
+; http://php.net/sendmail-from
+;sendmail_from = me@example.com
+
+; For Unix only. You may supply arguments as well (default: "sendmail -t -i").
+; http://php.net/sendmail-path
+;sendmail_path =
+
+; Force the addition of the specified parameters to be passed as extra parameters
+; to the sendmail binary. These parameters will always replace the value of
+; the 5th parameter to mail().
+;mail.force_extra_parameters =
+
+; Add X-PHP-Originating-Script: that will include uid of the script followed by the filename
+mail.add_x_header = Off
+
+; The path to a log file that will log all mail() calls. Log entries include
+; the full path of the script, line number, To address and headers.
+;mail.log =
+; Log mail to syslog (Event Log on Windows).
+;mail.log = syslog
+
+[ODBC]
+; http://php.net/odbc.default-db
+;odbc.default_db = Not yet implemented
+
+; http://php.net/odbc.default-user
+;odbc.default_user = Not yet implemented
+
+; http://php.net/odbc.default-pw
+;odbc.default_pw = Not yet implemented
+
+; Controls the ODBC cursor model.
+; Default: SQL_CURSOR_STATIC (default).
+;odbc.default_cursortype
+
+; Allow or prevent persistent links.
+; http://php.net/odbc.allow-persistent
+odbc.allow_persistent = On
+
+; Check that a connection is still valid before reuse.
+; http://php.net/odbc.check-persistent
+odbc.check_persistent = On
+
+; Maximum number of persistent links. -1 means no limit.
+; http://php.net/odbc.max-persistent
+odbc.max_persistent = -1
+
+; Maximum number of links (persistent + non-persistent). -1 means no limit.
+; http://php.net/odbc.max-links
+odbc.max_links = -1
+
+; Handling of LONG fields. Returns number of bytes to variables. 0 means
+; passthru.
+; http://php.net/odbc.defaultlrl
+odbc.defaultlrl = 4096
+
+; Handling of binary data. 0 means passthru, 1 return as is, 2 convert to char.
+; See the documentation on odbc_binmode and odbc_longreadlen for an explanation
+; of odbc.defaultlrl and odbc.defaultbinmode
+; http://php.net/odbc.defaultbinmode
+odbc.defaultbinmode = 1
+
+[MySQLi]
+
+; Maximum number of persistent links. -1 means no limit.
+; http://php.net/mysqli.max-persistent
+mysqli.max_persistent = -1
+
+; Allow accessing, from PHP's perspective, local files with LOAD DATA statements
+; http://php.net/mysqli.allow_local_infile
+;mysqli.allow_local_infile = On
+
+; Allow or prevent persistent links.
+; http://php.net/mysqli.allow-persistent
+mysqli.allow_persistent = On
+
+; Maximum number of links. -1 means no limit.
+; http://php.net/mysqli.max-links
+mysqli.max_links = -1
+
+; Default port number for mysqli_connect(). If unset, mysqli_connect() will use
+; the $MYSQL_TCP_PORT or the mysql-tcp entry in /etc/services or the
+; compile-time value defined MYSQL_PORT (in that order). Win32 will only look
+; at MYSQL_PORT.
+; http://php.net/mysqli.default-port
+mysqli.default_port = 3306
+
+; Default socket name for local MySQL connects. If empty, uses the built-in
+; MySQL defaults.
+; http://php.net/mysqli.default-socket
+mysqli.default_socket =
+
+; Default host for mysqli_connect() (doesn't apply in safe mode).
+; http://php.net/mysqli.default-host
+mysqli.default_host =
+
+; Default user for mysqli_connect() (doesn't apply in safe mode).
+; http://php.net/mysqli.default-user
+mysqli.default_user =
+
+; Default password for mysqli_connect() (doesn't apply in safe mode).
+; Note that this is generally a *bad* idea to store passwords in this file.
+; *Any* user with PHP access can run 'echo get_cfg_var("mysqli.default_pw")
+; and reveal this password! And of course, any users with read access to this
+; file will be able to reveal the password as well.
+; http://php.net/mysqli.default-pw
+mysqli.default_pw =
+
+; Allow or prevent reconnect
+mysqli.reconnect = Off
+
+[mysqlnd]
+; Enable / Disable collection of general statistics by mysqlnd which can be
+; used to tune and monitor MySQL operations.
+mysqlnd.collect_statistics = On
+
+; Enable / Disable collection of memory usage statistics by mysqlnd which can be
+; used to tune and monitor MySQL operations.
+mysqlnd.collect_memory_statistics = Off
+
+; Records communication from all extensions using mysqlnd to the specified log
+; file.
+; http://php.net/mysqlnd.debug
+;mysqlnd.debug =
+
+; Defines which queries will be logged.
+;mysqlnd.log_mask = 0
+
+; Default size of the mysqlnd memory pool, which is used by result sets.
+;mysqlnd.mempool_default_size = 16000
+
+; Size of a pre-allocated buffer used when sending commands to MySQL in bytes.
+;mysqlnd.net_cmd_buffer_size = 2048
+
+; Size of a pre-allocated buffer used for reading data sent by the server in
+; bytes.
+;mysqlnd.net_read_buffer_size = 32768
+
+; Timeout for network requests in seconds.
+;mysqlnd.net_read_timeout = 31536000
+
+; SHA-256 Authentication Plugin related. File with the MySQL server public RSA
+; key.
+;mysqlnd.sha256_server_public_key =
+
+[OCI8]
+
+; Connection: Enables privileged connections using external
+; credentials (OCI_SYSOPER, OCI_SYSDBA)
+; http://php.net/oci8.privileged-connect
+;oci8.privileged_connect = Off
+
+; Connection: The maximum number of persistent OCI8 connections per
+; process. Using -1 means no limit.
+; http://php.net/oci8.max-persistent
+;oci8.max_persistent = -1
+
+; Connection: The maximum number of seconds a process is allowed to
+; maintain an idle persistent connection. Using -1 means idle
+; persistent connections will be maintained forever.
+; http://php.net/oci8.persistent-timeout
+;oci8.persistent_timeout = -1
+
+; Connection: The number of seconds that must pass before issuing a
+; ping during oci_pconnect() to check the connection validity. When
+; set to 0, each oci_pconnect() will cause a ping. Using -1 disables
+; pings completely.
+; http://php.net/oci8.ping-interval
+;oci8.ping_interval = 60
+
+; Connection: Set this to a user chosen connection class to be used
+; for all pooled server requests with Oracle 11g Database Resident
+; Connection Pooling (DRCP). To use DRCP, this value should be set to
+; the same string for all web servers running the same application,
+; the database pool must be configured, and the connection string must
+; specify to use a pooled server.
+;oci8.connection_class =
+
+; High Availability: Using On lets PHP receive Fast Application
+; Notification (FAN) events generated when a database node fails. The
+; database must also be configured to post FAN events.
+;oci8.events = Off
+
+; Tuning: This option enables statement caching, and specifies how
+; many statements to cache. Using 0 disables statement caching.
+; http://php.net/oci8.statement-cache-size
+;oci8.statement_cache_size = 20
+
+; Tuning: Enables statement prefetching and sets the default number of
+; rows that will be fetched automatically after statement execution.
+; http://php.net/oci8.default-prefetch
+;oci8.default_prefetch = 100
+
+; Compatibility. Using On means oci_close() will not close
+; oci_connect() and oci_new_connect() connections.
+; http://php.net/oci8.old-oci-close-semantics
+;oci8.old_oci_close_semantics = Off
+
+[PostgreSQL]
+; Allow or prevent persistent links.
+; http://php.net/pgsql.allow-persistent
+pgsql.allow_persistent = On
+
+; Detect broken persistent links always with pg_pconnect().
+; Auto reset feature requires a little overheads.
+; http://php.net/pgsql.auto-reset-persistent
+pgsql.auto_reset_persistent = Off
+
+; Maximum number of persistent links. -1 means no limit.
+; http://php.net/pgsql.max-persistent
+pgsql.max_persistent = -1
+
+; Maximum number of links (persistent+non persistent). -1 means no limit.
+; http://php.net/pgsql.max-links
+pgsql.max_links = -1
+
+; Ignore PostgreSQL backends Notice message or not.
+; Notice message logging require a little overheads.
+; http://php.net/pgsql.ignore-notice
+pgsql.ignore_notice = 0
+
+; Log PostgreSQL backends Notice message or not.
+; Unless pgsql.ignore_notice=0, module cannot log notice message.
+; http://php.net/pgsql.log-notice
+pgsql.log_notice = 0
+
+[bcmath]
+; Number of decimal digits for all bcmath functions.
+; http://php.net/bcmath.scale
+bcmath.scale = 0
+
+[browscap]
+; http://php.net/browscap
+;browscap = extra/browscap.ini
+
+[Session]
+; Handler used to store/retrieve data.
+; http://php.net/session.save-handler
+session.save_handler = files
+
+; Argument passed to save_handler. In the case of files, this is the path
+; where data files are stored. Note: Windows users have to change this
+; variable in order to use PHP's session functions.
+;
+; The path can be defined as:
+;
+; session.save_path = "N;/path"
+;
+; where N is an integer. Instead of storing all the session files in
+; /path, what this will do is use subdirectories N-levels deep, and
+; store the session data in those directories. This is useful if
+; your OS has problems with many files in one directory, and is
+; a more efficient layout for servers that handle many sessions.
+;
+; NOTE 1: PHP will not create this directory structure automatically.
+; You can use the script in the ext/session dir for that purpose.
+; NOTE 2: See the section on garbage collection below if you choose to
+; use subdirectories for session storage
+;
+; The file storage module creates files using mode 600 by default.
+; You can change that by using
+;
+; session.save_path = "N;MODE;/path"
+;
+; where MODE is the octal representation of the mode. Note that this
+; does not overwrite the process's umask.
+; http://php.net/session.save-path
+;session.save_path = "/var/lib/php/sessions"
+
+; Whether to use strict session mode.
+; Strict session mode does not accept an uninitialized session ID, and
+; regenerates the session ID if the browser sends an uninitialized session ID.
+; Strict mode protects applications from session fixation via a session adoption
+; vulnerability. It is disabled by default for maximum compatibility, but
+; enabling it is encouraged.
+; https://wiki.php.net/rfc/strict_sessions
+session.use_strict_mode = 0
+
+; Whether to use cookies.
+; http://php.net/session.use-cookies
+session.use_cookies = 1
+
+; http://php.net/session.cookie-secure
+;session.cookie_secure =
+
+; This option forces PHP to fetch and use a cookie for storing and maintaining
+; the session id. We encourage this operation as it's very helpful in combating
+; session hijacking when not specifying and managing your own session id. It is
+; not the be-all and end-all of session hijacking defense, but it's a good start.
+; http://php.net/session.use-only-cookies
+session.use_only_cookies = 1
+
+; Name of the session (used as cookie name).
+; http://php.net/session.name
+session.name = PHPSESSID
+
+; Initialize session on request startup.
+; http://php.net/session.auto-start
+session.auto_start = 0
+
+; Lifetime in seconds of cookie or, if 0, until browser is restarted.
+; http://php.net/session.cookie-lifetime
+session.cookie_lifetime = 0
+
+; The path for which the cookie is valid.
+; http://php.net/session.cookie-path
+session.cookie_path = /
+
+; The domain for which the cookie is valid.
+; http://php.net/session.cookie-domain
+session.cookie_domain =
+
+; Whether or not to add the httpOnly flag to the cookie, which makes it
+; inaccessible to browser scripting languages such as JavaScript.
+; http://php.net/session.cookie-httponly
+session.cookie_httponly =
+
+; Add SameSite attribute to cookie to help mitigate Cross-Site Request Forgery (CSRF/XSRF)
+; Current valid values are "Lax" or "Strict"
+; https://tools.ietf.org/html/draft-west-first-party-cookies-07
+session.cookie_samesite =
+
+; Handler used to serialize data. php is the standard serializer of PHP.
+; http://php.net/session.serialize-handler
+session.serialize_handler = php
+
+; Defines the probability that the 'garbage collection' process is started
+; on every session initialization. The probability is calculated by using
+; gc_probability/gc_divisor. Where session.gc_probability is the numerator
+; and gc_divisor is the denominator in the equation. Setting this value to 1
+; when the session.gc_divisor value is 100 will give you approximately a 1% chance
+; the gc will run on any given request.
+; Default Value: 1
+; Development Value: 1
+; Production Value: 1
+; http://php.net/session.gc-probability
+session.gc_probability = 0
+
+; Defines the probability that the 'garbage collection' process is started on every
+; session initialization. The probability is calculated by using the following equation:
+; gc_probability/gc_divisor. Where session.gc_probability is the numerator and
+; session.gc_divisor is the denominator in the equation. Setting this value to 100
+; when the session.gc_probability value is 1 will give you approximately a 1% chance
+; the gc will run on any given request. Increasing this value to 1000 will give you
+; a 0.1% chance the gc will run on any given request. For high volume production servers,
+; this is a more efficient approach.
+; Default Value: 100
+; Development Value: 1000
+; Production Value: 1000
+; http://php.net/session.gc-divisor
+session.gc_divisor = 1000
+
+; After this number of seconds, stored data will be seen as 'garbage' and
+; cleaned up by the garbage collection process.
+; http://php.net/session.gc-maxlifetime
+session.gc_maxlifetime = 1440
+
+; NOTE: If you are using the subdirectory option for storing session files
+; (see session.save_path above), then garbage collection does *not*
+; happen automatically. You will need to do your own garbage
+; collection through a shell script, cron entry, or some other method.
+; For example, the following script would is the equivalent of
+; setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
+; find /path/to/sessions -cmin +24 -type f | xargs rm
+
+; Check HTTP Referer to invalidate externally stored URLs containing ids.
+; HTTP_REFERER has to contain this substring for the session to be
+; considered as valid.
+; http://php.net/session.referer-check
+session.referer_check =
+
+; Set to {nocache,private,public,} to determine HTTP caching aspects
+; or leave this empty to avoid sending anti-caching headers.
+; http://php.net/session.cache-limiter
+session.cache_limiter = nocache
+
+; Document expires after n minutes.
+; http://php.net/session.cache-expire
+session.cache_expire = 180
+
+; trans sid support is disabled by default.
+; Use of trans sid may risk your users' security.
+; Use this option with caution.
+; - User may send URL contains active session ID
+; to other person via. email/irc/etc.
+; - URL that contains active session ID may be stored
+; in publicly accessible computer.
+; - User may access your site with the same session ID
+; always using URL stored in browser's history or bookmarks.
+; http://php.net/session.use-trans-sid
+session.use_trans_sid = 0
+
+; Set session ID character length. This value could be between 22 to 256.
+; Shorter length than default is supported only for compatibility reason.
+; Users should use 32 or more chars.
+; http://php.net/session.sid-length
+; Default Value: 32
+; Development Value: 26
+; Production Value: 26
+session.sid_length = 26
+
+; The URL rewriter will look for URLs in a defined set of HTML tags.
+;