-
Notifications
You must be signed in to change notification settings - Fork 0
/
env.ini
279 lines (236 loc) · 12 KB
/
env.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
; CleanDeck for CMD-Auth (https://link133.com) and other similar applications
;
; Copyright (c) 2023-2024 Iotu Nicolae, [email protected]
; Licensed under the terms of the MIT License (MIT)
;
; For the full copyright and license information, please view
; the LICENSE file that was distributed with this source code.
; Some of the settings below must be in sync with CMD-Auth actual settings.
; The actual settings used by CMD-Auth can be retrieved from file /var/lib/cmd-auth/settings/data.json on
; the machine(s) hosting CMD-Auth.
; IMPORTANT! File 'env.ini' is just a template. The application is using file '.env.ini'.
; When a new project is created using `composer create-project cleandeck/cleandeck ./`,
; file 'env.ini' is copied to '.env.ini'.
; If your project was initiated by other means make sure to copy file '.env.ini' to '.env.ini' and
; adjust it as required.
; ----------------------------------------------------------------------------------------------
; Framework settings
; ----------------------------------------------------------------------------------------------
; ROOT INI SECTION [cleandeck]
[cleandeck]
; Add other sections only at the end of this document after the root section ends.
; WARNING! Never leave ENVIRONMENT variable set to 'development' in production!
; When ENVIRONMENT variable is set to 'development', error messages contain restricted information, and some
; operations such as signup or MFA login will show confidential information (such as the activation_hash and
; authentication code). This is done in order to speed up development.
; Recognized values for ENVIRONMENT:
; - development - Use this value during development.
; - production - Use this value in production.
; - staging - Used during staging of a live application just before production. Requires authentication
; for all routes except '/' and login related routes. Enforced by library CMDAuth.
ENVIRONMENT = development
; The base url. No trailing slashes.
; If using subdomains and/or paths then alter server configuration files in directory 'deploy' and others as required.
; Proper format i.e. 'https://site.com'.
baseURL = https://w-e-b-s-i-t-e.c-o-m
; Security feature.
; Make sure 'app_key' is used by all CleanDeck machines in the same stack.
; A new app_key is generated automatically when the package is installed.
; A new app_key can be generated using 'composer exec cleandeck-generate-app-key'.
app_key = $2y$10$vA/eMMf6CXupIiqNTHyIh.rXECJvNJkN.oHpZZC.hOaOEwRSioal6
; The template used for presentation:
; - 'core': the default template using Bootstrap 5
; The template name matches the name of a sub-directory of *Application/public/template*.
template = core
; List of addons, comma separated, no spaces, ordered by processing/loading priority.
; No addons available at the moment. Application addons are normally in sync with CMD-Auth addons.
addons =
; Framework Cookies Settings
cookie[secure] = true
cookie[domain] = 'w-e-b-s-i-t-e.c-o-m'
cookie[samesite] = Lax
cookie[path] = /
cookie[prefix] = __Secure-
cookie[httponly] = true
; cookie[status_cookie_name] must match CMD-Auth's setting cookie->status_cookie_name
cookie[status_cookie_name] = bFZTex31NBtbdrZW
; cookie[user_details_cookie_name] must match CMD-Auth's setting cookie->user_details_cookie_name
; Encodes: account rank, username, firstname, employee_type, avatar, gender, subscribed to newsletter, subscribed to promotions.
cookie[user_details_cookie_name] = OUzZX07UAvPNehZA
; A cookie used by private caches.
cookie[private_cache_cookie_name] = d8rpvAsnUfSeJpc9Vxc8
; Captcha cookie settings are all available in class CustomCaptchaConstants
; Class CSRFConstants holds CSRF cookie settings.
; The scheme must match the main security option selected for CMD-Auth 'server' -> 'https'.
; The host is the address at which CMD-Auth is available.
; The port is usually the port set with 'server' -> 'port'.
authURL = https://192.168.12.45:12345
; http_version - acceptable values: 'HTTP/2' and 'HTTP/1.1'
; Default: 'HTTP/2'
; IMPORTANT! CMD-Auth allows http2 over a secure connection only.
; Match http_version with CMD-Auth setting server.http_version in order to make requests more efficient.
http_version = HTTP/2
; The value of 'jwt_cookies_public_key' should only be changed if using custom keys
; in order to generate JWTs on CMD-Auth server(s) (directory /etc/cmd-auth/certificates/jwt-cookies).
; This is a RS256 public key used to decode JWT cookies.
; If there are no changes to the default JWT keys used by CMD-Auth, leave 'jwt_cookies_public_key'
; commented out or use an empty string, in which case the default JWT public key will be used.
; (see class JWTCookiesHandler)
; jwt_cookies_public_key = ''
; contact form messages will be send to this email address
CONTACT_EMAIL = [email protected]
; Validation
validation[allow_unicode] = true
; Custom settings for errors
; For example the message below is appended to errors with status code 400.
error_400[footer] = Invalid request.
; END Custom settings for errors
; The maximum number of files (per each category i.e. user images, articles etc) a server can store locally
; after uploading or downloading to/from AWS S3.
; A cleanup script ensures this value is enforced.
io_files_retention[max_count] = 10000
; The maximum allowed age of files (per each category i.e. user images, articles etc) a server can store locally
; after uploading or downloading to/from AWS S3.
; A cleanup script ensures this value is enforced.
io_files_retention[max_age_days] = 90
; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;
; AWS Credentials
; The safe way to authorize access to AWS services is to define and use AWS IAM Roles,
; but the application allows also the use of an AWS IAM User defined using
; 'AWS_IAM_USER[key]' and 'AWS_IAM_USER[secret]':
; (i.e. 'AKIAABCDEFGHIJKLMNOP')
; AWS_IAM_USER[key] = AKIAABCDEFGHIJKLMNOP
; (i.e. 'ABCDABCDABCDABCDABCDABCDABCDABCDABCDABCD')
; AWS_IAM_USER[secret] = ABCDABCDABCDABCDABCDABCDABCDABCDABCDABCD
; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;
; IMPORTANT!
; The application can send email messages to an AWS SQS queue which is
; a robust solution for all applications, specially for busy ones.
; Alternatively, the application can email directly the messages using AWS SES.
; AWS SES is mandatory!
; For AWS SES the application uses a local queue and will retry failed emails,
; but in case the server is stopped or shutdown without processing local
; queues, the emails will be delayed and in the worst case lost.
; MANDATORY! One of sections 'AWS_SQS' or 'AWS_SES' must be valid in order
; to enable MFA, signup, reset password, activate emails etc.
; IMPORTANT! Emails containing attachments are always send using AWS SES!
; CUSTOM ENVIRONMENT VARIABLES for AWS SQS
; (which is used for email messages at the moment)
; When sending emails to queue, the sender which is recorded is aws_ses.sender set below.
aws_sqs[queue_url] = https://sqs.us-east-1.amazonaws.com/account_id/queue_name
aws_sqs[region] = us-east-1
; CRITICAL!
; CUSTOM ENVIRONMENT VARIABLES for AWS SES (MANDATORY!)
; The email address of the sender must be verified with Amazon SES!
aws_ses[sender] = [email protected]
aws_ses[region] = eu-west-1
; END CUSTOM ENVIRONMENT VARIABLES for AWS SES (MANDATORY!)
; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ; ;
; CRITICAL!
; AWS S3 is mandatory!
; CUSTOM ENVIRONMENT VARIABLES for AWS S3
; Important! A single valid AWS S3 bucket.
; Valid formats expected i.e. s3://mybucket. Do not enter paths! (INVALID s3://mybucket/a/path)
; Unless intended otherwise make sure the bucket has private access only.
; The application will create relevant paths within bucket i.e. s3://mybucket/articles/...
; TIP!
; Setup an AWS IAM Role with appropriate permissions for this bucket. Attach this Role to
; the EC2 machine running this application and you're good to go!
; TIP!
; If the bucket is in the same AWS region as the EC2 instance running this application then
; you can declare and use an S3 VPC endpoint in the same AWS region in order to automatically transfer
; the data to/from S3 using AWS internal networks!
; TIP!
; For a multi-region application you can setup buckets' synchronization!
; (With or without the prefix 's3://')
aws_s3[bucket] = s3://mybucket
aws_s3[region] = us-east-1
; END CUSTOM ENVIRONMENT VARIABLES for AWS S3
; OAUTH2
; Google OAuth2
oauth2_google[client_id] = 'Register with Google in order to get the client_id'
oauth2_google[client_secret] = 'Register with Google in order to get the client_secret'
; oauth2_google[redirect_uri] - Must be set together with the client_id and the client_secret above
; oauth2_google[redirect_uri] - Change website name, but keep the endpoint listed below or the routing must be modified.
oauth2_google[redirect_uri] = https://w-e-b-s-i-t-e.c-o-m/google-oauth/cb
; When oauth2_google[local_development] is set to true, calls to Google OAuth2 are skipped
; and the responses are only simulated using a test account.
; oauth2_google[local_development] must be false in production if Google OAuth2 is used.
oauth2_google[local_development] = true
; the account used when 'oauth2_google[local_development]' is set to true
oauth2_google[local_development_account] = [email protected]
; END Google OAuth2
; END OAUTH2
; Cache Settings
; Caching is done with the aid of package Phpfastcache (vendor/phpfastcache/phpfastcache/lib/Phpfastcache).
; Phpfastcache global options are defined in [Phpfastcache]/Config/ConfigurationOption.php
; ([Phpfastcache]/Config/ConfigurationOption.php).
; Phpfastcache driver-specific options are defined in `Config.php` file
; located in each driver directory ([Phpfastcache]/Drivers).
; Option to enable/disable cache.
; By default the caching is disabled so don't forget to enable caching in production.
cache_enable = false
; Cache settings have their own Ini Root sections. See below.
; This is required because individual cache settings can have a deeper array like structure (i.e. driver RedisCluster).
; End Ini Root section [cleandeck]
; ----------------------------------------------------------------------------------------------
; End Framework settings
; ----------------------------------------------------------------------------------------------
; ----------------------------------------------------------------------------------------------
; Cache settings
; ----------------------------------------------------------------------------------------------
; Cache settings require 'cache_enable' set to *true*.
; ROOT INI SECTION [cache_http_public]
; Public Http Cache
[cache_http_public]
driver = files
path = /cache/http/public
; (below requires ext-sqlite3)
;driver = sqlite
;path = /cache/http/public.sql
;driver = redis
;host = '127.0.0.1'
;port = 6379
;database = 11
; End ROOT INI SECTION [cache_http_public]
; ROOT INI SECTION [cache_http_private]
; Private Http Cache
[cache_http_private]
driver = files
path = /cache/http/private
; (requires ext-sqlite3)
;driver = sqlite
;path = /cache/http/private.sql
;driver = redis
;host = '127.0.0.1'
;port = 6379
;database = 12
; End ROOT INI SECTION [cache_http_private]
; ROOT INI SECTION [throttle_db]
; Throttle Database
[throttle_db]
driver = files
path = /cache/throttle
; (requires ext-sqlite3)
;driver = sqlite
;path = /cache/throttle.sql
; (requires ext-redis)
;driver = redis
;host = '127.0.0.1'
;port = 6379
;database = 13
; End ROOT INI SECTION [throttle_db]
; ROOT INI SECTION [throttle]
; Throttler Settings (middleware 'Throttle')
; The middleware must be added to each route of interest in the corresponding
; route file (GETRoutes.php, POSTRoutes.php, etc.).
; By default all POST routes use the throttler.
[throttle]
hits = 30
; seconds
interval = 60
; End ROOT INI SECTION [throttle]
; ----------------------------------------------------------------------------------------------
; End Cache settings
; ----------------------------------------------------------------------------------------------
; Append your settings below