1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/backdrop_ynh.git synced 2024-09-03 20:36:14 +02:00
backdrop_ynh/conf/settings.example.php

440 lines
18 KiB
PHP
Raw Normal View History

2020-10-18 17:57:06 +02:00
<?php
/**
* @file
* Main Backdrop CMS configuration file.
*/
/**
* Database configuration:
*
* Most sites can configure their database by entering the connection string
* below. If using master/slave databases or multiple connections, see the
* advanced database documentation at
* https://api.backdropcms.org/database-configuration
*/
$database = 'mysql://user:pass@localhost/database_name';
$database_prefix = '__DBNAME___';
/**
* Site configuration files location.
*
* By default these directories are stored within the files directory with a
* hashed path. For the best security, these directories should be in a location
* that is not publicly accessible through a web browser.
*
* Example using directories one parent level up:
* @code
* $config_directories['active'] = '../config/active';
* $config_directories['staging'] = '../config/staging';
* @endcode
*
* Example using absolute paths:
* @code
* $config_directories['active'] = '/home/myusername/config/active';
* $config_directories['staging'] = '/home/myusername/config/staging';
* @endcode
*/
$config_directories['active'] = 'files/config_' . md5($database) . '/active';
$config_directories['staging'] = 'files/config_' . md5($database) . '/staging';
/**
* Access control for update.php script.
*
* If you are updating your Backdrop installation using the update.php script
* but are not logged in using either an account with the "Administer software
* updates" permission or the site maintenance account (the account that was
* created during installation), you will need to modify the access check
* statement below. Change the FALSE to a TRUE to disable the access check.
* After finishing the upgrade, be sure to open this file again and change the
* TRUE back to a FALSE!
*/
$settings['update_free_access'] = FALSE;
/**
* Salt for one-time login links and cancel links, form tokens, etc.
*
* This variable will be set to a random value by the installer. All one-time
* login links will be invalidated if the value is changed. Note that if your
* site is deployed on a cluster of web servers, you must ensure that this
* variable has the same value on each server. If this variable is empty, a hash
* of the serialized database credentials will be used as a fallback salt.
*
* For enhanced security, you may set this variable to a value using the
* contents of a file outside your docroot that is never saved together
* with any backups of your Backdrop files and database.
*
* Example:
* @code
* $settings['hash_salt'] = file_get_contents('/home/example/salt.txt');
* @endcode
*
*/
$settings['hash_salt'] = '__SALT__';
/**
* Trusted host configuration (optional but highly recommended).
*
* Since the HTTP Host header can be set by the user making the request, it
* is possible for malicious users to override it and create an attack vector.
* To protect against these sort of attacks, Backdrop supports checking a list
* of trusted hosts.
*
* To enable the trusted host protection, specify the allowable hosts below.
* This should be an array of regular expression patterns representing the hosts
* you would like to allow.
*
* For example, this will allow the site to only run from www.example.com:
* @code
* $settings['trusted_host_patterns'] = array(
* '^www\.example\.com$',
* );
* @endcode
*
* If you are running a site on multiple domain names, you should specify all of
* the host patterns that are allowed by your site. For example, this will allow
* the site to run off of all variants of example.com and example.org, with all
* subdomains included:
* @code
* $settings['trusted_host_patterns'] = array(
* '^example\.com$',
* '^.+\.example\.com$',
* '^example\.org',
* '^.+\.example\.org',
* );
* @endcode
*
* If you do not need this functionality (such as in development environments or
* if protection is at another layer), you can suppress the status report
* warning by setting this value to FALSE:
* @code
* $settings['trusted_host_patterns'] = FALSE;
* @endcode
*
* For more information about trusted host patterns, see the documentation at
* https://api.backdropcms.org/documentation/trusted-host-settings
*
* @see backdrop_valid_http_host()
* @see backdrop_check_trusted_hosts()
* @see system_requirements()
*/
// $settings['trusted_host_patterns'] = array('^www\.example\.com$');
/**
* Base URL (optional).
*
* If Backdrop is generating incorrect URLs on your site, which could be in HTML
* headers (links to CSS and JS files) or visible links on pages (such as in
* menus), uncomment the Base URL statement below and fill in the absolute URL
* to your Backdrop installation.
*
* You might also want to force users to use a given domain.
* See the .htaccess file for more information.
*
* Examples:
* $base_url = 'http://www.example.com';
* $base_url = 'http://www.example.com:8888';
* $base_url = 'http://www.example.com/backdrop';
* $base_url = 'https://www.example.com:8888/backdrop';
*
* It is not allowed to have a trailing slash; Backdrop will add it for you.
*/
// $base_url = 'http://www.example.com'; // NO trailing slash!
/**
* PHP settings:
*
* To see what PHP settings are possible, including whether they can be set at
* runtime (by using ini_set()), read the PHP documentation:
* http://www.php.net/manual/ini.list.php
* See backdrop_environment_initialize() in includes/bootstrap.inc for required
* runtime settings and the .htaccess file for non-runtime settings. Settings
* defined there should not be duplicated here so as to avoid conflict issues.
*/
/**
* Some distributions of Linux (most notably Debian) ship their PHP
* installations with garbage collection (gc) disabled. Since Backdrop depends
* on PHP's garbage collection for clearing sessions, ensure that garbage
* collection occurs by using the most common settings.
*/
ini_set('session.gc_probability', 1);
ini_set('session.gc_divisor', 100);
/**
* Set session lifetime (in seconds), i.e. the time from the user's last visit
* to the active session may be deleted by the session garbage collector. When
* a session is deleted, authenticated users are logged out, and the contents
* of the user's $_SESSION variable is discarded.
*/
ini_set('session.gc_maxlifetime', 200000);
/**
* Set session cookie lifetime (in seconds), i.e. the time from the session is
* created to the cookie expires, i.e. when the browser is expected to discard
* the cookie. The value 0 means "until the browser is closed".
*/
ini_set('session.cookie_lifetime', 2000000);
/**
* If you encounter a situation where users post a large amount of text, and
* the result is stripped out upon viewing but can still be edited, Backdrop's
* output filter may not have sufficient memory to process it. If you
* experience this issue, you may wish to uncomment the following two lines
* and increase the limits of these variables. For more information, see
* http://php.net/manual/en/pcre.configuration.php.
*/
// ini_set('pcre.backtrack_limit', 200000);
// ini_set('pcre.recursion_limit', 200000);
/**
* Backdrop automatically generates a unique session cookie name for each site
* based on its full domain name. If you have multiple domains pointing at the
* same Backdrop site, you can either redirect them all to a single domain (see
* comment in .htaccess), or uncomment the line below and specify their shared
* base domain. Doing so assures that users remain logged in as they cross
* between your various domains. Make sure to always start the $cookie_domain
* with a leading dot, as per RFC 2109.
*/
// $cookie_domain = '.example.com';
/**
* A custom theme can be set for the offline page. This applies when the site
* is explicitly set to maintenance mode through the administration page or when
* the database is inactive due to an error. It can be set through the
* 'maintenance_theme' key. The template file should also be copied into the
* theme. It is located inside
* 'core/modules/system/templates/maintenance-page.tpl.php'.
* Note: This setting does not apply to installation and update pages.
*/
// $settings['maintenance_theme'] = 'bartik';
/**
* Reverse Proxy Configuration:
*
* Reverse proxy servers are often used to enhance the performance
* of heavily visited sites and may also provide other site caching,
* security, or encryption benefits. In an environment where Backdrop
* is behind a reverse proxy, the real IP address of the client should
* be determined such that the correct client IP address is available
* to Backdrop's logging and access management systems. In
* the most simple scenario, the proxy server will add an
* X-Forwarded-For header to the request that contains the client IP
* address. However, HTTP headers are vulnerable to spoofing, where a
* malicious client could bypass restrictions by setting the
* X-Forwarded-For header directly. Therefore, Backdrop's proxy
* configuration requires the IP addresses of all remote proxies to be
* specified in $settings['reverse_proxy_addresses'] to work correctly.
*
* Enable this setting to get Backdrop to determine the client IP from
* the X-Forwarded-For header (or $settings['reverse_proxy_header'] if set).
* If you are unsure about this setting, do not have a reverse proxy,
* or Backdrop operates in a shared hosting environment, this setting
* should remain commented out.
*
* In order for this setting to be used you must specify every possible
* reverse proxy IP address in $settings['reverse_proxy_addresses'].
* If a complete list of reverse proxies is not available in your
* environment (for example, if you use a CDN) you may set the
* $_SERVER['REMOTE_ADDR'] variable directly in settings.php.
* Be aware, however, that it is likely that this would allow IP
* address spoofing unless more advanced precautions are taken.
*/
// $settings['reverse_proxy'] = TRUE;
/**
* Specify every reverse proxy IP address in your environment.
* This setting is required if $settings['reverse_proxy'] is TRUE.
*/
// $settings['reverse_proxy_addresses'] = array('a.b.c.d', ...);
/**
* Set this value if your proxy server sends the client IP in a header
* other than X-Forwarded-For.
*/
// $settings['reverse_proxy_header'] = 'HTTP_X_CLUSTER_CLIENT_IP';
/**
* Page caching:
*
* By default, Backdrop sends a "Vary: Cookie" HTTP header for anonymous page
* views. This tells a HTTP proxy that it may return a page from its local
* cache without contacting the web server, if the user sends the same Cookie
* header as the user who originally requested the cached page. Without "Vary:
* Cookie", authenticated users would also be served the anonymous page from
* the cache. If the site has mostly anonymous users except a few known
* editors/administrators, the Vary header can be omitted. This allows for
* better caching in HTTP proxies (including reverse proxies), i.e. even if
* clients send different cookies, they still get content served from the cache.
* However, authenticated users should access the site directly (i.e. not use an
* HTTP proxy, and bypass the reverse proxy if one is used) in order to avoid
* getting cached pages from the proxy.
*/
// $settings['omit_vary_cookie'] = TRUE;
/**
* Expiration of cache_form entries:
*
* Backdrop's Form API stores details of forms in cache_form and these entries
* are kept for at least 6 hours by default. Expired entries are cleared by
* cron. Busy sites can encounter problems with the cache_form table becoming
* very large. It's possible to mitigate this by setting a shorter expiration
* for cached forms. In some cases it may be desirable to set a longer cache
* expiration. For example to prolong cache_form entries for Ajax forms in
* cached HTML.
*
* @see form_set_cache()
* @see system_cron()
* @see ajax_get_form()
*/
// $settings['form_cache_expiration'] = 21600;
/**
* String overrides:
*
* To override specific strings on your site with or without enabling locale
* module, add an entry to this list. This functionality allows you to change
* a small number of your site's default English language interface strings.
*
* Uncomment the lines below to enable.
*/
/*
$settings['locale_custom_strings_en'][''] = array(
'forum' => 'Discussion board',
'@count min' => '@count minutes',
);
*/
/**
* Fast 404 pages:
*
* Backdrop can generate fully themed 404 pages. However, some of these
* responses are for images or other resource files that are not displayed to
* the user. This can waste bandwidth, and also generate server load.
*
* The options below return a simple, fast 404 page for URLs matching a
* specific pattern:
* - 404_fast_paths_exclude: A regular expression to match paths to exclude,
* such as images generated by image styles, or dynamically-resized images.
* The default pattern provided below also excludes the private file system.
* If you need to add more paths, you can add '|path' to the expression.
* - 404_fast_paths: A regular expression to match paths that should return a
* simple 404 page, rather than the fully themed 404 page. If you don't have
* any aliases ending in htm or html you can add '|s?html?' to the expression.
* - 404_fast_html: The html to return for simple 404 pages.
*
* Comment out this code if you would like to disable this functionality.
*/
$settings['404_fast_paths_exclude'] = '/\/(?:styles)|(?:system\/files)\//';
$settings['404_fast_paths'] = '/\.(?:txt|png|gif|jpe?g|css|js|ico|swf|flv|cgi|bat|pl|dll|exe|asp)$/i';
$settings['404_fast_html'] = '<!DOCTYPE html><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL "@path" was not found on this server.</p></body></html>';
/**
* By default, fast 404s are returned as part of the normal page request
* process, which will properly serve valid pages that happen to match and will
* also log actual 404s to the Backdrop log. Alternatively you can choose to
* return a 404 now by uncommenting the following line. This will reduce server
* load, but will cause even valid pages that happen to match the pattern to
* return 404s, rather than the actual page. It will also prevent the Backdrop
* system log entry. Ensure you understand the effects of this before enabling.
*
* To enable this functionality, uncomment the line below.
*/
// fast_404();
/**
* External access proxy settings:
*
* If your site must access the Internet via a web proxy then you can enter
* the proxy settings here. Currently only basic authentication is supported
* by using the username and password variables. The proxy_user_agent variable
* can be set to NULL for proxies that require no User-Agent header or to a
* non-empty string for proxies that limit requests to a specific agent. The
* proxy_exceptions variable is an array of host names to be accessed directly,
* not via proxy.
*/
// $settings['proxy_server'] = '';
// $settings['proxy_port'] = 8080;
// $settings['proxy_username'] = '';
// $settings['proxy_password'] = '';
// $settings['proxy_user_agent'] = '';
// $settings['proxy_exceptions'] = array('127.0.0.1', 'localhost');
/**
* Authorized file system operations:
*
* The Update Manager module included with Backdrop provides a mechanism for
* site administrators to securely install missing updates for the site
* directly through the web user interface. On securely-configured servers,
* the Update manager will require the administrator to provide SSH or FTP
* credentials before allowing the installation to proceed; this allows the
* site to update the new files as the user who owns all the Backdrop files,
* instead of as the user the webserver is running as. On servers where the
* webserver user is itself the owner of the Backdrop files, the administrator
* will not be prompted for SSH or FTP credentials (note that these server
* setups are common on shared hosting, but are inherently insecure).
*
* Some sites might wish to disable the above functionality, and only update
* the code directly via SSH or FTP themselves. This setting completely
* disables all functionality related to these authorized file operations.
*
* Uncomment the line below to disable authorize operations.
*/
// $settings['allow_authorize_operations'] = FALSE;
/**
* Mixed-mode sessions:
*
* Set to TRUE to create both secure and insecure sessions when using HTTPS.
* Defaults to FALSE.
*/
// $settings['https'] = TRUE;
/**
* Drupal backwards compatibility.
*
* By default, Backdrop 1.0 includes a compatibility layer to keep it compatible
* with Drupal 7 APIs. Backdrop core itself does not use this compatibility
* layer however. You may disable it if all the modules you're running were
* built for Backdrop.
*/
$settings['backdrop_drupal_compatibility'] = TRUE;
/**
* Configuration overrides.
*
* These settings allow you to specify values for anything stored in config
* within the files stored in the $config_directories variable above.
* This can be useful to store per-environment values or sensitive data that
* is undesirable to store in the config storage.
*
* There are particular configuration values that are risky to override. For
* example overriding field storage will create errors because associated
* database changes are necessary. Modifying values within complicated objects
* such as views, content types, vocabularies, etc. may not work as expected.
* Use any available API functions for complex systems instead.
*/
//$config['system.core']['site_name'] = 'My Backdrop site';
//$config['system.core']['file_temporary_path'] = '/tmp';
/**
* Include a local settings file, if available.
*
* To make local development easier, you can add a settings.local.php file that
* contains settings specific to your local installation, or to any secondary
* environment (staging, development, etc).
*
* Typically used to specify a different database connection information, to
* disable caching, JavaScript/CSS compression, re-routing of outgoing e-mails,
* Google Analytics, and other things that should not happen on development and
* testing sites.
*
* This local settings file can be ignored in your Git repository, so that any
* updates to settings.php can be pulled in without overwriting your local
* changes.
*
* Keep this code block at the end of this file to take full effect.
*/
if (file_exists(__DIR__ . '/settings.local.php')) {
include __DIR__ . '/settings.local.php';
}