###################################################################################
####################        Webinoly Configuration file        ####################
###################################################################################

#        Don't like our defaults? Every part of Webinoly is overrideable!         #
#                                                                                 # 
# You should NEVER modify this file if you are not sure about what you are doing. #
# We have made a very detailed and extensive documentation just for you!          #
# Please, read: https://webinoly.com/documentation/                               #
#                                                                                 #
# 1 - Uncomment the variable (Remove the '#' at the beggining)                    #
# 2 - Set your custom value (var:value)                                           #
# 3 - And then 'sudo webinoly -server-reset' to changes take effect.              #
#                                                                                 #
# * Reset only one package is allowed: -server-reset=php (os,nginx,php,mysql)     #
###################################################################################



############################
##### Operating System #####
############################

# Timezone
# Values: https://www.php.net/manual/en/timezones.php
# Default: <empty>
# Same as: sudo webinoly -timezone
###########################
#timezone:America/Mexico_City


# Kernel Optimization
# Values: boolean (true/false)
# Default: true
###########################
#kernel-optim:true


# Percentage of RAM assigned to /run folder
# Values: numeric int (10 < % < 70)
# Default: 25
###########################
#run-folder-size:25


# Size of linux swap file
# Values: numeric int (GB)
# Default: <variable> (calculated based on your server resources)
# Note: (server-reset with 'recalculate' is needed)
###########################
#swap-mem:1


# IAM Role (AWS Credentials)
# Values: boolean (true/false)
# Default: false
# Note: (server-reset not needed)
# Note: Set to 'true' if your EC2 instance has an IAM Role attached with full access to S3
# Same as: sudo webinoly -aws-s3-credentials=awsiamrole
###########################
#awsiamrole:false





###########################
#####      NGINX      #####
###########################

# Nginx Branch
# Values: stable | mainline
# Default: stable
# Note: (set before installing, server-reset not needed)
# Note: NEVER change this value here when Nginx package is already installed
###########################
#nginx-ppa:stable


# Maximum Upload file size
# Values: numeric int (MB)
# Default: 100
# Note: PHP is also affected by this setting (max file/post size)
###########################
#max-mb-uploads:100


# Saved Email Address
# Values: <email-address>
# Default: <empty>
# Note: (server-reset not needed)
# Note: Let's Encrypt uses this email to register your certs.
# Note: Existing accounts won't be updated, in that case you better use the proper command shown below to update all your current certs.
# Same as: sudo webinoly -email=user@example.com
###########################
#mail:user@example.com


# SFTP Access for www-data user
# Values: boolean (true/false)
# Default: false
# Same as: sudo webinoly -login-www-data=on
###########################
#sftp-www-data:false


# Nginx Access Logs Disabled
# Values: boolean (true/false)
# Default: true
# Note: This setting will be applied to new sites, or for existing sites 'access log' needs to be reenabled (same for global).
# Same as: sudo log -only-error=on
###########################
#global-access-log-off:true


# Nginx Log Format
# Values: basic | extended | custom
# Default: basic
# With server reset only the global setting is applied.
# Note: This setting will be applied to new sites, or for existing sites 'access log' needs to be reenabled (same for global).
# Note: https://webinoly.com/documentation/logs/#format
###########################
#nginx-log-format:basic


# Nginx Error Log Level
# Values: info | notice | warn | error | crit | alert | emerg
# Default: error
# With server reset only the global setting is applied.
# Note: This setting will be applied to new sites, or for existing sites 'access log' needs to be reenabled (same for global).
###########################
#nginx-error-log-level:error


# Nginx Default Response
# Values: default | blackhole | <example.com>
# Default: default (Nginx Welcome Page)
# Note: For better security 'blackhole' is highly recommended.
# Same as: sudo webinoly -default-site=blackhole
###########################
#default-response:default


# Admin Tools Access
# Values: default | <example.com>
# Default: default
# Same as: sudo webinoly -tools-site
###########################
#tools-site:default


# Admin Tools Access Port
# Values: numeric int (< 65535)
# Default: 22222
# Same as: sudo webinoly -tools-port
###########################
#tools-port-set:22222


# HTTP Authentication Whitelist IP
# Values: <ip>,<ip>,<ip>...
# Default: <empty>
# Same as: sudo httpauth -whitelist
###########################
#auth-whitelist-ip:1.1.1.1,2.2.2.2


# Block IP Access
# Values: <ip>,<ip>,<ip>...
# Default: <empty>
# Same as: sudo webinoly -blockip
###########################
#blockip:1.1.1.1,2.2.2.2


# Block/Deny files and extensions
# Values:  <filename>|<filename>... (with this extension only: txt|html|htm|md)
# Values:  <ext>|<ext>... (any file using any of these extensions)
# Note: This is a security feature, please don't modify unless you are sure about it.
# Note: For example, any request to 'readme.txt' or 'name.log' will be blocked (case insensitive) by default.
# Note: To revert any changes and set the original Webinoly defaults, just #comment these two variables and then server-reset.
# Note: You can remove some extensions like 'exe' if you are distributing installers, for instance, or you can add any of your preference.
###########################
#locations-deny-files:changelog|example|installation|legalnotice|license|readme|wp-config
#locations-deny-extensions:7z|asc|asp|aspx|ba|bak|bash|bat|bin|bz2|c|cfg|cgi|class|com|conf|cpp|crt|cs|dat|db|dbf|deb|der|dll|dmg|dmp|dump|ear|exe|git|gz|h|hg|hqx|img|ini|iso|jar|jsp|log|mdb|msi|msm|msp|old|orig|original|out|pem|php#|php_bak|php~|pkg|pl|ppk|py|rar|rdf|rpm|run|save|sh|sql|srv|svn|swo|swp|sys|tar|taz|tcl|tgz|tk|tmp|tpl|tz|vb|war|wsf|z|zip


# FastCGI Cache
# Values: <time> (s,m,h,d,w,M,y)
# Default: 30d,7d,1m (Success,Inactive,Redirects)
# Note: https://webinoly.com/documentation/webinolys/#cache
# Same as: sudo webinoly -cache-valid
###########################
#fastcgi-conf:30d,7d,1m


# WordPress FastCGI Cache Defaults
# Values: all | never (query strings)
# Values:  <uri>|<uri>... (url)
# Values:  <cookie>|<cookie>... (cookie)
# Note: To revert any changes and set the original Webinoly defaults, just #comment these three variables and then server-reset.
# Note: Also, you can add further rules via command line using the proper commands described in the docs.
# Note: https://webinoly.com/documentation/webinolys/#cache
###########################
#wpcache-query-strings:never
#wpcache-exclude-url:/wp-admin/|/xmlrpc.php|wp-.*.php|index.php|/feed/|.*sitemap.*\.xml|/feed/|/account/|/add_to_cart/|/cart/|/my-account/|/checkout/|/logout/
#wpcache-exclude-cookie:comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in|[a-z0-9]+_items_in_cart|[a-z0-9]+_cart_hash


# WordPress Login Basic Authentication
# Values: boolean (true/false)
# Default: true
# Note: (server-reset not needed)
# Note: It will be applied ONLY for sites created after this setting is changed.
# Note: For existing sites you should use the proper command 'sudo httpauth example.com -wp-admin=on'.
# Note: You can whitelist an IP to skip authentication. Read the docs!
###########################
#wp-admin-auth:true


# WordPress XMLRPC requests
# Values: open | limited | blocked
# Default: limited
###########################
#xmlrpc:limited


# HTTP Header: Cache Control
# Values: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
# Default: no-cache
# Note: Use 'off' value to disable this header.
###########################
#header-cache-control:public, max-age=604800, immutable


# HTTP Header: Content Security Policy
# Values: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
# Default: <empty>
###########################
#header-csp:default-src https: 'unsafe-eval' 'unsafe-inline'; object-src 'none'
#header-csp-report-only:off


# HTTP Header: HTTP Strict Transport Security (HSTS)
# Values: default | preload | <max-age> | off
# Default: default (31536000)
# Note: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
###########################
#header-hsts:default


# HTTP Header: Permissions Policy
# Values: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
# Default: <empty>
# Note: Use 'floc' value to automatically include the policy to forbid Topics API calculation.
# Note: https://developer.chrome.com/docs/privacy-sandbox/topics/#site-opt-out
###########################
#header-permissions:accelerometer=(),autoplay=(),camera=(),display-capture=(),encrypted-media=(),fullscreen=(),gamepad=(),geolocation=(),gyroscope=(),hid=(),local-fonts=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),usb=(),web-share=(),xr-spatial-tracking=()


# HTTP Header: Referrer Policy
# Values: no-referrer | no-referrer-when-downgrade | origin | origin-when-cross-origin | same-origin | strict-origin | strict-origin-when-cross-origin | unsafe-url | off
# Default: no-referrer-when-downgrade
# Note: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
###########################
#header-referrer:no-referrer-when-downgrade


# HTTP Header: X-Content-Type-Options
# Values: boolean (true/false)
# Default: true (nosniff)
# Note: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
###########################
#header-xcto:true


# HTTP Header: X-Frame-Options
# Values: deny | sameorigin | allow-from | off
# Default: sameorigin
# Note: This header is no longer recommended and support will be removed very soon from Webinoly.
# Note: The Content-Security-Policy HTTP header has a frame-ancestors directive which obsoletes this header for supporting browsers.
# Note: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
###########################
#header-xfo:sameorigin
#header-xfo-url:<allow-from url>


# HTTP Header: X-Robots-Tag
# Values: https://developers.google.com/search/docs/advanced/robots/robots_meta_tag#xrobotstag
# Default: <empty>
# Note: Multiple X-Robots-Tag headers can be combined using the '|' delimiter.
# Note: For example, two separate headers will be added (googlebot: nofollow|otherbot: noindex, nofollow)
###########################
#header-robots:noindex,nofollow


# HTTP Header: X-XSS-Protection
# Values: boolean (true/false)
# Default: false
# Note: This header is no longer recommended and support will be removed very soon from Webinoly.
# Note: These protections are largely unnecessary in modern browsers when sites implement a strong Content-Security-Policy.
# Note: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
# Note: When true is set: (X-XSS-Protection: 1; mode=block)
###########################
#header-xssp:false


# HTTP Header: Add any other Custom Header
# Read: https://webinoly.com/documentation/webinolys/#customheaders
############################





###########################
######      PHP      ######
###########################

# PHP Version
# Values: https://www.php.net/supported-versions.php
# Default: <latest-stable>
# Note: (set before installing, server-reset not needed)
# Note: NEVER change this value here when PHP package is already installed, use the proper command instead.
# Same as: sudo stack -php-ver=8.1 (<-This is the proper command to change the PHP version even when is already installed)
###########################
#php-ver:8.1


# PHP Process Manager
# Values: static | dynamic | ondemand
# Default: <variable> (calculated based on your server resources)
###########################
#php-pm:dynamic


# PHP number of child processes to be created
# Values: numeric int
# Default: <variable> (calculated based on your server resources)
# Note: start, min and max_spare_servers are calculated automatically based on this 'max_child' value.
###########################
#php-max-child:10


# PHP maximum amount of memory that a script is allowed to allocate
# Values: numeric int (MB)
# Default: 192
###########################
#php-max-mem:192


# PHP maximum time in seconds a script is allowed to run before it is terminated
# Values: numeric int (seconds)
# Default: 60
###########################
#php-max-time:60


# PHP maximum number of files allowed to be uploaded simultaneously
# Values: numeric int
# Default: 20
# Note: To modify the max file/post size, see the 'max-mb-uploads' in Nginx section, that value is also taken by PHP.
###########################
#php-max-files:20


# PHP How many input variables may be accepted
# Values: numeric int
# Default: 5000
# Note: Limit is applied to $_GET, $_POST and $_COOKIE superglobal separately.
###########################
#php-max-input-vars:5000


# PHP OpCache Validate Timestamps
# Values: boolean (true/false)
# Default: true
# Note: When this directive is disabled, you must reset OPcache manually or by restarting the Web server for changes to the filesystem to take effect.
###########################
#php-opcache-timestamps:true


# PHP OpCache Revalidate Frequency
# Values: numeric int (seconds)
# Default: 2
# Note: Raising this value can cause developers to notice that changes in PHP code not taking effect. (similar to validate timestamps)
# Note: This configuration directive is ignored if opcache.validate_timestamps is disabled.
# Note: A good value (10-15), production servers with not frequent changes in code (60).
###########################
#php-opcache-reval:2


# PHP Path_Info
# Values: boolean (true/false)
# Default: true
# Note: (server-reset not needed)
# Note: It will be applied ONLY for sites created after this setting is changed.
# Note: This setting is always 'false' for WP sites.
###########################
#php-info:true


# Redis maximum amount of memory before eviction policies
# Values: numeric int (% < 100)
# Default: 10
###########################
#redis-max-mem:10





#####################################
#####      MySQL / MariaDB      #####
#####################################

# Database Engine
# Values: mariadb | mysql
# Default: mariadb
# Note: (set before installing, server-reset not needed)
# Note: NEVER change this value here when MySQL/MariaDB package is already installed.
###########################
#db-engine:mariadb


# MySQL/MariaDB Version
# Values: https://mariadb.com/kb/en/mariadb-server-release-dates/ (at least latest three stable)
# Default: <latest-stable>
# Note: (set before installing, server-reset not needed)
# Note: In case of MySQL, 8.0 is the only supported version.
# Note: NEVER change this value here when MySQL (MariaDB) package is already installed, use the proper command instead.
# Same as: sudo stack -mysql-ver=10.6 (<-This is the proper command to change the MarianDB version even when is already installed)
###########################
#mysql-ver:10.6


# Saved External DB Credentials to use instead of localhost
# Values: <access-data>
# Default: <empty>
# Note: (server-reset not needed)
# Note: https://webinoly.com/documentation/sites/#externaldb
###########################
#external-dbh:<host>
#external-dbx:<port>
#external-dbu:<user>
#external-dbp:<pass>


# Default Database Privileges
# Values: basic | limited | extra | complete | full | grant | all
# Default: full
# Note: (server-reset not needed)
# Note: https://webinoly.com/documentation/webinolys/#privileges
###########################
#dbrole:full


# MySQL/MariaDB General Log
# Values: boolean (true/false)
# Default: false
# Note: When enabled, you can see this log in real-time using 'sudo log -mysql=general'
# Same as: sudo log -mysql=general -enable
#mysql-log-general:false


# MySQL/MariaDB Binary Log
# Values: boolean (true/false)
# Default: false
# Note: When enabled, you can see this log in real-time using 'sudo log -mysql=binary'
# Same as: sudo log -mysql=binary -enable
#mysql-log-binary:false


# MySQL/MariaDB Slow Query Log
# Values: boolean (true/false)
# Default: false
# Note: When enabled, you can see this log in real-time using 'sudo log -mysql=slow'
# Same as: sudo log -mysql=slow -enable
#mysql-log-slow:false


# MySQL/MariaDB Long Query Time
# Values: number int (seconds)
# Default: 10
# Note: If a query takes longer than this many seconds to execute, the query is logged to the slow query log.
# Same as: sudo log -mysql=slow -enable -long-query-time=3
#mysql-long-query-time:3


# MySQL/MariaDB Public/External Access
# Values: boolean (true/false)
# Default: false
# Same as: sudo webinoly -mysql-public-access=on
#mysql-public-access:false





#
##
#####
##########
##############
# Stop editing!
# You should NEVER change the values listed below.
# Just for internal use!
###################################################