- <?php
- * @file
- * Main Backdrop CMS configuration file.
- */
-
- * Database configuration:
- *
- * Most sites can configure their database by entering the connection details
- * below. For advanced configurations, including:
- * - Custom 'port', 'prefix', 'charset', 'collation' or 'driver' values
- * - Primary/replica databases
- * - Multiple connections
- * See the documentation at https://docs.backdropcms.org/database-configuration
- */
- $database = array(
- 'database' => 'database_name',
- 'username' => 'user',
- 'password' => 'pass',
- 'host' => 'localhost',
- );
-
- * Configuration storage
- *
- * By default configuration will be stored in the filesystem, using the
- * directories specified in the $config_directories setting. Optionally,
- * configuration can be store in the database instead of the filesystem.
- * Switching this option on a live site is not currently supported without some
- * manual work.
- *
- * Example using the database for live and file storage for staging:
- * @code
- * $settings['config_active_class'] = 'ConfigDatabaseStorage';
- * $settings['config_staging_class'] = 'ConfigFileStorage';
- * @endcode
- */
-
- * Site configuration files location (if using file storage for configuration)
- *
- * By default these directories are stored within the files directory with a
- * hashed path. For the best security, these directories should be in a location
- * that is not publicly accessible through a web browser.
- *
- * Example using directories one parent level up:
- * @code
- * $config_directories['active'] = '../config/active';
- * $config_directories['staging'] = '../config/staging';
- * @endcode
- *
- * Example using absolute paths:
- * @code
- * $config_directories['active'] = '/home/myusername/config/active';
- * $config_directories['staging'] = '/home/myusername/config/staging';
- * @endcode
- */
- $config_directories['active'] = 'files/config_' . md5(serialize($database)) . '/active';
- $config_directories['staging'] = 'files/config_' . md5(serialize($database)) . '/staging';
-
- * Skip the configuration staging directory cleanup
- *
- * When the configuration files are in version control, it may be preferable to
- * not empty the staging directory after each sync.
- */
-
- * Temporary access control for update.php script.
- *
- * If you are updating your Backdrop installation using the update.php script
- * but are not logged in using either an account with the "Administer software
- * updates" permission or the site maintenance account (the account that was
- * created during installation), you will need to modify the access check
- * statement below. Change the FALSE to a TRUE to disable the access check.
- * After finishing the upgrade, be sure to open this file again and change the
- * TRUE back to a FALSE!
- */
- $settings['update_free_access'] = FALSE;
-
- * Temporary access control for the restore.php script.
- *
- * The restore.php script allows restoring database and configuration backups.
- * Accounts with the "Restore system backups" permission can access this script.
- * Change the FALSE to a TRUE to disable the access check. This can be used to
- * restore your site in an emergency situation. After finishing the restore, be
- * sure to open this file again and change the TRUE back to a FALSE.
- */
- $settings['restore_free_access'] = FALSE;
-
- * Enable creating database and config backups during the update.php process.
- *
- * By default the backup directory is stored within the files directory with a
- * hashed path. For the best security, this directory should be in a location
- * that is not publicly accessible through a web browser.
- *
- * Example using directories one parent level up:
- * @code
- * $settings['backup_directory'] = '../backups';
- * @endcode
- *
- * Example using absolute paths:
- * @code
- * $settings['backup_directory'] = '/home/myusername/backups';
- * @endcode
- *
- * This can also be set to a value of FALSE to disable the backup capability,
- * for sites that have an alternative backup mechanism in place.
- */
- $settings['backup_directory'] = '';
-
- * Salt for one-time login links and cancel links, form tokens, etc.
- *
- * This variable will be set to a random value by the installer. All one-time
- * login links will be invalidated if the value is changed. Note that if your
- * site is deployed on a cluster of web servers, you must ensure that this
- * variable has the same value on each server. If this variable is empty, a hash
- * of the serialized database credentials will be used as a fallback salt.
- *
- * For enhanced security, you may set this variable to a value using the
- * contents of a file outside your docroot that is never saved together
- * with any backups of your Backdrop files and database.
- *
- * Example:
- * @code
- * $settings['hash_salt'] = file_get_contents('/home/example/salt.txt');
- * @endcode
- */
- $settings['hash_salt'] = '';
-
- * Trusted host configuration (optional but highly recommended).
- *
- * Since the HTTP Host header can be set by the user making the request, it
- * is possible for malicious users to override it and create an attack vector.
- * To protect against these sort of attacks, Backdrop supports checking a list
- * of trusted hosts.
- *
- * To enable the trusted host protection, specify the allowable hosts below.
- * This should be an array of regular expression patterns representing the hosts
- * you would like to allow.
- *
- * For example, this will allow the site to only run from www.example.com:
- * @code
- * $settings['trusted_host_patterns'] = array(
- * '^www\.example\.com$',
- * );
- * @endcode
- *
- * If you are running a site on multiple domain names, you should specify all of
- * the host patterns that are allowed by your site. For example, this will allow
- * the site to run off of all variants of example.com and example.org, with all
- * subdomains included:
- * @code
- * $settings['trusted_host_patterns'] = array(
- * '^example\.com$',
- * '^.+\.example\.com$',
- * '^example\.org',
- * '^.+\.example\.org',
- * );
- * @endcode
- *
- * If you do not need this functionality (such as in development environments or
- * if protection is at another layer), you can suppress the status report
- * warning by setting this value to FALSE:
- * @code
- * $settings['trusted_host_patterns'] = FALSE;
- * @endcode
- *
- * For more information about trusted host patterns, see the documentation at
- * https://api.backdropcms.org/documentation/trusted-host-settings
- *
- * @see backdrop_valid_http_host()
- * @see backdrop_check_trusted_hosts()
- * @see system_requirements()
- */
-
- * Base URL (optional).
- *
- * If Backdrop is generating incorrect URLs on your site, which could be in HTML
- * headers (links to CSS and JS files) or visible links on pages (such as in
- * menus), uncomment the Base URL statement below and fill in the absolute URL
- * to your Backdrop installation.
- *
- * You might also want to force users to use a given domain.
- * See the .htaccess file for more information.
- *
- * Examples:
- * $base_url = 'http://www.example.com';
- * $base_url = 'http://www.example.com:8888';
- * $base_url = 'http://www.example.com/backdrop';
- * $base_url = 'https://www.example.com:8888/backdrop';
- *
- * It is not allowed to have a trailing slash; Backdrop will add it for you.
- */
-
- * PHP settings:
- *
- * To see what PHP settings are possible, including whether they can be set at
- * runtime (by using ini_set()), read the PHP documentation:
- * http://www.php.net/manual/ini.list.php
- * See backdrop_environment_initialize() in includes/bootstrap.inc for required
- * runtime settings and the .htaccess file for non-runtime settings. Settings
- * defined there should not be duplicated here so as to avoid conflict issues.
- */
-
- * Some distributions of Linux (most notably Debian) ship their PHP
- * installations with garbage collection (gc) disabled. Since Backdrop depends
- * on PHP's garbage collection for clearing sessions, ensure that garbage
- * collection occurs by using the most common settings.
- */
- ini_set('session.gc_probability', 1);
- ini_set('session.gc_divisor', 100);
-
- * Set session lifetime (in seconds), i.e. the time from the user's last visit
- * to the active session may be deleted by the session garbage collector. When
- * a session is deleted, authenticated users are logged out, and the contents
- * of the user's $_SESSION variable is discarded.
- */
- ini_set('session.gc_maxlifetime', 200000);
-
- * Set session cookie lifetime (in seconds), i.e. the time from the session is
- * created to the cookie expires, i.e. when the browser is expected to discard
- * the cookie. The value 0 means "until the browser is closed".
- */
- ini_set('session.cookie_lifetime', 2000000);
-
- * If you encounter a situation where users post a large amount of text, and
- * the result is stripped out upon viewing but can still be edited, Backdrop's
- * output filter may not have sufficient memory to process it. If you
- * experience this issue, you may wish to uncomment the following two lines
- * and increase the limits of these variables. For more information, see
- * http://php.net/manual/en/pcre.configuration.php.
- */
-
- * Backdrop automatically generates a unique session cookie name for each site
- * based on its full domain name. If you have multiple domains pointing at the
- * same Backdrop site, you can either redirect them all to a single domain (see
- * comment in .htaccess), or uncomment the line below and specify their shared
- * base domain. Doing so assures that users remain logged in as they cross
- * between your various domains. Make sure to always start the $cookie_domain
- * with a leading dot, as per RFC 2109.
- */
-
- * A custom theme can be set for the offline page. This applies when the site
- * is explicitly set to maintenance mode through the administration page or when
- * the database is inactive due to an error. It can be set through the
- * 'maintenance_theme' key. The template file should also be copied into the
- * theme. It is located inside
- * 'core/modules/system/templates/maintenance-page.tpl.php'.
- * Note: This setting does not apply to installation and update pages.
- */
-
- * Reverse Proxy Configuration:
- *
- * Reverse proxy servers are often used to enhance the performance
- * of heavily visited sites and may also provide other site caching,
- * security, or encryption benefits. In an environment where Backdrop
- * is behind a reverse proxy, the real IP address of the client should
- * be determined such that the correct client IP address is available
- * to Backdrop's logging and access management systems. In
- * the most simple scenario, the proxy server will add an
- * X-Forwarded-For header to the request that contains the client IP
- * address. However, HTTP headers are vulnerable to spoofing, where a
- * malicious client could bypass restrictions by setting the
- * X-Forwarded-For header directly. Therefore, Backdrop's proxy
- * configuration requires the IP addresses of all remote proxies to be
- * specified in $settings['reverse_proxy_addresses'] to work correctly.
- *
- * Enable this setting to get Backdrop to determine the client IP from
- * the X-Forwarded-For header (or $settings['reverse_proxy_header'] if set).
- * If you are unsure about this setting, do not have a reverse proxy,
- * or Backdrop operates in a shared hosting environment, this setting
- * should remain commented out.
- *
- * In order for this setting to be used you must specify every possible
- * reverse proxy IP address in $settings['reverse_proxy_addresses'].
- * If a complete list of reverse proxies is not available in your
- * environment (for example, if you use a CDN) you may set the
- * $_SERVER['REMOTE_ADDR'] variable directly in settings.php.
- * Be aware, however, that it is likely that this would allow IP
- * address spoofing unless more advanced precautions are taken.
- */
-
- * Specify every reverse proxy IP address in your environment.
- * This setting is required if $settings['reverse_proxy'] is TRUE.
- */
-
- * Set this value if your proxy server sends the client IP in a header
- * other than X-Forwarded-For.
- */
-
- * Page caching:
- *
- * By default, Backdrop sends a "Vary: Cookie" HTTP header for anonymous page
- * views. This tells a HTTP proxy that it may return a page from its local
- * cache without contacting the web server, if the user sends the same Cookie
- * header as the user who originally requested the cached page. Without "Vary:
- * Cookie", authenticated users would also be served the anonymous page from
- * the cache. If the site has mostly anonymous users except a few known
- * editors/administrators, the Vary header can be omitted. This allows for
- * better caching in HTTP proxies (including reverse proxies), i.e. even if
- * clients send different cookies, they still get content served from the cache.
- * However, authenticated users should access the site directly (i.e. not use an
- * HTTP proxy, and bypass the reverse proxy if one is used) in order to avoid
- * getting cached pages from the proxy.
- */
-
- * Expiration of cache_form entries:
- *
- * Backdrop's Form API stores details of forms in cache_form and these entries
- * are kept for at least 6 hours by default. Expired entries are cleared by
- * cron. Busy sites can encounter problems with the cache_form table becoming
- * very large. It's possible to mitigate this by setting a shorter expiration
- * for cached forms. In some cases it may be desirable to set a longer cache
- * expiration. For example to prolong cache_form entries for Ajax forms in
- * cached HTML.
- *
- * @see form_set_cache()
- * @see system_cron()
- * @see ajax_get_form()
- */
-
- * String overrides:
- *
- * To override specific strings on your site with or without enabling locale
- * module, add an entry to this list. This functionality allows you to change
- * a small number of your site's default English language interface strings.
- *
- * Uncomment the lines below to enable.
- */
- $settings['locale_custom_strings_en'][''] = array(
- 'forum' => 'Discussion board',
- '@count min' => '@count minutes',
- );
- */
-
- * Fast 404 pages:
- *
- * Backdrop can generate fully themed 404 pages. However, some of these
- * responses are for images or other resource files that are not displayed to
- * the user. This can waste bandwidth, and also generate server load.
- *
- * The options below return a simple, fast 404 page for URLs matching a
- * specific pattern:
- * - 404_fast_paths_exclude: A regular expression to match paths to exclude,
- * such as images generated by image styles, or dynamically-resized images.
- * The default pattern provided below also excludes the private file system.
- * If you need to add more paths, you can add '|path' to the expression.
- * - 404_fast_paths: A regular expression to match paths that should return a
- * simple 404 page, rather than the fully themed 404 page. If you don't have
- * any aliases ending in htm or html you can add '|s?html?' to the expression.
- * - 404_fast_html: The html to return for simple 404 pages.
- *
- * Comment out this code if you would like to disable this functionality.
- */
- $settings['404_fast_paths_exclude'] = '/\/(?:styles)|(?:system\/files)\//';
- $settings['404_fast_paths'] = '/\.(?:txt|png|gif|jpe?g|css|js|ico|swf|flv|cgi|bat|pl|dll|exe|asp)$/i';
- $settings['404_fast_html'] = '<!DOCTYPE html><html lang="en"><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL "@path" was not found on this server.</p></body></html>';
-
- * By default, fast 404s are returned as part of the normal page request
- * process, which will properly serve valid pages that happen to match and will
- * also log actual 404s to the Backdrop log. Alternatively you can choose to
- * return a 404 now by uncommenting the following line. This will reduce server
- * load, but will cause even valid pages that happen to match the pattern to
- * return 404s, rather than the actual page. It will also prevent the Backdrop
- * system log entry. Ensure you understand the effects of this before enabling.
- *
- * To enable this functionality, uncomment the line below.
- */
-
- * External access proxy settings:
- *
- * If your site must access the Internet via a web proxy then you can enter
- * the proxy settings here. Currently only basic authentication is supported
- * by using the username and password variables. The proxy_user_agent variable
- * can be set to NULL for proxies that require no User-Agent header or to a
- * non-empty string for proxies that limit requests to a specific agent. The
- * proxy_exceptions variable is an array of host names to be accessed directly,
- * not via proxy.
- */
-
- * Authorized file system operations:
- *
- * The Update Manager module included with Backdrop provides a mechanism for
- * site administrators to securely install missing updates for the site
- * directly through the web user interface. On securely-configured servers,
- * the Update manager will require the administrator to provide SSH or FTP
- * credentials before allowing the installation to proceed; this allows the
- * site to update the new files as the user who owns all the Backdrop files,
- * instead of as the user the webserver is running as. On servers where the
- * webserver user is itself the owner of the Backdrop files, the administrator
- * will not be prompted for SSH or FTP credentials (note that these server
- * setups are common on shared hosting, but are inherently insecure).
- *
- * Some sites might wish to disable the above functionality, and only update
- * the code directly via SSH or FTP themselves. This setting completely
- * disables all functionality related to these authorized file operations.
- *
- * Uncomment the line below to disable authorize operations.
- */
-
- * Mixed-mode sessions:
- *
- * Set to TRUE to create both secure and insecure sessions when using HTTPS.
- * Defaults to FALSE.
- */
-
- * Drupal backwards compatibility.
- *
- * By default, Backdrop 1.x includes a compatibility layer to keep it compatible
- * with Drupal 7 APIs. Backdrop core itself does not use this compatibility
- * layer however. You may disable it if all the modules and themes used on the
- * site were built for Backdrop.
- */
- $settings['backdrop_drupal_compatibility'] = TRUE;
-
- * Suppress warnings of multiple versions of the same module being found.
- *
- * When scanning for module files, if Backdrop encounters multiple instances of
- * the same module (for example, a version of a module in the /modules directory
- * that has the same name as a module in /core), then only the last module will
- * be loaded. In such cases, Backdrop will show a warning on the status report
- * page.
- *
- * Having multiple versions of the same module may be intentional in certain use
- * cases though, such as in some multisite configurations, when there is need to
- * override a core or contrib module with a different version in the /sites
- * folder. In such cases, you may want to disable the status report warnings.
- *
- * Uncomment the line below to disable the warnings.
- */
-
- * Configuration overrides.
- *
- * These settings allow you to specify values for anything stored in config
- * within the files stored in the $config_directories variable above.
- * This can be useful to store per-environment values or sensitive data that
- * is undesirable to store in the config storage.
- *
- * There are particular configuration values that are risky to override. For
- * example overriding field storage will create errors because associated
- * database changes are necessary. Modifying values within complicated objects
- * such as views, content types, vocabularies, etc. may not work as expected.
- * Use any available API functions for complex systems instead.
- */
-
- * File schemes whose paths should not be normalized.
- *
- * Normally, Backdrop normalizes '/./' and '/../' segments in file URIs in order
- * to prevent unintended file access. For example, 'private://css/../image.png'
- * is normalized to 'private://image.png' before checking access to the file.
- *
- * On Windows, Backdrop also replaces '\' with '/' in file URIs.
- *
- * If file URIs with one or more scheme should not be normalized like this, then
- * list the schemes here. For example, if 'example://path/./filename.png' should
- * not be normalized to 'example://path/filename.png', then add 'example' to
- * this array. In this case, make sure that the module providing the 'example'
- * scheme does not allow unintended file access when using '/../' to move up the
- * directory tree.
- */
-
- * Additional public file schemes.
- *
- * Public schemes are URI schemes that allow download access to all users for
- * all files within that scheme.
- *
- * The "public" scheme is always public, and the "private" scheme is always
- * private, but other schemes, such as "https", "s3", "example", or others,
- * can be either public or private depending on the site. By default, they're
- * private, and access to individual files is controlled via
- * hook_file_download().
- *
- * Typically, if a scheme should be public, a module makes it public by
- * implementing hook_file_download(), and granting access to all users for all
- * files. This could be either the same module that provides the stream wrapper
- * for the scheme, or a different module that decides to make the scheme
- * public. However, in cases where a site needs to make a scheme public, but
- * is unable to add code in a module to do so, the scheme may be added to this
- * variable, the result of which is that system_file_download() grants public
- * access to all files within that scheme.
- */
-
- * Sensitive request headers in backdrop_http_request() when following a
- * redirect.
- *
- * By default backdrop_http_request() will strip sensitive request headers when
- * following a redirect if the redirect location has a different http host to
- * the original request, or if the scheme downgrades from https to http.
- *
- * These variables allow opting out of this behaviour. Careful consideration of
- * the security implications of opting out is recommended. To opt out, set to
- * FALSE.
- *
- * @see _backdrop_should_strip_sensitive_headers_on_http_redirect()
- * @see backdrop_http_request()
- */
-
- * Include a local settings file, if available.
- *
- * To make local development easier, you can add a settings.local.php file that
- * contains settings specific to your local installation, or to any secondary
- * environment (staging, development, etc).
- *
- * Typically used to specify a different database connection information, to
- * disable caching, JavaScript/CSS compression, re-routing of outgoing emails,
- * Google Analytics, and other things that should not happen on development and
- * testing sites.
- *
- * This local settings file can be ignored in your Git repository, so that any
- * updates to settings.php can be pulled in without overwriting your local
- * changes.
- *
- * Keep this code block at the end of this file to take full effect.
- */
- if (file_exists(__DIR__ . '/settings.local.php')) {
- include __DIR__ . '/settings.local.php';
- }