Configuration Reference
The configuration for Sympl is comprised of a number of text files in each domains config directory (i.e. /srv/example.com/config/
) and the /etc/sympl/
directory, which covers system level configurations.
/srv/example.com/config/
Domain configurations are all located in /srv/example.com/config/
which allows easy transfer of a site between servers.
Website Configuration
File or Directory | Used For | |
---|---|---|
.../config/ip
|
Contains a list of IP addresses which a website will be bound to. Defaults to the primary IPs (IPv4 and IPv6) of your server. | More... |
.../config/ssl-only
|
Redirects all non-HTTPS traffic for the site to HTTPS. | More... |
.../config/hsts
|
Enables HSTS for HTTPS sites. | More... |
.../config/php
|
Selects the PHP version the site should be run under. Remove the file to default to the bundled version for your distribution. | More... |
.../config/php-modules
|
A list of PHP modules/extension package names for the site which will be installed automatically. | More... |
.../config/php-pool
|
Defines the alphanumeric name of the PHP pool for the site. | More... |
.../config/php-user
|
The local system user to run the PHP process as. | More... |
.../config/php-group
|
The local group to run the PHP process as. | More... |
.../config/php-fpm
|
Internal flag used by Sympl to mark that the domain is using PHP-FPM. | |
.../config/disable-php-security
|
Existence of this file will disable some of the PHP security functions in the automatically generated Apache configurations. | More... |
/etc/sympl/php/<version>/includes.d/<pool_name>.conf
|
Configuration changes for a specific PHP pool should be placed here. | More... |
.../config/allow-hidden
|
Existence of this file will allow the website to serve files which are usually hidden. | More... |
.../config/disable-filesystem-security
|
Existence of this file will disable the automatic filesystem security tasks on this domain. | More... |
.../config/public-user
|
UID or user name of the user to change ownership of the public/ directory to. Defaults to www-data.
|
More... |
.../config/public-group
|
GID or group name of the user to change ownership of the public/ directory to. Defaults to www-data.
|
More... |
.../config/stats
|
This file enables automatic generation of web stats with Awffull/Webalizer | More... |
.../config/stats-htaccess
|
A 'htpasswd' format file used to access the web stats. | More... |
.../config/apache.d/example.conf
|
Apache config files to be included in the site configuration. | More... |
See Website Configuration Reference for full details.
Mail Configuration
File or Directory | Used For | More |
---|---|---|
.../config/ip
|
Contains a list of IP addresses which mail will be sent from for the domain. Defaults to the primary IPs (IPv4 and IPv6) of your server. | More... |
.../config/aliases
|
Contains a list of email aliases for this domain. | More... |
.../config/default_forward
|
Configures what to do with mail sent to accounts which do not exist. | More... |
.../config/mailbox_quota
|
Sets a maximum size in bytes for each mailbox. Defaults to 0 , no quota.
|
More... |
.../config/mailbox_ratelimit
|
Sets a maximum number of emails which can be sent in 24 hours. Defaults to 100 .
|
More... |
.../config/dkim
|
Enables DKIM and sets the selector. Defaults to short hostname or default if that can't be determined. | More... |
.../config/dkim.key
|
Contains the DKIM private key used to sign outgoing email. | More... |
.../config/antispam
|
Enables anti-spam filtering for the domain and rejects suspect mail. Setting the content to tag allows email in but tags the subject with the text ''[spam]".
|
More... |
.../config/antivirus
|
Enables anti-virus filtering for the domain, rejecting flagged emails. | More... |
.../config/blacklists/sbl.spamhaus.org
|
Enables the SpamHaus Block List | More... |
.../config/blacklists/xbl.spamhaus.org
|
Enabled the SpamHaus Exploits Block List | More... |
.../config/blacklists/pbl.spamhaus.org
|
Enables the SpamHaus Policy Block List | More... |
.../config/blacklists/sbl-pbl.spamhaus.org
|
Enables both the SpamHaus Block List and the Exploits Block List | More... |
.../config/blacklists/zen.spamhaus.org
|
Enables the SpamHaus Block List, the Exploits Block List, and SpamHaus Policy Block List | More... |
See Mail Configuration Reference for full details.
SSL Configuration
File or Directory | Used For | |
---|---|---|
.../config/ssl-provider
|
Selects the automatic SSL provider to use, or disables automatic SSL generation. | More... |
.../config/ssl/
|
Directory for the SSL certificates and configuration. Permissions are secured with sympl-filesystem-security .
|
More... |
.../config/ssl/current/
|
A symbolic link which points toward the currently active certificate set directory. | More... |
.../config/ssl/set_id/
|
A directory containing the SSL files for the set set_id .
|
More... |
.../config/ssl/set_id/ssl.crt
|
The SSL certificate in X.509 format. | More... |
.../config/ssl/set_id/ssl.key
|
The SSL key in X.509 format. | More... |
.../config/ssl/set_id/ssl.bundle
|
The SSL intermediate certificate in X.509 format. | More... |
.../config/ssl/set_id/ssl.combined
|
A combination of ssl.crt , ssl.bundle and ssl.key , in that order.
|
More... |
.../config/ssl/set_id/ssl.csr
|
The Certificate Signing Request. file in X.509 format. | More... |
.../config/ssl/letsencrypt/email
|
Email address for Let's Encrypt registration and notices. This defaults to root@your-server-hostname so may need to be changed from the default if your server does not have a publicly visible name.
|
More... |
.../config/ssl/letsencrypt/rsa_key_size
|
The size in bits of the public RSA key generated for the SSL certificate. Defaults to 2048 .
|
More... |
.../config/ssl/letsencrypt/endpoint
|
The Let's Encrypt API endpoint to use. Defaults to https://acme-v02.api.letsencrypt.org/directory .
|
More... |
.../config/ssl/letsencrypt/docroot
|
The document root for the domain, used to confirm ownership. Defaults to /srv/example.com/public/htdocs .
|
More... |
.../config/ssl/letsencrypt/account_key
|
The private RSA key for this Let's Encrypt account. Generated automatically if not present. | More... |
.../config/ssl/selfsigned/rsa_key_size
|
The size in bits of the public RSA key generated for the SSL certificate. Defaults to 2048 .
|
More... |
.../config/ssl/selfsigned/lifetime
|
The length in days the certificate should be valid for. Defaults to 365 .
|
More... |
See SSL Configuration Reference for full details.
FTP Configuration
File or Directory | Used For | More |
---|---|---|
.../config/ftp-password
|
Sets the password for FTP access to /srv/example.com/public/ with the username example.com
|
More... |
.../config/ftp-quota
|
Sets a maximum size of files and directories in /srv/example.com/public/ before preventing uploads.
|
More... |
.../config/ftp-users
|
Per user configuration for FTP access. | More... |
See FTP Configuration Reference for full details.
DNS Configuration
File or Directory | Used For | More |
---|---|---|
.../config/dns/
|
Contains generated DNS files. | More... |
.../config/dns/example.com.txt
|
Automatically generated DNS file for example.com .
|
More... |
.../config/ttl
|
Sets the 'Time To Live' for generated DNS entries in seconds. Defaults to 300 (5 min).
|
More... |
.../config/spf
|
Enables generation of an SPF record for the domain. Defaults to v=spf1 +a +mx ?all .
|
More... |
.../config/dkim
|
Sets the DKIM 'selector'. Defaults to the short hostname of the server. See also DKIM to enable signing of email. | More... |
.../config/dmarc
|
Enables generation of a DMARC record for the domain. Defaults to v=DMARC1; p=quarantine; sp=none:300 .
|
More... |
See DNS Configuration Reference for full details.
Cron Configuration
File or Directory | Used For | More |
---|---|---|
/srv/example.com/config/crontab
|
Runs scheduled jobs as the sympl user, on a per-domain basis.
|
More... |
See Cron Configuration Reference for full details.
/etc/sympl/
The /etc/sympl/
directory covers system configurations, which affect all domains.
Firewall Configuration
File or Directory | Used For | More |
---|---|---|
/etc/sympl/firewall/
|
Contains the firewall configuration. | More... |
/etc/sympl/firewall/incoming.d/
|
Contains rules for incoming traffic. | More... |
/etc/sympl/firewall/outgoing.d/
|
Contains rules for outgoing traffic. | More... |
/etc/sympl/firewall/disabled
|
Disables all updates for sympl-firewall .
|
More... |
/etc/sympl/firewall/blacklist.d/
|
Contains automatic and manual blacklist rules. | More... |
/etc/sympl/firewall/blacklist.d/disabled
|
Fully disables the automatic blacklist functionality. | More... |
/etc/sympl/firewall/patterns.d/
|
Contains patterns matched to detect abusive hosts. | More... |
/etc/sympl/firewall/whitelist.d/
|
Contains automatic and manual whitelist rules. | More... |
/etc/sympl/firewall/whitelist.d/disabled
|
Fully disables the automatic whitelist functionality. | More... |
/etc/sympl/firewall/local.d/
|
Contains manual rules to be run after the firewall is updated. | More... |
See Firewall Configuration Reference for full details.
Backup Configuration
File or Directory | Used For | More |
---|---|---|
/etc/sympl/backup.d/
|
Contains the backup configuration and support scripts. | More... |
/etc/sympl/backup.d/conf.d/
|
Contains the backup2l configuration files.
|
More... |
/etc/sympl/backup.d/pre-backup.d/
|
Contains scripts which are run before the backup. | More... |
/etc/sympl/backup.d/post-backup.d/
|
Contains scripts which are run after the backup has completed. | More... |
See Backup Configuration Reference for full details.
Service Monitoring Configuraton
File or Directory | Used For | More |
---|---|---|
/etc/sympl/monit.d/
|
Contains the monit scripts. | More... |
/etc/sympl/monit.d/incrond
|
Ensures the incrond service which monitors the filesystem for changes is running properly, and restarts it if needed. | More... |
/etc/sympl/monit.d/exim4
|
Ensures Exim is running properly, which handles mail transfer, and restarts it if needed. | More... |
/etc/sympl/monit.d/sshd
|
Ensures the SSH daemon which provides SSH access to the server is running properly, and restarts it if needed. | More... |
/etc/sympl/monit.d/cron
|
Ensures Cron the job scheduler is running properly, and restarts it if needed. | More... |
/etc/sympl/monit.d/clamav-dovecot
|
Ensures the ClamAV daemon which tests incoming mail for viruses is running properly, and restarts it if needed. | More... |
/etc/sympl/monit.d/clamav-freshclam
|
Ensures the ClamAV freshclam service which updates antivirus definitions is running properly and restarts it if needed. | More... |
/etc/sympl/monit.d/mysqld
|
Ensures MySQL the database service is running properly, and restarts it if needed. | More... |
/etc/sympl/monit.d/apache2
|
Ensures Apache which provides the web services are running properly, and restarts it if needed. | More... |
/etc/sympl/monit.d/dovecot
|
Ensures Dovecot which handles mailboxes is running properly, and restarts it if needed. | More... |
/etc/sympl/monit.d/spamassassin
|
Ensures SpamAssassin which tests incoming mail for spam is running properly, and restarts it if needed. | More... |
/etc/sympl/monit.d/pure-ftpd
|
Ensures Pure-FTPd which provides FTP access is running properly, and restarts it if needed. | More... |
See Service Monitoring Configuration Reference for full details.