Configuration Reference

From Sympl Wiki
Revision as of 14:48, 19 July 2019 by Kelduum (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

The configuration for Sympl is comprised of a number of text files in each domains config directory (i.e. /srv/example.com/config/) and the /etc/sympl/ directory, which covers system level configurations.

/srv/example.com/config/

Domain configurations are all located in /srv/example.com/config/ which allows easy transfer of a site between servers.

Website Configuration

File or Directory Used For
.../config/ip Contains a list of IP addresses which a website will be bound to. Defaults to the primary IPs (IPv4 and IPv6) of your server. More...
.../config/ssl-only Redirects all non-HTTPS traffic for the site to HTTPS. More...
.../config/hsts Enables HSTS for HTTPS sites. More...
.../config/php Selects the PHP version the site should be run under. Remove the file to default to the bundled version for your distribution. More...
.../config/php-modules A list of PHP modules/extension package names for the site which will be installed automatically. More...
.../config/php-pool Defines the alphanumeric name of the PHP pool for the site. More...
.../config/php-user The local system user to run the PHP process as. More...
.../config/php-group The local group to run the PHP process as. More...
.../config/php-fpm Internal flag used by Sympl to mark that the domain is using PHP-FPM.
.../config/disable-php-security Existence of this file will disable some of the PHP security functions in the automatically generated Apache configurations. More...
/etc/sympl/php/<version>/includes.d/<pool_name>.conf Configuration changes for a specific PHP pool should be placed here. More...
.../config/allow-hidden Existence of this file will allow the website to serve files which are usually hidden. More...
.../config/disable-filesystem-security Existence of this file will disable the automatic filesystem security tasks on this domain. More...
.../config/public-user UID or user name of the user to change ownership of the public/ directory to. Defaults to www-data. More...
.../config/public-group GID or group name of the user to change ownership of the public/ directory to. Defaults to www-data. More...
.../config/stats This file enables automatic generation of web stats with Awffull/Webalizer More...
.../config/stats-htaccess A 'htpasswd' format file used to access the web stats. More...
.../config/apache.d/example.conf Apache config files to be included in the site configuration. More...

See Website Configuration Reference for full details.

Mail Configuration

File or Directory Used For More
.../config/ip Contains a list of IP addresses which mail will be sent from for the domain. Defaults to the primary IPs (IPv4 and IPv6) of your server. More...
.../config/aliases Contains a list of email aliases for this domain. More...
.../config/default_forward Configures what to do with mail sent to accounts which do not exist. More...
.../config/mailbox_quota Sets a maximum size in bytes for each mailbox. Defaults to 0, no quota. More...
.../config/mailbox_ratelimit Sets a maximum number of emails which can be sent in 24 hours. Defaults to 100. More...
.../config/dkim Enables DKIM and sets the selector. Defaults to short hostname or default if that can't be determined. More...
.../config/dkim.key Contains the DKIM private key used to sign outgoing email. More...
.../config/antispam Enables anti-spam filtering for the domain and rejects suspect mail. Setting the content to tag allows email in but tags the subject with the text ''[spam]". More...
.../config/antivirus Enables anti-virus filtering for the domain, rejecting flagged emails. More...
.../config/blacklists/sbl.spamhaus.org Enables the SpamHaus Block List More...
.../config/blacklists/xbl.spamhaus.org Enabled the SpamHaus Exploits Block List More...
.../config/blacklists/pbl.spamhaus.org Enables the SpamHaus Policy Block List More...
.../config/blacklists/sbl-pbl.spamhaus.org Enables both the SpamHaus Block List and the Exploits Block List More...
.../config/blacklists/zen.spamhaus.org Enables the SpamHaus Block List, the Exploits Block List, and SpamHaus Policy Block List More...

See Mail Configuration Reference for full details.

SSL Configuration

File or Directory Used For
.../config/ssl-provider Selects the automatic SSL provider to use, or disables automatic SSL generation. More...
.../config/ssl/ Directory for the SSL certificates and configuration. Permissions are secured with sympl-filesystem-security. More...
.../config/ssl/current/ A symbolic link which points toward the currently active certificate set directory. More...
.../config/ssl/set_id/ A directory containing the SSL files for the set set_id. More...
.../config/ssl/set_id/ssl.crt The SSL certificate in X.509 format. More...
.../config/ssl/set_id/ssl.key The SSL key in X.509 format. More...
.../config/ssl/set_id/ssl.bundle The SSL intermediate certificate in X.509 format. More...
.../config/ssl/set_id/ssl.combined A combination of ssl.crt, ssl.bundle and ssl.key, in that order. More...
.../config/ssl/set_id/ssl.csr The Certificate Signing Request. file in X.509 format. More...
.../config/ssl/letsencrypt/email Email address for Let's Encrypt registration and notices. This defaults to root@your-server-hostname so may need to be changed from the default if your server does not have a publicly visible name. More...
.../config/ssl/letsencrypt/rsa_key_size The size in bits of the public RSA key generated for the SSL certificate. Defaults to 2048. More...
.../config/ssl/letsencrypt/endpoint The Let's Encrypt API endpoint to use. Defaults to https://acme-v02.api.letsencrypt.org/directory. More...
.../config/ssl/letsencrypt/docroot The document root for the domain, used to confirm ownership. Defaults to /srv/example.com/public/htdocs. More...
.../config/ssl/letsencrypt/account_key The private RSA key for this Let's Encrypt account. Generated automatically if not present. More...
.../config/ssl/selfsigned/rsa_key_size The size in bits of the public RSA key generated for the SSL certificate. Defaults to 2048. More...
.../config/ssl/selfsigned/lifetime The length in days the certificate should be valid for. Defaults to 365. More...

See SSL Configuration Reference for full details.

FTP Configuration

File or Directory Used For More
.../config/ftp-password Sets the password for FTP access to /srv/example.com/public/ with the username example.com More...
.../config/ftp-quota Sets a maximum size of files and directories in /srv/example.com/public/ before preventing uploads. More...
.../config/ftp-users Per user configuration for FTP access. More...

See FTP Configuration Reference for full details.

DNS Configuration

File or Directory Used For More
.../config/dns/ Contains generated DNS files. More...
.../config/dns/example.com.txt Automatically generated DNS file for example.com. More...
.../config/ttl Sets the 'Time To Live' for generated DNS entries in seconds. Defaults to 300 (5 min). More...
.../config/spf Enables generation of an SPF record for the domain. Defaults to v=spf1 +a +mx ?all. More...
.../config/dkim Sets the DKIM 'selector'. Defaults to the short hostname of the server. See also DKIM to enable signing of email. More...
.../config/dmarc Enables generation of a DMARC record for the domain. Defaults to v=DMARC1; p=quarantine; sp=none:300. More...

See DNS Configuration Reference for full details.

Cron Configuration

File or Directory Used For More
/srv/example.com/config/crontab Runs scheduled jobs as the sympl user, on a per-domain basis. More...

See Cron Configuration Reference for full details.

/etc/sympl/

The /etc/sympl/ directory covers system configurations, which affect all domains.

Firewall Configuration

File or Directory Used For More
/etc/sympl/firewall/ Contains the firewall configuration. More...
/etc/sympl/firewall/incoming.d/ Contains rules for incoming traffic. More...
/etc/sympl/firewall/outgoing.d/ Contains rules for outgoing traffic. More...
/etc/sympl/firewall/disabled Disables all updates for sympl-firewall. More...
/etc/sympl/firewall/blacklist.d/ Contains automatic and manual blacklist rules. More...
/etc/sympl/firewall/blacklist.d/disabled Fully disables the automatic blacklist functionality. More...
/etc/sympl/firewall/patterns.d/ Contains patterns matched to detect abusive hosts. More...
/etc/sympl/firewall/whitelist.d/ Contains automatic and manual whitelist rules. More...
/etc/sympl/firewall/whitelist.d/disabled Fully disables the automatic whitelist functionality. More...
/etc/sympl/firewall/local.d/ Contains manual rules to be run after the firewall is updated. More...

See Firewall Configuration Reference for full details.

Backup Configuration

File or Directory Used For More
/etc/sympl/backup.d/ Contains the backup configuration and support scripts. More...
/etc/sympl/backup.d/conf.d/ Contains the backup2l configuration files. More...
/etc/sympl/backup.d/pre-backup.d/ Contains scripts which are run before the backup. More...
/etc/sympl/backup.d/post-backup.d/ Contains scripts which are run after the backup has completed. More...

See Backup Configuration Reference for full details.

Service Monitoring Configuraton

File or Directory Used For More
/etc/sympl/monit.d/ Contains the monit scripts. More...
/etc/sympl/monit.d/incrond Ensures the incrond service which monitors the filesystem for changes is running properly, and restarts it if needed. More...
/etc/sympl/monit.d/exim4 Ensures Exim is running properly, which handles mail transfer, and restarts it if needed. More...
/etc/sympl/monit.d/sshd Ensures the SSH daemon which provides SSH access to the server is running properly, and restarts it if needed. More...
/etc/sympl/monit.d/cron Ensures Cron the job scheduler is running properly, and restarts it if needed. More...
/etc/sympl/monit.d/clamav-dovecot Ensures the ClamAV daemon which tests incoming mail for viruses is running properly, and restarts it if needed. More...
/etc/sympl/monit.d/clamav-freshclam Ensures the ClamAV freshclam service which updates antivirus definitions is running properly and restarts it if needed. More...
/etc/sympl/monit.d/mysqld Ensures MySQL the database service is running properly, and restarts it if needed. More...
/etc/sympl/monit.d/apache2 Ensures Apache which provides the web services are running properly, and restarts it if needed. More...
/etc/sympl/monit.d/dovecot Ensures Dovecot which handles mailboxes is running properly, and restarts it if needed. More...
/etc/sympl/monit.d/spamassassin Ensures SpamAssassin which tests incoming mail for spam is running properly, and restarts it if needed. More...
/etc/sympl/monit.d/pure-ftpd Ensures Pure-FTPd which provides FTP access is running properly, and restarts it if needed. More...

See Service Monitoring Configuration Reference for full details.