Skip to main content

apnscp Tuneables

Tuneable configuration options in apnscp. Default settings and explanations.

apnscp Tuneables

All changes must be made to config/custom/config.ini. config/config.ini is updated periodically with apnscp releases.

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;   apnscp master configuration   ;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
;
; ************ WARNING ************
; DO NOT EDIT DIRECTLY.
; SET NEW VALUES IN conf/custom/config.ini
; ************ WARNING ************
;
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;

;;;
;;; Core configuration that affects all aspects of apnscp
;;;
[core]
; Use env DEVELOPMENT=1 environment variable to trigger debug
debug = ${DEVELOPMENT}
; Display backtraces on (1) error, (2) warning, (3) info, (4) debug/deprecated
; all higher numbers imply lower class reporting; 4 produces backtrace on all
; backtrace occurs when debug set to true.
; Set to -1 to disable backtrace on apnscp-generated events,
; but continue to display PHP error/warning/notice backtraces
debug_backtrace_qualifier=0
; Global temp directory, reflected within virtual domains
temp_dir = /tmp

; In multiserver setups behind a proxy (cp-proxy),
; trust the following source IP or network for X-Forwarded-For
; See https://github.com/apisnetworks/cp-proxy
http_trusted_forward =
; Root directory that stores all
filesystem_virtbase = /home/virtual
; Filesystem template location
filesystem_template = /home/virtual/FILESYSTEMTEMPLATE

; A path that is shared across all sites as read/write
filesystem_shared = /.socket

; Location for run files
run_dir = storage/run

;locale = 'en_US.UTF-8'
; system default, overrides php.ini
;timezone = 'America/New_York'
; Send a copy of all unhandled errors generated in apnscp
;bug_report =

; Brand name for the panel, for white-label
panel_brand="apnscp"
; apnscp version
apnscp_version="3.0"
; apnscp system user
apnscp_system_user=nobody
; preload backend modules
; increases backend initialization but checks for errors
fast_init=!${DEVELOPMENT}

[style]
; Default apnscp theme
theme = "apnscp"
; Allow custom themes
; See https://github.com/apisnetworks/apnscp-bootstrap-sdk
allow_custom = false
; Override apnscp JS
override_js = false

;;;
;;; SOAP API
;;;
[soap]
; Enable soap?
enabled = 1
; WSDL name, located under htdocs/html/
wsdl = "apnscp.wsdl"

;;;
;;; Backend
;;;
[apnscpd]
; Location for apnscpd backend socket
; specify an absolute path to store outside of apnscp
socket = storage/run/apnscp.sock
; Maximum number of backend workers permitted
max_workers = 5
; Minimum number of idle backend workers
min_workers = 1
; Workers to spawn initially
start_workers = 1
; Max backlog per worker
max_backlog = 20
; Make panel a headless installation, no front-end loaded
; Driven entirely by CLI
headless = false

;;;
;;; apnscp brute-force deterrent
;;;
[anvil]
; max auth attempts before all auth is rejected
limit = 20
; duration to retain anvil statistics
ttl = 900
; minimum number of permitted logins before anvil kicks in
min_attempts = 3
; Whitelist for Anvil attempts
; Accepts networks and single IP addresses, separate with a comma
whitelist = 127.0.0.1

;;;
;;; DAV
;;;
[dav]
; Enable DAV
enabled = 1
; Allow non-DAV browser requests + interface
browser = 1

[crm]
; send a small, MMS-suitable, message when a high
; priority ticket is opened or reopened to here
short_copy_admin = 
; Address used to send emails
from_address = apnscp@${HOSTNAME}
; From name for above address
from_name = apnscp
; No-reply used for password reset and login alerts
from_no_reply_address = apnscp@${HOSTNAME}
; Generalied reply-to address for ticket system
reply_address = apnscp+tickets@${HOSTNAME}


[session]
; Maximum duration an idle session is valid
ttl = 15 minutes

[cache]
; In multi-server installations, use the following
; memcached server as an aggregate cache otherwise
; local memcached is used
super_global_host = 
super_global_port = 

; SG password. Super global, if defined, is reachable
; over network and thus open to abuse. See also
; https://packetstormsecurity.com/files/134200/Redis-Remote-Command-Execution.html
super_global_password =

; Local apnscp cache. Socket only; never use TCP
; as it contains sensitive data
socket_perms = 0600

[letsencrypt]
; When signing a certificate use LE staging server
debug=true
; X1 X509 authority key identifier - shouldn't change
keyid=A8:4A:6A:63:04:7D:DD:BA:E6:D1:39:B7:A6:45:65:EF:F3:A8:EC:A1
; Perform a DNS check on each hostname to ensure it is reachable
; If any hostname fails the ACME challenge, e.g. DNS points elsewhere, renewal
; will fail. Keep this on unless you know what you're doing
verify_ip=true
; Include alternative form of requested certificate
; e.g. foo.com includes www.foo.com and www.foo.com includes foo.com
; This requires that verify_ip=true
alternative_form=false
; Additional hostnames to request SSL for
additional_certs=
; Day range a certificate may renew automatically. lookahead is max days to renew
; before expiry; lookbehind is min days to renew.
;
; A lower bracker (lookbehind) is necessary to ensure defunct domains
; are not continuously renewed - or attempted for renewal - against LE's servers.
; Set lookbehind to a large negative int (-999) to attempt to renew all defunct
; certificates.
; Set lookahead to a large positive int (999) to force reissue for all certificates.
; Default settings attempt renewal 10 times, once daily.
lookahead_days=10
lookbehind_days=0

[dns]
; When adding IP-based sites, range from which IP addresses 
; may be allocated. Supports comma-delimited and CIDR notation
allocation_cidr=
; Hosting nameservers sites should use when hosted through the panel
; Leave empty to disable a NS checks
hosting_ns=
; Nameserver that responds authoritatively for any account hosted
; *NOTE*: this should point to the nameservers you use for
; your domain
authoritative_ns=127.0.0.1
; Recursive nameservers used to verify visibility of DNS records
recursive_ns=127.0.0.1
; A single internal master responsible for handling rndc/nsupdate and internal DNS queries
internal_master=
; Primary IP address of the server used in multi-homed environments, leave blank to autodiscover
my_ip4=
; Primary IPv6 address of the server used in multi-homed environments, leave blank to autodiscover
my_ip6=
; DNS providers that apnscp supports. Each provider
; beyond what is provided here must be located under modules/surrogates/
providers=builtin,digitalocean,linode,cloudflare
; Unless defined and unless dns,provider set in configuration
; No DNS will be provided for domain
provider_default=builtin
; Optional global provider key, same form as dns,provider
provider_key=
; UUID to assign this server. UUIDs are used to collaborate with different servers
; to determine whether to remove a DNS zone, e.g. moving server -> server with different
; UUIDs will persist the records when the domain is deleted from Server A so long as the DNS UUID
; differs
uuid=
; Default TTL value for newly created DNS records
default_ttl=43200

[mail]
; List of mail providers. "builtin" relies on Postfix
providers=builtin,gmail
; Default provider to use for mail
provider_default=builtin
; Domain to masquerade as when sending mail
; Affects "Message-ID" generation + non-fully qualified addresses
sending_domain = "${HOSTNAME}"


[quota]
; Storage multiplier if over quota
storage_boost=2
; Time in seconds amnesty is applied
storage_duration=43200
; Min wait time, in seconds, between requesting amnesty
storage_wait=2592000

[domains]
; Nameserver verification check before allowing a domain 
; to be added. Enable on multi-user setups to prevent a user
; from adding google.com and routing all server mail for
; google.com to the user account.
dns_check=1
; Notify admin whenever a domain is added to any account.
; Setting dns_check and notify to false is only recommended
; on a single-user installation.
notify=0

[ssh]
; Include embedded Terminal for users
embed_terminal=1
; Enable users to run daemons
user_daemons=true

[auth]
; When using a multi-server reverse proxy, use this URL
; to query the domain database server
; See https://github.com/apisnetworks/cp-proxy
;  +  Auth::Redirect
server_query=
; When redirecting a login request elsewhere, format the
; redirection as this FQDN, e.g.
; if server = foo and server_format = <SERVER>.apnscp.com, then
; redirect: foo.apnscp.com
; Leaving blank implies SERVER_NAME
server_format=
; Minimum acceptable password length
min_pw_length=7
; Force password requirements check, implies min_pw_length
pw_check=1


[misc]
; Base URL for all support articles. If you would like to self-host
; contact license@apisnetworks.com for information on mirroring KB
kb_base=https://kb.apnscp.com
; In multi-panel installations, use cp_entry as reverse proxy
; See https://github.com/apisnetworks/cp-proxy
cp_proxy=
; Aggregate system status portal used in login portal. Requires Cachet
; See https://cachethq.io and set to URL before api/
sys_status=

[telemetry]
; Include usage statistics to help development of apnscp
enabled=1

[cron]
; Minimum cron resolution time, in seconds, for apnscpd
resolution=300
; Maximum number of workers, each worker takes up between 24-32 MB
max_workers=1
; Disable Horizon and use a primitive single-runner queue manager, frees up 40-60 MB
low_memory=false
; As a percentage of run-queue capacity. Run if 1-minute load < <CPU Count> * <LOAD_LIMIT>
load_limit=0.75

[opcenter]
; default plan name, symlinks from plans/.skeleton
default_plan="basic"
; Configuration directives not listed in plans/default/<svc>
; will terminate execution
strict_svc_config = 1
; Relative to resources/ or an absolute path
plan_path = templates/plans/
; require IP addresses be bound to the server before allocating to site
ip_bind_check=true

[cgroup]
; location for cgroup controllers
home="/sys/fs/cgroup"
; default controller support
controllers=memory,cpu,cpuacct,pids

[httpd]
; Bind to all available interfaces
; Requires manual configuration in httpd-custom.conf
all_interfaces=true
; Window to allow multiple HTTP build/reload requests
; to coalesce. Set to "now" to disable.
reload_delay='2 minutes'