Skip to main content

apnscp Tuneables

Tuneable configuration options in apnscp. Default settings and explanations.

apnscp Tuneables

All changes must be made to config/custom/config.ini. config/config.ini is updated periodically with apnscp releases.

;   apnscp master configuration   ;
; ************ WARNING ************
; SET NEW VALUES IN conf/custom/config.ini
; ************ WARNING ************

;;; Core configuration that affects all aspects of apnscp
; Use env DEVELOPMENT=1 environment variable to trigger debug
debug = ${DEVELOPMENT}
; Display backtraces on (1) error, (2) warning, (3) info, (4) debug/deprecated
; all higher numbers imply lower class reporting; 4 produces backtrace on all
; backtrace occurs when debug set to true.
; Set to -1 to disable backtrace on apnscp-generated events,
; but continue to display PHP error/warning/notice backtraces
; Global temp directory, reflected within virtual domains
temp_dir = /tmp

; In multiserver setups behind a proxy (cp-proxy),
; trust the following source IP or network for X-Forwarded-For
; See
http_trusted_forward =
; Root directory that stores all
filesystem_virtbase = /home/virtual
; Filesystem template location
filesystem_template = /home/virtual/FILESYSTEMTEMPLATE

; A path that is shared across all sites as read/write
filesystem_shared = /.socket

; Location for run files
run_dir = storage/run

;locale = 'en_US.UTF-8'
; system default, overrides php.ini
;timezone = 'America/New_York'
; Send a copy of all unhandled errors generated in apnscp
;bug_report =

; Brand name for the panel, for white-label
; apnscp version
; apnscp system user
; preload backend modules
; increases backend initialization but checks for errors

; Default apnscp theme
theme = "apnscp"
; Allow custom themes
; See
allow_custom = false
; Override apnscp JS
override_js = false

; Enable soap?
enabled = 1
; WSDL name, located under htdocs/html/
wsdl = "apnscp.wsdl"

;;; Backend
; Location for apnscpd backend socket
; specify an absolute path to store outside of apnscp
socket = storage/run/apnscp.sock
; Maximum number of backend workers permitted
max_workers = 5
; Minimum number of idle backend workers
min_workers = 1
; Workers to spawn initially
start_workers = 1
; Max backlog per worker
max_backlog = 20

;;; apnscp brute-force deterrent
; max auth attempts before all auth is rejected
limit = 20
; duration to retain anvil statistics
ttl = 900
; minimum number of permitted logins before anvil kicks in
min_attempts = 3
; Whitelist for Anvil attempts
; Accepts networks and single IP addresses, separate with a comma
whitelist =

;;; DAV
; Enable DAV
enabled = 1
; Allow non-DAV browser requests + interface
browser = 1

; send a small, MMS-suitable, message when a high
; priority ticket is opened or reopened to here
short_copy_admin = 
; Address used to send emails
from_address = apnscp@${HOSTNAME}
; From name for above address
from_name = apnscp
; No-reply used for password reset and login alerts
from_no_reply_address = apnscp@${HOSTNAME}
; Generalied reply-to address for ticket system
reply_address = apnscp+tickets@${HOSTNAME}

; Maximum duration an idle session is valid
ttl = 15 minutes

; In multi-server installations, use the following
; memcached server as an aggregate cache otherwise
; local memcached is used
super_global_host = 
super_global_port = 

; SG password. Super global, if defined, is reachable
; over network and thus open to abuse. See also
super_global_password =

; Local apnscp cache. Socket only; never use TCP
; as it contains sensitive data
socket_perms = 0600

; When signing a certificate use LE staging server
; X1 X509 authority key identifier - shouldn't change
; Perform a DNS check on each hostname to ensure it is reachable
; If any hostname fails the ACME challenge, e.g. DNS points elsewhere, renewal
; will fail. Keep this on unless you know what you're doing
; Include alternative form of requested certificate
; e.g. includes and includes
; This requires that verify_ip=true
; Additional hostnames to request SSL for
; Day range a certificate may renew automatically. lookahead is max days to renew
; before expiry; lookbehind is min days to renew.
; A lower bracker (lookbehind) is necessary to ensure defunct domains
; are not continuously renewed - or attempted for renewal - against LE's servers.
; Set lookbehind to a large negative int (-999) to attempt to renew all defunct
; certificates.
; Set lookahead to a large positive int (999) to force reissue for all certificates.
; Default settings attempt renewal 10 times, once daily.

; When adding IP-based sites, range from which IP addresses 
; may be allocated. Supports comma-delimited and CIDR notation
; Hosting nameservers sites should use when hosted through the panel
; Leave empty to disable a NS checks
; Nameserver that responds authoritatively for any account hosted
; *NOTE*: this should point to the nameservers you use for
; your domain
; Recursive nameservers used to verify visibility of DNS records
; A single internal master responsible for handling rndc/nsupdate and internal DNS queries
; Primary IP address of the server used in multi-homed environments, leave blank to autodiscover
; Primary IPv6 address of the server used in multi-homed environments, leave blank to autodiscover
; DNS providers that apnscp supports. Each provider
; beyond what is provided here must be located under modules/surrogates/
; Unless defined and unless dns,provider set in configuration
; No DNS will be provided for domain

; List of mail providers. "builtin" relies on Postfix
; Default provider to use for mail
; Domain to masquerade as when sending mail
; Affects "Message-ID" generation + non-fully qualified addresses
sending_domain = "${HOSTNAME}"

; Storage multiplier if over quota
; Time in seconds amnesty is applied
; Min wait time, in seconds, between requesting amnesty

; Nameserver verification check before allowing a domain 
; to be added. Enable on multi-user setups to prevent a user
; from adding and routing all server mail for
; to the user account.
; Notify admin whenever a domain is added to any account.
; Setting dns_check and notify to false is only recommended
; on a single-user installation.

; Include embedded Terminal for users

; When using a multi-server reverse proxy, use this URL
; to query the domain database server
; See
;  +  Auth::Redirect
; When redirecting a login request elsewhere, format the
; redirection as this FQDN, e.g.
; if server = foo and server_format = <SERVER>, then
; redirect:
; Leaving blank implies SERVER_NAME
; Minimum acceptable password length
; Force password requirements check, implies min_pw_length

; Base URL for all support articles. If you would like to self-host
; contact for information on mirroring KB
; In multi-panel installations, use cp_entry as reverse proxy
; See
; Aggregate system status portal used in login portal. Requires Cachet
; See and set to URL before api/

; Include usage statistics to help development of apnscp

; Minimum cron resolution time, in seconds, for apnscpd
; Maximum number of workers, each worker takes up between 24-32 MB
; Disable Horizon and use a primitive single-runner queue manager, frees up 40-60 MB
; As a percentage of run-queue capacity. Run if 1-minute load < <CPU Count> * <LOAD_LIMIT>

; default plan name, symlinks from plans/.skeleton
; Configuration directives not listed in plans/default/<svc>
; will terminate execution
strict_svc_config = 1
; Relative to resources/ or an absolute path
plan_path = templates/plans/

; location for cgroup controllers