# LEMPer configuration file
#
# Do not remove this file!
# To make changes copy this file as ".env" file

[installer]
# Auto install, true for auto installation,
# false for manual or guided installation.
AUTO_INSTALL=true
FORCE_INSTALL=false

# Cleanup existing LEMP / LAMP stack installation.
AUTO_REMOVE=true
FORCE_REMOVE=false

# Dry run install, true for testing only.
DRYRUN=false

# Attempt to fix broken packages.
FIX_BROKEN_INSTALL=false

# Allocate swap space that will be used for swap.
ENABLE_SWAP=true

# Logging for installation process.
LOGGING=true

# Path to the install log file.
LOG_FILE="./install.log"

# LEMPer build directorty, will be removed after installation.
BUILD_DIR="/tmp/lemper"

[lemper]
# LEMP stack environment.
# Use development for local environment or production for live environment.
ENVIRONMENT="development"

# In production, server hostname must be valid FQDN format (e.g. hostname.domain.ext).
SERVER_HOSTNAME=""

# Server IP address, leave it blank for auto detection.
SERVER_IP=""

# Default Timezone, leave it blank to use default UTC timezone
# or "none" for current server setting.
# Ref: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
# Example: Asia/Jakarta
TIMEZONE="UTC"

# Default LEMPer Stack account username.
LEMPER_USERNAME="lemper"

# Password for default LEMPer Stack account,
# leave it blank for auto generated secure password.
LEMPER_PASSWORD=""

# Administration email. Change it! don't leave it blank!
LEMPER_ADMIN_EMAIL="mail@example.com"

[ssh]
# Customized SSH port.
SSH_PORT=2269

# Allow SSH root login (value: true | false).
SSH_ROOT_LOGIN=false

# Password-less SSH, login with key (value: true | false).
SSH_PASSWORDLESS=false

# Your RSA Public key.
RSA_PUB_KEY="copy your ssh public rsa key here"

[nginx]
INSTALL_NGINX=true

# Available Nginx installer: repo | source
NGINX_INSTALLER="repo"

# Nginx repository source: ondrej | myguard
NGINX_REPO_SRC="myguard"

# Supported Nginx version: stable (lts) | latest (mainline),
# version number e.g. 1.18.0 (only if Nginx build from source).
NGINX_VERSION="stable"

# Extra Nginx build parameters,
# requires Nginx installation from source.

# Build with custom OpenSSL.
NGINX_WITH_CUSTOMSSL=false

# Available custom SSL version: e.g. openssl-3.1.5, openssl-3.1.5-quic1, libressl-3.9.2
# leave empty to use stack default OpenSSL.
NGINX_CUSTOMSSL_VERSION="openssl-3.1.5-quic1"

# Build with PCRE JIT.
NGINX_WITH_PCRE=false

# PCRE JIT version (requires PCRE 8.20 and latest): e.g. 8.44, 8.45
# get the PCRE version from here http://www.pcre.org/
NGINX_PCRE_VERSION="8.45"

# Extra parameters,
# requires Nginx installation from source.
NGINX_DYNAMIC_MODULE=true
NGINX_EXTRA_MODULES=true

# Availabe extra modules (true to enable),
# requires Nginx installation from source.
NGX_HTTP_AUTH_PAM=true
NGX_HTTP_BROTLI=true
NGX_HTTP_CACHE_PURGE=true
NGX_HTTP_DAV_EXT=false
NGX_HTTP_ECHO=false
NGX_HTTP_FANCYINDEX=true
NGX_HTTP_GEOIP=true

# GeoIP2 with MaxMind GeoLite2 database.
NGX_HTTP_GEOIP2=false

# GeoLite2 license key is required, get it from here https://www.maxmind.com/en/geolite2/signup
GEOLITE2_LICENSE_KEY=""

NGX_HTTP_HEADERS_MORE=true
NGX_HTTP_IMAGE_FILTER=true
NGX_HTTP_MEMCACHED=false
NGX_HTTP_NAXSI=false
NGX_HTTP_NDK=false
NGX_HTTP_NJS=false

# Build with Lua JIT module.
NGX_HTTP_LUA=false

# Lua JIT module requires LuaJIT 2.1 and latest: e.g. v2.1-20211210, v2.1-20220111
# LuaJIT2 version from here https://github.com/openresty/luajit2/tags
# Lua Resty Core version from here https://github.com/openresty/lua-resty-core
# Lua Resty LRU Cache version from here https://github.com/openresty/lua-resty-lrucache
LUA_JIT_VERSION="v2.1-20240626"
LUA_RESTY_CORE_VERSION="v0.1.28"
LUA_RESTY_LRUCACHE_VERSION="v0.13"
LUA_NGINX_MODULE_VERSION="v0.10.26"
LUA_NGINX_STREAM_MODULE_VERSION="master"

NGX_HTTP_PASSENGER=false
NGX_HTTP_REDIS2=false
NGX_HTTP_SUBS_FILTER=true
NGX_HTTP_UPSTREAM_FAIR=false
NGX_HTTP_VTS=true
NGX_HTTP_XSLT_FILTER=true
NGX_MAIL=true
NGX_NCHAN=false

NGX_RTMP=false
NGX_STREAM=true

# Rate limit module.
NGINX_RATE_LIMITING=false
NGINX_RATE_LIMIT_REQUESTS=100

[php]
INSTALL_PHP=true

# It is highly recommended to install PHP version 7.4 or greater.
# Installing multiple versions is supported, separate version by space.
PHP_VERSIONS="8.1 8.2 8.3"

# Additional PHP modules (extensions) to install.
# Installing multiple extension is supported, separate version by space.
# Type only the extension name (without php*-).
PHP_EXTENSIONS="geoip gnupg imagick igbinary json mcrypt memcache memcached msgpack sodium xdebug"

# DO NOT CHANGE
DEFAULT_PHP_VERSION="8.2"

[php-loader]
# PHP Loader is a PHP extension (module) that enables PHP
# to load protected and encoded files.
INSTALL_PHP_LOADER=false

# Available PHP loader: ioncube | sourceguardian | all
PHP_LOADER="ioncube"

[php-phalcon]
# Phalcon is a PHP web framework based on the MVC pattern delivered as C-extension.
INSTALL_PHP_PHALCON=false

# Available Phalcon installer: repo | source
PHP_PHALCON_INSTALLER="repo"

# Available Phalcon version: 3.4.5 | 4.0.6 | latest
PHP_PHALCON_VERSION="4.1.2"

# Phalcon zephir transpiler.
INSTALL_PHP_ZEPHIR=false
PHP_ZEPHIR_VERSION="0.12.19"

[php-composer]
INSTALL_PHP_COMPOSER=true

[imagemagick]
# ImageMagick is a free and open-source software suite for manipulating raster and vector image.
INSTALL_IMAGEMAGICK=true

# Available ImageMagick & PHP module installer: repo | source
IMAGEMAGICK_INSTALLER="repo"

# Available ImageMagick version: 6.9.12-36 | 7.1.0-21 | latest
IMAGEMAGICK_VERSION="7.1.0-21"

[mysql]
INSTALL_MYSQL=true

# Currently only support mariadb.
MYSQL_SERVER="mariadb"

# MySQL / MariaDB version.
MYSQL_VERSION="11.1"

# MySQL / MariaDB repo mirror base URL, example: https://ftp.osuosl.org/pub/mariadb
MYSQL_REPO_MIRROR_URL=""

# Securing MySQL installation.
MYSQL_SECURE_INSTALL=true

# Leave it blank for auto generated secure password.
MYSQL_ROOT_PASSWORD=""

# Allow remote client access.
MYSQL_ALLOW_REMOTE=false

# MariaDB backup user.
MARIABACKUP_USER="lemperdb"

# Leave it blank for auto generated secure password.
MARIABACKUP_PASS=""

[postgres]
INSTALL_POSTGRES=false

# Postgres version (only type the major version number).
POSTGRES_VERSION="17"

POSTGRES_PORT=5432
POSTGRES_PGDATA="/var/lib/postgresql/data"

# Default Postgres user.
POSTGRES_SUPERUSER="postgres"
POSTGRES_DB_USER="usertest"
POSTGRES_DB_PASS=""

[memcached]
INSTALL_MEMCACHED=false

# Available installer: repo | source.
MEMCACHED_INSTALLER="repo"

# Available Memcached version: 1.6.10 | latest.
MEMCACHED_VERSION="latest"

# Enable SASL authentication.
MEMCACHED_SASL=false
MEMCACHED_USERNAME="lempermc"
MEMCACHED_PASSWORD=""

[mongodb]
INSTALL_MONGODB=false

# Available supported MongoDB version: 5.0, 6.0, or 7.0.
# Set MongoDB 6.0 as default for Debian (Buster, Bullseye) & Ubuntu (Bionic, Focal, Jammy).
MONGODB_VERSION="6.0"

# MongoDB default admin account.
MONGODB_ADMIN_USER="lempermo"
MONGODB_ADMIN_PASSWORD=""

[redis]
INSTALL_REDIS=true

# Available installer: repo | source.
REDIS_INSTALLER="repo"

# Available Redis version: 6.2.5 or stable.
REDIS_VERSION="stable"

# Enable password authentication.
REDIS_REQUIRE_PASSWORD=false
REDIS_PASSWORD=""

[ftpd]
INSTALL_FTP_SERVER=true

# Available installer: repo | source.
FTP_SERVER_INSTALLER="repo"

# Supported FTP server: vsftpd | pureftpd.
FTP_SERVER_NAME="pureftpd"

# Available version: 3.0.5 (vsftpd), 1.0.50 (pure-ftpd), or latest.
FTP_SERVER_VERSION="latest"

# Enable FTP over TLS.
FTP_SSL_ENABLE=true

# Enable passv mode.
FTP_PASV_MODE=true

# Range of passv ports.
FTP_MIN_PORT=45000
FTP_MAX_PORT=45099

[dns]
# TODO: Install DNS server.

[mailer]
# Install basic Mailer based on Postfix & Dovecot.
INSTALL_MAILER=true
INSTALL_SPFDKIM=true

# Sender domain is required, if left empty it will be sets to the default hostname domain.
# Ensure that the hostname or sender domain already pointed to the server's IP address.
SENDER_DOMAIN=""

[certbot]
# Install Let's Encrypt SSL certificate is mandatory.
INSTALL_CERTBOT=true

# Path to live certificate for production server.
HOSTNAME_CERT_PATH=""

# Hash length (bits), supported value 2048 | 4096 (take longer times)
# length of bits used for generating RSA key / Diffie-Helman params.
KEY_HASH_LENGTH=2048

# Python used for Certbot.
DEFAULT_PYTHON_VERSION="3.12"

[firewall]
INSTALL_FW=true

# Firewall configurator engine
# available engine: ufw | csf | apf
# UFW is default Ubuntu firewall configurator.
FW_CONFIGURATOR="ufw"

[fail2ban]
INSTALL_FAIL2BAN=false

# Available installer: repo | source.
FAIL2BAN_INSTALLER="repo"
FAIL2BAN_VERSION="1.1.0"