fit.ini

This document provides an overview of the configuration settings that can be set in the file conf/fit.ini or in .ini files in the directory conf/fit.ini.d/.

Configuration settings are written line-by-line with the following syntax. Lines beginning with a semicolon are considered comments. Blank lines are ignored:

; Comment
;
string_setting = "a string value"
boolean_setting = false
numeric_setting = 42

Each configuration setting has one of the following types:

The fitadmin command line tool in /opt/sevenval/fit14/bin allows easy access to all configuration settings.

# fitadmin config list

outputs a list of all configuration settings. To get a specific value use fitadmin config get, e.g.

# fitadmin config get FIT_HTTP_PROXY

The following sections describe all supported configuration settings. See also the commented configuration file conf/fit.ini.

General settings

• FIT_VHOST_DEFAULT_IP: The IP address used for the Apache virtual hosts. After changing this value you have to execute fitadmin config generate to update the Apache configuration in conf/include/listen.conf and conf/vhosts. (see domain configuration.
• FIT_USER: The Unix user to start the FIT Server with. If your FIT Server binds to ports lower than 1024, the value must be "root". If your FIT Server only uses ports from 1024 upwards, we recommend setting this to a non privileged user of the fit-data group, for example "fit-data".
• FIT_INSTALLATION_ROLE: This setting is used to distinguish production systems from staging or development servers. Its value is accessible in the delivery context as server/role. You can use it in AI filters or to change the flow you are using. For example, you could use placeholder ads when you are on a devel installation.

Debugging

• FIT_ALLOW_DEBUG_LOGGING: Setting this to true enables debugging by way of the URL mark d=…. On production systems, this is usually set to false.
• FIT_DEFAULT_ENGINE_DEBUG: Controls which information is included in the debug output, e.g. errorlog-fetch-info.
• FIT_DEBUG_LOGGING_WHITELIST: Defines which clients are allowed to see debug output via the URL Mark d=…. The regular expressions are matched against the client’s IP address.
• FIT_DEBUG_AUTH_USER: Clients not authorized by FIT_DEBUG_LOGGING_WHITELIST may authenticate themselves with this user name and the password defined by FIT_DEBUG_AUTH_PASSWORD.
• FIT_DEBUG_AUTH_PASSWORD: The password used for authentication.
• FIT_STRICT_CONFIG: Enables the strict XML validation of the site configuration files. If enabled and a site configuration file is not well-formed, the FIT Engine will terminate with an exception.
• FIT_VERBOSE_EXCEPTIONS: Enables the output of the detailed exception messages in case of fatal errors. If enabled, the exception messages are visible to all users. On production systems, this setting should usually be left disabled, i.e. set to “false”. If disabled (false), no EXCEPTION placeholder is available in the exceptions template.
• FIT_DEPRECATION_EXCEPTIONS: Enables the strict deprecation handling. If enabled, the usage of deprecated features terminates with an error. On production systems, this setting should usually be left disabled, i.e. set to “false”.
• FIT_STRICT_IMAGE_PROCESSING: Enables the strict image processing. If enabled, errors during image processing will terminate the request. If disabled (default), the original image will be used in case of errors and the client will always receive an image.

Refer to the debugging documentation for details.

Security

• FIT_ALLOW_OPEN_ACL: Allows to use the option allow-all="true" in sites’ acl.xml.

FIT Engine

• FIT_FETCH_DEFAULT_TIMEOUT: Default timeout in seconds for outgoing HTTP requests. May be overridden in fit://site/conf/sources.xml or in a request action. The maximum allowed timeout is limited by FIT_FETCH_MAX_TIMEOUT.
• FIT_FETCH_DEFAULT_CONNECT_TIMEOUT: Default connection timeout in seconds for outgoing HTTP requests. May be overridden in fit://site/conf/sources.xml or in a request action. If set to 0, the value of FIT_FETCH_DEFAULT_TIMEOUT is used. The maximum permitted timeout is limited by FIT_FETCH_MAX_TIMEOUT.
• FIT_FETCH_MAX_TIMEOUT: Maximum allowed time in seconds for outgoing HTTP requests.
• FIT_FETCH_DEFAULT_LOW_SPEED_TIMEOUT: Default timeout in seconds for slow (“low-speed”) outgoing HTTP requests. May be overridden in fit://site/conf/sources.xml or in a request action.
• FIT_USE_PERSISTENT_CONNECTIONS: Can be used to disable HTTP persistent connection (HTTP keepalive) for communication with all origin servers.
• FIT_MAX_TIMEOUT_PROCESSES: Specifies how many PHP-FPM processes are allowed to wait for slow sources at any one time. The lower the threshold value, the earlier slow sources will be blocked.
• FIT_MAX_IMAGE_AREA: Maximum size of an output image in megapixels for the Image Compression and Image Scaling.
• FIT_ALLOW_TRANSPORT_MAPPING: Allow sites to change transport parameters of source requests, such as protocol, hosts or ports.
• FIT_USE_XSLT_CACHE: If set to false, no compiled XSLT stylesheets will be cached. On production systems, this should be left at the default value true.
• FIT_MAX_PARSE_SIZE: Maximum input size for the HTML/XML parser in megabytes. Set to prevent excessive CPU usage when processing large DOMs. If the given size is exceeded, the request terminates with an error. Make sure the value is large enough to parse your configuration files (flow.xml, sources.xml etc.) – we recommend a minimum of 1 megabyte.
• FIT_MAX_CONTENT_SIZE: Maximum input size for optimizations of any type of content in megabyte (MiB). Set to prevent excessive CPU usage when processing large files. If the given size is exceeded, the input file is passed through unchanged.
• FIT_MAX_IMAGE_PROCESSES: If set to a value greater than 0, establishes an upper limit for the number of concurrently running image optimization processes. Use to prevent excessive CPU usage when optimizing images. While the given number of processes is reached, no further images will be optimized until one or more running optimization process have finished, i.e. the current best available version of the image - which may be the unmodified original - will be delivered to the client.

Proxy

• FIT_HTTP_PROXY: Address of the proxy via which all external resources are loaded, e.g. http://127.0.0.1:3128.
• FIT_HTTP_PROXY_USER: User name, if the proxy specified by FIT_HTTP_PROXY requires authentication.
• FIT_HTTP_PROXY_PASS: Password used for proxy authentication.
• FIT_NO_PROXY_LOCATIONS: Specify resources that should not be loaded via the proxy (FIT_HTTP_PROXY) with a list of regular expressions. The expressions are whitespace separated and have to have delimiters. They are matched against the request URL (from scheme to query string).
  For example, use #^https://# to bypass the proxy for HTTPS requests. With ;^http://[^:/]:(?!80)/; requests to origins with ports other than 80 will bypass the proxy. You can combine multiple patterns and the delimiters are at your choice: #foo# /bar/. Keep in mind to anchor your expressions, otherwise #example\.com# would also match http://evil.com/?example.com.

Server Status

• FIT_STATUS_URL: URL at which the server status can be accessed, e.g. http://127.0.0.1:8880/