-
Notifications
You must be signed in to change notification settings - Fork 137
Server Configuration v2.x v3.x
Slightly modified from the original source: config_default.php
Don't edit config_default.php
file directly, it will get overwritten when a new version gets out. Just add the items you want to change to config.php
and change them there.
Ensure that you update your config.php first line from:
<?php if ( ! defined( 'KISS' ) ) exit;
to <?php
and that you remove the line:
$conf['module_path'] = APP_ROOT . "/vendor/munkireport/";
It is recommended that configuration be moved into a .env
file in the root of the munkireport directory. There is an example configuration included at .env.example
. You can also check the config_default.php
for the variable names.
Example:
# Modules
# --------
MODULES='munkireport,managedinstalls,disk_report,inventory'
Default is index.php?
which is the most compatible form. You can leave it blank if you want nicer looking urls. You will need a server which honors .htaccess
(Apache) or figure out how to rewrite urls in the server of your choice.
Default:
$conf['index_page'] = 'index.php?';
$_SERVER
variable that contains the correct request path, e.g. REQUEST_URI
, QUERY_STRING
, PATH_INFO
, etc. Defaults to AUTO
.
Default:
$conf['uri_protocol'] = 'AUTO';
The hostname of the webserver, default automatically determined. No trailing slash.
Default:
$conf['webhost'] = (empty($_SERVER['HTTPS']) ? 'http' : 'https')
. '://'.$_SERVER[ 'HTTP_HOST' ];
Relative to the webroot, with trailing slash. If you're running munkireport from a subdirectory of a website, enter subdir path here. E.g. if munkireport is accessible here: http://mysite/munkireport/
you should set subdirectory to '/munkireport/'
If you're using .htaccess
to rewrite urls, you should change that too. The code below is for automagically deterimining your subdirectory, if it fails, just add $conf['subdirectory'] = '/your_sub_dir/'
in config.php
Default:
$conf['subdirectory'] = substr(
$_SERVER['PHP_SELF'],
0,
strpos($_SERVER['PHP_SELF'], basename(FC))
);
Will appear in the title bar of your browser and as heading on each webpage.
Default:
$conf['sitename'] = 'MunkiReport';
Currently four authentication methods are supported.
Paste the following line in your config.php
:
$conf['auth']['auth_noauth'] = array();
Visit /index.php?/auth/generate
and paste the result in your config.php
.
At least fill in these items:
$conf['auth']['auth_ldap']['server'] = 'ldap.server.local'; // One or more servers separated by commas.
$conf['auth']['auth_ldap']['usertree'] = 'uid=%{user},cn=users,dc=server,dc=local'; // Where to find the user accounts.
$conf['auth']['auth_ldap']['grouptree'] = 'cn=groups,dc=server,dc=local'; // Where to find the groups.
$conf['auth']['auth_ldap']['mr_allowed_users'] = array('user1','user2'); // For user based access, fill in users.
$conf['auth']['auth_ldap']['mr_allowed_groups'] = array('group1','group2'); // For group based access, fill in groups.
Optional items:
$default_conf['userfilter'] = '(&(uid=%{user})(objectClass=posixAccount))'; // LDAP filter to search for user accounts.
$default_conf['groupfilter'] = '(&(objectClass=posixGroup)(memberUID=%{uid}))'; // LDAP filter to search for groups.
$conf['auth']['auth_ldap']['port'] = 389; // LDAP port.
$conf['auth']['auth_ldap']['version'] = 3; // Use LDAP version 1, 2 or 3.
$conf['auth']['auth_ldap']['starttls'] = FALSE; // Set to TRUE to use TLS.
$conf['auth']['auth_ldap']['referrals'] = FALSE; // Set to TRUE to follow referrals.
$conf['auth']['auth_ldap']['deref'] = LDAP_DEREF_NEVER; // How to dereference aliases. See http://php.net/ldap_search
$conf['auth']['auth_ldap']['binddn'] = ''; // Optional bind DN
$conf['auth']['auth_ldap']['bindpw'] = ''; // Optional bind password
$conf['auth']['auth_ldap']['userscope'] = 'sub'; // Limit search scope to sub, one or base.
$conf['auth']['auth_ldap']['groupscope'] = 'sub'; // Limit search scope to sub, one or base.
$conf['auth']['auth_ldap']['groupkey'] = 'cn'; // The key that is used to determine group membership
$conf['auth']['auth_ldap']['debug'] = 0; // Set to TRUE to debug LDAP.
Example of LDAP Authentication Against Active Directory:
$conf['auth']['auth_ldap']['server'] = 'ldap.ad.myorg.com'; // One or more servers separated by commas.
$conf['auth']['auth_ldap']['usertree'] = 'ou=PersonOU,dc=ad,dc=myorg,dc=com'; // Where to find the user accounts.
$conf['auth']['auth_ldap']['grouptree'] = 'ou=GroupOU,dc=ad,dc=myorg,dc=com'; // Where to find the groups.
$conf['auth']['auth_ldap']['mr_allowed_users'] = array('user1','user2'); // For user based access, fill in users.
$conf['auth']['auth_ldap']['mr_allowed_groups'] = array('group1','group2'); // For group based access, fill in groups.
$conf['auth']['auth_ldap']['userfilter'] = '(&(cn=%{user})(objectClass=user))'; // LDAP filter to search for user accounts.
$conf['auth']['auth_ldap']['groupfilter'] = '(&(objectClass=group)(member=%{dn}))';
$conf['auth']['auth_ldap']['starttls'] = TRUE; // Set to TRUE to use TLS.
$conf['auth']['auth_ldap']['binddn'] = 'MYDOMAIN\mysecretbindusername'; // Optional bind DN
$conf['auth']['auth_ldap']['bindpw'] = 'mysecretbindpwd'; // Optional bind password
Fill the needed and include the lines in your config.php
, e.g:
$conf['auth']['auth_AD']['account_suffix'] = '@mydomain.local';
$conf['auth']['auth_AD']['base_dn'] = 'DC=mydomain,DC=local'; //set to NULL to auto-detect
$conf['auth']['auth_AD']['domain_controllers'] = array('dc01.mydomain.local'); //can be an array of servers
$conf['auth']['auth_AD']['admin_username'] = NULL; //if needed to perform the search
$conf['auth']['auth_AD']['admin_password'] = NULL; //if needed to perform the search
$conf['auth']['auth_AD']['mr_allowed_users'] = array('macadmin','bossman');
$conf['auth']['auth_AD']['mr_allowed_groups'] = array('AD Group 1','AD Group 2'); //case sensitive
Authentication methods are checked in the order that they appear above. Not in the order of your config.php
! You can combine methods 2, 3 and 4.
Authorize actions by listing roles appropriate array. Don't change these unless you know what you're doing, these roles are also used by the Business Units.
Default:
$conf['authorization']['delete_machine'] = array('admin', 'manager');
$conf['authorization']['global'] = array('admin');
Add users or groups to the appropriate roles array.
Default:
$conf['roles']['admin'] = array('*');
Create local groups, add users to groups.
Example:
$conf['groups']['admin_users'] = array();
Set to TRUE
to enable Business Units. For more information, see docs/business_units.md
.
Default:
$conf['enable_business_units'] = FALSE;
Set this value to TRUE
to force https when logging in. This is useful for sites that serve MR both via http and https.
Default:
$conf['auth_secure'] = FALSE;
If you want to have link that opens a screensharing or SSH connection to a client, enable these settings. If you don't want the links, set either to an empty string, e.g:
$conf['vnc_link'] = "";
Default:
$conf['vnc_link'] = "vnc://%s:5900";
$conf['ssh_link'] = "ssh://adminuser@%s";
List of bundle-id's to be ignored when processing inventory. The list is processed using regex, examples:
Skip all virtual windows apps created by parallels and VMware:
$conf['bundleid_ignorelist'][] = array('com.parallels.winapp.*', 'com.vmware.proxyApp.*');
Skip all Apple apps, except iLife, iWork and Server:
'com.apple.(?!iPhoto)(?!iWork)(?!Aperture)(?!iDVD)(?!garageband)(?!iMovieApp)(?!Server).*'
Skip all apps with empty bundle-id's:
'^$'
Default:
$conf['bundleid_ignorelist'][] = 'com.parallels.winapp.*';
$conf['bundleid_ignorelist'][] = 'com.vmware.proxyApp.*';
List of bundle-paths to be ignored when processing inventory. The list is processed using regex, examples:
Skip all apps in /System/Library
:
$conf['bundlepath_ignorelist'][] = '/System/Library/.*';
Skip all apps that are contained in an app bundle:
$conf['bundlepath_ignorelist'][] = '.*\.app\/.*\.app'
Default:
$conf['bundlepath_ignorelist'] = array('/System/Library/.*');
List of modules that have to be installed on the client.
See for possible values the names of the directories in app/modules/
e.g. $conf['modules'] = array('disk_report', 'inventory');
An empty list installs only the basic reporting modules, Machine and Reportdata.
Default:
$conf['modules'] = array('munkireport');
By default this module overrides the information of a client computer on each client's report submission.
If you would like to keep displays information until the display is seen again on a different computer use:
$conf['keep_previous_displays'] = TRUE;
When not configured, or if set to FALSE
, the default behaviour applies.
Example:
$conf['keep_previous_displays'] = TRUE;
Unit of temperature, possible values: F for Fahrenheit, C for Celsius
$conf['temperature_unit'] = 'F';
When not configured, the default behaviour applies. By default temperature units are displayed in Celsius °C.
Example:
$conf['temperature_unit'] = 'F';
List of passphrases that the client can use to authenticate
On the client:
defaults write /Library/Preferences/MunkiReport Passphrase 'secret1'
On the server:
$conf['client_passphrases'] = array('secret1', 'secret2');
Default:
$conf['client_passphrases'] = array();
If you are behind a proxy, MunkiReport may be unable to retrieve warranty and model information from Apple.
Note that there is only authenticated proxy support for basic authentication.
$conf['proxy']['server'] = 'proxy.yoursite.org'; // Required
$conf['proxy']['username'] = 'proxyuser'; // Optional
$conf['proxy']['password'] = 'proxypassword'; Optional
$conf['proxy']['port'] = 8080; // Optional, defaults to 8080
Example:
$conf['proxy']['server'] = 'proxy.yoursite.org';
Timeout for retrieving warranty and model information from Apple.
Timeout in seconds.
Default:
$conf['request_timeout'] = 5;
Plot IP ranges by providing an array with labels and a partial IP address. Specify multiple partials in array if you want to group them together. The IP adress part is queried with SQL LIKE
Examples:
$conf['ip_ranges']['MyOrg'] = '100.99.';
$conf['ip_ranges']['AltLocation'] = array('211.88.12.', '211.88.13.');
Default:
$conf['ip_ranges'] = array();
Plot VLANS by providing an array with labels and a partial IP address of the routers. Specify multiple partials in array if you want to group them together. The router IP address part is queried with SQL LIKE
Examples:
$conf['ipv4routers']['Wired'] = '211.88.10.1';
$conf['ipv4routers']['WiFi'] = array('211.88.12.1', '211.88.13.1');
$conf['ipv4routers']['Private range'] = array('10.%', '192.168.%',
'172.16.%',
'172.17.%',
'172.18.%',
'172.19.%',
'172.2_.%',
'172.30.%',
'172.31.%', );
$conf['ipv4routers']['Link-local'] = array('169.254.%');
Dashboard layout is an array of rows that contain an array of widgets. Omit the _widget
postfix
Up to three small horizontal widgets will show on one line
Up to two medium horizontal widgets will show on one line
Responsive horizontal widgets will change depending on window size
Be aware of medium / dynamic vertical widgets as it may skew the responsive design
This is a list of the current dashboard widgets
Small horizontal widgets:
- bound_to_ds
- client (two items)
- external_displays_count
- hardware_model
- smart_status
- disk_report
- uptime
- installed_memory
- munki
- power_battery_condition
- power_battery_health
Small horizontal / medium vertical widgets:
- network_location
Small horizontal / dynamic vertical widgets:
- app
- duplicated_computernames
- filevault
- hardware_model
- manifests
- modified_computernames
- munkiinfo_munkiprotocol
- munki_versions
- new_clients
- pending
- pending_munki
- pending_apple
- warranty
- wifi_networks
- wifi_state
Medium horizontal widgets:
Medium horizontal / dynamic vertical widgets:
- hardware_age
- hardware_model
- memory
- os
- printer
- messages
Responsive horizontal widgets:
- network_vlan
- registered_clients
Default:
$conf['dashboard_layout'] = array(
array('client', 'munki'), /*client is actually two widgets*/
array('disk_report', 'installed_memory', 'bound_to_ds'),
array('uptime', 'pending_apple', 'pending_munki'),
array('new_clients', 'munki_versions', 'filevault'),
array('warranty','power_battery_condition','power_battery_health'),
array('bluetooth_battery')
);
List of applications, by name, that you want to see in the apps version report. If this is not set the report page will appear empty. This is case insensitive but must be an array.
E.g.:
$conf['apps_to_track'] = array('Flash Player', 'Java', 'Firefox', 'Microsoft Excel');
Default:
$conf['apps_to_track'] = array('Safari');
The % character can be used as a wildcard when matching an application name. Useful for Adobe Creative Cloud apps that contain the year in the name.:
$conf['apps_to_track'] = array('Adobe Illustrator %', 'Adobe InDesign %', Adobe Photoshop %');
Thresholds for disk report widget. This array holds two values:
- free gigabytes below which the level is set to 'danger'
- free gigabytes below which the level is set as 'warning'
If there are more free bytes, the level is set to 'success'
Default:
$conf['disk_thresholds'] = array('danger' => 5, 'warning' => 10);
If the webapp is in a different directory as index.php, adjust the variables below. For enhanced security it is advised to put the webapp in a directory that is not visible to the internet.
Default:
// Path to system folder, with trailing slash
$conf['system_path'] = APP_ROOT.'/system/';
// Path to app folder, with trailing slash
$conf['application_path'] = APP_ROOT.'/app/';
// Path to view directory, with trailing slash
$conf['view_path'] = $conf['application_path'].'views/';
// Path to controller directory, with trailing slash
$conf['controller_path'] = $conf['application_path'].'controllers/';
// Path to modules directory, with trailing slash
$conf['module_path'] = $conf['application_path'] . "modules/";
// Routes
$conf['routes'] = array();
$conf['routes']['module(/.*)?'] = "module/load$1";
Specify dsn, username, password and options.
Supported engines: sqlite and mysql.
MySQL example:
$conf['pdo_dsn'] = 'mysql:host=localhost;dbname=munkireport';
$conf['pdo_user'] = 'munki';
$conf['pdo_pass'] = 'munki';
$conf['pdo_opts'] = array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8');
Default:
$conf['pdo_dsn'] = 'sqlite:'.$conf['application_path'].'db/db.sqlite';
$conf['pdo_user'] = '';
$conf['pdo_pass'] = '';
$conf['pdo_opts'] = array();
For MySQL, define the default table and charset.
Default:
$conf['mysql_create_tbl_opts'] = 'ENGINE=InnoDB DEFAULT CHARSET=utf8';
See http://www.php.net/manual/en/timezones.php for valid values.
Default:
$conf['timezone'] = @date_default_timezone_get();
If you want to override the default css or default js, you can specify a custom file that will be included in the header (css) and footer (js):
Example:
$conf['custom_css'] = '/custom.css';
$conf['custom_js'] = '/custom.js';
If set to TRUE
, will deliver debugging messages in the page. Set to FALSE
in a production environment.
Default:
$conf['debug'] = FALSE;
- General Upgrade Procedures
- How to Upgrade Versions
- Troubleshooting Upgrades
- Migrating sqlite to MySQL