Add "PHP_MAX_FILE_UPLOADS" and "NGINX_CLIENT_MAX_BODY_SIZE" environment variables (#207)

m5050 · web-flow · commit abec006996d4 · 2025-01-12T10:53:57.000Z
diff --git a/core/files/entrypoint.sh b/core/files/entrypoint.sh
@@ -50,6 +50,7 @@ export PHP_MAX_EXECUTION_TIME=${PHP_MAX_EXECUTION_TIME:-300}
 export PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-50M}
 export PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M}
 export PHP_MAX_INPUT_TIME=${PHP_MAX_INPUT_TIME:-300}
+export PHP_MAX_FILE_UPLOADS=${PHP_MAX_FILE_UPLOADS:-50}
 
 export PHP_FCGI_CHILDREN=${PHP_FCGI_CHILDREN:-5}
 export PHP_FCGI_START_SERVERS=${PHP_FCGI_START_SERVERS:-2}
@@ -67,6 +68,7 @@ export PHP_SESSION_COOKIE_SAMESITE=${PHP_SESSION_COOKIE_SAMESITE:-Lax}
 
 export NGINX_X_FORWARDED_FOR=${NGINX_X_FORWARDED_FOR:-false}
 export NGINX_SET_REAL_IP_FROM=${NGINX_SET_REAL_IP_FROM}
+export NGINX_CLIENT_MAX_BODY_SIZE=${NGINX_CLIENT_MAX_BODY_SIZE:-50M}
 
 # start supervisord using the main configuration file so we have a socket interface
 /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
diff --git a/core/files/entrypoint_fpm.sh b/core/files/entrypoint_fpm.sh
@@ -19,6 +19,8 @@ change_php_vars() {
         sed -i "s/max_execution_time = .*/max_execution_time = ${PHP_MAX_EXECUTION_TIME}/" "$FILE"
         echo "Configure PHP | Setting 'upload_max_filesize = ${PHP_UPLOAD_MAX_FILESIZE}'"
         sed -i "s/upload_max_filesize = .*/upload_max_filesize = ${PHP_UPLOAD_MAX_FILESIZE}/" "$FILE"
+        echo "Configure PHP | Setting 'max_file_uploads = ${PHP_MAX_FILE_UPLOADS}'"
+        sed -i "s/max_file_uploads = .*/max_file_uploads = ${PHP_MAX_FILE_UPLOADS}/" "$FILE"
         echo "Configure PHP | Setting 'post_max_size = ${PHP_POST_MAX_SIZE}'"
         sed -i "s/post_max_size = .*/post_max_size = ${PHP_POST_MAX_SIZE}/" "$FILE"
         echo "Configure PHP | Setting 'max_input_time = ${PHP_MAX_INPUT_TIME}'"
diff --git a/core/files/entrypoint_nginx.sh b/core/files/entrypoint_nginx.sh
@@ -225,6 +225,10 @@ init_nginx() {
     echo "... adjusting 'fastcgi_connect_timeout' to ${FASTCGI_CONNECT_TIMEOUT}"
     sed -i "s/fastcgi_connect_timeout .*;/fastcgi_connect_timeout ${FASTCGI_CONNECT_TIMEOUT};/" /etc/nginx/includes/misp
 
+    # Adjust maximum allowed size of the client request body
+    echo "... adjusting 'client_max_body_size' to ${NGINX_CLIENT_MAX_BODY_SIZE}"
+    sed -i "s/client_max_body_size .*;/client_max_body_size ${NGINX_CLIENT_MAX_BODY_SIZE};/" /etc/nginx/includes/misp
+
     # Adjust forwarding header settings (clean up first)
     sed -i '/real_ip_header/d' /etc/nginx/includes/misp
     sed -i '/real_ip_recursive/d' /etc/nginx/includes/misp
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -157,6 +157,7 @@ services:
       # Nginx settings
       - "NGINX_X_FORWARDED_FOR=${NGINX_X_FORWARDED_FOR}"
       - "NGINX_SET_REAL_IP_FROM=${NGINX_SET_REAL_IP_FROM}"
+      - "NGINX_CLIENT_MAX_BODY_SIZE=${NGINX_CLIENT_MAX_BODY_SIZE:-50M}"
       # Proxy settings
       - "PROXY_ENABLE=${PROXY_ENABLE}"
       - "PROXY_HOST=${PROXY_HOST}"
@@ -201,6 +202,7 @@ services:
       - "PHP_UPLOAD_MAX_FILESIZE=${PHP_UPLOAD_MAX_FILESIZE:-50M}"
       - "PHP_POST_MAX_SIZE=${PHP_POST_MAX_SIZE:-50M}"
       - "PHP_MAX_INPUT_TIME:${PHP_MAX_INPUT_TIME:-300}"
+      - "PHP_MAX_FILE_UPLOADS=${PHP_MAX_FILE_UPLOADS:-50}"
       # PHP FPM pool setup
       - "PHP_FCGI_CHILDREN=${PHP_FCGI_CHILDREN:-5}"
       - "PHP_FCGI_START_SERVERS=${PHP_FCGI_START_SERVERS:-2}"
diff --git a/template.env b/template.env
@@ -200,6 +200,8 @@ SYNCSERVERS_1_PULL_RULES=
 # PHP_POST_MAX_SIZE=50M
 # Maximum time PHP spends parsing input data in seconds.
 # PHP_MAX_INPUT_TIME=300
+# Maximum number of file to upload per request.
+# PHP_MAX_FILE_UPLOADS=50
 
 ## PHP FPM pool setup
 # Maximum number of php-fpm processes, limits the number of simultaneous requests.
@@ -252,6 +254,9 @@ SYNCSERVERS_1_PULL_RULES=
 # Options: DENY, SAMEORIGIN, ALLOW-FROM <URL> Default: SAMEORIGIN
 # X_FRAME_OPTIONS=
 
+# NGINX maximum allowed size of the client request body.
+# NGINX_CLIENT_MAX_BODY_SIZE=50M
+
 # Content-Security-Policy (CSP) configuration: defines allowed resources and prevents attacks like XSS.
 # Example: "frame-src 'self' https://*.example.com; frame-ancestors 'self' https://*.example.com; object-src 'none'; report-uri https://example.com/cspReport"
 # CONTENT_SECURITY_POLICY=
