Configuration Reference
Complete reference for Multi Host configuration options covering site settings, upload handling, storage, security, and advanced features.
Multi Host configuration lives primarily in config.php, with some settings adjustable through the administrative interface. This reference covers all configuration options, their purposes, and recommended values.
Configuration File Structure
The configuration file uses PHP array syntax:
<?php
$config = [];
// Site settings
$config['site_name'] = 'My Image Host';
$config['site_url'] = 'https://example.com';
// Database settings
$config['db_host'] = 'localhost';
// ... additional settings
Settings in config.php take precedence over database-stored values. For settings adjustable through the admin panel, removing them from config.php allows administrative control.
Site Settings
Basic Identity
$config['site_name'] = 'My Image Host';
$config['site_url'] = 'https://example.com';
$config['site_path'] = '/';
$config['site_email'] = 'admin@example.com';
$config['timezone'] = 'UTC';
| Setting | Description | Default |
|---------|-------------|---------|
| site_name | Display name throughout the interface | Required |
| site_url | Canonical URL including protocol | Required |
| site_path | Path if installed in subdirectory | / |
| site_email | Contact and notification sender address | Required |
| timezone | PHP timezone identifier | UTC |
Use HTTPS in site_url for production deployments. The timezone affects displayed timestamps and scheduled tasks.
Environment Mode
$config['environment'] = 'production';
$config['debug'] = false;
| Setting | Description | Values |
|---------|-------------|--------|
| environment | Operating mode | development, production |
| debug | Enable detailed error output | true, false |
Production mode suppresses detailed errors and enables caching. Never enable debug mode on public-facing installations—it exposes sensitive information.
Database Configuration
$config['db_host'] = 'localhost';
$config['db_port'] = 3306;
$config['db_name'] = 'multihost';
$config['db_user'] = 'multihost';
$config['db_pass'] = 'secure-password';
$config['db_prefix'] = 'mh_';
$config['db_charset'] = 'utf8mb4';
| Setting | Description | Default |
|---------|-------------|---------|
| db_host | Database server hostname | localhost |
| db_port | Connection port | 3306 |
| db_name | Database name | Required |
| db_user | Database username | Required |
| db_pass | Database password | Required |
| db_prefix | Table name prefix | mh_ |
| db_charset | Connection character set | utf8mb4 |
For socket connections, set db_host to the socket path (e.g., /var/run/mysqld/mysqld.sock).
Upload Settings
Size and Limits
$config['max_upload_size'] = 10485760; // 10 MB
$config['max_uploads_per_request'] = 20;
$config['max_image_dimensions'] = 10000; // pixels
$config['min_image_dimensions'] = 50;
| Setting | Description | Default |
|---------|-------------|---------|
| max_upload_size | Maximum file size in bytes | 10485760 |
| max_uploads_per_request | Files per batch upload | 20 |
| max_image_dimensions | Maximum width/height in pixels | 10000 |
| min_image_dimensions | Minimum width/height | 50 |
Remember that PHP's upload_max_filesize and post_max_size must also accommodate these limits.
Allowed File Types
$config['allowed_extensions'] = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
$config['allowed_mimetypes'] = [
'image/jpeg',
'image/png',
'image/gif',
'image/webp'
];
Both extension and MIME type must match for uploads to succeed. This dual check prevents simple extension-spoofing attacks.
Naming and Paths
$config['filename_strategy'] = 'random'; // random, original, hash
$config['filename_length'] = 12;
$config['preserve_extension'] = true;
$config['lowercase_filenames'] = true;
| Strategy | Behaviour |
|----------|-----------|
| random | Generate random alphanumeric names |
| original | Keep original filename (sanitised) |
| hash | Use content hash for deduplication |
Random filenames prevent enumeration attacks and filename collisions. Original filenames may expose information and create conflicts.
Storage Configuration
Local Storage
$config['storage_driver'] = 'local';
$config['upload_path'] = '/var/www/uploads/';
$config['upload_url'] = 'https://example.com/uploads/';
$config['cache_path'] = '/var/www/cache/';
For security, consider placing upload_path outside the document root with a separate serving mechanism.
Object Storage
$config['storage_driver'] = 's3';
$config['s3_key'] = 'your-access-key';
$config['s3_secret'] = 'your-secret-key';
$config['s3_bucket'] = 'your-bucket-name';
$config['s3_region'] = 'us-east-1';
$config['s3_endpoint'] = ''; // Custom endpoint for S3-compatible services
$config['s3_url'] = 'https://your-bucket.s3.amazonaws.com/';
The Storage and Paths documentation covers storage driver configuration in detail.
Thumbnail Settings
$config['thumbnail_enabled'] = true;
$config['thumbnail_sizes'] = [
'small' => ['width' => 150, 'height' => 150, 'crop' => true],
'medium' => ['width' => 400, 'height' => 400, 'crop' => false],
'large' => ['width' => 800, 'height' => 800, 'crop' => false]
];
$config['thumbnail_quality'] = 85;
$config['thumbnail_format'] = 'auto'; // auto, jpeg, png, webp
| Setting | Description | Default |
|---------|-------------|---------|
| thumbnail_enabled | Generate thumbnails for uploads | true |
| thumbnail_sizes | Size definitions with crop options | See above |
| thumbnail_quality | JPEG/WebP quality (1-100) | 85 |
| thumbnail_format | Output format | auto |
With crop: true, thumbnails maintain exact dimensions by cropping. With crop: false, images scale proportionally within the bounds.
The auto format preserves the original format when possible, converting to JPEG for formats without transparency.
User Settings
Registration
$config['registration_enabled'] = true;
$config['registration_approval'] = false;
$config['email_verification'] = true;
$config['default_quota'] = 104857600; // 100 MB
$config['default_group'] = 'members';
| Setting | Description | Default |
|---------|-------------|---------|
| registration_enabled | Allow new registrations | true |
| registration_approval | Require admin approval | false |
| email_verification | Require email confirmation | true |
| default_quota | Storage quota for new users (bytes) | 104857600 |
| default_group | Default group assignment | members |
Authentication
$config['password_min_length'] = 8;
$config['session_lifetime'] = 86400; // 24 hours
$config['remember_lifetime'] = 2592000; // 30 days
$config['login_attempts'] = 5;
$config['lockout_duration'] = 900; // 15 minutes
Adjust session lifetimes based on security requirements. Shorter sessions improve security but inconvenience users.
Security Settings
Content Security
$config['scan_uploads'] = true;
$config['strip_metadata'] = true;
$config['reprocess_images'] = false;
$config['hotlink_protection'] = true;
$config['allowed_referrers'] = ['example.com'];
| Setting | Description | Default |
|---------|-------------|---------|
| scan_uploads | Validate file contents match type | true |
| strip_metadata | Remove EXIF and other metadata | true |
| reprocess_images | Re-encode all uploads | false |
| hotlink_protection | Restrict direct linking | true |
| allowed_referrers | Domains allowed for hotlinking | Site domain |
The Security Checklist covers these settings in operational context.
Rate Limiting
$config['rate_limit_enabled'] = true;
$config['rate_limit_uploads'] = 10; // per minute
$config['rate_limit_api'] = 60; // per minute
$config['rate_limit_window'] = 60; // seconds
Rate limits apply per user account and per IP address. Anonymous uploads (if enabled) use IP-based limiting only.
Email Configuration
$config['mail_driver'] = 'smtp';
$config['smtp_host'] = 'smtp.example.com';
$config['smtp_port'] = 587;
$config['smtp_user'] = 'mailer@example.com';
$config['smtp_pass'] = 'mail-password';
$config['smtp_encryption'] = 'tls';
$config['mail_from_name'] = 'My Image Host';
$config['mail_from_address'] = 'noreply@example.com';
Available mail drivers: smtp, sendmail, mail (PHP mail function). SMTP with TLS provides the best deliverability for production use.
Caching Configuration
$config['cache_driver'] = 'file'; // file, redis, memcached
$config['cache_prefix'] = 'mh_';
$config['cache_ttl'] = 3600;
// Redis configuration
$config['redis_host'] = '127.0.0.1';
$config['redis_port'] = 6379;
$config['redis_password'] = '';
$config['redis_database'] = 0;
File caching works for single-server deployments. Redis or Memcached are required for multi-server setups and provide better performance under load.
Advanced Options
Logging
$config['log_enabled'] = true;
$config['log_path'] = '/var/www/logs/';
$config['log_level'] = 'warning'; // debug, info, warning, error
$config['log_retention'] = 30; // days
In production, warning level captures problems without excessive verbosity. Enable debug temporarily when troubleshooting.
Maintenance Mode
$config['maintenance_mode'] = false;
$config['maintenance_message'] = 'Site under maintenance. Please check back shortly.';
$config['maintenance_allowed_ips'] = ['192.168.1.100'];
Maintenance mode displays a message to visitors while allowing access from specified IPs for testing.
Frequently Asked Questions
Many settings are adjustable through the admin interface. Settings defined in config.php take precedence. Remove a setting from config.php to allow administrative control of that option.