Environment Variables¶
Table of Contents
Background¶
A number of environment variables can be used to control MapServer’s behavior or specify the location of some resources.
List of all possible MapServer Environment Variables¶
- CURL_CA_BUNDLE
New in version 5.4.1.
Used to specify the location of the Certificate Authority (CA) bundle file to be used by Curl when using HTTPS connections in WMS/WFS client layers. Curl comes bundled with its own CA bundle by default, so this variable is not required unless you have an unusual installation:
export CURL_CA_BUNDLE=/path/to/ca-bundle.crt
- MS_DEBUGLEVEL
New in version 5.0.
A default DEBUG level value can be set using the MS_DEBUGLEVEL environment variable in combination with the MS_ERRORFILE variable.
When set, this value is used as the default debug level value for all map and layer objects as they are loaded by the mapfile parser. This option also sets the debug level for any msDebug() call located outside of the context of a map or layer object, for instance for debug statements relating to initialization before a map is loaded. If a DEBUG value is also specified in the mapfile in some map or layer objects then the local value (in the mapfile) takes precedence over the value of the environment variable.
This option is mostly useful when tuning applications by enabling timing/debug output before the map is loaded, to capture the full process initialization and map loading time, for instance.
See also
- MS_ENCRYPTION_KEY
New in version 4.10.
See also
- MS_ERRORFILE
The MS_ERRORFILE environment variable specifies the location of the logging/debug output, with possible values being either a file path on disk, or one of the following special values:
“stderr” to send output to standard error. Under Apache stderr is the Apache error_log file. Under IIS stderr goes to stdout so its use is discouraged. With IIS it is recommended to do direct output to a file on disk instead.
“stdout” to send output to standard output, combined with the rest of MapServer’s output.
“windowsdebug” to send output to the Windows OutputDebugString API, allowing the use of external programs like SysInternals debugview to display the debug output.
It is possible to specify MS_ERRORFILE either as an environment variable or via a CONFIG directive inside a mapfile:
CONFIG "MS_ERRORFILE" "/tmp/mapserver.log"
or:
CONFIG "MS_ERRORFILE" "stderr"
If both the MS_ERRORFILE environment variable is set and a CONFIG MS_ERRORFILE is set, then the CONFIG directive takes precedence.
If MS_ERRORFILE is not set, then error/debug logging is disabled. During parsing of a mapfile, error/debug logging may become available only after the MS_ERRORFILE directive has been parsed.
See also
- MS_MAP_NO_PATH
New in version 5.4.
The MS_MAP_NO_PATH environment variable can be set to any value to forbid the use of explicit paths in the map=… URL parameter. Setting MS_MAP_NO_PATH to any value forces the use of the map=<env_variable_name> mechanism in mapserv CGI URLs.
If this variable is not set then nothing changes and the mapserv CGI still accepts explicit file paths via the map=… URL parameter.
Example, set set MS_MAP_NOPATH and some mapfile paths in Apache’s httpd.conf:
SetEnv MS_MAP_NO_PATH "foo" SetEnv MY_MAPFILE "/opt/mapserver/map1/mymapfile.map"
and then calls the mapserv CGI must use environment variables for the map=… parameter:
http://localhost/cgi-bin/mapserv?map=MY_MAPFILE&mode=...
- MS_MAPFILE
The mapfile to use if the map=… URL parameter is not provided.
It is also possible to use an environment variable name as the value of the map=… URL parameter. The value of this environment variable will be used as the mapfile path:
map=ENV_VAR
- MS_MAPFILE_PATTERN
MS_MAPFILE_PATTERN can be used to override the default regular expression which is used to validate mapfile filename extensions.
The default value for this variable is:
MS_MAPFILE_PATTERN='\.map$'
- MS_MAP_BAD_PATTERN
New in version 7.6.3.
The MS_MAP_BAD_PATTERN environment variable can be used to specify a Regular Expression to catch & not allow problematic character sequences in any mapfile paths passed to the mapserv CGI in the map=… URL parameter. If the value matches then an error is generated. By default all MapServer installations (since 7.6.3) set a hardcoded value for MS_MAP_BAD_PATTERN of:
[/\\]{2}|[/\\]?\\.+[/\\]|,
which will therefore not allow “/../” or “//” in the map value.
For Windows users, MS4W uses the PCRE regex library (which requires a slightly different regex syntax), so all future MS4W releases will contain the following default MS_MAP_BAD_PATTERN enabled (to not allow “/../” or “//” in the map value) :
[\/\\\\]{2}|[\/\\\\]?\.{2,}[\/\\\\]|,
For more Windows information see Securing your MS4W Installation
See also
Limit Mapfile Access & Associated Pull Request for the 7.6.3 release
- MS_MAP_PATTERN
New in version 5.4.
The MS_MAP_PATTERN environment variable can be used to specify a Regular Expression that must be matched by all mapfile paths passed to the mapserv CGI in the map=… URL parameter.
If MS_MAP_PATTERN is not set then any .map file can be loaded.
Apache’s SetEnv directive can be used to restrict mapfiles to a specific directory and subdirectories.
Unix users may set the following expression in Apache to restrict mapfiles to the /opt/mapserver directory and subdirectories:
SetEnv MS_MAP_PATTERN "^\/opt\/mapserver\/([^\.][_A-Za-z0-9\-\.]+\/{1})*([_A-Za-z0-9\-\.]+\.(map))$"
Windows Apache/MS4W users can set the following expression in the Apache conf file, to limit the possible MAP= paths to the common C:/ms4w/apps/ directory (where all MS4W mapfiles and applications live), allow encoded urls, allow “.” or “_” or “-” in MAP= paths but disallow “..” directory traversing:
SetEnv MS_MAP_PATTERN "^(C:)?\/ms4w\/apps\/((?!\.{2})[_A-Za-z0-9\-\.]+\/{1})*([_A-Za-z0-9\-\.]+\.(map))$"
Note
MS4W users can see specific examples at: https://ms4w.com/README_INSTALL.html#securing-your-ms4w-installation
- MS_MODE
Default value for the mode=… URL parameter. Setting mode=… in the URL takes precedence over the environment variable.
- MS_OPENLAYERS_JS_URL
The URL to the OpenLayers javascript library (can be used when testing WMS services using imagetype application/openlayers), for instance:
http://openlayers.org/api/OpenLayers.js
- MS_TEMPPATH
Set the WEB TEMPPATH.
New in version 6.0.
- MS_XMLMAPFILE_XSLT
Used to enable XML Mapfile support. Points to the location of the XSLT to use for the XML->text mapfile conversion.
See also
- PROJ_LIB
The PROJ_LIB environment variable or CONFIG directive can be used to specify the directory where the PROJ data files are located (including the “proj.db” file, or “epsg” file for older PROJ versions), if they are not in the default directory where PROJ expects them.
Note
For the full list of possible PROJ variables to use see the official list.
See also
Setting the location of the epsg file in Errors.