Attention
TYPO3 v10 has reached end-of-life as of April 30th 2023 and is no longer being maintained. Use the version switcher on the top left of this page to select documentation for a supported version of TYPO3.
Need more time before upgrading? You can purchase Extended Long Term Support (ELTS) for TYPO3 v10 here: TYPO3 ELTS.
System Requirements¶
TYPO3 requires a web server, PHP and a database system.
TYPO3 requires a web server which can run PHP (Apache httpd, Nginx, Microsoft IIS, Caddy Server). If you use an Apache web server, some module (e.g. mod_rewrite) must be activated. See Web Server Environment for details.
TYPO3 10 requires PHP >= 7.2 <= 7.4 (Mac users: see warning at the end of this document). For PHP, several PHP extensions are necessary, others recommended. You possibly want to adjust the memory limit. See PHP Environment.
TYPO3 can be used with many database systems (MariaDB >= 10.2 <= 10.5, Microsoft SQL Server, MySQL 5.5+, PostgreSQL, SQLite). See Database Environment on this page for details.
If you want TYPO3 to automatically carry out image processing – for example scaling or cropping – you will need GraphicsMagick (version 1.3 or newer) or ImageMagick (version 6 or newer) installed on the server. (GraphicsMagick should be preferred.)
For an overview see also get.typo3.org.
Should you encounter problems, the "Troubleshooting" chapter will help.
Database Environment¶
TYPO3 works with database management systems in the above mentioned versions. The InnoDB engine is required to be enabled in MySQL.
Required Database Privileges¶
The database user needs at least the following privileges on the TYPO3 database:
SELECT, INSERT, UPDATE, DELETE
CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES
It is recommended to also grant the following privileges:
CREATE VIEW, SHOW VIEW
EXECUTE, CREATE ROUTINE, ALTER ROUTINE
Web Server Environment¶
Apache¶
Make sure AllowOverride in the webserver configuration includes "Indexes" and "FileInfo" if you use Apache as webserver and override the default configuration with
.htaccess
(as done by default).Enable Apache modules (see Enable mod_rewrite in the Troubleshooting section). The following modules are used by the default
.htaccess
:
- mod_alias:
Block access to vcs directories (strongly recommended for security reasons).
- mod_authz_core:
Block access to specific files and directories (strongly recommended for security reasons).
- mod_autoindex:
Used for disabling directory listings (strongly recommended for security reasons).
- mod_deflate:
Used for compression, better performance.
- mod_expires:
Adds HTTP headers for browser caching and better performance
- mod_filter:
Used with mod_deflate. For Apache versions below version 2.3.7 you don't need to enable
mod_filter
.- mod_headers:
Used in combination with
mod_deflate
.- mod_rewrite:
Enable human readable urls.
- mod_setenvif:
Also used with
mod_deflate
.
Important
If the modules are not active, the corresponding directives in .htaccess
will
not be activated (due to the <IfModule
conditions). This leaves you with a system,
which is less secure, slower and / or where some things will simply not work
(e.g. URL rewriting due to missing mod_rewrite
).
Tip
Look for <IfModule>
directives in the default .htaccess
file
EXT:install/Resources/Private/FolderStructureTemplateFiles/root-htaccess
for more clues about which modules are used for what purpose. Not all used modules
may have directives in the .htaccess file so do not necessarily expect .htaccess
to contain a complete list of modules.
During the installation process (first install) the default
.htaccess
file is copied to the document root folder of the project, if the file does not exist already.
Microsoft Internet Information Services (IIS)¶
During the installation process (first install) the default IIS web config file is copied to the document root folder of the project, if the file does not exist already.
Default IIS web config file with rewrite rules can be found in
EXT:install/Resources/Private/FolderStructureTemplateFiles/root-web-config
Make sure that the URL Rewrite plugin is installed on your system.
NGINX¶
NGINX web server does not support any static file like htaccess in the document root by default. The NGINX configuration has to be setup manually.
Example Configuration:
# Compressing resource files will save bandwidth and so improve loading speed especially for users
# with slower internet connections. TYPO3 can compress the .js and .css files for you.
# *) Set $GLOBALS['TYPO3_CONF_VARS']['BE']['compressionLevel'] = 9 for the Backend
# *) Set $GLOBALS['TYPO3_CONF_VARS']['FE']['compressionLevel'] = 9 together with the TypoScript properties
# config.compressJs and config.compressCss for GZIP compression of Frontend JS and CSS files.
location ~ \.js\.gzip$ {
add_header Content-Encoding gzip;
gzip off;
types { text/javascript gzip; }
}
location ~ \.css\.gzip$ {
add_header Content-Encoding gzip;
gzip off;
types { text/css gzip; }
}
# TYPO3 - Rule for versioned static files, configured through:
# - $GLOBALS['TYPO3_CONF_VARS']['BE']['versionNumberInFilename']
# - $GLOBALS['TYPO3_CONF_VARS']['FE']['versionNumberInFilename']
if (!-e $request_filename) {
rewrite ^/(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ /$1.$3 last;
}
# TYPO3 - Block access to composer files
location ~* composer\.(?:json|lock) {
deny all;
}
# TYPO3 - Block access to flexform files
location ~* flexform[^.]*\.xml {
deny all;
}
# TYPO3 - Block access to language files
location ~* locallang[^.]*\.(?:xml|xlf)$ {
deny all;
}
# TYPO3 - Block access to static typoscript files
location ~* ext_conf_template\.txt|ext_typoscript_constants\.txt|ext_typoscript_setup\.txt {
deny all;
}
# TYPO3 - Block access to miscellaneous protected files
location ~* /.*\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|tsconfig|dist|fla|in[ci]|log|sh|sql|sqlite)$ {
deny all;
}
# TYPO3 - Block access to recycler and temporary directories
location ~ _(?:recycler|temp)_/ {
deny all;
}
# TYPO3 - Block access to configuration files stored in fileadmin
location ~ fileadmin/(?:templates)/.*\.(?:txt|ts|typoscript)$ {
deny all;
}
# TYPO3 - Block access to libraries, source and temporary compiled data
location ~ ^(?:vendor|typo3_src|typo3temp/var) {
deny all;
}
# TYPO3 - Block access to protected extension directories
location ~ (?:typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(?:Configuration|Resources/Private|Tests?|Documentation|docs?)/ {
deny all;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
fastcgi_buffer_size 32k;
fastcgi_buffers 8 16k;
fastcgi_connect_timeout 240s;
fastcgi_read_timeout 240s;
fastcgi_send_timeout 240s;
fastcgi_pass typo3:9000;
fastcgi_index index.php;
include fastcgi.conf;
}
PHP Environment¶
memory_limit set to at least 256M recommended
max_execution_time set to at least 30 (240 seconds recommended)
max_input_vars set to at least 1500
PHP Required Extensions¶
Your PHP needs to support the following extensions. Install will check if these are available.
These are usually part of the standard PHP package on most distributions and are mandatory for a proper function:
PDO
json
pcre >= 8.38 (Mac users: see warning a the end of this document)
session
xml
filter
hash
SPL
standard
These are optional but highly recommended:
mbstring
These might have to be installed separately:
fileinfo
gd
zip
zlib
openssl
intl
mysqli (if you use MySQL, MariaDB as DBMS)
postgresql (if you use PostgreSQL as DBMS)
sqlsrv (if you use SQL Server as DBMS)
sqlite (if you use SQLite as DBMS)
Warning
With PHP 7.3 in combination with macOS 10.13.6 (and probably also 10.14 - unconfirmed) pcre causes problems with brew as well as native or MAMP installations. It is recommended to use PHP 7.2. More information can be found here: