TYPO3 v9 has reached its end-of-life September 30th, 2021 and is not maintained by the community anymore. Looking for a stable version? Use the version switch on the top left.

You can order Extended Long Term Support (ELTS) here: TYPO3 ELTS.

System Requirements

TYPO3 requires a web server, PHP and a database system.

  • TYPO3 requires a web server which can run PHP (Apache httpd, Nginx, Microsoft IIS, Caddy Server).

  • TYPO3 9 requires PHP >= 7.2 <= 7.4

  • TYPO3 can be used with many database systems (MariaDB >= 10.2 <= 10.3, Microsoft SQL Server, MySQL 5.5+, PostgreSQL, SQLite).

If you use an Apache web server, the module mod_rewrite must be activated. Certain PHP extensions are necessary, others recommended. You possibly want to adjust the memory limit; see below.

If you want TYPO3 to automatically carry out image processing – for example scaling or cropping – you will need GraphicsMagick (version 1.3 or newer) or ImageMagick (version 6 or newer) installed on the server. (GraphicsMagick should be prefered.)

For an overview see also

Should you encounter problems, the "Troubleshooting" section at the end of this document will help.

Database Environment

TYPO3 works with database management systems in various versions - see for details.

The InnoDB engine is required in case you are using MySQL.

If you are creating the database yourself, you should use utf8mb4 as charset and (naming depending on your dbms) utf8mb4_unicode_ci as collation.

Required Database Privileges

The database user needs at least the following privileges on the TYPO3 database:



It is recommended to also grant the following privileges:



Web Server Environment


  • Make sure AllowOverride in the webserver configuration includes "Indexes" and "FileInfo" if you use Apache as webserver and override the default configuration with .htaccess (as done by default).

  • Enable Apache modules (see Enable mod_rewrite in the Troubleshooting section). The following modules are used by the default .htaccess:


Block access to vcs directories (strongly recommended for security reasons).


Block access to specific files and directories (strongly recommended for security reasons).


Used for disabling directory listings (strongly recommended for security reasons).


Used for compression, better performance.


Adds HTTP headers for browser caching and better performance


Used with mod_deflate. For Apache versions below version 2.3.7 you don't need to enable mod_filter.


Used in combination with mod_deflate.


Enable human readable urls.


Also used with mod_deflate.


If the modules are not active, the corresponding directives in .htaccess will not be activated (due to the <IfModule conditions). This leaves you with a system, which is less secure, slower and / or where some things will simply not work (e.g. URL rewriting due to missing mod_rewrite).


Look for <IfModule> directives in the default .htaccess file EXT:install/Resources/Private/FolderStructureTemplateFiles/root-htaccess for more clues about which modules are used for what purpose. Not all used modules may have directives in the .htaccess file so do not necessarily expect .htaccess to contain a complete list of modules.

  • During the installation process (first install) the default .htaccess file is copied to the document root folder of the project, if the file does not exist already.

Microsoft Internet Information Services (IIS)

  • During the installation process (first install) the default IIS web config file is copied to the document root folder of the project, if the file does not exist already.

  • Default IIS web config file with rewrite rules can be found in EXT:install/Resources/Private/FolderStructureTemplateFiles/root-web-config

  • Make sure that the URL Rewrite plugin is installed on your system.


  • NGINX web server does not support any static file like htaccess in the document root by default. The NGINX configuration has to be setup manually.

Example Configuration:

# Compressing resource files will save bandwidth and so improve loading speed especially for users
# with slower internet connections. TYPO3 can compress the .js and .css files for you.
# *) Set $GLOBALS['TYPO3_CONF_VARS']['BE']['compressionLevel'] = 9 for the Backend
# *) Set $GLOBALS['TYPO3_CONF_VARS']['FE']['compressionLevel'] = 9 together with the TypoScript properties
#    config.compressJs and config.compressCss for GZIP compression of Frontend JS and CSS files.
location ~ \.js\.gzip$ {
    add_header Content-Encoding gzip;
    gzip off;
    types { text/javascript gzip; }
location ~ \.css\.gzip$ {
    add_header Content-Encoding gzip;
    gzip off;
    types { text/css gzip; }

# TYPO3 - Rule for versioned static files, configured through:
# - $GLOBALS['TYPO3_CONF_VARS']['BE']['versionNumberInFilename']
# - $GLOBALS['TYPO3_CONF_VARS']['FE']['versionNumberInFilename']
if (!-e $request_filename) {
    rewrite ^/(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ /$1.$3 last;

# TYPO3 - Block access to composer files
location ~* composer\.(?:json|lock) {
    deny all;

# TYPO3 - Block access to flexform files
location ~* flexform[^.]*\.xml {
    deny all;

# TYPO3 - Block access to language files
location ~* locallang[^.]*\.(?:xml|xlf)$ {
    deny all;

# TYPO3 - Block access to static typoscript files
location ~* ext_conf_template\.txt|ext_typoscript_constants\.txt|ext_typoscript_setup\.txt {
    deny all;

# TYPO3 - Block access to miscellaneous protected files
location ~* /.*\.(?:bak|co?nf|cfg|ya?ml|ts|typoscript|tsconfig|dist|fla|in[ci]|log|sh|sql|sqlite)$ {
    deny all;

# TYPO3 - Block access to recycler and temporary directories
location ~ _(?:recycler|temp)_/ {
    deny all;

# TYPO3 - Block access to configuration files stored in fileadmin
location ~ fileadmin/(?:templates)/.*\.(?:txt|ts|typoscript)$ {
    deny all;

# TYPO3 - Block access to libraries, source and temporary compiled data
location ~ ^(?:vendor|typo3_src|typo3temp/var) {
    deny all;

# TYPO3 - Block access to protected extension directories
location ~ (?:typo3conf/ext|typo3/sysext|typo3/ext)/[^/]+/(?:Configuration|Resources/Private|Tests?|Documentation|docs?)/ {
    deny all;

location / {
    try_files $uri $uri/ /index.php$is_args$args;

location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    if (!-f $document_root$fastcgi_script_name) {
        return 404;
    fastcgi_buffer_size 32k;
    fastcgi_buffers 8 16k;
    fastcgi_connect_timeout 240s;
    fastcgi_read_timeout 240s;
    fastcgi_send_timeout 240s;
    fastcgi_pass         typo3:9000;
    fastcgi_index        index.php;
    include              fastcgi.conf;

PHP Environment

  • memory_limit set to at least 256M recommended

  • max_execution_time set to at least 30 (240 seconds recommended)

  • max_input_vars set to at least 1500

PHP Required Extensions

Your PHP needs to support the following extensions. Install will check if these are available.

  • These are usually part of the standard PHP package on most distributions:

    • PDO

    • json

    • pcre >= 8.38

    • session

    • xml

    • filter

    • hash

    • mbstring

    • SPL

    • standard

  • These might have to be installed separately:

    • fileinfo

    • gd

    • zip

    • zlib

    • openssl

    • intl

    • mysqli (if you use MySQL, MariaDB as DBMS)

    • postgresql (if you use PostgreSQL as DBMS)

    • sqlsrv (if you use SQL Server as DBMS)

    • sqlite (if you use SQLite as DBMS)