PHP
The very minimal PHP support
You may want to add PHP support to your website if you use a CMS as example.
Use OpenBSD's ports to install php (adjust the version number)
# pkg_add php-7.4.7
To see every PHP version availables :
# pkg_info -Q php
Then, enable and start php :
# rcctl enable php74_fpm # rcctl start php74_fpm
Here, "74" suggest you installed PHP version 7.4.
Now edit httpd configuration so it send php files to the interpreter. In "/etc/httpd.conf" :
server "athome.tld" {
listen on * port 80
root "/htdocs/website"
directory index index.php
location "*.php*" {
fastcgi socket "/run/php-fpm.sock"
}
}
Notice "directory index index.php" instruction. By default, when someone reach "http://athome.tld/", it's like "http://athome.tld/index.php".
You're good to use PHP for most use cases.
PHP modules and chroot
For more complex softwares (Wiki, CMS...), you must enable some PHP extensions disabled by default. You must remember httpd is chrooted and can't see every files on the system for safety purposes.
Add PHP modules
If you read "/usr/local/share/doc/pkg-readmes" php file, you already know what to do 😉. You have to add symlinks from "/etc/php-7.4.sample" to "/etc/php-7.4" (edit php version).
# cd /etc/php-7.4.sample # for i in *; do ln -sf ../php-7.4.sample/$i ../php-7.4/; done # rcctl restart php74_fpm
With main php package, most extension are already installed. You may add the following as they are quite common and useful :
- php-curl : online requests
- php-gd : handle images
- php-intl : internationalization
- php-zip : compression
- libmcrypt : encryption
- pear and "pecl-..."
Edit PHP configuration
Edit "/etc/php-7.4.ini". Below is an example of some useful changes :
; Increase the size of uploadable files post_max_size = 10M upload_max_filesize = 10M ; let php download remote content allow_url_fopen = On ; Timezone date.timezone = Europe/Paris ; Enable cache to avoid every page regeneration opcache.enable=1 opcache.memory_consumption=128 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=4000 opcache.enable_file_override=1
Configuration to deal with httpd's chroot
Your php pages may need to download remote content. Therefore, it must be able to do domain name resolution, check tls certificates and more. The necessary is stored in "/etc". However, if you remember, httpd is chrooted. Do you remember where ?
In /var/www !!!
Indeed Jean-Michel! Good to have you here. 😁
We'll have to copy a few files usually stored in "/etc" to "/var/www/etc":
# cd /var/www # go in the chroot # mkdir etc/ # create etc directory # cp /etc/resolv.conf etc/resolv.conf # for Domain resolution # cp /etc/hosts etc/hosts # DN too # cp /etc/localtime etc/localtime # mkdir etc/ssl # Create another directory for tls certs # install -m 444 -o root -g bin /etc/ssl/cert.pem /etc/ssl/openssl.cnf /var/www/etc/ssl
Those files must be read only :
chmod -R 444 /var/www/etc/* chmod -R a+X /var/www/etc/
Les fichiers copiés servent notamment à :
Files in "/etc/ssl/*" must be updated periodically. Add in "/etc/monthly.local" :
install -m 444 -o root -g bin /etc/ssl/cert.pem /etc/ssl/openssl.cnf /var/www/etc/ssl
If you need PHP to send mails, you must copy "sh" in chroot (see "/usr/local/share/doc/pkg-readmes/femail-chroot*").
# cp /bin/sh /var/www/bin/
At last, reload php 😉.