The very minimal PHP support

You may want to add PHP support to your website if you use a CMS as example.

Use OpenBSD's ports to install php (adjust the version number)

# pkg_add php-7.4.7

To see every PHP version availables :

# pkg_info -Q php

Then, enable and start php :

# rcctl enable php74_fpm
# rcctl start php74_fpm

Here, "74" suggest you installed PHP version 7.4.

Now edit httpd configuration so it send php files to the interpreter. In "/etc/httpd.conf" :

server "athome.tld" {
        listen on * port 80
        root "/htdocs/website"
        directory index index.php
        location "*.php*" {
                fastcgi socket "/run/php-fpm.sock"

Notice "directory index index.php" instruction. By default, when someone reach "http://athome.tld/", it's like "http://athome.tld/index.php".

You're good to use PHP for most use cases.

PHP modules and chroot

For more complex softwares (Wiki, CMS...), you must enable some PHP extensions disabled by default. You must remember httpd is chrooted and can't see every files on the system for safety purposes.

Add PHP modules

If you read "/usr/local/share/doc/pkg-readmes" php file, you already know what to do 😉. You have to add symlinks from "/etc/php-7.4.sample" to "/etc/php-7.4" (edit php version).

# cd /etc/php-7.4.sample
# for i in *; do ln -sf ../php-7.4.sample/$i ../php-7.4/; done
# rcctl restart php74_fpm

With main php package, most extension are already installed. You may add the following as they are quite common and useful :

Edit PHP configuration

Edit "/etc/php-7.4.ini". Below is an example of some useful changes :

; Increase the size of uploadable files
post_max_size = 10M
upload_max_filesize = 10M
; let php download remote content
allow_url_fopen = On
; Timezone
date.timezone = Europe/Paris
; Enable cache to avoid every page regeneration

Configuration to deal with httpd's chroot

Your php pages may need to download remote content. Therefore, it must be able to do domain name resolution, check tls certificates and more. The necessary is stored in "/etc". However, if you remember, httpd is chrooted. Do you remember where ?

In /var/www !!!

Indeed Jean-Michel! Good to have you here. 😁

We'll have to copy a few files usually stored in "/etc" to "/var/www/etc":

# cd /var/www     # go in the chroot 
# mkdir etc/      # create etc directory
# cp /etc/resolv.conf etc/resolv.conf # for Domain resolution       
# cp /etc/hosts etc/hosts # DN too
# cp /etc/localtime etc/localtime
# mkdir etc/ssl   # Create another directory for tls certs
# install -m 444 -o root -g bin /etc/ssl/cert.pem /etc/ssl/openssl.cnf /var/www/etc/ssl

Those files must be read only :

chmod -R 444 /var/www/etc/*
chmod -R a+X /var/www/etc/

Les fichiers copiés servent notamment à :

Files in "/etc/ssl/*" must be updated periodically. Add in "/etc/monthly.local" :

install -m 444 -o root -g bin /etc/ssl/cert.pem /etc/ssl/openssl.cnf /var/www/etc/ssl

If you need PHP to send mails, you must copy "sh" in chroot (see "/usr/local/share/doc/pkg-readmes/femail-chroot*").

# cp /bin/sh /var/www/bin/

At last, reload php 😉.