Enhance PHP 5 initial setup on Debian
by
Pierre-Yves Landuré
—
last modified
Feb 27, 2013 11:41 AM
The initial PHP 5 setup provided by Debian is just fine. This howto provide adjustments enhancing it.
This howto is tested on:
- Debian 6.0 Squeeze
- Debian 7.0 Wheezy
Prerequisite
This howto require a working installation of PHP 5, for example, the one described by the howto Install PHP-FPM on Debian.
Configuration
Harden the server security:
if [ -d '/etc/php5/conf.d' ]; then
echo '; Harden PHP5 security
; Disable PHP exposureexpose_php = Off;Dangerous : disable system functions. This can break some administration softwares.
;disable_functions = symlink,shell_exec,exec,proc_close,proc_open,popen,system,dl,passthru,escapeshellarg,escapeshellcmd
' > '/etc/php5/conf.d/security-hardened.ini'
fi
Setup UTF-8 as default characters encoding for the mbstring extension (installed in core PHP5 on Debian):
if [ -d '/etc/php5/conf.d' ]; then
echo '; Set mbstring defaults to UTF-8
mbstring.language=UTF-8
mbstring.internal_encoding=UTF-8
mbstring.http_input=UTF-8
mbstring.http_output=UTF-8
mbstring.detect_order=auto' \
> '/etc/php5/conf.d/mbstring.ini'
fi
Setup the PHP time zone:
echo "; PHP settings for strtotime date.timezone = \"$(command cat /etc/timezone)\"" > /etc/php5/conf.d/timezone.ini
Reload the configuration:
test -x /etc/init.d/php5-fpm && /etc/init.d/php5-fpm restart
test -x /etc/init.d/apache2 && /etc/init.d/apache2 force-reload
test -x /etc/init.d/lighttpd && /etc/init.d/lighttpd force-reload
test -x /etc/init.d/nginx && /etc/init.d/nginx force-reload
Thanks
- Thanks to Alsacréations (fr) for Installation d'Apache et PHP (fr).
