Enhance PHP 5 initial setup on Debian
by
Pierre-Yves Landuré
—
last modified
Aug 16, 2018 12:57
The initial PHP 5 setup provided by Debian is just fine. This howto provide adjustments enhancing it.
This howto is tested on:
- Debian 6.0 Squeeze
- Debian 7.0 Wheezy
- Ubuntu 13.10 Saucy Salamander
Prerequisites
This howto needs :
- a working PHP setup, as described by Install PHP-FPM on Debian.
Configuration
Detect PHP extension configuration path:
MODS_CONF_PATH='/etc/php5/conf.d'
test -d '/etc/php5/mods-available' \
&& MODS_CONF_PATH='/etc/php5/mods-available'
Harden the server security
if [ -d '/etc/php5/conf.d' ]; then
echo '; Harden PHP5 security
; priority=50
; Disable PHP exposureexpose_php = Off
;Dangerous : disable system functions. This can break some administration softwares.
;disable_functions = symlink,shell_exec,exec,proc_close,proc_open,popen,system,dl,passthru,escapeshellarg,escapeshellcmd
' > "${MODS_CONF_PATH}/security-hardened.ini"
command type -f 'php5enmod' &>'/dev/null' && command php5enmod 'security-hardened/50'
fi
:
Setup UTF-8 as default characters encoding for the mbstring extension (installed in core PHP5 on Debian):
if [ -d '/etc/php5/conf.d' ]; then
echo '; Set mbstring defaults to UTF-8
; priority=50
mbstring.language=UTF-8
mbstring.internal_encoding=UTF-8
mbstring.http_input=UTF-8
mbstring.http_output=UTF-8
mbstring.detect_order=auto' \
> "${MODS_CONF_PATH}/mbstring.ini"
test -n "$(command -v php5enmod)" && command php5enmod 'mbstring/50'
fi
Setup the PHP time zone:
echo "; PHP settings for strtotime ; priority=50
date.timezone = \"$(command cat /etc/timezone)\"" > "${MODS_CONF_PATH}/timezone.ini"
test -n "$(command -v php5enmod)" && command php5enmod 'timezone/50'
Reload the configuration:
if command type -f 'service' &>'/dev/null'; then
test -e '/etc/init.d/php5-fpm' && command service 'php5-fpm' 'restart'
test -e '/etc/init.d/apache2' && command service 'apache2' 'force-reload'
test -e '/etc/init.d/lighttpd' && command service 'lighttpd' 'force-reload'
test -e '/etc/init.d/nginx' && command service 'nginx' 'force-reload'
else
test -x '/etc/init.d/php5-fpm' && /etc/init.d/php5-fpm 'restart'
test -x '/etc/init.d/apache2' && /etc/init.d/apache2 'force-reload'
test -x '/etc/init.d/lighttpd' && /etc/init.d/lighttpd 'force-reload'
test -x '/etc/init.d/nginx' && /etc/init.d/nginx 'force-reload'
fi
Thanks
- Thanks to Alsacréations (fr) for Installation d'Apache et PHP (fr).