You are here: Home / Debian GNU/Linux / Servers / PHP / Enhance PHP 5 initial setup on Debian

Enhance PHP 5 initial setup on Debian

by Pierre-Yves Landuré last modified Aug 16, 2018 12:57

The initial PHP 5 setup provided by Debian is just fine. This howto provide adjustments enhancing it.

This howto is tested on:

  • Debian 6.0 Squeeze
  • Debian 7.0 Wheezy
  • Ubuntu 13.10 Saucy Salamander

Prerequisites

This howto needs :

Configuration

Detect PHP extension configuration path:

MODS_CONF_PATH='/etc/php5/conf.d'
test -d '/etc/php5/mods-available' \
  && MODS_CONF_PATH='/etc/php5/mods-available'

Harden the server security

if [ -d '/etc/php5/conf.d' ]; then
echo '; Harden PHP5 security
; priority=50
; Disable PHP exposure
expose_php = Off

;Dangerous : disable system functions. This can break some administration softwares.
;disable_functions = symlink,shell_exec,exec,proc_close,proc_open,popen,system,dl,passthru,escapeshellarg,escapeshellcmd
' > "${MODS_CONF_PATH}/security-hardened.ini"
command type -f 'php5enmod' &>'/dev/null' && command php5enmod 'security-hardened/50'
fi

:

Setup UTF-8 as default characters encoding for the mbstring extension (installed in core PHP5 on Debian):

if [ -d '/etc/php5/conf.d' ]; then
echo '; Set mbstring defaults to UTF-8
; priority=50
mbstring.language=UTF-8
mbstring.internal_encoding=UTF-8
mbstring.http_input=UTF-8
mbstring.http_output=UTF-8
mbstring.detect_order=auto' \
> "${MODS_CONF_PATH}/mbstring.ini"
test -n "$(command -v php5enmod)" && command php5enmod 'mbstring/50'
fi

Setup the PHP time zone:

echo "; PHP settings for strtotime
; priority=50
date.timezone = \"$(command cat /etc/timezone)\"" > "${MODS_CONF_PATH}/timezone.ini"
test -n "$(command -v php5enmod)" && command php5enmod 'timezone/50'

Reload the configuration:

if command type -f 'service' &>'/dev/null'; then
test -e '/etc/init.d/php5-fpm' && command service 'php5-fpm' 'restart'
test -e '/etc/init.d/apache2' && command service 'apache2' 'force-reload'
test -e '/etc/init.d/lighttpd' && command service 'lighttpd' 'force-reload'
test -e '/etc/init.d/nginx' && command service 'nginx' 'force-reload'
else
test -x '/etc/init.d/php5-fpm' && /etc/init.d/php5-fpm 'restart'
test -x '/etc/init.d/apache2' && /etc/init.d/apache2 'force-reload'
test -x '/etc/init.d/lighttpd' && /etc/init.d/lighttpd 'force-reload'
test -x '/etc/init.d/nginx' && /etc/init.d/nginx 'force-reload'
fi

Thanks