no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | openbsd_php [2014/06/13 18:48] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== OpenBSD PHP ====== | ||
+ | * [[OpenBSD]] | ||
+ | * [[OpenBSD nginx]] | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | |||
+ | ==== Installation ==== | ||
+ | |||
+ | |||
+ | Install PHP: | ||
+ | |||
+ | < | ||
+ | pkg_add php-curl php-gd php-gmp php-mcrypt php-mysql php-mysqli php-pdo_mysql php-zip | ||
+ | ln -sf / | ||
+ | ln -sf / | ||
+ | ln -sf / | ||
+ | ln -sf / | ||
+ | ln -sf / | ||
+ | ln -sf / | ||
+ | ln -sf / | ||
+ | ln -sf / | ||
+ | ln -sf / | ||
+ | ln -sf / | ||
+ | </ | ||
+ | |||
+ | * Add '' | ||
+ | |||
+ | ==== General Notes: PHP Security, nginx, DokuWiki ==== | ||
+ | |||
+ | Setting up PHP securely with nginx is a bit of an impossibility in some ways. | ||
+ | |||
+ | The OpenBSD default to parse all files ending with a .php extension works well, but a theoretical security hole is available: say if ''/ | ||
+ | |||
+ | Another security option is to disable CGI fix pathinfo for PHP. However, this can break some PHP software (WordPress, in theory) that relies on the SERVER variables -- which can also be overriden with some nginx flags so that they are correctly sent. | ||
+ | |||
+ | Another issue is with HTTPS requests, since you are sending traffic to the PHP FPM server, again the server variables may not see it as a secure request. | ||
+ | |||
+ | I haven' | ||
+ | |||
+ | Altogether, the combination of the three (nginx, PHP FPM and dokuwiki / pretty URLs) make it not worth the hassle. | ||
+ | |||
+ | Recommendation for now is to use a simple Apache 2.2 setup in it's place. | ||
+ | |||
+ | ==== PHP-FPM ==== | ||
+ | |||
+ | Install PHP-FPM: | ||
+ | |||
+ | < | ||
+ | pkg_install php-fpm | ||
+ | </ | ||
+ | |||
+ | Setup configuration file at ''/ | ||
+ | |||
+ | < | ||
+ | listen.allowed_clients = 127.0.0.1 | ||
+ | </ | ||
+ | |||
+ | Start the service: | ||
+ | |||
+ | < | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | ==== PHP-FPM with nginx ==== | ||
+ | |||
+ | To setup nginx to serve PHP using FPM, there are only two changes to make in ''/ | ||
+ | |||
+ | Add '' | ||
+ | |||
+ | < | ||
+ | index | ||
+ | </ | ||
+ | |||
+ | and uncomment the PHP FPM settings: | ||
+ | |||
+ | < | ||
+ | location ~ \.php$ { | ||
+ | root / | ||
+ | fastcgi_pass | ||
+ | fastcgi_index | ||
+ | fastcgi_param | ||
+ | include | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | ==== Install Suhosin ==== | ||
+ | |||
+ | * [[PHP Suhosin]] | ||
+ | |||
+ | With OpenBSD 5.5, suhosin is not built-in by default, nor available as a package. | ||
+ | |||
+ | First, install a version of autoconf: | ||
+ | |||
+ | < | ||
+ | pkg_add autoconf | ||
+ | </ | ||
+ | |||
+ | Select the version you want to install. | ||
+ | |||
+ | Next, download the source code of suhosin, unpack it, and configure and build it: | ||
+ | |||
+ | < | ||
+ | AUTOCONF_VERSION=2.69 phpize-5.4 | ||
+ | ./configure --with-php-config=/ | ||
+ | make | ||
+ | make install | ||
+ | </ | ||
+ | |||
+ | Finally, load the module by creating an extension file: | ||
+ | |||
+ | < | ||
+ | echo extension=suhosin.so > / | ||
+ | </ | ||
+ | |||
+ | Restart PHP FPM to use the new module: | ||
+ | |||
+ | < | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | And verify the module is installed: | ||
+ | |||
+ | < | ||
+ | php-5.4 -m | ||
+ | </ | ||
+ | |||
+ | The module is located in the same directory as the other ones, at ''/ |