Debian’s initial PHP configuration is a very good start. This guide provides adjustments improving upon it.
This howto is tested on:
- Debian 10.0 Buster
This howto is tested with these versions of PHP:
- 7.3.11
Requirements
This howto requires:
- a HTTP server with PHP support, as described by Install PHP-FPM on Debian.
- php-tools, command-line tool easing PHP configuration.
Configuration
Detect if sudo is available (“command” is used if not):
cmdProxy='command'
command type -f 'sudo' &>'/dev/null' && cmdProxy='sudo'
Harden PHP pages security:
${cmdProxy} php-tools --add-mod --mod-priority=50 --mod-name='security-hardened' \
--mod-settings='; Harden PHP5 security
; priority=50
; Disable PHP exposure
expose_php = Off
;Dangerous : disable system functions. This can break some administration softwares.
;disable_functions = symlink,shell_exec,exec,proc_close,proc_open,popen,system,dl,passthru,escapeshellarg,escapeshellcmd'
Set UTF-8 as default character encoding for mbstring extension:
${cmdProxy} php-tools --add-mod --mod-priority=50 --mod-name='mbstring-config' \
--mod-settings='; Set mbstring defaults to UTF-8
; priority=50
mbstring.language = UTF-8
mbstring.internal_encoding = UTF-8
mbstring.http_input = UTF-8
mbstring.http_output = UTF-8
mbstring.detect_order = auto'
Set default PHP timezone to be the same as the system default:
${cmdProxy} php-tools --add-mod --mod-priority=50 --mod-name='timezone' \
--mod-settings="; PHP settings for strtotime
; priority=50
date.timezone = \"$(command cat /etc/timezone)\""
Reload PHP configuration:
${cmdProxy} php-tools --reload
Thanks
- Thanks to Alsacréations (fr) for Installation d’Apache et PHP (fr).
0 Comments