Install PHP
Install the PHP Packages
| Code Block | ||
|---|---|---|
| ||
sudo apt-get install php5 |
As of Ubuntu 12 (an maybe even earlier), the installer will automatically restart Apache2 for you.
Verify
Quickly verify that everything works by creating a php info file with your favourite editor,
| Code Block | ||
|---|---|---|
| ||
sudo vi /var/www/info.php # On public site do not use such an obvious file name |
Put in the following contents,
| Code Block | ||
|---|---|---|
| ||
<?php phpinfo(); ?> |
Save the file and browser to file using a browser. You can use either the IP Address or the valid Domain Name. For example, http://173.194.75.94/info.php or http://www.krypton.com/info.php which should show a purple and grey PHP informational screen.
Secure the Server
The security posture is from an administrative perspective and not for self-serve and shared hosting.
| Panel |
|---|
Determine if this actually increases security - http://www.suphp.org/Home.html. suPHP and LiteSpeed make the most sense for shared hosting. This article indicates that suphp is slow as it makes php run as a cgi. Instead it recommends restrictions using mod_php - http://serverfault.com/questions/279938/should-i-use-suphp-or-mod-php-for-shared-hosting. Along this thread another poster recommends, http://mpm-itk.sesse.net/ which allows vhosts to be run under different uid and gid. This restricts the php process to specific directories - http://help.godaddy.com/article/1616 |
Restrict the Execution of PHP to a Specific Folder
Edit, vi /etc/php5/apache2/php.ini to only allow execution of php scripts in the /home directory.
| Code Block |
|---|
; open_basedir, if set, limits all file operations to the defined directory ; and below. This directive makes most sense if used in a per-directory ; or per-virtualhost web server configuration file. This directive is ; *NOT* affected by whether Safe Mode is turned On or Off. ; http://php.net/open-basedir open_basedir = /home |
This helps minimizes the amount of damage that can be done in the event that the system is compromised to the specified directory.
File Permissions
Adapted from the WordPress article Hardening WordPress we take the approach of creating accounts for select developers or release managers.
wp-config.php - holds the database password and should be locked down.
| Info |
|---|
Covered on the Ubuntu WordPress guide, for automatic updates to occur, the folder and all its files and subfolders must be owned by www-data with write access. I'm not sure we will take this approach. I think I'd rather update manually. |
Install MySQL
| Code Block | ||
|---|---|---|
| ||
sudo apt-get install mysql-server |
For the root administration database password, use the standard password algorithm based on the server name.
Connect PHP to MySQL
Install the necessary libraries so that PHP will be able to connect to MySQL.
| Code Block | ||
|---|---|---|
| ||
sudo apt-get install php5-mysql |
Create the Accounts in MySQL
Connect into MySQL,
| Code Block | ||
|---|---|---|
| ||
mysql -u root -p |
Enter the following MySQL commands,
| Code Block | ||
|---|---|---|
| ||
CREATE DATABASE wordpresskryptondb; GRANT ALL PRIVILEGES ON wordpresskryptondb.* TO "wpkryptonuser"@"localhost" IDENTIFIED BY "password"; FLUSH PRIVILEGES; EXIT |
Explain variables on a table, wordpresskryptondb, wpkryptonuser, localhost, password.
Configure WordPress
- Create config file for database access
- Set URL
- ...
FAQ
Why do some of the php5 installations say to use install libapache2-mod-php5?
No need, it is included with the php5 package.
What is the difference between the php5 and libapache2-mod-php5 packages?
Nothing I can see. It just looks like php5 is an overarching package name.
References
Ubuntu Server Documentation - https://help.ubuntu.com/12.04/serverguide/php5.html
Has some ok details around suPHP - https://help.ubuntu.com/community/ApacheMySQLPHP#Installing_MYSQL_with_PHP_5