PHP configuration of Ubuntu Apache service under LINUX_PHP tutorial

Agni Website Building Academy (Bkjia.Com) DocumentsThe Ubuntu system is updated to the latest status. This step must be done before doing any operation to ensure the stability of the system and that there will be no inexplicable problems. phenomenon occurs.

$sudo apt-get update

$sudo apt-get dist-upgrade

Install PHP support

$sudo apt-get install libapache2-mod-php5

$sudo apt-get install php5

If you want to support graphics, add php5-gd. If you want to support Mysql, add php5-mysql. The reason why libapache2-mod-php5 is listed separately here is mainly because the dependencies of php5 are not done well and it may Install the libapache-mod-php4 package, so in order to avoid unnecessary trouble, it is better to specify it separately. If friends still have problems, please search for the libapache-mod-php4 package in Synaptic and delete it if installed.

Modify the PHP configuration file to limit memory and maximum file upload size

We edit the /etc/php5/apache2/php.ini file and make general configuration first. Before making changes, please make a backup of the configuration file. So that you can recover if something goes wrong.

...

memory_limit == 8M ==>Modify to the memory size you need

upload_max_filesize == 2M ==>Modify the maximum file upload size

...

extension=mysql.so supports Mysql service

extension=gd.so supports gd function

...

In fact, under Ubuntu, if you install php5-mysql and php5-gd, the above two lines will be automatically modified. All we have to do is confirm whether the comments in front of them are removed.

a. At present, most PHP open sources are written in PHP4. In order to be compatible with previous PHP versions, register_long_arrays sometimes needs to be opened. Otherwise, variables such as $HTTP_GET_VARS and $HTTP_POST_VARS will not be used, and some inexplicable problems will occur. . a. In addition, after installing php5, it is best to check whether there is a link under /etc/apache2/mods-enabled/:

php5.load -> /etc/apache2/mods-available/php5.load

Harden PHP for enhanced security. Note that the security below depends on the situation, so I have written their functions clearly. If there is a problem, see if it is caused by any of the following restrictions, and comment it out accordingly. So let's get started. We will edit the /etc/php5/apache2/php.ini file again. The reason why we don't change it all at once is mainly to give everyone a clear idea.

#Enable safe mode. The advantage of opening it is that PHP files can only access files with the same owner and the PHP file. Even in a chroot environment, files with different owners in the jail cannot be accessed, similar to php shell. Such a backdoor is useless. phpshell is a very popular php backdoor. It can execute system commands. Just like its name, it is very close to shell.

safe_mode = On

#Please note that opening one in safe mode will cause PHP that calls external programs such as judge online to not work.

#The following settings limit the directory range that functions such as fopen() and file() can operate to prevent intruders from illegally reading files. Be sure to add "/" after /var/www, otherwise /var Files under /wwww can also be accessed. This option will prevent any PHP file that is not in the /var/www/ directory from running, including any program linked to the /var/www/ directory by a soft link, such as the PhpMyAdmin package, which will not run properly after this option is set. .

open_basedir = /var/www/

#Prohibit the use of phpinfo and get_cfg_var functions to avoid leaking service information. Generally, close PHP after confirming that it can work normally

disable_functions = phpinfo,get_cfg_var

#Set php program error log

error_reporting = E_ALL

log_errors = On

error_log = /var/log/php_err.log

#If the PHP program does not specify that register_globals is required, it is best to set register_globals to Off, which can avoid many security issues. Note, if your program requires register_globals, do not turn it off. Ubuntu is turned off by default.

register_globals = Off

#Prohibit opening remote addresses. Remember the recent vulnerability in php include? If variables are included in a PHP program, then the intruder can use this control server to execute a remote PHP program locally, such as phpshell, so we close this.

allow_url_fopen = Off

OK, let’s call it a day!

http://www.bkjia.com/PHPjc/364230.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/364230.htmlTechArticleLieHuo.Net document Ubuntu system is updated to the latest status, which must be done before doing any operation This step is to ensure the stability of the system and there will be no inexplicable problems...