PHP-FPM 8.2 on OpenBSD 7.3

created
( modified )
@nabbisen

Series


Summary

The OpenBSD 🐡 project and their community support Web service packages including those of PHP very well, thankfully.

The PHP core package is offered as pre-compiled binary via Ports packages system. In addition, important softwares such as extensions, Composer and PECL libraries are available. So are frameworks such as NextCloud and Zabbix.

Moreover, when it is integrated with OpenBSD httpd, its chroot helps to keep servers secure. Of course, it is also able to additionally integrate them with relayd.

Well, PHP-FPM, PHP FastCGI Process Manager, is a part of PHP package in OpenBSD packages. Installing PHP (php-?.? due to the version), therefore, comes with php??_fpm automatically 🙌

This post shows how to install it and configure as a server.

Environment

✿ ✿ ✿

Tutorial

Install PHP

First, install the main package:

$ doas pkg_add php

You will be asked:

quirks-6.121 signed on 2023-08-02T17:33:30Z
Ambiguous: choose package for php
a	0: <None>
	1: php-7.4.33p0
	2: php-8.0.29
	3: php-8.1.22
	4: php-8.2.9
Your choice:

Choose “4” for 8.2. Besides, you can check the lifetime of each version here.

The result was:

php-8.2.9:capstone-4.0.2: ok
php-8.2.9:femail-1.0p1: ok
php-8.2.9:femail-chroot-1.0p3: ok
php-8.2.9:libsodium-1.0.18p1: ok
php-8.2.9:argon2-20190702: ok
php-8.2.9:oniguruma-6.9.8: ok
php-8.2.9: ok
The following new rcscripts were installed: /etc/rc.d/php82_fpm
See rcctl(8) for details.
New and changed readme(s):
	/usr/local/share/doc/pkg-readmes/femail-chroot
	/usr/local/share/doc/pkg-readmes/php-8.2

You must see php82_fpm come along with php-8.2 !!

Configure PHP

These directories/files are generated:

$ ls /etc/php*
/etc/php-8.2.ini    /etc/php-fpm.conf

/etc/php-8.2:

/etc/php-8.2.sample:
opcache.ini

/etc/php-fpm.d:

Edit .ini or .conf file(s) as needed.

Editing examples (Optional)

Edit:

$ doas nvim /etc/php-8.2.ini

like:

- post_max_size = 8M
+ post_max_size = 30M
  (...)
- upload_max_filesize = 2M
+ upload_max_filesize = 24M
  (...)
- allow_url_fopen = Off
+ ; for composer; disabled in php-fpm
+ allow_url_fopen = On

Also, edit:

$ doas nvim /etc/php-fpm.conf

to append to the bottom:

+ ; set On in php.ini for composer, therefore:
+ php_admin_value[allow_url_fopen] = Off

Activate extensions (Optional)

The file(s) in /etc/php-8.2.sample are PHP extensions such as opcache.ini. According to your necessity, create symbolic link to each of them in /etc/php-8.2/, which will activate the extension(s):

$ doas ln -sf /etc/php-8.2.sample/${ini} /etc/php-8.2/

For small reference, with more files which have to be dealt with, you can use loop-processing with your shell 😉 For examples:

$ # case ksh:
$ for x in $(ls /etc/php-8.2.sample/*); do doas ln -sf $x /etc/php-8.2/; done
$ # case fish:
$ for x in /etc/php-8.2.sample/*; doas ln -sf $x /etc/php-8.2/; end

Configure PHP-FPM

OK. We’re almost ready for launching PHP service.

The PHP pkg-readme, which was obtanined as /usr/local/share/doc/pkg-readmes/php-8.2 in installation, says:

The main OpenBSD php packages include php-fpm, FastCGI Process Manager. This manages pools of FastCGI processes: starts/restarts them and maintains a minimum and maximum number of spare processes as configured. You can use rcctl(8) to enable php-fpm at boot, and start it at runtime:

rcctl enable php82_fpm
rcctl start php82_fpm

Let’s activate the daemon:

$ doas rcctl enable php82_fpm

For another small reference, it appends or modifies the line in /etc/rc.conf.local:

+ pkg_scripts=(...) php82_fpm (...)

Now it’s time to start the daemon:

$ doas rcctl start php82_fpm

The result was:

php82_fpm(ok)

Yay 😄

Set up /var/www/etc (Optional)

It is sometimes required on not only PHP but also web apps.

Set up /var/www/etc, which is etc under chroot, as below, for example, so that name resolution or TLS connection is enabled:

$ ls -lR /var/www/etc
/var/www/etc:
total 16
-rw-r--r--  1 root  daemon   35 Aug 03 00:00 hosts
-r--r--r--  1 root  daemon  292 Aug 03 00:00 localtime
-rw-r--r--  1 root  daemon   99 Aug 03 00:00 resolv.conf
drwxr-xr-x  2 root  daemon  512 Aug 03 00:00 ssl/

/var/www/etc/ssl:
total 708
-r--r--r--  1 root  daemon  341121 Aug 03 00:00 cert.pem
-r--r--r--  1 root  daemon     745 Aug 03 00:00 openssl.cnf

Integration with web server

Next, we have to set up a web server for them.

Only if you haven’t configured httpd, copy the .conf file from the examples OpenBSD offers as below:

$ doas cp -p /etc/examples/httpd.conf /etc/

Well, edit /etc/httpd.conf to add fastcgi socket definitions in some SERVERS section like this:

server "default" {
    listen on * port 80
    #listen on * port 443

    root "/htdocs"
    directory index index.php

    location "/*.php" {
        fastcgi socket "/run/php-fpm.sock"
    }
    location "/*.php[/?]*" {
        fastcgi socket "/run/php-fpm.sock"
    }
}

Note that chroot works in this context 💡 Therefore, fastcgi socket "/run/php-fpm.sock" in /etc/httpd.conf actually means fastcgi socket "/var/www/run/php-fpm.sock". This is the same to that root "/htdocs" means "/var/www/htdocs".

Actually, there is:

$ ls -l /var/www/run
total 0
srw-rw----  1 www  www  0 Aug 03 00:01 php-fpm.sock=

Concolusion

Let’s make /var/www/htdocs/index.php for testing:

$ echo "<?php phpinfo(1); ?>" | \
      doas tee "/var/www/htdocs/index.php" >> /dev/null
$ # delete it afterwards:
$ #doas rm /var/www/htdocs/index.php

Connecting to your host with browser will show the general information !!

php-82-on-openbsd-73

Here comes PHP 8.2 on OpenBSD 7.3 🌻

✿ ✿ ✿

Happy serving 🕊🕊


Comments or feedbacks are welcomed and appreciated.