Summary
The OpenBSD 🐡 project and their community support Web service packages including those of PHP very well, thankfully.
The PHP core package is offered as pre-compiled binary via Ports packages system. In addition, important softwares such as extensions, Composer and PECL libraries are available. So are frameworks such as NextCloud and Zabbix.
Moreover, when it is integrated with OpenBSD httpd, its chroot helps to keep servers secure. Of course, it is also able to additionally integrate them with relayd.
Well, PHP-FPM, PHP FastCGI Process Manager, is a part of PHP package in OpenBSD packages.
Installing PHP (php-?.? due to the version), therefore, comes with php??_fpm automatically 🙌
This post shows how to install it and configure as a server.
Environment
- OS: OpenBSD 7.3
- Web: OpenBSD httpd
- Reference: How to set it up
- PHP: 8.2 with PHP-FPM
Tutorial
Install PHP
First, install the main package:
$ doas pkg_add php
You will be asked:
quirks-6.121 signed on 2023-08-02T17:33:30Z
Ambiguous: choose package for php
a 0: <None>
1: php-7.4.33p0
2: php-8.0.29
3: php-8.1.22
4: php-8.2.9
Your choice:
Choose “4” for 8.2. Besides, you can check the lifetime of each version here.
The result was:
php-8.2.9:capstone-4.0.2: ok
php-8.2.9:femail-1.0p1: ok
php-8.2.9:femail-chroot-1.0p3: ok
php-8.2.9:libsodium-1.0.18p1: ok
php-8.2.9:argon2-20190702: ok
php-8.2.9:oniguruma-6.9.8: ok
php-8.2.9: ok
The following new rcscripts were installed: /etc/rc.d/php82_fpm
See rcctl(8) for details.
New and changed readme(s):
/usr/local/share/doc/pkg-readmes/femail-chroot
/usr/local/share/doc/pkg-readmes/php-8.2
You must see php82_fpm come along with php-8.2 !!
Configure PHP
These directories/files are generated:
$ ls /etc/php*
/etc/php-8.2.ini /etc/php-fpm.conf
/etc/php-8.2:
/etc/php-8.2.sample:
opcache.ini
/etc/php-fpm.d:
Edit .ini or .conf file(s) as needed.
Editing examples (Optional)
Edit:
$ doas nvim /etc/php-8.2.ini
like:
- post_max_size = 8M
+ post_max_size = 30M
(...)
- upload_max_filesize = 2M
+ upload_max_filesize = 24M
(...)
- allow_url_fopen = Off
+ ; for composer; disabled in php-fpm
+ allow_url_fopen = On
Also, edit:
$ doas nvim /etc/php-fpm.conf
to append to the bottom:
+ ; set On in php.ini for composer, therefore:
+ php_admin_value[allow_url_fopen] = Off
Activate extensions (Optional)
The file(s) in /etc/php-8.2.sample are PHP extensions such as opcache.ini.
According to your necessity, create symbolic link to each of them in /etc/php-8.2/, which will activate the extension(s):
$ doas ln -sf /etc/php-8.2.sample/${ini} /etc/php-8.2/
For small reference, with more files which have to be dealt with, you can use loop-processing with your shell 😉 For examples:
$ # case ksh:
$ for x in $(ls /etc/php-8.2.sample/*); do doas ln -sf $x /etc/php-8.2/; done
$ # case fish:
$ for x in /etc/php-8.2.sample/*; doas ln -sf $x /etc/php-8.2/; end
Configure PHP-FPM
OK. We’re almost ready for launching PHP service.
The PHP pkg-readme, which was obtanined as /usr/local/share/doc/pkg-readmes/php-8.2 in installation, says:
The main OpenBSD php packages include php-fpm, FastCGI Process Manager. This manages pools of FastCGI processes: starts/restarts them and maintains a minimum and maximum number of spare processes as configured. You can use rcctl(8) to enable php-fpm at boot, and start it at runtime:
rcctl enable php82_fpm
rcctl start php82_fpm
Let’s activate the daemon:
$ doas rcctl enable php82_fpm
For another small reference, it appends or modifies the line in /etc/rc.conf.local:
+ pkg_scripts=(...) php82_fpm (...)
Now it’s time to start the daemon:
$ doas rcctl start php82_fpm
The result was:
php82_fpm(ok)
Yay 😄
Set up /var/www/etc (Optional)
It is sometimes required on not only PHP but also web apps.
Set up /var/www/etc, which is etc under chroot, as below, for example, so that name resolution or TLS connection is enabled:
$ ls -lR /var/www/etc
/var/www/etc:
total 16
-rw-r--r-- 1 root daemon 35 Aug 03 00:00 hosts
-r--r--r-- 1 root daemon 292 Aug 03 00:00 localtime
-rw-r--r-- 1 root daemon 99 Aug 03 00:00 resolv.conf
drwxr-xr-x 2 root daemon 512 Aug 03 00:00 ssl/
/var/www/etc/ssl:
total 708
-r--r--r-- 1 root daemon 341121 Aug 03 00:00 cert.pem
-r--r--r-- 1 root daemon 745 Aug 03 00:00 openssl.cnf
Integration with web server
Next, we have to set up a web server for them.
Only if you haven’t configured httpd, copy the .conf file from the examples OpenBSD offers as below:
$ doas cp -p /etc/examples/httpd.conf /etc/
Well, edit /etc/httpd.conf to add fastcgi socket definitions in some SERVERS section like this:
server "default" {
listen on * port 80
#listen on * port 443
root "/htdocs"
directory index index.php
location "/*.php" {
fastcgi socket "/run/php-fpm.sock"
}
location "/*.php[/?]*" {
fastcgi socket "/run/php-fpm.sock"
}
}
Note that chroot works in this context 💡
Therefore, fastcgi socket "/run/php-fpm.sock" in /etc/httpd.conf actually means fastcgi socket "/var/www/run/php-fpm.sock".
This is the same to that root "/htdocs" means "/var/www/htdocs".
Actually, there is:
$ ls -l /var/www/run
total 0
srw-rw---- 1 www www 0 Aug 03 00:01 php-fpm.sock=
Concolusion
Let’s make /var/www/htdocs/index.php for testing:
$ echo "<?php phpinfo(1); ?>" | \
doas tee "/var/www/htdocs/index.php" >> /dev/null
$ # delete it afterwards:
$ #doas rm /var/www/htdocs/index.php
Connecting to your host with browser will show the general information !!
Here comes PHP 8.2 on OpenBSD 7.3 🌻
Happy serving 🕊🕊