PHP Configuration 101 (php.ini)

php configuration 101PHP: Hypertext Preprocessor is a widely-used general-purpose server side scripting language that is suited for Web development and CLI. Many popular frameworks and products written in PHP like WordPress, Durpal, Joomla, Yii Framework, Zend Framework, CodeIgniter, etc.  Also widely known part of LAMP(Linux, Apache, MySQL and PHP) and LEMP(Linux, Nginx[engine X], MySQL, and PHP) stack.

Typically PHP installation gets load with default configuration which has shipped with package.  Would you like to know how to do PHP tuning with essential PHP configuration 101 (php.ini)?.  First of all, let’s start understanding PHP directives and how to make use of it. Underlying fact is Be clear in concept & purpose of PHP directives, then you can tune configuration better for Application Need.  Harvesting essential configuration.


PHP Configuration 101 (php.ini)

Define a Date Timezone

Purpose: Defines the default timezone used by the date functions
Default Value: Not enabled
Reference: List of Supported Timezones
Alternate: using function date_default_timezone_set(‘America/NewYork’);
Configuration:

date.timezone = UTC

Define a Maximum Size of File size

Purpose: This allows to control Maximum size for uploaded file
Default Value: 2M
Configuration:

upload_max_filesize = 5M

Turn off CGI Fixpath info

Purpose: PHP provides real PATH_INFO/PATH_TRANSLATED support for CGI. If your using FastCGI/PHP-FPM, its recommended to turn it off
Default Value: 1
Configuration:

cgi.fix_pathinfo=0

Define a Maximum Size of POST data

Purpose: It allows to define Maximum size of POST data that PHP can accept. This is applicable to file upload as well
Default Value: 2M
Configuration:

post_max_size = 8M

Allocate Maximum Memory limit

Purpose: Defines the maximum amount of memory a script may consume. Based on need of your application script requirement, allocate this value. For example for wordpress typically 64M to 96M is used
Default Value: 128M
Configuration:

memory_limit = 64M

Turn off Expose PHP

Purpose: It includes response header with PHP version on every request. It’s possible to determine whether you use PHP on your server or not
Default Value: On
Configuration:

expose_php = Off

Turn on the Error Logging

Purpose: Defines whether script error messages should be logged to the server’s error log
Default Value: Off
Configuration:

log_errors = On

Enable and Error log file path & Name

Purpose: It allows define Log errors to specified file
Default Value: Not enabled
Configuration:

error_log = /var/log/php_errors.log

Turn off Display Errors

Purpose: Defines whether errors, notices, warnings should be printed to the screen as part of the output or if they should be hidden from the user. Its recommended to Turn it off this option, as it may expose sensitive information
Default Value(s): On
Possible Values: stderr (for Commandline, stderr value available as of PHP 5.2.4)
Configuration:

display_errors = Off

Turn off the HTML Error Link to documentation

Purpose: PHP has the capability of inserting html links to documentation related to the error. This option defines whether those HTML links appear in error messages or not
Default Value: On
Configuration:

html_errors = Off

Turn off Allow URL file open

Purpose: Defines whether to allow the treatment of URLs (like http:// or ftp://) as files or not. This setting controls allow_url_include behaviour
Default Value: On
Configuration:

allow_url_fopen = Off

Limit Maximum Input time

Purpose: Defines the maximum time in seconds a script is allowed to parse input data, like POST, GET, etc. It is measured from the moment of receiving all data on the server to the start of script execution. So it’s recommended to define a limit time
Default Value: -1 (Unlimited)
Configuration:

max_input_time = 300

Define Maximum Execution time PHP script

Purpose: Defines the maximum time in seconds a script is allowed to run before it is terminated by the parser
Default Value: 30 seconds
Default Value for Command line: 0
Configuration:

max_execution_time = 120

Turn off Safemode

Purpose: Safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren’t very realistic, many people, especially ISP’s,…
State: Deprecated in 5.3.0 and removed from PHP in 5.4.0
Default Value: On
Configuration:

safe_mode = Off

Handy Use – Putting Together (php.ini)

date.timezone = UTC
upload_max_filesize = 5M
cgi.fix_pathinfo=0
post_max_size = 8M
memory_limit = 64M
expose_php = Off
log_errors = On
error_log = /var/log/php_errors.log
display_errors = Off
html_errors = Off
allow_url_fopen = Off
max_input_time = 300
max_execution_time = 120
safe_mode = Off

I hope PHP Configuration 101 article helps, provides insight of PHP configuration and saves time for someone :)

Reference: PHP Manual