PHP: Hypertext Preprocessor is a widely-used general-purpose server side scripting language that is suited for Web development and CLI. Many popular frameworks and products written in PHP like WordPress, Durpal, Joomla, Yii Framework, Zend Framework, CodeIgniter, etc. Also widely known part of LAMP(Linux, Apache, MySQL and PHP) and LEMP(Linux, Nginx[engine X], MySQL, and PHP) stack.
Typically PHP installation gets load with default configuration which has shipped with package. Would you like to know how to do PHP tuning with essential PHP configuration 101 (php.ini)?. First of all, let’s start understanding PHP directives and how to make use of it. Underlying fact is Be clear in concept & purpose of PHP directives, then you can tune configuration better for Application Need. Harvesting essential configuration.
PHP Configuration 101 (php.ini)
Define a Date Timezone
Purpose: Defines the default timezone used by the date functions
Default Value: Not enabled
Reference: List of Supported Timezones
Alternate: using function date_default_timezone_set(‘America/NewYork’);
Configuration:
date.timezone = UTC
Define a Maximum Size of File size
Purpose: This allows to control Maximum size for uploaded file
Default Value: 2M
Configuration:
upload_max_filesize = 5M
Turn off CGI Fixpath info
Purpose: PHP provides real PATH_INFO/PATH_TRANSLATED support for CGI. If your using FastCGI/PHP-FPM, its recommended to turn it off
Default Value: 1
Configuration:
cgi.fix_pathinfo=0
Define a Maximum Size of POST data
Purpose: It allows to define Maximum size of POST data that PHP can accept. This is applicable to file upload as well
Default Value: 2M
Configuration:
post_max_size = 8M
Allocate Maximum Memory limit
Purpose: Defines the maximum amount of memory a script may consume. Based on need of your application script requirement, allocate this value. For example for wordpress typically 64M to 96M is used
Default Value: 128M
Configuration:
memory_limit = 64M
Turn off Expose PHP
Purpose: It includes response header with PHP version on every request. It’s possible to determine whether you use PHP on your server or not
Default Value: On
Configuration:
expose_php = Off
Turn on the Error Logging
Purpose: Defines whether script error messages should be logged to the server’s error log
Default Value: Off
Configuration:
log_errors = On
Enable and Error log file path & Name
Purpose: It allows define Log errors to specified file
Default Value: Not enabled
Configuration:
error_log = /var/log/php_errors.log
Turn off Display Errors
Purpose: Defines whether errors, notices, warnings should be printed to the screen as part of the output or if they should be hidden from the user. Its recommended to Turn it off this option, as it may expose sensitive information
Default Value(s): On
Possible Values: stderr (for Commandline, stderr value available as of PHP 5.2.4)
Configuration:
display_errors = Off
Turn off the HTML Error Link to documentation
Purpose: PHP has the capability of inserting html links to documentation related to the error. This option defines whether those HTML links appear in error messages or not
Default Value: On
Configuration:
html_errors = Off
Turn off Allow URL file open
Purpose: Defines whether to allow the treatment of URLs (like http:// or ftp://) as files or not. This setting controls allow_url_include behaviour
Default Value: On
Configuration:
allow_url_fopen = Off
Limit Maximum Input time
Purpose: Defines the maximum time in seconds a script is allowed to parse input data, like POST, GET, etc. It is measured from the moment of receiving all data on the server to the start of script execution. So it’s recommended to define a limit time
Default Value: -1 (Unlimited)
Configuration:
max_input_time = 300
Define Maximum Execution time PHP script
Purpose: Defines the maximum time in seconds a script is allowed to run before it is terminated by the parser
Default Value: 30 seconds
Default Value for Command line: 0
Configuration:
max_execution_time = 120
Turn off Safemode
Purpose: Safe mode is an attempt to solve the shared-server security problem. It is architecturally incorrect to try to solve this problem at the PHP level, but since the alternatives at the web server and OS levels aren’t very realistic, many people, especially ISP’s,…
State: Deprecated in 5.3.0 and removed from PHP in 5.4.0
Default Value: On
Configuration:
safe_mode = Off
Handy Use – Putting Together (php.ini)
date.timezone = UTC upload_max_filesize = 5M cgi.fix_pathinfo=0 post_max_size = 8M memory_limit = 64M expose_php = Off log_errors = On error_log = /var/log/php_errors.log display_errors = Off html_errors = Off allow_url_fopen = Off max_input_time = 300 max_execution_time = 120 safe_mode = Off
I hope PHP Configuration 101 article helps, provides insight of PHP configuration and saves time for someone :)
Reference: PHP Manual