Jump to: navigation, search



PHP is a scripting language that is especially suited for web pages. It's embedded in the HTML code and executes on the server when the page is loaded, replacing the PHP code with whatever dynamic contents it created. You will find many free applications for your web server based on PHP and the database MySQL. phpBB, WordPress and MediaWiki are only a few popular applications that build upon these components.



Warning: Before you continue you should be aware that a powerful scripting language like PHP can create serious security concerns. Although there are no known security issues right now, PHP has a long history of them and there will be more in the future. This guide will add functionality to provide extra security but you always have to be aware of the risks involved installing any application.
Start by installing the latest version of PHP. You should be used to the options screens by now and in this case you have to change one option. Support for APACHE is strangely enough not enabled by default so you have to activate it so your web server can make use of this scripting language. Then make absolutely sure that SUHOSIN is selected. This patch will add extra protection to PHP but it can also interfere with the functionality of some PHP applications. If that happens it's possible to tune the behaviour of Suhosin but don't disable it.
# cd /usr/ports/lang/php5
# make
# make install clean
# rehash

Pay close attention to the messages on the screen after make install finish.


Make sure index.php is part of your DirectoryIndex.

You should add the following to your Apache configuration file:

AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps


As you can see here you need to edit your main Apache configuration file /usr/local/etc/apache22/httpd.conf, so load it in your favourite editor and search for this section:

# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
<IfModule dir_module>
    DirectoryIndex index.html

The comments should make it obvious what this is. The filename or filenames listed here is what Apache serves to a user if the requested url doesn't contain a filename. The files will be searched for in the order they appear here so you should insert index.php before index.html so the DirectoryIndex row looks like this:

    DirectoryIndex index.php index.html

Then search for the section called <IfModule mime_module>. The last lines in that section looks like this:

    #AddType text/html .shtml
    #AddOutputFilter INCLUDES .shtml

Add the two remaining rows from the output so the section looks like this instead:

    #AddType text/html .shtml
    #AddOutputFilter INCLUDES .shtml
    AddType application/x-httpd-php .php
    AddType application/x-httpd-php-source .phps

One more row has been added to httpd.conf automatically. I'll show it here for reference. It's the program module Apache loads to add PHP functionality.

LoadModule php5_module        libexec/apache22/

You can now save the file and exit the editor. A small test that no errors have occurred in the configuration never hurts.

# /usr/local/etc/rc.d/apache22 configtest
Performing sanity check on apache22 configuration:
Syntax OK

Install PHP extensions

To make PHP interact with other software components in your router you need to install a bunch of extensions or plugins. Many of these extensions are required by the popular PHP applications mentioned earlier. There is a meta-port that includes most of them and makes installation easier.
# cd /usr/ports/lang/php5-extensions
# make

Unfortunately, the options screen for this port doesn't enable many of the needed extensions by default. You should always check carefully what requirements the PHP applications have that you want to use, so you know what extensions to enable. Besides the default selection, you should at least enable the ones I list below since they are commonly used by PHP applications. Be prepared that this port will pull in quite a number of other ports and thus will take a while to compile.

  • GD
  • ZLIB

When the application has finished compiling you install it as usual.

# make install clean

The installed extension modules are listed in /usr/local/etc/php/extensions.ini and the order matters. Some modules are dependent on others and if they're listed in the wrong order the web server may have problems starting. There's an easy way to check that the order is correct.

# php -v
PHP 5.2.8 with Suhosin-Patch (cli) (built: Jan  2 2009 07:12:31) 
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies

If the output is free from error messages you're good to go but if you get any errors things get more difficult. Sometimes the error messages make it clear that you have to swap two modules in extensions.ini but most of the times it's not that easy. The only thing to do then is to start from the beginning of the file and deactivate one module at a time until the error disappears. When you find the faulty module you can try to move it around and see if that helps. Usually such errors are possible to solve by moving the module to the end of extensions.ini.

Adding additional extensions

I'll take this opportunity to show you how to change the configuration of an already installed port and how to reinstall it. The options you select are stored in /var/db/ports and whenever you upgrade a port, the settings here will be used automatically and you won't see the options screen again. To be able to change the options you must first deinstall the port and then explicitly call the options screen with the make command.

# cd /usr/ports/lang/php5-extensions
# make deinstall
# make config

Enable some additional options that could come in handy.

  • BZ2
  • CURL
  • DBA
  • EXIF
  • FTP
  • IMAP
  • LDAP
  • SOAP
  • WDDX
  • ZIP

When you select OK, the new options are stored and you can now compile and install the port again as usual.

# make
# make install clean
Note: Deinstalling lang/php5-extensions only deinstalls the meta-port and not the individual extensions. If you want to remove any of them you have to deinstall them explicitly as well as deselecting them in the meta-port and reinstall it.

Don't forget to check the module order again with php -v before you continue.


You should now create the configuration file for PHP. The port includes two examples: /usr/local/etc/php.ini-dist, which is the default configuration and /usr/local/etc/php.ini-recommended, which is a more secure version. Use the default template and copy it to its proper place.

# cp /usr/local/etc/php.ini-dist /usr/local/etc/php.ini

Below is a list of recommended changes to the default settings. They're compiled from php.ini-recommended and by studying settings at major web hosting companies. Various security and performance discussions on the Internet also plays a part in these settings. There's no single optimal configuration for PHP, it all depends on your needs and your system but the suggested changes are a good start.

                                  Default value       Recommended value   Comment

short_open_tag                    On                  Off
precision                         12                  14
output_buffering                  Off                 4096
allow_call_time_pass_reference    On                  Off
memory_limit                      128M                256M                 Must be larger than post_max_size. Use a smaller value if low on system RAM.
error_reporting                   E_ALL & ~E_NOTICE   E_ALL
display_errors                    On                  Off
log_errors                        Off                 On
log_errors_max_len                1024                0
variables_order                   "EGPCS"             "GPCS"
register_long_arrays              On                  Off
register_argc_argv                On                  Off
post_max_size                     8M                  64M                  Must be larger than or equal to upload_max_filesize.
magic_quotes_gpc                  On                  Off
always_populate_raw_post_data     Off                 On                   Uncomment this line in php.ini to enable.
cgi.fix_pathinfo                  0                   1                    Uncomment and change to 1.
upload_max_filesize               2M                  64MB                 Use a smaller value if low on system RAM.
session.save_path                 /no value/          "/tmp"               Uncomment.
session.gc_divisor                100                 1000
session.bug_compat_42             1                   0
session.hash_bits_per_character   4                   5
url_rewriter.tags                 ->                  "a=href,area=href,frame=src,input=src,form=fakeentry"

Create a small html file called phpinfo.php somewhere in your web folder with the following contents (remember to do it as your web user):


Restart Apache to make it all work.

# /usr/local/etc/rc.d/apache22 restart

If you browse to phpinfo.php that you just created, you should now see a nice status page describing all settings and capabilities of your PHP installation.


You have already activated the Suhosin patch but there is also a Suhosin extension which adds even more protection. It's not included in the extension meta-port but you should definitely install it.

# cd /usr/ports/security/php-suhosin
# make
# make install clean

Check with php -v after installation that it now reports the Suhosin extension as well as the patch and that no errors appeared.

# php -v
PHP 5.2.8 with Suhosin-Patch (cli) (built: Jan  2 2009 07:12:31) 
Copyright (c) 1997-2008 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2008 Zend Technologies
    with Suhosin v0.9.27, Copyright (c) 2007, by SektionEins GmbH

Restart Apache to activate the new extension.

# /usr/local/etc/rc.d/apache22 restart

APC (Optional)

APC is the Alternative PHP Cache. It comes as yet another extension module and provides caching functionality for your PHP engine. It can be a major performance boost for your PHP applications if the pages they create are cached by the server. It has an options screen but you can use the default values.

# cd /usr/ports/www/pecl-APC
# make
# make install clean

After the installation, the output suggests a few additions to php.ini but I will suggest even more. Copy and paste the following lines and put them last in php.ini.


As always, check with php -v that the new extension didn't mess things up and then restart Apache if everything looks fine.

# php -v
# /usr/local/etc/rc.d/apache22 restart


On some occasions php -v will output errors like "core dumped" or "segfault" and the Apache server will most likely have problems running. It turns out that it matters in what order the PHP extensions are listed in /usr/local/etc/php/extensions.ini. The ones shown below are particularly troublesome and if you experience any problems you should make sure their relative order is like this:

More information to help you can be found at


  • /usr/local/etc/php.ini is the configuration file for PHP.
  • /usr/local/etc/php/extensions.ini is the configuration file for plugins to PHP but it isn't edited by hand but is populated by the meta-port lang/php5-extensions.
  • make config can be used to reconfigure the options of a port.
  • make deinstall is the correct way to uninstall a port.


Next guide: Sharing files through NFS
Personal tools