PHP
PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. This makes it suitable for embedding small pieces of dynamic content into web pages. PHP is also the technology behind most of the world's popular Free Software web applications (including WordPress, MediaWiki, Drupal, Joomla, …). This page gives details on how to set up your webspace for use with PHP.
Using PHP
To use PHP, your scripts should generally have a .php
extension.
For most accounts, this will cause them to run under PHP 7, specifically the
latest Debian-stable version. For shell accounts hosted on sphinx,
other versions are also available.
For most accounts, this is all that is required. Older accounts on sphinx may additionally require the execute bits to be set on any PHP files.
For security reasons, PHP scripts will not be executed if they are
world-writable. You can remove world write permission from a single script with
chmod o-w myscript.php
or use chmod -R o-w .
to
remove world write permission from the current directory and all its contents.
Using a custom PHP configuration file
Occasionally it is necessary to override some of PHP's configuration parameters. This can be done by creating a custom configuration file to override the system default values.
Simply name your custom configuration file .user.ini
and place it
in the root directory of your website. Note that the first character of the
filename is a dot.
How PHP is invoked
PHP is commonly invoked through the mod_php
Apache module, but for
security reasons we do not use mod_php
.
Instead, we use PHP-FPM, which maintains a pool of PHP workers for your user.
You may occasionally come across online documentation which assumes everyone
uses mod_php
, and is thus not directly applicable to our configuration.
Please contact support if you
need any advice.
Custom PHP error pages
As all PHP requests are processed by PHP-FPM, it will generate its own error pages. These are generated and returned directly to the client, bypassing the webserver's normal error pages. This configuration will work fine for most PHP applications (eg Wordpress) that generate their own error pages.
However, if you would like to use custom error pages with Apache's
ErrorDocument
directive, you will need to set these errors to be handled
by the webserver. You can create a file named .custom-php-errors
in the
root of your website to enable this.
For example, for the site example.com
you could run touch ~/www/example.com/.custom-php-errors
.
Thanks to Anja Skrba, a Croatian translation of this page is available here.