know how to install nginx on a CentOS Linux using yum command. Is there is a guide to install Lighttpd web-server on a CentOS Linux or RHEL server with yum command? How can I install and configure php and mysql on a CentOS with Lighttpd web-server?

Lighttpd is a fast and secure web-server which has been optimized for high-performance environments. The server has a very low memory footprint compared to other webservers and takes care of cpu-load. It includes the following advanced features:

FastCGI

CGI

Auth

Output-Compression

URL-Rewriting and more make

CentOS turn on EPEL repo

The lighttpd server is not part of default CentOS or RHEL based system. To install lighttpd using the yum command, first grab the latest epel release file, enter:

# wget http://epel.mirror.net.in/epel/6/i386/epel-release-6-8.noarch.rpm

Sample outputs:

–2014-02-23 12:24:52–  http://epel.mirror.net.in/epel/6/i386/epel-release-6-8.noarch.rpm

Resolving epel.mirror.net.in… 120.88.47.14, 2401:4800:2121:c0:ff:ee:ee:2

Connecting to epel.mirror.net.in|120.88.47.14|:80… connected.

HTTP request sent, awaiting response… 200 OK

Length: 14540 (14K) [application/x-redhat-package-manager]

Saving to: “epel-release-6-8.noarch.rpm”

100%[==========================================================================================>] 14,540      54.6K/s   in 0.3s

2014-02-23 12:24:53 (54.6 KB/s) – “epel-release-6-8.noarch.rpm” saved [14540/14540]

Use rpm command to install downloaded epel-release-6-8.noarch.rpm file, type:

# rpm -ivh epel-release-6-8.noarch.rpm

Sample outputs:

warning: epel-release-6-8.noarch.rpm: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY

Preparing…                ########################################### [100%]

1:epel-release           ########################################### [100%]

CentOS Linux install Lighttpd web-server

Type the following yum command:

# yum install lighttpd lighttpd-fastcgi lighttpd-mod_geoip

Sample outputs:

Loaded plugins: downloadonly, fastestmirror, security

Loading mirror speeds from cached hostfile

* base: mirror.thelinuxfix.com

* epel: mirror.steadfast.net

* extras: holmes.umflint.edu

* updates: bay.uchicago.edu

Setting up Install Process

Resolving Dependencies

–> Running transaction check

—> Package lighttpd.x86_64 0:1.4.34-1.el6 will be installed

—> Package lighttpd-fastcgi.x86_64 0:1.4.34-1.el6 will be installed

–> Processing Dependency: spawn-fcgi for package: lighttpd-fastcgi-1.4.34-1.el6.x86_64

—> Package lighttpd-mod_geoip.x86_64 0:1.4.34-1.el6 will be installed

–> Processing Dependency: libGeoIP.so.1()(64bit) for package: lighttpd-mod_geoip-1.4.34-1.el6.x86_64

–> Running transaction check

—> Package GeoIP.x86_64 0:1.4.8-1.el6 will be installed

—> Package spawn-fcgi.x86_64 0:1.6.3-1.el6 will be installed

–> Finished Dependency Resolution

Dependencies Resolved

======================================================================

Package                Arch       Version             Repository

Size

======================================================================

Installing:

lighttpd               x86_64     1.4.34-1.el6        epel     294 k

lighttpd-fastcgi       x86_64     1.4.34-1.el6        epel      44 k

lighttpd-mod_geoip     x86_64     1.4.34-1.el6        epel      21 k

Installing for dependencies:

GeoIP                  x86_64     1.4.8-1.el6         epel     620 k

spawn-fcgi             x86_64     1.6.3-1.el6         epel      16 k

Transaction Summary

======================================================================

Install       5 Package(s)

Total download size: 995 k

Installed size: 2.4 M

Is this ok [y/N]: y

Downloading Packages:

(1/5): GeoIP-1.4.8-1.el6.x86_64.rpm            | 620 kB     00:00

(2/5): lighttpd-1.4.34-1.el6.x86_64.rpm        | 294 kB     00:00

(3/5): lighttpd-fastcgi-1.4.34-1.el6.x86_64.rp |  44 kB     00:00

(4/5): lighttpd-mod_geoip-1.4.34-1.el6.x86_64. |  21 kB     00:00

(5/5): spawn-fcgi-1.6.3-1.el6.x86_64.rpm       |  16 kB     00:00

Total                                 1.7 MB/s | 995 kB     00:00

warning: rpmts_HdrFromFdno: Header V3 RSA/SHA256 Signature, key ID 0608b895: NOKEY

Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

Importing GPG key 0x0608B895:

Userid : EPEL (6) <epel@fedoraproject.org>

Package: epel-release-6-8.noarch (installed)

From   : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6

Is this ok [y/N]: y

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Warning: RPMDB altered outside of yum.

Installing : lighttpd-1.4.34-1.el6.x86_64                       1/5

Installing : GeoIP-1.4.8-1.el6.x86_64                           2/5

Installing : spawn-fcgi-1.6.3-1.el6.x86_64                      3/5

Installing : lighttpd-fastcgi-1.4.34-1.el6.x86_64               4/5

Installing : lighttpd-mod_geoip-1.4.34-1.el6.x86_64             5/5

Verifying  : lighttpd-1.4.34-1.el6.x86_64                       1/5

Verifying  : lighttpd-mod_geoip-1.4.34-1.el6.x86_64             2/5

Verifying  : spawn-fcgi-1.6.3-1.el6.x86_64                      3/5

Verifying  : GeoIP-1.4.8-1.el6.x86_64                           4/5

Verifying  : lighttpd-fastcgi-1.4.34-1.el6.x86_64               5/5

Installed:

lighttpd.x86_64 0:1.4.34-1.el6

lighttpd-fastcgi.x86_64 0:1.4.34-1.el6

lighttpd-mod_geoip.x86_64 0:1.4.34-1.el6

Dependency Installed:

GeoIP.x86_64 0:1.4.8-1.el6      spawn-fcgi.x86_64 0:1.6.3-1.el6

Complete!

Turn on lighttpd server on a CentOS Linux for the first time, enter:

# service lighttpd start

# chkconfig lighttpd on

CentOS Linux install PHP

Type the following yum command to install php5.x and related modules on a CentOS Linux:

# yum install php-cli php-mbstring php-pecl-apc php-pdo php php-gd \

php-mysql php-xml php-bcmath php-xmlrpc php-pear php-common \

php-devel php-imap php-suhosin php-pecl-memcache

The php has been installed with MySQL database server, graphics (gd) library, and other most common modules.

CentOS Linux install MySQL database server

Type the following command to install mysql database server on a CentOS Linux based system using yum command:

# yum install mysql-server mysql

Turn on mysql server:

# chkconfig mysqld on

# service mysqld start

Set the root user password for mysql server admin account, type:

# mysqladmin -u root password NEWPASSWORDHERE

CentOS Linux Lighttpd web-server configuration

Configuration directory: /etc/lighttpd/

Main configuration file: /etc/lighttpd/lighttpd.conf

Modules configuration file: /etc/lighttpd/modules.conf

Modules and other config files directory: /etc/lighttpd/conf.d/

Default DocumentRoot / Server root to store php/html/css/js files: /var/www/lighttpd/

Default log directory: /var/log/lighttpd/

Configure lighttpd

Edit /etc/lighttpd/lighttpd.conf, enter:

# vi /etc/lighttpd/lighttpd.conf

SETTING SERVER ROOT

Set it as follows to protect server root:

var.server_root =  /var/www

LOAD THE MODULES

Uncomment the following line:

include  modules.conf

SET SERVER PORT TO 80

server.port = 80

BIND TO A SPECIFIC IP CALLED 1.2.3.4

Set the following to your web-server public ip such as 1.2.3.4:

server.bind =  1.2.3.4

SET DOCUMENT ROOT

You are going to store html/images/js/php files in server_root +  /lighttpd  i.e. /var/www/lighttpd/ directory:

server.document-root = server_root +  /lighttpd

HIDE/SET SERVER TAG

Set server name or hide it:

server.tag =  nixCraft-Web-Server

Save and close the file.

Configure lighttpd modules

Edit /etc/lighttpd/modules.conf, enter:

# vi /etc/lighttpd/modules.conf

CONFIGURE PHP AS FASTCGI

Uncomment the following FastCGI (mod_fastcgi) line for php:

include  conf.d/fastcgi.conf

Also make sure following is uncommted as per requirement :

server.modules = (

mod_access ,

mod_alias ,

mod_auth ,

#   mod_evasive ,

mod_redirect ,

mod_rewrite ,

#   mod_setenv ,

#   mod_usertrack ,

)

Configure php5

Edit /etc/lighttpd/conf.d/fastcgi.conf file, type:

# cp -v /etc/lighttpd/conf.d/fastcgi.{conf,bakup}

# vi /etc/lighttpd/conf.d/fastcgi.conf

Update it as follows to configure PHP and lighttpd with FastCGI:

small server config ##

For a large server set max-procs, PHP_FCGI_CHILDREN, and PHP_FCGI_MAX_REQUESTS as per your setup ##

server.modules += (  mod_fastcgi  )

fastcgi.server    = (  .php  =>

((

bin-path  =>  /usr/bin/php-cgi ,

socket  =>  /tmp/php-cgi.socket.  + var.PID,

max-procs  => 1,

idle-timeout  => 30,

bin-environment  => (

PHP_FCGI_CHILDREN  =>  1 ,

PHP_FCGI_MAX_REQUESTS  =>  50

),

bin-copy-environment  => (

PATH ,

SHELL ,

USER

),

broken-scriptfilename  =>  enable

))

)

Save and close the file.

Restart the lighttpd

Type the following command to restart lighttpd server on a CentOS Linux:

# service lighttpd restart

VERIFY THAT EVERYTHING IS WORKING

Make sure port 80 is opened and owned by lighttpd:

# netstat -tulpn | grep :80

Sample outputs:

tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      29085/lighttpd

Make sure no errors were reported in log file:

# tailf /var/log/lighttpd/error.log

Sample outputs:

2014-03-09 04:48:11: (server.c.1241) logfiles cycled UID = 0 PID = 30314

2014-03-09 10:54:27: (server.c.1557) server stopped by UID = 0 PID = 4680

2014-03-09 10:54:28: (log.c.166) server started

Test it

Create a hello.php in /var/www/lighttpd/ directory:

# vi /var/www/lighttpd/hello.php

Append the following code:

<html>

<head>

<title>Hello – Lighttpd – PHP – nixCraft – Test</title>

</head>

<body>

<h1>Hosshin – Zen monk</h1>

Zen monk poem:

<?php

$zen_poem  =  <blockquote><em> ;

$zen_poem .=  Coming, all is clear,<br> ;

$zen_poem .=  no doubt about it.<br> ;

$zen_poem .=  Going, all is clear,<br> ;

$zen_poem .=  without a doubt.<br> ;

$zen_poem .=  What, then, is it all? ;

$zen_poem .=  </em></blockquote> ;

echo $zen_poem;

?>

<hr>

<h1>PHPINFO</h1>

<?php phpinfo(); ?>

<hr>

<center><small>&copy; nixCraft</small></center>

</body>

</html>

Fire a web-browser and type url:

http://your-server-ip/hello.php

http://server1.cyberciti.biz/hello.php

Sample outputs:

Fig. 01: PHP in action on a CentOS Lighttpd based server

See also

And there you have it, the lighttpd+php+mysql configured on a CentOS Linux based server. I recommend that you read the following resource for more information:

All our lighttpd related blog posts and lighttpd tutorials in our /faq/ section.

Lighttpd documentations.

uhosin is an advanced protection system for PHP installations. It was designed to protect servers and users from known and unknown flaws in PHP applications and the PHP core. How can I install suhosin extension on a Debian v8.x or Ubuntu Linux 14.04 LTS server?

Suhosin (Korean ìˆ˜í˜¸ì‹ , meaning guardian-angel) is used to securing PHP web applications such as WordPress and others. Suhosin comes as the extension and the patch. Both parts can be installed separately and have no dependencies to each other.

How To Installing Suhosin on Debian and Ubuntu [Binary Method]

Type the following command on a Ubuntu Linux 14.04 LTS server:

sudo -s

echo  deb http://repo.suhosin.org/ ubuntu-trusty main  >> /etc/apt/sources.list

apt-get update

Debian Linux 8.x user type the following command:

sudo -s

echo  deb http://repo.suhosin.org/ debian-jessie main  >> /etc/apt/sources.list

apt-get update

Sample outputs:

Ign http://security.ubuntu.com trusty-security InRelease

Get:1 http://security.ubuntu.com trusty-security Release.gpg [933 B]

Get:2 http://security.ubuntu.com trusty-security Release [63.5 kB]

Ign http://archive.ubuntu.com trusty InRelease

Ign http://archive.ubuntu.com trusty-updates InRelease

Get:3 http://security.ubuntu.com trusty-security/main amd64 Packages [319 kB]

Hit http://archive.ubuntu.com trusty Release.gpg

Ign http://repo.suhosin.org ubuntu-trusty InRelease

Get:4 http://security.ubuntu.com trusty-security/restricted amd64 Packages [8,875 B]

Get:5 http://security.ubuntu.com trusty-security/universe amd64 Packages [111 kB]

Get:6 http://archive.ubuntu.com trusty-updates Release.gpg [933 B]

Get:7 http://security.ubuntu.com trusty-security/multiverse amd64 Packages [3,683 B]

Get:8 http://repo.suhosin.org ubuntu-trusty Release.gpg [816 B]

Get:9 http://security.ubuntu.com trusty-security/main Translation-en [172 kB]

Hit http://archive.ubuntu.com trusty Release

Get:10 http://repo.suhosin.org ubuntu-trusty Release [1,074 B]

Get:11 http://archive.ubuntu.com trusty-updates Release [63.5 kB]

Get:12 http://repo.suhosin.org ubuntu-trusty/main amd64 Packages [722 B]

Hit http://security.ubuntu.com trusty-security/multiverse Translation-en

Hit http://archive.ubuntu.com trusty/main amd64 Packages

Hit http://security.ubuntu.com trusty-security/restricted Translation-en

Hit http://security.ubuntu.com trusty-security/universe Translation-en

Hit http://archive.ubuntu.com trusty/restricted amd64 Packages

Hit http://archive.ubuntu.com trusty/universe amd64 Packages

Hit http://archive.ubuntu.com trusty/multiverse amd64 Packages

Hit http://archive.ubuntu.com trusty/main Translation-en

Hit http://archive.ubuntu.com trusty/multiverse Translation-en

Ign http://repo.suhosin.org ubuntu-trusty/main Translation-en_US

Hit http://archive.ubuntu.com trusty/restricted Translation-en

Ign http://repo.suhosin.org ubuntu-trusty/main Translation-en

Hit http://archive.ubuntu.com trusty/universe Translation-en

Get:13 http://archive.ubuntu.com trusty-updates/main amd64 Packages [584 kB]

Get:14 http://archive.ubuntu.com trusty-updates/restricted amd64 Packages [11.8 kB]

Get:15 http://archive.ubuntu.com trusty-updates/universe amd64 Packages [297 kB]

Get:16 http://archive.ubuntu.com trusty-updates/multiverse amd64 Packages [12.0 kB]

Hit http://archive.ubuntu.com trusty-updates/main Translation-en

Hit http://archive.ubuntu.com trusty-updates/multiverse Translation-en

Hit http://archive.ubuntu.com trusty-updates/restricted Translation-en

Hit http://archive.ubuntu.com trusty-updates/universe Translation-en

Ign http://archive.ubuntu.com trusty/main Translation-en_US

Ign http://archive.ubuntu.com trusty/multiverse Translation-en_US

Ign http://archive.ubuntu.com trusty/restricted Translation-en_US

Ign http://archive.ubuntu.com trusty/universe Translation-en_US

Fetched 1,651 kB in 6s (250 kB/s)

Reading package lists… Done

The repository suhosin.org is signed with key, so install it with wget command:

Run as root user ##

wget https://sektioneins.de/files/repository.asc

sudo apt-key add repository.asc

Sample outputs:

Fig.01: Installing key

Next, type the following apt-get command to install the php5-suhosin-extension package, run:

sudo apt-get install php5-suhosin-extension

Sample outputs:

Fig.02: Installing php5-suhosin-extension package

Enable the php5-suhosin-extension

sudo php5enmod php5-suhosin

Restart php5-fpm on a Ubuntu LTS 14.04

sudo /sbin/restart php5-fpm

Restart php5-fpm on a Debian Linux 8.0

sudo systemctl restart php5-fpm

Test it

Create a file called test.php:

sudo vi /var/www/test.php

Append the following code:

<?php

phpinfo();

?>

Save and close the file. You can open the Browser and type the following url:

http://server-ip-here/test.php

OR

http://1.2.3.4/test.php

Sample outputs:

Fig.03: Suhosin enabled on server

Configuration

You need to edit the file /etc/php5/mods-available/suhosin.ini, enter:

# vi /etc/php5/mods-available/suhosin.ini

You can see comma separated whitelist of functions are not allowed to be called:

suhosin.executor.func.blacklist = assert,unserialize,exec,popen,proc_open,passthru,shell_exec,system,hail,parse_str,mt_srand

suhosin.executor.eval.whitelist = assert,unserialize,exec,popen,proc_open,passthru,shell_exec,system,hail,parse_str,mt_srand

Save and close the file. You need to restart php5-fpm. I suggest you see the configuration page for a complete list of possible configuration options.

am getting the following error in my /var/log/php7.0-fpm.log file:

“ERROR: failed to prepare the stderr pipe: Too many open files (24)”

How do I fix this problem?

You need to set open file descriptor rlimit for the PHP master process. The default value is system defined but one can increase it as per needs.

php-fpm too many open files error and solution

Edit php-fpm.conf

# vi /etc/php/7.0/fpm/php-fpm.conf

Find rlimit_files

;rlimit_files = 1024

And update it as follows (or as per your need):

rlimit_files = 4096

Save and close the file. Restart php7-0.fpm, run:

# systemctl restart php7.0-fpm

Increase FD limit at the OS level

Find user/group name:

$ grep ^user /etc/php/7.0/fpm/pool.d/www.conf

$ grep ^group /etc/php/7.0/fpm/pool.d/www.conf

www-data

www-data

Edit /etc/security/limits.conf, enter:

# vi /etc/security/limits.conf

Append as follows (replace user/group name with your actual names):

www-data       soft    nofile  4096

www-data       hard    nofile  4096

Restart required process. Save and close the file. Verify it:

$ su – www-data

To see the hard and soft values, issue the command as follows:

$ ulimit -Hn

$ ulimit -Sn

wanted to use PHP 7 on Debian 8.x. How do I install and configure PHP 7 on Debian Linux 8.x server? How do I install PHP 7 on Debian Linux 7.x “wheezy” VPS server hosted in cloud?

PHP 7 is a dynamic scripting langauge for delivering applications. You can get 2x faster performance and 50% better memory consumption than PHP 5.6, allowing you to serve more concurrent users without adding any hardware. However, PHP 7 not included with Debian 8.x stable version. In this tutorial, you will learn about installing PHP 7 on Debian 8.7 server. Please note that Debian 9.0 “Stretch” will include PHP 7 by default.

Related: How to install PHP 7 on Ubuntu Linux 14.04 LTS

Steps to install PHP 7 on Debian 8.7

First, remove old PHP 5.6

Configure dotdeb is an extra repository for PHP 7

Install PHP 7

Reconfigure web server

Restart web server

To list your Debian version, enter:

$ lsb_release -a

No LSB modules are available.

Distributor ID: Debian

Description: Debian GNU/Linux 8.7 (jessie)

Release: 8.7

Codename: jessie

Use the following syntax to save existing config files:

$ sudo tar zcvf /root/etc.backup.tar.gz /etc/

Step #1: Delete old php 5.6 (if installed)

First, list all installed old php 5.x packages, enter:

$ dpkg –list | grep php | awk  /^ii/{ print $2}

Sample outputs:

Fig.01: Debian Linux list installed PHP packages on the system

To delete old php 5.6 packages, enter:

$ x= $(dpkg –list | grep php | awk  /^ii/{ print $2} )

$ sudo apt-get –purge remove $x

Sample outputs:

Fig.02: Deleting old php 5.6 packages

Step #2: Configure dotdeb

Dotdeb is an extra repository providing up-to-date packages (such as PHP 7 and more) for your Debian servers. It supports both Debian 8.x “Jessie” and Debian 7.x “Wheezy”.

Configuration for Debian 8.x “Jessie”

Append the following two lines to /etc/apt/sources.list as root user::

$ sudo -s

# echo  deb http://packages.dotdeb.org jessie all  >> /etc/apt/sources.list

# echo  deb-src http://packages.dotdeb.org jessie all  >> /etc/apt/sources.list

Save and close the file. Here is my updated file:

$ cat /etc/apt/sources.list

Sample outputs:

Fig.03: Updated /etc/apt/sources.list for Debian 8.x “jessie”.

Configuration for Debian 7.x “Wheezy”

Append the following two lines to /etc/apt/sources.list as root user:

$ sudo -s

# echo  deb http://packages.dotdeb.org wheezy all  >> /etc/apt/sources.list

# echo  deb-src http://packages.dotdeb.org wheezy all  >> /etc/apt/sources.list

Save and close the file.

As of 15/Feb/2017 the above instructions for Debian 7.x “Wheezy” are no longer working. Please use following instructions to compile PHP 7 from the source code:

$ sudo apt-get install git

$ cd /tmp

$ git clone https://github.com/kasparsd/php-7-debian.git

$ cd php-7-debian/

$ ./build.sh

It will take some time to download and compile everything. At the end you should see something as follows:

Generating phar.php

Generating phar.phar

PEAR package PHP_Archive not installed: generated phar will require PHP s phar extension be enabled.

invertedregexiterator.inc

pharcommand.inc

directorytreeiterator.inc

clicommand.inc

directorygraphiterator.inc

phar.inc

Build complete.

Don t forget to run  make test .

Installing shared extensions:     /usr/local/php7/lib/php/extensions/no-debug-non-zts-20160303/

Installing PHP CLI binary:        /usr/local/php7/bin/

Installing PHP CLI man page:      /usr/local/php7/php/man/man1/

Installing PHP FPM binary:        /usr/local/php7/sbin/

Installing PHP FPM config:        /usr/local/php7/etc/

Installing PHP FPM man page:      /usr/local/php7/php/man/man8/

Installing PHP FPM status page:   /usr/local/php7/php/php/fpm/

Installing phpdbg binary:         /usr/local/php7/bin/

Installing phpdbg man page:       /usr/local/php7/php/man/man1/

Installing PHP CGI binary:        /usr/local/php7/bin/

Installing PHP CGI man page:      /usr/local/php7/php/man/man1/

Installing build environment:     /usr/local/php7/lib/php/build/

Installing header files:           /usr/local/php7/include/php/

Installing helper programs:       /usr/local/php7/bin/

program: phpize

program: php-config

Installing man pages:             /usr/local/php7/php/man/man1/

page: phpize.1

page: php-config.1

/tmp/php-7-debian/php-src/build/shtool install -c ext/phar/phar.phar /usr/local/php7/bin

ln -s -f phar.phar /usr/local/php7/bin/phar

Installing PDO headers:           /usr/local/php7/include/php/ext/pdo/

To install PHP 7 on Debian 7.x:

$ sudo ./install.sh

Sample outputs:

update-rc.d: using dependency based boot sequencing

You can verify PHP version:

$ /usr/local/php7/bin/php –version

PHP 7.1.1 (cli) (built: Feb 15 2017 18:49:03) ( NTS )

Copyright (c) 1997-2017 The PHP Group

Zend Engine v3.1.0, Copyright (c) 1998-2017 Zend Technologies

with Zend OPcache v7.1.1, Copyright (c) 1999-2017, by Zend Technologies

All PHP configuration files are stored under /usr/local/php7:

/usr/local/php7/lib/php.ini

/usr/local/php7/etc/php-fpm.conf

/usr/local/php7/etc/php-fpm.d/www.conf

/usr/local/php7/etc/conf.d/modules.ini

While the Debian init script is added to:

/etc/init.d/php7-fpm

See this page for more info about using PHP 7 on Debian 7.x. The rest of the following instructions are for Debian version 8.x only.

Step #3: Fetch and install the GnuPG key (“jessie” only)

Type the following commands

$ cd /tmp

$ wget https://www.dotdeb.org/dotdeb.gpg

$ sudo apt-key add dotdeb.gpg

$ rm dotdeb.gpg

Refresh apt database to include new packages:

$ sudo apt-get update

Sample outputs:

Get:1 http://security.debian.org jessie/updates InRelease [63.1 kB]

Ign http://ftp.us.debian.org stable InRelease

Get:2 http://packages.dotdeb.org jessie InRelease [9,840 B]

Hit http://ftp.debian.org jessie-updates InRelease

Hit http://ftp.us.debian.org stable Release.gpg

Get:3 http://packages.dotdeb.org jessie/all Sources [30.0 kB]

Get:4 http://ftp.debian.org jessie-updates/main amd64 Packages/DiffIndex [5,932 B]

Hit http://ftp.us.debian.org stable Release

Get:5 http://security.debian.org jessie/updates/main amd64 Packages [313 kB]

Hit http://ftp.debian.org jessie-updates/contrib amd64 Packages

Hit http://ftp.us.debian.org stable/main amd64 Packages

Get:6 http://packages.dotdeb.org jessie/all amd64 Packages [111 kB]

Get:7 http://ftp.debian.org jessie-updates/non-free amd64 Packages/DiffIndex [736 B]

Hit http://ftp.us.debian.org stable/contrib amd64 Packages

Get:8 http://security.debian.org jessie/updates/contrib amd64 Packages [2,506 B]

Hit http://ftp.debian.org jessie-updates/contrib Translation-en

Hit http://ftp.us.debian.org stable/non-free amd64 Packages

Get:9 http://ftp.debian.org jessie-updates/main Translation-en/DiffIndex [2,704 B]

Get:10 http://security.debian.org jessie/updates/non-free amd64 Packages [14 B]

Get:11 http://security.debian.org jessie/updates/contrib Translation-en [1,211 B]

Hit http://ftp.us.debian.org stable/contrib Translation-en

Get:12 http://ftp.debian.org jessie-updates/non-free Translation-en/DiffIndex [736 B]

Get:13 http://security.debian.org jessie/updates/main Translation-en [168 kB]

Hit http://ftp.us.debian.org stable/main Translation-en

Get:14 http://security.debian.org jessie/updates/non-free Translation-en [14 B]

Hit http://ftp.us.debian.org stable/non-free Translation-en

Ign http://packages.dotdeb.org jessie/all Translation-en_IN

Ign http://packages.dotdeb.org jessie/all Translation-en

Fetched 708 kB in 10s (69.8 kB/s)

Reading package lists… Done

Step #4: Install PHP 7 (“jessie” only)

You created a shell variable called $x in step #1. To install equivalent of php5 packages, enter:

$ y= $(sed  s/php5/php7.0/g  <<<$x)

$ echo Old PHP5 packages name: $x

Old PHP5 packages name: libapache2-mod-php5 php-pear php5 php5-cgi php5-cli php5-common php5-fpm php5-gd php5-json php5-mysql php5-readline

$ echo New PHP7 packages name: $y

New PHP7 packages name: libapache2-mod-php7.0 php-pear php7.0 php7.0-cgi php7.0-cli php7.0-common php7.0-fpm php7.0-gd php7.0-json php7.0-mysql php7.0-readline

$ sudo apt-get install $y

Sample outputs:

Fig.04: Installing PHP7 on my Debain 8.7 server

How do I search PHP7 packages (“jessie” only)?

$ apt-cache search php7.0-\*

$ apt-cache search php7.0-\* | grep -i mysql

Sample outputs from 1st command:

libapache2-mod-php7.0 – server-side, HTML-embedded scripting language (Apache 2 module)

libphp7.0-embed – HTML-embedded scripting language (Embedded SAPI library)

php-all-dev – package depending on all supported PHP development packages

php7.0 – server-side, HTML-embedded scripting language (metapackage)

php7.0-apcu – APC User Cache for PHP

php7.0-apcu-bc – APCu Backwards Compatibility Module

php7.0-bcmath – Bcmath module for PHP

php7.0-bz2 – bzip2 module for PHP

php7.0-cgi – server-side, HTML-embedded scripting language (CGI binary)

php7.0-cli – command-line interpreter for the PHP scripting language

php7.0-common – documentation, examples and common module for PHP

php7.0-curl – CURL module for PHP

php7.0-dba – DBA module for PHP

php7.0-dbg – Debug symbols for PHP7.0

php7.0-dev – Files for PHP7.0 module development

php7.0-enchant – Enchant module for PHP

php7.0-fpm – server-side, HTML-embedded scripting language (FPM-CGI binary)

php7.0-gd – GD module for PHP

php7.0-geoip – GeoIP module for PHP

php7.0-gmp – GMP module for PHP

php7.0-igbinary – igbinary serializer for PHP

php7.0-imagick – Provides a wrapper to the ImageMagick library

php7.0-imap – IMAP module for PHP

php7.0-interbase – Interbase module for PHP

php7.0-intl – Internationalisation module for PHP

php7.0-json – JSON module for PHP

php7.0-ldap – LDAP module for PHP

php7.0-mbstring – MBSTRING module for PHP

php7.0-mcrypt – libmcrypt module for PHP

php7.0-memcached – memcached extension module for PHP, uses libmemcached

php7.0-mongodb – MongoDB driver for PHP

php7.0-msgpack – MessagePack serializer for PHP

php7.0-mysql – MySQL module for PHP

php7.0-odbc – ODBC module for PHP

php7.0-opcache – Zend OpCache module for PHP

php7.0-pgsql – PostgreSQL module for PHP

php7.0-phpdbg – server-side, HTML-embedded scripting language (PHPDBG binary)

php7.0-pspell – pspell module for PHP

php7.0-readline – readline module for PHP

php7.0-recode – recode module for PHP

php7.0-redis – PHP extension for interfacing with Redis

php7.0-snmp – SNMP module for PHP

php7.0-soap – SOAP module for PHP

php7.0-sqlite3 – SQLite3 module for PHP

php7.0-ssh2 – Bindings for the libssh2 library

php7.0-sybase – Sybase module for PHP

php7.0-tidy – tidy module for PHP

php7.0-xdebug – Xdebug Module for PHP

php7.0-xml – DOM, SimpleXML, WDDX, XML, and XSL module for PHP

php7.0-xmlrpc – XMLRPC-EPI module for PHP

php7.0-xsl – XSL module for PHP (dummy)

php7.0-zip – Zip module for PHP

How do I install PHP7 packages individually?

Alternatively, you can just install needed PHP7 packages. In this example, install php7, php-fpm, php7-mysql and php7-gd:

$ sudo apt-get install php7.0 php7.0-fpm php7.0-gd php7.0-mysql

Step #5: Reconfigure web server and php 7 (“jessie” only)

Your php7 config files are located in /etc/php/7.0/ directory as follows:

/etc/php/7.0/apache2/ – PHP 7 with Apache 2

/etc/php/7.0/fpm/ – PHP 7 fpm for Nginx/Lighttpd/Apache2 and other server.

/etc/php/7.0/mods-available/ – All php ini config file for PHP modules such as gd/mysql/memecached and others.

You need to edit files and configure a web-server as per your setup.

Examples: Configure Lighttpd web-server to use PHP 7

Edit the /etc/lighttpd/conf-enabled/15-fastcgi-php.conf file, enter:

$ sudo vi /etc/lighttpd/conf-enabled/15-fastcgi-php.conf

Append/edit as follows (note updated /run/php/php7.0-fpm.sock path):

fastcgi.server += (  .php  =>

((

bin-path  =>  /usr/bin/php-cgi ,

socket  =>  /run/php/php7.0-fpm.sock ,

max-procs  => 1,

bin-environment  => (

PHP_FCGI_CHILDREN  =>  4 ,

PHP_FCGI_MAX_REQUESTS  =>  10000

),

bin-copy-environment  => (

PATH ,  SHELL ,  USER

),

broken-scriptfilename  =>  enable

))

)

Save and close the file. Restart web-server as per step #6.

Examples: Configure Nginx web-server to use PHP 7

Edit the /etc/nginx/sites-enabled/default file, enter:

$ sudo vi /etc/nginx/sites-enabled/default

First add the following at the top of file:

# Upstream to abstract backend connection(s) for PHP 7.

upstream myphpsevenbackend {

server unix:/run/php/php7.0-fpm.sock;

}

Next, locate the server block and update/edit/append as follows:

# Pass all .php files onto a php-fpm/php-fcgi server. #

index index.php;

location ~ [^/]\.php(/|$) {

fastcgi_split_path_info ^(.+?\.php)(/.*)$;

if (!-f $document_root$fastcgi_script_name) {

return 404;

}

# This is a robust solution for path info security issue and works with  cgi.fix_pathinfo = 1  in php.ini (default) #

include /etc/nginx/fastcgi_params;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

fastcgi_pass myphpsevenbackend;

}

Save and close the file. Restart web-server as per step #6.

Examples: Configure Apache 2 web-server to use PHP 7 (“jessie” only)

To enable PHP 7.0 FPM in Apache2, enter:

$ sudo a2enmod proxy_fcgi setenvif

Considering dependency proxy for proxy_fcgi:

Enabling module proxy.

Enabling module proxy_fcgi.

Module setenvif already enabled

To activate the new configuration, you need to run:

service apache2 restart

$ sudo a2enconf php7.0-fpm

Enabling conf php7.0-fpm.

To activate the new configuration, you need to run:

service apache2 reload

Restart web-server as per step #6.

Step #6: Restart web server

If you are using lighttpd web-server, enter:

$ sudo systemctl restart lighttpd.service

If you are using Nginx web-server, enter:

$ sudo systemctl restart nginx.service

If you are using Apache 2 web-server, enter:

$ sudo systemctl reload apache2.service

Test your setup

Create a file called test.php in your DocumentRoot (e.g. /var/www/html/test.php):

<?php

/* test.php */

phpinfo();

?>

Save and close the file. Fire a web-browser and type url:

http://your-domain/test.php

OR

http://server.ip.address.here/test.php

Sample outputs:

Fig.05: phpinfo() in action displaying info about PHP 7

How do I stop/start/restart php7.0-fpm (“jessie” only)?

The syntax is as follows

$ sudo systemctl stop php7.0-fpm.service

$ sudo systemctl start php7.0-fpm.service

$ sudo systemctl restart php7.0-fpm.service

$ sudo systemctl reload php7.0-fpm.service

A note about php7.0-fpm configuration file (“jessie” only)

/etc/php/7.0/fpm/php.ini – PHP 7 configuration file.

/etc/php/7.0/fpm/php-fpm.conf – PHP 7 FPM Configuration file.

/etc/php/7.0/fpm/pool.d/www.conf – Default pool for PHP 7 FPM. Here you can define user/group, FastCGI request path, process manager and children values, php error file, memory limit and much more.

Whenever you made changes to any one of the above file(s), reload/restart php7.0-fpm.service using the following syntax:

$ sudo systemctl reload php7.0-fpm.service

So there you have it, a PHP 7 enabled and configured on Debian Linux 7.x or 8.x server successfully.

How can I setup HSTS using lighttpd web server on Linux or Unix-like system?

You need to use the setenv module (mod_setenv) for lighttpd. It allows influencing the environment external applications are spawned in and the response headers the server sends to the clients. You must configure ssl certificates for lighttpd before setting up HSTS headers.

Configuring HTTP Strict Transport Security for lighttpd

You need to edit lighttpd.conf file located in /etc/ directory:

$ sudo vi /etc/lighttpd/lighttpd.conf

For FreeBSD unix, enter:

$ sudo vi /usr/local/etc/lighttpd/lighttpd.conf

Add mod_setenv module:

server.modules += (  mod_setenv  )

Syntax for HSTS

setenv.add-response-header = (  Strict-Transport-Security  =>  max-age=SECONDS   )

Examples

Set Strict-Transport-Securit header i.e. push HSTS policy by sending the following HTTP response header from secure (HTTPS) websites:

# Set HSTS for six months including all subdomains

setenv.add-response-header = (  Strict-Transport-Security  =>  max-age=15768000; includeSubdomains   )

The time is set six months (15768000 is in seconds). If you have multiple setenv.add-response-header, use the following syntax (note +=):

Setting up two headers ###

setenv.add-response-header = (  X-Whom  =>  lighttpd-aws-us-east  )

setenv.add-response-header += (  Strict-Transport-Security  =>  max-age=15768000; includeSubdomains   )

Save and close the file. Restart the lighttpd web-server as follows:

$ sudo systemctl restart lighttpd

OR

$ sudo service lighttpd restart

OR

$ sudo /usr/local/etc/rc.d/lighttpd restart

Verify HSTS working

Type the following curl command to see HTTP headers:

$ curl -I https://your-domain-name-here/

$ curl -I https://www.cyberciti.biz/

Sample outputs:

Fig.01: Verify HTTP Strict Transport Security (HSTS) header with curl command

References:

Strict-Transport-Security

setup a LEMP (Linux, Nginx,MySQL, PHP ) stack. But, getting the following error in /var/log/nginx/error.log file:

PHP Fatal error: Call to undefined function curl_init() in /home/httpd/a/includes/functions.php(1)

How do I solve this problem on Linux server?

You need to install the CURL module for PHP 5 or 7. cURL is a library that lets you make HTTP requests in PHP. In order to use PHP’s cURL functions you need to install the libcurl package. To solve this problem install php-curl as per your Linux / Unix distro and restart the web-server or php-fpm service.

Install CURL module for PHP on Ubuntu / Debian Linux

Type the following apt-get command or apt command to install CURL module for PHP 5.x:

$ sudo apt-get install php-curl

Type the following apt-get command or apt command to install CURL module for PHP 7.x:

$ sudo apt-get install php7.0-curl

Install CURL module for PHP on RHEL/CentOS/Scientific Linux

Type the following yum command:

$ sudo yum install php-curl

OR

$ sudo yum install php-common

The above should install php-common to enable curl support.

Install CURL module for PHP on Alpine Linux

Type the following apk command:

# apk add php5-curl

OR

# apk add php7-curl

Install CURL module for PHP on FreeBSD Unix

To install the port for PHP 5.x:

# cd /usr/ports/ftp/php56-curl/ && make install clean

Or To add the package for PHP 5.x use the pkg command:

# pkg install php56-curl

To install the port for PHP 7.x:

# cd /usr/ports/ftp/php70-curl/ && make install clean

Or To add the package for PHP 7.x:

# pkg install php70-curl

Restart Apache/Nginx or PHP-FPM service

Type the following command to restart nginx:

$ sudo service nginx restart

OR

$ sudo /etc/init.d/nginx restart

OR

$ sudo systemctl restart nginx

OR

# rc-service nginx restart

If you are using php-fpm, enter:

# rc-service php-fpm restart

OR

# /etc/init.d/php7.0-fpm restart

OR

# /etc/init.d/php5.0-fpm restart

OR

$ sudo systemctl restart php7.0-fpm.service

read your Nginx and Let’s Encrypt free SSL certificate tutorial. However, I use Lighttpd web server on AWS cloud. How do I secure my Lighttpd web server with Let’s Encrypt free SSL certificate on my Ubuntu Linux 16.04 LTS or Debian Linux 8.x server?

Let’s Encrypt is a free, automated, and open certificate authority for your website or any other projects. You can grab free TLS/SSL certificate to create encrypted HTTPS session for your site visitors. In this tutorial, I will explain how to use Let’s Encrypt to install a free SSL certificate for Lighttpd web server along with how to properly deploy Diffie-Hellman on your Lighttpd server to get SSL labs A+ score.

Our sample setup

Fig.01: Our sample Lighttpd TLS/SSL Security with Let’s Encrypt on Debian or Ubuntu Linux

Default Lighttpd config file : /etc/lighttpd/lighttpd.conf

Default Lighttpd SSL config file : /etc/lighttpd/conf-enabled/10-ssl.conf

Lighttpd SSL certification directory : /etc/lighttpd/ssl/cyberciti.biz/

Lighttpd DocumentRoot (root) path : /var/www/html/

Lighttpd TLS/SSL Port: 443

Our sample domain: www.cyberciti.biz

Dedicated public IP: 74.86.26.69

Step 1 – Install acme.sh client

Type the following apt-get command/apt command:

$ sudo apt-get install git bc wget curl

Sample outputs:

Fig.02: Install git and bc on Ubuntu/Debian Linux

Step 2 – Clone repo

Type the following commands:

$ cd /tmp

$ git clone https://github.com/Neilpang/acme.sh.git

$ sudo -i

# cd /tmp/acme.sh/

# ./acme.sh –install

Sample outputs:

Fig.03: Clone the acme.sh client using git

Rest of all command need to be type as root user. Become root user:

$ sudo -i

Step 3 – Create /.well-known/acme-challenge/ directory

Type the following command (set D to actual server.document-root path as per your setup):

# D=/var/www/html

# mkdir -vp ${D}/.well-known/acme-challenge/

—[ NOTE: Adjust permission as per your setup ]—###

# chown -R www-data:www-data ${D}/.well-known/acme-challenge/

# chmod -R 0555 ${D}/.well-known/acme-challenge/

Step 4 – Create directory to store SSL certificate

Type the following mkdir command:

# mkdir -p /etc/lighttpd/ssl/cyberciti.biz/

Step 5 – Create your dhparam.pem file

Type the following command to create a strong Diffie-Hellman (DH) group file:

# cd /etc/lighttpd/ssl/cyberciti.biz/

# openssl dhparam -out dhparam.pem -dsaparam 4096

Sample outputs:

Generating DSA parameters, 4096 bit long prime

…..+…………..+……+.+……….+.+++++++++++++++++++++++++++++++++++++++++++++++++++*

+………………………………+…………+……………………..+.+…..+.+…..+………..+……….+……..+…+..+…+..+…………+……+…..+….+……+………………………………..+..+…..+.+…………+….+.+.+..+……..+…+………….+..+……..+++++++++++++++++++++++++++++++++++++++++++++++++++*

Step 6 – Issue a certificate for your domain

The syntax is:

acme.sh –issue -w /server.document-root-path/ -d www.example.com

acme.sh –issue -w /var/www/html/ -d example.com -k 2048

To issue a certificate for www.cyberciti.biz, enter:

# acme.sh –issue -w /var/www/html -d www.cyberciti.biz -k 4096

Sample outputs:

Fig.04: Issue a certificate

Step 7 – Enable ssl for Lighttpd

Type the following command:

# lighttpd-enable-mod ssl

Enabling ssl: ok

Run /etc/init.d/lighttpd force-reload to enable changes

Step 8 – Lighttpd SSL Configuration

Edit the file /etc/lighttpd/conf-enabled/10-ssl.conf, enter:

# vi /etc/lighttpd/conf-enabled/10-ssl.conf

Update it as follows:

# turn on ssl #

$SERVER[ socket ] ==  0.0.0.0:443  {

ssl.engine   =  enable

ssl.disable-client-renegotiation =  enable

ssl.pemfile               =  /etc/lighttpd/ssl/cyberciti.biz/ssl.pem

ssl.ca-file               =  /etc/lighttpd/ssl/cyberciti.biz/ca.cer

ssl.dh-file               =  /etc/lighttpd/ssl/cyberciti.biz/dhparam.pem

# ECDH/ECDHE ciphers curve strength

ssl.ec-curve              =  secp384r1

ssl.use-compression     =  disable

# Environment flag for HTTPS enabled

setenv.add-environment = (

HTTPS  =>  on

)

ssl.use-sslv2 =  disable

ssl.use-sslv3 =  disable

ssl.honor-cipher-order    =  enable

ssl.cipher-list =  EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

# HSTS(15768000 seconds = 6 months)

setenv.add-response-header  = (

Strict-Transport-Security  =>  max-age=15768000;

)

}

Save and close the file.

Step 9 – Install the issued certificate for Lighttpd web server

First create a hook for lighttpd ssl.pem file as follows:

# vi /root/.acme.sh/www.cyberciti.biz/hook.sh

Append the following script:

#!/bin/bash

dom= www.cyberciti.biz                    #your domain name

dest= /etc/lighttpd/ssl/cyberciti.biz     #lighttpd ssl path root

croot= /root/.acme.sh/${dom}              #acme.sh root path for your domain

NO edit below ###

sslfile= ${dest}/ssl.pem                   #lighttpd .pem file path

certfile= ${croot}/${dom}.cer              #lighttpd certficate file path

keyfile= ${croot}/${dom}.key               #lighttpd key file path

echo  Running lighttpd cmd…

/bin/cat  ${certfile}   ${keyfile}  >  ${sslfile}

/bin/systemctl restart lighttpd

Save and close the file. Set executable permissions:

# chmod +x /root/.acme.sh/www.cyberciti.biz/hook.sh

Above script will create a file named /etc/lighttpd/ssl/cyberciti.biz/ssl.pem (ssl.pem =cert+privkey). Type the following command to install certificate and restart the lighttpd web server:

# acme.sh –installcert -d www.cyberciti.biz \

–capath /etc/lighttpd/ssl/cyberciti.biz/ca.cer \

–reloadcmd  /root/.acme.sh/www.cyberciti.biz/hook.sh

Sample outputs:

Sun Mar 12 19:51:30 UTC 2017] Installing CA to:/etc/lighttpd/ssl/cyberciti.biz/ca.cer

[Sun Mar 12 19:51:30 UTC 2017] Run reload cmd: /root/.acme.sh/www.cyberciti.biz/hook.sh

Running lighttpd cmd…

[Sun Mar 12 19:51:30 UTC 2017] Reload success

Step 10 – Test it

Verify that lighttpd running on port 443

# netstat -tulpn | grep  :443

tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 379/lighttpd

Step 11 – Open port 443 using ufw firewall

Type the following ufw command to open port 443:

# ufw allow proto tcp from any to 74.86.26.69 port 443

Type the following url in your browser:

https://www.cyberciti.biz

How do I renew a certificate?

# acme.sh –renew -d www.cyberciti.biz

How do I upgrade acme.sh client?

# acme.sh –upgrade

A note about cron job

A cron job will try to do renewal a certificate for you too. This is installed by default as follows (no action required on your part):

33 0 * * *  /root/.acme.sh /acme.sh –cron –home  /root/.acme.sh  > /dev/null