Disabling Dangerous PHP Functions in a Shared Environment
PHP is an incredibly versatile language and if used in the wrong way, either maliciously or by accident has the potential to mess up an entire webserver. This can be a major problem if you are offering a shared hosting environment.
There is an often overlooked php.ini setting called disable_functions at hand.
Minify CSS on the fly with nginx
Code minification rules, but it sucks. The process of removing all unnecessary characters from source code, without changing its functionality. Brilliant! It reduces the amount of data, at byte level that needs to be transferred, so your site loads faster. But its a pain for developers as it involves shoving code through a minimiser before uploading, an extra step increasing development time.
Decreases of upto 70% are easily achieved.
Well, as if you needed another reason to ditch Apache, here's another one. nginx allows us to minify on the fly. Here's how.
Messing with time and date on Linux
Some Linux distros don't come with time synchronisation utilities, even though Windows has done it since Windows 2000.
Here's how I solved the issue on a basic CentOS install.
Installing nginx & PHP-FPM securely on CentOS
I won't go into the reasons why you should install nginx, if you're here, you've already decided.
Here's how I installed nginx and PHP-FPM on CentOS.
MySQL Server on CentOS, what the RPM doesn’t do for you
Installing MySQL via YUM
Once the updates have finished we will be ready to install the MySQL server. Type the following command to install the MySQL server:
# sudo yum -y install mysql-server
Starting MySQL
Once the installation has finished we are ready to start our server for the first time. Upon initially starting it will create several test databases and the mysql system databases. To start the server type the following:
# sudo /etc/init.d/mysqld start
“sh: -t: command not found” with PHP cron/command line
Are you getting "sh: -t: command not found" when running a PHP from cron or command line? This usually occurs when your accessing PHP's mail() function with no (compatible) mail server installed on the server.
Here's my CentOS based solution.
Passing Every ~ \.php$ request to to PHP
It is common with Nginx to pass every URI ending in .php to the PHP parser, if using a default PHP build this might lead to security issues. Nginx is a reverse proxy and as such does not have a concept of file unless you specifically tell it to. So if your configuration looks like this.
tcptrack
tcptrack is a sniffer which displays information about TCP connections it sees on a network interface. It passively watches for connections on the network interface, keeps track of their state and displays a list of connections in a manner similar to the unix 'top' command. It displays source and destination addresses and ports, connection state, idle time and superbly impressive - bandwidth usage.
A server admin must have.
Detecting yum problems early
Sometimes, yum freaks out. You might get your installation interrupted or some crazy happening which your installed package database goes crazy with duplicate packages or broken dependencies. There is one tool which helps a lot in tracing the problem and its called package-cleanup. This tool is provided by the yum-utils package, so to acquire it,
yum install yum-utils
Several common commands I usually use:
package-cleanup --dupes # list out duplicates
package-cleanup --cleandupes # clean up duplicates
package-cleanup --problems # list out packages with broken dependencies
More options? .. invoke the --help parameter
SSH Authentication with Pageant for extra laziness
So you've read Key-Based SSH Logins With PuTTY but can't be bothered typing in your private key passphrase each time? No problem, pageant can solve that - it can remember stuff so you don't have to
About Kieran
