I’m following alongLEMP stack tutorial and I’m stuck on Configure PHP processor portion. I did the first step under Configure php processor, but I can’t implement the second step in the tutorial: Configure the PHP Processor
We now have our PHP components installed, but we need to make a slight configuration change to make our setup more secure.
Open the main php-fpm configuration file with root privileges:
sudo vi /etc/php.ini What we are looking for in this file is the parameter that sets cgi.fix_pathinfo. This will be commented out with a semi-colon (;) and set to “1” by default.
This is an extremely insecure setting because it tells PHP to attempt to execute the closest file it can find if a PHP file does not match exactly. This basically would allow users to craft PHP requests in a way that would allow them to execute scripts that they shouldn’t be allowed to execute.
We will change both of these conditions by uncommenting the line and setting it to “0” like this:
/etc/php.ini excerpt cgi.fix_pathinfo=0 Save and close the file when you are finished.
Next, open the php-fpm configuration file www.conf:
sudo vi /etc/php-fpm.d/www.conf Find the line that specifies the listen parameter, and change it so it looks like the following:
/etc/php-php.d/www.conf — 1 of 3 listen = /var/run/php-fpm/php-fpm.sock Next, find the lines that set the listen.owner and listen.group and uncomment them. They should look like this:
/etc/php-php.d/www.conf — 2 of 3 listen.owner = nobody listen.group = nobody Lastly, find the lines that set the user and group and change their values from “apache” to “nginx”:
/etc/php-php.d/www.conf — 3 of 3 user = nginx group = nginx Then save and quit.
Now, we just need to start our PHP processor by typing:
sudo systemctl start php-fpm This will implement the change that we made.
Next, enable php-fpm to start on boot:
sudo systemctl enable php-fpm
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Hi @alanacweaver,
As I understand correctly you’ve started experiencing issues with the installation of MySQL and securing it, correct?
If you are having issues with that, I’ll suggest actually reinstalling and securing it following these steps
sudo yum remove mariadb-server mariadb
As soon as you’ve actually removed everything, you can start doing so
sudo yum install mariadb-server
This will install the MariaDB package using the yum package manager.Once the installation is complete, start the MariaDB service and enable it to start on boot using the following commands:
sudo systemctl start mariadb
sudo systemctl enable mariadb
To verify that the installation was successful, check the MariaDB service status by typing:
sudo systemctl status mariadb
Nex is the the mysql_secure_installation script:
sudo mysql_secure_installation
You will be prompted to set up the root user password, remove anonymous user accounts, restrict root user access to the local machine, and remove the test database.
The steps are explained in detail. It is recommended to answer Y (yes) to all question
Now you are good to go
Regards, KDSys
This comment has been deleted
This comment has been deleted
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.