PHP

Prerequisite
To use this guide, you will need Nginx installed and configured.

Common configuration
In Debian, the different flavor of PHP have their own configuration file. This allow fine grained configuration but makes it harder to have common behavior.

Let’s create a common file read by all PHP interpreters. Unless specified, all the settings bellow should go to

Integrate with Nginx
Create file

Configure Processes
PHP-FPM create processes to handle incoming requests. If it runs out of available processes, new requests will be put in queue and the users will experience delays.

The number of processes to use will heavily depend on the traffic on your websites and on the available RAM/CPU on your server. To find optimal values check the log file. It will contains warnings when the number of processes need adjustment.

The values to change are present in. A good start point can be

Security
PHP is known to have a particularly poor track record in term of security. Although things are improving, it is recommended to harden you installation.

Hide PHP
It is generally a bad idea to give information on the technologies used by your system. This setting make sure that PHP is not exposed.

Session IDs
By default PHP session IDs are not very random. Let's get some more entropy

Prevent session fixation attacks

Limit File Access
By default, PHP allow scripts to read any file on the machine including sensible files like.

The setting bellow limit that. Of course when new sites are added, the list of folder need to be extended.