We are going to show you how to install PHP and PHP-FPM on Ubuntu 24.04. PHP, or Hypertext Preprocessor, is a popular open-source programming language used mostly for online development. The only PHP implementation of PHP FastCGI that is really helpful for websites with a lot of traffic is PHP. At the end of this guide, you should be ready to go with PHP running on your server.
Before that, check our instruction on how to set up a server on Ubuntu.
PHP working scheme
Before we start, please confirm you have the following:
To ensure that your system is up to date, run the following commands:
sudo apt update
sudo apt upgrade
Launch the Apache web server using the following command:
sudo apt install apache2
Let's begin with installing the PHP package in Ubuntu 24.04 server.
First, open a terminal on your Ubuntu system.
PHP and common modules are included in the installation action:
sudo apt install php
That command installs the core PHP package, the command-line interface, and common libraries.
Make sure the installation works:
php -v
Start with PHP Installation
PHP extensions are the way to go to extending PHP installation with certain functions. Start by installing extensions:
sudo apt install php-curl php-mbstring php-xml
Short description:
php-mysql
: Allows MySQL database connection
php-gd
: Adds ability to manipulate images
php-curl
: Makes possible to communicate with servers
php-mbstring
: Provides multibyte string support
php-xml
: Enables XML support
php-zip
: Enables ZIP support
Additional extensions can be installed as you see fit for your projects. You can search them using:
apt-cache search php-
PHP-FPM is essential when dealing with high-traffic websites. To install and configure it:
Install the package:
sudo apt install php-fpm
Launch PHP-FPM service. Depending on the installation, version number may differ.
sudo systemctl start php8.3-fpm
Tell PHP-FPM to go on boot:
sudo systemctl enable php8.3-fpm
Verify PHP-FPM is working:
systemctl status php8.3-fpm
This will output a response that says "Active (Running)" if everything is working as expected.
To ensure that PHP and PHP-FPM are both running with no problems, create a test file then serve it via the website's server. Let's say it uses Apache in this example:
Generate PHP Info File. To show PHP settings using the phpinfo() function, do the following:
mkdir -p /var/www/html
echo "<?php phpinfo(); ?>" | sudo tee /var/www/html/info.php
Set Up Apache for PHP-FPM. Ensure Apache is made compatible for PHP-FPM, by first finding Apache configuration file (usually /etc/apache2/sites-available/000-default.conf
) then inserting:
<FilesMatch \.php$>
SetHandler "proxy:unix:/var/run/php/php8.3-fpm.sock|fcgi://localhost/"
</FilesMatch>
Remember we must alter specific PHP version and socket path to suit individual settings of the server.
Activate PHP and PHP-FPM. Enable PHP and PHP-FPM following these instructions:
sudo apt install libapache2-mod-php
sudo a2enmod proxy_fcgi setenvif
Reboot Apache. Apply changes by restarting Apache server:
sudo systemctl restart apache2
Access PHP Info Page. First open your web browser and go to:
http://your_server_ip/info.php
Replace [server_ip]
with the server IP address or domain. You can see details of your PHP installation.
This is Where You Can Check Your PHP Current Status
You may need to run different programs for specific projects, and each one may need a distinct set of features. Here's how to handle and work with different PHP versions on Ubuntu 24.04.
First, add PHP repository:
sudo apt install software-properties-common
sudo add-apt-repository ppa:ondrej/php && sudo apt update
Install PHP versions you need:
sudo apt install php8.1 php8.1-fpm
Deselect one PHP version and select the other:
sudo update-alternatives --set php /usr/bin/php8.1
If you are using multiple PHP versions, ensure that your web server is pointing to the appropriate PHP-FPM socket.
As a web developer, you are aware of how crucial it is to use both PHP and PHP-FPM in secure and reliable web applications. We'll go over some security measures in this part that you should use when utilizing PHP and PHP-FPM.
PHP and PHP-FPM should be up to date. Doing regular updates will eliminate known security breaches and provide overall security improvements. You need to check for updates as often as possible then update the system as soon as the updates are available.
To configure PHP securely, start by disabling unnecessary and potentially dangerous functions, such as exec
, shell_exec
, and eval
, in the PHP configuration file (php.ini
). Use open_basedir
directive to restrict PHP’s access to specific directories, preventing unauthorized access to sensitive files. Set display_errors
to Off
in production to avoid exposing error messages that could provide insights to attackers. Limit file upload sizes and execution times to reduce the risk of resource exhaustion attacks. Besides, ensure that PHP runs under a dedicated, restricted user account with minimal permissions to prevent privilege escalation. Regularly update PHP to the latest stable version to patch vulnerabilities and improve security.
To ensure an error-free application, it is quite handy locating and correcting code bugs in a development environment. In production environment, you have the possibility to hide the PHP errors by setting the display_errors
directive to be off
, and you should also set the log_errors
directive to be On
, thus this will help you prevent PHP from showing errors to the users whereas your server will log it in a safe location without problems to users.
Being aware of the input validations is quite crucial during the programming of your software. Make sure that all deficiencies are tested and only SQL statements containing their SQL equivalent that can produce outwardly neutral queries via prepared statements is considered safe.
PHP-FPM is required to run using a non-usual user account with minium rights. Furthermore, access to the PHP-FPM socket or port should be very limited to the web application.
You need to bind open_basedir
directive in order to restrict access files within the given directory. In this case, if you attempt to visit a forbidden directory and the request is accidentally transmitted to the server, PHP will prevent you from doing so.
We need to secure web calls by making apps HTTPS-only, which is the only prominent way to block all the known hacking tricks.
Installing PHP on Ubuntu 24.04 is Rewarded
With this guide, you've successfully set up PHP and PHP-FPM on Ubuntu 24.04. Your server is now configured for dynamic web applications. To maintain security and performance, remember to keep the system and packages regularly updated.
If you liked this instruction, please check our Cloud Servers to boost your cloud workflow!