Install Nginx or Apache with firewall configuration for HTTP/HTTPS. 2. Install PHP 8.2 from the Remi repository and verify version. 3. Configure PHP-FPM with optimized php.ini and OPcache settings. 4. Install and secure MariaDB, then create a dedicated database and user. 5. Secure the stack using Let’s Encrypt for HTTPS, disable dangerous PHP functions, run PHP-FPM under least privilege, and enforce SELinux policies. 6. Deploy apps with proper file permissions, avoid root execution, and store configuration outside web root. 7. Monitor logs, enable slow request logging, automate security updates via dnf-automatic, and schedule regular backups of code and databases. This production-ready PHP stack on CentOS 9 ensures security, performance, and maintainability for deploying modern PHP applications reliably.

Setting up a production-ready PHP stack on CentOS 9 means more than just installing PHP and a web server — it’s about security, performance, maintainability, and reliability. CentOS 9 (Stream), being a modern enterprise Linux distribution, provides a solid foundation. Here's how to build a robust PHP stack that’s suitable for real-world deployment.

1. Install and Configure Apache or Nginx

While both Apache and Nginx are viable, Nginx is often preferred in production for its performance and low memory footprint. However, Apache with mod_php or PHP-FPM is still widely used and easier for beginners.

Install Nginx:

sudo dnf install nginx -y
sudo systemctl enable nginx
sudo systemctl start nginx

Install Apache (alternative):

sudo dnf install httpd -y
sudo systemctl enable httpd
sudo systemctl start httpd

? Don’t forget to adjust the firewall:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

For better performance and flexibility, use PHP-FPM regardless of your web server choice.

2. Install PHP 8.1 from Remi Repository

CentOS 9’s default repositories may not include the latest PHP versions. Use the Remi repository, which is trusted and widely used.

Enable Remi and install PHP:

sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-9.rpm -y
sudo dnf module enable php:8.2 -y
sudo dnf install php php-cli php-fpm php-mysqlnd php-gd php-xml php-mbstring php-pdo php-opcache php-curl php-zip -y

? Use PHP 8.2 or 8.3 if your apps support it — they offer better performance and features.

Verify installation:

php -v

3. Configure PHP-FPM for Nginx or Apache

PHP-FPM improves process management and is essential for high-traffic sites.

Start and enable PHP-FPM:

sudo systemctl enable php-fpm
sudo systemctl start php-fpm

Configure Nginx to use PHP-FPM:

Edit your site config (e.g., /etc/nginx/conf.d/default.conf) and update the server block:

location ~ \.php$ {
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
}

? For Apache, you can use mod_proxy_fcgi to route PHP requests to PHP-FPM, or stick with libphp if simpler setup is acceptable.

Optimize php.ini:

Edit /etc/php.ini and adjust:

upload_max_filesize = 64M
post_max_size = 128M
memory_limit = 512M
max_execution_time = 300
expose_php = Off
cgi.fix_pathinfo = 0

Also enable OPcache in /etc/php.d/opcache.ini:

opcache.enable=1
opcache.memory_consumption=256
opcache.max_accelerated_files=20000
opcache.validate_timestamps=0  ; Only in production; disable for dev
opcache.fast_shutdown=1

4. Set Up a Database (MariaDB or MySQL)

Most PHP apps need a database. MariaDB is default on CentOS.

Install MariaDB:

sudo dnf install mariadb-server mariadb -y
sudo systemctl enable mariadb
sudo systemctl start mariadb

Secure installation:

sudo mysql_secure_installation

Create a database and user:

CREATE DATABASE appdb;
CREATE USER 'appuser'@'localhost' IDENTIFIED BY 'strong_password';
GRANT ALL PRIVILEGES ON appdb.* TO 'appuser'@'localhost';
FLUSH PRIVILEGES;

5. Secure the Stack

Security is critical in production.

• Use HTTPS with Let’s Encrypt:

  sudo dnf install certbot python3-certbot-nginx -y  # or python3-certbot-apache
  sudo certbot --nginx -d yourdomain.com

• Disable unused PHP functions (optional but recommended): In php.ini:

  disable_functions = exec,passthru,shell_exec,system,proc_open,popen

• Run PHP-FPM with least privilege: Edit /etc/php-fpm.d/www.conf:

  user = nginx
  group = nginx
  listen.owner = nginx
  listen.group = nginx

• Enable SELinux policies: CentOS 9 uses SELinux by default. Ensure it's enforcing:

  sudo setsebool -P httpd_can_network_connect_db 1  # For DB connections
  sudo setsebool -P httpd_exec_mem 0                # Disable if not needed

6. Deploy Your PHP App Securely

• Place your app in /var/www/html or a custom directory like /var/www/myapp.
• Set correct permissions:

  sudo chown -R nginx:nginx /var/www/myapp
  sudo chmod -R 755 /var/www/myapp
  sudo chmod 644 /var/www/myapp/*.php

• Avoid running web server as root.
• Use .env files outside the web root for configuration.

7. Monitor and Maintain

• Log monitoring:

  • Nginx: /var/log/nginx/error.log
  • PHP-FPM: /var/log/php-fpm.log
  • Enable slow log in PHP-FPM for debugging performance issues.

• Automate updates: Use dnf-automatic to apply security patches:

  sudo dnf install dnf-automatic -y
  sudo systemctl enable dnf-automatic.timer
  sudo systemctl start dnf-automatic.timer

• Backup regularly: Automate database and code backups using cron and mysqldump.

---

Final Notes

A production-ready PHP stack on CentOS 9 isn’t just about installing components — it’s about configuring them securely, optimizing performance, and planning for maintenance. Stick to trusted repos like Remi, use PHP-FPM, enable HTTPS, and keep SELinux on.

With this setup, you’re ready to deploy Laravel, WordPress, or any modern PHP application in a secure, scalable environment.

Basically, keep it updated, locked down, and monitored.

The above is the detailed content of Building a Production-Ready PHP Stack on CentOS 9. For more information, please follow other related articles on the PHP Chinese website!