Alma/Rocky/CentOS
Basic actions
- Before updating PHP, if Passwork is installed in a cloud/virtual environment, create a snapshot of the OS virtual state to restore functionality in case of incorrect update;
- Obtain
rootprivileges and update the local package database:
- shell
sudo -i
dnf update
Removing PHP
Remove the main package, drivers, and PHP extensions:
- shell
dnf remove -y php php-json php-ldap php-xml php-bcmath php-mbstring php-curl php-phalcon gcc php-pear curl-devel openssl-devel pcre-devel php-devel php-mysql libtool pcre-devel php-pecl-psr
Remove the directory with nested PHP files:
- shell
rm -rf /etc/php.d
Disable the PHP module from the Remi repository:
- 8.2
- 8.0
dnf module disable php:remi-8.2
dnf module disable php:remi-8.0
Installing PHP
Enable the PHP8.3 module from the Remi repository:
- shell
dnf module enable php:remi-8.3
Install PHP and additional extensions:
- shell
dnf install -y php-cli php-fpm php-curl php-devel php-pear php-gd php-intl php-ldap php-bcmath php-mbstring php-mysqlnd php-opcache php-pgsql php-soap php-zip php-sqlite3 php-xml
Installing PHP MongoDB driver
Install PHP MongoDB driver:
- shell
pecl install -f mongodb
Create a configuration file to load and enable PHP MongoDB:
- shell
echo "extension=mongodb.so" | tee /etc/php.d/20-mongodb.ini
Changing PHP web server handler to php-fpm
Make sure the php-fpm service is running:
- shell
systemctl status php-fpm
Start and enable the service autostart if it is stopped:
- shell
systemctl start php-fpm
systemctl enable php-fpm
Edit the Passwork server virtual host configured to work over HTTPS protocol:
- shell
nano /etc/httpd/conf.d/ssl.conf
Change the .php file handler, specifying proxying requests to the php-fpm socket:
- shell
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost/"
</FilesMatch>
Check that the virtual host configuration file matches the example:
- shell
<VirtualHost _default_:443>
DocumentRoot "/var/www/public"
ServerName passwork:443
<Directory /var/www/public>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLHonorCipherOrder on
SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM
SSLCertificateFile /etc/ssl/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/ssl/private/apache-selfsigned.key
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost/"
</FilesMatch>
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
Restart services:
- shell
systemctl restart php-fpm
systemctl restart httpd