Base Install

Since I often have to move this site from one box to another, I've taken the opportunity to document one such migration (to RedHat 9.0 and PHP 4.3.2):

Set up a minimal RedHat, etc., plus the apt package manager. Then install the whole shebang, including some development libraries that you'll need to rebuild PHP later:

# apt-get install mysql-devel php php-devel aspell-devel imap-devel net-snmp \
net-snmp-devel net-snmp-utils bzip2-devel freetype-devel aspell-devel \
httpd-devel libjpeg-devel libpng-devel pcre-devel postgresql-devel \
unixODBC-devel gd-devel

Installing ming

For some reason, the PHP SRPMS I get off Rawhide have a broken (or outdated) ming, so I compile and install it as follows:

$ cd ming-0.2a
$ make
$ make install
$ make install-static

Upgrading PHP

Get the latest PHP source RPM (from either RedHat's Rawhide or Edwin's), rebuild it (patching the SPEC file dependencies as needed and adding ming to the configure invocation), and upgrade PHP:

# wget http://ftp.redhat.com/pub/redhat/linux/rawhide/SRPMS/SRPMS/php-4.3.2-7.src.rpm
# rpm -ivh php-4.3.2-7.src.rpm
# cd /usr/src/redhat/SPECS/
# rpmbuild -ba php.spec
error: Failed build dependencies:
        aspell-devel >= 0.50.0 is needed by php-4.3.2-7
...
(build errors and minimal fixes to aspell dependencies - 0.50 changed to 0.30):
- BuildRequires: gd-devel >= 1.8.4, gdbm-devel, gmp-devel, aspell-devel >= 0.50.0
+ BuildRequires: gd-devel >= 1.8.4, gdbm-devel, gmp-devel, aspell-devel >= 0.30.0
...
+      --with-ming=/usr \
...
# cd /usr/src/redhat/RPMS/i386
# rpm -Uvh php-*

Note: I am now grafting Fedora SRPMs onto RedHat 9.0 with only minimal changes. For instance, to upgrade to PHP 4.3.6, I did the above and upgraded pcre to version 4.4 from the SRPM as well.

Install Turck MMCache with:

# cd ~/Packages
# wget http://belnet.dl.sourceforge.net/sourceforge/turck-mmcache/turck-mmcache-2.3.23.tar.gz
# cd ../Build
# tar -zxvf ../Packages/turck-mmcache-2.3.23.tar.gz
# cd turck-mmcache-2.3.23/
# export PHP_PREFIX="/usr"
# $PHP_PREFIX/bin/phpize
# ./configure --enable-mmcache=shared --with-php-config=$PHP_PREFIX/bin/php-config
# make
# make install

Add the following to the end of /etc/php.ini:

zend_extension="/usr/lib/php4/mmcache.so"
mmcache.shm_size="16"
mmcache.cache_dir="/tmp/mmcache"
mmcache.enable="1"
mmcache.optimizer="1"
mmcache.check_mtime="1"
mmcache.debug="0"
mmcache.filter=""
mmcache.shm_max="0"
mmcache.shm_ttl="0"
mmcache.shm_prune_period="0"

Secure mySQL

Check mySQL/Security. The default RedHat firewall measures are enough for the base configuration, but I like to follow this.

Not covered: Apache security tweaks, PHP security tweaks, site layout, etc.