1. Install PHP8 and NGINX, I recommend installing both through your package manager.
For Arch / Manjaro :
$ sudo pacman -S nginx php php-fpm php-fpm php-sqlite php-gd sqlitebrowser sqlite
2. Clone the POCKET_PHP repository and set the server permissions.
Note that both the webserver and the php-fpm daemon must have read & write permissions on the project folder.
$ git clone https://git.xenobyte.xyz/XENOBYTE/pocket_php/
$ sudo mkdir /var/web_server
$ sudo chown -R username:group /var/web_server_php
$ sudo chmod -R 755 /var/web_server
$ mv -r pocket_php /var/web_server/
$ sudo chown -R username:group /var/web_server/pocket_php
$ sudo chmod -R 755 /var/web_server/pocket_php
3. Configure NGINX.
! WARNING !
Web server configuration is a broad topic, the following setup is intended to be customized for it's intended purpose as an example and
is only a basic gestalt of what POCKET_PHP requires working. For development environments extra precautions should be taken
like using a dedicated user and group combo to isolate NGINX and PHP to their respective working folders only.
This is specially true for (securely) serving through TOR!
As long as your web server of choice respects the simple rules below, pocket_php will work with it.
1. Serve static files directly
2. Redirect everything else to /app/index.php
The provided virtual server file for NGINX also adds a few security filters to keep some static files (such as the internal DB) private.
As a side note, there have been some issues with the way php-fpm handles sqlite databases that share the same name but are from independent projects, a very common case when
running multiple websites from a single server, simply rename the database file and update the location constant in configure.php.
Though the default NGINX configuration has moved away from the sites-available / sites-enabled directories, they work well enough and will be
implementing the NGINX config using this scheme, feel free to change the paths to ones of your liking. Do note that the PHP-FPM user and group
must match the ones set for NGINX.
Create the NGINX configuration folder structure, change the permissions and move the included config files.
$ sudo chown -R user:group /etc/nginx/
$ sudo chown -R 755 /etc/nginx
$ mkdir /etc/nginx/ssl
$ mkdir /etc/nginx/sites-enabled
$ mkdir /etc/nginx/sites-available
$ mv /var/web_server/pocket_php/static/text_files/nginx_config /etc/nginx/nginx.conf
$ mv /var/web_server/pocket_php/static/text_files/nginx_pocket_php_vsb /etc/nginx/sites-available/default
$ sudo ln -s /etc/nginx/sites-available /etc/nginx/sites-enabled
$ sudo systemctl restart nginx.service
Uncomment the SSL Settings block and modify the following lines in the included nginx.conf with your own.
Then, uncomment the HTTPS ENABLED (and comment out the HTTPS DISABLED) block in sites-available/default.
4. Configure PHP.
The only relevant changes are to the www.conf and php.ini files. However, POCKET_PHP internally modifies some php.ini settings, others must be manually set in php.ini.
- Uncomment the extension=pdo_sqlite and extension=gd
- Change the default session.name (for security reasons)
- Modify the file upload settings to match your application's needs (the settings required are specified in app/configure.php)
Do note that the selected session.name will be referenced in POCKET_PHP!
1. Change user and group to match those specified in the NGINX configuration
5. Configure POCKET_PHP.
All the relevant configuration lies in app/configure.php, note that the pocket_php/tools/ directory holds the sqlite
database file, the sqlite file itself and the session's management folder must be writable by the web server.
$ mkdir /var/web_server/pocket_php/tools/sessions/
$ sudo chown -R username:group /var/web_server/pocket_php/tools/
$ sudo chmod -R 755 /var/web_server/pocket_php/tools/pocket_php.db
Finally, the configure.php file overrides the php.ini settings that POCKET_PHP depends on, this prevents clashing between virtual servers with
different settings and the main php.ini defaults. It's strongly suggested to modify the included configure file instead.