# Server Requirements
# PHP
Version | PHP |
---|---|
3.20 | 7.4 |
Chevereto-Free is PHP (opens new window) software, it has been designed using:
- PHP packages (opens new window) from Ondřej Surý.
- PHP extensions (opens new window) provided by PECL (opens new window).
Packages and PECL provides the same convenience, but as packages are made for debian-based systems you should prefer PECL if you don't have a compatible system.
Packages vs PECL
Packages not only contain the software, it could trigger other effects in the system.
# PHP configuration
The following ini
values are recommended for Chevereto installations.
upload_max_filesize = 50M;
post_max_size = 50M;
max_execution_time = 30;
memory_limit = 512M;
Property | Description | Example |
---|---|---|
upload_max_filesize | Maximum upload size | 50M for 50 MB |
post_max_size | Maximum post size | Same as above |
max_execution_time | Maximum time to execute the software, in seconds | 30 for 30 seconds |
memory_limit | Maximum memory to allocate | 512M for 512 MB |
You can toggle this limits to reflect your hardware and server load. Check this article for more info: PHP common pitfalls (opens new window).
# PHP Extensions
The following PHP extensions are required for Chevereto.
- curl
- exif
- fileinfo
- hash
- imagick
- gd
- json
- mbstring
- pdo
- pdo-mysql
- session
- xml
- zip
# PHP Features
Chevereto requires unrestricted access to all PHP functions. If any PHP function is removed it could cause Chevereto to fail or to not work at all. Note that the following functions must not be restricted:
# Image library
The image library (GD, Imagick) should be provided with support for PNG GIF JPG BMP WEBP
. By default, Chevereto uses Imagick and fallback to GD.
If you need to explicit use GD you can add this key to Settings file:
$settings['image_library'] = 'gd';
Workaround missing formats
If the server doesn't provide support for all the image formats handled by Chevereto you must use the following Settings file workaround.
In the following example Chevereto is configured with explicit support only for PNG, GIF, BMP and JPG (removes WEBP):
$settings['image_formats_available'] = ['PNG', 'GIF', 'BMP', 'JPG'];
# Configuring image library
Check for CHEVERETO_IMAGE_LIBRARY for changing the default image library used by Chevereto.
# ImageMagick
Additional recommended ImageMagick configuration at /etc/ImageMagick-6/policy.xml
file:
<policymap>
<!-- policies -->
<policy domain="resource" name="width" value="16KP"/>
<policy domain="resource" name="height" value="16KP"/>
</policymap>
# Filesystem
User running php
must be in the owner group of your installation directory. This is required to allow Chevereto to modify the filesystem for uploading, one-click update and many other features.
Chevereto user will require read/write access in the following paths:
/tmp
app/content/
app/content/languages/
app/content/languages/cache/
app/content/system/
content/
images/
# Database
Version | MySQL | MariaDB |
---|---|---|
3.20 | 5.7, 8 | 10 |
- Database user must have
ALL PRIVILEGES
over the target database - InnoDB table storage engine
Upgrading from old installation
Old versions using MyISAM table storage engine will require to convert the old tables to InnoDB. Read Convert MyISAM tables to InnoDB (opens new window)
# Web server configuration
# Apache HTTP server
Make sure that mod_rewrite
(opens new window) is enabled and that your virtual host settings allows to perform URL rewriting:
<Directory /var/www/html>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
Apache configuration .htaccess
files are already included in the software.
# Restrict direct access to PHP files
Edit the Virtual Host (opens new window) entry by adding the following directive for your upload directory. This will disable PHP interpreter on folders containing public upload content:
Must edit
/var/www/html/images
to reflect your actual upload directory.
<Directory /var/www/html/images>
AllowOverride None
<FilesMatch "\.(?:[Pp][Hh][Pp][345]?|[Pp][Hh][Tt][Mm][Ll])|(po|sql|html?)$">
<IfModule !mod_authz_core.c>
Order Allow,Deny
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</FilesMatch>
<IfModule mod_php7.c>
php_flag engine off
</IfModule>
<FilesMatch ".+\.*$">
SetHandler !
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteRule ^.*\.php$ - [F,L]
</IfModule>
</Directory>
If you don't have access to editing Apache Virtual Host you can use a .htaccess
file in the alleged paths:
<FilesMatch "\.(?:[Pp][Hh][Pp][345]?|[Pp][Hh][Tt][Mm][Ll])|(po|sql|html?)$">
<IfModule !mod_authz_core.c>
Order Allow,Deny
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</FilesMatch>
<IfModule mod_php7.c>
php_flag engine off
</IfModule>
<FilesMatch ".+\.*$">
SetHandler !
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteRule ^.*\.php$ - [F,L]
</IfModule>
# NGINX
nginx.conf
for server {}
block:
# Disable access to sensitive application files
location ~* (app|content|lib)/.*\.(po|php|lock|sql)$ {
return 404;
}
location ~* composer\.json|composer\.lock|.gitignore$ {
return 404;
}
location ~* /\.ht {
return 404;
}
# Image not found replacement
location ~* \.(jpe?g|png|gif|webp)$ {
log_not_found off;
error_page 404 /content/images/system/default/404.gif;
}
# CORS header (avoids font rendering issues)
location ~* \.(ttf|ttc|otf|eot|woff|woff2|font.css|css|js)$ {
add_header Access-Control-Allow-Origin "*";
}
# PHP front controller
location / {
index index.php;
try_files $uri $uri/ /index.php$is_args$query_string;
}
# Single PHP-entrypoint (disables direct access to .php files)
location ~* \.php$ {
internal;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
# Real connecting IP
For setups under any kind of proxy (including CloudFlare (opens new window)) is required that the web server sets the appropriate value for the client connecting IP.
DANGER
If real connecting IP is not configured Chevereto won't be able to detect the real visitors IPs, failing to deliver IP based restrictions and flood control.
- NGINX:
ngx_http_realip_module
- Apache HTTP Server:
mod_remoteip