In this recent post to his blog Anson Cheung provides a set of helpful hints for sysadmins to follow when installing (or just securing) the PHP installations on their systems.

PHP is widely used for various of web development. However, misconfigured server-side scripting would create all sorts of problem. And here are php security best practices that you should aware when configuring PHP securely. Nowadays most of the web servers are operated under Linux environment (like: Ubuntu, Debian...etc). Hence, in the following article, I am going to use list top 10 ways to enhance PHP Security Best Practices under Linux environment.

His tips include:

• Reducing the built-in PHP modules
• Logging all PHP errors
• Disabling remote code execution
• Disabling dangerous PHP functions
• Write protection on Apache, PHP & MySQL configuration files

On DZone.com today Giorgio Sironi has a quick tutorial showing you how to set up and use the PHPUnit_Selenium component in the latest releases of the popular testing software.

With the 1.2 release, PHPUnit_Selenium supports (basically) for the first time the Selenium 2 WebDriver API. While PHPUnit_Selenium already worked with Selenium 2, it did so only by using the Selenium 1 emulation included in the jar; now it provides an object-oriented API right natively supported in a base PHPUnit test case, shipped in PHPUnit's PEAR channel.

He includes the steps you'll need to pull it from the PEAR channel and how to set up a test case based on the PHPUnit_Extensions_Selenium2TestCase object. He gives a few examples of how to select various components on the page (via CSS selectors and XPath), assert that the right information is there and interact with forms.

In this recent post to his blog Stefan Koopmanschap shares some of the troubles (and a solution) when he was dealing with getting the Geoip PECL extension installed on his Zend Server setup in OSX.

Today I needed to get a client application up and running on my local system. This application uses the Geoip PECL package, so I needed to get this up and running. This turned out to be slightly more difficult than just a PECL install, as you're missing some libraries by default, so here is my log of things to do to get it up and running.

He gives the complete list of steps his followed including downloading the source and his way around this "System could not load this extension" issue. The trick was to recompile the source with the correct architecture. By default his extension was built with i386 instead of 64-bit but updating some of the CFLAGS settings (and a few other environment variables) got things compiling correctly.

Joshua Thijssen has shared a handy tip for those using Zend Server on a pupptet-ed server - using a Facter plugin to check for the ZS install and only install what's needed (rather than end up with multiple PHP installs).

This means you should not install the default PHP package for your distribution when the distribution also runs on Zend Server. This Facter plugin will allow you to use the $zendserver fact inside your own manifests to check if Zend server is installed, so you can take measures against installing stuff that is taken care of by ZendServer itself.

You can download the plugin from his github account, https://github.com/jaytaph/puppet-facter-zendserver, and easily install it into your puppet setup.

In a new post to his blog Sebastian Bergmann takes a quick look at using a static analyzer, clang and scan-build, to analyze the PHP interpreter (specifically during the compile process).

I have been tinkering with CLANG's static analyzer lately. This post summarizes how I installed LLVM and CLANG and performed the analysis of a build of the PHP interpreter.

He includes all the commands (unix-based) to get the clang tools/libraries installed in the correct places as well as what to add to your $PATH to get the "scan-build" command to work with the make and make install parts of the PHP compile process.

Till Klampaeckel has a new post to his blog combining two powerful technologies into one automated package that uses a Chef recipe to install PHPUnit as a part of the setup.

If you follow my blog for a while, you might have noticed that I'm a huge fan of automation. I just moved one of our development servers the other day and had one of these moments where something just paid off. Taking for granted that I can spin up fully operational EC2 instances in minutes, I also had our development stack installed and configured in an instant. My recipe basically follows Christer's instructions and because I distribute phpunit's command along with it, editing of the file is no longer required: when the chef run completes, phpunit34 is installed and ready to be used.

He includes the configuration needed to create a recipe for PHPUnit installation including how to use chef-solo to automate the install. It uses a "cookbook" from Till's collection on github to do some of the work for you. You can find out more about Chef on the OpsCode site.

On DZone.com there's a new post from Giorgio Sironi looking at how to automate a build of a virtual server with Vagrant, setting up a LAMP-based development instance.

Vagrant ia a tool for building virtual machines (in VirtualBox's format) that conforms to a specification. It's written in Ruby, but it makes really no assumptions over the environments that you're gonna build; in this article, we will setup a virtual server for PHP applications running inside Apache.

The end result is a virtual machine based on VirtualBox images and can be built in a few easy steps:

• install the vagrant gems on the build system
• add a new virtual box instance pointed to a .box file
• create the Vagrant config (including the commands to run post-create)
• set up a little port forawrding
• creating a phpinfo file and starting up Apache

One suggested place for grabbing images (some with pre-defined software) is Bitnami's "Stacks" repository.

Chance Garcia has a recent post to his blog showing how he fixed an issue with his MAMP install involving development of a SSH wrapper he developed and some testing out of PHPStorm and PHPUnit.

One thing I can say is that, even though I use a convenient app like MAMP PRO to set up my local development environment, I'm glad my sysadmin-fu is up to snuff enough to fly without the conveniences because after this ordeal, I feel like I might as well have made my MAMP stack from scratch with all the hoops I jumped tonight.

He shares a few of the things he discovered along the way like: the location of MAMP's "pecl" command, an error caused by a bad pear.conf file, doing custom compiles of PHP and libssh as a fallback and getting the extension to work in the CLI PHP version too.

Justin Carmony has a new tutorial posted to his blog today about setting up Nginx and PHP-FPM on Ubuntu in a few easy steps (thanks to some package management).

This is another wonderful setup that I've found myself using rather than the traditional Apache & mod_php setup. [...] Ngnix, unlike Apache, doesn't actually load PHP. Instead, it hands it off as a proxy to a "php handler" which acts like an Application Server. So nginx by itself won't serve PHP files, but just static files.

He briefly introduces Nginx and PHP-FPM for those not familiar and points out that this combination is very fast, even without much configuration. The packages are installed with the aptitude installer and minimal changes are made to the php-fm and nginx configuration files (mostly to set up whatever your domain/virtual host is).

Stuart Herbert has put together a series of posts detailing how to get the Phix component creation and management tool installed on various operating systems.

Phix makes it extremely easy to create and maintain your own PEAR-installer compatible components for reuse in your PHP applications. Installation takes just seconds, and it's both open-source and framework-agnostic!

The OS guides help you get it installed for:

• OSX
• Fedora
• Ubuntu
• Debian
• CentOS

For more information about Phix (including helpful "getting started" details) check out the project's website.