PHP From ZeroModern PHP course

deployment and operations

Production php.ini

Production PHP configuration should expose useful logs to operators while hiding details from users. Resource limits, upload limits, timezone, sessions, extensions, and OPcache settings need deliberate review. The effective configuration matters more than the file someone expected PHP to load.

Start With Safe Error Handling

  • Disable user-facing detailed error display.
  • Enable appropriate error logging.
  • Align memory, execution, upload, and input limits with application needs.

Inspect The Serving Runtime

  • Inspect effective CLI and FPM configuration separately.
  • Exercise an error safely.
  • Record config in provisioning or image build.
  • Editing the wrong ini file changes nothing.
  • CLI and FPM may load different configuration.
  • High limits can hide unbounded work.

Production Settings Sketch

display_errors = Off
log_errors = On
error_reporting = E_ALL
memory_limit = 256M
max_execution_time = 30
upload_max_filesize = 10M
post_max_size = 12M

CLI and FPM can load different configuration files and pool overrides. Inspect both contexts. For uploads, remember that a web server or proxy may reject the body before PHP sees it. Record production values in provisioning or image configuration so they can be reviewed and reproduced.

Practice

Practice: Review Production PHP Settings

Review the effective production settings for an application that accepts file uploads. Explain how you would detect a difference between CLI and FPM configuration.

Requirements

  • Disable user-facing detailed error display.
  • Enable appropriate error logging.
  • Align memory, execution, upload, and input limits with application needs.
  • Inspect effective CLI and FPM configuration separately.
  • Exercise an error safely.
  • Record config in provisioning or image build.
Show solution

Keep detailed error display off for users and send errors to an operator-visible log. Inspect the effective CLI and FPM configuration separately because they may load different files or pool overrides.

Check related upload and request limits across PHP, FPM, the web server, and any proxy. Trigger a controlled staging failure and verify the log path. Store the intended settings in provisioning or image configuration rather than relying on an undocumented server edit.