The PHP Project Guide (2014)
17. Hosting your website
There are plenty of ways you can get your website online, but this comes with the struggle of different web server configurations, different PHP versions to your local development environment and unreliable companies either in hardware or support. In this chapter we’ll review some considerations for getting your website online and maintaining it while online.
17.1 Choosing a host
There are literally thousands of hosting companies who offer some form of web hosting. Many of these companies are extremely cheap, simple due to the amount of competition. I’ve seen hosting companies offering packages for as little as $1 a month. The problem with cheaper web hosting companies is that they’re more than likely stored within a larger dedicated server purchased through another company. Reseller hosting is also popular, where a server is purchased and specifically designed to allow easy reselling of hosting packages onto other people.
For small, non-critical test applications this is usually fine, but even then you may find problems. The main problems are often security, configuration and speed.
When hosting a website on a shared environment, you’re sharing disk space and a file system with other users. If you’re not protecting your website it will be potentially vulnerable to access by other users on this file system. Also, it’s the responsibility of the server owner to update, patch and monitor the server and this often doesn’t happen. If you’re lucky, the software on the server where your website is being hosted will be updated by the company it’s been sold by, however this may not the case.
Session security is weaker on a shared hosting environment due to the way that sessions are stored on the file system. When you create a session containing a user_id, for example, you’re actually storing this on the file system to be looked up by the default PHP functionality. There is a way to increase the security here, by creating your own session storage functionality. Unfortunately, this means more work and is one of the prices paid for hosting your website on a shared environment. Of course, you could implement this functionality even on a dedicated server if you wanted to increase security further.
The configuration of a server sometimes canâ€™t be modified. In some cases, you won’t even be able to define configuration rules in an .htaccess file. Not only is this extremely frustrating, it also makes it impossible to increase your knowledge, run code that requires such settings and means you have no control over the server configuration if you need to change it for an important reason.
As we’ve already learned, you’re sharing hardware with other users and therefore an increased load within one environment is more than likely to have an impact on yours. Do you really want inconsistent results when you’re testing your website? If something is running slowly, it could be harder to pinpoint where the problem lies.
So, if problems exist with these types of hosts, what can you do? The loose rule is to choose a host with a good reputation, and more importantly good support. To find a good host, don’t look for lists of good hosts online by rating. These have often be added due to promotional reasons or link backs between websites. It’s best to gauge an idea of how good a hosting company is by recommendation from someone who has used and had good experience with a particular host. Try also looking in forums to see the general scoop on a particular company. If all else fails, load up their website and head for their live chat and ask them all the questions you need to. If they’re honest they’ll give you all the information you need.
When choosing a budget package, a VPS (Virtual Private Server) gives the advantage of a dedicated server in a shared environment and allows you to change configuration. These are more expensive than shared hosting by are more than likely going to serve you better now and into the future. VPS packages when installed with something like cPanel, allow you to easily create accounts and therefore can be used to host multiple websites. This is exactly what happens with some hosting companies, and exactly what you’re paying for when you purchase shared hosting.
17.2 Webserver configuration
Whether server you’re running, you may need to access your configuration. On a shared environment this is tricky and often you’ll be left in the dark and won’t be able to change it. On a VPS or a dedicated server you’ll be able to control this, giving you the ability to change what you need to suit.
17.3 PHP configuration
When you’re up and running with a host, you should learn more about the environment you’re working in. You may want to add PHP extensions or check which extensions you’re running. You can use a handy function to output all the information you should need regarding your PHP installation. Create a file with the following and run it.
This code shouldn’t be publicly available as it contains information about your hosting environment that could be useful to an attacker.
You should see a page output. Have a scan through and take a look at what it shows. You can also run this if you’re working on a local environment to find more about your local server installation.
So what might you need to change within your PHP configuration? Well, for example, let’s say large files aren’t uploading and you absolutely need to allow larger file uploads. You could have this capped at 1gb within your upload validation and now you’ll need to modify your PHP configuration to allow files of 1gb or less. Your php.ini file contains the configuration settings for your PHP installation. To find your php.ini file, run the phpinfo function as discussed above and you’ll find the path to it.
For example, the two lines of interest for the upload file size are:
1 upload_max_filesize = 10M
2 post_max_size = 10M
So, changing these as nessasary will allow for larger uploads.
1 upload_max_filesize = 1g
2 post_max_size = 1g
Naturally the reason we have to change the maximum size for POST data is that we send files using this, usually through the method of a form.
Don’t set this value too high. It’s highly unlikely you want to allow very large files to your application so it’s better to cut a user off uploading a huge file if they bypass the limit restrictions.
17.4 Dedicated server
A dedicated server is what it sounds like, it’s your own server that yours to pretty much do what you want with. Dedicated servers are often expensive, but for good reason - you’re renting an entire server! Most packages are sold with some sort of control panel, either something like Parallels or WHM, although this is often charged additionally. These allow you to manage near every aspect of your server. You can also SSH to your server to perform actions you’d normally be able to do with a shell.
Don’t think that using something like WHM is absolutely required. It might be easier for you to manage the server yourself, but if you’re buying a dedicated server you’re probably serious about your website. In this case, you might want to consider hiring someone to manager your server(s) for you. This will avoid the need to have to pay additionally for this bulky, often expensive software.