Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

phpstatic/phpstatic.com

Folders and files

NameName
Last commit message
Last commit date

Latest commit

History

147 Commits

Repository files navigation

PHPStatic package is build for better performance, check our benchmarks.

PHPStatic package is build as static shared object, to reduce the dynamic library runtime overheads and attack surface. Static link also allow our package suite for most of linux distribution, avoid dependent library miss match problem during system upgrade time.

$ file /usr/local/bin/php
/usr/local/bin/php: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, stripped
$ readelf -l ./php
Elf file type is DYN (Shared object file)
Entry point 0x37f9a8
There are 7 program headers, starting at offset 64
Program Headers:
 Type Offset VirtAddr PhysAddr
 FileSiz MemSiz Flags Align
 LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000
 0x0000000002b48980 0x0000000002b48980 R E 0x200000
 LOAD 0x0000000002b49920 0x0000000002d49920 0x0000000002d49920
 0x0000000000256b80 0x000000000035ee48 RW 0x200000
 DYNAMIC 0x0000000002d45540 0x0000000002f45540 0x0000000002f45540
 0x00000000000001d0 0x00000000000001d0 RW 0x8
 TLS 0x0000000002b49920 0x0000000002d49920 0x0000000002d49920
 0x0000000000000088 0x0000000000005d98 R 0x20
 GNU_EH_FRAME 0x000000000278ccbc 0x000000000278ccbc 0x000000000278ccbc
 0x0000000000080d5c 0x0000000000080d5c R 0x4
 GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000
 0x0000000000000000 0x0000000000000000 RW 0x10
 GNU_RELRO 0x0000000002b49920 0x0000000002d49920 0x0000000002d49920
 0x00000000001fd6e0 0x00000000001fd6e0 R 0x1
 Section to Segment mapping:
 Segment Sections...
 00 .hash .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_d .rela.dyn .init .plt .text .fini .rodata .eh_frame_hdr .eh_frame .gcc_except_table 
 01 .tdata .init_array .fini_array .ctors .dtors .data.rel.ro .dynamic .got .data .bss 
 02 .dynamic 
 03 .tdata .tbss 
 04 .eh_frame_hdr 
 05 
 06 .tdata .init_array .fini_array .ctors .dtors .data.rel.ro .dynamic .got

PHPStatic package also build for security, by add gcc flags -fstack-clash-protection, -fstack-protector-strong, -Wp,-D_FORTIFY_SOURCE=2, -Wp,-D_GLIBCXX_ASSERTIONS, -fPIE, -Wl,-z,now, -Wl,-z,relro, -Wl,-z,text, -Wl,-z,noexecstack to enable Address space layout randomization, Full RELRO, STACK CANARY, non-executable stack, FORTIFY, stack clash protection, stack overflow protection.

PHPStatic is immune to LD_PRELOAD preload attacks like this.

Linux package need CPU support AVX.

macOS package need CPU >= Sandy Bridge(2011), os >= 10.13(High Sierra), macOS package also work for VM with Penryn(+aes, +avx) CPU.

maxOS >= 10.9 Mavericks package is not support any more, you can download old MAC OSX packages for develop only.

debian, ubuntu

this work with systemd, for old debian/ubuntu please try docker or https://phpstatic.com/linux/ 

echo deb http://phpstatic.com/debian/ / > /etc/apt/sources.list.d/phpstatic.list
apt-get install gnupg curl sudo
curl -L https://phpstatic.com/repo.gpg | sudo apt-key add -
# for debian 11
curl -L https://phpstatic.com/repo.gpg | sudo apt-key --keyring /etc/apt/trusted.gpg.d/phpstatic.gpg add -
apt-get update
apt-get install php-static-7.4 nginx-static
/etc/init.d/php-fpm status

CentOS/Fedora/Red Hat/SUSE

this work with systemd, for old redhat/centos please try docker or https://phpstatic.com/linux/ 

curl -L https://phpstatic.com/centos/phpstatic.repo -o /etc/yum.repos.d/phpstatic.repo
yum update
yum install php-static-7.4 nginx-static -y 
systemctl status php-fpm

alpine

curl -o /etc/apk/keys/phpstatic.com-5e2a99b5.rsa.pub -L https://phpstatic.com/alpine/phpstatic.com-5e2a99b5.rsa.pub
echo http://phpstatic.com/alpine >> /etc/apk/repositories
apk update
apk add php-static-7.4 nginx-static 
/etc/init.d/php-fpm status

others linux

curl -O https://phpstatic.com/php-static-7.4-latest-linux-x64.tar.gz
curl -O https://phpstatic.com/nginx-static-latest-linux-x64.tar.gz
tar xvf php-static-* -C /
tar xvf nginx-static-* -C /
/usr/local/bin/php-fpm
killall php-fpm
/usr/sbin/nginx
/usr/sbin/nginx -s stop

macOS

curl -O https://phpstatic.com/php-static-7.4-latest-osx-x64.tar.gz
tar xvf php-static-* -C /
otool -L /usr/local/bin/php
/usr/local/bin/php:
	/usr/lib/libresolv.9.dylib (compatibility version 1.0.0, current version 1.0.0)
	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation (compatibility version 150.0.0, current version 1455120)
	/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1252504)

run this on your project dirs:

docker pull phpstatic/php:7.4.15
docker run --name php74 -itd -v $(pwd):/app --mount source=php74_etc,target=/usr/local/etc/php phpstatic/php:7.4.15
docker logs php74
docker volume inspect php74_etc
docker exec -i -t php74 composer install
docker exec -i -t php74 ash

Windows

try docker or https://docs.microsoft.com/en-us/windows/wsl/install-win10

BSD

not ready yet, try docker

xdebug, taint, tideways_xhprof, SPX, SeasLog, wasm, ast, componere, xattr is default disabled, to enable it add disable_extensions=none into php.ini.

xdebug conflict with taint, remember just enable one of them.

[PHP Modules]
amqp
apcu
ast
base58
bcmath
brotli
bz2
calendar
componere
Core
ctype
curl
date
dom
ds
elastic_apm
event
exif
fileinfo
filter
ftp
gd
gearman
gettext
gmp
grpc
hash
hoedown
iconv
igbinary
imap
intl
ip2region
jchash
jq
jsmin
json
json_post
jwt
libxml
lz4
mbstring
memcached
mongodb
msgpack
mysqli
mysqlnd
newrelic
OAuth
openssl
pcntl
pcre
PDO
pdo_mysql
pdo_pgsql
pdo_sqlite
pgsql
phalcon
Phar
pinpoint_php
posix
protobuf
pspell
psr
rar
rdkafka
readline
redis
Reflection
sass
SeasLog
session
shmop
SimpleXML
skywalking
snappy
soap
sockets
sodium
solr
SPL
SPX
sqlite3
ssh2
standard
swoole
sysvmsg
sysvsem
sysvshm
tideways_xhprof
tidy
tokenizer
trie_filter
xattr
xdebug
xlswriter
xml
xmlreader
xmlwriter
xsl
xxhash
yaconf
yaml
yar
Zend OPcache
zip
zlib
zmq
zstd
[Zend Modules]
Xdebug
Zend OPcache

(削除) swoole_orm and wasm removed since 2021年03月08日. (削除ここまで)

nginx -V

nginx 1.18.0 is build with http3, njs(0.6.1), io_uring, ssl_stapling+BoringSSL support(the only solution that support multi domain without cronjob).

(削除) nginx build with ModSecurity (https://github.com/SpiderLabs/ModSecurity-nginx) support. (remove until owasp-modsecurity/ModSecurity-nginx#174 get fixed!) (削除ここまで)

build -flto=full.

nginx-uring require kernel >= 5.1 and avx2.

nginx version: nginx/1.18.0 (nginx)
built by gcc version 10.3.0
built with OpenSSL 1.1.0 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments:--conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --user=www-data --group=www-data --without-select_module --with-poll_module --with-file-aio --with-threads --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_sub_module --with-http_stub_status_module --with-http_slice_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_secure_link_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-pcre --with-pcre-jit --with-zlib --with-zlib-asm=pentiumpro --with-libatomic --with-http_addition_module --without-http_uwsgi_module --with-mail --with-mail_ssl_module --with-http_mp4_module --with-http_flv_module --add-module=devel_kit --add-module=brotli --add-module=zstd --add-module=substitutions_filter --add-module=headers-more --add-module=h264_streaming --add-module=vod --add-module=secure-token --add-module=flv --add-module=dynamic_limit_req --add-module=slice --add-module=njs/nginx --add-module=vts --with-http_geoip_module --with-stream_geoip_module --add-module=geoip2 --add-module=ipip --add-module=waf --add-module=security_headers --add-module=tcp-keepalive --add-module=websockify --with-http_v3_module --with-openssl --with-quiche

nginx-openssl build without http3 (version is 1.21.0).

nginx version: nginx/1.21.0 (nginx)
built by gcc version 10.3.0
built with OpenSSL 1.1.1k 16 Feb 2021
TLS SNI support enabled
configure arguments:--conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --lock-path=/var/lock/nginx.lock --user=www-data --group=www-data --without-select_module --with-poll_module --with-file-aio --with-threads --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_sub_module --with-http_stub_status_module --with-http_slice_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_secure_link_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-pcre --with-pcre-jit --with-zlib --with-zlib-asm=pentiumpro --with-libatomic --with-http_addition_module --without-http_uwsgi_module --with-mail --with-mail_ssl_module --with-http_mp4_module --with-http_flv_module --add-module=devel_kit --add-module=brotli --add-module=zstd --add-module=substitutions_filter --add-module=headers-more --add-module=h264_streaming --add-module=vod --add-module=secure-token --add-module=flv --add-module=dynamic_limit_req --add-module=slice --add-module=njs/nginx --add-module=vts --with-http_geoip_module --with-stream_geoip_module --add-module=geoip2 --add-module=ipip --add-module=waf --add-module=security_headers --add-module=tcp-keepalive --add-module=websockify --with-openssl --with-http_v2_hpack_enc

AltStyle によって変換されたページ (->オリジナル) /