Installing PHP 8.3 with Remi Repository on Rocky Linux 9: Preparing Enterprise Environments for Laravel 11

Securing the Foundation: Rocky Linux 9 System Updates

Before introducing any new software, especially a critical component like PHP for a framework like Laravel 11, it’s paramount to ensure the underlying operating system is stable and up-to-date. This minimizes potential conflicts and security vulnerabilities. For Rocky Linux 9, this involves a standard package update process.

Execute the following commands to synchronize your system’s package index and upgrade all installed packages to their latest available versions. This step is non-negotiable for production environments.

sudo dnf update -y
sudo dnf upgrade -y

Following the updates, a system reboot is often recommended to ensure all kernel and system service updates are fully applied. This is particularly important if kernel modules or core system libraries have been updated.

sudo reboot

Integrating the Remi Repository: The Gateway to Modern PHP

Rocky Linux 9, by default, ships with a specific set of PHP packages. To access the latest stable versions of PHP, including PHP 8.3, and its associated extensions, the Remi repository is the de facto standard in the RHEL/CentOS/Rocky ecosystem. This repository is meticulously maintained and provides up-to-date PHP builds.

First, we need to install the EPEL (Extra Packages for Enterprise Linux) repository, as the Remi repository often depends on packages found within EPEL.

sudo dnf install -y epel-release

Next, install the Remi repository configuration package. This will add the necessary configuration files to your system to enable the Remi repository.

sudo dnf install -y https://rpms.remirepo.net/enterprise/remi-release-9.rpm

Once the Remi repository is enabled, you’ll need to tell DNF which specific PHP version stream to prioritize. For PHP 8.3, you’ll enable the `remi-8.3` stream. This command disables any previously enabled PHP streams and activates the desired one.

sudo dnf module reset php -y
sudo dnf module enable php:remi-8.3 -y

Installing PHP 8.3 and Essential Extensions

With the Remi repository configured and the PHP 8.3 stream enabled, we can now proceed with the installation of PHP itself and a comprehensive set of extensions commonly required for modern web development, particularly for frameworks like Laravel. These extensions cover database connectivity, caching, session handling, XML processing, and more.

The following command installs the core PHP package along with a curated list of essential extensions. Adjust this list based on your specific application’s needs.

sudo dnf install -y php php-cli php-fpm php-mysqlnd php-gd php-xml php-mbstring php-json php-intl php-opcache php-pear php-devel php-zip php-bcmath php-readline php-soap php-ldap php-imagick php-redis php-memcached

After installation, it’s crucial to verify the installed PHP version to confirm that PHP 8.3 is active and correctly configured.

php -v

The output should clearly indicate PHP 8.3.x.

Configuring PHP-FPM for Web Server Integration

For most web server setups (Nginx, Apache with mod_proxy_fcgi), PHP-FPM (FastCGI Process Manager) is the preferred way to handle PHP execution. It offers better performance, resource management, and security compared to older methods. We need to ensure PHP-FPM is running and configured to communicate with the web server.

Start and enable the PHP-FPM service so it launches automatically on boot.

sudo systemctl start php-fpm
sudo systemctl enable php-fpm

The default configuration for PHP-FPM is usually located at /etc/php-fpm.conf and pool configurations are in /etc/php-fpm.d/www.conf. For optimal performance and security, especially in multi-user or multi-application environments, it’s recommended to create a dedicated pool for your application. However, for a single-application setup or initial deployment, modifying the default www.conf is common.

A critical setting is the listen directive. By default, it might be set to a Unix socket (e.g., /run/php-fpm/www.sock) or a TCP port (e.g., 127.0.0.1:9000). Ensure this matches your web server’s configuration.

For example, to configure PHP-FPM to listen on a TCP port, edit /etc/php-fpm.d/www.conf:

; listen = /run/php-fpm/www.sock
listen = 127.0.0.1:9000

And ensure the user and group are set appropriately, typically to the web server’s user (e.g., apache for Apache, nginx for Nginx):

user = apache
group = apache
; or for Nginx:
; user = nginx
; group = nginx

After making any changes to the PHP-FPM configuration, restart the service:

sudo systemctl restart php-fpm

Web Server Configuration (Nginx Example)

To serve Laravel applications, Nginx is a popular and performant choice. The following is a basic Nginx server block configuration that integrates with PHP-FPM using the TCP socket we configured earlier. This configuration assumes your Laravel application is located at /var/www/your-laravel-app/public.

server {
    listen 80;
    server_name your-domain.com www.your-domain.com;
    root /var/www/your-laravel-app/public;

    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        # With php-fpm listening on a TCP port
        fastcgi_pass 127.0.0.1:9000;
        # With php-fpm listening on a Unix socket
        # fastcgi_pass unix:/run/php-fpm/www.sock;
    }

    location ~ /\.ht {
        deny all;
    }

    error_log /var/log/nginx/your-laravel-app.error.log;
    access_log /var/log/nginx/your-laravel-app.access.log;
}

Ensure the fastcgi_pass directive matches how your PHP-FPM is configured to listen. After saving the Nginx configuration file (e.g., in /etc/nginx/conf.d/your-laravel-app.conf), test the configuration and reload Nginx:

sudo nginx -t
sudo systemctl reload nginx

Final Verification and Security Considerations

With PHP 8.3 installed and configured, and your web server pointing to PHP-FPM, you should now be able to serve your Laravel 11 application. Access your application via its domain name in a web browser.

Security Best Practices:

• Firewall: Ensure your server’s firewall (e.g., firewalld) is configured to allow only necessary ports (typically 80 and 443).
• SELinux: Rocky Linux 9 has SELinux enabled by default. Ensure SELinux contexts are correctly set for your web server and PHP-FPM to operate without permission issues. For Nginx, common contexts are `httpd_sys_content_t` for web content and `httpd_can_network_connect` for network connections.
• PHP Configuration: Review php.ini settings (e.g., memory_limit, upload_max_filesize, post_max_size) in /etc/php.ini and the PHP-FPM pool configuration for security and performance tuning.
• Regular Updates: Schedule regular system and PHP updates to patch security vulnerabilities.

By following these steps, you establish a robust and modern PHP 8.3 environment on Rocky Linux 9, perfectly poised to host demanding applications like Laravel 11, ensuring both performance and security.