This tutorial assumes that you are using Apache web server and php as an apache module. The steps may differ if you have a different set up. For example nginx, php-fpm + apache, docker etc.
As of this writing the old version is PHP 7.4 and the new PHP version is 8.3. You may need to update the versions of the php extensions that are about to be installed.
It’s very important to keep your software up to date because the latest software versions adds performance and security fixes and makes your site more secure and also gives newer versions give you access to more features
This tutorial is for unmanaged Ubuntu Linux servers where you have full root/admin access where you can install and remove packages.
Important: Make Backups!
As always when working with root you can break your system and all the sites that are residing on the server. That’s why it’s super important to take a full server backup. Ideally you should take at least 2-3 backups just to be on the safe side.
You need to backup the files and the databases as well.
If you’re on a cloud provider such as Linode or DigitalOcean you can take a live snapshot. This is very convenient because you can keep the server running while the backup is taking place.
This can take several minutes to complete and depends on how much space the server is using. One more note. The snapshot will cost you several cents per GB but it’s worth it in case you need to restore things.
If you’re hosting client sites it you would need to warn your clients that you’re about to perform a server maintenance at a given time.
You should do that upgrade when your site is low on traffic, so you don’t inconvenience your users as they may be in the middle of something when the server is not accessible.
A good idea is to have a hello bar or a message that appears at the top of the screen to inform the users about something important.
Upgrading PHP
Login as root
to upgrade the PHP version you need to install some additional software before you can do anything
sudo apt install -y software-properties-commonsudo add-apt-repository -y ppa:ondrej/phpsudo apt-get updatenow you can install the specific versions and there extensions
apt install -y --no-install-recommends --no-install-suggests php8.3-common php8.3-mysql php8.3-pdo php8.3-xml php8.3-xmlrpc php8.3-curl php8.3-gd php8.3-imagick php8.3-cli php8.3-mbstring php8.3-opcache php8.3-zip php8.3-intl php8.3-sqlite3if your web server let’s say a patch is running PHP as a module you need to install that as well
apt -y install --no-install-recommends --no-install-suggests libapache2-mod-php8.3Test Apache Configuration
you need to test the config if all is good and to make sure that the php module is correctly loaded. To test the apache configuration pass the -t parameter.
apachectl -tLet’s disable the Old php apache module
a2dismod php7.4Let’s enable the new module to PHP
a2enmod php8.3Restart the Apache web server
Now it’s time to restart the web server because loading a new module is big thing.
We’ll need to only restart the Apache web server not the whole server. This is going to interrupt the visitors that are using the site because there won’t be a program to handle the web site requests. The restart should be pretty quick though.
service apache2 restartUpdating the new PHP Configuration
Because php’s version has changed you will need to compare the previous php.ini version and then add/update the config values that your sites need.
You will most likely need to update the following ini settings:
- memory_limit
- file upload limit (post_max_size and upload_max_filesize)
- max_input_time
- max_execution_time
You can also create a php info file and add it to the document root folder (usually named htdocs, www, public_html etc) but name it something else e.g. zzzz_info.php or something that’s hard to guess because some bad people will try to access it manually or via automated programs/scripts to test if your site or server is vulnerable.
The file needs to have these contents.
<?php phpinfo();After you’re done testing it’s good to remove that file just in case so you don’t expose additional information in case somebody manages to find the php info file.