Zikula Software Recommendations
More detailed documentation is available in the
Documentation Wiki at
http://community.zikula.org.
Support and help with installing and upgrading to Zikula v1 can be obtained from the forums. These are just some standard guidelines, which will apply to many, but not all hosting environments.
Contents
- Warning
- Software Recommendations
- Apache Considerations
- Distributed Configuration Files
- PHP Considerations
- Final Thoughts
1. Warning
As with installing any dynamic software application, it is imperative that you keep your software up to date. If you are not willing to do this, you risk exposing your website to malicious behaviour and exploitation of security vulnerabilities. It should be noted that using any dynamic software has a risk of being compromised. You can help keep yourself informed about the latest developments by subscribing to the Zikula Announcements mailing list.
2. Software Recommendations
- Operating System
- All software needs an operating system on which to run. The most common types for web servers are Microsoft Windows, UNIX and Linux, though you can also use Apple MacOS. The vast majority of web servers are Linux linux based, therefore much of the documentation and support is aimed towards Linux users. Zikula strives to be operating system independent, however it has only been extensively tested on Linux and Windows.
- Web server
- The two most popular web servers are Apache and Microsoft IIS. Apache is the community preferred web server, and most references to web servers are made in regards to Apache. Zikula is web server independent, however once again most extensive testing is run on Apache.
- PHP
- PHP, or Hypertext Pre-processor is a server-side scripting language. For this release of Zikula a minimum of version 4.3 is required, but this version of PHP is no longer supported by its vendor as of the January 2008. It is suggested that you run at least the latest stable supported version.
- Database
- Zikula also requires a database to be installed and currently supports MySQL, Microsoft SQL Server (MSSQL), PostgreSQL, and Oracle. This version of Zikula is the first that extends its support past that of MySQL. Support for databases other than MySQL is provided through the API, however third-party modules not using the Zikula v1 API may not be cross database compatible. For the transition from the .7x series to the Zikula series, MySQL is the best choice of database while extensions are updated.
- Zikula
- Each version has specific end of life dates, which are set when the next stable major release is made available. We always recommend you run the latest version as soon as possible after it is released, for security, performance and support reasons.
- Third-Party Modules
- These are what gives Zikula its real functionality. Be sure you are using the latest stable versions of all your third party modules.
3. Apache Considerations
Apache is the prefered choice as a web server. It is recommended that you use the latest stable version of Apache, but this is not required. If you are using Apache please consider the following options, if they are at your disposal:
- mod_security
- mod_security is an open source, free web application firewall.
- mod_rewrite
- mod_rewrite allows URL rewriting on the fly.
4. Distributed Configuration Files
In Apache, these are commonly known as .htaccess files. These give you the ability to modify your server configuration at the directory level. These can be used to change PHP configuration (if PHP is running as an Apache module) or to make use of short URL rewriting, and so forth. It should be noted that improper use of these files can result in server errors. These are not required by Zikula, but Zikula and many third-party modules can try to take advantage of them to increase security and functionality.
In some hosting environments it is possible to add a php.ini in your web level directories to override PHP configuration.
5. PHP Configuration
While Zikula does not require an exotic PHP setup, some basic PHP configuration should be considered. These are not explicit requirements but if you have the ability to manipulate your PHP configuration, you should try to do so:
- register_globals
- Register_globals should be off for security reasons. Note: the default .htaccess file flags this setting off.
- magic_quotes_gpc
- Magic_quotes_gpc should be off for secuity reasons. Note: the default .htaccess file flags this setting off.
- magic_quotes_runtime
- magic_quotes_runtime must be off.
- gd support
- GD graphics manipulation library, used to manipulate images via a web server, used by some gallery extensions.
- allow_url_fopen
- allow_url_fopen perfered state is off, for security reasons.
- allow_url_include
- allow_url_include perfered state is off.
- display_errors
- display_errors normally should be off. There is an option to turn this on in the /config/config.php file for troubleshooting.
- display_startup_errors
- display_startup_errors should be off.
- expose_php
-
6. Final Note
If you have any questions, please ask at the community forums
Regards,
The Zikula Team