HTML Logo by World Wide Web Consortium ( Click to learn more about our commitment to accessibility and standards.

Moving forward with Composr

ocPortal has been relaunched as Composr CMS, which is now in beta. ocPortal 9 will be superseded by Composr 10.

Head over to for our new site, and to our migration roadmap. Existing ocPortal member accounts have been mirrored.

ocPortal Tutorial: Web hosting for ocPortal

Written by Chris Graham, ocProducts
To put a website on-to the Internet, you need to arrange for 'web hosting'. This is usually done by paying for the services of a web host , who will provide you space-on and access-to, a computer (a web server) that is permanently connected to the Internet via a high-speed connection.

Users with high requirements for CPU, memory, security, privacy, autonomy or disk space, may opt to get a dedicated server . This is more expensive, and usually requires additional maintenance by the user, but for some users, is highly advisable.

(In various places in this tutorial, I will mention that ocProducts is available for support. This is of particular relevance for employers who desire special help with the creation of their website, rather than creating the necessary skills in-house or hiring outside help from elsewhere. If this interests you, please contact us and we will respond promptly.)


When choosing a web-host, you need to make sure that they meet all the requirements of ocPortal. ocPortal is intentionally designed to have very low requirements, but like when making virtually any choice in life, there are various different kinds of product that companies may try and sell.
If a random commercial PHP /mySQL -supporting web-host was chosen, it is very likely that they would support these requirements: however ocProducts cannot be held accountable for incompatibilities with systems that do not.

The remainder of this section details ocPortal's requirements. If you have trouble ascertaining a web-hosts compliance, you may wish to contact them with this information.

ocPortal requires:
  • A web server that runs PHP. PHP is software which provides the environment that ocPortal is written for. ocPortal requires PHP version 4.2 or higher. If a web-host has a PHP version older than this, it is not just out-dated, but also insecure: no competent web-hosts still do
  • A PHP environment with the following enabled: GD2 extension (including PNG and JPEG support), file uploads with at least 5MB (or higher, depending on your daily needs), a mySQL extension, a maximum execution time of at least 30 seconds. A competent web-host geared towards running PHP web applications should be able to provide this. Also key functions may not be disabled (PHP can be stripped down heavily by disreputable web hosts) – the installer will warn if any critical functions have been
  • A PHP memory limit of at least 20MB (bare minimum – you may see errors if caches are disabled, whilst caches fill, if you are doing imports, if you are doing Admin Zone searches, or if you are a programmer with debug mode on). A higher limit, e.g. 40MB, may be required if running PHP4.
  • At least 50MB of disk space, plus your needs for space for downloads, images, etc. No maximum file size limit under 25MB or file type whitelists (some free web hosts will impose these limits – which explains why data.ocp might disappear when you try to upload it)
  • A web server that runs mySQL (*), version 4.1 or higher. mySQL is the database software (software which allows creation of a number of separate databases) which ocPortal uses to store the majority of its data. Often web hosts will quote a number of databases that web-hosting comes with: ocPortal only requires a single mySQL database to function. At least 5MB of database storage space is required, which should be available on any reputable webhost
  • A web server running IIS (the Microsoft web server), Apache (the common Linux web server), or LiteSpeed. It is very unlikely you will find a web-host that provides something else. Other servers might work but are not supported
  • That the web server is not overloaded with too many users, or has very poor performance
  • That the web server does not have a Firewall that stops outgoing connections or internal connections to itself (sometimes referred to 'HTTP loopback')
  • Connectivity to a mail server (SMTP) so that outgoing email can be sent out to the staff email address or the addresses of individual members
  • If running Apache using a mod_php (as opposed to a CGI version of PHP), the server configuration needs to have AllowOverride All or at least AllowOverride Options FileInfo Limit (because we use distributed .htaccess files containing settings to increase security)
  • If running Windows, you should use an NTFS partition not a FAT32 partition, as FAT32 cannot support file locking
  • The PHP environment must not have explicit disabling of standard functionality that we require. Commonly web hosts do this using modsecurity, disable_functions, suhosin, suPHP or their own modified PHP versions. We do our best to workaround such issues for common recoverable cases, but ultimately if arbitrary standard functionality has been disabled the software cannot function.
(*) Other database software may work, but is not supported

ocPortal recommends:
  • A PHP environment with the FTP, GD FreeType, ZIP and XML extensions/integrated-functionality
  • A PHP environment with Safe Mode disabled, but open_basedir enabled – or a suEXEC/IIS server
  • A PHP environment with a memory limit of at least 32MB

If you do not have the PHP FTP extension, then you will need either:
  • an environment where the web server user has recursive write access over the web directories (most Windows servers)
  • an environment where the web server user is the same as the virtual hosting login user

If you want automatic thumbnail generation and transcoding  you need a server with FFMPEG on it. It must be accessible via PHP either via the PHP extension (thumbnails only, not transcoding), or the ability for 'shell_exec' to run from PHP (both thumbnails and transcoding).

Do not try and install ocPortal on an ad-sponsored free web host. The banners they inject will interfere with the mechanisms of the software.

If LDAP integration is required (for corporate network authentication integration), the PHP LDAP extension is required.

If your website staff need to do spell checks and do not use a web browser with this built in (Firefox or Safari or Google Chrome at the time of writing), a PHP environment with the pSpell extension is required.

If you need to transcode video files, you will need 'FFMPEG' installed on the server, and a PHP environment that can call 'shell commands' (Safe Mode would need to be disabled, and various other limitations must not be imposed).

If you need to be able to easily remove 'bounce' emails from newsletter subscriber lists, you will need the PHP IMAP extension. If your IMAP server requires SSL (like gmail) then you will need to have IMAP-SSL support inside PHP (or you will get "invalid remote specification" errors).

If encrypted CPFs are needed (see the Advanced ocPortal member system tutorial), the PHP OpenSSL extension is required.

Forum drivers

Please note that many 'forum systems' are referred to as 'bulletin boards', and that a 'forum' within 'forums' is often referred to as a 'board'. We consistently use the terms 'discussion forums', 'forums' and 'forum' to describe these.

If you wish to integrate an existing forum into ocPortal, rather than use our own, the forum must be one of:
  • Advanced Electron Forum 1
  • Invision Board 1.1-1.3/2.0-2.3
  • phpBB 2.0-3.0
  • myBB 1.4
  • vBulletin 2.2/3.0-3.7
  • Burning Board 2.0/2.2/Lite
  • Simple Machine Forum 1.0/1.1
  • WowBB 1.7
If your forum is not on the list, we may be able to add support via our Experts by the hour service.

We provide converters for Invision Board, phpBB, and vBulletin 3.0.x to our forum system, OCF. If you currently use one of these systems, you have the option to convert it.


Instead of naming the forum "Website comment topics" or "Website Support Tickets", you could name it "Mysite comment hub", "Mysite help region", or anything else you choose. Just be sure to change the configuration option to reflect it.

This is in the "Support Tickets" and "User interaction" groups of the "Feature Options" configuration category. Find this under the Configuration icon, in the Setup section of the Admin Zone.
If you have installed forums, you will likely wish to create a comments forum. To do this, create a hidden forum called 'Website comment topics'. This forum will be used to store topics relating to comments for content in your portal.

You may also wish to create hidden a forum called 'Website support tickets' if you wish to enable the support ticket feature.

Domain names

Most websites prefer to have a short and memorable Internet address, direct to their front page. In order to achieve this, you will need to pay for control of a domain name. A very large number of companies will provide these domains, and the facility to bind these names to your web-server, for a very low fee. It is usually your own responsibility to seek and register the domain name for your site, but ocProducts may be able to register one on your behalf to assist you in the creation of your website.

It is important to note that domain names are licensed on a temporary basis, and therefore you will need to renew your domain names. The length of the licence varies, but is typically between 1 and 5 years.


Usually the web host will take responsibility for the daily maintenance of the server. For example, keeping the server software, usually Linux and common Linux software, up to date with security and stability patches . However few web hosts will take responsibility for the maintenance (including backups) of your space on the server. If you are in need of assistance with this, ocProducts staff are available for support, however, normally we do not take responsibility for maintenance issues that are not strictly related to our software.

It is important to understand the responsibilities for the various aspects of creating, maintaining and operating your website, before you launch your endeavour.

Basic server and site infrastructure

When you are provided web-hosting, you are usually allocated a 'hosting control panel' that runs software such as:
  • Plesk
  • cPanel
  • Ensim
  • DirectAdmin
This allows you to manage your account on the server, and create databases, FTP accounts (additional to your primary account that already would exist), and e-mail addresses.

Note: the next few paragraphs detail the complexities of a typical Linux file system, and is not necessary reading for most users.

The server itself, has a file system, much like a desktop computer, and is usually laid out something like as follows (this example is for a Linux server):


Of course this is only a partial detailing of the directory structure, but the intent is to provide you with an overview of what is really happening on your server. Usually you will not be able to, using your control panel or FTP, see outside of '/home/your-account-name/'. When you install ocPortal, you usually would place the quick installer or manual installer files inside '/home/your-account-name/httpdocs/'; this is the directory that becomes accessible at the base URL of your website.

For instance, if your account on the server was associated with a domain name, '', then would be tied to the file system file, '/home/your-account-name/httpdocs/index.php' (often the 'www.' is removable, but not on all servers).
In addition, from your main FTP account, the same file would likely be '/httpdocs/index.php'.

In other words, three views of the file system exist, according to context:
  1. The full file system view, which is usually completely hidden from you, but which is what ocPortal actually itself uses
  2. The FTP view, which branches off from the base of your account directory in the full file system view
  3. The URL view, which branches off from the httpdocs directory in your account directory

As previously mentioned, this file system is merely illustrative. Different servers use different conventions; for example 'httpdocs' is often 'public_html' or 'www'.

Server security

This section details complex scenarios, that only advanced users will understand.

Towards the start of this document I briefly mentioned how a dedicated server would provide extra security and privacy. The reason for this is that, unless the server is heavily locked down (often at the detriment to its users needs), then different server users are likely to be able to access and interfere with (erase and edit) each others files. This is highly unfortunate, and not widely known or understood, but is a result of the server architecture and applies to any PHP web application. Your account on the server has a username, much like your username on your own computer; files you upload are assigned to this username, and hence tampering with them is not possible for others. However, on almost all servers, the PHP environment itself, for all web sites on the server, runs with the privileges of the the same user (usually, a user named 'nobody'). This has three consequences:
  • ocPortal files that the web server user needs to write have to be made accessible to the web server. The way this is done is by making them available to every user on the server. Therefore these files are exposed to any user on the server with access to files outside of their account directory, which for non-locked-down servers, is every user
  • Any file that is uploaded to the website via ocPortal, or created by ocPortal, is fully accessible and modifiable by any other user on the server
  • Any user on the server may have unrestricted access to your database

Of course if other clients of the web-host interfere with your data, the web-host may be able to intercede on your behalf.

Advanced: OpenSSL encryption

If you wish to have encrypted OCF custom profile fields, the PHP OpenSSL extension must be installed and configured. Further to this, a public/private key pair must be generated for the site, and uploaded to the server.

To generate the public/private key pair, you will need access to a computer running OpenSSL; either a local one, or your server via SSH. At a shell, execute the following commands to generate the public/private key pair:


openssl genrsa -aes256 -out private.pem 2048
openssl rsa -in private.pem -out public.pem -outform PEM -pubout

The first command will generate a private key with a passphrase supplied when openssl requests it. The passphrase must be long, secure, and kept private, as it's the only way to access the private key (and thus the encrypted data). The second command will generate a public key from the private key, and will require the same passphrase to be entered again.

Once the key pair has been generated, they should be uploaded to your server, somewhere where they cannot be accessed from the Internet (so not in your htdocs directory). They should have their permissions set such that they can be read by your web server process, but nobody else.

The final step is to configure ocPortal to use the key pair to encrypt data. In the "Privacy options" section of your ocPortal configuration, set the "Encryption key" option to be the path and filename of the public key file (public.pem), and the "Decryption key" option to be the path and filename of the private key file (private.pem). If these options are not visible, it's because your server does not have the OpenSSL PHP extension installed or configured correctly.


You can display information about the PHP server environment via a page PHP itself provides called 'PHP info', which shows all the technical details of the PHP configuration, such as the installed PHP extensions and the defined options.

Some PHP options can be defined in the '.htaccess' file (Apache non-CGI web server users only), as illustrated by the default recommended.htaccess file. On CGI servers you need to use a custom php.ini file instead (see our FAQ). Full details of this are in the PHP manual.

The PHP info is also convenient for identifying wider factors of the system environment, such as server paths.


web host
A provider of Internet server facilities
dedicated server
A server that is not shared with others
The Linux operating system, very well suited to servers
Patches are upgrades to software designed to fix problems, especially security ones nowadays

See also