Install Apache, HTTPS, and PHP-FPM on Debian 13
In this guide we will install Apache, PHP-FPM, Let's Encrypt SSL in Debian 13 Trixie. We will apply the first optimizations and test the results by creating phpinfo.ini
Install Apache2
We install the Apache web server with HTTPS, the first component in the LAMP stack, which will take care of serving content.
To optimize web server performance, we recommend using PHP-FPM, mpm_event and http2
Most websites, use secure connections, we will see how to generate a valid and free HTTPS certificate with Let's Encrypt
By default, there is the multi-process module, mpm_prefork, which allows you to use mod_php and PHP 8.4, the internal interpreter
This approach is not recommended on heavily visited sites, besides the increased slowness, arrived at the maximum number of threads, the web server, stops responding until a thread that can serve the content is freed
Let's install Apache2
apt install apache2We disable the
mpm_preforkmodulea2dismod mpm_preforkWe enable
mpm_eventandhttp2a2enmod mpm_event http2Let's restart Apache2
service apache2 restart
Install PHP-FPM
PHP-FPM is an alternative implementation of PHP FastCGI, known for its speed, three times faster than the classic module, and additional features
FPM is a real daemon, it stays listening for PHP requests, via a UNIX port or socket
It represents the P of our LAMP
Let's install FPM and FastCGI
apt install php-fpm libapache2-mod-fcgidEdit the pool configuration to listen on the PHP-FPM default port 9000. If you are configuring a high-traffic production environment, our Debian Linux consultants can assist with advanced performance tuning.
nano /etc/php/8.4/fpm/pool.d/www.conf;listen = /run/php/php8.4-fpm.sock
listen = 9000Enable the modules
a2enmod actions proxy_fcgi alias headersLet's restart the PHP FPM process
service php8.4-fpm restartLet's restart Apache2
service apache2 restartYou can now configure for all apache2 virtual hosts to use FPM by adding this handler in their definition:
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler "proxy:fcgi://127.0.0.1:9000"
</FilesMatch>To test the execution of PHP and get information about modules and configuration, we can create a phpinfo.php file in the configured directory on our virtual host
<?php
phpinfo();
phpinfo(INFO_MODULES);
?>By visiting https://IP-WEB/phpinfo.php we can view information about PHP
We install the necessary modules, PHP-MySQL and some of the more common ones
apt-get install php8.4-{mysql,curl,gd,intl,mcrypt,ps,pspell,snmp,sqlite,tidy,xmlrpc,xsl}We can also choose to install the most common modules, such as the default ones in Plesk
apt-get install php8.4-{bcmath,enchant,ldap,mysql,curl,dba,enchant,gd,intl,ldap,mbstring,mcrypt,odbc,opcache,pgsql,sqlite3,pspell,soap,tidy,xml,xmlrpc,xsl,zip}Let's Encrypt valid and free SSL certificates
Thanks to the excellent Let's Encrypt, you can generate SSL certificates, which are universally recognized, secure and free of charge. Automating this process across multiple servers is a common task in our DevOps consulting projects.
Now we need to configure the DNS name of the website that will be hosted in order to reach the IP of our server
DNS configuration example
To configure DNS, we need to log into our provider's panel and register a name similar this one
mydomain.ext A 1.1.1.1We install Let's Encrypt and generate the SSL and TLS certificates
apt-get install certbot python3-certbot-apacheLet's create the Apache2 configuration
certbot --apacheWe test the renewal of certificates
certbot renew --dry-runWe check that the scheduled Cron process for renewal is present
cat /etc/cron.d/certbotIf there were no problems resolving our domain, our virtual hosts will respond in HTTPS, returning the famous "little green light" to us on the browser
The apache2 Virtual hosts
HTTP virtual hosts
To configure an http virtual host, we can use a very simple definition, such as this listing
It is available in the directory /etc/apache2/sites-available default vhost, from which we can start
<VirtualHost *:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>HTTPS virtual hosts
HTTPS virtual hosts, include the necessary paths for using SSL and enabling PHP
<VirtualHost *:443>
ServerAdmin [email protected]
DocumentRoot "/var/www/data/online"
ServerName mydomain.ext
ServerAlias www.mydomain.ext
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Protocols h2 h2c http/1.1
SSLEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mydomain.ext/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.ext/privkey.pem
<FilesMatch ".+\.ph(p[345]?|t|tml)$">
SetHandler "proxy:fcgi://127.0.0.1:9000"
</FilesMatch>
</VirtualHost>At this point, our web server will be able to respond in HTTPS and serve PHP pages.
Install MariaDB MySQL's Fork
Debian, like many other distributions, can no longer provide the MySQL package directly as it is proprietary. At the time of writing, it has not yet been packaged by Oracle for Debian 13 Trixie. If MySQL 8.0 or MySQL 8.4 is a required dependency, it currently needs to be compiled from source.
However, MySQL is replaced by the completely free fork, MariaDB, which offers more features and support. We will install MariaDB 11.8 directly from the Debian repositories:
apt install mariadb-serverConfiguring and maintaining a high-performance LAMP stack requires specific skills. We are by your side to optimize the security and stability of your corporate server, avoiding bottlenecks and incorrect configurations.
