Apache, HTTPS and PHP-FPM in CentOS 10
Linux

Install Apache, HTTPS and PHP-FPM in CentOS 10

29 December 2024 / Commenti

In this guide we will see how to install LAMP in CentOS Stream 10 using dnf, the default package manager.

Introduction

In our Linux Support interventions, LAMP stacks (Linux, Apache, MySQL, PHP), LEMP (NginX) and the like are critical for Web Apps, CMS and e-commerce such as WordPress, Magento, Drupal and many others.

To install LAMP in CentOS Stream 10 we start by installing the Apache web server with HTTPS, the first component of the stack, which will be responsible for serving content.

To optimize web server performance, we recommend using PHP-FPM, mpm_event and HTTP2. Most websites use secure connections. We will also see how to generate a valid and free HTTPS certificate with Let's Encrypt.

Installing LAMP in CentOS 10 Stream

1. Install Apache2

By default, the mpm_prefork multi-process module is provided, which allows you to use mod_php or php8.0, the in-house interpreter. This approach is not recommended for heavily-visited sites, since having reached the maximum number of threads, the web server stops responding until a thread is freed.

  1. Let's install Apache2

    sudo dnf install httpd.

  2. Let's make sure the mpm_event_module is in use to ensure better performance.

    sudo grep mpm_event_module /etc/httpd/conf.modules.d/00-mpm.conf

    1. If nothing is displayed we edit the file /etc/httpd/conf.modules.d/00-mpm.conf so that the LoadModule line looks like the following, to load mpm_event

      LoadModule mpm_event_module modules/mod_mpm_event.so

  3. We check in the same previous way that http2 is active.

    sudo grep http2_module /etc/httpd/conf.modules.d/10-h2.conf

    1. In case it is not we edit the file /etc/httpd/conf.modules.d/10-h2.conf as below:

      LoadModule http2_module modules/mod_http2.so.

  4. Restart Apache2.

    sudo systemctl restart httpd

  5. Let's make sure Apache2 is enabled at startup

    sudo systemctl enable httpd
sudo systemctl start httpd

  6. Let's check that Apache2 httpd is enabled

    sudo systemctl status httpd
    ● httpd.service - The Apache HTTP Server.
     Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: disabled)
     Active: active (running) since Fri 2024-10-18 00:47:25 UTC; 1min 6s ago
   Main PID: 67247 (httpd)

  7. We allow HTTP and HTTPS traffic through the firewall

    sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

2. Install PHP-FPM

PHP-FPM is an alternative implementation of PHP FastCGI, known for its speed, three times faster than the classic module, with additional functionality. FPM is a real daemon that stays listening for PHP requests via a UNIX port or socket. It represents the P of our LAMP.

  1. Let's install FPM and FastCGI.

    sudo dnf install php php-fpm

  2. Let's restart the PHP FPM process.

    sudo systemctl restart php-fpm.

  3. Let's restart Apache2.

    sudo systemctl restart httpd

PHP-FPM Virtual Host Configuration.

You can now configure all Apache2 virtual hosts to use FPM with the template below, or create new ones within /etc/httpd/conf.d/ using a name ending in .conf, starting with this example:

# Ensure that Apache listens on port 80
<VirtualHost *:80>
    DocumentRoot /var/www/html
    ServerName www.mydomain.ext
    # Other directives here
    <FilesMatch ".+\.ph(p[345]?|t|tml)$">
        SetHandler "proxy:unix:/run/php-fpm/www.sock"
    </FilesMatch>    
</VirtualHost>

Now we can test the web server and PHP by creating the file /var/www/html/info.php:

<?php
  phpinfo();
  phpinfo(INFO_MODULES);
?>

We install the necessary modules and PHP-MySQL. We can choose to install some of the more common modules as well.

sudo dnf install php-pear \
                php-{mysqlnd,gd,intl,snmp,xsl,pdo,mbstring}

3. Install Let's Encrypt for Free SSL Certificates

Using Let's Encrypt and the certbot daemon, you can generate universally recognized, secure and free SSL certificates. You need to configure the DNS name of the website to reach the IP of our server.

Example of DNS configuration.

To configure DNS, we access our provider's panel and create a record of type "A".

mydomain.ext A 1.1.1.1

We install Let's Encrypt and generate the SSL and TLS certificates.

sudo dnf install epel-release

We accept the key if requested:

CentOS Stream 10 - Extras packages 2.1 MB/s | 2.1 kB 00:00    
Importing GPG key 0x1D997668:
 Userid : "CentOS Extras SIG (https://wiki.centos.org/SpecialInterestGroup) "
 Fingerprint : 363F C097 2F64 B699 AED3 968E 1FF6 A217 1D99 7668
 From : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512
Is this ok [y/N]: y

Let's install Let's Encrypt certbot

sudo dnf install certbot python3-certbot-apache

Let's restart Apache2 httpd to let it generate the self-signed certificates

sudo systemctl restart httpd

Let's create the Apache2 configuration.

sudo certbot --apache

We test the renewal of certificates.

sudo certbot renew --dry-run.

We check that the Cron scheduled process for renewal is present.

sudo grep certbot /etc/cron.d/ -R

If the resolution of our domain is correct, our virtual hosts will respond in HTTPS, returning the famous "green padlock" on the browser.

Apache2 Virtual Hosts

HTTP Virtual Hosts

To configure an HTTP virtual host, we can use a simple definition like the one listed below by creating a file in the /etc/httpd/conf.d directory

<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    <FilesMatch ".+\.ph(p[345]?|t|tml)$">
        SetHandler "proxy:unix:/run/php-fpm/www.sock"
    </FilesMatch>
</VirtualHost>
HTTPS Virtual Hosts

HTTPS virtual hosts include the necessary paths for using SSL and enabling PHP.

<VirtualHost *:443>
    ServerAdmin [email protected]
    DocumentRoot "/var/www/data/online"
    ServerName mydomain.ext
    ServerAlias www.mydomain.ext
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    Protocols h2 h2c http/1.1
    SSLEngine on
    Include /etc/letsencrypt/options-ssl-apache.conf
    SSLCertificateFile /etc/letsencrypt/live/mydomain.ext/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.ext/privkey.pem
    <FilesMatch ".+\.ph(p[345]?|t|tml)$">
        SetHandler "proxy:unix:/run/php-fpm/www.sock"
    </FilesMatch>
</VirtualHost>

4. Install MySQL or MariaDB

To install MySQL or MariaDB, we use the corresponding packages mysql-server and mariadb-server.

  1. To install MySQL server:

    sudo dnf install mysql-server

  2. To install MariaDB (I personally prefer it):

    sudo dnf install mariadb-server

For detailed configuration, you can refer to our guide to installing and configuring MySQL for CentOS 9 Stream.

Conclusion

We managed to install LAMP in CentOS 10 Stream, now our server is ready to host a CMS or Web App

Optimize Your CentOS Server

Configure Apache, HTTPS and PHP-FPM with support from our experts. Simple, secure, professional CentOS support. Now Free 30' Consultation!

If you found this guide useful, please share it on social, others may need it.

Add new comment

About text formats

Comment

  • Allowed HTML tags: <br> <p> <code class="language-*"> <pre>
  • Lines and paragraphs break automatically.
  • Only images hosted on this site may be used in <img> tags.