Apache in Debian
Linux

Installing Apache, HTTPS and PHP-FPM in Debian 12

17 March 2024 / Commenti

In this guide we will install Apache, PHP-FPM, Let's Encrypt SSL in Debian 12 Bookworm. We will apply the first optimizations and test the results by creating phpinfo.ini

We install Apache2

We install the Apache web server with HTTPS the first in the LAMP stack, which will take care of serving content
To optimize web server performance, we recommend using PHP-FPM, mpm_event and http2
Most websites, use secure connections, we will see how to generate a valid and free HTTPS certificate with Let's Encrypt

By default, there is the multi-process module, mpm_prefork, which allows you to use mod_php and php8.2, the internal interpreter
This approach is not recommended on heavily visited sites, besides the increased slowness, arrived at the maximum number of threads, the web server, stops responding until a thread that can serve the content is freed

  1. Let's install Apache2

    apt install apache2

  2. We disable the mpm_prefork module

    a2dismod mpm_prefork

  3. We enable mpm_event and http2

    a2enmod mpm_event http2

  4. Let's restart Apache2

    service apache2 restart

Install PHP-FPM

PHP-FPM is an alternative implementation of PHP FastCGI, known for its speed, three times faster than the classic module, and additional features

FPM is a real daemon, it stays listening for PHP requests, via a UNIX port or socket
It represents the P of our LAMP

Let's install FPM and FastCGI

apt install php-fpm libapache2-mod-fcgid

We enable the modules

a2enmod actions proxy_fcgi alias headers

Let's restart the PHP FPM process

service php8.2-fpm restart

Let's restart Apache2

service apache2 restart

You can now configure for all apache2 virtual hosts to use FPM by adding this handler in their definition:

<FilesMatch ".+\.ph(p[345]?|t|tml)$">
    SetHandler "proxy:fcgi://127.0.0.1:9000"
</FilesMatch>

To test the execution of PHP and get information about modules and configuration, we can create a phpinfo.php file in the configured directory on our virtual host

<?php
  phpinfo();
  phpinfo(INFO_MODULES);
?>

By visiting https://IP-WEB/phpinfo.php we can view information about PHP

We install the necessary modules, PHP-MySQL and some of the more common ones

apt-get install php8.2-{mysql,curl,gd,intl,imap,mcrypt,ps,pspell,snmp,sqlite,tidy,xmlrpc,xsl}

We can also choose to install the most common modules, such as the default ones in Plesk

apt-get install php8.2-{bcmath,enchant,imap,ldap,mysql,curl,dba,enchant,gd,intl,ldap,mbstring,mcrypt,odbc,opcache,pgsql,sqlite3,pspell,soap,tidy,xml,xmlrpc,xsl,zip}

Let's Encrypt valid and free SSL certificates

Thanks to the excellent Let's Encrypt, you can generate SSL certificates, which are universally recognized, secure and free of charge
You need to configure the DNS name of the website we are going to host so that it reaches the IP of our server

DNS configuration example

To configure DNS, we need to log into our provider's panel and register a name like this

mydomain.ext A 1.1.1.1

We install Let's Encrypt and generate the SSL and TLS certificates

apt-get install certbot python3-certbot-apache

Let's create the Apache2 configuration

certbot --apache

We test the renewal of certificates

certbot renew --dry-run

We check that the scheduled Cron process for renewal is present

cat /etc/cron.d/certbot

If there were no problems resolving our domain, our virtual hosts will respond in HTTPS, returning the famous "little green light" to us on the browser

The apache2 Virtualhosts

HTTP virtual hosts

To configure an http virtual host, we can use a very simple definition, such as this listing
It is available in the directory /etc/apache2/sites-available default vhost, from which we can start

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

HTTPS virtual hosts.

HTTPS virtual hosts, include the necessary paths for using SSL and enabling PHP

<VirtualHost *:443>
    ServerAdmin [email protected]
    DocumentRoot "/var/www/data/online"
    ServerName mydomain.ext
    ServerAlias www.mydomain.ext
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    Protocols h2 h2c http/1.1
    SSLEngine on
    Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile /etc/letsencrypt/live/mydomain.ext/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.ext/privkey.pem
    <FilesMatch ".+\.ph(p[345]?|t|tml)$">
        SetHandler "proxy:fcgi://127.0.0.1:9000"
    </FilesMatch>
</VirtualHost>

At this point our web server will be able to respond in HTTPS and serve PHP pages.

Support for production?

We are on your side! Free 30m Analysis to Optimize your setup.
Contact an Apache Webserver expert without obligation.

Add new comment

About text formats

Comment

  • Allowed HTML tags: <br> <p> <code class="language-*"> <pre>
  • Lines and paragraphs break automatically.
  • Only images hosted on this site may be used in <img> tags.