In this post, we will describe the step-by-step configuration of Ubuntu Apache with PHP and Nginx as a reverse proxy. The following tasks will be covered:

1. Installation of Apache and PHP
2. Enabling selection of PHP versions
3. Configuring websites from different clients while restricting access to other directories
4. Installation of Nginx with the pagespeed module provided by Google
5. Setting up Nginx as a reverse proxy



Each stage will include detailed explanations. For this configuration, we will be using Ubuntu 16.0.4 server with SSH only.

STAGE 1 (Install Apache + PHP)

Begin by opening a shell with root rights:

sudo -i

Next, install Apache:

apt install -y apache2

The -y flag is needed to automate the installation process and automatically answer yes to all questions during the installation. Without it, you will be prompted to confirm the installation.

Install PHP as mod_php:

apt install -y php libapache2-mod-php

At this stage, we have PHP version 7 installed as an Apache module.

STAGE 2 (Option to select PHP versions)

Initially, we installed the Apache + PHP server, and PHP is currently working for us as an Apache module. There are various modes of PHP operation, including mod_php, CGI/FastCGI, and PHP-FPM. We will be focusing on CGI/FastCGI. Although some may view this as the slowest option, it is the mode of operation used by most shared hosting providers.

We will need to build the PHP versions we require from source. First, update the repository and install the necessary packages:

apt update
apt install -y make \
git autoconf\
lynx\
wget\
build-essential\
libxml2-dev\
libssl-dev\
libbz2-dev\
libcurl4-openssl-dev\
libpng12-dev\
libfreetype6-dev\
libxpm-dev\
libmcrypt-dev\
libmhash-dev\
libmysqlclient-dev\
libjpeg62-dev\
freetds-dev\
libjson-c-dev\
re2c\
zlib1g-dev\
libpcre3\
libpcre3-dev\
unzip \
libxslt1-dev

Then, create folders for PHP and navigate to the directory where the PHP sources will be stored:

mkdir -p /opt/source/php
mkdir -p /opt/php/
cd /opt/source/php

Download and unpack the necessary version of PHP:

wget -c http://php.net/get/php-5.6.18.tar.bz2/from/this/mirror -O php-5.6.18.tar.bz2
tar xvjf php-5.6.18.tar.bz2

Finally, navigate to the downloaded and unpacked PHP directory and configure PHP.

To ensure proper operation of suexec, it is crucial to set directories' permissions correctly. Although an instance will be given as an example, deciding how to arrange the directories is up to you since the example is not optimal. The folder hierarchy is as follows:

|--/var/www/ - Root folder, permissions 751 owner root
|----/php-bin - Folder for storing default settings for PHP
|------/php-5.6.18 - Folder for storing default settings for php-5.6.18
|--------php - Executable file for PHP-5.6.18
|--------php.ini - Default configuration file
|--------php.ini - Default configuration file
|----/apache-cert - certificate storage folder for Apache

Create folders for the user:

mkdir -p /var/www/users/admin
mkdir -p /var/www/users/admin/domain.ru
mkdir -p /var/www/users/admin/apache-log
mkdir -p /var/www/users/admin/php-bin
mkdir -p /var/www/users/admin/temp
mkdir -p /var/www/users/admin/temp/php-session

Copy the configuration files for PHP:

cp /opt/php/php-5.6.18/fcgi-bin/php /var/www/users/admin/php-bin/php
cp /opt/php/php-5.6.18/fcgi-bin/php.ini /var/www/users/admin/php-bin/php.ini

Create a user and set the owner of the folder:

useradd -m -s /bin/bash admin
passwd admin
chown admin:admin -R /var/www/users/admin

Set the root directory for the user:

usermod -d /var/www/users/admin admin

Setting up virtual hosts in Apache:

<VirtualHost *:8080>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/users/admin/domain.ru

SuexecUserGroup admin admin

<IfModule mod_remoteip.c>
RemoteIPHeader X-Forwarded-For
RemoteIPHeader X-Real-IP
RemoteIPInternalProxy 127.0.0.1
</IfModule>

<ifmodule mod_rewrite.c>
Rewrite Engine On
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}]
</ifmodule>


<IfModule mod_fcgid.c>
IPCCommTimeout 7200
FcgidConnectTimeout 320
MaxRequestLen 25728640
FcgidMaxRequestsPerProcess 0
FcgidBusyTimeout 3600
FcgidOutputBufferSize 0
</IfModule>

<FilesMatch "\.ph(p[3-5]?|tml)$">
SetHandler fcgid-script
FCGIWrapper /var/www/users/admin/php-bin/php
</FilesMatch>

ErrorLog /var/www/users/admin/apache-log/error.log
CustomLog /var/www/users/admin/apache-log/access.log combined
</VirtualHost>
<Directory /var/www/users/admin/www>
AllowOverride All
Options +Includes +ExecCGI
</Directory>

In the user's php.ini settings, change session.save_path:
session.save_path = /var/www/users/admin/temp/php-session

Restart Apache:

service apache2 restart

STEP 4 (Installing Nginx with Google's Pagespeed Module)

To support pagespeed in Nginx, rebuilding it with this module is necessary. To avoid additional settings later, it's easier to install it first. Change ports for Apache:

/etc/apache2/ports.conf
+ Your created virtual hosts

Restart Apache:

service apache2 restart

Install Nginx:

apt-get install nginx

Building Nginx with Pagespeed

First, install all the required packages for building:

apt install -y build-essential zlib1g-dev libpcre3 libpcre3-dev unzip libxslt1-dev libgd-dev libgeoip-dev

Create folders for Nginx sources:

mkdir -p /opt/source/nginx
cd /opt/source/nginx

Download and unpack Pagespeed and psol:

wget https://github.com/pagespeed/ngx_pagespeed/archive/v1.11.33.4-beta.zip
unzip v1.11.33.4-beta.zip
cd ngx_pagespeed-1.11.33.4-beta
wget https://dl.google.com/dl/page-speed/psol/1.11.33.4.tar.gz
tar -xzvf 1.11.33.4.tar.gz

The psol itself is downloaded and unpacked in a directory with ngx_pagespeed. Go to the folder with Nginx:

cd /opt/source/nginx/

Check the Nginx version (Ubuntu 16.0.4 installs version 1.10.0 by default)

On shared hosting, it is recommended to have both apache and nginx, unless you are specifically using Bitrix. In my opinion, when you have server access, it's better to keep things simple and use modern software like nginx and php7.4-fpm. These are sufficient for most frameworks and CMS on php.

It may be necessary to run older applications, but in this case, it's important to ensure compatibility by rewriting code or placing them on a separate smaller server to avoid confusion.

Simplifying the settings will reduce support time and make it faster and easier to set up and maintain. By doing this, you can have two servers that will work efficiently for your needs. The first server can have nginx + php7.4-fpm, while the second can have nginx+apache+php5.6.
Although there may be some cost, considering current tariffs, it won't be significant, and setting up and maintaining each server will be clear and straightforward.

To ensure proper functioning of Apache, it's necessary to adjust firewall settings on the webserver. For this purpose, Uncomplicated Firewall (UFW) is often used as a simplified interface for firewall management in Ubuntu.

To grant Apache access permission, it needs to be registered with UFW. You can view the list of applications that are compatible with UFW using the command:

$ sudo ufw app list