In this post, we will describe the step-by-step configuration of Ubuntu Apache with PHP and Nginx as a reverse proxy. The following tasks will be covered:
1. Installation of Apache and PHP
2. Enabling selection of PHP versions
3. Configuring websites from different clients while restricting access to other directories
4. Installation of Nginx with the pagespeed module provided by Google
5. Setting up Nginx as a reverse proxy
(https://hostinghub.ru/sites/default/files/field/image/apache2-virtual-hosts-on-ubuntu-18.jpg)
Each stage will include detailed explanations. For this configuration, we will be using Ubuntu 16.0.4 server with SSH only.
STAGE 1 (Install Apache + PHP)
Begin by opening a shell with root rights:
sudo -i
Next, install Apache:
apt install -y apache2
The -y flag is needed to automate the installation process and automatically answer yes to all questions during the installation. Without it, you will be prompted to confirm the installation.
Install PHP as mod_php:
apt install -y php libapache2-mod-php
At this stage, we have PHP version 7 installed as an Apache module.
STAGE 2 (Option to select PHP versions)
Initially, we installed the Apache + PHP server, and PHP is currently working for us as an Apache module. There are various modes of PHP operation, including mod_php, CGI/FastCGI, and PHP-FPM. We will be focusing on CGI/FastCGI. Although some may view this as the slowest option, it is the mode of operation used by most shared hosting providers.
We will need to build the PHP versions we require from source. First, update the repository and install the necessary packages:
apt update
apt install -y make \
git autoconf\
lynx\
wget\
build-essential\
libxml2-dev\
libssl-dev\
libbz2-dev\
libcurl4-openssl-dev\
libpng12-dev\
libfreetype6-dev\
libxpm-dev\
libmcrypt-dev\
libmhash-dev\
libmysqlclient-dev\
libjpeg62-dev\
freetds-dev\
libjson-c-dev\
re2c\
zlib1g-dev\
libpcre3\
libpcre3-dev\
unzip \
libxslt1-dev
Then, create folders for PHP and navigate to the directory where the PHP sources will be stored:
mkdir -p /opt/source/php
mkdir -p /opt/php/
cd /opt/source/php
Download and unpack the necessary version of PHP:
wget -c http://php.net/get/php-5.6.18.tar.bz2/from/this/mirror -O php-5.6.18.tar.bz2
tar xvjf php-5.6.18.tar.bz2
Finally, navigate to the downloaded and unpacked PHP directory and configure PHP.
To ensure proper operation of suexec, it is crucial to set directories' permissions correctly. Although an instance will be given as an example, deciding how to arrange the directories is up to you since the example is not optimal. The folder hierarchy is as follows:
|--/var/www/ - Root folder, permissions 751 owner root
|----/php-bin - Folder for storing default settings for PHP
|------/php-5.6.18 - Folder for storing default settings for php-5.6.18
|--------php - Executable file for PHP-5.6.18
|--------php.ini - Default configuration file
|--------php.ini - Default configuration file
|----/apache-cert - certificate storage folder for Apache
Create folders for the user:
mkdir -p /var/www/users/admin
mkdir -p /var/www/users/admin/domain.ru
mkdir -p /var/www/users/admin/apache-log
mkdir -p /var/www/users/admin/php-bin
mkdir -p /var/www/users/admin/temp
mkdir -p /var/www/users/admin/temp/php-session
Copy the configuration files for PHP:
cp /opt/php/php-5.6.18/fcgi-bin/php /var/www/users/admin/php-bin/php
cp /opt/php/php-5.6.18/fcgi-bin/php.ini /var/www/users/admin/php-bin/php.ini
Create a user and set the owner of the folder:
useradd -m -s /bin/bash admin
passwd admin
chown admin:admin -R /var/www/users/admin
Set the root directory for the user:
usermod -d /var/www/users/admin admin
Setting up virtual hosts in Apache:
<VirtualHost *:8080>
ServerAdmin webmaster@localhost
dоcumentRoot /var/www/users/admin/domain.ru
SuexecUserGroup admin admin
<IfModule mod_remoteip.c>
RemoteIPHeader X-Forwarded-For
RemoteIPHeader X-Real-IP
RemoteIPInternalProxy 127.0.0.1
</IfModule>
<ifmodule mod_rewrite.c>
Rewrite Engine On
RewriteRule .* - [E=REMOTE_USER:%{HTTP:Authorization}]
</ifmodule>
<IfModule mod_fcgid.c>
IPCCommTimeout 7200
FcgidConnectTimeout 320
MaxRequestLen 25728640
FcgidMaxRequestsPerProcess 0
FcgidBusyTimeout 3600
FcgidOutputBufferSize 0
</IfModule>
<FilesMatch "\.ph(p[3-5]?|tml)$">
SetHandler fcgid-script
FCGIWrapper /var/www/users/admin/php-bin/php
</FilesMatch>
ErrorLog /var/www/users/admin/apache-log/error.log
CustomLog /var/www/users/admin/apache-log/access.log combined
</VirtualHost>
<Directory /var/www/users/admin/www>
AllowOverride All
Options +Includes +ExecCGI
</Directory>
In the user's php.ini settings, change session.save_path:
session.save_path = /var/www/users/admin/temp/php-session
Restart Apache:
service apache2 restart
STEP 4 (Installing Nginx with Google's Pagespeed Module)
To support pagespeed in Nginx, rebuilding it with this module is necessary. To avoid additional settings later, it's easier to install it first. Change ports for Apache:
/etc/apache2/ports.conf
+ Your created virtual hosts
Restart Apache:
service apache2 restart
Install Nginx:
apt-get install nginx
Building Nginx with Pagespeed
First, install all the required packages for building:
apt install -y build-essential zlib1g-dev libpcre3 libpcre3-dev unzip libxslt1-dev libgd-dev libgeoip-dev
Create folders for Nginx sources:
mkdir -p /opt/source/nginx
cd /opt/source/nginx
Download and unpack Pagespeed and psol:
wget https://github.com/pagespeed/ngx_pagespeed/archive/v1.11.33.4-beta.zip
unzip v1.11.33.4-beta.zip
cd ngx_pagespeed-1.11.33.4-beta
wget https://dl.google.com/dl/page-speed/psol/1.11.33.4.tar.gz
tar -xzvf 1.11.33.4.tar.gz
The psol itself is downloaded and unpacked in a directory with ngx_pagespeed. Go to the folder with Nginx:
cd /opt/source/nginx/
Check the Nginx version (Ubuntu 16.0.4 installs version 1.10.0 by default)
On shared hosting, it is recommended to have both apache and nginx, unless you are specifically using Bitrix. In my opinion, when you have server access, it's better to keep things simple and use modern software like nginx and php7.4-fpm. These are sufficient for most frameworks and CMS on php.
It may be necessary to run older applications, but in this case, it's important to ensure compatibility by rewriting code or placing them on a separate smaller server to avoid confusion.
Simplifying the settings will reduce support time and make it faster and easier to set up and maintain. By doing this, you can have two servers that will work efficiently for your needs. The first server can have nginx + php7.4-fpm, while the second can have nginx+apache+php5.6.
Although there may be some cost, considering current tariffs, it won't be significant, and setting up and maintaining each server will be clear and straightforward.
To ensure proper functioning of Apache, it's necessary to adjust firewall settings on the webserver. For this purpose, Uncomplicated Firewall (UFW) is often used as a simplified interface for firewall management in Ubuntu.
To grant Apache access permission, it needs to be registered with UFW. You can view the list of applications that are compatible with UFW using the command:
$ sudo ufw app list
Setting up a directory hierarchy in Apache involves organizing and structuring your web server's file system to allow for efficient and logical hosting of web content. Here's a more detailed overview of how to set up a directory hierarchy in Apache:
1. Choose a root directory: First, you'll need to choose a root directory on your server where all of your web content will be stored. This is typically something like "/var/www/html" on Unix-based systems or "C:\xampp\htdocs" on Windows for a default Apache installation.
2. Create subdirectories: Within the root directory, you can create subdirectories to organize different types of content. For example, you might have a "css" directory for cascading style sheets, an "img" directory for images, and a "js" directory for JavaScript files.
3. Set up virtual hosts (optional): If you're hosting multiple websites on the same server, you can use virtual hosts to set up separate directory hierarchies for each site. This allows you to keep the content for each site organized and separate from one another.
4. Configure access control: You can use Apache's configuration files to set up access control within your directory hierarchy. This might involve using .htaccess files to restrict access to certain directories or setting up authentication to require a username and password for access.
5. Set permissions: Ensure that the directory hierarchy has the correct file permissions set to allow the web server to access and serve the content. This typically involves setting the appropriate ownership and permissions on the directories and files within the hierarchy.
6. Test and troubleshoot: Once your directory hierarchy is set up, be sure to test it thoroughly to ensure that your content is being served correctly. If you encounter any issues, troubleshoot them by checking your Apache error logs and reviewing your configuration settings.
Here are some more examples of how you might set up a directory hierarchy in Apache:
1. Organizing by Project:
- You could create a separate directory for each project or website you're working on within the root directory. For example:
- `/var/www/html/project1`
- `/var/www/html/project2`
This approach keeps the content for each project neatly organized and easily accessible.
2. Categorizing by Content Type:
- If your website has a variety of content types (such as images, videos, and dоcuments), you could organize your directory hierarchy by content type:
- `/var/www/html/images`
- `/var/www/html/videos`
- `/var/www/html/dоcuments`
This makes it simple to locate and manage different types of content.
3. Separating Static and Dynamic Content:
- You might organize your directory hierarchy to separate static content (like images and CSS) from dynamic content (like PHP scripts):
- `/var/www/html/static`
- `/var/www/html/dynamic`
This can help with caching and optimization, as well as making it easier to manage different types of content.
4. Grouping by Department or Team:
- If your website is managed by different departments or teams, you could organize your directory hierarchy accordingly:
- `/var/www/html/marketing`
- `/var/www/html/sales`
- `/var/www/html/engineering`
This allows each team to have its own space for managing and updating content.
5. Multi-language Websites:
- For multi-language websites, you might want to organize your content by language:
- `/var/www/html/en` (English)
- `/var/www/html/es` (Spanish)
- `/var/www/html/de` (German)
This can help with localization and content management for different language versions of your site.