How to Install PHP-FPM with Apache on Ubuntu 18.04 – Google Cloud

How to install PHP 7.4-FPM with Apache on Ubuntu 18.04 in Google Cloud Platform. There are two distinct options to run PHP using the web server. One is using the PHP’s CGI and the other one is FPM.

FPM is a process manager to manage the FastCGI in PHP. Apache ships with mod_php by default and works with all major web servers. With mod_php there is a little performance issue because it locks out the process.

You can also configure PHP-FPM pools to run as the different user that owns the website if you are hosting multiple websites on your server in a chroot environment setup.

Getting Started

Make sure your Ubuntu server is having the latest packages by running the following command.

sudo apt update
sudo apt upgrade

This will update the package index and update the installed packages to the latest version.

Add PPA for PHP 7.4

Add the ondrej/php which has PHP 7.4 package and other required PHP extensions.

sudo apt install software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt update

Once you have added the PPA you can install PHP 7.4.

Install PHP 7.4 FPM

Now we shall install PHP 7.4-FPM and some common modules to run a PHP application like WordPress.

sudo apt install php7.4-fpm php7.4-common php7.4-mysql php7.4-xml php7.4-xmlrpc php7.4-curl php7.4-gd php7.4-imagick php7.4-cli php7.4-dev php7.4-imap php7.4-mbstring php7.4-soap php7.4-zip php7.4-bcmath -y

Wait for the installation to complete.

Once the installation is complete verify the installation using the following command.

sudo service php7.4-fpm status

You will receive an output similar to the one below.

Output
● php7.4-fpm.service - The PHP 7.4 FastCGI Process Manager
    Loaded: loaded (/lib/systemd/system/php7.4-fpm.service; enabled; vendor preset: enabled)
    Active: active (running) since Thu 2020-01-09 08:36:51 UTC; 1min 48s ago
      Docs: man:php-fpm7.4(8)
  Main PID: 15920 (php-fpm7.4)
    Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec"
     Tasks: 3 (limit: 669)
    CGroup: /system.slice/php7.4-fpm.service
            ├─15920 php-fpm: master process (/etc/php/7.4/fpm/php-fpm.conf)
            ├─15938 php-fpm: pool www
            └─15939 php-fpm: pool www

Install Apache

Once you have your PHP-FPM up and running you can install Apache web server.

sudo apt install apache2

Configure Apache with PHP-FPM

By default Apache will use mod_php so now you can configure Apache to use PHP-FPM.

Disable the default Apache vhost configuration.

sudo a2dissite 000-default

Enable proxy_fcgi module.

sudo a2enmod proxy_fcgi

Create a new Apache vhost configuration.

sudo nano /etc/apache2/sites-available/cloudbooklet.conf

Paste the below configuration in the file.

<VirtualHost *:80>
     ServerName External_IP_Address
     DocumentRoot /var/www/html

     <Directory /var/www/html>
          Options Indexes FollowSymLinks
         AllowOverride All
         Require all granted
     </Directory>

     <FilesMatch ".php$"> 
         SetHandler "proxy:unix:/var/run/php/php7.4-fpm.sock|fcgi://localhost/"          
      </FilesMatch>
 
      ErrorLog ${APACHE_LOG_DIR}/error.log
      CustomLog ${APACHE_LOG_DIR}/access.log combined  
</VirtualHost>

Hit CTRL + X followed by Y and Enter to save and exit the file.

Now you can enable the new Apache configuration.

sudo a2ensite cloudbooklet.conf

Restart Apache.

sudo service apache2 restart

Test PHP-FPM with Apache

Here we have configured /var/www/html as the webroot in the Apache configuration. So now you can navigate into that directory and create a phpinfo file to check the setup.

cd /var/www/html
sudo nano info.php

Paste the following.

<?php phpinfo;

Hit CTRL + X followed by Y and Enter to save and exit the file.

Now go your browser and point it to your server IP address or domain name followed by the info.php. So your address will look like this http://IP_Address/info.php

You will see the PHP info page and confirm PHP-FPM is used with Apache.

PHP-FPM Configuration

PHP INI: /etc/php/7.4/fpm/php.ini

Pool config: /etc/php/7.4/fpm/pool.d/www.conf

Create New PHP-FPM Pool with different user

By default Nginx and Apache runs as www-data user. PHP-FPM www.conf is also configured to run as www-data user. If you have multiple websites and wish to keep them isolated with chrooted setup and run them with their own user. You can create multiple PHP-FPM pools with different users.

Create a new PHP-FPM pool configuration.

sudo nano /etc/php/7.4/fpm/pool.d/user1.conf

Paste the following.

[user1]
user = user1
group = group1

listen = /run/php/php7.4-fpm-user1.sock

listen.owner = www-data
listen.group = www-data

pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3

Now create a new Apache vhost configuration file and set the handler to the new pool you have created.

sudo nano /etc/apache2/sites-available/site1.conf
<VirtualHost *:80>
     ServerName domain.com
     DocumentRoot /var/www/html/site1

     <Directory /var/www/html/site1>
          Options Indexes FollowSymLinks
         AllowOverride All
         Require all granted
     </Directory>

     <FilesMatch ".php$"> 
         SetHandler "proxy:unix:/var/run/php/php7.4-fpm-user1.sock|fcgi://localhost/"          
      </FilesMatch>
 
      ErrorLog ${APACHE_LOG_DIR}/error.log
      CustomLog ${APACHE_LOG_DIR}/access.log combined  
</VirtualHost>

Enable new site.

sudo a2ensite site1.conf

Make sure the new site webroot is owned by the user specified in the pool configuration and inside the specified group.

Restart Services

Once the configuration is completed you need to restart PHP-FPM and Apache for the changes to take effect.

sudo php-fpm7.4 -t
sudo service php7.4-fpm restart
sudo service apache2 restart

You can create as many pools you like using the above mentioned setup with PHP-FPM. These are the flexibility available with PHP-FPM.

Conclusion

Now you have learned how to install PHP 7.4-FPM with Apache and configure Apache. You have also learned to setup PHP-FPM pools for multiple users.

How to Install Apache with PHP-FPM on Debian 10

PHP Installation

For the PHP installation we recommend to use Ondřej Surý‘s PPA, which provides latest PHP versions for Debian systems. Add this PPA to your Debian system using the following commands:

wget -q https://packages.sury.org/php/apt.gpg -O- | sudo apt-key add -
sudo echo "deb https://packages.sury.org/php/ buster main" | tee /etc/apt/sources.list.d/php.list

After that, install the required PHP version. You can simply execute the following commands for the default PHP version installation with PHP-FPM packages.

apt update
sudo apt install php php-fpm
Note:- When you are using PHP-FPM. All the PHP modules configurations are residing under /etc/php/7.3/fpm/ directory. You can read more about enable/disable PHP modules.

After installing the above packages php7.3-fpm service will automatically be started. You can make sure by typing below command on terminal.

sudo systemctl status php7.3-fpm

● php7.3-fpm.service - The PHP 7.3 FastCGI Process Manager
   Loaded: loaded (/lib/systemd/system/php7.3-fpm.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2019-12-03 10:01:54 UTC; 24min ago
     Docs: man:php-fpm7.3(8)
 Main PID: 9883 (php-fpm7.3)
   Status: "Processes active: 0, idle: 2, Requests: 3, slow: 0, Traffic: 0req/sec"
    Tasks: 3 (limit: 3587)
   Memory: 14.2M
   CGroup: /system.slice/php7.3-fpm.service
           ├─9883 php-fpm: master process (/etc/php/7.3/fpm/php-fpm.conf)
           ├─9884 php-fpm: pool www
           └─9885 php-fpm: pool www
Dec 03 10:01:54 tecadmin-debian10 systemd[1]: Starting The PHP 7.3 FastCGI Process Manager...
Dec 03 10:01:54 tecadmin-debian10 systemd[1]: Started The PHP 7.3 FastCGI Process Manager.

How To Install the Apache Web Server on Debian 10

When using the Apache web server, you can use virtual hosts (similar to server blocks in Nginx) to encapsulate configuration details and host more than one domain from a single server. In the following commands, replace your_domain with your own domain name. To learn more about setting up a domain name with DigitalOcean, see our Introduction to DigitalOcean DNS.

Apache on Debian 10 has one server block enabled by default that is configured to serve documents from the /var/www/html directory. While this works well for a single site, it can become unwieldy if you are hosting multiple sites. Instead of modifying /var/www/html, let’s create a directory structure within /var/www for our your_domain site, leaving /var/www/html in place as the default directory to be served if a client request doesn’t match any other sites.

Create the directory for your_domain as follows, using the -p flag to create any necessary parent directories:

sudo mkdir -p /var/www/<span class="highlight">your_domain</span>

Next, assign ownership of the directory with the $USER environmental variable:

  • sudo chown -R $USER:$USER /var/www/your_domain

The permissions of your web roots should be correct if you haven’t modified your unmask value, but you can make sure by typing:

  • sudo chmod -R 755 /var/www/your_domain

Next, create a sample index.html page using nano or your favorite editor:

  • nano /var/www/your_domain/index.html

Inside, add the following sample HTML:

/var/www/your_domain/index.html
<html>
    <head>
        <title>Welcome to <span class="highlight">your_domain</span>!</title>
    </head>
    <body>
        <h1>Success!  The <span class="highlight">your_domain</span> virtual host is working!</h1>
    </body>
</html>

Save and close the file when you are finished.

In order for Apache to serve this content, it’s necessary to create a virtual host file with the correct directives. Instead of modifying the default configuration file located at /etc/apache2/sites-available/000-default.conf directly, let’s make a new one at /etc/apache2/sites-available/<span class="highlight">your_domain</span>.conf:

  • sudo nano /etc/apache2/sites-available/your_domain.conf

Paste in the following configuration block, which is similar to the default, but updated for our new directory and domain name:

/etc/apache2/sites-available/your_domain.conf
<VirtualHost *:80>
    ServerAdmin <span class="highlight">admin@your_email_domain</span>
    ServerName <span class="highlight">your_domain</span>
    ServerAlias <span class="highlight">www.your_domain</span>
    DocumentRoot /var/www/<span class="highlight">your_domain</span>
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Notice that we’ve updated the DocumentRoot to our new directory and ServerAdmin to an email that the your_domain site administrator can access. We’ve also added two directives: ServerName, which establishes the base domain that should match for this virtual host definition, and ServerAlias, which defines further names that should match as if they were the base name.

Save and close the file when you are finished.

Let’s enable the file with the a2ensite tool:

  • sudo a2ensite your_domain.conf

Disable the default site defined in 000-default.conf:

  • sudo a2dissite 000-default.conf

Next, let’s test for configuration errors:

  • sudo apache2ctl configtest

You should see the following output:

Output
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Syntax OK

Restart Apache to implement your changes:

  • sudo systemctl restart apache2

Initial Server Setup with Debian 10

Additional Instructions: Lets Encrypt, fail2ban

To ensure that the server cannot be attacked through the HTTPOXY vulnerability, we will disable the HTTP_PROXY header in apache globally by adding the configuration file /etc/apache2/conf-available/httpoxy.conf.

Note: The vulnerability is named httpoxy (without ‘r’) and therefore the file where we add the config to prevent it is named httpoxy.conf and not httproxy.conf, so there is no ‘r’ missing in the filename.

nano /etc/apache2/conf-available/httpoxy.conf

Paste the following content to the file:

<IfModule mod_headers.c>
    RequestHeader unset Proxy early
</IfModule>

And enable the module by running:

a2enconf httpoxy
systemctl restart apache2

 

11 Install Let’s Encrypt

ISPConfig 3.1 has support for the free SSL Certificate authority Let’s encrypt. The Let’s Encrypt function allows you to create free SSL certificates for your website from within ISPConfig.

Now we will add support for Let’s encrypt.

cd /usr/local/bin
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto
./certbot-auto --install-only