PHP
There's a lot of talk about using Nginx instead of Apache, and for some things it's probably easier to configure or maintain, especially if you're writing IaC, but some things still assume or prefer Apache, particularly in PHP land. WordPress and NextCloud are example PHP applications that want to modify their .htaccess files in-place, for example to keep up with security developments.
These instructions assume Ubuntu LTS (currently 20.04, c. August 2021) and are easily adapted to a Docker or other definition.
That said, running Apache using mod-php should only be used on a development workstation, if at all. Apart from being incompatible with HTTP/2, it is a CPU and memory hog, since it can only run using Apache's horribly inefficient prefork MPM worker. Apache has several ways to deal with multi-process management (MPM), but can only run one scheme at a time. There are other much better, more modern, multithreaded and very fast MPM workers, and luckily these days we can use Apache's Event MPM and FastCGI modules with PHP-FPM, which has been built-in since version 5.4 of PHP.
Prerequisites
Install some stuff first. To support NextCloud for example, this Apache PHP recipe also uses PostgreSQL, Redis, FastCGI with PHP FPM, and Dehydrated for managing Letsencrypt SSL certificates.
sudo apt install apache2 libapache2-mod-fcgid \ php7.4-{bcmath,bz2,curl,gd,fpm,gmp,intl,json,mbstring,opcache,pgsql,soap,tidy,xmlrpc,xsl,zip} php-{fpm,imagick,redis} composer dehydrated postgresql redis-server
Set up Apache
Enable the required Apache configurations and modules:
a2enconf php7.4-fpm a2enmod dir env headers mpm_event proxy_fcgi rewrite setenvif ssl systemctl restart apache2
You should now be able to define your virtual hosts in /etc/apache2/sites-available and enable them, with PHP support.
Deny access to git repositories
Add a global config to deny access to git repositories and other hidden stuff, in /etc/apache2/conf-available/deny-git.conf:
# /etc/apache2/conf-available/deny-git.conf RedirectMatch 404 "/\.(git|hg|bzr|svn|cvs|tag|ht)"
Then enable it with:
a2enconf deny-git systemctl restart apache2
Add a virtual host
A virtual host for a typical PHP web application should look something like this:
<VirtualHost *:443> ServerName app.example.com DocumentRoot /var/www/app <Directory "/var/www/app"> Options FollowSymLinks MultiViews AllowOverride All Require all granted </Directory> SSLEngine On SSLCertificateFile ... </VirtualHost>
Configure PHP
The configuration for PHP code hosted by Apache using PHP-FPM is located under /etc/php/7.4/fpm.
You will not be able to use mod-php php_value directives in Apache configuration; either try and do without, or set environment variables instead.
PHP works a lot better with a few extra things configured. Enable the opcache, increase the memory limit, and depending on what you're hosting, increase the maximum POST size so users can upload photos and other large files. Fiddle with these settings in /etc/php/7.4/fpm/php.ini:
max_execution_time = 60 memory_limit = 512M post_max_size = 500M upload_max_filesize = 500M opcache.enable=1
Other fun helpful things include using Redis for PHP sessions, and tuning the FPM process parameters to make stuff more efficient under load.