PHP

From Jon's Wiki
Revision as of 09:11, 13 August 2021 by Johnno (talk | contribs) (Created page with "There's a lot of talk about using Nginx instead of Apache, and for some things it's probably easier to configure or maintain, especially if you're writing IaC, but some things...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

There's a lot of talk about using Nginx instead of Apache, and for some things it's probably easier to configure or maintain, especially if you're writing IaC, but some things still assume or prefer Apache, particularly in PHP land. WordPress and NextCloud are example PHP applications that want to modify their .htaccess files in-place, for example to keep up with security developments.

These instructions assume Ubuntu LTS (currently 20.04, c. August 2021) and are easily adapted to a Docker or other definition.

That said, running Apache using mod-php should only be used on a development workstation, if at all. Apart from being incompatible with HTTP/2, it is a CPU and memory hog, since it can only run using Apache's horribly inefficient prefork MPM worker. Apache has several ways to deal with multi-process management (MPM), but can only run one scheme at a time. There are other much better, more modern, multithreaded and very fast MPM workers, and luckily these days we can use Apache's Event MPM and FastCGI modules with PHP-FPM, which has been built-in since version 5.4 of PHP.

Prerequisites

Install some stuff first. To support NextCloud for example, this Apache PHP recipe also uses PostgreSQL, Redis, FastCGI with PHP FPM, and Dehydrated for managing Letsencrypt SSL certificates.

sudo apt install apache2 libapache2-mod-fcgid \
   php7.4-{bcmath,bz2,curl,gd,fpm,gmp,intl,json,mbstring,opcache,pgsql,soap,tidy,xmlrpc,xsl,zip}
   php-{fpm,imagick,redis} composer dehydrated postgresql redis-server

Set up Apache

Enable the required Apache configurations and modules:

a2enconf php7.4-fpm
a2enmod dir env headers mpm_event proxy_fcgi rewrite setenvif ssl
systemctl restart apache2

You should now be able to define your virtual hosts in /etc/apache2/sites-available and enable them, with PHP support.

Deny access to git repositories

Add a global config to deny access to git repositories and other hidden stuff, in /etc/apache2/conf-available/deny-git.conf:

# /etc/apache2/conf-available/deny-git.conf
RedirectMatch 404 "/\.(git|hg|bzr|svn|cvs|tag|ht)"

Then enable it with:

a2enconf deny-git
systemctl restart apache2

Add a virtual host

A virtual host for a typical PHP web application should look something like this:

<VirtualHost *:443>
  ServerName app.example.com
  DocumentRoot /var/www/app

  <Directory "/var/www/app">
    Options FollowSymLinks MultiViews
    AllowOverride All
    Require all granted
  </Directory>

  SSLEngine On
  SSLCertificateFile ...
</VirtualHost>

Configure PHP

The configuration for PHP code hosted by Apache using PHP-FPM is located under /etc/php/7.4/fpm.

You will not be able to use mod-php php_value directives in Apache configuration; either try and do without, or set environment variables instead.

PHP works a lot better with a few extra things configured. Enable the opcache, increase the memory limit, and depending on what you're hosting, increase the maximum POST size so users can upload photos and other large files. Fiddle with these settings in /etc/php/7.4/fpm/php.ini:

max_execution_time = 60
memory_limit = 512M
post_max_size = 500M
upload_max_filesize = 500M
opcache.enable=1

Other fun helpful things include using Redis for PHP sessions, and tuning the FPM process parameters to make stuff more efficient under load.