Setup LAMP Stack on Debian Wheezy/Jessie

Published: August 31, 2016 Last Updated: September 16, 2017 Author: Saad Ali

WARNING! Following this article, improvise if necessary. Your environment may be different than mine. I am not responsible if you screw up!

The Jessie sections of this article can be referenced for configuring a LAMP stack on Debian Stretch and Ubuntu Xenial.

In this tutorial I will demonstrate how to setup a LAMP stack with PHP-FPM on Debian Wheezy and Jessie. There are only differences in Apache configuration for both distributions due to different version.

Install Packages

Begin by installing packages:

For Apache 2.2 (Debian Wheezy)

# apt-get install mariadb-server apache2 apache2-mpm-worker libapache2-mod-fastcgi php5 php5-fpm php5-common php5-curl php5-gd php5-mcrypt php5-mysqlnd php5-readline

For Apache 2.4 (Debian Jessie)

# apt-get install mariadb-server apache2 php5 php5-fpm php5-common php5-curl php5-gd php5-mcrypt php5-mysqlnd php5-readline

Configure MariaDB

Run the secure installation script and answer all the questions asked:

# mysql_secure_installation

Create a User (Optional)

You can create a separate user for each PHP application. A PHP application pool will be configured later to run the application via the user. This step is entirely optional. You can also configure PHP application pools to run as web server user (i.e. www-data).

# adduser phpapp

Configuring an FPM Pool

PHP-FPM configuration files are at /etc/php5/fpm. The php.ini file here is used as a central PHP configuration for all PHP applications running via PHP-FPM. The directory /etc/php5/fpm/pool.d is where you can create multiple PHP application pools and set resource limits in an ini style configuration file. For this example we will configure an application pool with user phpapp.

Copy the existing pool configuration:

# cp /etc/php5/fpm/pool.d/www.conf /etc/php5/fpm/pool.d/phpapp.conf

Modify parameters in the file /etc/php5/fpm/pool.d/phpapp.conf as follows:

...
[phpapp]
...
user = phpapp
group = phpapp
...
listen = /var/run/fpm-phpapp.sock
...

You may have to modify pm.max_children, pm.start_servers, pm.min_spare_servers and pm.max_spare_servers parameters according to the traffic load on your server. You can also modify specific PHP configuration parameters for each pool at the end of the file using php_flag, php_admin_flag and php_admin_value parameters.

There are various other pool parameters which can be modified if needed such as:

Configuring pool's status for monitoring purposes via pm.status_path parameter (This may require some configuration changes in Apache).
Configuring pool's ping for monitoring purposes via ping.path and ping.response parameters (This may require some configuration changes in Apache).
Configuring pool's access, slow request, timeouts logs via access.log, access.format, slowlog, request_slowlog_timeout parameters.
Configuring pool's file descriptor limits via rlimit_files and rlimit_core parameters.
Configuring pool's file extension limits for preventing any errors in web server configuration via security.limit_extensions parameter.
Configuring pool's environment variables via env[VARIABLE_NAME] parameter(s).

It all depends on application and administrative needs but the configuration above is very basic to get the application up and running.

After configuring an application pool, restart the main PHP-FPM process:

# /etc/init.d/php5-fpm restart

Configuring Apache Web Server

Debian Wheezy comes with Apache 2.2.22 and Debian Jessie comes with Apache 2.4.10. Both version are configured differently for PHP-FPM.

Configuring Apache for Wheezy

Since the relevant packages were already installed, all we need to do is enable a few Apache modules and setup a virtual host.

# a2enmod actions fastcgi alias rewrite ssl

For virtual host, you can either use the following single Apache configuration snippet to run all sites via PHP-FPM:

  <IfModule mod_fastcgi.c>
    AddType application/x-httpd-fastphp5 .php
    Action application/x-httpd-fastphp5 /php5-fcgi
    Alias /php5-fcgi /usr/lib/cgi-bin/php5fpm
    FastCgiExternalServer /usr/lib/cgi-bin/php5fpm -socket /var/run/php5-fpm.sock -pass-header Authorization
  </IfModule>

This will limit your options. You can only run sites using www-data or a user of your choosing (defined in PHP-FPM pool configuration). Another way is to include that configuration block above in every virtual host with some modifications.

For example, let say that we want to run a web site phpapp.com using the PHP-FPM pool defined previously. Apache non SSL virtual host configuration would be as follows:

<VirtualHost *:80>
  ServerAdmin admin@phpapp.com
  DocumentRoot /home/phpapp/public_html
  ServerName phpapp.com
  ServerAlias www.phpapp.com

  <IfModule mod_fastcgi.c>
    AddType application/x-httpd-fastphp5 .php
    Action application/x-httpd-fastphp5 /php5-fcgi
    Alias /php5-fcgi /usr/lib/cgi-bin/php5-fpm_phpapp_http
    FastCgiExternalServer /usr/lib/cgi-bin/php5-fpm_phpapp_http -socket /var/run/fpm-phpapp.sock -pass-header Authorization
  </IfModule>

  ErrorLog ${APACHE_LOG_DIR}/phpapp.com-error.log
  CustomLog ${APACHE_LOG_DIR}/phpapp.com-access.log combined
</VirtualHost>

And SSL virtual host configuration would be as follows:

<VirtualHost *:443>
  ServerAdmin admin@phpapp.com
  DocumentRoot /home/phpapp/public_html
  ServerName phpapp.com
  ServerAlias www.phpapp.com

  SSLEngine On
  SSLProtocol ALL -SSLv2 -SSLv3
  SSLHonorCipherOrder On
  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
  SSLCertificateFile /path/to/ssl/certificate
  SSLCertificateKeyFile /path/to/ssl/key
  SSLCertificateChainFile /path/to/ssl/ca-bundle

  <IfModule mod_fastcgi.c>
    AddType application/x-httpd-fastphp5 .php
    Action application/x-httpd-fastphp5 /php5-fcgi
    Alias /php5-fcgi /usr/lib/cgi-bin/php5-fpm_phpapp_https
    FastCgiExternalServer /usr/lib/cgi-bin/php5-fpm_phpapp_https -socket /var/run/fpm-phpapp.sock -pass-header Authorization
  </IfModule>

  ErrorLog ${APACHE_LOG_DIR}/phpapp.com-ssl-error.log
  CustomLog ${APACHE_LOG_DIR}/phpapp.com-ssl-access.log combined
</VirtualHost>

Note that unless the block mod_fastcgi.c is defined globally, you have to keep the Alias (defined in the block) different for both virtual hosts as Apache will not accept the same block in both virtual hosts.

Configuring Apache for Jessie

Since the relevant packages were already installed, all we need to do is enable a few Apache modules and setup a virtual host.

# a2enmod proxy proxy_fcgi rewrite ssl

Similar to Apache’s Wheezy virtual host configuration, you can either use the following single Apache configuration snippet to run all sites via PHP-FPM:

  <FilesMatch ".*\.php$">
    SetHandler "proxy:unix:/var/run/php5-fpm.sock|fcgi://localhost"
  </FilesMatch>

Again, this will limit your options. You can only run sites using www-data or a user of your choosing. Another way is to include that configuration block above in every virtual host.

We will again use the same example where we want to run a web site phpapp.com using the PHP-FPM pool defined previously (optionally using phpapp Linux user). The Apache non SSL virtual host configuration would be as follows:

<VirtualHost *:80>
  ServerAdmin admin@phpapp.com
  DocumentRoot /home/phpapp/public_html
  ServerName phpapp.com
  ServerAlias www.phpapp.com

  <FilesMatch ".*\.php$">
    SetHandler "proxy:unix:/var/run/fpm-phpapp.sock|fcgi://localhost"
  </FilesMatch>

  ErrorLog ${APACHE_LOG_DIR}/phpapp.com-error.log
  CustomLog ${APACHE_LOG_DIR}/phpapp.com-access.log combined
</VirtualHost>

And SSL virtual host configuration would be as follows:

<VirtualHost *:443>
  ServerAdmin admin@phpapp.com
  DocumentRoot /home/phpapp/public_html
  ServerName phpapp.com
  ServerAlias www.phpapp.com

  SSLEngine On
  SSLProtocol ALL -SSLv2 -SSLv3
  SSLHonorCipherOrder On
  SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
  SSLCertificateFile /path/to/ssl/certificate
  SSLCertificateKeyFile /path/to/ssl/key
  SSLCertificateChainFile /path/to/ssl/ca-bundle

  <FilesMatch ".*\.php$">
    SetHandler "proxy:unix:/var/run/fpm-phpapp.sock|fcgi://localhost"
  </FilesMatch>

  ErrorLog ${APACHE_LOG_DIR}/phpapp.com-ssl-error.log
  CustomLog ${APACHE_LOG_DIR}/phpapp.com-ssl-access.log combined
</VirtualHost>

There is no modification required here because unlike mod_fcgid, mod_proxy_fcgi has no provision for starting the application process. It will just proxy the connection to the defined socket.

Tagged as: Linux Debian Stretch Jessie Wheezy Xenial Apache MySQL MariaDB PHP FPM LAMP