Apache 2.4, PHP 5.4 on EC2 instance

This tutorial just updated version of my previous one. This time we are going to install newer version of apache (httpd 2.4), PHP 5.4 but as a PHP-FPM. Instructions are pretty simple. You can just copy and paste command to get working stack in less then 15 minutes.

What you can learn from it? How to install Apache 2.4 and PHP 5.4, how to enable and APC, and how to install HTTPS on your server, with purchasing SSL certificate.

Amazon Web Server

• Log in to server as ec2-user,
  ssh -i your_pem_key.pem ec2-user@instance_name_or_ip
• To save some time, switch to sudo user:
  sudo -i
• Upgrade everything to latest versions:
  yum update

Lets start with some software:

sudo yum install httpd24 mod24_proxy_html php54-fpm 
sudo yum install php54-mcrypt php54-mbstring php54-pecl-apc php54-gd php54-mysql php54-xml

After while…

sudo service php-fpm start
sudo service httpd start
sudo chkconfig --levels 235 httpd on
sudo chkconfig php-fpm on

Done – your LAMP stack works. Let’s do some more configuration around PHP:

PHP configuration

In /etc/php.ini timezone should be setup like that:

date.timezone = "Australia/Sydney"
expose_php = Off

Don’t forget to restart httpd and php-fpm to see changes

sudo service httpd restart
sudo service php-fpm restart

By default PHP has very low limit on  size of uploaded files. It’s very good practice to increase it.
We are looking for 2 values

upload_max_filesize=20M
post_max_size=32M

Server configuration

Now we have to update server to proper TimeZone

cd /etc/
sudo rm -rf localtime && sudo ln -s /usr/share/zoneinfo/Australia/Sydney localtime

Of course replace Australia/Sydney with proper Time Zone – pretty nice list is available on PHP documentation website.

http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html

Good idea is to update time on the server straight away using command

sudo ntpdate -u pool.ntp.org

Apache configuration

We have to push our PHP files from Apache to PHP-FPM deamon.
Create file /etc/httpd/conf.d/proxy.conf
and paste there these lines

ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/html/$1

If you would like to use sockets instead of TCP connection, yo ucan set it up like this:

ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/var/run/php-sock|fcgi://localhost/var/www/html

Restart Apache again – sudo service httpd restart and try again using test:

echo "<?php phpinfo();" > /var/www/html/info.php

And test it via browser: http://your-ip/info.php

.htaccess support

sudo nano /etc/httpd/conf/httpd.conf
You are looking for section starting:

# Further relax access to the default document root:
<Directory "/var/www/html">

And just change
AllowOverride None
to
AllowOverride All
to enable .htaccess
To disable showing up directory content update

Options Indexes FollowSymLinks

to

Options -Indexes 
Options -FollowSymLinks

Some security settings (don’t expose Apache)

ServerTokens Prod
ServerSignature Off

Fontface Apache support

AddType application/vnd.ms-fontobject .eot
AddType application/x-font-ttf .ttf
AddType application/x-font-woff .woff

Get some speed on Apache

<IfModule mod_headers.c>
  <FilesMatch "\.(js|css|xml|gz)$">
    Header append Vary: Accept-Encoding
</FilesMatch>
</IfModule>

# compress text, html, javascript, css, xml:

AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

Securing Apache with SSL

Let’s install mod24_ssl

sudo yum install mod24_ssl

And generate private key + CSR

openssl req -nodes -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out server.csr

don’t forget to copy this file in save location ! /etc/pki/tls/private/localhost.key

if we got our purchased SSL certyficate, we have to create file with it. Usually you have to marge all of them to one file:

cat spidersoft_com_au.crt spidersoft_com_au.ca-bundle > spidersoft_com_au.crt.bundle

now we have to make couple small amends in /etc/httpd/conf.d/ssl.conf file.

 

DocumentRoot "/var/www/html"
ServerName www.spidersoft.com.au:443
SSLCertificateFile /etc/pki/tls/certs/spidersoft_com_au.crt.bundle
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

 

 

Don’t forget to check if your certificate was installed properly. I’m using this website www.sslshopper.com/ssl-checker.html