Apache 2.4, PHP 5.4 on EC2 instance
This tutorial just updated version of my previous one. This time we are going to install newer version of apache (httpd 2.4), PHP 5.4 but as a PHP-FPM. Instructions are pretty simple. You can just copy and paste command to get working stack in less then 15 minutes.
What you can learn from it? How to install Apache 2.4 and PHP 5.4, how to enable and APC, and how to install HTTPS on your server, with purchasing SSL certificate.
Amazon Web Server
- Log in to server as ec2-user,
ssh -i your_pem_key.pem ec2-user@instance_name_or_ip
- To save some time, switch to sudo user:
sudo -i
- Upgrade everything to latest versions:
yum update
Lets start with some software:
sudo yum install httpd24 mod24_proxy_html php54-fpm sudo yum install php54-mcrypt php54-mbstring php54-pecl-apc php54-gd php54-mysql php54-xml
After while…
sudo service php-fpm start sudo service httpd start sudo chkconfig --levels 235 httpd on sudo chkconfig php-fpm on
Done – your LAMP stack works. Let’s do some more configuration around PHP:
PHP configuration
In /etc/php.ini
timezone should be setup like that:
date.timezone = "Australia/Sydney" expose_php = Off
Don’t forget to restart httpd and php-fpm to see changes
sudo service httpd restart sudo service php-fpm restart
By default PHP has very low limit on size of uploaded files. It’s very good practice to increase it.
We are looking for 2 values
upload_max_filesize=20M post_max_size=32M
Server configuration
Now we have to update server to proper TimeZone
cd /etc/ sudo rm -rf localtime && sudo ln -s /usr/share/zoneinfo/Australia/Sydney localtime
Of course replace Australia/Sydney with proper Time Zone – pretty nice list is available on PHP documentation website.
http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html
Good idea is to update time on the server straight away using command
sudo ntpdate -u pool.ntp.org
Apache configuration
We have to push our PHP files from Apache to PHP-FPM deamon.
Create file /etc/httpd/conf.d/proxy.conf
and paste there these lines
ProxyPassMatch ^/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/html/$1
If you would like to use sockets instead of TCP connection, yo ucan set it up like this:
ProxyPassMatch ^/(.*\.php(/.*)?)$ unix:/var/run/php-sock|fcgi://localhost/var/www/html
Restart Apache again – sudo service httpd restart and try again using test:
echo "<?php phpinfo();" > /var/www/html/info.php
And test it via browser: http://your-ip/info.php
.htaccess support
sudo nano /etc/httpd/conf/httpd.conf
You are looking for section starting:
# Further relax access to the default document root: <Directory "/var/www/html">
And just change
AllowOverride None
to
AllowOverride All
to enable .htaccess
To disable showing up directory content update
Options Indexes FollowSymLinks
to
Options -Indexes Options -FollowSymLinks
Some security settings (don’t expose Apache)
ServerTokens Prod ServerSignature Off
Fontface Apache support
AddType application/vnd.ms-fontobject .eot AddType application/x-font-ttf .ttf AddType application/x-font-woff .woff
Get some speed on Apache
<IfModule mod_headers.c> <FilesMatch "\.(js|css|xml|gz)$"> Header append Vary: Accept-Encoding </FilesMatch> </IfModule>
# compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain AddOutputFilterByType DEFLATE text/html AddOutputFilterByType DEFLATE text/xml AddOutputFilterByType DEFLATE text/css AddOutputFilterByType DEFLATE text/javascript AddOutputFilterByType DEFLATE application/xml AddOutputFilterByType DEFLATE application/xhtml+xml AddOutputFilterByType DEFLATE application/rss+xml AddOutputFilterByType DEFLATE application/javascript AddOutputFilterByType DEFLATE application/x-javascript
Securing Apache with SSL
Let’s install mod24_ssl
sudo yum install mod24_ssl
And generate private key + CSR
openssl req -nodes -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out server.csr
don’t forget to copy this file in save location ! /etc/pki/tls/private/localhost.key
if we got our purchased SSL certyficate, we have to create file with it. Usually you have to marge all of them to one file:
cat spidersoft_com_au.crt spidersoft_com_au.ca-bundle > spidersoft_com_au.crt.bundle
now we have to make couple small amends in /etc/httpd/conf.d/ssl.conf
file.
DocumentRoot "/var/www/html" ServerName www.spidersoft.com.au:443 SSLCertificateFile /etc/pki/tls/certs/spidersoft_com_au.crt.bundle SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
Don’t forget to check if your certificate was installed properly. I’m using this website www.sslshopper.com/ssl-checker.html