Setting Up PHP-FPM, Apache, and Nginx with SSL on Ubuntu
This guide will walk you through setting up a server where Nginx serves static frontend files and acts as a reverse proxy to Apache, which handles PHP requests via PHP-FPM. We’ll also configure SSL with Let’s Encrypt’s Certbot to ensure secure connections.
1. Install and Configure Nginx
Install Nginx
sudo apt update
sudo apt install nginx
Configure Nginx
Create a configuration file for your site at /etc/nginx/sites-available/site1:
<server>
listen 80;
server_name site1.com www.site1.com;
root /var/www/site1/public;
index index.html index.htm index.php;
location / {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~* \.(html|xml|txt|pdf|js|css|jpg|jpeg|png|gif|ico|svg|webp)$ {
root /var/www/site1/public;
expires 1y; # Set long-term caching for static files
add_header Cache-Control "public, max-age=31536000, immutable";
}
location ~* \.php$ {
proxy_pass http://localhost:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
error_log /var/log/nginx/site1-error.log;
access_log /var/log/nginx/site1-access.log;
listen 443 ssl; # SSL for HTTPS
ssl_certificate /etc/letsencrypt/live/site1.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/site1.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
</server>
Activate the Site and Restart Nginx
sudo ln -s /etc/nginx/sites-available/site1 /etc/nginx/sites-enabled/
sudo systemctl restart nginx
2. Install and Configure Apache
Install Apache and PHP-FPM
sudo apt update
sudo apt install apache2 php-fpm
Configure Apache to Use PHP-FPM
Create a configuration file for your site at /etc/apache2/sites-available/site1.conf:
<VirtualHost *:8080>
ServerName site1.com
DocumentRoot /var/www/site1/public
<Directory /var/www/site1/public>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
<FilesMatch \.php$>
SetHandler "proxy:unix:/run/php/php8.2-fpm.sock|fcgi://localhost"
</FilesMatch>
ErrorLog ${APACHE_LOG_DIR}/site1-error.log
CustomLog ${APACHE_LOG_DIR}/site1-access.log combined
</VirtualHost>
Enable Apache Configuration and Required Modules
sudo a2enmod proxy_fcgi setenvif
sudo a2enconf php8.2-fpm
sudo a2ensite site1.conf
sudo systemctl restart apache2
3. Configure PHP-FPM
Ensure PHP-FPM is Running
sudo systemctl start php8.2-fpm
sudo systemctl enable php8.2-fpm
4. Configure SSL with Let’s Encrypt Certbot
Install Certbot
sudo apt update
sudo apt install certbot python3-certbot-nginx
Obtain and Configure SSL Certificate
sudo certbot --nginx -d site1.com -d www.site1.com
Certbot will automatically update your Nginx configuration and set up SSL certificates.
5. Update Hosts File
Add your domain to the /etc/hosts file for local testing:
127.0.0.1 site1.com
127.0.0.1 www.site1.com
6. Restart Services
sudo systemctl restart nginx
sudo systemctl restart apache2
Now you have a server configured with Nginx serving static files and acting as a reverse proxy to Apache, which handles PHP requests via PHP-FPM. Nginx is configured to listen on ports 80 and 443 (SSL) with certificates managed by Let’s Encrypt, ensuring secure connections and optimized performance for static files according to Google Page Speed recommendations.
