How To Install Linux, Apache, MySQL, PHP (LAMP) on Debian 8

Files Structure:

/srv
- /mydomain.com
  - /.socks
  - /www
    - /cgi-bin
    - /logs
    - /public_html
    - /ssl
    - /tmp
  - /blog
    - /cgi-bin
    - /logs
    - /public_html
    - /ssl
    - /tmp

1. Installation of Apache 2.4

apt-get -y install apache2-mpm-prefork apache2-utils apache2-suexec

1.1. Configuration of Apache 2
We need to activate modules.
a2enmod suexec rewrite ssl actions include headers expires dav_fs dav auth_digest

2. Installation of MySQL

You can automate this step by following this tutorial.
apt-get install -y mysql-server

2.1 Securing the installation

To secure your installation of MySQL you have to use the command line mysql_secure_installation and remove all test tables and users.

3. Installation of PHP (FPM) + basic modules

apt-get install -y php5-fpm php-apc php5-mysql php5 php5-common php5-gd php5-mysql php5-imap php5-cli php5-cgi php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick php5-curl php5-intl php5-memcache php5-memcached php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached

3.1 Enable PHP5 FPM for Apache2

a2enmod fastcgi

4. Configure your first website

#Create the user
/usr/sbin/useradd -M website1 -d /srv/mydomain.com/www/ -s /bin/false

#Create the structure
mkdir -p /srv/mydomain.com/.socks
chown -R root:root /srv/mydomain.com/.socks
chmod 1751 /srv/mydomain.com/.socks

mkdir -p /srv/mydomain.com/www/{cgi-bin,logs,public_html,ssl,tmp}
chown -R website1:website1 /srv/mydomain.com/www/
chown -R root:root /srv/mydomain.com/www/ssl
chown -R website1:website1 /srv/mydomain.com/www/cgi-bin
chown root:website1 /srv/mydomain.com/www/logs
chown root:root /srv/mydomain.com/www
chmod 1755 /srv/mydomain.com/www/
chmod 1700 /srv/mydomain.com/www/ssl
chmod 1750 /srv/mydomain.com/www/tmp
chmod 1750 /srv/mydomain.com/www/logs
chmod 1750 /srv/mydomain.com/www/cgi-bin

4.1 Non-SSL Virtual Host

Virtual Host folder: /etc/apache2/sites-available

Put the content below to /etc/apache2/sites-available/www.mydomain.com.conf
Don’t forget to change YOUR_SERVER_IP by your server IP Address!

<VirtualHost YOUR_SERVER_IP:80>
 ServerAdmin webmaster@mydomain.com
 ServerName  mydomain.com
 ServerAlias  www.mydomain.com
 DocumentRoot /srv/mydomain.com/www/public_html
 Options None
 <IfModule mod_fastcgi.c>
  <IfModule mod_php5.c>
   php_admin_flag engine off
  </IfModule>
  <FilesMatch \.php$>
   SetHandler php5-fcgi
  </FilesMatch>
  Alias /cgi-bin/ /srv/mydomain.com/www/cgi-bin/
  FastCgiExternalServer /srv/mydomain.com/www/cgi-bin/www.mydomain.com.external -socket /srv/mydomain.com/.socks/www.mydomain.com.sock
  AddHandler php5-fcgi .php
  Action php5-fcgi /cgi-bin/www.mydomain.com.external
  <Directory /srv/mydomain.com/www/cgi-bin>
   Require all granted
  </Directory>
 </IfModule>
 <Directory /srv/mydomain.com/www/public_html>
  Require all granted
  RewriteEngine on

  #Redirect all http traffic to https
  RewriteCond %{SERVER_PORT} 80
  RewriteRule ^(.*)$ https://www.mydomain.com/ [R=301,L]

  #Redirect non-www to www
  RewriteCond %{HTTP_HOST} ^([a-z.]+)?mydomain\.com$ [NC]
  RewriteCond %{HTTP_HOST} !^www\. [NC]
  RewriteRule .? http://www.%mydomain.com%{REQUEST_URI} [R=301,L]

  Options SymLinksIfOwnerMatch
  AllowOverride Indexes Limit Options AuthConfig FileInfo
 </Directory>
 # Log
 ErrorLog /srv/mydomain.com/www/logs/error.log
 LogLevel warn
 CustomLog /srv/mydomain.com/www/logs/access.log combined
</VirtualHost>

4.2 Configuration of PHP FPM

Pool configuration folder: /etc/php5/fpm/pool.d (one pool per Virtual Host)

Put the content below to /etc/php5/fpm/pool.d/www.mydomain.com.conf

; Pool name
[www.mydomain.com]
; On utilisera une socket
listen = /srv/mydomain.com/.socks/www.mydomain.com.sock
; Permission for the socket
listen.owner = website1
listen.group = website1
listen.mode = 0666
; User/Group for the process
user = website1
group = website1
; Process configuration
pm = dynamic
pm.max_children = 20
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 10
slowlog = /srv/mydomain.com/www/logs/php5-fpm.www.mydomain.com.log.slow
; Some PHP configuration directives (Change the way you want)
; If you enable open_basedir, upload_tmp_dir must be a child folder of the base_dir directory.
php_admin_value[open_basedir] = /srv/mydomain.com/www
php_admin_value[session.save_path] = /srv/mydomain.com/www/tmp
php_admin_value[upload_tmp_dir] = /srv/mydomain.com/www/tmp
php_admin_value[short_open_tag] = On
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i
;Disable unsecure functions
php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,exec,passthru,system,shell_exec,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source,fsocket,fsockopen,pfsockopen

4.3 Enable the new configuration

#Enable your new Apache Virtual Host
a2ensite www.mydomain.com
#Reload PHP5 FPM pools
service php5-fpm reload
#Reload Apache
service apache2 reload

Common Problems

If your PHP FPM won’t spawn your socket, check if you don’t have two pools with the same domain/subdomain [www.mydomain.com] (First or second line of your fpm pool configuration file)

The GrimmChester