Tag Archives: Linux How to

Unix Similar multi-user operating systems based on the Linux kernel and essentially on GNU software. Like CentOS, Debian, Ubuntu Fedora.

Multiple PHP-FPM versions with Apache on Debian 12

The Apache web server provide virtual hosts to support multiple domains on a single instance, and PHP-FPM manage multiple PHP versions on a Debian server.

Apache WebserverMultiple PHP-FPM versions with Apache on Debian

Together, with Apache and PHP-FPM to hosting multiple PHP web-applications, each using a different version of PHP, all on the same server, and all at the same time. This because different applications may require different versions of PHP, but some server stacks, like a regularly configured LAMP stack, can only manage one. Using Apache with PHP-FPM FastCGI Process Manager is also a more cost-efficient solution than hosting each application on its own instance.

In this tutorial you’ll learn how to deploy two PHP sites on a single instance. Each site will use its own domain, and each domain use its own version of PHP. The first, site1.mydomain will use PHP 8.2. The second, site2.mydomain use PHP 7.4.

Step 1 – Installing PHP Version 8.2 with PHP-FPM

After the requirements are met, install PHP versions 7.4 and 8.2 as well as PHP-FPM and several additional extensions. To achieve this, the Sury PHP repository must first be added to the system.

The installation on Debian is done here as root by using “su -“.
First of all, required service packages are installed.

$ apt install lsb-release apt-transport-https ca-certificates wget gnupg -y

Add the Sury Repository for latest PHP version on the system.

$ wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
$ echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php.list

Update the package lists as follows.

$ apt update

Install the Apache web server it is not already done.

$ apt install apache2 -y

Now install PHP 8.2 and PHP-FPM FastCGI Process Manager together with the most important PHP modules.

$ apt install php8.2 php8.2-fpm php8.2-{cli,mysql,imap,intl,apcu,cgi,bz2,zip,mbstring,gd,curl,xml,common,opcache,imagick,libapache2-mod-php8.2,libapache2-mod-fcgid} -y

Step 2 – Installing PHP Version 7.4 with PHP-FPM

Next step repeat the process for PHP version 7.4 with PHP-FPM.

$ apt install php7.4 php7.4-fpm php7.4-{cli,mysql,imap,intl,apcu,cgi,bz2,zip,mbstring,gd,curl,xml,common,opcache,imagick,libapache2-mod-php7.4} -y

quote  As you may have noticed, the libapache2-mod-fcgid package is not included in the command because it was already installed in step 1.

Update the packages as follows.

$ apt update && apt upgrade -y
$ [ -f /run/reboot-required ] && reboot -f

With installing two PHP versions, start the php8.2-fpm service.

$ systemctl start php8.2-fpm

Next, verify the status of the php8.2-fpm service.

$ systemctl status php8.2-fpm

Repeating this process, now start the php7.4-fpm service.

$ systemctl start php7.4-fpm

And verify the status of the php7.4-fpm service.

$ systemctl status php7.4-fpm

Step 3 – Configure Apache for Multiple PHP-FPM versions

Finaly, enable several modules using the Apache helper command so that your Apache2 service work with multiple PHP versions.

$ a2enmod actions fcgid alias proxy_fcgi

Now restart the Apache service to apply your changes.

$ systemctl restart apache2

With this steps you have installed two PHP versions on your server. Next, you’ll create a docroot for each website you want to deploy.

Step 4 – Creating Docroot for 2 Apache Websites

In this step, you will create a document root directory and an index page for each of your two websites.

First, create document root directories for site1.mydomain and site2.mydomain.

$ mkdir /var/www/site1.mydomain
$ mkdir /var/www/site2.mydomain

By default, the Apache webserver runs as a www-data user and www-data group. To ensure that you have the correct ownership and permissions of your website root directories, execute the following commands.

$ chown -R www-data:www-data /var/www/site1.mydomain
$ chown -R www-data:www-data /var/www/site2.mydomain
$ chmod -R 755 /var/www/site1.mydomain
$ chmod -R 755 /var/www/site2.mydomain

Next you’ll create an phpinfo.php file inside each website document root. This will display each website’s PHP version information. Now let’s begin with site1.

$ vi /var/www/site1.mydomain/phpinfo.php

quote Use the editor of your choice, maybe it’s nano, it’s possible for old dudes who can’t replace the heavy rock VIM with anything!

Add the following code into it.

<?php phpinfo(); ?>

Save and close the file. Now copy the phpinfo.php file you created to site2.

$ cp /var/www/site1.mydomain/phpinfo.php /var/www/site2.mydomain/phpinfo.php

The web server should now have the document root directories that each site requires to serve data to visitors. Next, you will configure the Apache web server to work with two different PHP versions.

Step 5 – Configuring Apache for Both Websites

In this step, you’ll create two Apache virtual host configuration files. This will enable your two websites to work simultaneously with two different PHP versions.

In order for Apache to serve this content, it is necessary to create a virtual host file that contains the needed directives. Instead of modifying the default configuration file located at /etc/apache2/sites-available/000-default.conf, you’ll create two new ones inside the directory /etc/apache2/sites-available/.

First create a new Apache virtual host configuration file for the website site1.mydomain. Here you will direct Apache to render content using php8.2.

$ vi /etc/apache2/sites-available/site1.mydomain.conf

Add the following content. Make sure the website DocumentRoot path, ServerName, and PHP version match your setup.

<VirtualHost *:80>
     ServerAdmin admin@site1.mydomain
     ServerName site1.mydomain
     DocumentRoot /var/www/site1.mydomain
     DirectoryIndex phpinfo.php

     <Directory /var/www/site1.mydomain>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
     </Directory>

    <FilesMatch \.php$>
      # For Apache version 2.4.10 and above, use SetHandler to run PHP as a fastCGI process server
      SetHandler "proxy:unix:/run/php/php8.2-fpm.sock|fcgi://localhost"
    </FilesMatch>

     ErrorLog ${APACHE_LOG_DIR}/site1.mydomain_error.log
     CustomLog ${APACHE_LOG_DIR}/site1.mydomain_access.log combined
</VirtualHost>

In this file you updated the DocumentRoot to your new directory and ServerAdmin to an email that the mydomain site administrator can access. You’ve also updated ServerName, which establishes the base domain for this virtual host configuration, and you’ve added a SetHandler directive to run PHP as a FastCGI Process Manager.

Save and close the file.

Next, create a new virtual host configuration file for the website site2.mydomain. You will specify this subdomain to deploy php7.4.

$ vi /etc/apache2/sites-available/site2.mydomain.conf

Add the following content. Again, make sure the website directory path, ServerName, and PHP version match your unique information.

<VirtualHost *:80>
     ServerAdmin admin@site2.mydomain
     ServerName site2.mydomain
     DocumentRoot /var/www/site2.mydomain
     DirectoryIndex phpinfo.php

     <Directory /var/www/site2.mydomain>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
     </Directory>

    <FilesMatch \.php$>
      # For Apache version 2.4.10 and above, use SetHandler to run PHP as a fastCGI process server
      SetHandler "proxy:unix:/run/php/php7.4-fpm.sock|fcgi://localhost"
    </FilesMatch>

     ErrorLog ${APACHE_LOG_DIR}/site2.mydomain_error.log
     CustomLog ${APACHE_LOG_DIR}/site2.mydomain_access.log combined
</VirtualHost>

Save and close the file when you are finished. Then check the Apache configuration file for any syntax errors.

$ apachectl configtest

You’ll see the following output.

Syntax OK

Next, enable both virtual host configuration files.

$ a2ensite site1.mydomain
$ a2ensite site2.mydomain

Now disable the default site, since you won’t need it.

$ a2dissite 000-default.conf

Finally, restart the Apache service to implement your changes.

$ systemctl restart apache2

Now that you have configured Apache to serve each site, you will test them to make sure the proper PHP versions are running.

Step 6 – Testing Websites using Apache with PHP-FPM versions

At this step, you have configured two Apache websites to run two different versions of PHP. Now test the results.

Open your web browser and visit both sites http://site1.mydomain and http://site2.mydomain. You will see two pages that look like this.

phpinfo Multiple PHP-FPM versions with Apache on Debian
http://site1.mydomain, PHP Version 8.2.3
phpinfo Multiple PHP-FPM versions with Apache on Debian
http://site2.mydomain, PHP Version 7.4.27

Note the titles. The first page indicates that site1.mydomain deployed PHP version 8.2. The second indicates that site2.mydomain deployed PHP version 7.4.

Step 7 – Finally, clean up no needed files

Now that you’ve tested your sites, remove the phpinfo.php files. Because they contain sensitive information about your server and are accessible to unauthorized users, they pose a security threat. To remove both files, run the following commands.

$ rm -rf /var/www/site1.mydomain/phpinfo.php
$ rm -rf /var/www/site2.mydomain/phpinfo.php

You now have a single Debian 12 server handling two websites with two different PHP versions. PHP-FPM, however, is not limited to this one application.

Conclusion

You have now combined Apache virtual hosts and PHP-FPM to serve multiple websites and multiple versions of PHP on a single server. The only practical limit on the number of PHP sites and PHP versions that your Apache service can handle is the processing power of your instance.

From here you might consider exploring PHP-FPM’s more advanced FastCGI Process Manager features, like its adaptive spawning process or how it can log sdtout and stderr. Alternatively, you could now secure your websites.

Generate random password using 10 methods in Linux

Generate Random Password using Strong Password Generator

Generate random password using 5 methods in Linux

You can manually create some of the passwords you need. However, if you want to generate a secure password for multiple users or devices, then this is not an adequate approach.

There are many Linux utilities on the web that meet these requirements. In this tutorial I will introduce the 10 best password generators, which can be used in the Linux terminal.

The following combinations will help you generate a strong password. It should be at least 10-16 characters long, including alphabets (lowercase and uppercase), numbers, and special characters.

The 10 best strong password generators

pwgen generate strong passwords that are easy for people to remember and at the same time as secure as possible.
xkcdpass uses 12 dictionaries by Aspell, the GNU spell checker project.
openssl commonly used for the various cryptography operations of OpenSSL cryptography library.
gpg used the OpenPGP encryption and signing tool.
mkpasswd create new password, can optionally be applied to a user.
makepasswd create true randomized passwords using /dev/urandom, with the accent on security over pronounceability.
md5sum calculates and verifies 128-bit MD5 hashes.
sha256sum verify data integrity using the SHA-256.
sha1pass is known to create SHA1 hash.
/dev/urandom file use character special files /dev/random to provide an interface to the kernel random number generator.

Generate strong password using pwgen

The pwgen program generates passwords in a way that people can easily remember, while being as secure as possible. For most systems, pwgen needs to be installed first.

$ sudo apt install pwgen

To do so, simple run the pwgen command in the Linux terminal. It generates 160 secure passwords in a single shot. These 160 passwords are printed in 20 rows and 8 columns.

Generate strong 6 passwords with 16 characters length. Use -s option to generate completely random, hard-to-memorize words. Run the pwgen command as follows.

$ pwgen -s 16 4
0mvQIiWNoMLxbgVR rZ7REDOdjmvOr79D JOX9aPy7dYwRzISF yZBwXb5EwrcM4h3j

If you want to generate 10 random passwords with 16 characters length, including numbers, and special characters, use these pwgen command.

$ pwgen -cnys 16 12
:38M*BA-6y90WyOl U;2+rT/~3j3|}Y)I Zqr>I0p[Ls{IF?z5 c'Zy<%`BK/4>gJ~E
4s|,{h4hQuv@UGIy la!0mH;qSF1!>F|O v@l_8Uf3DH.\}fR L"(hvNI!aafXI0ru
4"Z`[qywLRLA17VC PC>y3[o0{)/i\bN{ iRF+85e<7'of14:p G.6aC:KLG/>49Smb

Create random password using xkcdpass

xkcdpass uses the dict2 and dict6 word list by default due to their unique properties. It has an option that could be used. It can be combined with the output of pwgen to get unique passwords too. You can also use the first letter of each word of the passphrase to create a password that is also easy to remember.

Commonly the xkcdpass program has to be installed first.

$ sudo apt install xkcdpass

If you hit and run xkcdpass then 6 passwords will be displayed.

$ xkcdpass
pellet lunchroom epidemic viable jawless jumbo

xkcdpass can even be used interactively, with the -i option it asks you how many words it should generate and whether it should continue generating with ask y/N and loop until one is accepted.

$ xkcdpass -i
Enter number of words (default 6): 12
Generated: employer celibacy hypertext liqueur bounce tightrope probiotic pencil provoke spotless jawless endnote
Accept? [yN] n
Generated: concrete edginess reanalyze hatred possibly tadpole reword fresh glory casually duckling overstuff
Accept? [yN] y
concrete edginess reanalyze hatred possibly tadpole reword fresh glory casually duckling overstuff

Create random password using OpenSSL

Using OpenSSL to create secure passwords, with run the following command to create a random password with 16 characters lenght.

$ openssl rand -base64 16
8buZwXt+OKjdN9MxxuRRTw==

If you would like to generate 10 random password with 16 characters length using openssl, then ran the openssl command in a for loop.

$ for pw in {1..10}; do openssl rand -base64 16; done

Create strong password using gpg

Run the gpg program with the following command to generate a random password with 16 characters length.

$ gpg --gen-random --armor 1 16
huH4efPrgPDTNAmQU8u1ng==

Generate random password using mkpasswd

mkpasswd generates passwords and can apply them automatically to users. It’s part of the whois package so you need to install first.

$ sudo apt install whois

With no arguments, mkpasswd returns a new password. Run the mkpasswd command with hit Enter as follows.

$ mkpasswd
Password:
bDu7vypaEAWxQ

Run the mkpasswd with the following command to generate a random password with 16 characters length.

$ mkpasswd 16
YjXEEmcQGfsh6

Generate random password using makepasswd

Commonly the makepasswd program has to be installed first.

$ sudo apt install makepasswd

Run makepasswd command in terminal to generate a random password.

$ makepasswd
mtrn2vCN

Run makepasswd with the following command to generate 10 random password with 16 characters length.

$ makepasswd --chars 16 --count 10
8FeKPTsPWWnMzwPd
IzJYdQ5ugp54QL2V
to4JD057ivK97ebw
X0i8jBiALTTqJQXy
dSPpu9sVRyxuW1gs
m6f4ppv4VmAJRDBr
N21WjEES1R3CpR4b
LV5IeQ2u9B4teSSY
bpJ2pAML4InuTLMC
W8rxuaatQxU0sB1h

Generate random password using md5sum

md5sum is a computer program that calculates and verifies 128-bit MD5 hashes.

$ date | md5sum
09f9d8063cd64c4f45156e1694e405e8  -

Create strong password using sha256sum

sha256sum is designed to verify data integrity using the SHA-256 (SHA-2 family with a digest length of 256 bits).

$ date | sha256sum
9c8389ce6b87c8e401953fae7dc3a82b70042f8900638cf2c87550a5f15eb3d5  -

Generate strong password using sha1pass

sha1pass creates a SHA1 password hash. Without use any option in the command line, a random vector will be generated.

$ sha1pass
$4$sP0lvTtx$vWtERzFUpybYaV3zFh+wmJDQPUs$

Using sha1pass with the password option, the passed word is emedded in the hash string.

$ sha1pass password ChangeMe
$4$ChangeMe$/TsBdl4r0CJkvisl2emiaRyzkVU$

Create random password using /dev/urandom

Using /dev/urandom, the special character files /dev/random and /dev/urandom provide an interface to the kernel random number generator. The file /dev/random has the major device number 1 and the minor device number 8. The file /dev/urandom has the major device number 1 and the minor device number 9.

$ cat /dev/urandom | tr -dc 'a-zA-Z0-9' | head -c 16
fuIA9aVtGhmlVs0R

quote using “head -c 16” to print the first 16 bytes.