RickJP/gist:28f8f803bcd942023aeb1e2eeaf44411

## gistfile1.txt
CORE => UBUNTU ON LIGHTSAIL - NGINX AS WEB SERVER & REVERSE PROXY FOR APACHE

sudo ufw enable
sudo ufw allow OpenSSH

INSTALL APACHE & PHP-FPM
sudo apt update
sudo apt install apache2 php-fpm

wget https://mirrors.edge.kernel.org/ubuntu/pool/multiverse/liba/libapache-mod-fastcgi/libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb

sudo dpkg -i libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb


CONFIGURE APACHE & PHP-FPM

	CHANGE PORT NUMBER TO 8080
		CONFIGURE IT TO WORK WITH PHP-FPM USING THE MOD_FASTCGI MODULE
sudo mv /etc/apache2/ports.conf /etc/apache2/ports.conf.default
echo "Listen 8080" | sudo tee /etc/apache2/ports.conf


Note: Web servers are generally set to listen on 127.0.0.1:8080 when configuring a reverse proxy but doing so would set the value of PHP's environment variable SERVER_ADDR to the loopback IP address instead of the server's public IP. Our aim is to set up Apache in such a way that its websites do not see a reverse proxy in front of it. So, we will configure it to listen on 8080 on all IP addresses.


CREATE VIRTUAL HOSTS FOR APACHE
	DISABLE DEFAULT VIRTUAL HOST
		CREATE A NEW VIRTUAL HOST FILE, USING THE EXISTING DEFAULT SITE
sudo a2dissite 000-default
sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/001-default.conf

OPEN NEW CONFIG FILE & CHANGE LISTENING PORT TO 8080
sudo nano /etc/apache2/sites-available/001-default.conf

SAVE & ACTIVATE NEW CONFIG FILE
	RELOAD APACHE
		VERIFY APACHE IS LISTENING ON 8080
sudo a2ensite 001-default
sudo systemctl reload apache2
sudo netstat -tlpn


CONFIGURE APACHE TO USE MOD_FASTCGI

Note: If you are trying this tutorial on an existing installation of LAMP with mod_php, disable it first with sudo a2dismod php7.2.

ENABLE MOD ACTION
sudo a2enmod actions

RENAME EXISTING CONFIG FILE
sudo mv /etc/apache2/mods-enabled/fastcgi.conf /etc/apache2/mods-enabled/fastcgi.conf.default

CREATE NEW CONFIG FILE
sudo nano /etc/apache2/mods-enabled/fastcgi.conf

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<IfModule mod_fastcgi.c>
  AddHandler fastcgi-script .fcgi
  FastCgiIpcDir /var/lib/apache2/fastcgi
  AddType application/x-httpd-fastphp .php
  Action application/x-httpd-fastphp /php-fcgi
  Alias /php-fcgi /usr/lib/cgi-bin/php-fcgi
  FastCgiExternalServer /usr/lib/cgi-bin/php-fcgi -socket /run/php/php7.2-fpm.sock -pass-header Authorization
  <Directory /usr/lib/cgi-bin>
    Require all granted
  </Directory>
</IfModule>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SAVE CHANGES, DO CONFIG TEST & RELOAD APACHE
sudo apachectl -t

sudo systemctl reload apache2


VERIFY PHP FUNCTIONALITY

CREATE INFO.PHP, WHICH CONTAINS A PHPINFO FUNCTION
echo "<?php phpinfo(); ?>" | sudo tee /var/www/html/info.php

CHECK IN BROWSER
http://<SERVER_IP>:8080/info.php
http://13.115.225.133:8080/info.php

CREATE VIRTUAL HOSTS FOR APACHE
sudo mkdir -v /var/www/test1 /var/www/test2

sudo mkdir -v /var/www/english4all.world

CREATE INDEX FOR EACH SITE
echo "<h1 style='color: green;'>TESTING ONE</h1>" | sudo tee /var/www/test1/index.html
echo "<h1 style='color: red;'>TEST TWO</h1>" | sudo tee /var/www/test2/index.html

echo "<h1 style='color: red;'>TEST TWO</h1>" | sudo tee /var/www/english4all.world/index.html

CREATE PHPINFO FOR EACH SITE TO CHECK PHP IS CONFIGURED PROPERLY
echo "<?php phpinfo(); ?>" | sudo tee /var/www/test1/info.php
echo "<?php phpinfo(); ?>" | sudo tee /var/www/test2/info.php

echo "<?php phpinfo(); ?>" | sudo tee /var/www/english4all.world/info.php


CREATE VIRTUAL HOST FILE
sudo nano /etc/apache2/sites-available/test1.conf

sudo nano /etc/apache2/sites-available/english4all.world.conf

68.183.101.255
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
<VirtualHost *:8080>
        ServerName <SERVER_IP>
       # ServerAlias www.foobar.net
        DocumentRoot /var/www/test1
        <Directory /var/www/test1>
            AllowOverride All
        </Directory>
    </VirtualHost>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The line AllowOverride All enables .htaccess support.

DO THE SAME FOR THE OTHER SITE
sudo nano /etc/apache2/sites-available/test2.conf


ENABLE SITES (IT CREATES SYMBOLIC LINKS)
sudo a2ensite test1
sudo a2ensite test2

sudo a2ensite english4all.world

CHECK FOR CONFIG ERRORS & RELOAD SERVER
sudo apachectl -t
sudo systemctl reload apache2

CHECK SITES ARE WORKING
http://foobar.net:8080  &   http://test.io:8080


INSTALL & CONFIG NGINX

INSTALL
sudo apt install nginx

REMOVE THE DEFAULT VIRTUAL HOST'S SYMLINK
sudo rm /etc/nginx/sites-enabled/default

CREATE VIRTUAL HOSTS
sudo mkdir -v /usr/share/nginx/english4all.world

CREATE INDEX AND PHPINFO() FILES FOR TESTING
echo "<h1 style='color: green;'>english4all.world</h1>" | sudo tee /usr/share/nginx/english4all.world/index.html
echo "<?php phpinfo(); ?>" | sudo tee /usr/share/nginx/english4all.world/info.php


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CREATE VIRTUAL HOSTS FILE
sudo nano /etc/nginx/sites-available/english4all.world
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

server {
    listen 80 default_server;

    root /usr/share/nginx/english4all.world;
    index index.php index.html index.htm;

    server_name english4all.world www.english4all.world;
    location / {
        try_files $uri $uri/ /index.php;
    }

    location ~ \.php$ {
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
        include snippets/fastcgi-php.conf;
    }
}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

CREATE SYMBOLIC LINKS
sudo ln -s /etc/nginx/sites-available/english4all.world /etc/nginx/sites-enabled/english4all.world

TEST CONFIG
sudo nginx -t

RELOAD SERVER
sudo systemctl reload nginx


Configuring Nginx for Apache's Virtual Hosts

CREATE VIRTUAL HOST FILE TO FORWARD REQUESTS TO APACHE
sudo nano /etc/nginx/sites-available/apache

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
server {
    listen 80;
    server_name english4all.world www.english4all.world;

    location / {
        proxy_pass http://8.183.101.255:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ENABLE NEW HOST BY CREATING SYMBOLIC LINK
sudo ln -s /etc/nginx/sites-available/apache /etc/nginx/sites-enabled/apache


TEST CONFIG
sudo nginx -t

RELOAD SERVER
sudo systemctl reload nginx


INSTALL AND CONFIGURE MOD_RPAF
Rewrites the values of REMOTE_ADDR, HTTPS and HTTP_PORT based on the values provided by a reverse proxy. Without this module, some PHP applications would require code changes to work seamlessly from behind a proxy. This module is present in Ubuntu's repository as libapache2-mod-rpaf but is outdated and doesn't support certain configuration directives. Instead, we will install it from source.

sudo apt install unzip build-essential apache2-dev

wget https://github.com/gnif/mod_rpaf/archive/stable.zip
unzip stable.zip
cd mod_rpaf-stable
make
sudo make install

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CREATE FILE WHICH WILL LOAD RPAF MODULE
sudo nano /etc/apache2/mods-available/rpaf.load
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

LoadModule rpaf_module /usr/lib/apache2/modules/mod_rpaf.so

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
CREATE FILE WHICH WILL CONTAIN CONFIG DIRECTIVES FOR MOD_RPAF
sudo nano /etc/apache2/mods-available/rpaf.conf
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

<IfModule mod_rpaf.c>
        RPAF_Enable             On
        RPAF_Header             X-Real-Ip
        RPAF_ProxyIPs           your_server_ip
        RPAF_SetHostName        On
        RPAF_SetHTTPS           On
        RPAF_SetPort            On
    </IfModule>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


* RPAF_Header - The header to use for the client's real IP address.
* RPAF_ProxyIPs - The proxy IP to adjust HTTP requests for.
* RPAF_SetHostName - Updates the vhost name so ServerName and ServerAlias work.
* RPAF_SetHTTPS - Sets the HTTPS environment variable based on the value contained in X-Forwarded-Proto.
* RPAF_SetPort - Sets the SERVER_PORT environment variable. Useful for when Apache is behind a SSL proxy.

JUST IN CASE
(libtool: warning: remember to run 'libtool --finish /usr/lib/apache2/modules’)


SAVE RPAF.CONF & ENABLE MODULE (THIS CREATES SYMBOLIC LINKS)
sudo a2enmod rpaf

TEST & RELOAD
sudo apachectl -t
sudo systemctl reload apache2


Setting Up HTTPS Websites with Let's Encrypt

sudo nano /etc/nginx/sites-available/apache

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

server {
        listen 80;
        server_name english4all.world www.english4all.world;

        location / {
            proxy_pass http://68.183.101.255:8080;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ADD OFFICIAL CERTBOT REPOSITORY
sudo add-apt-repository ppa:certbot/certbot

UPDATE
sudo apt update

INSTALL PACKAGE
sudo apt install python-certbot-nginx


sudo certbot --nginx -d english4all.world -d www.english4all.world
sudo certbot --nginx -d rickdev.club -d www.rickdev.club

nslookup english4all.world


BLOCK DIRECT ACCESS TO APACHE (OPTIONAL)

sudo iptables -I INPUT -p tcp --dport 8080 ! -s 68.183.101.255 -j REJECT --reject-with tcp-reset

Note: IPtables rules do not survive a system reboot by default. There are multiple ways to preserve IPtables rules, but the easiest is to use iptables-persistent in Ubuntu's repository.

SAVE THE TABLES
sudo apt-get update
sudo apt-get install iptables-persistent


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SERVE STATIC FILES USING NGINX (OPTIONAL)
sudo nano /etc/nginx/sites-available/apache
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

server {
    listen 80;
    server_name english4all.world www.english4all.world;
    root /var/www/english4all.world;
    index index.php index.htm index.html;

    location / {
        try_files $uri $uri/ /index.php;
    }

    location ~ \.php$ {
        proxy_pass http://68.183.101.255:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location ~ /\.ht {
        deny all;
    }
}

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Warning: The location ~ /\.ht directive is very important; this prevents Nginx from serving the contents of Apache configuration files like .htaccess and .htpasswd which contain sensitive information.

TEST & RELOAD
sudo nginx -t
sudo service nginx reload

VERIFY GET REQUESTS IN APACHE LOG FILE
sudo tail -f /var/log/apache2/other_vhosts_access.log
	CORE => UBUNTU ON LIGHTSAIL - NGINX AS WEB SERVER & REVERSE PROXY FOR APACHE

	sudo ufw enable
	sudo ufw allow OpenSSH

	INSTALL APACHE & PHP-FPM
	sudo apt update
	sudo apt install apache2 php-fpm

	wget https://mirrors.edge.kernel.org/ubuntu/pool/multiverse/liba/libapache-mod-fastcgi/libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb

	sudo dpkg -i libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb



	CONFIGURE APACHE & PHP-FPM

	CHANGE PORT NUMBER TO 8080
	CONFIGURE IT TO WORK WITH PHP-FPM USING THE MOD_FASTCGI MODULE
	sudo mv /etc/apache2/ports.conf /etc/apache2/ports.conf.default
	echo "Listen 8080" \| sudo tee /etc/apache2/ports.conf


	Note: Web servers are generally set to listen on 127.0.0.1:8080 when configuring a reverse proxy but doing so would set the value of PHP's environment variable SERVER_ADDR to the loopback IP address instead of the server's public IP. Our aim is to set up Apache in such a way that its websites do not see a reverse proxy in front of it. So, we will configure it to listen on 8080 on all IP addresses.


	CREATE VIRTUAL HOSTS FOR APACHE
	DISABLE DEFAULT VIRTUAL HOST
	CREATE A NEW VIRTUAL HOST FILE, USING THE EXISTING DEFAULT SITE
	sudo a2dissite 000-default
	sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/001-default.conf

	OPEN NEW CONFIG FILE & CHANGE LISTENING PORT TO 8080
	sudo nano /etc/apache2/sites-available/001-default.conf

	SAVE & ACTIVATE NEW CONFIG FILE
	RELOAD APACHE
	VERIFY APACHE IS LISTENING ON 8080
	sudo a2ensite 001-default
	sudo systemctl reload apache2
	sudo netstat -tlpn


	CONFIGURE APACHE TO USE MOD_FASTCGI

	Note: If you are trying this tutorial on an existing installation of LAMP with mod_php, disable it first with sudo a2dismod php7.2.

	ENABLE MOD ACTION
	sudo a2enmod actions

	RENAME EXISTING CONFIG FILE
	sudo mv /etc/apache2/mods-enabled/fastcgi.conf /etc/apache2/mods-enabled/fastcgi.conf.default

	CREATE NEW CONFIG FILE
	sudo nano /etc/apache2/mods-enabled/fastcgi.conf

	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	<IfModule mod_fastcgi.c>
	AddHandler fastcgi-script .fcgi
	FastCgiIpcDir /var/lib/apache2/fastcgi
	AddType application/x-httpd-fastphp .php
	Action application/x-httpd-fastphp /php-fcgi
	Alias /php-fcgi /usr/lib/cgi-bin/php-fcgi
	FastCgiExternalServer /usr/lib/cgi-bin/php-fcgi -socket /run/php/php7.2-fpm.sock -pass-header Authorization
	<Directory /usr/lib/cgi-bin>
	Require all granted
	</Directory>
	</IfModule>

	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	SAVE CHANGES, DO CONFIG TEST & RELOAD APACHE
	sudo apachectl -t

	sudo systemctl reload apache2




	VERIFY PHP FUNCTIONALITY

	CREATE INFO.PHP, WHICH CONTAINS A PHPINFO FUNCTION
	echo "<?php phpinfo(); ?>" \| sudo tee /var/www/html/info.php

	CHECK IN BROWSER
	http://<SERVER_IP>:8080/info.php
	http://13.115.225.133:8080/info.php

	CREATE VIRTUAL HOSTS FOR APACHE
	sudo mkdir -v /var/www/test1 /var/www/test2

	sudo mkdir -v /var/www/english4all.world

	CREATE INDEX FOR EACH SITE
	echo "<h1 style='color: green;'>TESTING ONE</h1>" \| sudo tee /var/www/test1/index.html
	echo "<h1 style='color: red;'>TEST TWO</h1>" \| sudo tee /var/www/test2/index.html

	echo "<h1 style='color: red;'>TEST TWO</h1>" \| sudo tee /var/www/english4all.world/index.html

	CREATE PHPINFO FOR EACH SITE TO CHECK PHP IS CONFIGURED PROPERLY
	echo "<?php phpinfo(); ?>" \| sudo tee /var/www/test1/info.php
	echo "<?php phpinfo(); ?>" \| sudo tee /var/www/test2/info.php

	echo "<?php phpinfo(); ?>" \| sudo tee /var/www/english4all.world/info.php



	CREATE VIRTUAL HOST FILE
	sudo nano /etc/apache2/sites-available/test1.conf

	sudo nano /etc/apache2/sites-available/english4all.world.conf

	68.183.101.255
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	<VirtualHost *:8080>
	ServerName <SERVER_IP>
	# ServerAlias www.foobar.net
	DocumentRoot /var/www/test1
	<Directory /var/www/test1>
	AllowOverride All
	</Directory>
	</VirtualHost>
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	The line AllowOverride All enables .htaccess support.

	DO THE SAME FOR THE OTHER SITE
	sudo nano /etc/apache2/sites-available/test2.conf


	ENABLE SITES (IT CREATES SYMBOLIC LINKS)
	sudo a2ensite test1
	sudo a2ensite test2

	sudo a2ensite english4all.world

	CHECK FOR CONFIG ERRORS & RELOAD SERVER
	sudo apachectl -t
	sudo systemctl reload apache2

	CHECK SITES ARE WORKING
	http://foobar.net:8080 & http://test.io:8080


	INSTALL & CONFIG NGINX

	INSTALL
	sudo apt install nginx

	REMOVE THE DEFAULT VIRTUAL HOST'S SYMLINK
	sudo rm /etc/nginx/sites-enabled/default

	CREATE VIRTUAL HOSTS
	sudo mkdir -v /usr/share/nginx/english4all.world

	CREATE INDEX AND PHPINFO() FILES FOR TESTING
	echo "<h1 style='color: green;'>english4all.world</h1>" \| sudo tee /usr/share/nginx/english4all.world/index.html
	echo "<?php phpinfo(); ?>" \| sudo tee /usr/share/nginx/english4all.world/info.php


	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	CREATE VIRTUAL HOSTS FILE
	sudo nano /etc/nginx/sites-available/english4all.world
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	server {
	listen 80 default_server;

	root /usr/share/nginx/english4all.world;
	index index.php index.html index.htm;

	server_name english4all.world www.english4all.world;
	location / {
	try_files $uri $uri/ /index.php;
	}

	location ~ \.php$ {
	fastcgi_pass unix:/run/php/php7.2-fpm.sock;
	include snippets/fastcgi-php.conf;
	}
	}
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	CREATE SYMBOLIC LINKS
	sudo ln -s /etc/nginx/sites-available/english4all.world /etc/nginx/sites-enabled/english4all.world

	TEST CONFIG
	sudo nginx -t

	RELOAD SERVER
	sudo systemctl reload nginx



	Configuring Nginx for Apache's Virtual Hosts

	CREATE VIRTUAL HOST FILE TO FORWARD REQUESTS TO APACHE
	sudo nano /etc/nginx/sites-available/apache

	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	server {
	listen 80;
	server_name english4all.world www.english4all.world;

	location / {
	proxy_pass http://8.183.101.255:8080;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}
	}
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	ENABLE NEW HOST BY CREATING SYMBOLIC LINK
	sudo ln -s /etc/nginx/sites-available/apache /etc/nginx/sites-enabled/apache


	TEST CONFIG
	sudo nginx -t

	RELOAD SERVER
	sudo systemctl reload nginx


	INSTALL AND CONFIGURE MOD_RPAF
	Rewrites the values of REMOTE_ADDR, HTTPS and HTTP_PORT based on the values provided by a reverse proxy. Without this module, some PHP applications would require code changes to work seamlessly from behind a proxy. This module is present in Ubuntu's repository as libapache2-mod-rpaf but is outdated and doesn't support certain configuration directives. Instead, we will install it from source.

	sudo apt install unzip build-essential apache2-dev

	wget https://github.com/gnif/mod_rpaf/archive/stable.zip
	unzip stable.zip
	cd mod_rpaf-stable
	make
	sudo make install

	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	CREATE FILE WHICH WILL LOAD RPAF MODULE
	sudo nano /etc/apache2/mods-available/rpaf.load
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	LoadModule rpaf_module /usr/lib/apache2/modules/mod_rpaf.so

	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	CREATE FILE WHICH WILL CONTAIN CONFIG DIRECTIVES FOR MOD_RPAF
	sudo nano /etc/apache2/mods-available/rpaf.conf
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	<IfModule mod_rpaf.c>
	RPAF_Enable On
	RPAF_Header X-Real-Ip
	RPAF_ProxyIPs your_server_ip
	RPAF_SetHostName On
	RPAF_SetHTTPS On
	RPAF_SetPort On
	</IfModule>

	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


	* RPAF_Header - The header to use for the client's real IP address.
	* RPAF_ProxyIPs - The proxy IP to adjust HTTP requests for.
	* RPAF_SetHostName - Updates the vhost name so ServerName and ServerAlias work.
	* RPAF_SetHTTPS - Sets the HTTPS environment variable based on the value contained in X-Forwarded-Proto.
	* RPAF_SetPort - Sets the SERVER_PORT environment variable. Useful for when Apache is behind a SSL proxy.

	JUST IN CASE
	(libtool: warning: remember to run 'libtool --finish /usr/lib/apache2/modules’)


	SAVE RPAF.CONF & ENABLE MODULE (THIS CREATES SYMBOLIC LINKS)
	sudo a2enmod rpaf

	TEST & RELOAD
	sudo apachectl -t
	sudo systemctl reload apache2



	Setting Up HTTPS Websites with Let's Encrypt

	sudo nano /etc/nginx/sites-available/apache

	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	server {
	listen 80;
	server_name english4all.world www.english4all.world;

	location / {
	proxy_pass http://68.183.101.255:8080;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}
	}

	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	ADD OFFICIAL CERTBOT REPOSITORY
	sudo add-apt-repository ppa:certbot/certbot

	UPDATE
	sudo apt update

	INSTALL PACKAGE
	sudo apt install python-certbot-nginx


	sudo certbot --nginx -d english4all.world -d www.english4all.world
	sudo certbot --nginx -d rickdev.club -d www.rickdev.club

	nslookup english4all.world













	BLOCK DIRECT ACCESS TO APACHE (OPTIONAL)

	sudo iptables -I INPUT -p tcp --dport 8080 ! -s 68.183.101.255 -j REJECT --reject-with tcp-reset

	Note: IPtables rules do not survive a system reboot by default. There are multiple ways to preserve IPtables rules, but the easiest is to use iptables-persistent in Ubuntu's repository.

	SAVE THE TABLES
	sudo apt-get update
	sudo apt-get install iptables-persistent



	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	SERVE STATIC FILES USING NGINX (OPTIONAL)
	sudo nano /etc/nginx/sites-available/apache
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	server {
	listen 80;
	server_name english4all.world www.english4all.world;
	root /var/www/english4all.world;
	index index.php index.htm index.html;

	location / {
	try_files $uri $uri/ /index.php;
	}

	location ~ \.php$ {
	proxy_pass http://68.183.101.255:8080;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}

	location ~ /\.ht {
	deny all;
	}
	}

	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	Warning: The location ~ /\.ht directive is very important; this prevents Nginx from serving the contents of Apache configuration files like .htaccess and .htpasswd which contain sensitive information.

	TEST & RELOAD
	sudo nginx -t
	sudo service nginx reload

	VERIFY GET REQUESTS IN APACHE LOG FILE
	sudo tail -f /var/log/apache2/other_vhosts_access.log