This entry is more to document these details for my own reference if/when I need them again later, but perhaps it'll interest anyone who configures web servers.
In order to set up my unRAID docker "Let's Encrypt", which contains the installed Nginx web server for unRAID, as a reverse-proxy for Apache 2.4.x web server running on an Ubuntu VM under the same unRaid OS, I had to read a million (slight exaggeration) posts with a variety of methods to get this to work with the FastCGI, or now PHP-FPM (FastCGI Process Manager). FPM uses a socket connection between the proxy and the Apache server for PHP script execution, which many websites are almost entirely written in. I normally use Joomla to manage my websites, which is PHP top to bottom. The webpages the browser sees are not html files. They are html code generated on the fly by the PHP scripts. It's impossible for a hacker to monkey with the website if they don't have access to the PHP web repository and/or the database where the actual content is stored.
So, I upgraded my original PHP version from 7.0 to 7.3, and also added 7.4 for testing. In order to select the default/active version of PHP, I wrote a script (posted at the end). It calls an interactive Linux utility from which to select a version, and then it runs the commands to not only activate that PHP version, but it also disables the previous version's
config files and enables the new version's
configs. This is helpful, since some of the configuration directives contain versions, too.
The basic steps to get FPM to work are:
On the Nginx system/docker, locate the directory where website config files are stored. For me, it's on a cache drive under <cache dir>/appdata/letsencrypt/nginx/site-confs.
If not already there, create one or more files for each virtual website you want to host on Apache.
My config file for one domain looks like:
server {
listen 80;
listen [::]:80;
server_name mydomain.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name mydomain.com;
include /config/nginx/ssl.conf;
include /config/nginx/proxy.conf;
location / {
proxy_pass "https://10.0.1.220:447";
}
}
The name "mydomain.com" would be registered with a domain name registrar if this is for public access. Or, for testing/in-house-access-only, you can add the name to your internal DNS or hosts files for each computer being used as a client. As long as you have a unique name, and it can be resolved to THE PROXY'S IP ADDRESS, you should be good.
Once the proxy gets a request, if it was sent over unsecured HTTP (port 80), it does a permanent redirect (301) to the more secure HTTPS (port 443). That allows clients to request connections to port 80 without problems, but the connection will be replaced with the better port 443.
The last directive in the 443 block says to proxy the request, sending it to the upstream Apache web server at IP address 10.0.1.220, which is obviously a private IP address. The port, 447, is configured on the Apache server as a substitution for 443, just to avoid conflicts with other services like NextCloud which by default needs port 443.
Create one file for every virtual server you want to proxy, and just change the ServerName to match that site's domain name on 2 lines. Super simple.

Now, for Apache. You need to install apache2 (of course) and at a minimum the modules listed:
For FPM to work, you have to add:
libapache2-mod-php
libapache2-mod-fcgid
php
php-fpm
php-cli
Other modules will be loaded by default which are needed, but these are the ones to make sure are installed other than those.
Once installation is done, restart the Apache webserver and the PHP-FPM processes:
systemctl start apache2
systemctl start php7.2-fpm
If already running, use "restart" instead of "start".
Many examples/tutorials online say to place the code for FPM in each individual virtual host's config file, but that, to me, invites more work to maintain. Since I intend to use PHP for most, if not all, of my virtual hosts, I want to make the change in one place that works for all sites. The kicker to either approach is, if you ever want to change PHP versions, you'd have to remember to manually update the version for the socket being used. Instead, I use the included functionality that lets me create separate config files per PHP version, and then issuing commands to disable the previous version's file, and enable the new one. For example:
a2disconf php7.4-fpm
a2enconf php7.3-fpm
That requires a file of each name above to be in the confs-available directory: /etc/apache2/confs-available/php7.3-fpm & /etc/apache2/confs-available/php7.4-fpm,
When you run the commands above, a2disconf removes the named linked file from the confs-enabled directoy, and a2enconfs creates a link to the file in confs-available. One place to create/update the config files, and 2 commands to disable and enable the files you want active. Now I can have sockets named for the PHP versions in each file, and only one is active at a time.
In each file listed above (php7.x-fpm), add these lines at the bottom outside of any other tags:
<FilesMatch ".+\.ph(ar|p|tml)$">
SetHandler "proxy:unix:/run/php/php7.3-fpm.sock|fcgi://localhost"
</FilesMatch>
The version in the "SetHandler" line should obviously match the filename's version identifier.
That's it! If you are only interested in one version of PHP, then you can place these updates in one of several files and it will work. This method adds the ability to change versions as needed without a lot of work.
And, in order to easily switch PHP versions, I created a bash script to run on ubuntu Linux:
Filename: php_version_select.sh
!#/bin/bash
#Get currently configured PHP default version:
currver=`php -v | grep '^PHP' | awk '{print substr($0,5,3)}'`
echo ""
echo "PHP Version Selector"
echo "--------------------"
echo "Currently selected version: $currver"
update-alternatives --config php
newver=`php -v | grep '^PHP' | awk '{print substr($0,5,3)}'`
if [[ $newver = $currver ]]
then
echo ""
echo "Keeping $currver"
echo ""
else
echo ""
echo "Switching to $newver ..."
echo ""
a2dismod php$currver
a2disconf php${currver}-fpm.conf
a2enmod php$newver
a2enconf php${newver}-fpm.conf
update-alternatives --set phar /usr/bin/phar$newver
update-alternatives --set phar.phar /usr/bin/phar.phar$newver
echo ""
echo "Restarting Apache and FPM Services ..."
systemctl restart apache2
systemctl stop php${currver}-fpm
systemctl start php${newver}-fpm
echo ""
echo "done"
fi
# Display php version output
php -v
echo ""
echo "Script complete."
If you select a different PHP version, the script sets that as well as doing all the module and configuration disable/enable requirements. At the end, it restarts the Apache Server and FPM processes to make the changes active.
So much simpler when I see it boiled down to this list. All the other online versions were a hodgepodge of these and many other steps, but none in enough detail to explain WHY you are following each step.
The greatest benefit of computers is there is always another way to do everything.
The greatest downside of computers is there are so many ways to do things, it's difficult to find the one that's best for your case.
