RickJP · November 24, 2019 01:50
diff --git a/gistfile1.txt b/gistfile1.txt
 CORE => UBUNTU ON LIGHTSAIL - NGINX AS WEB SERVER & REVERSE PROXY FOR APACHE

 sudo ufw enable
 sudo ufw allow OpenSSH

 INSTALL APACHE & PHP-FPM
 sudo apt update
 sudo apt install apache2 php-fpm

 wget https://mirrors.edge.kernel.org/ubuntu/pool/multiverse/liba/libapache-mod-fastcgi/libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb

 sudo dpkg -i libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb



 CONFIGURE APACHE & PHP-FPM

 	CHANGE PORT NUMBER TO 8080
 		CONFIGURE IT TO WORK WITH PHP-FPM USING THE MOD_FASTCGI MODULE
 sudo mv /etc/apache2/ports.conf /etc/apache2/ports.conf.default
 echo "Listen 8080" | sudo tee /etc/apache2/ports.conf


 Note: Web servers are generally set to listen on 127.0.0.1:8080 when configuring a reverse proxy but doing so would set the value of PHP's environment variable SERVER_ADDR to the loopback IP address instead of the server's public IP. Our aim is to set up Apache in such a way that its websites do not see a reverse proxy in front of it. So, we will configure it to listen on 8080 on all IP addresses.


 CREATE VIRTUAL HOSTS FOR APACHE
 	DISABLE DEFAULT VIRTUAL HOST
 		CREATE A NEW VIRTUAL HOST FILE, USING THE EXISTING DEFAULT SITE
 sudo a2dissite 000-default
 sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/001-default.conf

 OPEN NEW CONFIG FILE & CHANGE LISTENING PORT TO 8080
 sudo nano /etc/apache2/sites-available/001-default.conf

 SAVE & ACTIVATE NEW CONFIG FILE
 	RELOAD APACHE
 		VERIFY APACHE IS LISTENING ON 8080
 sudo a2ensite 001-default
 sudo systemctl reload apache2
 sudo netstat -tlpn


 CONFIGURE APACHE TO USE MOD_FASTCGI

 Note: If you are trying this tutorial on an existing installation of LAMP with mod_php, disable it first with sudo a2dismod php7.2.

 ENABLE MOD ACTION
 sudo a2enmod actions

 RENAME EXISTING CONFIG FILE
 sudo mv /etc/apache2/mods-enabled/fastcgi.conf /etc/apache2/mods-enabled/fastcgi.conf.default

 CREATE NEW CONFIG FILE
 sudo nano /etc/apache2/mods-enabled/fastcgi.conf

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 <IfModule mod_fastcgi.c>
  AddHandler fastcgi-script .fcgi
  FastCgiIpcDir /var/lib/apache2/fastcgi
  AddType application/x-httpd-fastphp .php
  Action application/x-httpd-fastphp /php-fcgi
  Alias /php-fcgi /usr/lib/cgi-bin/php-fcgi
  FastCgiExternalServer /usr/lib/cgi-bin/php-fcgi -socket /run/php/php7.2-fpm.sock -pass-header Authorization
  <Directory /usr/lib/cgi-bin>
    Require all granted
  </Directory>
 </IfModule>

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 SAVE CHANGES, DO CONFIG TEST & RELOAD APACHE
 sudo apachectl -t

 sudo systemctl reload apache2




 VERIFY PHP FUNCTIONALITY

 CREATE INFO.PHP, WHICH CONTAINS A PHPINFO FUNCTION
 echo "<?php phpinfo(); ?>" | sudo tee /var/www/html/info.php

 CHECK IN BROWSER
 http://<SERVER_IP>:8080/info.php
 http://13.115.225.133:8080/info.php

 CREATE VIRTUAL HOSTS FOR APACHE
 sudo mkdir -v /var/www/test1 /var/www/test2

 sudo mkdir -v /var/www/english4all.world

 CREATE INDEX FOR EACH SITE
 echo "<h1 style='color: green;'>TESTING ONE</h1>" | sudo tee /var/www/test1/index.html
 echo "<h1 style='color: red;'>TEST TWO</h1>" | sudo tee /var/www/test2/index.html

 echo "<h1 style='color: red;'>TEST TWO</h1>" | sudo tee /var/www/english4all.world/index.html

 CREATE PHPINFO FOR EACH SITE TO CHECK PHP IS CONFIGURED PROPERLY
 echo "<?php phpinfo(); ?>" | sudo tee /var/www/test1/info.php
 echo "<?php phpinfo(); ?>" | sudo tee /var/www/test2/info.php

 echo "<?php phpinfo(); ?>" | sudo tee /var/www/english4all.world/info.php



 CREATE VIRTUAL HOST FILE
 sudo nano /etc/apache2/sites-available/test1.conf

 sudo nano /etc/apache2/sites-available/english4all.world.conf

 68.183.101.255
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 <VirtualHost *:8080>
        ServerName <SERVER_IP>
       # ServerAlias www.foobar.net
        DocumentRoot /var/www/test1     
        <Directory /var/www/test1>
            AllowOverride All
        </Directory>
    </VirtualHost>
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 The line AllowOverride All enables .htaccess support.

 DO THE SAME FOR THE OTHER SITE
 sudo nano /etc/apache2/sites-available/test2.conf


 ENABLE SITES (IT CREATES SYMBOLIC LINKS)
 sudo a2ensite test1
 sudo a2ensite test2

 sudo a2ensite english4all.world

 CHECK FOR CONFIG ERRORS & RELOAD SERVER
 sudo apachectl -t
 sudo systemctl reload apache2

 CHECK SITES ARE WORKING
 http://foobar.net:8080  &   http://test.io:8080


 INSTALL & CONFIG NGINX

 INSTALL
 sudo apt install nginx

 REMOVE THE DEFAULT VIRTUAL HOST'S SYMLINK
 sudo rm /etc/nginx/sites-enabled/default

 CREATE VIRTUAL HOSTS
 sudo mkdir -v /usr/share/nginx/english4all.world

 CREATE INDEX AND PHPINFO() FILES FOR TESTING
 echo "<h1 style='color: green;'>english4all.world</h1>" | sudo tee /usr/share/nginx/english4all.world/index.html
 echo "<?php phpinfo(); ?>" | sudo tee /usr/share/nginx/english4all.world/info.php


 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 CREATE VIRTUAL HOSTS FILE
 sudo nano /etc/nginx/sites-available/english4all.world
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 server {
    listen 80 default_server;

    root /usr/share/nginx/english4all.world;
    index index.php index.html index.htm;

    server_name english4all.world www.english4all.world;
    location / {
        try_files $uri $uri/ /index.php;
    }

    location ~ \.php$ {
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
        include snippets/fastcgi-php.conf;
    }
 }
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 CREATE SYMBOLIC LINKS
 sudo ln -s /etc/nginx/sites-available/english4all.world /etc/nginx/sites-enabled/english4all.world

 TEST CONFIG
 sudo nginx -t

 RELOAD SERVER
 sudo systemctl reload nginx



 Configuring Nginx for Apache's Virtual Hosts

 CREATE VIRTUAL HOST FILE TO FORWARD REQUESTS TO APACHE
 sudo nano /etc/nginx/sites-available/apache

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 server {
    listen 80;
    server_name english4all.world www.english4all.world;

    location / {
        proxy_pass http://8.183.101.255:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
 }
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 ENABLE NEW HOST BY CREATING SYMBOLIC LINK
 sudo ln -s /etc/nginx/sites-available/apache /etc/nginx/sites-enabled/apache


 TEST CONFIG
 sudo nginx -t

 RELOAD SERVER
 sudo systemctl reload nginx


 INSTALL AND CONFIGURE MOD_RPAF
 Rewrites the values of REMOTE_ADDR, HTTPS and HTTP_PORT based on the values provided by a reverse proxy. Without this module, some PHP applications would require code changes to work seamlessly from behind a proxy. This module is present in Ubuntu's repository as libapache2-mod-rpaf but is outdated and doesn't support certain configuration directives. Instead, we will install it from source.

 sudo apt install unzip build-essential apache2-dev

 wget https://github.com/gnif/mod_rpaf/archive/stable.zip
 unzip stable.zip
 cd mod_rpaf-stable
 make
 sudo make install

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 CREATE FILE WHICH WILL LOAD RPAF MODULE
 sudo nano /etc/apache2/mods-available/rpaf.load
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 LoadModule rpaf_module /usr/lib/apache2/modules/mod_rpaf.so

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 CREATE FILE WHICH WILL CONTAIN CONFIG DIRECTIVES FOR MOD_RPAF
 sudo nano /etc/apache2/mods-available/rpaf.conf
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 <IfModule mod_rpaf.c>
        RPAF_Enable             On
        RPAF_Header             X-Real-Ip
        RPAF_ProxyIPs           your_server_ip 
        RPAF_SetHostName        On
        RPAF_SetHTTPS           On
        RPAF_SetPort            On
    </IfModule>

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 * RPAF_Header - The header to use for the client's real IP address.
 * RPAF_ProxyIPs - The proxy IP to adjust HTTP requests for.
 * RPAF_SetHostName - Updates the vhost name so ServerName and ServerAlias work.
 * RPAF_SetHTTPS - Sets the HTTPS environment variable based on the value contained in X-Forwarded-Proto.
 * RPAF_SetPort - Sets the SERVER_PORT environment variable. Useful for when Apache is behind a SSL proxy.

 JUST IN CASE
 (libtool: warning: remember to run 'libtool --finish /usr/lib/apache2/modules’)


 SAVE RPAF.CONF & ENABLE MODULE (THIS CREATES SYMBOLIC LINKS)
 sudo a2enmod rpaf

 TEST & RELOAD
 sudo apachectl -t
 sudo systemctl reload apache2



 Setting Up HTTPS Websites with Let's Encrypt

 sudo nano /etc/nginx/sites-available/apache

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 server {
        listen 80;
        server_name english4all.world www.english4all.world;

        location / {
            proxy_pass http://68.183.101.255:8080;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
        }
    }

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 ADD OFFICIAL CERTBOT REPOSITORY
 sudo add-apt-repository ppa:certbot/certbot

 UPDATE
 sudo apt update

 INSTALL PACKAGE
 sudo apt install python-certbot-nginx


 sudo certbot --nginx -d english4all.world -d www.english4all.world
 sudo certbot --nginx -d rickdev.club -d www.rickdev.club

 nslookup english4all.world













 BLOCK DIRECT ACCESS TO APACHE (OPTIONAL)

 sudo iptables -I INPUT -p tcp --dport 8080 ! -s 68.183.101.255 -j REJECT --reject-with tcp-reset

 Note: IPtables rules do not survive a system reboot by default. There are multiple ways to preserve IPtables rules, but the easiest is to use iptables-persistent in Ubuntu's repository.

 SAVE THE TABLES
 sudo apt-get update
 sudo apt-get install iptables-persistent



 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 SERVE STATIC FILES USING NGINX (OPTIONAL)
 sudo nano /etc/nginx/sites-available/apache
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 server {
    listen 80;
    server_name english4all.world www.english4all.world;
    root /var/www/english4all.world;
    index index.php index.htm index.html;

    location / {
        try_files $uri $uri/ /index.php;
    }

    location ~ \.php$ {
        proxy_pass http://68.183.101.255:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    location ~ /\.ht {
        deny all;
    }
 }

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Warning: The location ~ /\.ht directive is very important; this prevents Nginx from serving the contents of Apache configuration files like .htaccess and .htpasswd which contain sensitive information.

 TEST & RELOAD
 sudo nginx -t
 sudo service nginx reload

 VERIFY GET REQUESTS IN APACHE LOG FILE
 sudo tail -f /var/log/apache2/other_vhosts_access.log
	CORE => UBUNTU ON LIGHTSAIL - NGINX AS WEB SERVER & REVERSE PROXY FOR APACHE

	sudo ufw enable
	sudo ufw allow OpenSSH

	INSTALL APACHE & PHP-FPM
	sudo apt update
	sudo apt install apache2 php-fpm

	wget https://mirrors.edge.kernel.org/ubuntu/pool/multiverse/liba/libapache-mod-fastcgi/libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb

	sudo dpkg -i libapache2-mod-fastcgi_2.4.7~0910052141-1.2_amd64.deb



	CONFIGURE APACHE & PHP-FPM

	CHANGE PORT NUMBER TO 8080
	CONFIGURE IT TO WORK WITH PHP-FPM USING THE MOD_FASTCGI MODULE
	sudo mv /etc/apache2/ports.conf /etc/apache2/ports.conf.default
	echo "Listen 8080" \| sudo tee /etc/apache2/ports.conf


	Note: Web servers are generally set to listen on 127.0.0.1:8080 when configuring a reverse proxy but doing so would set the value of PHP's environment variable SERVER_ADDR to the loopback IP address instead of the server's public IP. Our aim is to set up Apache in such a way that its websites do not see a reverse proxy in front of it. So, we will configure it to listen on 8080 on all IP addresses.


	CREATE VIRTUAL HOSTS FOR APACHE
	DISABLE DEFAULT VIRTUAL HOST
	CREATE A NEW VIRTUAL HOST FILE, USING THE EXISTING DEFAULT SITE
	sudo a2dissite 000-default
	sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/001-default.conf

	OPEN NEW CONFIG FILE & CHANGE LISTENING PORT TO 8080
	sudo nano /etc/apache2/sites-available/001-default.conf

	SAVE & ACTIVATE NEW CONFIG FILE
	RELOAD APACHE
	VERIFY APACHE IS LISTENING ON 8080
	sudo a2ensite 001-default
	sudo systemctl reload apache2
	sudo netstat -tlpn


	CONFIGURE APACHE TO USE MOD_FASTCGI

	Note: If you are trying this tutorial on an existing installation of LAMP with mod_php, disable it first with sudo a2dismod php7.2.

	ENABLE MOD ACTION
	sudo a2enmod actions

	RENAME EXISTING CONFIG FILE
	sudo mv /etc/apache2/mods-enabled/fastcgi.conf /etc/apache2/mods-enabled/fastcgi.conf.default

	CREATE NEW CONFIG FILE
	sudo nano /etc/apache2/mods-enabled/fastcgi.conf

	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	<IfModule mod_fastcgi.c>
	AddHandler fastcgi-script .fcgi
	FastCgiIpcDir /var/lib/apache2/fastcgi
	AddType application/x-httpd-fastphp .php
	Action application/x-httpd-fastphp /php-fcgi
	Alias /php-fcgi /usr/lib/cgi-bin/php-fcgi
	FastCgiExternalServer /usr/lib/cgi-bin/php-fcgi -socket /run/php/php7.2-fpm.sock -pass-header Authorization
	<Directory /usr/lib/cgi-bin>
	Require all granted
	</Directory>
	</IfModule>

	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	SAVE CHANGES, DO CONFIG TEST & RELOAD APACHE
	sudo apachectl -t

	sudo systemctl reload apache2




	VERIFY PHP FUNCTIONALITY

	CREATE INFO.PHP, WHICH CONTAINS A PHPINFO FUNCTION
	echo "<?php phpinfo(); ?>" \| sudo tee /var/www/html/info.php

	CHECK IN BROWSER
	http://<SERVER_IP>:8080/info.php
	http://13.115.225.133:8080/info.php

	CREATE VIRTUAL HOSTS FOR APACHE
	sudo mkdir -v /var/www/test1 /var/www/test2

	sudo mkdir -v /var/www/english4all.world

	CREATE INDEX FOR EACH SITE
	echo "<h1 style='color: green;'>TESTING ONE</h1>" \| sudo tee /var/www/test1/index.html
	echo "<h1 style='color: red;'>TEST TWO</h1>" \| sudo tee /var/www/test2/index.html

	echo "<h1 style='color: red;'>TEST TWO</h1>" \| sudo tee /var/www/english4all.world/index.html

	CREATE PHPINFO FOR EACH SITE TO CHECK PHP IS CONFIGURED PROPERLY
	echo "<?php phpinfo(); ?>" \| sudo tee /var/www/test1/info.php
	echo "<?php phpinfo(); ?>" \| sudo tee /var/www/test2/info.php

	echo "<?php phpinfo(); ?>" \| sudo tee /var/www/english4all.world/info.php



	CREATE VIRTUAL HOST FILE
	sudo nano /etc/apache2/sites-available/test1.conf

	sudo nano /etc/apache2/sites-available/english4all.world.conf

	68.183.101.255
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	<VirtualHost *:8080>
	ServerName <SERVER_IP>
	# ServerAlias www.foobar.net
	DocumentRoot /var/www/test1
	<Directory /var/www/test1>
	AllowOverride All
	</Directory>
	</VirtualHost>
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	The line AllowOverride All enables .htaccess support.

	DO THE SAME FOR THE OTHER SITE
	sudo nano /etc/apache2/sites-available/test2.conf


	ENABLE SITES (IT CREATES SYMBOLIC LINKS)
	sudo a2ensite test1
	sudo a2ensite test2

	sudo a2ensite english4all.world

	CHECK FOR CONFIG ERRORS & RELOAD SERVER
	sudo apachectl -t
	sudo systemctl reload apache2

	CHECK SITES ARE WORKING
	http://foobar.net:8080 & http://test.io:8080


	INSTALL & CONFIG NGINX

	INSTALL
	sudo apt install nginx

	REMOVE THE DEFAULT VIRTUAL HOST'S SYMLINK
	sudo rm /etc/nginx/sites-enabled/default

	CREATE VIRTUAL HOSTS
	sudo mkdir -v /usr/share/nginx/english4all.world

	CREATE INDEX AND PHPINFO() FILES FOR TESTING
	echo "<h1 style='color: green;'>english4all.world</h1>" \| sudo tee /usr/share/nginx/english4all.world/index.html
	echo "<?php phpinfo(); ?>" \| sudo tee /usr/share/nginx/english4all.world/info.php


	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	CREATE VIRTUAL HOSTS FILE
	sudo nano /etc/nginx/sites-available/english4all.world
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	server {
	listen 80 default_server;

	root /usr/share/nginx/english4all.world;
	index index.php index.html index.htm;

	server_name english4all.world www.english4all.world;
	location / {
	try_files $uri $uri/ /index.php;
	}

	location ~ \.php$ {
	fastcgi_pass unix:/run/php/php7.2-fpm.sock;
	include snippets/fastcgi-php.conf;
	}
	}
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	CREATE SYMBOLIC LINKS
	sudo ln -s /etc/nginx/sites-available/english4all.world /etc/nginx/sites-enabled/english4all.world

	TEST CONFIG
	sudo nginx -t

	RELOAD SERVER
	sudo systemctl reload nginx



	Configuring Nginx for Apache's Virtual Hosts

	CREATE VIRTUAL HOST FILE TO FORWARD REQUESTS TO APACHE
	sudo nano /etc/nginx/sites-available/apache

	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	server {
	listen 80;
	server_name english4all.world www.english4all.world;

	location / {
	proxy_pass http://8.183.101.255:8080;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}
	}
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	ENABLE NEW HOST BY CREATING SYMBOLIC LINK
	sudo ln -s /etc/nginx/sites-available/apache /etc/nginx/sites-enabled/apache


	TEST CONFIG
	sudo nginx -t

	RELOAD SERVER
	sudo systemctl reload nginx


	INSTALL AND CONFIGURE MOD_RPAF
	Rewrites the values of REMOTE_ADDR, HTTPS and HTTP_PORT based on the values provided by a reverse proxy. Without this module, some PHP applications would require code changes to work seamlessly from behind a proxy. This module is present in Ubuntu's repository as libapache2-mod-rpaf but is outdated and doesn't support certain configuration directives. Instead, we will install it from source.

	sudo apt install unzip build-essential apache2-dev

	wget https://github.com/gnif/mod_rpaf/archive/stable.zip
	unzip stable.zip
	cd mod_rpaf-stable
	make
	sudo make install

	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	CREATE FILE WHICH WILL LOAD RPAF MODULE
	sudo nano /etc/apache2/mods-available/rpaf.load
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	LoadModule rpaf_module /usr/lib/apache2/modules/mod_rpaf.so

	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	CREATE FILE WHICH WILL CONTAIN CONFIG DIRECTIVES FOR MOD_RPAF
	sudo nano /etc/apache2/mods-available/rpaf.conf
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	<IfModule mod_rpaf.c>
	RPAF_Enable On
	RPAF_Header X-Real-Ip
	RPAF_ProxyIPs your_server_ip
	RPAF_SetHostName On
	RPAF_SetHTTPS On
	RPAF_SetPort On
	</IfModule>

	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


	* RPAF_Header - The header to use for the client's real IP address.
	* RPAF_ProxyIPs - The proxy IP to adjust HTTP requests for.
	* RPAF_SetHostName - Updates the vhost name so ServerName and ServerAlias work.
	* RPAF_SetHTTPS - Sets the HTTPS environment variable based on the value contained in X-Forwarded-Proto.
	* RPAF_SetPort - Sets the SERVER_PORT environment variable. Useful for when Apache is behind a SSL proxy.

	JUST IN CASE
	(libtool: warning: remember to run 'libtool --finish /usr/lib/apache2/modules’)


	SAVE RPAF.CONF & ENABLE MODULE (THIS CREATES SYMBOLIC LINKS)
	sudo a2enmod rpaf

	TEST & RELOAD
	sudo apachectl -t
	sudo systemctl reload apache2



	Setting Up HTTPS Websites with Let's Encrypt

	sudo nano /etc/nginx/sites-available/apache

	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	server {
	listen 80;
	server_name english4all.world www.english4all.world;

	location / {
	proxy_pass http://68.183.101.255:8080;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}
	}

	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	ADD OFFICIAL CERTBOT REPOSITORY
	sudo add-apt-repository ppa:certbot/certbot

	UPDATE
	sudo apt update

	INSTALL PACKAGE
	sudo apt install python-certbot-nginx


	sudo certbot --nginx -d english4all.world -d www.english4all.world
	sudo certbot --nginx -d rickdev.club -d www.rickdev.club

	nslookup english4all.world













	BLOCK DIRECT ACCESS TO APACHE (OPTIONAL)

	sudo iptables -I INPUT -p tcp --dport 8080 ! -s 68.183.101.255 -j REJECT --reject-with tcp-reset

	Note: IPtables rules do not survive a system reboot by default. There are multiple ways to preserve IPtables rules, but the easiest is to use iptables-persistent in Ubuntu's repository.

	SAVE THE TABLES
	sudo apt-get update
	sudo apt-get install iptables-persistent



	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
	SERVE STATIC FILES USING NGINX (OPTIONAL)
	sudo nano /etc/nginx/sites-available/apache
	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	server {
	listen 80;
	server_name english4all.world www.english4all.world;
	root /var/www/english4all.world;
	index index.php index.htm index.html;

	location / {
	try_files $uri $uri/ /index.php;
	}

	location ~ \.php$ {
	proxy_pass http://68.183.101.255:8080;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_set_header X-Forwarded-Proto $scheme;
	}

	location ~ /\.ht {
	deny all;
	}
	}

	~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

	Warning: The location ~ /\.ht directive is very important; this prevents Nginx from serving the contents of Apache configuration files like .htaccess and .htpasswd which contain sensitive information.

	TEST & RELOAD
	sudo nginx -t
	sudo service nginx reload

	VERIFY GET REQUESTS IN APACHE LOG FILE
	sudo tail -f /var/log/apache2/other_vhosts_access.log