=== Apache & PHP ===
Add Ondrej repos for Apache & PHP
<code>
add-apt-repository ppa:ondrej/apache2
add-apt-repository ppa:ondrej/php
</code>

Install Apache & PHP
<code>
apt install apache2 libapache2-mod-fcgid php7.4-cli php7.4-curl php7.4-gd php7.4-intl php7.4-mbstring php7.4-opcache php7.4-soap php7.4-xmlrpc php7.4-common php7.4-fpm php7.4-imap php7.4-json php7.4-mysql php7.4-readline php7.4-xml php7.4-zip
</code>

Enable some modules
<code>
a2enmod proxy_fcgi setenvif rewrite md headers http2 ssl
</code>

=== IonCube ===
Download & install IonCube https://www.ioncube.com/loaders.php
<code>
wget https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz
tar -C /usr/local -xf ioncube_loaders_lin_x86-64.tar.gz
</code>

Create file ''/etc/php/7.4/mods-available/ioncube.ini'' with content:
<code>
zend_extension = /usr/local/ioncube/ioncube_loader_lin_7.4.so
</code>

Create links to this file
<code>
ln -s /etc/php/7.4/mods-available/ioncube.ini /etc/php/7.4/fpm/conf.d/00-ioncube.ini
ln -s /etc/php/7.4/mods-available/ioncube.ini /etc/php/7.4/cli/conf.d/00-ioncube.ini
</code>


=== PHP Configuration ===
Create web home directory with ''tmp'', ''logs'' and ''html''

Create file ''/etc/php/7.4/fpm/pool.d/hostinggl.conf''
<code>
[user_hostinggl]
listen = "/run/php/hostinggl.sock"
listen.owner = "www-data"
listen.group = "hostinggl"
listen.mode = 0660
user = "hostinggl"
group = "hostinggl"
pm = ondemand
pm.max_children = 25
pm.process_idle_timeout = 15
slowlog = "/home/hostinggl/logs/php-fpm.slow.log"
php_admin_value[error_log] = "/home/hostinggl/logs/php.error.log"
php_admin_flag[log_errors] = on
php_admin_value[sys_temp_dir] = "/home/hostinggl/tmp"
php_admin_value[upload_tmp_dir] = "/home/hostinggl/tmp"
php_admin_value[max_input_vars] = 10000
php_value[session.save_handler] = files
php_value[session.save_path] = "/home/hostinggl/tmp"
env[TMPDIR] = "/home/hostinggl/tmp"
catch_workers_output = yes
</code>


=== Apache Configuration ===
Add these 2 lines to ''/etc/apache2/mods-enabled/ssl.conf''
<code>
# Set the location of the SSL OCSP Stapling Cache
 SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
</code>

Add ''/etc/apache2/options-ssl-apache.conf'' with content:
<code>
# Baseline setting to Include for SSL sites

SSLEngine on

# Intermediate configuration, tweak to your needs
SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder     on
SSLCompression          off

SSLOptions +StrictRequire

# Add vhost name to log entries:
#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" vhost_combined
#LogFormat "%v %h %l %u %t \"%r\" %>s %b" vhost_common

#CustomLog /var/log/apache2/access.log vhost_combined
#LogLevel warn
#ErrorLog /var/log/apache2/error.log

# Always ensure Cookies have "Secure" set (JAH 2012/1)
#Header edit Set-Cookie (?i)^(.*)(;\s*secure)??((\s*;)?(.*)) "$1; Secure$3$4"

# HSTS
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
Header always set X-Frame-Options DENY

# OCSP
SSLUseStapling on
SSLStaplingResponseMaxAge 1800
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
</code>

<code>
</code>



Example of config file for a host
<code>
<VirtualHost *:80>
  ServerName hosting.gl
  ServerAlias www.hosting.gl
  DocumentRoot /srv/vhost/hosting.gl/html
  ServerAdmin webmaster@hosting.gl
  UseCanonicalName On
  CustomLog /var/log/apache2/hosting.gl.log combined

  <Directory /srv/vhost/hosting.gl/>
    Options FollowSymLinks
    AllowOverride All
    Require all granted
  </Directory>

  <IfModule proxy_fcgi_module>
    <FilesMatch \.(phtml|php[0-9]*)$>
      SetHandler proxy:unix:/run/php/hostinggl.sock|fcgi://hosting.gl
    </FilesMatch>
  </IfModule> 
</VirtualHost>

MDomain hosting.gl

<VirtualHost *:443>
  ServerName hosting.gl
  ServerAlias www.hosting.gl
  DocumentRoot /srv/vhost/hosting.gl/html
  ServerAdmin webmaster@hosting.gl
  UseCanonicalName On
  CustomLog /var/log/apache2/hosting.gl-ssl.log combined

  <Directory /srv/vhost/hosting.gl/>
    Options FollowSymLinks
    AllowOverride All
    Require all granted
  </Directory>

  <IfModule mod_ssl.c>
    Include /etc/apache2/options-ssl-apache.conf
  </IfModule>

  <IfModule proxy_fcgi_module>
    <FilesMatch \.(phtml|php[0-9]*)$>
      SetHandler proxy:unix:/run/php/hostinggl.sock|fcgi://hosting.gl
    </FilesMatch>
  </IfModule>

  <IfModule headers_module>
    RequestHeader set X-HTTPS 1
  </IfModule>
</VirtualHost>
</code>

<code>
</code>