Moved vhost farm to Ubuntu 18.04 on Linode and hit some snags after deciding to move to php-fpm instead of mod-php.
Adding this to apache.conf instead of to each vhost config seems to work fine:
<FilesMatch "\.php$">SetHandler "proxy:unix:/var/run/php/php7.2-fpm.sock|fcgi://localhost/" </FilesMatch>
Add
<If "-f %{SCRIPT_FILENAME}"></If>
around the FilesMatch line to keep non php from being sent to unix sockets and ending up as lines in the Apache error log.
This also seems to work fine in apache.conf to enable http2 for all vhosts:
Protocols h2 http/1.1
Need to edit children in /etc/php/7.2/fpm/pool.d/www.conf as the default is set to 5. 35 seemed better.
Then a2enmod proxy_fcgi && a2dismod php7.2 gets you most of the way there.
Newer kernel prevented php-fpm from launching automatically on reboot, so rolled back to 4.15.18-x86 and this seems to fix php-fpm not launching on a reboot.
service php7.2-fpm reload never hurts, but shouldn’t be necessary on reboot.
This was helpful in getting to the bottom of the reboot issue: https://www.linode.com/community/questions/17135/php72-fpmservice-failing-after-reboot-nginx-error-502
Get rid of red padlock on email sent from server:
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
LetsEncrypt/Certbot Fun
sudo ./letsencrypt-auto –apache -d example.com -d www.example.com
Remove cert:
certbot revoke --cert-path /etc/letsencrypt/live/CERTNAME/cert.pem