Today I use FreePBX on CentOS 8 server. The default config shipped with CentOS 8 makes use of php-fpm, but maybe you don't want to make use of it for FreePBX. Kinda overkill. it's simple to use the "old" mod_php method of handling PHP pages. There are other ways too, php-fpm indeed (see APACHE PHP-FPM.txt) and, for example, a method I appreciated in the past: running an instance of Lighttpd to handle FreePBX as the asterisk user. It can be done even today and indeed, it would probably lead to resource saving. Also NgiNX is reported to work, and I have no doubt about it.

I always run my FreePBX VirtualHost on dedicated ports (81 and 444/https) to be able to run only this virtual host under the asterisk user.

I use the mpm-itk Apache MPM to switch from apache to asterisk user when Apache has to serve FreePBX Virtual Host requests. This has the advantage of not modifying the whole Apache configuration along with other virtual hosts you can have on your system. In the past, I used mod_ruid2 for this. It's only a question of personal taste.

So on. Install mod_itk and php, which indeed is mod_php:
dnf install httpd-itk php


edit /etc/httpd/conf.modules.d/00-mpm.conf . Apply the following patch to enable mpm-prefork and not mpm-event. This is required for mod_itk. In case you want to stick with mod_mpm_event, another way will be required of running the FreePBX Virtual host (for ex. the Lightttpd solution I mentioned earlier, or I read about using a reverse proxy, etc).
--- 00-mpm.conf.orig    2021-11-12 05:54:30.000000000 +0100
+++ 00-mpm.conf 2022-01-09 09:36:05.508006572 +0100
@@ -8,7 +8,8 @@
 # NOTE: If enabling prefork, the httpd_graceful_shutdown SELinux
 # boolean should be enabled, to allow graceful stop/shutdown.
 #
-#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
+# Activate mpm_prefork since it is a requisite for mpm_itk
+LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
 
 # worker MPM: Multi-Processing Module implementing a hybrid
 # multi-threaded multi-process web server
@@ -20,4 +21,4 @@
 # threads only for connections with active processing
 # See: http://httpd.apache.org/docs/2.4/mod/event.html
 #
-LoadModule mpm_event_module modules/mod_mpm_event.so
+#LoadModule mpm_event_module modules/mod_mpm_event.so


Then edit /etc/httpd/conf.modules.d/00-mpm-itk.conf to load the module. Do it via the following patch:
--- 00-mpm-itk.conf.orig        2021-11-30 08:16:52.000000000 +0100
+++ 00-mpm-itk.conf     2022-01-09 09:37:48.870921167 +0100
@@ -1,4 +1,4 @@
 # ITK MPM (Multi-Processing Module). Mpm-itk allows you to run each of your
 # vhost under a separate uid and gid - in short, the scripts and configuration
 # files for one vhost no longer have to be readable for all the other vhosts.
-#LoadModule mpm_itk_module modules/mod_mpm_itk.so
+LoadModule mpm_itk_module modules/mod_mpm_itk.so


If you're using SELinux, the following command is required by mpm-itk:
setsebool -P httpd_graceful_shutdown 1




Now crete the sessions directory for the * user referenced previously:
cp -rp /var/lib/php/session /var/lib/php/asterisksession
chgrp asterisk /var/lib/php/asterisksession




Then create the file /etc/httpd/conf.d/freepbx.conf with the following content:
Listen 81
Listen 444

<VirtualHost *:81>
        ServerName pbx.domain.com
        ServerAlias freepbx

        ServerAdmin webmaster@domain.com

        DocumentRoot /usr/share/freepbx

        <Directory "/usr/share/freepbx">
                Options Indexes FollowSymLinks

                ExpiresActive on
                ExpiresByType image/png "access plus 1 year"
                ExpiresByType image/gif "access plus 1 year"
                ExpiresByType image/jpg "access plus 1 year"
                ExpiresByType css/text "access plus 1 year"

                AllowOverride All

                <IfModule mod_authz_core.c>
                        Require all granted
                </IfModule>
        </Directory>

        <IfModule mpm_itk_module>
                AssignUserId asterisk asterisk
        </IfModule>

        #<IfModule !mod_php7.c>
        #       <FilesMatch \.(php|phar)$>
        #               SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://php-fpm"
        #       </FilesMatch>
        #</IfModule>

        <IfModule mod_php7.c>
                php_value session.save_handler "files"
                php_value session.save_path    "/var/lib/php/asterisksession"
        </IfModule>

        ErrorLog logs/freepbx-error_log
        CustomLog logs/freepbx-access_log common
</VirtualHost>

<VirtualHost *:444>
        ServerName pbx.domain.com
        ServerAlias freepbx

        ServerAdmin webmaster@domain.com

        DocumentRoot /usr/share/freepbx

        <Directory "/usr/share/freepbx">
                Options Indexes FollowSymLinks

                ExpiresActive on
                ExpiresByType image/png "access plus 1 year"
                ExpiresByType image/gif "access plus 1 year"
                ExpiresByType image/jpg "access plus 1 year"
                ExpiresByType css/text "access plus 1 year"

                AllowOverride All

                <IfModule mod_authz_core.c>
                        Require all granted
                </IfModule>
        </Directory>

        <IfModule mpm_itk_module>
                AssignUserId asterisk asterisk
        </IfModule>

        #<IfModule !mod_php7.c>
        #       <FilesMatch \.(php|phar)$>
        #               SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://php-fpm"
        #       </FilesMatch>
        #</IfModule>

        <IfModule mod_php7.c>
                php_value session.save_handler "files"
                php_value session.save_path    "/var/lib/php/asterisksession"
        </IfModule>

        ErrorLog logs/freepbx-ssl-error_log
        CustomLog logs/freepbx-ssl-access_log common

        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/localhost.crt
        SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

        <Files ~ "\.(cgi|shtml)$">
                SSLOptions +StdEnvVars
        </Files>
        <Directory "/var/www/cgi-bin">
                SSLOptions +StdEnvVars
        </Directory>
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>


If you dare using SELinux (port 81 is already there on C8, don't know for what):
semanage port -a -t http_port_t -p tcp 444
setsebool -P domain_can_mmap_files 1
setsebool -P daemons_enable_cluster_mode 1
setsebool -P httpd_mod_auth_pam 1
setsebool -P httpd_execmem 1
setsebool -P httpd_run_stickshift 1

Finally
systemctl restart httpd

And if using firewalld:
firewall-cmd --add-port=81/tcp
firewall-cmd --add-port=444/tcp
firewall-cmd --runtime-to-permanent
