Every LAMP or XAMPP writeup or tutorial I see says "Not for production use", so what do I use for production?
Roll your own combination of Apache, a DB and a scripting language, that meets your needs.
This is what hosting companies do for a living.
You may find that an enterprise Linux distribution is enough for your needs.
you use apache, php and mysql installed as they should be for production. xampp is all those things in one package with basically no set up security .. root passwords are empty .. users are well known .. but the components are the same as the ones you would use if you downloaded them each ..
The XAMPP philosophy says:
The philosophy behind XAMPP is to build an easy to install distribution for developers to get into the world of Apache. To make it convenient for developers XAMPP is configured with all features turned on.
The default configuration is not good from a securtiy point of view and it's not secure enough for a production environment - please don't use XAMPP in such environment.
So it’s primarily designated as a development environment and not as a production environment.
Given the right installation options, you can use them as a starting point for a production server. But there are some holes to fill in, mainly wrt security. The disclaimers you refer to are (wisely) to make sure you are wary and suspicious of what you start with (and also make sure no one can claim they supplied you with something dangerous without letting you know, so don't blame them if Bad Things happen.)
It's like selling you a car without seatbelts.
But what you learn, and the solutions you develop, are generally fully compatible with a "real" server.
So going with something like CentOS and installing apache web server, PHP and MySql from their repositories would be a safe first step?
And then I guess I'd need to do some reading into locking down and holes that may be in there?