Lamp: Difference between revisions
No edit summary |
No edit summary |
||
| Line 2: | Line 2: | ||
<h2>[https://en.wikipedia.org/wiki/LAMP_(software_bundle) LAMP] | <h2>[https://en.wikipedia.org/wiki/LAMP_(software_bundle) LAMP] | ||
is an acronym for [https://en.wikipedia.org/wiki/Linux Linux], [https://en.wikipedia.org/wiki/Apache_HTTP_Server Apache], [https://en.wikipedia.org/wiki/MySQL MySQL], and [https://en.wikipedia.org/wiki/PHP PHP], it is a popular [https://en.wikipedia.org/wiki/Solution_stack software stack] for serving [https://en.wikipedia.org/wiki/Website websites]. </h2> | is an acronym for [https://en.wikipedia.org/wiki/Linux Linux], [https://en.wikipedia.org/wiki/Apache_HTTP_Server Apache], [https://en.wikipedia.org/wiki/MySQL MySQL], and [https://en.wikipedia.org/wiki/PHP PHP], it is a popular [https://en.wikipedia.org/wiki/Solution_stack software stack] for serving [https://en.wikipedia.org/wiki/Website websites]. </h2> | ||
<p>It is comprised of a Linux [https://en.wikipedia.org/wiki/Server_(computing) server] [https://en.wikipedia.org/wiki/Operating_system operating system] running the Apache2 web server, MySQL database, and the PHP scripting language.</p> | <p>It is comprised of a [https://en.wikipedia.org/wiki/Linux Linux] [https://en.wikipedia.org/wiki/Server_(computing) server] [https://en.wikipedia.org/wiki/Operating_system operating system] running the [https://en.wikipedia.org/wiki/Apache_HTTP_Server Apache Apache2] [https://en.wikipedia.org/wiki/Web_server web server], [https://en.wikipedia.org/wiki/MySQL MySQL] or [https://en.wikipedia.org/wiki/MariaDB MariaDB] [https://en.wikipedia.org/wiki/Database database], and the [https://en.wikipedia.org/wiki/PHP PHP] [https://en.wikipedia.org/wiki/Scripting_language scripting language].</p> | ||
<p>This tutorial was made using Ubuntu 22.04, you must provision a vps have a domain name and configure dns settings as per your vps provider and domain registrars instruction.</p> | <p>This tutorial was made using [https://en.wikipedia.org/wiki/Ubuntu Ubuntu] 22.04, you must provision a [https://en.wikipedia.org/wiki/Virtual_private_server vps] have a [https://en.wikipedia.org/wiki/Fully_qualified_domain_name fully qualified domain name] and configure [https://en.wikipedia.org/wiki/Domain_Name_System dns] settings as per your vps provider and [https://en.wikipedia.org/wiki/Domain_name_registrar domain name registrars] instruction.</p> | ||
<ul> | <ul> | ||
<li>SSH into your vps and set a root password.</li> | <li>[https://en.wikipedia.org/wiki/Secure_Shell SSH] into your [https://en.wikipedia.org/wiki/Virtual_private_server vps] and set a root password.</li> | ||
<p><strong>ssh root@127.0.0.1</strong><em> use the ip | <p><strong>ssh root@127.0.0.1</strong><em> use the [https://en.wikipedia.org/wiki/IP_address ip address] provided by your vps provider.</em></p> | ||
<p><strong>passwd</strong> <em>set strong password.</em></p> | <p><strong>passwd</strong> <em>set strong password.</em></p> | ||
<li>Set up a non-root user account</li> | <li>Set up a non-root user account</li> | ||
<p><strong>adduser "new_user"</strong></p> | <p><strong>adduser "new_user"</strong></p> | ||
<li>Now give the new user sudo privileges.</li> | <li>Now give the new user [https://en.wikipedia.org/wiki/Sudo sudo] privileges.</li> | ||
<p><strong>usermod -aG sudo "new_user"</strong></p> | <p><strong>usermod -aG sudo "new_user"</strong></p> | ||
<li>Lets transfer our ssh-keys to our new user.</li> | <li>Lets transfer our ssh-keys to our new user.</li> | ||
<p><strong>rsync --archive --chown="new-user":"new-user" ~/.ssh /home/"new_user"</strong></p> | <p><strong>rsync --archive --chown="new-user":"new-user" ~/.ssh /home/"new_user"</strong></p> | ||
<li>Set up the firewall</li> | <li>Set up the [https://en.wikipedia.org/wiki/Uncomplicated_Firewall ufw] [https://en.wikipedia.org/wiki/Firewall_(computing) firewall]</li> | ||
<p><strong> | <p><strong>ufw allow OpenSSH</strong></p> | ||
<p><strong> | <p><strong>ufw enable</strong></p> | ||
<li>Lets go ahead and update the server now.</li> | <li>Lets go ahead and update the server now.</li> | ||
<p><strong>apt update; apt dist-upgrade -y; apt autoremove -y</strong></p> | <p><strong>apt update; apt dist-upgrade -y; apt autoremove -y</strong></p> | ||
| Line 81: | Line 81: | ||
<p><strong>sudo a2enmod rewrite</strong></p> | <p><strong>sudo a2enmod rewrite</strong></p> | ||
<p><strong>sudo systemctl restart apache2</strong></p> | <p><strong>sudo systemctl restart apache2</strong></p> | ||
<li>We are now going to use | <li>We are now going to use [https://en.wikipedia.org/wiki/Let%27s_Encrypt LetsEncrypt] and certbot to enable [https://en.wikipedia.org/wiki/Transport_Layer_Security#SSL_1.0,_2.0,_and_3.0 ssl] on our server.</li> | ||
<p><strong>sudo apt update</strong></p> | <p><strong>sudo apt update</strong></p> | ||
<p><strong>sudo apt install certbot python3-certbot-apache</strong></p> | <p><strong>sudo apt install certbot python3-certbot-apache</strong></p> | ||
| Line 96: | Line 96: | ||
<li>Do a dry run of the certbot renew script</li> | <li>Do a dry run of the certbot renew script</li> | ||
<p><strong>sudo certbot renew --dry-run</strong></p> | <p><strong>sudo certbot renew --dry-run</strong></p> | ||
<p>There we have it a lamp stack running on Ubuntu 22.04 serving our | <p>There we have it a [https://en.wikipedia.org/wiki/LAMP_(software_bundle) lamp] stack running on [https://en.wikipedia.org/wiki/Ubuntu Ubuntu] 22.04 serving our [https://en.wikipedia.org/wiki/Web_page web page] in [https://en.wikipedia.org/wiki/HTTPS https].</p> | ||
Revision as of 12:34, 18 August 2023
LAMP stack
LAMP is an acronym for Linux, Apache, MySQL, and PHP, it is a popular software stack for serving websites.
It is comprised of a Linux server operating system running the Apache Apache2 web server, MySQL or MariaDB database, and the PHP scripting language.
This tutorial was made using Ubuntu 22.04, you must provision a vps have a fully qualified domain name and configure dns settings as per your vps provider and domain name registrars instruction.
- SSH into your vps and set a root password.
- Set up a non-root user account
- Now give the new user sudo privileges.
- Lets transfer our ssh-keys to our new user.
- Set up the ufw firewall
- Lets go ahead and update the server now.
- Once the server is updated lets edit the sshd_config file to dissallow remote root access to our server and use our non root user to log in from now on.
- We need to reload sshd.
- Now we should reboot the server, when it comes back up you will need to ssh using the non-root user name that we just created.
- SSH back into your vps using your non-root user account.
- Now we are going to install our webserver and database server we are using apache2 for our webserver and mariadb for our database.
- We need to let apache2 through our firewall for now on port 80
- After installing apache2 and mariadb we need to enable and strart them.
- Run the mysql_secure_installation script and follow the instructions
- Now we will install php.
- Now that PHP is installed lets create the document root of our web server, and give the directory the right permissions.
- Now we will create our index.html file.
- We need to create the virtualhosts file
- We need to tell apache where are document root is, and enable rewrite, and restart apache.
- We are now going to use LetsEncrypt and certbot to enable ssl on our server.
- Now we will adjust the firewall to allow https traffic.
- Remove the allow 'Apache' rule so that we are only serving https traffic
- Now we are going to run the certbot program.
- Follow the instructions on the screen
- Check the status of the certbot renewal timer
- Do a dry run of the certbot renew script
ssh root@127.0.0.1 use the ip address provided by your vps provider.
passwd set strong password.
adduser "new_user"
usermod -aG sudo "new_user"
rsync --archive --chown="new-user":"new-user" ~/.ssh /home/"new_user"
ufw allow OpenSSH
ufw enable
apt update; apt dist-upgrade -y; apt autoremove -y
vim /etc/ssh/sshd_config we want to change PermitRootLogin no to yes, make sure PubkeyAuthentication is set to yes, that PasswordAuthentication is set to no, and that KbdInteractiveAuthentication is no.
systemctl reload sshd
ssh "vps_user"@127.0.0.1" Of course replacing "vps_user" with your non-root user account and 127.0.0.1 with the acutual ip-address of your server.
sudo apt install apache2 mariadb-server -y
sudo ufw allow 'Apache' we will remove the allow 'Apache' rule and add the 'Apache Full' rule to enable https traffic later but for now lets just let in http.
sudo systemctl enable apache2
sudo systemctl start apache2
sudo systemctl enable mysql
sudo systemctl start mysql
sudo mysql_secure_installation
sudo apt install php libapache2-mod-php php-mysql -y
sudo mkdir /var/www/"my_domain_name.com"
sudo chmod -R 755 /var/www/"my_domain_name.com"
sudo vim /var/www/"my_domain_name.com"/index.html
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Welcome to my website</title>
</head>
<body>
<h1>Looks like everything works!</h1>
</body>
</html>
sudo vim /etc/apache2/sites-available/"your_domain_name.com".conf
<VirtualHost *:80>
ServerAdmin "email address"@"Your domain name here"
ServerName "Your domain name here"
ServerAlias www."Your domain name here"
DocumentRoot /var/www/"Your domain name here"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
sudo a2ensite "my_domain_name.com".conf
sudo a2enmod rewrite
sudo systemctl restart apache2
sudo apt update
sudo apt install certbot python3-certbot-apache
sudo systemctl reload apache2
sudo ufw allow 'Apache Full'
sudo ufw delete allow 'Apache'
sudo certbot --apache
sudo systemctl status certbot.timer
sudo certbot renew --dry-run
There we have it a lamp stack running on Ubuntu 22.04 serving our web page in https.