Lamp

From cumulotechnic
Revision as of 11:05, 18 August 2023 by Admin caj (talk | contribs)

LAMP stack

LAMP is an acronym for Linux, Apache, MySQL, and PHP stack, it is a popular software stack for serving websites.

It is comprised of LAMP_(software_bundle)a Linux server operating system running the Apache2 web server, MySQL database, and the PHP scripting language.

This tutorial was made using Ubuntu 22.04, you must provision a vps have a domain name and configure dns settings as per your vps provider and domain registrars instruction.

  • SSH into your vps and set a root password.

    • ssh root@127.0.0.1 use the ip-address provided by your vps provider.

    passwd set strong password.

  • Set up a non-root user account

    • adduser "new_user"

  • Now give the new user sudo privileges.

    • usermod -aG sudo "new_user"

  • Lets transfer our ssh-keys to our new user.

    • rsync --archive --chown="new-user":"new-user" ~/.ssh /home/"new_user"

  • Set up the firewall

    • sudo ufw allow OpenSSH

    sudo ufw enable

  • Lets go ahead and update the server now.

    • apt update; apt dist-upgrade -y; apt autoremove -y

  • Once the server is updated lets edit the sshd_config file to dissallow remote root access to our server and use our non root user to log in from now on.

    • vim /etc/ssh/sshd_config we want to change PermitRootLogin no to yes, make sure PubkeyAuthentication is set to yes, that PasswordAuthentication is set to no, and that KbdInteractiveAuthentication is no.

  • We need to reload sshd.

    • systemctl reload sshd

  • Now we should reboot the server, when it comes back up you will need to ssh using the non-root user name that we just created.
  • SSH back into your vps using your non-root user account.

    • ssh "vps_user"@127.0.0.1" Of course replacing "vps_user" with your non-root user account and 127.0.0.1 with the acutual ip-address of your server.

  • Now we are going to install our webserver and database server we are using apache2 for our webserver and mariadb for our database.

    • sudo apt install apache2 mariadb-server -y

  • We need to let apache2 through our firewall for now on port 80

    • sudo ufw allow 'Apache' we will remove the allow 'Apache' rule and add the 'Apache Full' rule to enable https traffic later but for now lets just let in http.

  • After installing apache2 and mariadb we need to enable and strart them.

    • sudo systemctl enable apache2

    sudo systemctl start apache2

    sudo systemctl enable mysql

    sudo systemctl start mysql

  • Run the mysql_secure_installation script and follow the instructions

    • sudo mysql_secure_installation

  • Now we will install php.

    • sudo apt install php libapache2-mod-php php-mysql -y

  • Now that PHP is installed lets create the document root of our web server, and give the directory the right permissions.

    • sudo mkdir /var/www/"my_domain_name.com"

    sudo chmod -R 755 /var/www/"my_domain_name.com"

  • Now we will create our index.html file.

    • sudo vim /var/www/"my_domain_name.com"/index.html

             
<!DOCTYPE html>
<html>
  <head>
    <meta charset="utf-8">
    <title>Welcome to my website</title>
  </head>
  <body>
    <h1>Looks like everything works!</h1>
  </body>
</html>
  • We need to create the virtualhosts file

    • sudo vim /etc/apache2/sites-available/"your_domain_name.com".conf

    <VirtualHost *:80>
    ServerAdmin "email address"@"Your domain name here"
    ServerName "Your domain name here"
    ServerAlias www."Your domain name here"
    DocumentRoot /var/www/"Your domain name here"
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
  • We need to tell apache where are document root is, and enable rewrite, and restart apache.

    • sudo a2ensite "my_domain_name.com".conf

    sudo a2enmod rewrite

    sudo systemctl restart apache2

  • We are now going to use letsencrypt and certbot to enable ssl on our server.

    • sudo apt update

    sudo apt install certbot python3-certbot-apache

    sudo systemctl reload apache2

  • Now we will adjust the firewall to allow https traffic.

    • sudo ufw allow 'Apache Full'

  • Remove the allow 'Apache' rule so that we are only serving https traffic

    • sudo ufw delete allow 'Apache'

  • Now we are going to run the certbot program.

    • sudo certbot --apache

  • Follow the instructions on the screen
  • Check the status of the certbot renewal timer

    • sudo systemctl status certbot.timer

  • Do a dry run of the certbot renew script

    • sudo certbot renew --dry-run

    There we have it a lamp stack running on Ubuntu 22.04 serving our webpage in https.

Retrieved from "https://cumulotechnic.com/index.php?title=Lamp&oldid=32"