Articles

Going to Eleven: Adding an AMP to Your Linux Server

This is guide is the second in a series about setting up your own DigitalOcean droplet. In this guide you’ll be setting up the remainder of the LAMP stack used to host dynamic web pages.

LAMP? What’s That?

LAMP is an open source software stack that allows a server to host dynamic websites. The main components of the LAMP stack are:

Linux

Linux logo

Installing Linux

For the rest of this guide, I’m going to presume that you have already installed and set up Linux on your server. For a guide on setting up Ubuntu on a DigitalOcean droplet, see the following article: Creating and Securing a DigitalOcean Droplet.

Apache

Apache logo

Installing Apache

Installing Apache is a relatively simple affair, in which you use apt (Ubuntu’s package maanger) to download and install it.

To do so, you will want to check for the newest package list and install Apache:

sudo apt-get update
sudo apt-get install apache2

You will be asked for your password, as you’re performing these actions with your sudo privileges. Enter your password and hit Y when you are prompted to install Apache.

Allowing Apache’s Web Traffic Through Your Firewall

Assuming that you’ve set up the UFW firewall, you’re going to need the ports for HTTP (and HTTPS) traffic open to allow requests for pages to reach Apache. To select the application profile and open the appropriate ports, type the following:

sudo ufw app list

You will be given a list of applications with profiles available on your server:

Available applications:
  Apache
  Apache Full
  Apache Secure
  OpenSSH
  Postfix
  ...

Your list might not look the same, however the applications that you are interested in all start with “Apache.” If you would like more information on what each application profile does, you can type:

sudo ufw app info "Apache Full"

Which will in turn give you information about the application and the ports that will be opened to support that application:

Profile: Apache Full
Title: Web Server (HTTP,HTTPS)
Description: Apache v2 is the next generation of the omnipresent Apache web server.

Ports:
  80,443/tcp

If you are only handling HTTP traffic, “Apache” will allow in just traffic on port 80. If you are going to be handling only HTTPS traffic “Apache Secure” will allow in traffic just on port 443. “Apache Full” will allow both HTTP and HTTPS traffic. (I used “Apache Full.”) To allow traffic through using an application profile, type:

sudo ufw allow in "Apache Full"

Testing Apache

To check that Apache is set up and that UFW is allowing traffic through, you can open the web browser of your choice and navigate to your server’s public IP address: for example, http://123.123.123.123.

If the “Apache2 Ubuntu Default Page” page loads, you've been successful!

Apache2 Ubuntu Default Page

MySQL

MySQL logo

Installing MySQL

Installing MySQL is just as simple as installing Apache was, and you will be walked through the steps required to set up and secure. To start out, use apt to install MySQL:

sudo apt-get install mysql-server

While installing MySQL, you will be asked to create a password to MySQL’s root account (which is similar to Unix/Linux’s root user account). Make sure to use a strong password for this account:

While not mandatory, it is highly recommended that you set a password for the MySQL administrative "root" user.

If this field is left blank, the password will not be changed.

New password for the MySQL "root" user:

Securing MySQL

Now that MySQL is installed, you’ll want to secure it. Luckily, there is a simple security script that helps lock down MySQL, which can be run with the with the following:

sudo mysql_secure_installation

You’ll be asked a number of questions, all of which can safely be answered with Y. I’ve included my answers and any notes I have.

VALIDATE PASSWORD PLUGIN can be used to test passwords and improve security. It checks the strength of password and allows the users to set only those passwords which are secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No:

I selected Y.

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG:

I selected 0, as I tend to like to use the XKCD password strength method for selecting passwords when I can. (And no, my password is not “correcthorsebatterystaple”…)

Using existing password for root.

Estimated strength of the password: 100
Change the password for root ? ((Press y|Y for Yes, any other key for No) :

My password for root was already “secure,” so I selected N.

By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) :

I definitely don’t need that, so I selected Y.

Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) :

Just like the server itself, I’m not going to be remotely logging into MySQL, so I selected Y.

By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) :

I have no need for the “test” database, so I selected Y.

Reloading the privilege tables will ensure that all changes made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) :

I selected N.

With that done, MySQL is ready to go!

PHP

PHP logo

Installing PHP

Installing PHP is as simple as installing Apache and MySQL. Once again, you’ll use apt to install PHP:

sudo apt-get install php libapache2-mod-php php-mcrypt php-mysql

Reconfiguring Apache to Serve PHP Index Files First

When someone navigates to a directory (for example: http://yoursite.com/blog/), Apache will look for an index file in that directory (index.html, index.cgi, etc). In order to ensure that Apache looks for PHP files first, you’ll need to modify Apache’s dir.conf file:

sudo nano /etc/apache2/mods-enabled/dir.conf

To make the change, find and swap index.html with index.php, hit Ctrl+O to save the file and Ctrl+X to exit nano.

<IfModule mod_dir.c>
  DirectoryIndex index.php index.cgi index.pl index.html index.xhtml index.htm
</IfModule>

Now that you’ve modified Apache’s configuration, you’re going to need to restart Apache in order for these changes to be recognized by Apache:

sudo systemctl restart apache2

Testing PHP

The last thing to do before calling it quits (for now that is!) is to check to see if PHP is properly set up and able to process web pages. The simplest way to do so it to create a PHP file that will provide you with information about your PHP install:

echo "<?php phpinfo(); ?>" > /var/www/html/info.php

Now that you have created the file info.php, you need to point your browser to see if it works by browsing to it (for example:http://123.123.123.123/info.php). If a page similar to the one below, PHP is functioning properly.

PHP Information

It’s a good idea to remove this file once you are done testing, as it contains quite a bit of information about your server that doesn’t need to be floating out on the web:

rm -f /var/www/html/info.php

What Now?

Start building! You’ve now got everything that you need to create a full-fledged dynamic website.

Interested in doing this yourself? Like this guide and want to help me out? Please consider using my referral link to signup with DigitalOcean. You’ll get a $10 credit if you sign up!