Going to Eleven: Adding an AMP to Your Linux Server
This is guide is the second in a series about setting up your own DigitalOcean droplet. In this guide you’ll be setting up the remainder of the LAMP stack used to host dynamic web pages.
LAMP? What’s That?
LAMP is an open source software stack that allows a server to host dynamic websites. The main components of the LAMP stack are:
- Linux - a Unix-like operating system
- Apache - a web server which is used to serve pages to users
- MySQL - a relational database management system that stores site data
- PHP - a server-side programming language used to generate dynamic web content
For the rest of this guide, I’m going to presume that you have already installed and set up Linux on your server. For a guide on setting up Ubuntu on a DigitalOcean droplet, see the following article: Creating and Securing a DigitalOcean Droplet.
Installing Apache is a relatively simple affair, in which you use
apt (Ubuntu’s package maanger) to download and install it.
To do so, you will want to check for the newest package list and install Apache:
sudo apt-get update sudo apt-get install apache2
You will be asked for your password, as you’re performing these actions with your
sudo privileges. Enter your password and hit
Y when you are prompted to install Apache.
Allowing Apache’s Web Traffic Through Your Firewall
Assuming that you’ve set up the UFW firewall, you’re going to need the ports for HTTP (and HTTPS) traffic open to allow requests for pages to reach Apache. To select the application profile and open the appropriate ports, type the following:
sudo ufw app list
You will be given a list of applications with profiles available on your server:
Available applications: Apache Apache Full Apache Secure OpenSSH Postfix ...
Your list might not look the same, however the applications that you are interested in all start with “Apache.” If you would like more information on what each application profile does, you can type:
sudo ufw app info "Apache Full"
Which will in turn give you information about the application and the ports that will be opened to support that application:
Profile: Apache Full Title: Web Server (HTTP,HTTPS) Description: Apache v2 is the next generation of the omnipresent Apache web server. Ports: 80,443/tcp
If you are only handling HTTP traffic, “Apache” will allow in just traffic on port 80. If you are going to be handling only HTTPS traffic “Apache Secure” will allow in traffic just on port 443. “Apache Full” will allow both HTTP and HTTPS traffic. (I used “Apache Full.”) To allow traffic through using an application profile, type:
sudo ufw allow in "Apache Full"
To check that Apache is set up and that UFW is allowing traffic through, you can open the web browser of your choice and navigate to your server’s public IP address: for example,
If the “Apache2 Ubuntu Default Page” page loads, you've been successful!
Installing MySQL is just as simple as installing Apache was, and you will be walked through the steps required to set up and secure. To start out, use
apt to install MySQL:
sudo apt-get install mysql-server
While installing MySQL, you will be asked to create a password to MySQL’s root account (which is similar to Unix/Linux’s root user account). Make sure to use a strong password for this account:
While not mandatory, it is highly recommended that you set a password for the MySQL administrative "root" user. If this field is left blank, the password will not be changed. New password for the MySQL "root" user:
Now that MySQL is installed, you’ll want to secure it. Luckily, there is a simple security script that helps lock down MySQL, which can be run with the with the following:
You’ll be asked a number of questions, all of which can safely be answered with
Y. I’ve included my answers and any notes I have.
VALIDATE PASSWORD PLUGIN can be used to test passwords and improve security. It checks the strength of password and allows the users to set only those passwords which are secure enough. Would you like to setup VALIDATE PASSWORD plugin? Press y|Y for Yes, any other key for No:
There are three levels of password validation policy: LOW Length >= 8 MEDIUM Length >= 8, numeric, mixed case, and special characters STRONG Length >= 8, numeric, mixed case, special characters and dictionary file Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG:
0, as I tend to like to use the XKCD password strength method for selecting passwords when I can. (And no, my password is not “correcthorsebatterystaple”…)
Using existing password for root. Estimated strength of the password: 100 Change the password for root ? ((Press y|Y for Yes, any other key for No) :
My password for root was already “secure,” so I selected
By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? (Press y|Y for Yes, any other key for No) :
I definitely don’t need that, so I selected
Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? (Press y|Y for Yes, any other key for No) :
Just like the server itself, I’m not going to be remotely logging into MySQL, so I selected
By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? (Press y|Y for Yes, any other key for No) :
I have no need for the “test” database, so I selected
Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? (Press y|Y for Yes, any other key for No) :
With that done, MySQL is ready to go!
Installing PHP is as simple as installing Apache and MySQL. Once again, you’ll use
apt to install PHP:
sudo apt-get install php libapache2-mod-php php-mcrypt php-mysql
Reconfiguring Apache to Serve PHP Index Files First
When someone navigates to a directory (for example:
http://yoursite.com/blog/), Apache will look for an index file in that directory (
index.cgi, etc). In order to ensure that Apache looks for PHP files first, you’ll need to modify Apache’s
sudo nano /etc/apache2/mods-enabled/dir.conf
To make the change, find and swap
index.php, hit Ctrl+O to save the file and Ctrl+X to exit nano.
<IfModule mod_dir.c> DirectoryIndex index.php index.cgi index.pl index.html index.xhtml index.htm </IfModule>
Now that you’ve modified Apache’s configuration, you’re going to need to restart Apache in order for these changes to be recognized by Apache:
sudo systemctl restart apache2
The last thing to do before calling it quits (for now that is!) is to check to see if PHP is properly set up and able to process web pages. The simplest way to do so it to create a PHP file that will provide you with information about your PHP install:
echo "<?php phpinfo(); ?>" > /var/www/html/info.php
Now that you have created the file
info.php, you need to point your browser to see if it works by browsing to it (for example:
http://22.214.171.124/info.php). If a page similar to the one below, PHP is functioning properly.
It’s a good idea to remove this file once you are done testing, as it contains quite a bit of information about your server that doesn’t need to be floating out on the web:
rm -f /var/www/html/info.php
Start building! You’ve now got everything that you need to create a full-fledged dynamic website.
Interested in doing this yourself? Like this guide and want to help me out? Please consider using my referral link to signup with DigitalOcean. You’ll get a $10 credit if you sign up!