User Tools

Site Tools


Install LAMP stack

Web server: Apache2

Install Apache:

apt-get install apache2
a2enmod rewrite

Configure Apache

Assign your server's IP address to NameVirtualHost in /etc/apache2/ports.conf:


Assign your server's IP address to NameVirtualHost in /etc/apache2/sites-available/default:


while editing this file, also change the default DocumentRoot to a leaf directory; leaving it at /var/www/ could be potentially exploited once we add the vhosts directories underneath.

DocumentRoot  /var/www/default

See also the Apache HTTP server documentation.

Configure VirtualHosts

For each virtual host to be supported on this server, create a file under /etc/apache2/sites-available/, e.g.:

vi /etc/apache2/sites-available/
   DocumentRoot /var/www/
   ErrorLog /var/www/ 
   CustomLog /var/www/ combined

Create the associated directories:

mkdir -p /var/www/
mkdir /var/www/

Enable the site:


Once all vhosts are created and enabled, reload the server:

/etc/init.d/apache2 reload

For more details, see Apache's vhosts documentation

If you haven't done so, change the A record to point to your Linode's IP address, using your domain registrar's DNS manager.

TODO: reverse proxy for static contents using nginx

Database: MySql

Documentation for MySQL:

Install MySql

apt-get install mysql-server

Assign a strong password to root. Configuration file is under: /etc/mysql/my.cnf

Configure MySql

Run the script mysql_secure_installation to further secure the installation.

Install PHP

install with:

apt-get install php5 php-pear php5-suhosin

Configure PHP in file /etc/php5/apache2/php.ini:

max_execution_time = 30
memory_limit = 64M
display_errors = Off 
log_errors = On 
error_log = /var/log/php.log  
register_globals = Off

Add MySql PHP integration:

apt-get install php5-mysql

finally restart apache:

/etc/init.d/apache2 restart

To test PHP, add the following file:

vi /var/www/default/phpinfo.php

then navigate your browser to: (using your actual IP address or domain name)

Secure your system


Reduce the open ports to what is really needed, here: SSH, HTTP, HTTPS and DNS. The following sequence needs to be executed over a LISH connection, NOT over your regular SSH (the intermediate steps will block any existing SSH connection):

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -p tcp -m multiport --destination-ports 22,53,80,443 -j ACCEPT
iptables -A INPUT -p udp -m multiport --destination-ports 53 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

View IP tables:

iptables -L

Persist rules beyond reboot:

iptables-save > /etc/iptables.up.rules

create boot script:

vi /etc/network/if-pre-up.d/iptables
/sbin/iptables-restore < /etc/iptables.up.rules
chmod +x /etc/network/if-pre-up.d/iptables  
install-lamp-stack.txt · Last modified: 2014/11/01 14:13 (external edit)