User Tools

Site Tools


install-lamp-stack

Install LAMP stack

Web server: Apache2

Install Apache:

apt-get install apache2
a2enmod rewrite

Configure Apache

Assign your server's IP address to NameVirtualHost in /etc/apache2/ports.conf:

NameVirtualHost 12.34.56.78:80

Assign your server's IP address to NameVirtualHost in /etc/apache2/sites-available/default:

<VirtualHost 12.34.56.78:80>

while editing this file, also change the default DocumentRoot to a leaf directory; leaving it at /var/www/ could be potentially exploited once we add the vhosts directories underneath.

DocumentRoot  /var/www/default

See also the Apache HTTP server documentation.

Configure VirtualHosts

For each virtual host to be supported on this server, create a file under /etc/apache2/sites-available/, e.g.:

vi /etc/apache2/sites-available/foobar.org
<VirtualHost 12.34.56.78:80> 
   ServerAdmin bla@foobar.org
   ServerName foobar.org
   ServerAlias www.foobar.org
   DocumentRoot /var/www/foobar.org/public_html/
   ErrorLog /var/www/foobar.org/logs/error.log 
   CustomLog /var/www/foobar.org/logs/access.log combined
</VirtualHost>  

Create the associated directories:

mkdir -p /var/www/foobar.org/public_html
mkdir /var/www/foobar.org/logs

Enable the site:

a2ensite foobar.org

Once all vhosts are created and enabled, reload the server:

/etc/init.d/apache2 reload

For more details, see Apache's vhosts documentation

If you haven't done so, change the A record to point to your Linode's IP address, using your domain registrar's DNS manager.

TODO: reverse proxy for static contents using nginx http://www.ubuntugeek.com/using-nginx-as-a-reverse-proxy-to-get-the-most-out-of-your-vps.html

Database: MySql

Documentation for MySQL: http://dev.mysql.com/doc/

Install MySql

apt-get install mysql-server

Assign a strong password to root. Configuration file is under: /etc/mysql/my.cnf

Configure MySql

Run the script mysql_secure_installation to further secure the installation.

Install PHP

install with:

apt-get install php5 php-pear php5-suhosin

Configure PHP in file /etc/php5/apache2/php.ini:

max_execution_time = 30
memory_limit = 64M
error_reporting = E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR
display_errors = Off 
log_errors = On 
error_log = /var/log/php.log  
register_globals = Off

Add MySql PHP integration:

apt-get install php5-mysql

finally restart apache:

/etc/init.d/apache2 restart

To test PHP, add the following file:

vi /var/www/default/phpinfo.php
<?php
phpinfo
?>

then navigate your browser to: http://12.34.56.78/phpinfo.php (using your actual IP address or domain name)

Secure your system

Firewall

Reduce the open ports to what is really needed, here: SSH, HTTP, HTTPS and DNS. The following sequence needs to be executed over a LISH connection, NOT over your regular SSH (the intermediate steps will block any existing SSH connection):

iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -p tcp -m multiport --destination-ports 22,53,80,443 -j ACCEPT
iptables -A INPUT -p udp -m multiport --destination-ports 53 -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

View IP tables:

iptables -L

Persist rules beyond reboot:

iptables-save > /etc/iptables.up.rules

create boot script:

vi /etc/network/if-pre-up.d/iptables
#!/bin/bash
/sbin/iptables-restore < /etc/iptables.up.rules
chmod +x /etc/network/if-pre-up.d/iptables  
install-lamp-stack.txt · Last modified: 2014/11/01 14:13 (external edit)