Lamp Server Setup
How to Install and Set-up an Ubuntu Lamp Server
Setting up a LAMP stack is an important step in hosting websites and web applications. The LAMP stack (Linux, Apache, MySQL, and PHP) provides a stable foundation for developers to produce dynamic web content. This guide will walk you through the installation and configuration of a LAMP server on an Ubuntu system.
What is a
LAMP Stack?
Web servers are powered by an open-source software package known as a LAMP stack. Below is a summary of every element: The primary operating system that controls server resources is Linux. • Apache: A popular web server program that provides content for websites. • MySQL: An application data storage and retrieval database management system. • PHP: A server-side scripting language that makes server-side logic and dynamic content possible. A strong and flexible environment for launching websites and web apps is produced by this combination.
Requirements
Before beginning the LAMP stack installation, make sure your environment is adequately prepared to avoid issues throughout the setup process. The requirements are described in further detail below:
- Ubuntu
Server
Verify that your Ubuntu server is operational. This could be a cloud-based instance, virtual machine, or physical server. Ubuntu serves as the operating system on which all other components of your LAMP stack are built. Download the most recent version of Ubuntu from the official website if you're starting from scratch, or use a cloud provider like AWS, DigitalOcean, or Google Cloud to set up a server instance. - A User Account with `sudo` Privileges
Administrative privileges are frequently required while running installation and setup operations. Without logging in as the root user, you can safely run these commands as a non-root user with `sudo` capabilities. To create such a user, follow these steps:
- Log in as root:
ssh root@your_server_ip
- Create a new user:
adduser username
- Grant `sudo` privileges:
usermod -aG sudo username
Always use this user for enhanced security.
Basic Understanding of Command-Line Operations
It is necessary to be familiar with the fundamental Linux command-line functions. You can troubleshoot and setup your server more efficiently if you know how to manage processes, navigate directories, and edit files with a text editor like `nano` or `vim`. To get comfortable with Linux, try practicing popular commands like `ls`, `cd`, `cp`, `mv`, and `chmod`.- Minimum
System Requirements
Make sure your server satisfies or surpasses these fundamental requirements for optimum performance:
- RAM: At least 1GB. This is crucial for running Apache, MySQL, and PHP smoothly. Although it is technically possible to operate a LAMP stack with less RAM, performance may suffer, particularly when the system is under strain.
Now that your environment is prepared and all prerequisites are in place, let’s dive into the step-by-step process of installing and configuring the LAMP stack on your Ubuntu server.
Step 1:
Update the Package Manager
Before installing any software, ensure your package manager has the latest information about available software versions. This ensures you install the most up-to-date and secure versions.
This command fetches the latest metadata for software repositories configured on your server:
- sudo apt update
Update all installed software to their latest versions:
- sudo apt upgrade -y
If the upgrade includes critical system updates, you may need to reboot:
- sudo reboot
Step 2:
Install Apache
Apache is a powerful, open-source web server used to host websites.
Use the following command to install the Apache2 package:
- sudo apt install apache2 -y
Once installed, verify that Apache is running:
- sudo systemctl status apache2
Make sure Apache automatically starts whenever the server is rebooted:
- sudo systemctl enable apache2
Testing Apache:
- Open a web browser and navigate to your server’s public IP address (e.g.,
http://your_server_ip
). - You should see the default Apache welcome page, which confirms the installation was successful.
Step 3:
Install MySQL
MySQL is a powerful database management system for managing and storing data for apps and websites.
Use this command to install the MySQL server package:
- sudo apt install mysql-server -y
To secure MY SQL, run the below security script:
- sudo mysql_secure_installation
- Set a strong root password.
- Remove anonymous users and test databases
- Disable remote root logins for added security.
Check the installation of MySQL. Open the MySQL console and log in:
- sudo mysql
Once inside, make sure it's working by running this quick command:
- SHOW DATABASES;
Type exit to close the console.
Step 4:
Install PHP
PHP is a programming language used to create dynamic online content.
To install PHP and the necessary modules for Apache and MySQL integration, use the following command:
- sudo apt install php libapache2-mod-php php-mysql -y
Verify the PHP version that is installed:
- php -v
Based on your application needs, you might require additional PHP modules. For example:
- sudo apt install php-curl php-cli php-gd php-zip php-xml php-mbstring -y
Step 5:
Configure Apache to Prioritize PHP Files
Apache must be aware that PHP files should be prioritized over other file formats, such as HTML.
Modify the configuration file:
The Apache dir.conf file should open.
- sudo nano /etc/apache2/mods-enabled/dir.conf
Modify the file's priority making sure index.php comes before index.html:
- DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.html
Restart Apache:
Restarting the Apache service will apply the modifications:
- sudo systemctl restart apache2
Step 6:
Test PHP Integration
Testing guarantees that PHP and Apache are properly integrated.
Create a PHP test file info.php in the default web root directory:
- sudo nano /var/www/html/info.php
Include the PHP code below:
- phpinfo();
- ?>
Use a browser to access the test file:
Open a web browser and visit http://your_server_ip/info.php. You should see the PHP information page, which confirms PHP is working.
Once verified, delete the test file for security reasons:
- sudo rm /var/www/html/info.php
Step
7: Configure the Firewall
Make sure your firewall permits online traffic for security.
Allow Apache traffic:
Enable Apache's full profile on the firewall using the command below:
- sudo ufw allow in "Apache Full"
Verify the firewall's status by checking the modifications:
- sudo ufw status
Conclusion
In this guide, you’ve successfully installed and configured a LAMP server on Ubuntu. This setup lays the foundation for hosting websites and applications. From here, you can:
- Install a CMS such as WordPress.
- Use SSL certificates to secure your server.
- Performance should be optimized for applications with a lot of traffic.
Securing a VPS
Securing a VPS: Best Practices for Enhanced Security
A Virtual Private Server (VPS) is a powerful solution for hosting websites and applications. However, securing it is essential to protect your data, users, and reputation. Follow these guidelines to harden your VPS security effectively:
1. Disable Root Login
The root account has unlimited privileges, making it a prime target for attackers. Disabling root login reduces the risk of unauthorized access.
Steps:
- Open the SSH configuration file:
sudo nano /etc/ssh/sshd_config
- Find and update the following line:
PermitRootLogin no
- Restart the SSH service:
sudo systemctl restart sshd
2. Open Only Necessary Ports
Restricting open ports reduces the server's attack surface. Allow only essential ports like SSH (22), HTTP (80), HTTPS (443), and DNS (53).
Steps:
- Configure the firewall using
ufw
:sudo ufw allow 22 # SSH sudo ufw allow 80 # HTTP sudo ufw allow 443 # HTTPS sudo ufw allow 53 # DNS sudo ufw enable
- Check the active rules:
sudo ufw status
3. Restrict Access to Sensitive Files
Sensitive files like /etc/passwd
, wp-config.php
, and others should have limited access.
Steps:
- Restrict
wp-config.php
:sudo chmod 600 /var/www/html/wp-config.php sudo chown www-data:www-data /var/www/html/wp-config.php
- Verify permissions for other critical files:
ls -l /etc/passwd
4. Disable Unnecessary Modules
Unnecessary modules like autoindexing expose directory listings, which can reveal sensitive data.
Steps (for Apache):
- Disable
autoindex
:sudo a2dismod autoindex
- Restart Apache:
sudo systemctl restart apache2
5. Harden PHP Configuration
Securing PHP prevents exposure of sensitive information and reduces vulnerabilities.
Steps:
-
Open the PHP configuration file:
sudo nano /etc/php/7.x/apache2/php.ini
(Replace
7.x
with your PHP version.) -
Make these changes:
expose_php = Off disable_functions = exec,passthru,shell_exec,system
-
Restart the server:
sudo systemctl restart apache2
6. Install and Activate SSL
SSL encrypts communication between the server and clients, enhancing security.
Steps (using Let’s Encrypt):
- Install Certbot:
sudo apt install certbot python3-certbot-apache
- Generate and apply the SSL certificate:
sudo certbot --apache
- Verify SSL is active:
sudo certbot renew --dry-run
7. Update WordPress Files & Folder Permissions
Incorrect permissions can allow unauthorized users to modify critical files.
Recommended WordPress Permissions:
- Update permissions for folders:
sudo find /var/www/html/ -type d -exec chmod 755 {} \;
- Update permissions for files:
sudo find /var/www/html/ -type f -exec chmod 644 {} \;
8. Secure wp-config.php
Access
This file contains sensitive credentials and should not be accessed publicly.
Steps:
- Restrict access in
.htaccess
:<Files wp-config.php> Order Allow,Deny Deny from all </Files>
- Save the
.htaccess
file in the root WordPress directory.
9. Install Fail2Ban for Brute-Force Protection
Fail2Ban monitors logs and bans IPs attempting brute-force attacks.
Steps:
- Install Fail2Ban:
sudo apt install fail2ban
- Configure Fail2Ban for SSH:
Add:sudo nano /etc/fail2ban/jail.local
[sshd] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3
- Restart Fail2Ban:
sudo systemctl restart fail2ban
10. Install ClamAV for Malware Scanning
ClamAV helps detect and remove malware on your server.
Steps:
- Install ClamAV:
sudo apt install clamav clamav-daemon
- Update the virus database:
sudo freshclam
- Scan your server:
sudo clamscan -r /var/www/html
11. WordPress Security Configurations
To secure your WordPress installation further:
- Install a security plugin like Wordfence or iThemes Security.
- Enable two-factor authentication (2FA) for admin accounts.
- Regularly update WordPress core, themes, and plugins.
- Use strong, unique passwords for all accounts.
Conclusion
By following these steps, your VPS will be fortified against common threats. Regular maintenance, updates, and monitoring are critical for sustained security. Don’t just set it and forget it—stay vigilant to keep your VPS and WordPress site secure.
Git commands
Git Commands: Beginners Guide
Git is a distributed version control system used to track changes in code and collaborate with others on software development projects. It allows multiple developers to work on a project simultaneously, managing changes, merging code, and tracking each others progress overtime. Git is commonly used with services like GitHub, GitLab, or Bitbucket to host repositories and manage projects collaboratively.
To use Git efficiently and effectively, one needs Git commands to work on the tool. Git commands are instructions you use to interact with the Git version control system. They enable you to manage your codebase, track changes, collaborate with others, and control the workflow of your development process. These commands are executed through a terminal or command-line interface (CLI).
Categories of Git Commands:
Here are some common Git commands and their purposes: