Latest Posts

2025-01-15 13:38:30

Lamp Server Setup

2024-12-24 20:10:46

Securing a VPS

2024-09-17 09:50:58

Git commands

Lamp Server Setup

How to Install and Set-up an Ubuntu Lamp Server
Setting up a LAMP stack is an important step in hosting websites and web applications. The LAMP stack (Linux, Apache, MySQL, and PHP) provides a stable foundation for developers to produce dynamic web content. This guide will walk you through the installation and configuration of a LAMP server on an Ubuntu system.

What is a LAMP Stack?
Web servers are powered by an open-source software package known as a LAMP stack. Below is a summary of every element: The primary operating system that controls server resources is Linux. • Apache: A popular web server program that provides content for websites. • MySQL: An application data storage and retrieval database management system. • PHP: A server-side scripting language that makes server-side logic and dynamic content possible. A strong and flexible environment for launching websites and web apps is produced by this combination.

Requirements
Before beginning the LAMP stack installation, make sure your environment is adequately prepared to avoid issues throughout the setup process. The requirements are described in further detail below:

  1. Ubuntu Server 
    Verify that your Ubuntu server is operational. This could be a cloud-based instance, virtual machine, or physical server. Ubuntu serves as the operating system on which all other components of your LAMP stack are built. Download the most recent version of Ubuntu from the official website if you're starting from scratch, or use a cloud provider like AWS, DigitalOcean, or Google Cloud to set up a server instance.

  2. A User Account with `sudo` Privileges

    Administrative privileges are frequently required while running installation and setup operations. Without logging in as the root user, you can safely run these commands as a non-root user with `sudo` capabilities. To create such a user, follow these steps: 

             - Log in as root: 

                       ssh root@your_server_ip

             - Create a new user: 

                       adduser username

             - Grant `sudo` privileges: 

                       usermod -aG sudo username

      Always use this user for enhanced security.

  3. Basic Understanding of Command-Line Operations
    It is necessary to be familiar with the fundamental Linux command-line functions. You can troubleshoot and setup your server more efficiently if you know how to manage processes, navigate directories, and edit files with a text editor like `nano` or `vim`. To get comfortable with Linux, try practicing popular commands like `ls`, `cd`, `cp`, `mv`, and `chmod`.

  4. Minimum System Requirements

    Make sure your server satisfies or surpasses these fundamental requirements for optimum performance:

            - RAM: At least 1GB. This is crucial for running Apache, MySQL, and PHP smoothly. Although it is technically possible to operate a LAMP stack with less RAM, performance may suffer, particularly when the system is under strain.

Now that your environment is prepared and all prerequisites are in place, let’s dive into the step-by-step process of installing and configuring the LAMP stack on your Ubuntu server.

Step 1: Update the Package Manager
Before installing any software, ensure your package manager has the latest information about available software versions. This ensures you install the most up-to-date and secure versions.

This command fetches the latest metadata for software repositories configured on your server:

  • sudo apt update

Update all installed software to their latest versions:

  • sudo apt upgrade -y

If the upgrade includes critical system updates, you may need to reboot:

  • sudo reboot

Step 2: Install Apache
Apache is a powerful, open-source web server used to host websites.
Use the following command to install the Apache2 package:

  • sudo apt install apache2 -y

Once installed, verify that Apache is running:

  • sudo systemctl status apache2

Make sure Apache automatically starts whenever the server is rebooted:

  •  sudo systemctl enable apache2

Testing Apache:

  • Open a web browser and navigate to your server’s public IP address (e.g., http://your_server_ip).
  • You should see the default Apache welcome page, which confirms the installation was successful.

Step 3: Install MySQL
MySQL is a powerful database management system for managing and storing data for apps and websites.
Use this command to install the MySQL server package:

  • sudo apt install mysql-server -y

To secure MY SQL, run the below security script:

  • sudo mysql_secure_installation
  • Set a strong root password.
  • Remove anonymous users and test databases
  • Disable remote root logins for added security.

Check the installation of MySQL. Open the MySQL console and log in:

  • sudo mysql

Once inside, make sure it's working by running this quick command:

  • SHOW DATABASES;

Type exit to close the console.

Step 4: Install PHP
PHP is a programming language used to create dynamic online content.
To install PHP and the necessary modules for Apache and MySQL integration, use the following command:

  • sudo apt install php libapache2-mod-php php-mysql -y

Verify the PHP version that is installed:

  • php -v

Based on your application needs, you might require additional PHP modules. For example:

  • sudo apt install php-curl php-cli php-gd php-zip php-xml php-mbstring -y


Step 5: Configure Apache to Prioritize PHP Files
Apache must be aware that PHP files should be prioritized over other file formats, such as HTML.

Modify the configuration file:
The Apache dir.conf file should open.

  • sudo nano /etc/apache2/mods-enabled/dir.conf

Modify the file's priority making sure index.php comes before index.html:

  •     DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.html

Restart Apache:
Restarting the Apache service will apply the modifications:

  • sudo systemctl restart apache2


Step 6: Test PHP Integration
Testing guarantees that PHP and Apache are properly integrated.
Create a PHP test file info.php in the default web root directory:

  • sudo nano /var/www/html/info.php

Include the PHP code below:

  • phpinfo();
  • ?>

Use a browser to access the test file:
Open a web browser and visit http://your_server_ip/info.php. You should see the PHP information page, which confirms PHP is working.

Once verified, delete the test file for security reasons:

  • sudo rm /var/www/html/info.php


Step 7: Configure the Firewall 
Make sure your firewall permits online traffic for security.
Allow Apache traffic:
Enable Apache's full profile on the firewall using the command below:

  • sudo ufw allow in "Apache Full"

Verify the firewall's status by checking the modifications:

  • sudo ufw status


Conclusion
In this guide, you’ve successfully installed and configured a LAMP server on Ubuntu. This setup lays the foundation for hosting websites and applications. From here, you can:

  • Install a CMS such as WordPress.
  • Use SSL certificates to secure your server.
  • Performance should be optimized for applications with a lot of traffic.

CONTINUE READING

Securing a VPS

Securing a VPS: Best Practices for Enhanced Security

A Virtual Private Server (VPS) is a powerful solution for hosting websites and applications. However, securing it is essential to protect your data, users, and reputation. Follow these guidelines to harden your VPS security effectively:


1. Disable Root Login

The root account has unlimited privileges, making it a prime target for attackers. Disabling root login reduces the risk of unauthorized access.

Steps:

  1. Open the SSH configuration file:
    sudo nano /etc/ssh/sshd_config
    
  2. Find and update the following line:
    PermitRootLogin no
    
  3. Restart the SSH service:
    sudo systemctl restart sshd
    


2. Open Only Necessary Ports

Restricting open ports reduces the server's attack surface. Allow only essential ports like SSH (22), HTTP (80), HTTPS (443), and DNS (53).

Steps:

  1. Configure the firewall using ufw:
    sudo ufw allow 22    # SSH
    sudo ufw allow 80    # HTTP
    sudo ufw allow 443   # HTTPS
    sudo ufw allow 53    # DNS
    sudo ufw enable
    
  2. Check the active rules:
    sudo ufw status
    


3. Restrict Access to Sensitive Files

Sensitive files like /etc/passwd, wp-config.php, and others should have limited access.

Steps:

  1. Restrict wp-config.php:
    sudo chmod 600 /var/www/html/wp-config.php
    sudo chown www-data:www-data /var/www/html/wp-config.php
    
  2. Verify permissions for other critical files:
    ls -l /etc/passwd
    


4. Disable Unnecessary Modules

Unnecessary modules like autoindexing expose directory listings, which can reveal sensitive data.

Steps (for Apache):

  1. Disable autoindex:
    sudo a2dismod autoindex
    
  2. Restart Apache:
    sudo systemctl restart apache2
    


5. Harden PHP Configuration

Securing PHP prevents exposure of sensitive information and reduces vulnerabilities.

Steps:

  1. Open the PHP configuration file:

    sudo nano /etc/php/7.x/apache2/php.ini
    

    (Replace 7.x with your PHP version.)

  2. Make these changes:

    expose_php = Off
    disable_functions = exec,passthru,shell_exec,system
    
  3. Restart the server:

    sudo systemctl restart apache2
    


6. Install and Activate SSL

SSL encrypts communication between the server and clients, enhancing security.

Steps (using Let’s Encrypt):

  1. Install Certbot:
    sudo apt install certbot python3-certbot-apache
    
  2. Generate and apply the SSL certificate:
    sudo certbot --apache
    
  3. Verify SSL is active:
    sudo certbot renew --dry-run
    


7. Update WordPress Files & Folder Permissions

Incorrect permissions can allow unauthorized users to modify critical files.

Recommended WordPress Permissions:

  1. Update permissions for folders:
    sudo find /var/www/html/ -type d -exec chmod 755 {} \;
    
  2. Update permissions for files:
    sudo find /var/www/html/ -type f -exec chmod 644 {} \;
    


8. Secure wp-config.php Access

This file contains sensitive credentials and should not be accessed publicly.

Steps:

  1. Restrict access in .htaccess:
    <Files wp-config.php>
        Order Allow,Deny
        Deny from all
    </Files>
    
  2. Save the .htaccess file in the root WordPress directory.


9. Install Fail2Ban for Brute-Force Protection

Fail2Ban monitors logs and bans IPs attempting brute-force attacks.

Steps:

  1. Install Fail2Ban:
    sudo apt install fail2ban
    
  2. Configure Fail2Ban for SSH:
    sudo nano /etc/fail2ban/jail.local
    
    Add:
    [sshd]
    enabled = true
    port = ssh
    filter = sshd
    logpath = /var/log/auth.log
    maxretry = 3
    
  3. Restart Fail2Ban:
    sudo systemctl restart fail2ban
    


10. Install ClamAV for Malware Scanning

ClamAV helps detect and remove malware on your server.

Steps:

  1. Install ClamAV:
    sudo apt install clamav clamav-daemon
    
  2. Update the virus database:
    sudo freshclam
    
  3. Scan your server:
    sudo clamscan -r /var/www/html
    


11. WordPress Security Configurations

To secure your WordPress installation further:

  1. Install a security plugin like Wordfence or iThemes Security.
  2. Enable two-factor authentication (2FA) for admin accounts.
  3. Regularly update WordPress core, themes, and plugins.
  4. Use strong, unique passwords for all accounts.


Conclusion

By following these steps, your VPS will be fortified against common threats. Regular maintenance, updates, and monitoring are critical for sustained security. Don’t just set it and forget it—stay vigilant to keep your VPS and WordPress site secure.

CONTINUE READING

Git commands

Git Commands: Beginners Guide

Git is a distributed version control system used to track changes in code and collaborate with others on software development projects. It allows multiple developers to work on a project simultaneously, managing changes, merging code, and tracking each others progress overtime. Git is commonly used with services like GitHub, GitLab, or Bitbucket to host repositories and manage projects collaboratively.

To use Git efficiently and effectively, one needs Git commands to work on the tool. Git commands are instructions you use to interact with the Git version control system. They enable you to manage your codebase, track changes, collaborate with others, and control the workflow of your development process. These commands are executed through a terminal or command-line interface (CLI).

Categories of Git Commands:

Here are some common Git commands and their purposes:                                                                                      

1. Basic Commands                                                                             
  • git init: command is used to add a new Git repository in the current directory.
  • git cloneCreates a local working copy of an existing remote repository.
  • git status: Shows the current state of the working directory and staging area, indicating changes that are staged or untracked.
  • git add : Adds a file (or files) to the staging area, preparing them for a commit.
  • git commit -m "message": Commits the changes in the local repository with a descriptive message to describe to everyone and help them understand the changes made.

2. Branching and Merging
  • git branch: Is used to list all branches in the current repository. The active branch is highlighted.
  • git checkout Switches branches whenever the work is to be started in a different branch.
  • git mergeCommand is used to merge changes from one branch to another.
3. Pushing and Pulling