Академический Документы
Профессиональный Документы
Культура Документы
Scan your Web-Server for Malware with ISPProtect now. Get Free Trial.
Preliminary Note
1. Installing MySQL or MariaDB
1.1 Install MySQL 5.7
1.2 Install MariaDB 10
2. Install Apache 2.4
3. Install PHP 7
4. Test PHP and get details about your PHP installation
5. Get MySQL / MariaDB support in PHP
6. Install the Opcache + APCu PHP cache to speed up PHP
7. Enable the SSL website in apache
8. Get a free SSL Certificate from Let's Encrypt
8.1 Let's encrypt Auto Renewal
9. Install phpMyAdmin
9.1 Root access to PHPMyAdmin with MariaDB
10 Virtual machine image download of this tutorial
11 Links
LAMP is short for Linux, Apache, MySQL, PHP. This tutorial shows how you can install an Apache web
server on an Ubuntu 16.04 LTS (Xenial Xerus) server with PHP 7 (mod_php) and MySQL / MariaDB support
and how to setup an SSL certificate with Let's encrypt. Additionally, I will install PHPMyAdmin to make
MySQL administration easier. A LAMP setup is a perfect basis for CMS systems like Joomla, Wordpress or
Drupal.
Preliminary Note
In this tutorial, I will use the hostname server1.example.com with the IP address 192.168.1.100.
These settings might differ for you, so you have to replace them where appropriate.
I recommend to use a minimal Ubuntu server setup as basis for the tutorial, that can be a virtual- or root
server image with an Ubuntu 16.04 minimal install from a web hosting company or you use our minimal
server tutorial to install a server from scratch.
I'm running all the steps in this tutorial with root privileges, so make sure you're logged in as root:
sudo su
The packages mysql-server and mysql-client are so called 'meta-packages', they install always the latest
MySQL version that is available from Ubuntu. Th latest version is currently MySQL 5.7.
We have set the root password for MySQL already during installation, but I would like to remove the
anonymous user and test database for security reasons. Run the mysql_secure_installation command below
to achieve that.
mysql_secure_installation
Remove test database and access to it? (Press y|Y for Yes, any other key for
No) : <-- y
- Dropping test database...
Success.
- Removing privileges on test database...
Success.
Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.
Reload privilege tables now? (Press y|Y for Yes, any other key for No) : <-- y
Success.
All done!
The MySQL setup has been secured now.
1.2 Install MariaDB 10
mysql_secure_installation
mysql -u root -p
and enter the MariaDB root password that you've set above. The result should be similar to the screenshot
below:
To leave the MariaDB shell, enter the command "quit" and press enter.
2. Install Apache 2.4
Apache 2 is available as an Ubuntu package, therefore we can install it like this:
Now direct your browser to http://192.168.1.100, and you should see the Apache2 default page (It
works!):
The document root of the apache default vhost is /var/www/html on Ubuntu and the main configuration
file is /etc/apache2/apache2.conf. The configuration system is fully documented
in /usr/share/doc/apache2/README.Debian.gz.
3. Install PHP 7
We can install PHP 7 and the Apache PHP module as follows:
<?php
phpinfo();
?>
Then change the owner of the info.php file to the www-data user and group.
As you see, PHP 7.0 is working, and it's working through the Apache 2.0 Handler, as shown in
the Server API line. If you scroll further down, you will see all modules that are already enabled in PHP5.
MySQL is not listed there which means we don't have MySQL / MariaDB support in PHP yet.
Pick the ones you need and install them like this:
apt-get -y install php7.0-mysql php7.0-curl php7.0-gd php7.0-intl php-pear php-imagick
php7.0-imap php7.0-mcrypt php-memcache php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-
tidy php7.0-xmlrpc php7.0-xsl php7.0-mbstring php-gettext
Now reload http://192.168.1.100/info.php in your browser and scroll down to the modules section
again. You should now find lots of new modules there:
Please don't forget to delete the info.php file when you don't need it anymore as it provides sensitive details
of your server. Run the following command to delete the file.
rm -f /var/www/html/info.php
a2enmod ssl
a2ensite default-ssl
which enables the SSL module and adds a symlink in the /etc/apache2/sites-enabled folder to the
file /etc/apache2/sites-available/default-ssl.conf to include it into the active apache configuration. Then
restart apache to enable the new configuration:
The closed "Green Lock" in front of the URL in the browser shows that the connection is encrypted.
There are two ways to get rid of the SSL warning, either replace the self-signed SSL
certificate /etc/ssl/certs/ssl-cert-snakeoil.pem with an officially signed SSL certificate that you buy from an
SSL Authority or you get a free SSL certificate from Let's encrypt, which I will describe in chapter 8.
8. Get a free SSL Certificate from Let's Encrypt
The first step to secure the website with a Let's Encrypt SSL Certificate is to install the python-letsencrypt-
apache package. Run the following command:
In the next step, we will request an SSL cert from Let's Encrypt, during this process, the Let's Encrypt
server tries to connect to your server trough the domain name that you provide to the letsencrypt
command. It is important that this domain name points to your server in DNS already so that the website is
reachable by its domain name on port 80 (http) already. If the website is not reachable from the internet,
then the creation of the Let's Encrypt SSL certificate will fail.
Before we can start to create the SSL cert, set the domain name in the vhost configuration file. Open the
default vhost file with an editor:
nano /etc/apache2/sites-available/000-default.conf
ServerName example.com
Right below the 'DocumentRoot' line. Replace example.com with the domain name of your own website.
Then create the SSL Certificate with this command:
Replace example.com with your domain name here again. The command will start a wizard that asks you
several questions.
Enter the email address where the administrator who is responsible for this website can be reached.
Accept the terms and conditions of the Let's Encrypt SSL authority.
Choose if you want to redirect non-SSL requests to https:// automatically. I'll select yes here to avoid
duplicate content problems when the website is available as http:// and https:// version.
When you access the website now with a browser, you will get redirected automatically to SSL and the
green lock in front of the URL bar in the browser shows that we are using a trusted SSL certificate now.
8.1 Let's encrypt Auto Renewal
Let's Encrypt SSL certificates are valid for a short period of 80 days only. Therefore we will setup a cronjob
now to auto-renew the SSL certificate when necessary. The command is 'letsencrypt renew'.
Setup a cronjob for LE auto renewal. Run:
crontab -e
to open the root crontab in an editor. Insert the following line at the end of the file:
save the file, this will activate the cronjob. This cronjob will call the Let's Encrypt renew command every
night at 1 am. The command will renew the SSL cert only when necessary (30 days before it expires), there
is no problem to run it every night.
9. Install phpMyAdmin
phpMyAdmin is a web interface through which you can manage your MySQL databases. It's a good idea to
install it:
The following step is required for MariaDB installations only, if you use MySQL 5.7, then skip this step.
MariaDB enables a plugin called "unix_socket" for the root user by default, this plugin prevents that the root
user can log into PHPMyAdmin and that TCP connections to MySQL are working for the root user. To get a
user with privileges to create other users and databases in PHPMyAdmin, I will create a new MySQL user
with the name "admin" with the same privileges than the root user.
Login to the MySQL database as root user on the shell:
mysql -u root
Create a new user with the name "admin" and password "howtoforge". Replace the password "howtoforge"
with a secure password in the commands below!
Suggested articles
131 Comment(s)
Add comment
Name *
Email *
p
Comments
dpkg-reconfigure phpmyadmin
and ensure that you select apache2 as config option. If no webserver config option is selected during
phpmyadmin installation, then the alias to accessphpmyadmin does not get added to the apache config.
dpkg-reconfigure phpmyadmin
then ensure that apache 2 is selected, there must show a cross for the apache option which gets enabled
with the whitespace key of your keyboard. If no cross is shown there, then apache is not active for
phpmyadmin and you wont be able to reach it then!
Thanks, but Apache 2.4 is valuable with the event module enabled, and ISPConfig won't work with it - it
insists on using morker right? Can't you change this so we can use the much better event, please? Thanks
Many thanks
wolfgang
muchas gracias despus de estar buscando como un loco y no poder andar el phpmyadmin, parece ser que
por este mtodo no da problemas.
Thanks,
mysql_secure_installation
Thanks you
Hi
You probably missed the fact that you need to put a mark in the selection of apache2 in the config. It
definitely looks like it's selected it when the red box is in the selection thing, but unless you press space it
won't mark it as selected and it won't configure it it for apache. Hope that makes sense?!
Cheers
Gareth