Ubuntu 18.04 set up LAMP server tutorial with Apache 2.4, PHP 7.2 and MySQL

Content

Install Apache 2.4

Apache2 is available as an Ubuntu package, therefore we can install it like this: sudo apt install apache2

Now direct your browser to http://192.168.1.100, and you should see the Apache2 default page.

The document root of the apache default vhost is /var/www/html on Ubuntu and the main configuration file is /etc/apache2/apache2.conf.

The configuration system is fully documented in /usr/share/doc/apache2/README.Debian.gz.

Install MySQL

We will install MariaDB instead of MySQL. MariaDB is a MySQL fork maintained by the original MySQL developer Monty Widenius. MariaDB is compatible with MySQL and provides interesting new features and speed improvements when compared to MySQL. Run the following command to install MariaDB-server and client:

sudo apt install mysql-server mysql-client

安装完成后使用命令 sudo service mysql start 启动服务。

安装过程中如果没有提示输入默认密码,则查看 /etc/mysql/debian.cnf文件即可获得其他账户的默认密码。(转载[https://stackoverflow.com/questions/33991228/what-is-the-default-root-pasword-for-mysql-5-7])

输入:sudo cat /etc/mysql/debian.cnf查看默认用户密码,下面使用默认用户登录mysql:

$ mysql -u debian-sys-maint -p
Enter password: // type 'blahblahblah', ie. password from debian.cnf
mysql> USE mysql
mysql> SELECT User, Host, plugin FROM mysql.user;
+------------------+-----------+-----------------------+
| User | Host | plugin |
+------------------+-----------+-----------------------+
| root | localhost | auth_socket |
| mysql.session | localhost | mysql_native_password |
| mysql.sys | localhost | mysql_native_password |
| debian-sys-maint | localhost | mysql_native_password |
+------------------+-----------+-----------------------+
4 rows in set (0.00 sec)
mysql> UPDATE user SET plugin='mysql_native_password' WHERE User='root';
mysql> COMMIT; // When you don't have auto-commit switched on

For MySQL 5.7+:UPDATE mysql.user SET authentication_string=PASSWORD('new_password') where user='root';

对于其他版本:ALTER USER 'root'@'localhost' IDENTIFIED BY 'new_password';

然后输入命令:

mysql> FLUSH PRIVILEGES;
mysql> COMMIT; // When you don't have auto-commit switched on
mysql> EXIT
$ sudo service mysql restart
$ mysql -u root -p
Enter password: // Yay! 'new_password' now works!

Install PHP 7.2

We can install PHP 7.2 and the Apache PHP module as follows:

sudo apt install php7.2 libapache2-mod-php7.2

Then restart Apache:

sudo systemctl restart apache2

Test PHP and get details about your PHP installation

The document root of the default web site is /var/www/html. We will now create a small PHP file (info.php) in that directory and call it in a browser. The file will display lots of useful details about our PHP installation, such as the installed PHP version.

nano /var/www/html/info.php

<?php
phpinfo();
?>

Now we call that file in a browser (e.g. http://192.168.1.100/info.php).

As you see, PHP 7.2 is working, and it’s working through the Apache 2.0 Handler, as shown in the Server API line. If you scroll further down, you will see all modules that are already enabled in PHP. MySQL is not listed there which means we don’t have MySQL/MariaDB support in PHP yet.

Get PHP modules

To get MySQL support in PHP, we can install the php7.2-mysql package. It’s a good idea to install some other PHP modules as well as you might need them for your applications. You can search for available PHP modules like this:

sudo apt-cache search php7.2

Pick the ones you need and install them like this:

sudo apt install php7.2-mysql php7.2-curl php7.2-gd php7.2-intl php-pear php-imagick php7.2-imap php-memcache  php7.2-pspell php7.2-recode php7.2-sqlite3 php7.2-tidy php7.2-xmlrpc php7.2-xsl php7.2-mbstring php-gettext php7.2-zip php7.2-bz2

Now restart Apache2:

sudo systemctl restart apache2

PHP 7 has now MySQL/MariaDB support as shown in phpinfo().

Change the limit size of uploading file in PHP

Edit php.ini file(/etc/php/7.2/apache2/php.ini) and edit contents below:

file_uploads = On;
upload_max_filesize = 500M;
post_max_size = 500M;
max_execution_time = 1800; Maximum execution time of each script, in seconds.
max_input_time = 1800; Maximum amount of time each script may spend parsing request data.
memory_limit = 128M; Maximum amount of memory a script may consume.

Host multiple websites

We can use the a2ensite tool to enable each of our sites like this:

sudo a2ensite example.com.conf
sudo a2ensite example-2.com.conf

Next, disable the default site defined in 000-default.conf:

sudo a2dissite 000-default.conf

When you are finished, you need to restart Apache to make these changes take effect:

sudo systemctl restart apache2

In other documentation, you may also see an example using the service command:

sudo service apache2 restart

This command will still work, but it may not give the output you’re used to seeing on other systems, since it’s now a wrapper around systemd’s systemctl.

Directory permission setting

Edit the file /etc/apache2/apache2.conf and add a item like this:

<Directory /home/ubuntu/www/>
    Options Indexes FollowSymLinks
    AllowOverride ALL
    Require all granted
</Directory>

Install the Opcache + APCu PHP cache to speed up PHP

APCu is a free PHP opcode cacher for caching and optimizing PHP intermediate code. It is strongly recommended to have an Opcache installed to speed up your PHP page.

APCu can be installed as follows:

sudo apt install php7.2-opcache php-apcu

Now restart Apache:

sudo systemctl restart apache2

Now reload http://192.168.1.100/info.php in your browser and scroll down to the modules section again. You should now find lots of new modules here. Please don’t forget to delete the info.php file when you don’t need it anymore as it provides sensitive details of your server. Run the following command to delete the file.

sudo rm -f /var/www/html/info.php

Get a free SSL Certificate from Let’s Encrypt

[https://certbot.eff.org]

The first step to secure the website with a Let’s Encrypt SSL Certificate is to install the python3-certbot-apache package. Run the following command:

sudo apt update
sudo apt install software-properties-common
sudo add-apt-repository ppa:certbot/certbot
sudo apt update
sudo apt install python3-certbot-apache

Certbot’s DNS plugins are also available for your system which can be used to automate obtaining a wildcard certificate from Let’s Encrypt’s ACMEv2 server. To use one of these plugins, you must have configured DNS for the domain you want to obtain a certificate for with a DNS provider that Certbot has a plugin for. A list of these plugins and more information about using them can be found here. To install one of these plugins, run the installation command above but replace python-certbot-apache with the name of the DNS plugin you want to install.

Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates certificate installation.

sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

sudo certbot renew --dry-run

Install phpMyAdmin

phpMyAdmin is a web interface through which you can manage your MySQL databases. It’s a good idea to install it:

sudo apt install phpmyadmin
ln -s /usr/share/phpmyadmin /var/www/html/phpmyadmin

You will see the following questions:

Web server to configure automatically: <-- Select the option: apache2
Configure database for phpmyadmin with dbconfig-common? <-- Yes
MySQL application password for phpmyadmin: <-- Press enter, apt will create a random password automatically.

Afterward, you can access phpMyAdmin under http://192.168.1.100/phpmyadmin/

Enable the SSL website in Apache

If you didn’t use “Let’s Encrypt” to enable SSL, you can enable it manually. SSL/ TLS is a security layer to encrypt the connection between the web browser and your server. Execute the following commands on your server to enable https:// support. Run:

sudo a2enmod ssl
sudo a2ensite default-ssl

which enables the ssl module and adds a symlink in the /etc/apache2/sites-enabled folder to the file /etc/apache2/sites-available/default-ssl.conf to include it into the active apache configuration. Then restart apache to enable the new configuration:

sudo systemctl restart apache2

Now test the SSL connection by opening https://192.168.1.100 in a web browser.

You will receive an SSL warning as the SSL certificate of the server is a “self-signed” SSL certificate, this means that the browser does not trust this certificate by default and you have to accept the security warning first. After accepting the warning, you will see the apache default page.

The closed “Green Lock” in front of the URL in the browser shows that the connection is encrypted.

There are two ways to get rid of the SSL warning, either replace the self-signed SSL certificate /etc/ssl/certs/ssl-cert-snakeoil.pem with an officially signed SSL certificate that you buy from an SSL Authority or you get a free SSL certificate from Let’s encrypt.

Links

[Read the original]