Post

LAMP Install - Ubuntu 22.04

The LAMP Stack is an open-source platform and works on the Linux operating system. LAMP stack uses Apache web server, MariaDB relational database management system, and PHP object-oriented scripting language.

Update Server

1
2
3
sudo apt update
sudo apt upgrade
sudo apt install unzip curl lsb-release ca-certificates apt-transport-https software-properties-common -y

Install Apache

1
sudo apt install apache2 apache2-utils -y

Enable Apache

1
2
3
sudo systemctl enable apache2
sudo systemctl start apache2
sudo systemctl status apache2

Check to make sure Apache is working by opening a browser and going to http://server.ip

Apache2 Default Page

Install MariaDB

1
sudo apt install mariadb-server -y

Enable Mariadb

1
2
3
sudo systemctl enable mariadb
sudo systemctl start mariadb
sudo systemctl status mariadb

Secure MariaDB

1
sudo mysql_secure_installation

Configure it like this:

1
2
3
4
5
6
- Switch to unix_socket authentication [Y/n] y
- Change the root password? [Y/n] y
- Remove anonymous users? [Y/n] y
- Disallow root login remotely? [Y/n] y
- Remove test database and access to it? [Y/n] y
- Reload privilege tables now? [Y/n] y

You can now connect to the MariaDB server using the new password

1
mysql -u root -p

Installing PHP

1
sudo apt install -y php php-{common,cli,curl,fpm,gd,intl,mbstring,mysql,xml,zip}

Create Apache Virtualhost

First, create a root directory to hold your website’s files:

1
sudo mkdir -p /var/www/html/domain.com/

Then, change the ownership and group of the directory:

1
sudo chown -R www-data:www-data /var/www/html/domain.com/

After that, we create an Apache virtual host to serve the HTTP version of the website:

1
sudo nano /etc/apache2/sites-available/www.domain.com.conf

Add the following file:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
<VirtualHost *:80>

   ServerName domain.com
   ServerAlias www.domain.com
   ServerAdmin [email protected]
   DocumentRoot /var/www/html/www.domain.com

   ErrorLog ${APACHE_LOG_DIR}/www.domain.com_error.log
   CustomLog ${APACHE_LOG_DIR}/www.domain.com_access.log combined

   <Directory /var/www/html/www.domain.com>
      Options FollowSymlinks
      AllowOverride All
      Require all granted
   </Directory>

</VirtualHost>

Save and close the file, then restart the Apache webserver so that the changes take place:

1
2
3
sudo a2ensite www.domain.com.conf
sudo a2enmod ssl rewrite
sudo systemctl restart apache2

Secure Apache with Let’s Encrypt

First of all, you need to install Certbot to get an SSL certificate with Let’s Encrypt:

1
sudo apt install certbot python3-certbot-apache

Next, get your SSL certificate with Let’s Encrypt by following these steps:

1
sudo certbot --apache

You will need to follow the interactive prompt and install the certificate. Since there are two domains, we will install SSL certificates for both domains:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Account registered.

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: domain.com
2: www.domain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1,2
Requesting a certificate for domain.com and www.domain.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/domain.com/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/domain.com/privkey.pem
This certificate expires on 2022-12-10.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for domain.com to /etc/apache2/sites-available/www.domain.com-le-ssl.conf
Successfully deployed certificate for www.domain.com to /etc/apache2/sites-available/www.domain.com-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://domain.com and https://www.domain.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Auto-Renewal SSL

Let’s Encrypt certificates have 90 days of validity, and it is highly advisable to renew the certificates before they expire. You can test automatic renewal for your certificates by running this command:

1
sudo certbot renew --dry-run

Output:

1
2
3
4
5
6
7
8
9
10
11
12
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/domain.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Account registered.
Simulating renewal of an existing certificate for domain.com and www.domain.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded: 
  /etc/letsencrypt/live/domain.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
This post is licensed under CC BY 4.0 by the author.