sepdek July 4, 2017

The following set of shell commands are among the basic steps to setup a Linux-based web server (LAMP=Linux Apache MySQL PHP). The procedure has been tested on an Ubuntu 14.04.05 Trusty Tahr (LTS) installation. Most steps and procedures are based on the tutorial found in DigitalOcean and in the linked pages.

In the commands that follow variables are shown as tags in angle brackets, like: <username>.

  1. Enable ssh root access
  2. This might be needed if there is no remote ssh access (only web console or local).

    nano /etc/ssh/sshd_config
    # then change: PermitRootLogin yes
    # and then restart SSH:
    service ssh restart

  3. Create sudo user
  4. This is a useful user account with elevated privileges.

    adduser 
    usermod -aG sudo 

    It might be a good idea to log in with this user account and continue…

  5. Install Apache-MySQL-PHP
  6. # make sure everything is updated.
    sudo apt-get update
    # install Apache
    sudo apt-get install apache2
    # install MySQL
    sudo apt-get install mysql-server php5-mysql
    # create MySQL data structure
    sudo mysql_install_db
    # secure the MySQL installation
    sudo mysql_secure_installation
    # install PHP5
    sudo apt-get install php5 libapache2-mod-php5 php5-mcrypt
    # change the default file extension
    sudo nano /etc/apache2/mods-enabled/dir.conf
    # move the index.php at front of the list of filenames to load
    sudo service apache2 restart

  7. Install PhpMyAdmin
  8. # install phpmyadmin package
    sudo apt-get install phpmyadmin apache2-utils
    # edit the configuration file
    sudo nano /etc/apache2/apache2.conf
    # insert: Include /etc/phpmyadmin/apache.conf
    # and then restart the server one more time...
    sudo service apache2 restart
    # edit the apache configuration file of phpmyadmin
    sudo nano /etc/phpmyadmin/apache.conf 
    # add: AllowOverride All
    # just after: DirectoryIndex index.php
    # then create the .htaccess file
    sudo nano /usr/share/phpmyadmin/.htaccess
    # with the following contents
    AuthType Basic
    AuthName "Restricted Files"
    AuthUserFile /etc/apache2/.phpmyadmin.htpasswd
    Require valid-user
    # and now create the htpasswd file
    sudo htpasswd -c /etc/apache2/.phpmyadmin.htpasswd 
    # ...and restart the server one more time.
    sudo service apache2 restart

  9. Create SSL certificate on Apache
  10. # enable SSL
    sudo a2enmod ssl
    sudo service apache2 restart
    # create folder to save the keys and certificates
    sudo mkdir /etc/apache2/ssl 
    # create a self-signed SSL certificate that will expire in  days
    sudo openssl req -x509 -nodes -days  -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
    # set up the certificate
    sudo nano /etc/apache2/sites-available/default-ssl.conf
    # insert: 
    ServerName :443
    # just below the ServerAdmin email entry
    # also change SSLCertificateFile field to: 
    /etc/apache2/ssl/apache.crt
    # also change SSLCertificateKeyFile field to: 
    /etc/apache2/ssl/apache.key
    # enable the virtual host
    sudo a2ensite default-ssl
    sudo service apache2 reload

  11. Install the FTP service
  12. sudo apt-get install vsftpd
    sudo nano /etc/vsftpd.conf
    # make sure to have: 
    anonymous_enable=NO
    local_enable=YES
    write_enable=YES
    # check if needed to change: 
    chroot_local_user=YES
    sudo service vsftpd restart

  13. Give folder access of apache web server files to the user
  14. sudo apt-get install acl
    # give  access to the html folder
    sudo setfacl -m u::rwx /var/www/html

The result will be a basic setup running LAMP. The best way to access the files is through SFTP. The browsers will have HTTPS access (but the certificate will be self-signed, so the browsers will complain about it).

Additional/optional steps that might be handy

Unix user manipulation and www-data
#Add a new user to the www-data group
sudo useradd -g www-data 
sudo passwd 
#Add a new user to supplementary groups called www-data and ftp:
sudo groupadd 
sudo useradd -g  -G www-data,ftp 
sudo passwd 
#Add an existing user called  to the www-data group:
sudo usermod -a -G www-data  
#And check it:
id 
groups 
WordPress-specific tweak
#Shell command to give correct access to WordPress and be able to install plug-ins and themes (and have updates)
chown -R www-data:www-data /var/www
chmod -R ug+rw /var/www

 

Discussion

comments

Leave a comment.

Your email address will not be published. Required fields are marked*

This site uses Akismet to reduce spam. Learn how your comment data is processed.