Basic Ubuntu LAMP Server Setup
Here is a basic LAMP server setup. The linux distro of choice is Ubuntu. LAMP stands for:
- Linux: (Ubuntu of course!)
- Apache: Free, open-source web server
- MySQL: Database server
- PHP
Wikipedia says that the ‘P’ can stand for one of several scripting languages, including Python or Perl; but for our purposes we’ll work with PHP.
1. Basic Install
Assuming you have already burned a CD from the Ubuntu iso, insert the CD and boot your computer (or start your VM). The installer will ask you several basic questions such as default language, keyboard layout, etc.You are also asked for basic initial software. Choose LAMP server and OpenSSH server from the list, and choose continue.
Finally, after setting an initial username, password and mysql root password, you are prompted to reboot.
2. Network Configuration
I like to do the bare minimum initial settings from the server terminal, then once I can log in using SSH, I’ll do the rest from my workstation at my desk. So, I’ll write from that perspective. My initial user in the examples is always ’serveradmin’, so you should always replace that with the user you configured during the install.
Assuming that you are booted up, setting at the terminal and are being prompted for a login, enter your user and password.
Once logged in the first thing I like to do is set up the network configuration. I’ll be setting a static IP address on my local LAN. I use nano for editing, substitute your fav editor if you wish :
sudo nano /etc/network/interfaces
Edit the following lines so that it matches your network:
# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address 192.168.1.115 netmask 255.255.255.0 gateway 192.168.1.1
Hit Ctrl-X then Y to save if using nano. Next we’ll need to be sure that the nameservers are set:
sudo nano /etc/resolv.conf
If there are nameservers already set, Ctrl-X to exit, otherwise edit or add the following lines to set nameservers:
nameserver ip1.add.for.dns nameserver ip2.add.for.dns
Hit Ctrl-X then Y to save if using nano. At this point I reboot, and head off to my desk and finish the configuration via SSH:
sudo shutdown -r now
3. User Configuration
A Note About Root: By default Ubuntu locks the root account and requires admin functions to be done by the use of ‘sudo‘. I find that this works just fine 98% of the time. My solution for this is to allow SSH login using keys only; which requires you to initially set a root password.
To do this first you will need to set a root password. SSH in to your server and enter:
sudo passwd
You will be prompted for your user password (to elevate with sudo), then you will be prompted to enter the root password. Once set you can log in to complete the SSH access using Keys article for both root and your user.
4. Update/Upgrade
Now we’ll update the package lists and update our software. First, check that we have the latest distribution updates:
sudo apt-get -u dist-upgrade
If there is an update, be sure to reboot before the next step, which is to update the repository lists, then upgrade any outdated software:
sudo apt-get update sudo apt-get upgrade
I suggest rebooting after this step because there may have been a kernel update, which typically requires a reboot to implement.
Now our server is updated and ready to go.
5. Install Webmin
I love working from the command line, and you can do everything webmin can do from the command line, but sometimes a GUI is simply easier to navigate. We’ll need to update the software sources list first:
sudo nano /etc/apt/sources.list
scroll to the bottom and add this line (check here to see if this info has been updated):
deb http://download.webmin.com/download/repository sarge contrib
Add the pgp key:
cd ~/ wget http://www.webmin.com/jcameron-key.asc apt-key add jcameron-key.asc
Finally, install webmin:
sudo apt-get update sudo apt-get install webmin
Now you should be able to open a browser to 192.168.1.115:10000 and log in to the webmin interface. By default, you access with the root user and password. I recommend that you add another user for webmin, and delete the root account.
6. Set Up Apache with Self-Signed Server Cert
In this step we’ll set up the default web directories, set up the initial virtualhost, and generate a self-signed certificate for use with SSL. For my servers, I like to have a main web directory at /var/www/sites, then have a directory for each site or project. Here we will be creating the ‘default’ virtualhost pages.
When doing work with certificates, I prefer to be logged in as root. So for this section, assume that I am logged in to the server as root.
First, we’ll make a work directory to hold the files:
mkdir certwork chmod 600 certwork cd certwork
Now we will generate a CA (Certificate of Authority) for the server. The Common Name of the CA and the Server certificates must NOT match. For example, in the next step you can use 192.168.1.115CA , and then use 192.168.1.115 (or the URL) as the Common name of the server cert in the following step. I am not going to reiterate all of the questions that openssl will ask; since this is a self-generated cert fo personal use, enter the information you think relevant.
openssl genrsa -des3 -out ca.key 4096 openssl req -new -x509 -days 365 -key ca.key -out ca.crt
The Common Name (CN) must be a real IP or URL:
openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
Finally, We’ll make a server.key which doesn’t cause Apache to prompt for a password on boot:
openssl rsa -in server.key -out server.key.insecure mv server.key server.key.secure mv server.key.insecure server.key
Now we’ll create the directory and copy the neccessary keys for apache to use:
mkdir /etc/apache2/ssl cp server.key /etc/apache2/ssl cp server.crt /etc/apache2/ssl
Next, we will need to enable the ssl module in apache. You can type:
a2enmod ssl
or you can use webmin for this; log in to webmin and go to:
Servers -> Apache Webserver ->Global Configuration -> Configure Apache Modules
Find ’ssl’ and enable it. Then restart apache. Now we will set up the apache configuration files and directories. First, set up the default directories:
mkdir /var/www/sites cd /var/www/sites mkdir default cd /var/www/sites/default mkdir http mkdir https cd /var/www/sites/default/http
Now, create an index file (mine will usually be php). Add some default content like ‘Hey this Works!’ or something:
nano index.php <h1>Hello, this is the http</h1>
Now do the same for the SSL directory for this site:
cd /var/www/sites/default/https nano index.php <h1>Hello, this is the https</h1>
For website work I usually create a user account with access limited to this directory. In this example, I’ll create a user: webadmin. Create the user and then update the permissions for the web directory:
adduser webadmin passwd webadmin addgroup webadmin adduser webadmin webadmin chown webadmin:webadmin -R /var/www/sites/
Finally, we need to edit the apache configuration files. We’ll make a copy of the original, then create a separate configuration file for SSL enabled sites:
cd /etc/apache2/sites-available cp /etc/apache2/sites-available/default default_original cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/ssl
Now edit the default config file:
nano /etc/apache2/sites-available/default
The default Configuration looks like this:
NameVirtualHost * <VirtualHost *> ServerAdmin webmaster@localhost DocumentRoot /var/www/ <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost>
I’ll edit it to point to our default directory:
NameVirtualHost 192.168.1.115:80 <VirtualHost 192.168.1.115:80> ServerAdmin your@email.com DocumentRoot /var/www/sites/default/http/ <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/sites/default/http/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ <Directory "/usr/lib/cgi-bin"> AllowOverride None Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch Order allow,deny Allow from all </Directory> ErrorLog /var/log/apache2/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog /var/log/apache2/access.log combined ServerSignature On Alias /doc/ "/usr/share/doc/" <Directory "/usr/share/doc/"> Options Indexes MultiViews FollowSymLinks AllowOverride None Order deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128 </Directory> </VirtualHost>
Save the file, and edit the file for the SSL default site as follows:
nano /etc/apache2/sites-available/ssl
NameVirtualHost 192.168.1.115:443
<VirtualHost 192.168.1.115:443>
ServerAdmin your@email.com
DocumentRoot /var/www/sites/default/https/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/sites/default/https/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/apache2/ssl-error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/server.crt
SSLCertificateKeyFile /etc/apache2/ssl/server.key
CustomLog /var/log/apache2/ssl-access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
Save the file and restart apache. You can use webmin (choose ‘apply setings’ in the apache section), or enter:
/etc/init.d/apache2 restart
Now if you visit http://192.168.1.115 you should see:
Hello, this is the http
If you visit https://192.168.1.115 you should see:
Hello, this is the https
(after the certificate warnings).
7. Conclusion
Now you should have a server ready to serve up web pages. There are certainly as many setup configurations as there are servers in the world, so hopefully this has given you a starting point on developing your own.
Tags: beginner
This entry was posted on Thursday, May 14th, 2009 at 4:53 pm and is filed under Server Admin. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.