In this tutorial, we will be showing you how to set up a LAMP stack on an Ubuntu 20.04 server. LAMP is an acronym that represents the Linux operating system, where we install an Apache web server with support for site data stored in a MySQL database, and dynamic content processed by PHP.
A LAMP stack is therefore a group of open-source software that is typically installed and working together in order to enable a server to host dynamic database-driven websites and web apps written in PHP.
Some components of the LAMP stack are interchangeable with other open-source software. For instance, Ubuntu can be replaced with almost any other flavor of Linux such as CentOS, Redhat, Suse, Debian, Manjaro, and many others.
The database component can work with MariaDB, PostgreSQL, and others as opposed to MySQL. The web server component can use the likes of Nginx instead of Apache.
For brevity’s sake and for the purposes of having a complete tutorial, we will be sticking with Ubuntu 20.04, Apache, MySQL, and PHP. We will also be using the versions that come as the Linux server’s default package.
Prerequisites
This tutorial assumes that you have an Ubuntu 20.04 server with a non-root sudo-enabled user account and a basic firewall. The steps in this tutorial can also work for Ubuntu 18.04 and prior versions to some extent.
Step 1: Install Apache and Update the Firewall Configuration
Use Ubuntu’s package manager, apt to install Apache:
$ sudo apt update
$ sudo apt install apache2Accept the installation prompts by pressing Y, then ENTER.
Once the installation is finished, you will need to adjust your firewall configuration to allow HTTP traffic in and out of the server.
Here we are using the UFW firewall. This firewall comes with convenient application profiles that you can use to allow and block certain protocols and ports. To list all currently available UFW application profiles, you can run the following command:
$ sudo ufw app listThe output will look something similar to this:
Available applications:
Apache
Apache Full
Apache Secure
OpenSSHWe are interested in the Apache profiles. This is what each of the three Apache profiles means:
- Apache: This profile opens only port 80 for unencrypted web traffic.
- Apache Full: This profile opens both port 80 for unencrypted web traffic and port 443 for encrypted traffic via TLS/SSL.
- Apache Secure: This profile opens only port 443 for encrypted traffic via TLS/SSL.
We will only allow connections on port 80 since this is a fresh install and we have not yet configured an SSL certificate. This can be changed later after the SSL certificate has been installed.
To only allow traffic on port 80, use the following Apache profile:
$ sudo ufw allow in "Apache"Verify the updated status using the following command:
$ sudo ufw statusStatus: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Apache ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Apache (v6) ALLOW Anywhere (v6) Apache is now installed and ready to use. You can vary this by accessing your server’s public IP address in your web browser.
http://your_server_ipThis should give you the default Ubuntu 20.04 Apache web page. It should look something like the one below and seeing this page means that Apache2 is installed and running well:
You can use the curl utility to contact icanhazip to tell you your server’s public IP address. Run the following command:
$ curl http://icanhazip.comStep 2 — Install MySQL
Next, we will need to install the database system to be able to store and manage data for your website. MySQL the popular database management system is the natural choice to use within PHP environments.
We will use apt to acquire and install this software. We do not need to update the apt index since we did it a few minutes ago in Step 1. Run the following command to get started:
$ sudo apt install mysql-serverConfirm installation by typing Y, and then ENTER at the prompt.
After installation is finished you will need to run a security script that comes pre-installed with MySQL. This script removes some insecure default settings and locks down access to your MySQL database server. You can run the interactive script by running:
$ sudo mysql_secure_installationYou will be asked if you want to configure the VALIDATE PASSWORD PLUGIN. This plugin will enforce strong passwords. This can be left unconfigured but you will need to ensure you use a strong password.
Answer Y for yes, or anything else to continue without enabling.
VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?
Press y|Y for Yes, any other key for No:If you answer “yes“, you’ll be asked to select a level of password validation. The following is what you will expect to see.
There are three levels of password validation policy:
LOW Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file
Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1Next, whether you chose to set up the VALIDATE PASSWORD PLUGIN, your server will next ask you to select and confirm a password for the MySQL root user. Either way, you should define a strong password here.
If you enabled password validation, you will be shown the password strength for the root password you just entered. Your server will ask if you want to continue with the password. If you are happy with your current password, enter Y for “yes” at the prompt:
Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : yFor the rest of the questions, press Y and hit the ENTER key at each prompt.
These other prompts will remove the anonymous user, the test database, disable remote root logins, then load these new rules so that MySQL immediately adopts the changes.
You can now test your new password and installation by running the following to open the MySQL console.
$ sudo mysqlThis connects to the MySQL server as the administrative database user root inferred by using sudo. This is the output you should see:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 22
Server version: 8.0.19-0ubuntu5 (Ubuntu)
Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> You can exit the MySQL console to continue with the setup by running the following command:
mysql> exitNote: You didn’t need to provide a password to connect as the root user even though you set one via the mysql_secure_installation script. This is not a security leak as with Ubuntu and MySQL, the default authentication method for the administrative MySQL user is unix_socket instead of password.
This ensures only system users with sudo privileges are allowed to log in as the root MySQL user. Setting a password for the root MySQL account works as a safeguard, in case the default authentication method is changed from unix_socket to password.
Also because of this, you won’t be able to use the administrative database root user to connect from your PHP application.
Therefore for increased security, you will need to have dedicated user accounts with less expansive privileges set up for every database that will be used to access your MySQL server from your PHP applications.
You can follow this phpMyAdmin tutorial here to learn how you can create additional users for use in your PHP applications as well as use it as a web-based client to manage your databases and their internal objects.
Note: It may currently be that the native MySQL PHP library mysqlnd doesn’t support caching_sha2_authentication which is the default authentication method for MySQL 8. Therefore, when creating database users for PHP applications on MySQL 8, you will need to make sure they are configured to use mysql_native_password instead.
Step 3 – Install PHP
Now that Apache and MySQL are installed, we are now ready to install PHP 7.4 packages which are available under the default repositories on Ubuntu 20.04 LTS. In addition to the PHP package, you will need to install the php-mysql module which will allow PHP to communicate with MySQL-based databases.
You will also need libapache2-mod-php to enable Apache to handle PHP files properly. The core PHP packages will be installed as dependencies automatically.
$ sudo apt install php libapache2-mod-php php-mysqYou can then run the following command to confirm your PHP version with the output below it:
$ php -vPHP 7.4.3 (cli) (built: Mar 26 2020 20:24:23) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with Zend OPcache v7.4.3, Copyright (c), by Zend TechnologiesYou have now successfully completed the install Apache, MySQL, and PHP on Ubuntu 20.04 LTS as a LAMP stack.
Manage Services
You will need to manage the above services occasionally. These are a few commands to aid you in starting, stoping, and restarting the said components.
To restart Apache and MySQL services, type:
$ sudo systemctl restart apache2
$ sudo systemctl restart mysqlTo start Apache and MySQL services, type:
sudo systemctl start apache2
$ sudo systemctl start mysqlTo stop Apache and MySQL services, type:
$ sudo systemctl stop apache2
$ sudo systemctl stop mysqlStep 4: Test PHP Processing on your Web Server
Next, we will create a PHP test script to confirm that Apache is able to handle and process requests for PHP files. Earlier we had tested the server with the default index.html file but this time we will need to do the same with the PHP file.
Create a new file named info.php inside your document root folder. The location of the document folder can be gotten from the default Apache web page. Visit that page using your web browser.
http://your_server_iphttp://your_server_ipIn the Document Root section, you will find the default Ubuntu document root path which is usually /var/www/html. We will save our file there using the following:
$ sudo nano /var/www/html/info.phpThis will open a blank file. Add the following PHP code, inside the file:
<?php
phpinfo();When you are finished, save and close the file.
Go to your web browser and enter the following URL:
http://your_server_ip/info.phpThis page provides information about your server as PHP sees it. If you can see this page in your browser, then your PHP installation is working as expected. Use this page for debugging, confirming modules, and other server configurations when needed.
For now, it’s advisable to remove the file as it reveals sensitive information about your PHP environment and your Ubuntu server. You can always recreate this page if you need to access the information again later. Use rm to delete the file right now:
$ sudo rm /var/www/html/info.phpConclusion
Now that you have reached this point, it means that you have successfully set up a base LAMP stack that is ready to serve websites and PHP applications. This is by no means a comprehensive tutorial that guides beyond the basics.
Here we have not addressed how to install Apache virtual hosts, how to connect to a MySQL database using PHP, or how to install an SSL certificate to encrypt your server requests and responses, or how to harden your server against cyber attacks as well as DDOS attacks and more. These will be covered in later tutorials.
Found this article interesting? Follow Brightwhiz on Facebook, Twitter, and YouTube to read and watch more content we post.
