Project

General

Profile

Support #568

Install a Linux, Apache2, MySQL, PHP Web Server on Debian

Added by Daniel Curtis over 10 years ago. Updated about 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Daniel Curtis
Category:
Web Server
Target version:
Debian
Start date:
02/21/2015
Due date:
% Done:

100%

Estimated time:
1.50 h
Spent time:
3.50 h

Description

This is a simple guide for setting up a LAMP server on Debian 7 (wheezy); which is a Linux, Apache, MySQL, and PHP web server. When finished, web pages that are copied into the default /var/www directory will be served.

Prepare The Server

This guide is assumed that a Bare Debian install with only SSH Server access, a user that has sudo access.

  • Obtain a root shell and upgrade the server:
    sudo -s
apt-get update && apt-get upgrade
  • Set the hostname in the hosts:
    vi /etc/hosts
    • And add/modify the following:
      127.0.1.1     www.example.com www
  • And also edit the hostname file:
    vi /etc/hostname
    • And add/modify the following:
      www
  • Reboot to apply the hostname settings:
    reboot

Install Apache 2

  • Install apache:
    apt-get install apache2

Configure Apache 2

  • Edit the default apache2 Vhost config:
    vi /etc/apache2/sites-available/default
    • And add/modify the following VirtualHost block:
      <VirtualHost *:80>
    ServerName www.example.com

    DocumentRoot /var/www           
    <Directory /var/www>
        Options -Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>
</VirtualHost>
    • NOTE: Make sure AllowOverride is set to ALL, or else the .htaccess file will not work.
  • Restart apache2:
    service apache2 restart

Install MySQL 5.5

  • Install MySQL server and client:
    apt-get install mysql-server mysql-client
    • NOTE: During the setup a prompt will appear to set the root MySQL user password. Set a strong password and do not forget it.

Configure a new MySQL database

  • Log into the MySQL console:
    mysql -h localhost -u root -p
    • Create the webappuser user with the SuperSecretPassword password and the webappdb database:
      CREATE USER 'webappuser'@'localhost' IDENTIFIED BY 'SuperSecretPassword';   
CREATE DATABASE IF NOT EXISTS  `webappdb` CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON `webappdb`.* TO 'webbappuser'@'localhost';

flush privileges;
exit

Install PHP 5

  • Install PHP 5 with the apache-php module and a few common PHP extensions:
    apt-get install php5 libapache2-mod-php5 php5-cli php5-mysql php5-mcrypt php5-gd
    • PHP has many extensions, run the following to get a list of all available extensions:
      apt-cache search php5-
  • Restart apache for the php module to take effect:
    service apache2 restart

(Extra) Install PhpMyAdmin

  • Install phpmyadmin:
    aptget install phpmyadmin
    • NOTE: Make sure to enable [X]apache2 when the prompt appears.
  • Open http://www.example.com/phpmyadmin to access phpmyadmin
    • NOTE: The setup will not secure the phpmyadmin install, it is usually a good idea to deny access to the phpmyadmin interface to everyone except a host or specific network like a LAN.

(Extra) Install Apache 2 Passenger

  • Install the apache2 passenger module:
    apt-get install libapache2-mod-passenger
  • Edit the apache2 passenger config file:
    nano /etc/apache2/mods-available/passenger.conf
    • And add/modify the apache user as the default passenger user:
      <IfModule mod_passenger.c>
  PassengerRoot /usr
  PassengerRuby /usr/bin/ruby
  PassengerDefaultUser www-data
</IfModule>
  • Edit the default apache2 Vhost config:
    vi /etc/apache2/sites-available/default
    • And add/modify the following VirtualHost block:
      <VirtualHost *:80>
    ServerName www.example.com

    DocumentRoot /var/www/rubyapp/public           
    <Directory /var/www/rubyapp/public>
        Options -Indexes FollowSymLinks -MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>
</VirtualHost>
  • Edit the apache2 default ssl Vhost config file:
    vi /etc/apache2/sites-available/default-ssl
    • And Add the following:
      <VirtualHost *:443>
    ServerName www.example.com

    DocumentRoot /var/www/rubyapp/public          
    <Directory /var/www/rubyapp/public>
        Options FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    SSLEngine on

    SSLCertificateFile /etc/apache2/ssl/www.example.com.crt
    SSLCertificateKeyFile /etc/apache2/ssl/www.example.com.key

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>

    BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>

Securing Apache with SSL

  • Install openssl:
    apt-get install openssl
  • Generate a strong SSL key and a CSR to send for signing by a CA:
    mkdir /etc/apache2/ssl && cd /etc/apache2/ssl
openssl req -sha512 -out www.example.com.csr -new -newkey rsa:4096 -nodes -keyout www.example.com.key
  • Make sure to securely copy the SSL certificate to www.example.com.crt
  • Edit the apache2 default ssl Vhost config file:
    vi /etc/apache2/sites-available/default-ssl
    • And Add the following:
      <VirtualHost *:443>
    ServerName www.example.com

    DocumentRoot /var/www            
    <Directory /var/www>
        Options FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    SSLEngine on

    SSLCertificateFile /etc/apache2/ssl/www.example.com.crt
    SSLCertificateKeyFile /etc/apache2/ssl/www.example.com.key

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
        SSLOptions +StdEnvVars
    </FilesMatch>

    BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
    BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
  • Change the SSL certificate and key ownership to the apache user:
    chown www-data:www-data /etc/apache2/ssl/www.example.com.{crt,key}
chmod o-rwx /etc/apache2/ssl/www.example.com.key
  • Enable the ssl apache modules:
    a2enmod ssl

Forcing SSL on a Website

  • Enable forced SSL connection by setting the two lines from earlier in the .htaccess file. Open the file for editing:
    vi /var/www/.htaccess
    • Look for the following two lines, and remove the # characters before them:
      RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
  • Restart apache2:
    service apache2 restart

Related issues

Related to GNU/Linux Administration - Support #566: Install BeansBooks on a Debian LAMP ServerClosedDaniel Curtis02/09/2015

Actions
Copied to GNU/Linux Administration - Support #570: Install Redmine on a Debian LAMP ServerClosedDaniel Curtis02/21/2015

Actions
Copied to GNU/Linux Administration - Support #571: Install Magento on a Debian LAMP ServerClosedDaniel Curtis02/21/2015

Actions
Copied to GNU/Linux Administration - Support #572: Install ownCloud on a Debian LAMP ServerClosedDaniel Curtis02/21/2015

Actions
Copied to GNU/Linux Administration - Support #573: Install Piwik on a Debian LAMP ServerClosedDaniel Curtis02/21/2015

Actions
Copied to GNU/Linux Administration - Support #575: Install WordPress on a Debian LAMP ServerClosedDaniel Curtis02/21/2015

Actions

Also available in: Atom PDF