Support #568
Updated by Daniel Curtis almost 10 years ago
{{>toc}} This is a simple guide for setting up a LAMP server on Debian 7 (wheezy); which is a Linux, Apache, MySQL, and PHP web server. When finished, web pages that are copied into the @/var/www@ directory will be served. h2. Preparing The Server This guide is assumed that a +Bare Debian install with only SSH Server+ access, a user that has sudo access. * Obtain a root shell and upgrade the server: <pre> sudo -s apt-get update && apt-get upgrade </pre> * Set the hostname in the hosts: <pre> vi /etc/hosts </pre> #* And add/modify the following: <pre> 127.0.1.1 www.example.com www </pre> * And also edit the hostname file: <pre> vi /etc/hostname </pre> #* And add/modify the following: <pre> www </pre> * Reboot to apply the hostname settings: <pre> reboot </pre> h2. Install Apache 2 * Install apache: <pre> apt-get install apache2 php5 libapache2-mod-php5 php5-cli php5-mysql php5-mcrypt php5-gd mysql-server mysql-client git openssl </pre> h3. Configure Apache 2 * Edit the default apache2 Vhost config: <pre> vi /etc/apache2/sites-available/default </pre> #* And add/modify the following VirtualHost block: <pre> <VirtualHost *:80> ServerName www.example.com DocumentRoot /var/www <Directory /var/www> Options -Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> </VirtualHost> </pre> #* *NOTE*: Make sure AllowOverride is set to ALL, or else the .htaccess file will not work. * Restart apache2: <pre> service apache2 restart </pre> * Now navigate to http://beans.example.com and the default *It Works!* should be displayed. h2. Install MySQL 5.5 * Install MySQL server and client: <pre> apt-get install mysql-server mysql-client </pre> #* *NOTE*: During the setup a prompt will appear to set the *root* MySQL user password. Set a strong password and do not forget it. h3. Configure a new MySQL database * Log into the MySQL console: <pre> mysql -h localhost -u root -p </pre> #* Create the *webappuser* user with the *SuperSecretPassword* password and the *webappdb* database: <pre> CREATE USER 'webappuser'@'localhost' IDENTIFIED BY 'SuperSecretPassword'; CREATE DATABASE IF NOT EXISTS `webappdb` CHARACTER SET utf8 COLLATE utf8_general_ci; GRANT ALL PRIVILEGES ON `webappdb`.* TO 'webbappuser'@'localhost'; flush privileges: exit </pre> h2. Install PHP 5 * Install PHP 5 with the apache-php module and a few common PHP extensions: <pre> apt-get install php5 libapache2-mod-php5 php5-cli php5-mysql php5-mcrypt php5-gd </pre> * Restart apache for the php module to take effect: <pre> service apache2 restart </pre> h2. Securing Apache with SSL * Install openssl: <pre> apt-get install openssl </pre> * Generate a strong SSL key and a CSR to send for signing by a CA: <pre> mkdir /etc/apache2/ssl && cd /etc/apache2/ssl openssl req -sha512 -out www.example.com.csr -new -newkey rsa:4096 -nodes -keyout www.example.com.key </pre> * Make sure to securely copy the SSL certificate to *www.example.com.crt* * Edit the apache2 default ssl Vhost config file: <pre> vi /etc/apache2/sites-available/default-ssl </pre> #* And Add the following: <pre> <VirtualHost *:443> ServerName www.example.com DocumentRoot /var/www <Directory /var/www> Options FollowSymLinks AllowOverride All Require all granted </Directory> SSLEngine on SSLCertificateFile /etc/apache2/ssl/www.example.com.crt SSLCertificateKeyFile /etc/apache2/ssl/www.example.com.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </pre> h3. Forcing SSL on a Website * Enable forced SSL connection by setting the two lines from earlier in the @.htaccess@ file. Open the file for editing: <pre> vi /var/www/.htaccess </pre> #* Look for the following two lines, and remove the @#@ characters before them: <pre> RewriteCond %{HTTPS} !=on RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] </pre> * Restart apache2: <pre> service apache2 restart </pre> * Now the website will be accessible from https://www.example.com