Support #568
Updated by Daniel Curtis almost 10 years ago
{{>toc}}
This is a simple guide for setting up a LAMP server on Debian 7 (wheezy); which is a Linux, Apache, MySQL, and PHP web server. When finished, web pages that are copied into the @/var/www@ directory will be served.
h2. Preparing The Server
This guide is assumed that a +Bare Debian install with only SSH Server+ access, a user that has sudo access.
* Obtain a root shell and upgrade the server:
<pre>
sudo -s
apt-get update && apt-get upgrade
</pre>
* Set the hostname in the hosts:
<pre>
vi /etc/hosts
</pre>
#* And add/modify the following:
<pre>
127.0.1.1 www.example.com www
</pre>
* And also edit the hostname file:
<pre>
vi /etc/hostname
</pre>
#* And add/modify the following:
<pre>
www
</pre>
* Reboot to apply the hostname settings:
<pre>
reboot
</pre>
h2. Install Apache 2
* Install apache:
<pre>
apt-get install apache2
</pre>
h3. Configure Apache 2
* Edit the default apache2 Vhost config:
<pre>
vi /etc/apache2/sites-available/default
</pre>
#* And add/modify the following VirtualHost block:
<pre>
<VirtualHost *:80>
ServerName www.example.com
DocumentRoot /var/www
<Directory /var/www>
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
</pre>
#* *NOTE*: Make sure AllowOverride is set to ALL, or else the .htaccess file will not work.
* Restart apache2:
<pre>
service apache2 restart
</pre>
* Now navigate to http://www.example.com and the default *It Works!* should be displayed.
h2. Install MySQL 5.5
* Install MySQL server and client:
<pre>
apt-get install mysql-server mysql-client
</pre>
#* *NOTE*: During the setup a prompt will appear to set the *root* MySQL user password. Set a strong password and do not forget it.
h3. Configure a new MySQL database
* Log into the MySQL console:
<pre>
mysql -h localhost -u root -p
</pre>
#* Create the *webappuser* user with the *SuperSecretPassword* password and the *webappdb* database:
<pre>
CREATE USER 'webappuser'@'localhost' IDENTIFIED BY 'SuperSecretPassword';
CREATE DATABASE IF NOT EXISTS `webappdb` CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON `webappdb`.* TO 'webbappuser'@'localhost';
flush privileges:
exit
</pre>
h2. Install PHP 5
* Install PHP 5 with the apache-php module and a few common PHP extensions:
<pre>
apt-get install php5 libapache2-mod-php5 php5-cli php5-mysql php5-mcrypt php5-gd
</pre>
* Restart apache for the php module to take effect:
<pre>
service apache2 restart
</pre>
h2. Securing Apache with SSL
* Install openssl:
<pre>
apt-get install openssl
</pre>
* Generate a strong SSL key and a CSR to send for signing by a CA:
<pre>
mkdir /etc/apache2/ssl && cd /etc/apache2/ssl
openssl req -sha512 -out www.example.com.csr -new -newkey rsa:4096 -nodes -keyout www.example.com.key
</pre>
* Make sure to securely copy the SSL certificate to *www.example.com.crt*
* Edit the apache2 default ssl Vhost config file:
<pre>
vi /etc/apache2/sites-available/default-ssl
</pre>
#* And Add the following:
<pre>
<VirtualHost *:443>
ServerName www.example.com
DocumentRoot /var/www
<Directory /var/www>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/www.example.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/www.example.com.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</pre>
h3. Forcing SSL on a Website
* Enable forced SSL connection by setting the two lines from earlier in the @.htaccess@ file. Open the file for editing:
<pre>
vi /var/www/.htaccess
</pre>
#* Look for the following two lines, and remove the @#@ characters before them:
<pre>
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</pre>
* Restart apache2:
<pre>
service apache2 restart
</pre>
* Now the website will be accessible from https://www.example.com
h2. (Extra) Run Ruby Applications With Passenger
h3. Install Apache 2 Passenger
* Install the apache2 passenger module:
<pre>
apt-get install libapache2-mod-passenger
</pre>
* Edit the apache2 passenger config file:
<pre>
nano /etc/apache2/mods-available/passenger.conf
</pre>
#* And add/modify the apache user as the default passenger user:
<pre>
<IfModule mod_passenger.c>
PassengerRoot /usr
PassengerRuby /usr/bin/ruby
PassengerDefaultUser www-data
</IfModule>
</pre>
h3. Configure Ruby Application
* Edit the default apache2 Vhost config:
<pre>
vi /etc/apache2/sites-available/default
</pre>
#* And add/modify the following VirtualHost block:
<pre>
<VirtualHost *:80>
ServerName www.example.com
DocumentRoot /var/www/rubyapp/public
<Directory /var/www/rubyapp/public>
Options -Indexes FollowSymLinks -MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
</pre>
* Edit the apache2 default ssl Vhost config file:
<pre>
vi /etc/apache2/sites-available/default-ssl
</pre>
#* And Add the following:
<pre>
<VirtualHost *:443>
ServerName www.example.com
DocumentRoot /var/www/rubyapp/public
<Directory /var/www/rubyapp/public>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/www.example.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/www.example.com.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</pre>