Project

General

Profile

Support #568

Updated by Daniel Curtis over 9 years ago

{{>toc}} 

 This is a simple guide for setting up a LAMP server on Debian 7 (wheezy); which is a Linux, Apache, MySQL, and PHP web server. When finished, web pages that are copied into the default @/var/www@ directory will be served. 

 h1. Prepare h2. Preparing The Server 

 This guide is assumed that a +Bare Debian install with only SSH Server+ access, a user that has sudo access. 

 * Obtain a root shell and upgrade the server: 
 <pre> 
 sudo -s 
 apt-get update && apt-get upgrade 
 </pre>   

 * Set the hostname in the hosts: 
 <pre> 
 vi /etc/hosts 
 </pre> 
 #* And add/modify the following: 
 <pre> 
 127.0.1.1       www.example.com www 
 </pre> 
 * And also edit the hostname file: 
 <pre> 
 vi /etc/hostname 
 </pre> 
 #* And add/modify the following: 
 <pre> 
 www 
 </pre> 

 * Reboot to apply the hostname settings: 
 <pre> 
 reboot 
 </pre> 

 h1. h2. Install Apache 2 

 * Install apache: 
 <pre> 
 apt-get install apache2 
 </pre> 

 h2. h3. Configure Apache 2 

 * Edit the default apache2 Vhost config: 
 <pre> 
 vi /etc/apache2/sites-available/default 
 </pre> 
 #* And add/modify the following VirtualHost block: 
 <pre> 
 <VirtualHost *:80> 
     ServerName www.example.com 

     DocumentRoot /var/www            
     <Directory /var/www> 
         Options -Indexes FollowSymLinks MultiViews 
         AllowOverride All 
         Order allow,deny 
         allow from all 
     </Directory> 
 </VirtualHost> 
 </pre> 
 #* *NOTE*: Make sure AllowOverride is set to ALL, or else the .htaccess file will not work. 

 * Restart apache2: 
 <pre> 
 service apache2 restart 
 </pre> 

 * Now navigate to http://www.example.com and the default *It Works!* should be displayed. 

 h2. Install MySQL 5.5 

 * Install MySQL server and client: 
 <pre> 
 apt-get install mysql-server mysql-client 
 </pre> 
 #* *NOTE*: During the setup a prompt will appear to set the *root* MySQL user password. Set a strong password and do not forget it. 

 h3. Configure a new MySQL database 

 * Log into the MySQL console: 
 <pre> 
 mysql -h localhost -u root -p 
 </pre> 
 #* Create the *webappuser* user with the *SuperSecretPassword* password and the *webappdb* database: 
 <pre> 
 CREATE USER 'webappuser'@'localhost' IDENTIFIED BY 'SuperSecretPassword';    
 CREATE DATABASE IF NOT EXISTS    `webappdb` CHARACTER SET utf8 COLLATE utf8_general_ci; 
 GRANT ALL PRIVILEGES ON `webappdb`.* TO 'webbappuser'@'localhost'; 

 flush privileges: 
 exit 
 </pre>  

 h2. Install PHP 5 

 * Install PHP 5 with the apache-php module and a few common PHP extensions: 
 <pre> 
 apt-get install php5 libapache2-mod-php5 php5-cli php5-mysql php5-mcrypt php5-gd 
 </pre> 

 * Restart apache for the php module to take effect: 
 <pre> 
 service apache2 restart 
 </pre> 

 h2. Securing Apache with SSL 

 * Install openssl: 
 <pre> 
 apt-get install openssl 
 </pre> 

 * Generate a strong SSL key and a CSR to send for signing by a CA: 
 <pre> 
 mkdir /etc/apache2/ssl && cd /etc/apache2/ssl 
 openssl req -sha512 -out www.example.com.csr -new -newkey rsa:4096 -nodes -keyout www.example.com.key 
 </pre> 
 * Make sure to securely copy the SSL certificate to *www.example.com.crt* 

 * Edit the apache2 default ssl Vhost config file: 
 <pre> 
 vi /etc/apache2/sites-available/default-ssl 
 </pre> 
 #* And Add the following: 
 <pre> 
 <VirtualHost *:443> 
     ServerName www.example.com 

     DocumentRoot /var/www             
     <Directory /var/www> 
         Options FollowSymLinks 
         AllowOverride All 
         Require all granted 
     </Directory> 

     SSLEngine on 

     SSLCertificateFile /etc/apache2/ssl/www.example.com.crt 
     SSLCertificateKeyFile /etc/apache2/ssl/www.example.com.key 

     <FilesMatch "\.(cgi|shtml|phtml|php)$"> 
         SSLOptions +StdEnvVars 
     </FilesMatch> 

     BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 
     BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown 
 </VirtualHost> 
 </pre> 

 * Change the SSL certificate and key ownership to the apache user: 
 <pre> 
 chown www-data:www-data /etc/apache2/ssl/www.example.com.{crt,key} 
 chmod o-rwx /etc/apache2/ssl/www.example.com.key 
 </pre> 

 * Enable the ssl apache modules: 
 <pre> 
 a2enmod ssl 
 </pre> 

 h3. Forcing SSL on a Website 

 * Enable forced SSL connection by setting the two lines from earlier in the @.htaccess@ file. Open the file for editing: 
 <pre> 
 vi /var/www/.htaccess 
 </pre> 
 #* Look for the following two lines, and remove the @#@ characters before them: 
 <pre> 
 RewriteCond %{HTTPS} !=on 
 RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] 
 </pre> 
 * Restart apache2: 
 <pre> 
 service apache2 restart 
 </pre> 

 * Now the website will be accessible from https://www.example.com 

 h1. Install MySQL 5.5 

 * Install MySQL server and client: 
 <pre> 
 apt-get install mysql-server mysql-client 
 </pre> 
 #* *NOTE*: During the setup a prompt will appear to set the *root* MySQL user password. Set a strong password and do not forget it. 

 h2. Configure a new MySQL database 

 * Log into the MySQL console: 
 <pre> 
 mysql -h localhost -u root -p 
 </pre> 
 #* Create the *webappuser* user with the *SuperSecretPassword* password and the *webappdb* database: 
 <pre> 
 CREATE USER 'webappuser'@'localhost' IDENTIFIED BY 'SuperSecretPassword';    
 CREATE DATABASE IF NOT EXISTS    `webappdb` CHARACTER SET utf8 COLLATE utf8_general_ci; 
 GRANT ALL PRIVILEGES ON `webappdb`.* TO 'webbappuser'@'localhost'; 

 flush privileges: 
 exit 
 </pre>  

 h1. Install PHP 5 

 * Install PHP 5 with the apache-php module and a few common PHP extensions: 
 <pre> 
 apt-get install php5 libapache2-mod-php5 php5-cli php5-mysql php5-mcrypt php5-gd 
 </pre> 
 #* PHP has many extensions, run the following to get a list of all available extensions: 
 <pre> 
 apt-cache search php5- 
 </pre> 

 * Restart apache for the php module to take effect: 
 <pre> 
 service apache2 restart 
 </pre> 

 h1. (Extra) Run Ruby Apps Applications With Passenger 

 h2. h3. Install Apache 2 Passenger 

 * Install the apache2 passenger module: 
 <pre> 
 apt-get install libapache2-mod-passenger 
 </pre> 

 * Edit the apache2 passenger config file: 
 <pre> 
 nano /etc/apache2/mods-available/passenger.conf 
 </pre> 
 #* And add/modify the apache user as the default passenger user: 
 <pre> 
 <IfModule mod_passenger.c> 
   PassengerRoot /usr 
   PassengerRuby /usr/bin/ruby 
   PassengerDefaultUser www-data 
 </IfModule> 
 </pre> 

 h3. Configure Ruby Application 

 * Edit the default apache2 Vhost config: 
 <pre> 
 vi /etc/apache2/sites-available/default 
 </pre> 
 #* And add/modify the following VirtualHost block: 
 <pre> 
 <VirtualHost *:80> 
     ServerName www.example.com 

     DocumentRoot /var/www/rubyapp/public            
     <Directory /var/www/rubyapp/public> 
         Options -Indexes FollowSymLinks -MultiViews 
         AllowOverride All 
         Order allow,deny 
         allow from all 
     </Directory> 
 </VirtualHost> 
 </pre> 

 * Edit the apache2 default ssl Vhost config file: 
 <pre> 
 vi /etc/apache2/sites-available/default-ssl 
 </pre> 
 #* And Add the following: 
 <pre> 
 <VirtualHost *:443> 
     ServerName www.example.com 

     DocumentRoot /var/www/rubyapp/public           
     <Directory /var/www/rubyapp/public> 
         Options FollowSymLinks 
         AllowOverride All 
         Require all granted 
     </Directory> 

     SSLEngine on 

     SSLCertificateFile /etc/apache2/ssl/www.example.com.crt 
     SSLCertificateKeyFile /etc/apache2/ssl/www.example.com.key 

     <FilesMatch "\.(cgi|shtml|phtml|php)$"> 
         SSLOptions +StdEnvVars 
     </FilesMatch> 

     BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 
     BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown 
 </VirtualHost> 
 </pre> 

 h1. Install A Default Web Site 

 This guide will install PicoCMS as the default website, in the @/var/www@ folder.  

 * Install git 
 <pre> 
 apt-get install git 
 </pre> 

 * Install PicoCMS: 
 <pre> 
 cd /var/www 
 git clone https://github.com/picocms/Pico.git . 
 </pre>

Back