LAMP stack stands for a software stack composed by Linux, Apache, MySQL and PHP (or Perl). It is used for many purposes and its common ground for system administrators. Since there are several of Linux distributions there are some differences in the way the LAMP stack is installed. In this guide we are using the latest Debian version available, 9.3.
Before we start installing stuff and configuring thins you have to notice some differences from for example Ubuntu, CentOS, RHEL or SuSE. Unlike Ubuntu, Debian gives you direct access to the root account. Apache configuration is different from traditional UNIX or the BSD’s. Instead of having every configurable aspect in one large file, mainly known as httpd.conf, several configuration directories and files are spread in the /etc/apache2 folder. It can be a bit confusing for the newbie or the senior administrator. However once it’s known how it’s organized it’s no big deal, although some (as I do) would prefer the more classic approach of everything in one file.
On Debian or Ubuntu modules can be enabled or disabled through the a2enmod or a2dismod commands respectively. Sites can be available and enabled as well. You may have configured one site, however it won’t work until you have enabled it through the a2ensite command.
This guide is not the holy grail whatsoever and supposes you have some knowledge on few things. One of those things is what a firewall is, what it does and some slight idea of networking. If you pretend to use this as a reference for a public facing website or web oriented service open to the internet at least do two things. First thing is setting ssh keys login only, as well as disabling the password login capacity (someone could not sniff your password but try some dictionary attacks or just discover it by trial an error or brute force it). Second is installing some kind of firewall and configuring it. If you have fallen into this page for whatever the reason and do not know anything about this (and want to know) visit the FreeBSD manual where you will find very descriptive yet short explanations on the basics. Yes, even this is a Linux guide, the FreeBSD manual is a good guide to understand unix-like systems.
If you find the articles in Adminbyaccident.com useful to you, please consider making a donation.
Use this link to get $200 credit at DigitalOcean and support Adminbyaccident.com costs.
Get $100 credit for free at Vultr using this link and support Adminbyaccident.com costs.
Mind Vultr supports FreeBSD on their VPS offer.
Before installing anything we shall update the system and repositories using the following commands.
albert@debian:~$ sudo apt-get update
[sudo] password for albert:
Ign:1 http://ftp.es.debian.org/debian stretch InRelease
Get:2 http://ftp.es.debian.org/debian stretch-updates InRelease [91.0 kB]
Hit:3 http://security.debian.org/debian-security stretch/updates InRelease
Hit:4 http://ftp.es.debian.org/debian stretch Release
Fetched 91.0 kB in 0s (111 kB/s)
Reading package lists... Done
albert@debian:~$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
albert@debian:~$
This system was already up to date and nothing had to be done. It is important to update the repositories since everything works altogether in harmony. Let’s now install the second piece of software of the LAMP stack on Debian 9.
albert@debian:~$ sudo apt-get install apache2
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0 ssl-cert
Suggested packages:
www-browser apache2-doc apache2-suexec-pristine | apache2-suexec-custom openssl- blacklist
The following NEW packages will be installed:
apache2 apache2-bin apache2-data apache2-utils libapr1 libaprutil1 libaprutil1-dbd-sqlite3 libaprutil1-ldap liblua5.2-0 ssl-cert
0 upgraded, 10 newly installed, 0 to remove and 0 not upgraded.
Need to get 2144 kB of archives.
After this operation, 7137 kB of additional disk space will be used.
Do you want to continue? [Y/n] y
After downloading the packages and installing them we can check if the system has enabled Apache as it happens to be the case on Debian 9. We do this by typing:
albert@debian:~$ sudo systemctl status apache2
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-01-10 22:22:22 CET; 40s ago
Main PID: 1575 (apache2)
CGroup: /system.slice/apache2.service
├─1575 /usr/sbin/apache2 -k start
├─1576 /usr/sbin/apache2 -k start
└─1577 /usr/sbin/apache2 -k start
Jan 10 22:22:22 debian systemd[1]: Starting The Apache HTTP Server...
Jan 10 22:22:22 debian apachectl[1564]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using
Jan 10 22:22:22 debian systemd[1]: Started The Apache HTTP Server.
albert@debian:~$
As we can see systemd has already launched it and it’s up and running with PID’s 1575, 1576 and 1577.
We can also start, stop, reload and see the status of Apache using the systemctl command. On modern Linux systems like Debian 7, 8 and 9, Centos 7, Ubuntu 15.04 and beyond (yes, 16.04 LTS too) the init system in charge is systemd. Without going deep into its purpose or its architecture at this stage we have to know it works different than previous init systems used in the main GNU/Linux distros or commercial products such as SysV or Upstart.
In order to start or stop Apache, or any other service we will use:
sudo systemctl start servic-name
sudo systemctl stop service-name
To reload a service we will:
sudo systemctl reload service-name
And to check the status we’ll do as we did above:
sudo systemctl status service-name
If we happen to compile or install the LAMP stack manually and for whatever the reason the software isn’t marked as activated (started) at boot time we can enable this manually by typing:
sudo systemctl enable service-name.service
So for the Apache web server this would be:
sudo systemctl enable apache2.service
If we need to check if a piece of software is enabled to start at boot time:
sudo systemctl is-enabled service-name.service
Again as an example, with Apache we would check if it’s enabled or not by using the following:
sudo systemctl is-enabled apache2.service
We may also want some services to be restarted immediately after their failure. The default action for Apache on Debian is to restart on abort. As the systemd.service man page describes the specific case is:
If set to on-abort, the service will be restarted only if the service
process exits due to an uncaught signal not specified as a clean exit status.
If this is the desired behaviour just leave it as it is. If not look at the systemd.service man page for more information on this matter. The configuration files for actions is located in the following path:
/etc/systemd/system/multi-user.target.wants
The alternative, an easy way, to check Apache has been installed and is up and running is visiting our ip or website domain using our web browser. As an example:
Now let’s install the third component of the LAMP stack. The database which has traditionally been MySQL. Back on the day there was a company called MySQL AB was the company who developed this database back in 1995. Later Sun Microsystems bought it around the year 2008. A few years later Sun had severe financial problems and Oracle bought Sun. Since Oracle wasn’t perceived as a friendly company to open source as most of Sun’s products were many projects jumped off the boat. One of those was and still is lead by Michael Widenius, the main soul of MySQL. This fork was call MariaDB. MySQL was named after his daughter My. MariaDB is named after his other daughter. Easy, huh? Nowadays you can choose to install different flavours of MySQL databases. Many distros use MariaDB, although you can use MySQL or PerconaDB as well. Investigate which one suites your needs. We’ll be using MariaDB here and all the commands work on all three.
We install the latest MariaDB available in the default Debian 9 repo by typing the following:
albert@debian:~$ sudo apt-get install mariadb-server-10.1
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
……….
Again, as we did before we’ll check if MariaDB has already been activated.
albert@debian:~$ sudo systemctl status mysql
● mariadb.service - MariaDB database server
Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-01-10 22:40:04 CET; 16s ago
Main PID: 3280 (mysqld)
Status: "Taking your SQL requests now..."
CGroup: /system.slice/mariadb.service
└─3280 /usr/sbin/mysqld
Jan 10 22:40:02 debian systemd[1]: Starting MariaDB database server...
Jan 10 22:40:03 debian mysqld[3280]: 2018-01-10 22:40:03 140340980462144 [Note] /usr/sbin/mysqld (mysqld 10.1.26-MariaDB-0+deb9u1) sta
Jan 10 22:40:04 debian systemd[1]: Started MariaDB database server.
albert@debian:~$
And of course it has been. However this is not fully installed. We have to follow the proper install of MariaDB. We will first type enter to set the root password and then enter to all the following questions to set the default configuration.
albert@debian:~$ sudo mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n]
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n]
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n]
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
albert@debian:~$
Let’s go now for the last piece on the LAMP stack. The PHP language. The latest version is 7.2, however the default version (secured and maintained) on Debian is 7.0. We’ll use the defaults here.
albert@debian:~$ sudo apt-get install php7.0
[sudo] password for albert:
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
libapache2-mod-php7.0 php-common php7.0-cli php7.0-common php7.0-json php7.0- opcache php7.0-readline
Suggested packages:
php-pear
The following NEW packages will be installed:
libapache2-mod-php7.0 php-common php7.0 php7.0-cli php7.0-common php7 php7.0-opcache php7.0-readline
0 upgraded, 8 newly installed, 0 to remove and 0 not upgraded.
Need to get 3560 kB of archives.
After this operation, 14.0 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
So there we have it. PHP has already been installed. We can check the installed version:
albert@debian:~$ php --version
PHP 7.0.27-0+deb9u1 (cli) (built: Jan 5 2018 13:51:52) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
with Zend OPcache v7.0.27-0+deb9u1, Copyright (c) 1999-2017, by Zend Technologies
albert@debian:~$
We will now do a simple test so we check Apache is really getting php scripts parsed and putting them onto the screen. To do that we will edit a small php script in a file and put it in the root of the web server directory. We will then go to our browser, call it from the URL and see what it displays.
We write the file using your favourite editor (we use vim here):
albert@debian:~$ sudo vi /var/www/html/info.php
This is the line we write:
<?php phpinfo(); ?>
And now we head to our browser and point to the ip or domain followed by a slash and the name of the file:
The result should be “long” web page where the PHP configuration information is displayed. If this is not showing up something is wrong. Remember to eliminate this file since you do not need anyone knowing how your server is configured.
There is still one missing point on this LAMP stack of ours. Now that we’ve checked PHP and the Apache web server are working together correctly we will also add the missing ingredient on the recipe: the module to “talk” to the MariaDB database.
albert@debian:~$ sudo apt-get install php7.0-mysql
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
php7.0-mysql
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 124 kB of archives.
After this operation, 489 kB of additional disk space will be used.
So this is it, the LAMP stack but on its very rough basics. You probably want to use some sort of application on top such as WordPress or Drupal. There are some missing important things to do if you pretend to use this server configuration for those programs. More on these on other articles.
Update 05-2020: In this Github repository you can read a few scripts for automatic LAMP stack installations.
If you find the articles in Adminbyaccident.com useful to you, please consider making a donation.
Use this link to get $200 credit at DigitalOcean and support Adminbyaccident.com costs.
Get $100 credit for free at Vultr using this link and support Adminbyaccident.com costs.
Mind Vultr supports FreeBSD on their VPS offer.