Building A Lamp Stack On Ubuntu 12.04
Posted by Joseph Quintero, Last modified by Joseph Quintero on 20 May 2013 03:55 PM
Building A Lamp Stack On Ubuntu 12.04
Whenever I build or make changes to a server I always try to write down what I have done. This makes for some great references on future builds. In addition, their are a ton of guides and tutorials available for building a LAMP stack, you should read them all, or atleast as many as you can. I say this because there are no absolutes when it comes to building these stacks, only our experiences. Sharing our experiences and allowing open conversation is the best way to gain more knowledge and insight. In that vain I'm sharing my latest server build. This build is on a Rackspace instance using Ubuntu 12.04 (upgraded from 11.10). This should work on any clean instance of Ubuntu 11.x or greater for which you have root access; be it bare metal or a cloud solution. In following this you will walk away with a functional LAMP stack.
I'll start by going to Rackspace and logging into my cloud control panel. Then click on Hosting -> Cloud Servers -> Add Server and choose an operating system. We will choose Ubuntu 11.10. You will get a dialog with the admin password make a note of this and the IP address from the server's overview page.
To access the server and begin this build open a terminal window and use ssh to access your new server. Replace xxx.xxx.xxx.xxx with your IP address.
The first thing you'll want to do is change the password. Type the command
You'll be prompted to enter a new password and to confirm it. I recommend using a password generation tool such as the one provide in LastPass. You should set this to 20+ characters using alphanumeric mixed case and special characters (remember you shouldn't be logging in as root very often). Test your password after you have changed it. If you are familiar with Ubuntu you will probably notice I'm not using sudo. That is because the Rackspace images give you root. Just use the [su] command to toggle between root and a less privileged user.
As I said, this tutorial is for Ubuntu 12.04 yet we grabbed an image for 11.10. That's because at the time of this writing Rackspace does not yet offer an Ubuntu 12.04 image, so we will just upgrade it from 11.10. We do this by making sure 11.10 has all of the latest updates, then we run a distribution upgrade. You will be prompted to make some choices throughout this process. I will accept say [Y], [y] or to all yes/no questions. I will accept the default for all other questions. If you have a reason for answering otherwise, do it. Every server is different, this should only be viewed as a guide.
You know you've reached the end of the upgrade when you the message "The system is going down for reboot NOW!". At this point, log back in through ssh.
If your greated with a the message "Welcome to Ubuntu 12.04 LTS (GNU/Linux 3.0.0-12-virtual x86_64)"; the upgrade was successful.
One of my favorite things about Ubuntu is the ease at which you can install the LAMP Stack.
You will be prompted to enter the password for the MySQL root user. Again I recommend using a password generation tool such as the one provide in LastPass. You should set this to 20+ characters using alphanumeric mixed case and special characters.
We will want to add a new user. This is the user that will be responsible for keeping the web sites and directories up to date. I will call this user webmaster. We will start by creating the user webmaster and setting the password for the user webmaster. Again I recommend using a password generation tool such as the one provide in LastPass. You should set this to 20+ characters using alphanumeric mixed case and special characters.
Next we will apply the desired privileges to our web directory. I like to keep my web directories on the default Apache path /var/www, granting privledges on this directory will assure webmaster can always do his thing. We will change ownership to the www-data user and the webmaster group. The user www-data is the PID of the Apache Process. This will allow the server as needed. The group webmaster is the group of the webmaster user. This allows us to login as the webmaster user or any user we assign to the webmaster group and make changes to the web directory.
I have found the following mods to be useful. If you application does not require something listed here, do not install it.
Again only install what you need. My needs require the following.
I like to use postfix to send email via PHP. You could use sendmail but in my experience postfix is a bit faster.
You will get a dialog asking "General type of mail configuration:". Choose the "Internet Site" option.
You will then be asked "System mail name:" Enter the fully qualified domain name (FQDN).
While I mostly interact with my server over SSH, FTP can be very useful. I'll install ProFTP on my server and Filezilla on my client machine. At this point I can get the best of both worlds, a simple FTP client over an SSH connection. Answer [Y] to all of the questions and choose the standalone option.
Personally, I do not like to run non-ssl sites, unless they are completely static. I would never suggest using a self-signed certificate in a production environment. However, they are handy for development and local environments. For the sake of a complete tutorial I will walk you through installing self-signed certificate. For a production site, replace the self signing with the directions supplied to you by your SSL vendor. I like to start with an SSL directory under /etc/apache2. From here it's a matter of creating the certificate files and telling your site configuration where to find them.
Create the self-signed certificate.
You will need to complete a certificate signing request (CSR). You will be asked several questions, since this is a self signed certificate, used in a non-production environment, you can just leave most of them blank or enter anything you want. I answered with the following
You may be asked some challenge questions, leave these blank.
Now we need to tell the server that a specific site can use the certificate. For the sake of argument we will just configure the default-ssl setup.
Find and comment out the following lines
Find the following line
And add the following right below it
You should now have the following
Now (re)load the ssl site configuration and restart Apache
phpMyAdmin is a good, high level tool for managing a MySQL database.
Choose apache2 Choose to db-common
You'll then be prompted for your MySQL root password, then you'll want to create a password for the phpMyAdmin application. The next step is telling apache how to access phpMyAdmin. You'll probably want to go to something like example.com/phpmyadmin or 10.10.10.10/phpmyadmin. Where example.com is you domain name and 10.10.10.10 is your sites IP. To do this, just tell Apache where to find phpMyAdmin.
Add the following line
Due to it's popularity phpMyAdmin is often the target of drive by attacks. You can add a little extra security by forcing SSL and putting phpMyAdmin behind an http password.
To force SSL and to create and force an http password create an .htaccess file in phpMyAdmins' web directory.
Add the following lines replacing with your servers IP.
Now create the credentials replacing valid user with the desired username.
Enter the desired password for . At this point you should be able to use your servers IP address to get to phpMyAdmin. If you set up a self-signed certificate try http:///phpmyadmin otherwise http:///phpmyadmin (you really never want to access this over http use https). You get a dialog for entering your http password. After a successful authentication you'll be redirected to the phpMyAdmin login screen. If you make to this screen, your server is ready to go!