Installing Debian 10 (Buster) LAMP Server v1.0

botond published 2019/11/19, k - 14:25 time

Content

 

The 1. page content

 

Introductory

LAMP systems you can run dynamic web pages on your server or even on your home computer. In this description, a Debian 10 (Buster) we will build a LAMP server which will consist of the following components:

Unfortunately, phpMyAdmin is not part of the official Debian 10 (Buster) repository, so we will install it separately, but the other components will be installed in the usual way. APT package manager , which we can later update with the same.

There have been tutorials on installing LAMP servers, which can also be useful:

I also named this installation with the 1.0 version number, so if later add-ons (later versions) are added, I can more accurately refer to the LAMP version I need, with the correct version number.

Unlike previous traditions, this LAMP server is built to be able to build the perfect server from it later. This will make the installation parts of the LAMP components reusable, as they are also included in the perfect server. Hence, we can get to the next step in this server series with much less work. So it is important to follow the instructions here exactly so that you do not have any problems installing a perfect server later.
Update (2022-09-06):
The Debian 11 (Bullseye) version of the LAMP server is ready:

 

 

basic Conditions

This LAMP server requires a Install Debian 10 (Buster) Minimum Server or the Debian 10 (Buster) for minimum server download so that it works flawlessly. This is how I build the installation.
Of course, it can even be installed on a desktop computer with a graphical environment, the point is that the components of the LAMP system are now first installed on the machine for proper configuration and operation.

 

System Update

It is a good idea to start all major installation work by updating your system so that we can work with the latest packages during the process. To do this, log in as root and issue the following apt-get commands:

apt-get update
apt-get upgrade

 

Installing MariaDB

The Debian 10 (Buster) system is also the default MariaDB database server, so it's easy to install from the repository:

apt-get -y install mariadb-server mariadb-client

Securing your database

We can make our database server and databases more secure by making some settings. These security settings can be made at the same time mysql_secure_installation by running a command:

mysql_secure_installation

The program asks us some questions to answer:

Enter current password for root (enter for none): [Enter]
Set root password? [Y/n] y
New password: Adjuk meg az új root jelszót
Re-enter new password: Ismételjük meg
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
I have already written more about these questions and answers in the one I prepared earlier When installing a Debian 9 (Stretch) LAMP server, so we can find out more there.

Set defaults file

Security and automation are basic requirements. When using a command-line database, we may need automated solutions where we do not have to type passwords into the terminal, but can also use scripts to perform database-related background tasks in our absence. It is also important that our database passwords do not appear in your command line history or scripts to prevent them from falling into the wrong hands. This has already been mentioned, how to secure the command line database using defaults files, so we're configuring this now so you can use it later, like mysql command.

As root, open the /etc/mysql/debian.cnf file: 

nano /etc/mysql/debian.cnf

This contains the following content, which should be supplemented with the green highlighted sections:

# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host     = localhost
user     = root
password = '<adatbázis root jelszavunk>'
socket   = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host     = localhost
user     = root
password = '<adatbázis root jelszavunk>'
socket   = /var/run/mysqld/mysqld.sock
basedir  = /usr

So in the two password lines, set the new root password given above among the single apostrophes. Apostrophes are only needed if the password may contain spaces or other special characters, so it will work with them.

Root Access Testing

After configuring, test root access to the database server. Here we enter in three ways, illustrating the usability and security of the different modes.

Traditional login mode by typing the root password

To log in, run the following command:

mysql -u root -p

MariaDB root login by typing the password

Here you can see that the system will prompt you for the password and then log in. Although it is safe, it cannot be automated eg. scripts as it waits for user interaction.

 

 

Traditional login mode with a password command line

You can also enter by entering your password in advance:

mysql -u root -p<jelszavunk>

It is important that the -p option is followed directly by the password, so there should be no space between the option and the password!

MariaDB root login by entering the password at the command prompt

With this, you can automate it and run well in scripts because it does not wait for user intervention. however not safe at all, because as you can see in the picture, the password is out. This will display the command line history prompt history command output as well as looking at our scripts are also visible.

Login using the defaults file

And finally, automated and secure access using the defaults file:

mysql --defaults-file=/etc/mysql/debian.cnf

The result is:

MariaDB root login using the defaults file

So there is no user interaction here and the password is not displayed anywhere. The factory defaults file has the appropriate permissions that can only be read by root (600). Accordingly, if you create another defaults file, for example, for another user, we must ensure that the file has the same permissions setting, so that security is maintained.

The first two methods are used for illustrative purposes only, and the rest of the LAMP server installation will use the defaults file only.

 

Install Apache web server

To install Apache2, run the following:

apt-get -y install apache2 apache2-doc apache2-utils

The default webroot directory is a / Var / www / html. So by default this is one virtualhoszt is configured during installation, whose configuration file is located here: /etc/apache2/sites-enabled/000-default.conf

And this includes:

cat /etc/apache2/sites-enabled/000-default.conf
<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

For example, if you want to migrate the web root directory, you need to modify it in this file.

The main configuration file for Apache2 is: /etc/apache2/apache2.conf.

Testing Apache

Apache can be tested in the browser, the server IP address (for this server: 192.168.1.130):

Apache check

 

 

Installing PHP 7.3

The official repository for the Debian 10 (Buster) operating system contains the 7.3 PHP branch, which is currently the latest stable branch. To install it in a single step, you can run the following command, which already has some of the best PHP packages available to me:

apt-get -y install \
    apache2-suexec-pristine \
    libapache2-mod-fcgid \
    libapache2-mod-python \
    libapache2-mod-passenger \
    libapache2-mod-php \
    libruby \
    mcrypt \
    imagemagick \
    memcached \
    php-pear \
    php-memcache \
    php-imagick \
    php-gettext \
    php-apcu \
    php-yaml \
    php7.3 \
    php7.3-bcmath \
    php7.3-bz2 \
    php7.3-cgi \
    php7.3-cli \
    php7.3-common \
    php7.3-curl \
    php7.3-fpm \
    php7.3-gd \
    php7.3-imap \
    php7.3-intl \
    php7.3-json \
    php7.3-mbstring \
    php7.3-mysql \
    php7.3-opcache \
    php7.3-pspell \
    php7.3-recode \
    php7.3-soap \
    php7.3-sqlite3 \
    php7.3-tidy \
    php7.3-xml \
    php7.3-xmlrpc \
    php7.3-xsl \
    php7.3-zip
Here, if you modify this multi-line, long command, be sure to use only spaces for indents (the use of indents is optional, it only has aesthetic significance)! Also, there can be no spaces after the "\" characters at the end of lines, or the line break character "\" is no longer needed at the end of the last line.

In addition to these, you can search for even more PHP packages at apt-cache command if the requirements require:

apt-cache search php7.3
The above package includes all the necessary components, starting with the Apache PHP module add-ons. It also includes several packages that make this LAMP server suitable for upgrading to a later perfect server, so their installation is recommended.

Installation will end with a few lines of NOTICE:

NOTICE: Not enabling PHP 7.3 FPM by default.
NOTICE: To enable PHP 7.3 FPM in Apache2 do:
NOTICE: a2enmod proxy_fcgi setenvif
NOTICE: a2enconf php7.3-fpm
NOTICE: You are seeing this message because you have apache2 package installed.

This is perfectly normal, it is all noted because we have installed the PHP Apache package at the same time - which allows PHP to run as an Apache module - and PHP-FPM pack. Therefore, the installer tells us that the PHP FPM Server API mode is not enabled by default until it is enabled by the steps described.

We have two options for this:

Use PHP in the default mod_php mode

This is the default mode. All you need to do is put the desired PHP content in your web root and it is up and running. Let's create our standard php info file:

nano /var/www/html/phpinfo.php

Then add the lines you already know:

<?php
    phpinfo();
?>

Then open it in your browser:

phpinfo - Test the default mod_php

In the Server API line you can see the value "Apache 2.0 Handler".

If you need to put together a test environment as soon as possible, whether it is running PHP or meeting a rare compatibility requirement, this is the optimal choice.

However, in this case you can create additional virtual hosts, where you can use mod_php or PHP-FPM as well. I do not want to exaggerate this now, I have written about this before How to install PHP-FPM on a Debian 8 (Jessie) LAMP server . Of course, in that description, I made these settings with PHP 5.6, which does not change the setup process in this respect.

 

 

Migrate server to PHP-FPM

Another option is to globally migrate everything to PHP-FPM. This means that the old and obsolete mod_php will no longer be available from now on, as you will need to disable it in order to use PHP-FPM by default, as described in the installer above. To do this, run the following 4 command as root:

a2dismod php7.3
a2enmod proxy_fcgi setenvif
a2enconf php7.3-fpm
systemctl restart apache2

Here we turn off the current Apache php module, enable any other modules needed, enable FPM configuration, and finally restart Apache.

Then, if we refresh our previous phpinfo browser window, it will look like this:

phpinfo - Testing PHP-FPM

And with PHP-FPM, PHP comes in the default web root. This solution differs from the previous one in that it is enabled php7.3-fpm Apache configuration performs a redirect to FPM if it cannot find mod_php (disabled). I wrote about this in the link above on a similar topic.

PHP-FPM is more modern, safer and more efficient, so it is definitely recommended to use it. As well as if we later want to set the HTTP / 2-t, then this switching will be necessary anyway, but more on that in another description...

If you would like to switch back to the original mode, you can always do the reverse by running the above commands:

a2disconf php7.3-fpm
a2dismod proxy_fcgi setenvif
a2enmod php7.3
systemctl restart apache2

 

A next page we continue to build the LAMP server by installing and configuring phpMyAdmin ...

 

 

Navigation

This description consists of several pages: