Debian 11 (Bullseye) LAMP Server v1.0 Installation

botond published 2022/09/06, k - 17:12 time

Content

Introductory
basic Conditions
System Update
Install Apache web server
- Testing Apache
Installing PHP 7.4
Installing MariaDB
- Securing your database
Installing phpMyAdmin
- Testing phpMyAdmin
Install and configure UFW firewall (optional)
Download server
Conclusion

Introductory

A LAMP systems you can run dynamic web pages on your server or even on your home computer. In this description, a For Debian 11 (Bullseye) OS we will build a LAMP server which will consist of the following components:

Apache (version in Debian 11: 2.4.54)
MariaDB (version in Debian 11: 10.5.15)
PHP (version in Debian 11: 7.4)
phpMyAdmin (current version in Debian 11: 5.0.4)

The version numbers are the versions checked at the time of writing. Although Debian rarely changes the versions of various packages within a Debian major release lifecycle, changes may occur.

The good news is that phpMyAdmin is back in the official package repository in Debian 11, so it can be easily installed from there.

There have been tutorials on installing LAMP servers, which can also be useful:

Install Ubuntu 20.04 LTS (Focal Fossa) LAMP Server v1.0 (2020-10-21)
Debian 10 (Buster) LAMP server v1.0 installation (2019-11-19)
Install v18.04 on the Ubuntu 1.0 LTS (Bionic Beaver) LAMP Server (2019-08-06)
Installing Debian 9 (Stretch) LAMP Server v1.0 (2019-06-21)
Installing Debian 8 (Jessie) LAMP Server v1.0 (2019-02-09)

I also named this installation with the 1.0 version number, so if later add-ons (later versions) are added, I can more accurately refer to the LAMP version I need, with the correct version number.

Other installation guides will be built on this LAMP server in the future, so the steps in the description will be carried out exactly so that subsequent installations that refer to this can work without problems.

basic Conditions

This LAMP server requires a Debian 11 (Bullseye) minimal server installation guide, or if we create the description in Virtualbox, then a To download Debian 11 (Bullseye) minimal server so that it works flawlessly. This is how I build the installation.
Of course, it can even be installed on a desktop computer with a graphical environment, the point is that the components of the LAMP system are now first installed on the machine for proper configuration and operation.

System Update

First, log into the server on the console, or if you are monitoring the machine remotely, then SSH, then run the updater apt-get commands root-Kent:

apt-get update
apt-get upgrade

From now on, stay as root and continue the installation.

Install Apache web server

To install the Apache web server, run the following command:

apt-get -y install apache2 apache2-utils

The apache2 package is the HTTP server itself, that is apache2-utils and package is a collection of useful programs that add additional functionality to the web server. With its help, we can manage, for example, HTTP passwords, in the package htpasswd command, as well as many other add-ons.

The default webroot directory is a / Var / www / html. So by default this is one virtualhoszt is configured during installation, whose configuration file is located here: /etc/apache2/sites-enabled/000-default.conf

And this includes:

cat /etc/apache2/sites-enabled/000-default.conf

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

For example, if you want to migrate the web root directory, you need to modify it in this file.

The main configuration file for Apache2 is: /etc/apache2/apache2.conf.

Testing Apache

We can check the Apache service from the command line with the systemctl command:

systemctl status apache2

● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2022-08-30 19:15:07 CEST; 23h ago
       Docs: https://httpd.apache.org/docs/2.4/
   Main PID: 3100 (apache2)
      Tasks: 55 (limit: 4664)
     Memory: 9.7M
        CPU: 3.424s
     CGroup: /system.slice/apache2.service
             ├─3100 /usr/sbin/apache2 -k start
             ├─3103 /usr/sbin/apache2 -k start
             └─3104 /usr/sbin/apache2 -k start

aug 30 19:15:07 debian11 systemd[1]: Starting The Apache HTTP Server...
aug 30 19:15:07 debian11 systemd[1]: Started The Apache HTTP Server.

In case of proper operation, we should get an output like this. We can also check the operation of Apache, the server, from a browser IP address, or with the hostname - if we entered it in the computer's hosts file:

And here we can see the "welcome" page of Apache.

Installing PHP 7.4

In the official package repository of the Debian 11 (Bullseye) operating system, there is the PHP branch 7.4, so in this description we will now install it.

You can find information about installing older or newer versions of PHP from external packages in other tutorials:

Selection and installation of PHP packages

In Debian's official package repository, you can find many PHP add-ons, which are listed below apt-cache we can search for it using the command:

apt-cache search php7.4

php-amqp - AMQP extension for PHP
php-apcu - APC User Cache for PHP
php-apcu-bc - APCu Backwards Compatibility Module
php-ast - AST extension for PHP 7
php-ds - PHP extension providing efficient data structures for PHP 7
php-gearman - PHP wrapper to libgearman
php-geoip - GeoIP module for PHP
php-gmagick - Provides a wrapper to the GraphicsMagick library
php-gnupg - PHP wrapper around the gpgme library
php-igbinary - igbinary PHP serializer
php-imagick - Provides a wrapper to the ImageMagick library
php-lua - PHP Embedded lua interpreter
php-mailparse - Email message manipulation for PHP
php-memcache - memcache extension module for PHP
php-memcached - memcached extension module for PHP, uses libmemcached
php-mongodb - MongoDB driver for PHP
php-msgpack - PHP extension for interfacing with MessagePack
php-oauth - OAuth 1.0 consumer and provider extension
php-pcov - Code coverage driver
php-http - PECL HTTP module for PHP Extended HTTP Support
php-pinba - Pinba module for PHP
php-propro - propro module for PHP
php-ps - ps module for PHP
php-psr - PSR interfaces for PHP
php-radius - radius client library for PHP
php-raphf - raphf module for PHP
php-redis - PHP extension for interfacing with Redis
php-rrd - PHP bindings to rrd tool system
php-solr - PHP extension for communicating with Apache Solr server
php-ssh2 - Bindings for the libssh2 library
php-stomp - Streaming Text Oriented Messaging Protocol (STOMP) client module for PHP
php-uopz - UOPZ extension for PHP 7
php-uploadprogress - file upload progress tracking extension for PHP
php-uuid - PHP UUID extension
php-yac - YAC (Yet Another Cache) for PHP
php-yaml - YAML-1.1 parser and emitter for PHP
php-zmq - ZeroMQ messaging bindings for PHP
libapache2-mod-php7.4 - server-side, HTML-embedded scripting language (Apache 2 module)
libphp7.4-embed - HTML-embedded scripting language (Embedded SAPI library)
php7.4 - server-side, HTML-embedded scripting language (metapackage)
php7.4-bcmath - Bcmath module for PHP
php7.4-bz2 - bzip2 module for PHP
php7.4-cgi - server-side, HTML-embedded scripting language (CGI binary)
php7.4-cli - command-line interpreter for the PHP scripting language
php7.4-common - documentation, examples and common module for PHP
php7.4-curl - CURL module for PHP
php7.4-dba - DBA module for PHP
php7.4-dev - Files for PHP7.4 module development
php7.4-enchant - Enchant module for PHP
php7.4-fpm - server-side, HTML-embedded scripting language (FPM-CGI binary)
php7.4-gd - GD module for PHP
php7.4-gmp - GMP module for PHP
php7.4-imap - IMAP module for PHP
php7.4-interbase - Interbase module for PHP
php7.4-intl - Internationalisation module for PHP
php7.4-json - JSON module for PHP
php7.4-ldap - LDAP module for PHP
php7.4-mbstring - MBSTRING module for PHP
php7.4-mysql - MySQL module for PHP
php7.4-odbc - ODBC module for PHP
php7.4-opcache - Zend OpCache module for PHP
php7.4-pgsql - PostgreSQL module for PHP
php7.4-phpdbg - server-side, HTML-embedded scripting language (PHPDBG binary)
php7.4-pspell - pspell module for PHP
php7.4-readline - readline module for PHP
php7.4-snmp - SNMP module for PHP
php7.4-soap - SOAP module for PHP
php7.4-sqlite3 - SQLite3 module for PHP
php7.4-sybase - Sybase module for PHP
php7.4-tidy - tidy module for PHP
php7.4-xml - DOM, SimpleXML, XML, and XSL module for PHP
php7.4-xmlrpc - XMLRPC-EPI module for PHP
php7.4-xsl - XSL module for PHP (dummy)
php7.4-zip - Zip module for PHP
php-sass - PHP bindings to libsass - fast, native Sass parsing in PHP
php-tideways - Tideways PHP Profiler Extension
php-xdebug - Xdebug Module for PHP

I compiled my usual package selection from these, which I naturally updated and corrected based on the packages currently available here. With the following packages, you can install a PHP system that can be used more widely than the general one, with which you can run more complex websites, or CMS systems is.

The list of packages to be installed here can of course be modified according to our individual needs, if we need packages that are not listed here, or if we find any of them unnecessary.

Just for the sake of clarity, I divided the installation of the packages into two parts, which, as usual, I present folded into several lines. First, let's run the "shared" packages:

apt-get -y install \
    mcrypt \
    imagemagick \
    libapache2-mod-php7.4 \
    libphp7.4-embed \
    memcached \
    php-apcu \
    php-gnupg \
    php-http \
    php-imagick \
    php-memcache \
    php-memcached \
    php-pear \
    php-php-gettext \
    php-sass \
    php-uploadprogress \
    php-yaml

These packages are also used by other PHP versions if we install them later.

Quite a lot of settings are made here, and due to package dependencies, some packages starting with "php7.4-" are also added.

Now let's install the Debian 11 (Bullseye) 7.4 PHP packages, some of which have already been installed due to dependencies, but for this reason I will not remove them from the list, just in case someone has not installed something from the above and then they would not be added these packages at all.

apt-get -y install \
    php7.4 \
    php7.4-bcmath \
    php7.4-bz2 \
    php7.4-cgi \
    php7.4-cli \
    php7.4-common \
    php7.4-curl \
    php7.4-fpm \
    php7.4-gd \
    php7.4-imap \
    php7.4-intl \
    php7.4-json \
    php7.4-mbstring \
    php7.4-mysql \
    php7.4-opcache \
    php7.4-pspell \
    php7.4-soap \
    php7.4-sqlite3 \
    php7.4-tidy \
    php7.4-xml \
    php7.4-xmlrpc \
    php7.4-xsl \
    php7.4-zip

After installing the packages, restart Apache:

systemctl restart apache2

Installation will end with a few lines of NOTICE:

NOTICE: Not enabling PHP 7.4 FPM by default.
NOTICE: To enable PHP 7.4 FPM in Apache2 do:
NOTICE: a2enmod proxy_fcgi setenvif
NOTICE: a2enconf php7.4-fpm
NOTICE: You are seeing this message because you have apache2 package installed.

This is perfectly normal, it is all noted because we have installed the PHP Apache package at the same time - which allows PHP to run as an Apache module - and PHP-FPM package too. That is why the installer informs us that the PHP FPM server API mode is not enabled by default until we enable it with the described steps.

We'll first test PHP as the current Apache module, then switch (globally) to PHP-FPM and try it that way.

Testing PHP - as an Apache module (mod_php)

Let's create a phpinfo file with which we can see the data of the PHP runtime:

nano /var/www/html/phpinfo.php

Then add the lines you already know:

1
2
3
<?php
    phpinfo();
?>

Then open it in your browser:

In the Server API row, we can see the value "Apache 2.0 Handler". In this case, PHP runs as an Apache module, which is an outdated technology. It is advisable to switch the server to PHP-FPM.

Migrate server to PHP-FPM

The global switch to PHP-FPM means that mod_php will no longer be available from now on, as we will be turning it off. Of course, it can be restored later if necessary, but it is not really necessary today.

To switch globally to PHP-FPM for PHP 7.4, run the following commands:

a2dismod php7.4
a2enmod proxy_fcgi setenvif
a2enconf php7.4-fpm
systemctl restart apache2

Here we turn off the current Apache php module, enable any other modules needed, enable FPM configuration, and finally restart Apache.

PHP testing - running with PHP-FPM

Then, if we refresh our previous phpinfo browser window, it will look like this:

Of course, there are many more things that can be set up around PHP-FPM, because this way we do not yet take advantage of the advantages available by separate pools, etc. .

If you want to get more information about PHP-FPM settings, you can refer to the following links:

(these tutorials were made on other PHP and Debian/Ubuntu versions, but this has no significance from the point of view of PHP-FPM settings)

Installing MariaDB

Debian offers the MariaDB database server as the default database server since version 9 (Stretch). It is no different for Debian 11 (Bullseye). It can be installed simply by running the following command:

apt-get -y install mariadb-server mariadb-client

Securing your database

We can make our database server and databases more secure by making some settings. These security settings can be made at the same time mysql_secure_installation by running a command:

mysql_secure_installation

The program asks us some questions to answer:

Enter current password for root (enter for none): [Enter]
Switch to unix_socket authentication [Y/n]: n (új funkció, ne kapcsoljuk be, ezt lentebb részletezem)
Change the root password? [Y/n] y
New password: Adjuk meg az új root jelszót
Re-enter new password: Ismételjük meg
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

The full output is:

Here, except for one question, the program asks the same questions as in previous MariaDB versions. I have already written about these questions and answers in more detail in the previously prepared one When installing a Debian 9 (Stretch) LAMP server, so we can find out more there.

As I promised above with the questions, we will detail a question that we can encounter here as new compared to previous installations:

Switch to unix_socket authentication [Y/n]:

Since version 10.4.3, MariaDB introduced the default use of the Unix socket-based authentication method. Since the version number of MariaDB (10.5.15) "exceeds" the mentioned version 10.4.3 in this installation description, this is where we encounter this question for the first time. Of course, the Unix socket-based authentication itself already existed before, only from this version the system asks if we want to use it by default or if we stick to using the traditional password authentication method.

The essence of the plugin is that when logging into the MariaDB database server, it uses the credentials of Linux users to log into the MariaDB databases with the users in the system. Thus, after receiving the Linux username, it authenticates the connecting user as a MariaDB account with the same username - if MariaDB also contains a database user with the same name. For example, if we are in the Linux command line as root, then a mysql command also logs us into MariaDB as root. Source >>.

Unix socket-based authentication is a good thing if we manage our databases from the command line. But in the case of an average web server, databases are mostly managed with web database managers, for example phpMyAdmin with the help of If we were to use Unix socket-based authentication, in this case we would not be able to enter the phpMyAdmin interface as root, since the web pages and other web interfaces run in the browser do not connect to the server with the same Linux user. Therefore, this problem had to be eliminated with the solutions used in previous LAMP server installations (since there was no such option in those versions where we could turn off the default benefits of the Unix socket authentication function):

In order to avoid the previous additional settings shown on the links above, we have now disabled this function in the "Switch to unix_socket authentication" question of the mysql_secure_installation command, so that we will be able to log into our phpMyAdmin panel via the web immediately as root.

You can also check the setting by accessing the database in the root user's record in the plugin field:

mysql

The socket-based authentication function of Unix has been disabled, so this is not the default authentication method, but as we can see, it still allows you to log in as root to the database server without using a password, where we can query the corresponding field of the root user record:

select plugin from mysql.user where user='root';

So here we can see the "mysql_native_password" value, which we had to set separately during previous installations by modifying the record of the root user.

More details on the use and operation of Unix socket-based authentication we can find it here.

Regardless, I'm still a fan of the to use defaults files, which can be used to conveniently manage other users' databases (not the database with the same name as the logged-in user) during command-line jobs or automated tasks, but we will not go into detail about this setting in this description. If we need to use the defaults files, we can find information about it on the link just now, on the link lists above, or from the previous LAMP server installation tutorials.

Here, we do not have to complicate the root access to the phpMyAdmin panel by changing the root user or using other workarounds - as before - but we can continue the work by installing phpMyAdmin.

Installing phpMyAdmin

A phpMyAdmin allows us to conveniently manage our databases, run queries, perform maintenance, etc. on the web. To install it, run the following command:

apt-get -y install phpmyadmin

A few dialogs will appear during installation. First you ask which HTTP server we are using:

Select apache2 here.

Then, after further installations, in the next dialog, it says that phpMyAdmin needs its own database to function, and whether we want it to automatically set the dbconfig-common via:

Choose yes here.

You will then be prompted for another password that the phpMyAdmin control user will work with:

With this user, phpMyAdmin does the background maintenance, structure synchronizations, etc., so we won't have to deal with it. So press an enter to do this to generate your own password.

In the future, if it is necessary to reconfigure the phpMyAdmin database management system, you will be asked for the password you just created here. So if we still need this password later, we can use it as a /etc/phpmyadmin/config-db.php we can find it in a file, the system stores it in this.

The installation is now complete.

Testing phpMyAdmin

Enter the phpMyAdmin interface by loading the /phpmyadmin subdirectory under the IP address or hostname of our server:

For me, for example, on one of the following:

http://debian11.linuxportal.vm/phpmyadmin/
http://192.168.1.140/phpmyadmin/

Here, we enter the root user and the password set above, then the panel's start page will appear:

And here we can even start working with databases...

Install and configure UFW firewall (optional)

Az UFW (Uncomplicated Firewall) can help make our system more secure. This part is optional, but if you want a higher level of security on your LAMP server, you should install a firewall and make these settings.

Installation

UFW Firewall has been installed by default on Ubuntu systems since LTS 8.04, on Debian systems ufw package root-Kent:

apt-get install ufw

Setting

UFW is inactive by default.

Query status

The status of the firewall can be checked below ufw command:

ufw status

Application profiles

With the help of the application profiles, we have the possibility to disable or enable preset services and ports. To query the currently available profiles, run the following command:

ufw app list

Of these, what we may need now on this LAMP server are the following:

OpenSSH: Controls SSH connections on TCP port 22.
WWW Full: The profile includes HTTP (80) and HTTPS (443) TCP ports, so it handles both at once.

Setting up and turning on the firewall

The operating principle will be the "white list" principle, so let's enable these two services on their ports and disable everything else.

The server also has a MySQL database server that communicates on port 3306. However, we do not have to deal with this now if we only use the phpMyAdmin control panel, because it does not connect to the database from the outside. We would need to open port 3306 if we want to connect with a remote database client program. So we can safely close everything except the two services mentioned above.

We therefore allow the aforementioned services:

ufw allow in "OpenSSH"
ufw allow in "WWW Full"

Then enable the firewall:

ufw enable

It then warns that the operation may break the current SSH connection, shall we continue? Let's press yt. Obviously, it doesn't break it, because we also enabled OpenSSH first.

UFW's default policy disables everything by default, except what we specifically enable - as we just did. By turning on the firewall, we also protect all other network ports from external connections. Thus, the "white list" principle is implemented.

Finally, we can query the status of the UFW firewall:

ufw status

Here, the v6 signals refer to the IPv6 protocol, so if our server is (also) operating on an IPv6 network, then you have set the requested profiles on it as well.

Az More detailed settings and usage of the UFW firewall can be found here.

Testing and checking of services

After changing the firewall settings, let's take a look at the things previously installed on our LAMP server, update them on the open tabs:

Our LAMP server is now ready.

Download server

The server will be available between downloads soon.

Conclusion

Our LAMP server based on the Debian 11 (Bullseye) operating system is ready, with which we can now run dynamic websites or even CMS systems. We will also install this and that on this server later.

Related Content, Useful Links:

Address	Viewed
Make bootable flash drives with Rufus 3.3	13,607
How to Build a Bootable Drive with Rufus	8,670
How to share directories between Linux and Windows	7,000
How can we achieve…	6,724
How to reset a forgotten root password in Linux...	5,247

Address	Viewed
Make bootable flash drives with Rufus 4.3	6
Dual boot: Windows 11 and Ubuntu 21.10…	4
two (linux command)	4
mysqldump	3
Making a bootable flash drive with the balena Etcher 1.5	3

Linuxportal

Debian 11 (Bullseye) LAMP server v1.0 installation