Install Ubuntu 20.04 LTS (Focal Fossa) LAMP Server v1.0

botond published 2020. 10. 21, Wed - 18: 33 time

Content

 

Introductory

LAMP systems you can use it to run dynamic web pages on your server or even on your home computer. I have built LAMP servers before Debian 8 (Jessie)Debian 9 (Stretch) and Ubuntu 18.04 LTS (Bionic Beaver) systems, and in this description we will install the LAMP server components for the Ubuntu 20.04 LTS (Focal Fossa) Linux distribution, which consists of:

(The version numbers shown reflect the status at the time of writing, which may change later)

I will label this Ubuntu 20.04 LTS (Focal Fossa) LAMP installation with a version number of 1.0 because we will be adding many other add-ons later to make it even more useful and efficient.

This LAMP server is configured to be able to build this line of perfect servers later (Ubuntu 20.04). This will make this LAMP system reusable, as the perfect server must also contain these parts. Therefore, you do not have to start the installation of the perfect server from the beginning, but you can continue from here. So it is important to follow the instructions here exactly so that you do not have any problems installing a perfect server later.

 

 

basic Conditions

You need a Ubuntu 20.04 LTS (Focal Fossa) minimal server or install prepared server downloadbecause we are going to build this LAMP server on it.
Of course, it can also be installed on a desktop computer with a graphical environment, the point is that the above components are now first installed on the machine for proper configuration and operation.

 

System Update

First, update your repository database and packages so that we can always work with the latest packages. To do this, we issue the following apt-get commands as root:

apt update
apt upgrade

From now on, stay as root and continue the installation.

 

Install Apache web server

To install the Apache web server, run the following command as root:

apt install -y apache2 apache2-utils

After the installer runs, you can also test if your browser uses The minimum IP address you set when you installed the server or load a hostname. I have the hostname ubuntu20.linuxportal.vm set so I will have the following:

http://ubuntu20.linuxportal.vm/

Ubuntu 20.04 LTS (Focal Fossa) LAMP Server Installation - Apache Verification

 

Installing PHP 7.4

On Ubuntu 20.04 LTS (Focal Fossa), the default PHP branch is shown in Section 7.4. Its latest official edition is currently (at the time of writing) a 7.4.11.

You can install PHP as a completely basic Apache module (mod-php) with the following command:

apt-get -y install \
    php7.4 \
    libapache2-mod-php7.4 \
    php7.4-mysql

Then check with the following command:

php --version
PHP 7.4.3 (cli) (built: Oct  6 2020 15:47:56) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.3, Copyright (c), by Zend Technologies
Here is the command line (CLI) PHP gives us information about the version just installed. It’s easy to notice that it wasn’t the latest version indicated above that was uploaded, but a slightly older one. We don't have to deal with this, it always takes a while (a few weeks, etc.) for the latest version of PHP to be included in the Ubuntu repository.

Installing additional PHP packages

Our newly installed PHP system is still very basic, so if you come up with a more serious one later, ISPConfigIf you want to build a server environment, you will need to install additional PHP packages.

Below apt-cache command to search for PHP 7.4 packages available in the distribution:

apt-cache search php7.4

There are quite a few packages here for PHP 7.4, but we don't usually need all of them. Below I have compiled a selection that is recommended to install for general cases as well, but if you plan to build the perfect server from this LAMP system later, be sure to install them:

apt-get -y install \
    php-apcu \
    php-imagick \
    php-memcache \
    php-pear \
    php-yaml \
    php7.4-bcmath \
    php7.4-bz2 \
    php7.4-cgi \
    php7.4-cli \
    php7.4-common \
    php7.4-curl \
    php7.4-fpm \
    php7.4-gd \
    php7.4-imap \
    php7.4-intl \
    php7.4-json \
    php7.4-mbstring \
    php7.4-opcache \
    php7.4-pspell \
    php7.4-soap \
    php7.4-sqlite3 \
    php7.4-tidy \
    php7.4-xml \
    php7.4-xmlrpc \
    php7.4-xsl \
    php7.4-zip
If you modify this multiline installation command, make sure that nothing, not even a space, is placed after the "\" characters at the end of the lines. Also, the "\" sign is not needed at the end of the last line. Indents are not mandatory, they only have an aesthetic role. Use only spaces for this purpose. In the case of a tab, the command line completion starts, so our command does not run.

Some of these may have already been added as dependencies on the basic PHP packages, but I will leave them in so they will definitely be installed. Of course, additional add-ons can be added at any time later, if required by the situation.

The Recode extension in earlier versions of PHP is no longer available in branch 7.4, but can only be compiled from C source code because it has been declared obsolete. If you still need it for compatibility reasons, you can find out about it in another description (coming soon).

After installing the packages, restart Apache:

systemctl restart apache2

PHP testing

 

 

Let's test the functionality of our PHP system by creating a file in the webroot directory:

nano /var/www/html/phpinfo.php
1
2
3
<?php
phpinfo();
?>

Save and load this file into your browser with the appropriate IP address or hostname:

http://ubuntu20.linuxportal.vm/phpinfo.php

Ubuntu 20.04 LTS (Focal Fossa) LAMP Server Installation - PHP Testing

If you scroll down here you will see all the loaded PHP modules and their settings.

If you need to set something in php.ini and find it here: /etc/php/7.4/apache2/php.ini. Always restart Apache after making a change.

 

Installing MariaDB

A MariaDB a high-compatibility replacement for MySQL. Developed by former members of the MySQL team who are concerned that Oracle could turn MySQL into a closed source product.

In Ubuntu 20.04 LTS (Focal Fossa) we have both database servers, MySQL and MariaDB. In the official Ubuntu repository from MySQL a Version 8.0.21 available, and from MariaDB Version 10.3.22. For MySQL, this is a big change, because Ubuntu 18.04 LTS (Bionic Beaver) release only MySQL 5.7.31version was available. So now there is close "competition" between the two database servers, as a similarly fresh package is already available for both, unlike in the previous Ubuntu. So it’s up to everyone to decide which one to install.

I don't want to persuade anyone to do anything, but since I have had MariaDB running on my Debian 10 server for a long time - because users have been "redirected" to use MariaDB since Debian 9 (Stretch) - so I had to install it too, but I had no problem with it yet. Several websites work flawlessly on it, including this robust, Drupal CMS system page as well. So now in this description I will continue with the installation of MariaDB.

Of course, for those who prefer to use MySQL, they should run the second command here.

So first you need to install MariaDB:

apt-get -y install mariadb-server mariadb-client

And those who want to install MySQL are the previous command instead of run the following:

apt-get -y install mysql-server mysql-client
If you choose MySQL, there will be different questions and configuration options than MariaDB in the next step. I will now continue to install this LAMP server here by installing MariaDB, I will not go into settings with MySQL.

Securing your database

With a single command, we can secure our database server and databases in a few steps. THE mysql_secure_installation command guides us through the necessary steps:

mysql_secure_installation

Ubuntu 20.04 LTS (Focal Fossa) LAMP Server Installation - Securing Your Database

When we run the command, this text accepts us. The program asks us some questions we need to answer:

Enter current password for root (enter for none): [Enter]
Set root password? [Y/n] y
New password: Adjuk meg az új adatbázis root jelszót
Re-enter new password: Ismételjük meg
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

The total output is:

Ubuntu 20.04 LTS (Focal Fossa) LAMP Server Installation - Database Secure

I have already written more about these questions and answers in the one I prepared earlier When installing a Debian 9 (Stretch) LAMP server, so we can find out more there.

Root user configuration

 

 

In MariaDB (from Debian onwards from version 9 upwards and on Ubuntu systems from up to version 15.10 in recent installations) and in MySQL from version 5.7 onwards (here independently of the distribution), both database servers root users are not the default native password (mysql_native_password) authenticates access using the Unix socket (unix_socket). This allows, for example, a Linux root user to easily log in as root without entering a password, as it identifies the current Linux user via the socket:

Ubuntu 20.04 LTS (Focal Fossa) LAMP Server Installation - Database root access using unix_socket

On the one hand, this provides greater security, as access to the database with the root user is only possible with the Linux root user, and also to the accounts of other database users in parallel with Linux users of the same name (Linux root can of course be accessed with other database users). if you specify the target user and password as parameters). For example, even if we know the password of the root user of the database, we cannot log in with another Linux user. Another advantage is that there is no inconvenience of forgetting the database root password.

On the other hand, this often makes things difficult because, for example, we can't log in to phpMyAdmin as root either, because web interfaces are usually www data They run on behalf of a Linux user (if PHP is run as an Apache module) or as other users (for example, if PHP-FPM pools in the given web interface) from which root access is not possible. There are two ways to remedy this:

Create an alternate administration database user

The first solution is to create an alternate administration database user to which you grant all permissions and set up password-based authentication, that is, give it a password. This is important, for example, when using the server in a live environment that is accessible from the outside world, so a higher degree of security is recommended. This does not give us the opportunity to log in to phpMyAdmin with our root user from the outside, but we can log in with another user in the same way. The disadvantage may be situations where we need a fixed root user with another Linux user. We use this solution when security is the most important consideration over compatibility.

To do this, go to the SQL command line at mysql with the command (still as root):

mysql

In this case, we also automatically log in as root on the database server. Create an administrative user with all privileges. I create it just for the sake of example admin name, but it is a good idea to choose a username that does not refer to your role and is harder to guess. THE password and enter your own arbitrary password in its place. So our SQL command is:

GRANT ALL ON *.* TO 'admin'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
Here is IDENTIFIED BY '****' section ensures that we ask our users for password-based authentication.

Then clear the permissions cache and exit:

FLUSH PRIVILEGES;
exit

From now on, we can log in with our new admin database user using the password, even with a non-root Linux user:

Ubuntu 20.04 LTS (Focal Fossa) LAMP Server Installation - Logging In with the Alternate Administration Database User

If you choose this solution and later want to build an "perfect" ISPConfig server environment from this server, then when installing ISPConfig, be sure to specify this user instead of root when the installer asks for the MySQL root user and password. from us so that the control panel can perform the necessary administrative tasks in the database. But I will also draw attention to this when installing ISPConfig in the other description.

Set the authentication method for the root user

The other option is to switch the root user to Unix socket-based authentication to native password-based authentication. This is a less secure solution because it allows you to expose your server to root phpMyAdmin from the outside, for example, as a root user, or to try to root as a less secure web application, for example. Of course, using a sufficiently strong root password has virtually zero chance of doing so, but the option is for root access. In return, we reduce the chances of complications because there may be situations where we need fixed root access with another user. Choose this solution where compatibility is more important than security.

To configure this, log in to the database server:

mysql

Configure the root user record, clear the permissions cache, and exit:

UPDATE mysql.user SET plugin = 'mysql_native_password' WHERE user = 'root' AND plugin = 'unix_socket';
FLUSH PRIVILEGES;
exit

Here's a picture of how it works:

Ubuntu 20.04 LTS (Focal Fossa) LAMP Server Installation - Setting the Database Root User Authentication Method

When you first logged in, you didn't have to enter a username or password - as you did before. Then, after setting the password-based authentication method, he no longer relinquished it with the basic mysql command, saying we did not use a password. Then you only allowed it with the root user specified in the parameter and the password requested from the input.

Then, as a test, if you log out of the root user, you can log in from the plain user with the root database user in the same way:

Installing Ubuntu 20.04 LTS (Focal Fossa) LAMP Server - Testing a database root user with a plain Linux user

So it works exactly the way it should.

Defaults file setup (optional)

 

 

In the case of native password-based authentication, we can use defaults files to make our databases more secure, because we do not have to type or enter the passwords given to our database users on the command line into the terminal, but instead store the user's password in a secure file. Thanks to this, we can easily and securely create various database backup and other maintenance and automation scripts, because we do not need to store passwords in them either. Another advantage is that if you accidentally forget your password, it is still just described in this secure file.

The essence of cnf files is that they have permissions set so that only root, or the owner of other users, can read them (600). This can get into scripts or even appear in the command line history, no one other than your host and root will be able to read it.

I have previously made a description of this how to secure the command line database using defaults files, and now we apply this solution here as well.

Here, depending on which option you chose in the previous step, depending on it, continue to perform the following sections as root:

Use your own cnf file

If the above "Create an alternate administration database user"option, do not modify the" factory ".cnf file created for the root user in any way, as we did not change the root user's settings in this option either. Copy the /etc/mysql/debian.cnf file to a file of your own:

cp /etc/mysql/debian.cnf /etc/mysql/admin.cnf

Here, of course, we use the admin instead of the name of our alternate administrative user created above in the file name of the copy, so we'll know what it belongs to later. Also, the location of the file doesn’t matter at all, wherever we can put it where it’s more handy.

Then open your copy for editing:

nano /etc/mysql/admin.cnf

It basically looks like this:

# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host     = localhost
user     = root
password = 
socket   = /var/run/mysqld/mysqld.sock
[mysql_upgrade]
host     = localhost
user     = root
password = 
socket   = /var/run/mysqld/mysqld.sock

In this setting, it provides access to the client, i.e. the mysql / mariadb command, by default, as well as to update scripts.

Modify this and add two more sections to make it finally look like this:

# Automatically generated for Debian scripts. DO NOT TOUCH!
[client]
host     = localhost
user     = admin
password = 'saját jelszavunk'
#socket   = /var/run/mysqld/mysqld.sock

[mysql_upgrade]
host     = localhost
user     = admin
password = 'saját jelszavunk'
#socket   = /var/run/mysqld/mysqld.sock

[mysqldump]
host     = localhost
user     = admin
password = 'saját jelszavunk'
#socket   = /var/run/mysqld/mysqld.sock

[mysqlcheck]
host     = localhost
user     = admin
password = 'saját jelszavunk'
#socket   = /var/run/mysqld/mysqld.sock

Here, modify the root users to your own alternative administration database user. Passwords are given in plain apostrophes, so spaces and many special characters in passwords work. Finally, in the two new sections, the mysqldump and the mysqlcheck we also set access for commands. You can use mysqldump to create database dumps, and the mysqlcheck command to check the status of tables in a given database, and so on. Finally, we can comment out the socket parts because password-based authentication still happens, so they have no effect.

Using the original debian.cnf file

If above "Set the authentication method for the root user"option, we changed the root user settings, so the" factory " /etc/mysql/debian.cnf we need to modify the file. Open the file for editing:

/etc/mysql/debian.cnf

I'm not going to write the same ones here again, so let's change this to the pattern above, with the difference that root users stay here for each session, so don't rewrite them here.

Try the cnf file

Finally, we can test how our cnf file works. In this example, I log in with the alternate administration database user cnf file:

Ubuntu 20.04 LTS (Focal Fossa) LAMP Server Installation - Accessing the Database Server Using the Defaults File

So defaults files only matter if you use native password-based authentication with that user. Otherwise, access is via a Unix socket.

 

Installing phpMyAdmin

With phpMyAdmin, we can conveniently manage our databases and their connected users from the browser, etc. To install, run the following command:

apt-get install phpmyadmin

We need to answer a few questions during installation. The first one asks which HTTP server you want to use:

Ubuntu 20.04 LTS (Focal Fossa) LAMP server installation - phpMyAdmin installation - Web server selection

Here, select the apache2 option and move on.

For phpMyAdmin to work, you need your own database, do you want to set this up automatically for us dbconfig-common via:

Ubuntu 20.04 LTS (Focal Fossa) LAMP server installation - phpMyAdmin installation - Configuration using dbconfig-common

Choose yes here.

 

 

You will then be prompted for another password that the phpMyAdmin control user will work with:

Ubuntu 20.04 LTS (Focal Fossa) LAMP server installation - phpMyAdmin installation - Control user configuration

With this user, phpMyAdmin does the background maintenance, structure synchronizations, etc., so we won't have to deal with it. So press an enter to do this to generate your own password.

The installation is now complete.

Testing phpMyAdmin

With the IP address of your server or the hostname you set, load phpMyAdmin into your browser:

http://ubuntu20.linuxportal.vm/phpmyadmin/

Ubuntu 20.04 LTS (Focal Fossa) LAMP server installation - phpMyAdmin login

Enter the appropriate user and password here: If you have previously set up an alternate administration database user, enter it, and if you have set the root user authentication method to native password authentication, you can log in with the root user. I log in here with my alternate admin user:

Ubuntu 20.04 LTS (Focal Fossa) LAMP Server Installation - phpMyAdmin Home

 

Configure UFW firewall

As the last part of our LAMP server, let's even configure the UFW firewall.

UFW Firewall is an easy-to-use program that allows you to conveniently protect your system. It is inactive by default, which we need to activate. Before that, however, we need to set the rules for the appropriate inbound connections.

Leaving as root, run the ufw command with the following parameters:

ufw app list

The command lists the available UFW application profiles. For our current installation, this looks like this:

Ubuntu 20.04 LTS (Focal Fossa) LAMP Server Installation - List of UFW Firewall Application Profiles

These are the following:

  • Apache: This profile only opens port 80 (normal, unencrypted Internet traffic, HTTP protocol).
  • Apache Full: This profile opens both port 80 (normal, unencrypted Internet traffic, HTTP protocol) and port 443 (TLS / SSL encrypted traffic, HTTPS protocol).
  • Apache Secure: This profile only opens port 443 for encrypted traffic
  • OpenSSH: And that's it SSH allows connections.

So we will need the OpenSSH profile first so that our SSH connection to the server is not lost, and we will even enable the Apache Full profile, so we can access the websites via HTTPS later if we install the ISPConfig control panel later.

To enable profiles, run the following commands:

ufw allow in "OpenSSH"
ufw allow in "Apache Full"

Then enable the firewall:

ufw enable

You will then be warned that the operation may interrupt the current SSH connection, will we continue? Press yt.

Obviously it doesn't interrupt because we've enabled OpenSSH before.

Finally, we can query the status of the UFW firewall:

ufw status

Ubuntu 20.04 LTS (Focal Fossa) LAMP Server Installation - Configuring a UFW Firewall

Here, the v6 indications refer to the IPv6 protocol, so if your server is running on an IPv6 network, you have also set up the requested profiles on it.

 

Download virtual machine

The virtual machine is available on the download page:
Download Ubuntu 20.04 LTS (Focal Fossa) LAMP Server v1.0

 

 

Conclusion

So this would be an Ubuntu 20.04 LTS (Focal Fossa) based LAMP server on which we can run our dynamic websites, CMS systems and other web applications.

There are many LAMP installer descriptions on the net, so I have tried to elaborate in more detail on this installation as well, so that I can not only offer you the template installation commands, but also provide additional useful information. I hope you find it useful.

 

What's next?

There is no further installation description on the Ubuntu 20.04 LTS (Focal Fossa) line based on this, so in the meantime I recommend the Debian based perfect servers made so far and the related links below: