- basic Conditions
- System Update
- Install Apache web server
- Installing PHP 7.4
- Installing MariaDB
- Installing phpMyAdmin
- Configure UFW firewall
- Download virtual machine
- What's next?
A LAMP systems you can use it to run dynamic web pages on your server or even on your home computer. I have built LAMP servers before Debian 8 (Jessie), Debian 9 (Stretch) and Ubuntu 18.04 LTS (Bionic Beaver) systems, and in this description we will install the LAMP server components for the Ubuntu 20.04 LTS (Focal Fossa) Linux distribution, which consists of:
- Apache (version of Ubuntu 20.04: 2.4.41)
- MariaDB (version of Ubuntu 20.04: 10.3.22)
- PHP (version of Ubuntu 20.04: 7.4.x)
- phpMyAdmin (version of Ubuntu 18.04: 4.9.5)
(The version numbers shown reflect the status at the time of writing, which may change later)
I will label this Ubuntu 20.04 LTS (Focal Fossa) LAMP installation with a version number of 1.0 because we will be adding many other add-ons later to make it even more useful and efficient.
Of course, it can also be installed on a desktop computer with a graphical environment, the point is that the above components are now first installed on the machine for proper configuration and operation.
First, update your repository database and packages so that we can always work with the latest packages. To do this, we issue the following apt-get commands as root:
apt update apt upgrade
From now on, stay as root and continue the installation.
Install Apache web server
To install the Apache web server, run the following command as root:
apt install -y apache2 apache2-utils
After the installer runs, you can also test if your browser uses The minimum IP address you set when you installed the server or load a hostname. I have the hostname ubuntu20.linuxportal.vm set so I will have the following:
Installing PHP 7.4
On Ubuntu 20.04 LTS (Focal Fossa), the default PHP branch is shown in Section 7.4. Its latest official edition is currently (at the time of writing) a 7.4.11.
You can install PHP as a completely basic Apache module (mod-php) with the following command:
apt-get -y install \ php7.4 \ libapache2-mod-php7.4 \ php7.4-mysql
Then check with the following command:
PHP 7.4.3 (cli) (built: Oct 6 2020 15:47:56) ( NTS ) Copyright (c) The PHP Group Zend Engine v3.4.0, Copyright (c) Zend Technologies with Zend OPcache v7.4.3, Copyright (c), by Zend Technologies
Installing additional PHP packages
Our newly installed PHP system is still very basic, so if you come up with a more serious one later, ISPConfigIf you want to build a server environment, you will need to install additional PHP packages.
Below apt-cache command to search for PHP 7.4 packages available in the distribution:
apt-cache search php7.4
There are quite a few packages here for PHP 7.4, but we don't usually need all of them. Below I have compiled a selection that is recommended to install for general cases as well, but if you plan to build the perfect server from this LAMP system later, be sure to install them:
apt-get -y install \ php-apcu \ php-imagick \ php-memcache \ php-pear \ php-yaml \ php7.4-bcmath \ php7.4-bz2 \ php7.4-cgi \ php7.4-cli \ php7.4-common \ php7.4-curl \ php7.4-fpm \ php7.4-gd \ php7.4-imap \ php7.4-intl \ php7.4-json \ php7.4-mbstring \ php7.4-opcache \ php7.4-pspell \ php7.4-soap \ php7.4-sqlite3 \ php7.4-tidy \ php7.4-xml \ php7.4-xmlrpc \ php7.4-xsl \ php7.4-zip
Some of these may have already been added as dependencies on the basic PHP packages, but I will leave them in so they will definitely be installed. Of course, additional add-ons can be added at any time later, if required by the situation.
After installing the packages, restart Apache:
systemctl restart apache2
Let's test the functionality of our PHP system by creating a file in the webroot directory:
1 2 3 <?php phpinfo(); ?>
Save and load this file into your browser with the appropriate IP address or hostname:
If you scroll down here you will see all the loaded PHP modules and their settings.
If you need to set something in php.ini and find it here: /etc/php/7.4/apache2/php.ini. Always restart Apache after making a change.
A MariaDB a high-compatibility replacement for MySQL. Developed by former members of the MySQL team who are concerned that Oracle could turn MySQL into a closed source product.
In Ubuntu 20.04 LTS (Focal Fossa) we have both database servers, MySQL and MariaDB. In the official Ubuntu repository from MySQL a Version 8.0.21 available, and from MariaDB Version 10.3.22. For MySQL, this is a big change, because Ubuntu 18.04 LTS (Bionic Beaver) release only MySQL 5.7.31version was available. So now there is close "competition" between the two database servers, as a similarly fresh package is already available for both, unlike in the previous Ubuntu. So it’s up to everyone to decide which one to install.
I don't want to persuade anyone to do anything, but since I have had MariaDB running on my Debian 10 server for a long time - because users have been "redirected" to use MariaDB since Debian 9 (Stretch) - so I had to install it too, but I had no problem with it yet. Several websites work flawlessly on it, including this robust, Drupal CMS system page as well. So now in this description I will continue with the installation of MariaDB.
Of course, for those who prefer to use MySQL, they should run the second command here.
So first you need to install MariaDB:
apt-get -y install mariadb-server mariadb-client
And those who want to install MySQL are the previous command instead of run the following:
apt-get -y install mysql-server mysql-client
Securing your database
With a single command, we can secure our database server and databases in a few steps. THE mysql_secure_installation command guides us through the necessary steps:
When we run the command, this text accepts us. The program asks us some questions we need to answer:
Enter current password for root (enter for none): [Enter] Set root password? [Y/n] y New password: Adjuk meg az új adatbázis root jelszót Re-enter new password: Ismételjük meg Remove anonymous users? [Y/n] y Disallow root login remotely? [Y/n] y Remove test database and access to it? [Y/n] y Reload privilege tables now? [Y/n] y
The total output is:
Root user configuration
In MariaDB (from Debian onwards from version 9 upwards and on Ubuntu systems from up to version 15.10 in recent installations) and in MySQL from version 5.7 onwards (here independently of the distribution), both database servers root users are not the default native password (mysql_native_password) authenticates access using the Unix socket (unix_socket). This allows, for example, a Linux root user to easily log in as root without entering a password, as it identifies the current Linux user via the socket:
On the one hand, this provides greater security, as access to the database with the root user is only possible with the Linux root user, and also to the accounts of other database users in parallel with Linux users of the same name (Linux root can of course be accessed with other database users). if you specify the target user and password as parameters). For example, even if we know the password of the root user of the database, we cannot log in with another Linux user. Another advantage is that there is no inconvenience of forgetting the database root password.
On the other hand, this often makes things difficult because, for example, we can't log in to phpMyAdmin as root either, because web interfaces are usually www data They run on behalf of a Linux user (if PHP is run as an Apache module) or as other users (for example, if PHP-FPM pools in the given web interface) from which root access is not possible. There are two ways to remedy this:
Create an alternate administration database user
The first solution is to create an alternate administration database user to which you grant all permissions and set up password-based authentication, that is, give it a password. This is important, for example, when using the server in a live environment that is accessible from the outside world, so a higher degree of security is recommended. This does not give us the opportunity to log in to phpMyAdmin with our root user from the outside, but we can log in with another user in the same way. The disadvantage may be situations where we need a fixed root user with another Linux user. We use this solution when security is the most important consideration over compatibility.
To do this, go to the SQL command line at mysql with the command (still as root):
In this case, we also automatically log in as root on the database server. Create an administrative user with all privileges. I create it just for the sake of example admin name, but it is a good idea to choose a username that does not refer to your role and is harder to guess. THE password and enter your own arbitrary password in its place. So our SQL command is:
GRANT ALL ON *.* TO 'admin'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
Then clear the permissions cache and exit:
FLUSH PRIVILEGES; exit
From now on, we can log in with our new admin database user using the password, even with a non-root Linux user:
Set the authentication method for the root user
The other option is to switch the root user to Unix socket-based authentication to native password-based authentication. This is a less secure solution because it allows you to expose your server to root phpMyAdmin from the outside, for example, as a root user, or to try to root as a less secure web application, for example. Of course, using a sufficiently strong root password has virtually zero chance of doing so, but the option is for root access. In return, we reduce the chances of complications because there may be situations where we need fixed root access with another user. Choose this solution where compatibility is more important than security.
To configure this, log in to the database server:
Configure the root user record, clear the permissions cache, and exit:
UPDATE mysql.user SET plugin = 'mysql_native_password' WHERE user = 'root' AND plugin = 'unix_socket'; FLUSH PRIVILEGES; exit
Here's a picture of how it works:
When you first logged in, you didn't have to enter a username or password - as you did before. Then, after setting the password-based authentication method, he no longer relinquished it with the basic mysql command, saying we did not use a password. Then you only allowed it with the root user specified in the parameter and the password requested from the input.
Then, as a test, if you log out of the root user, you can log in from the plain user with the root database user in the same way:
So it works exactly the way it should.
Defaults file setup (optional)
In the case of native password-based authentication, we can use defaults files to make our databases more secure, because we do not have to type or enter the passwords given to our database users on the command line into the terminal, but instead store the user's password in a secure file. Thanks to this, we can easily and securely create various database backup and other maintenance and automation scripts, because we do not need to store passwords in them either. Another advantage is that if you accidentally forget your password, it is still just described in this secure file.
I have previously made a description of this how to secure the command line database using defaults files, and now we apply this solution here as well.
Here, depending on which option you chose in the previous step, depending on it, continue to perform the following sections as root:
Use your own cnf file
If the above "Create an alternate administration database user"option, do not modify the" factory ".cnf file created for the root user in any way, as we did not change the root user's settings in this option either. Copy the /etc/mysql/debian.cnf file to a file of your own:
cp /etc/mysql/debian.cnf /etc/mysql/admin.cnf
Here, of course, we use the admin instead of the name of our alternate administrative user created above in the file name of the copy, so we'll know what it belongs to later. Also, the location of the file doesn’t matter at all, wherever we can put it where it’s more handy.
Then open your copy for editing:
It basically looks like this:
# Automatically generated for Debian scripts. DO NOT TOUCH! [client] host = localhost user = root password = socket = /var/run/mysqld/mysqld.sock [mysql_upgrade] host = localhost user = root password = socket = /var/run/mysqld/mysqld.sock
In this setting, it provides access to the client, i.e. the mysql / mariadb command, by default, as well as to update scripts.
Modify this and add two more sections to make it finally look like this:
# Automatically generated for Debian scripts. DO NOT TOUCH! [client] host = localhost user = admin password = 'saját jelszavunk' #socket = /var/run/mysqld/mysqld.sock [mysql_upgrade] host = localhost user = admin password = 'saját jelszavunk' #socket = /var/run/mysqld/mysqld.sock [mysqldump] host = localhost user = admin password = 'saját jelszavunk' #socket = /var/run/mysqld/mysqld.sock [mysqlcheck] host = localhost user = admin password = 'saját jelszavunk' #socket = /var/run/mysqld/mysqld.sock
Here, modify the root users to your own alternative administration database user. Passwords are given in plain apostrophes, so spaces and many special characters in passwords work. Finally, in the two new sections, the mysqldump and the mysqlcheck we also set access for commands. You can use mysqldump to create database dumps, and the mysqlcheck command to check the status of tables in a given database, and so on. Finally, we can comment out the socket parts because password-based authentication still happens, so they have no effect.
Using the original debian.cnf file
If above "Set the authentication method for the root user"option, we changed the root user settings, so the" factory " /etc/mysql/debian.cnf we need to modify the file. Open the file for editing:
I'm not going to write the same ones here again, so let's change this to the pattern above, with the difference that root users stay here for each session, so don't rewrite them here.
Try the cnf file
Finally, we can test how our cnf file works. In this example, I log in with the alternate administration database user cnf file:
So defaults files only matter if you use native password-based authentication with that user. Otherwise, access is via a Unix socket.
With phpMyAdmin, we can conveniently manage our databases and their connected users from the browser, etc. To install, run the following command:
apt-get install phpmyadmin
We need to answer a few questions during installation. The first one asks which HTTP server you want to use:
Here, select the apache2 option and move on.
For phpMyAdmin to work, you need your own database, do you want to set this up automatically for us dbconfig-common via:
Choose yes here.
You will then be prompted for another password that the phpMyAdmin control user will work with:
With this user, phpMyAdmin does the background maintenance, structure synchronizations, etc., so we won't have to deal with it. So press an enter to do this to generate your own password.
The installation is now complete.
With the IP address of your server or the hostname you set, load phpMyAdmin into your browser:
Enter the appropriate user and password here: If you have previously set up an alternate administration database user, enter it, and if you have set the root user authentication method to native password authentication, you can log in with the root user. I log in here with my alternate admin user:
Configure UFW firewall
As the last part of our LAMP server, let's even configure the UFW firewall.
UFW Firewall is an easy-to-use program that allows you to conveniently protect your system. It is inactive by default, which we need to activate. Before that, however, we need to set the rules for the appropriate inbound connections.
Leaving as root, run the ufw command with the following parameters:
ufw app list
The command lists the available UFW application profiles. For our current installation, this looks like this:
These are the following:
- Apache: This profile only opens port 80 (normal, unencrypted Internet traffic, HTTP protocol).
- Apache Full: This profile opens both port 80 (normal, unencrypted Internet traffic, HTTP protocol) and port 443 (TLS / SSL encrypted traffic, HTTPS protocol).
- Apache Secure: This profile only opens port 443 for encrypted traffic
- OpenSSH: And that's it SSH allows connections.
So we will need the OpenSSH profile first so that our SSH connection to the server is not lost, and we will even enable the Apache Full profile, so we can access the websites via HTTPS later if we install the ISPConfig control panel later.
To enable profiles, run the following commands:
ufw allow in "OpenSSH" ufw allow in "Apache Full"
Then enable the firewall:
You will then be warned that the operation may interrupt the current SSH connection, will we continue? Press yt.
Obviously it doesn't interrupt because we've enabled OpenSSH before.
Finally, we can query the status of the UFW firewall:
Here, the v6 indications refer to the IPv6 protocol, so if your server is running on an IPv6 network, you have also set up the requested profiles on it.
Download virtual machine
Download Ubuntu 20.04 LTS (Focal Fossa) LAMP Server v1.0
So this would be an Ubuntu 20.04 LTS (Focal Fossa) based LAMP server on which we can run our dynamic websites, CMS systems and other web applications.
There are many LAMP installer descriptions on the net, so I have tried to elaborate in more detail on this installation as well, so that I can not only offer you the template installation commands, but also provide additional useful information. I hope you find it useful.
There is no further installation description on the Ubuntu 20.04 LTS (Focal Fossa) line based on this, so in the meantime I recommend the Debian based perfect servers made so far and the related links below:
- Perfect server: Debian 8 (Jessie) V1.0
- Perfect server: Debian 9 (stretch) V1.0
- Perfect server: Debian 10 (Buster) V1.0
- Encyclopedia - LAMP Systems
- Installing Debian 8 (Jessie) LAMP Server v1.0
- Installing Debian 9 (Stretch) LAMP Server v1.0
- Installing Debian 10 (Buster) LAMP Server v1.0
- Install v18.04 on the Ubuntu 1.0 LTS (Bionic Beaver) LAMP Server
- Ubuntu 20.04 LTS (Focal Fossa) minimal server installation
- Install a minimum server for Ubuntu 18.04 LTS (Bionic Beaver)