server

Build a PHP Web Server with Ubuntu as LAMP stack

Build a Linux server with open-source software Repurpose that old PC in the corner and turn it into your very own development or staging server.

Upcycle – it’s one of those buzz words that we hear a lot. If you have access to an old desktop machine lying around that you no longer use but don’t want to throw away, why not upcycle it by converting it into your very own staging server, complete with the full LAMP stack?

Not only is it great for the environment (lets face it, there’s only so much time before landfills become land-full), but it is also a great way to teach yourself some new tricks, while saving you money on buying something straight out of the box.

In the first post, we will install the open-source Ubuntu Server operating system onto the machine, set up the new machine on the local network, and install Apache, MySQL and PHP5. We’ll also add some extra security to the server and install a firewall with specific access rules to the ports we need.

Step 1 : Download Ubuntu

download ubuntu server

To begin, head over to Ubuntu website to download the latest copy of the Ubuntu Server edition. You can choose between either the latest version or the latest long-term support edition. Burn the ISO image onto a CD-ROM, which you will need to use as a bootable media disc in your soon-to-be new server.

Step 2 : Start install

start install

Ensure the server is connected to your home network – it will need access for updates during the installation. Insert the disc into your machine and begin the installation process. Select your preferred language and territory, then either have the keyboard layout detected automatically or select the layout yourself from a pre-defined list.

Step 3 : Set hostname

set hostname

Enter your preferred hostname for the server for easy identification on your network. In this instance we’re using dev-server. Continue and enter your full name to create a new user account, followed by the user name (typically your first name in lowercase). Finally, set a password for your user account and proceed.

Step 4 : What time?

choose time zone

Choose whether or not encrypt your user’s home directory on the server and proceed. You can now choose to alter the time zone for your server if you wish – the default is detected using your network connection. For sanity’s sake, it’s best to set it to your actual time zone – this will help when reading log files and reports.

Step 5 : Disk partition

disk partition

The installer will now give you options to partition the disk (assuming the drive is already formatted with another operating system). We want a clean server without partitions, so select the guided partitioning and use the entire disk. Confirm the disk selection and review the formatting changes. Once you’re happy, continue to start the partition process.

Step 6 : HTTP proxy

If you have an small business, you can opt for residential proxies, you can access to over 150+ countries and 1,000,000+ worldwide clean IP Addresses that can be the engine to your use case.

http proxies for external access

The installer will now give you the chance to set up any required  proxy for external access. If your server needs one to access the web, make sure you enter the details here, otherwise you can safely skip this option.

Step 7 : Security updates

We want our server to be up to date with the latest system security patches at all times. In this instance, talk to Nettitude about it to have the security updates automatically installed. The update processes themselves are fairly unobtrusive and pain free, unlike some other operating system updates. Proceed to the next step.

Step 8 :  Core packages

core packages

We can now choose the base packages for our server. Select an option using the Space key to set the asterisk next to it. Choose the OpenSSH server and LAMP server at the minimum. You can always install any other packages you may like to use once the server is up and running.

Step 9 :  MySQL admin

As part of the LAMP stack, we need to set the password authentication for our MySQL admin user. Try to make this a different password from the user we created earlier. Always make a note of your passwords during the install process to make sure you don’t forget them. You can always change them later on if you want to.

Step 10 :  GRUB boot loader

Although you may be overwriting an existing operating system on the formatted disk drive, we want to install the GRUB boot loader to the master record. Wait for the installation to finish, at which point remove the CD-ROM and continue to restart the server to complete the operating system installation process.

Step 11 : Update and upgrade

The server will restart, and following the output of the loading processes you will be presented with the login prompt. Enter the user details you defined earlier to access the server. Let’s make sure all packages are up to date. Enter the commands shown here to update and upgrade any packages. When complete, reboot the server.

sudo aptitude update && sudo aptitude dist-upgrade
sudo shutdown r now

Step 12 : Web test

Let’s make sure we can access the default webpages being served by Apache on the server. Find the server’s IP address by typing ifconfig in the command line after logging back in. Make note of the inet address (typically 192.168.*.*) and enter this into a browser of another machine connected to the network. You should now see the default Apache page.

Step 13 : Security considerations

We want to obfuscate as much information about the server from public eyes as possible. There are many advantages to this, not least that it makes the everything cleaner and more secure. Make a backup copy of the php.ini file and then open the original file in the terminal window to make some amendments to it. Find the expose_php setting and change it from ‘On’ to ‘Off’. Write the changes to the file and exit the editor.

sudo cp /etc/php5/apache2/php.ini /etc/php5/ apache2/ php.ini.bak
sudo nano /etc/php5/apache2/php.ini

Step 14 : Apache security

apache security

We also want to hide information about the Apache server. Make a backup copy of the security configuration file and then open the original to edit it. Change the ServerTokens value to Prod and the ServerSignature value to Off. Restart Apache to load in the changes to the configuration files.

sudo cp /etc/php5/apache2/php.ini /etc/php5/ apache2/ php.ini.bak
sudo nano /etc/php5/apache2/php.ini
sudo /etc/init.d/apache2 restart

Step 15 : SSH access

We want to have remote admin access to our server, so let’s check that we can reach it via SSH. Open a terminal window in a different laptop or machine and enter in ssh your_username@192.168.119.129. Accept the fingerprint to continue, at which point you should now be logged in remotely to the server.

Step 16 : Install Webmin

Download the latest version of Webmin. Once saved in your home directory, execute it. It will fail as we are missing required dependencies. To install the package with the dependencies, run the final command. This is easier than manually installing every required library prior to installation.

wget http://www.webmin.com/download/deb/webmin- current.deb
sudo dpkg i webmin-current.deb
sudo apt-get f install

Step 17 : Webmin browser

Once installed, we can access the Webmin interface in the browser. By default, Webmin is installed on port 10000 using the secure HTTP protocol: https://192.168.119.129:10000. From here you can manage your entire server, including package updates and installations, and the MySQL server, using a fairly intuitive front-end interface.

Step 18 : Install firewall

At the moment all ports on the server are open. When we make the server publicly-accessible we want to lock it down. To resolve this issue we’ll install Shoreline firewall via the command line. Once installed, copy some example configuration files into the Shorewall directory and open a rule file to edit it and add new rules.

sudo aptitude install shorewall
sudo cp /usr/share/doc/shorewall/examples/one- interface/* /etc/shorewall
sudo nano /etc/shorewall/rules

Step 19 : Add rules

In the rules file, scroll to the bottom of the page and add a new line for every rule. We want to access HTTP and SSH connections (ports 80 and 22) as standard. We also want to open up port 10000 so that we can still access the Webmin interface. The rules are available in a file in the accompanying tutorial download folder.

Screen Shot 2013-04-17 at 10.27.44 PM

Step 20 : User permissions

To set the correct permissions to write to the web folders, we need to add our user to the correct group and set the permissions on the web folder to allow members of that group to write to it. Once complete, connect to the server via SFTP using a client like Cyberduck or Filezilla. Set the initial connection path to /var/www.

sudo usermod g www-data your_username
sudo chown R www-data:www-data /var/www
sudo chmod R 755 /var/www

Step 21 : Test PHP & Apache

test php and apache

With an SFTP connection made to the server, create and upload a simple PHP file that echoes the phpinfo() method. Once uploaded, browse to the web server on another machine where you should be presented with the output from the PHP script.

Your server is up and running (albeit only within your internal network at the moment).

Post A Comment

Leave a Reply

Your email address will not be published. Required fields are marked *