Categories
Blog

How to install Linux, Apache, MySQL, PHP (LAMP) stack on a Ubuntu VPS to host websites

This article is about how I deploy a Linux, Apache, MySQL, and PHP (LAMP) environment on my DigitalOcean VPS.

I wrote this article in Chinese originally. I borrowed some ideas from the internet.

Make a VPS

There is not much to say for this section, all you need to do is to create a VPS on DigitalOcean (or any other VPS providers). I chose the one in San Francisco. Ubuntu 20.04 LTS is used.

Adjust the timezone

If the timezone is not adjusted wisely, in the future, there may be an issue that the time in the database is not consistent with the local time.

You can use the following command to see the VPS timezone.

timedatectl

If you find the timezone not good, you can type the following command to obtain all the available timezones.

timedatectl list-timezones

Then, you can pick one from the list, and running the following command to make the new timezone in effect. Now, I am using Toronto as an example.

sudo timedatectl set-timezone Asia/Shanghai

Initial Server Setup

There are many reasons why you should not use a root account directly. So, it is better to have a non-root account, which has the “sudo“ privilege.

adduser chenpan
usermod -aG sudo chenpan

And now I am going to enable the Firewall.

ufw allow OpenSSH
ufw enable

Install Apache

You can use the following commands to install the latest version of Apache.

sudo apt update
sudo apt install apache2

Now, adjust the Firewall again, allow the Apache traffic.

sudo ufw app list
sudo ufw app info "Apache Full"
sudo ufw allow in "Apache Full"

Install MySQL

You can use the fowlling commands to install the latest version of MySQL.

sudo apt install mysql-server
sudo mysql_secure_installation

I usually have a MySQL account with “access” to all the tables. If you want to do the same, you can enter the MySQL console first by the following command.

sudo mysql

Create a user “chenpan“. Replace the password with your desired one.

CREATE USER 'chenpan'@'localhost' IDENTIFIED BY 'password'; 

Grant access to all the tables to “chenpan“.

GRANT ALL PRIVILEGES ON * . * TO 'chenpan'@'localhost';
FLUSH PRIVILEGES;
exit

Install PHP

You can use the following commands to install PHP and restart the Apache2 to make it effective.

sudo apt install php libapache2-mod-php php-mysql
sudo systemctl restart apache2

The very first thing I always do is to change the file size limit of PHP after I install it. You can do it as well! As I write this article, PHP 7.4 will be installed on Ubuntu 20.04. So, if you have PHP7.4, type the following command to open “php.ini“ file (the configuration file for PHP).

sudo nano /etc/php/7.4/apache2/php.ini

Find the following two fields, “upload_max_filesize“, and “post_max_size“, change the values to what you want.

upload_max_filesize   = 20M
post_max_size = 20M

Restart Apache

sudo systemctl restart apache2

Configure the virtual hosts

Now I am going to show you how I can actually make a website visitable by people around the world. I will make the following assumptions:

  1. Your website root directory is at “/var/www/website“.
  2. The domain name is “www.chenpan.xyz“, and “chenpan.xyz“ as an alias.

If you don’t have anything in “/var/www/website“, you can make one using the following commands.

sudo mkdir /var/www/website
sudo chown -R $USER:$USER /var/www/website
sudo chmod -R 755 /var/www/website
sudo find ./ -type d -exec chmod 755 {} \;
sudo find ./ -type f -exec chmod 644 {} \; 

Now I am going to make a configuration file for “www.chenpan.xyz“, by the below command.

sudo nano /etc/apache2/sites-available/chenpan.xyz.conf

Copy the following content, and paste it into the opening configuration file. Change the values to what work for you.

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName chenpan.xyz
    ServerAlias www.chenpan.xyz
    DocumentRoot /var/www/website
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<Directory /var/www/website>
    Options FollowSymLinks
    AllowOverride all
    Require all granted
</Directory>

Enable this configuration file by using the “a2ensite“ command, and restart Apache to make it effective.

sudo a2ensite website.conf
sudo systemctl reload apache2 

Configuration SSL

SSH certificate (HTTPS) is a “must-to-have” for every website. It is very easy to get one in fact.

First, you need to install “certbot“, which will pretty much handle everything for us, regarding the certificates.

sudo add-apt-repository ppa:certbot/certbot
sudo apt install python3-certbot-apache 

Then, you can use the following command to obtain a certificate. As you may have noticed, you can get one certificate for multiple domains. You just need to append another “-d domainName“.

sudo certbot --apache -d chenpan.xyz -d www.chenpan.xyz

Install phpMyAdmin (Optional)

MySQL database management would be easier if we have “phpMyAdmin“, a GUI version of the MySQL console. Run the following commands.

sudo apt update
sudo apt install phpmyadmin php-mbstring php-gettext
sudo phpenmod mbstring 
sudo systemctl restart apache2 

Then, you can visit phpMyAdmin with your MySQL accounts, using the following address.

http://youripaddress/phpmyadmin

We can make phpMyAdmin more secure by adding an extra username/password layer. Open the phpMyAdmin configuration file by using the following command:

http:/sudo nano /etc/apache2/conf-available/phpmyadmin.conf

Locate the following line of code:

DirectoryIndex index.php

Add the following line of code after the above line of code.

AllowOverride All 

It makes a “redirection“ possible for the phpMyAdmin (so we can redirect it to our extra username/password validation process).

Now, we need to actually make the extra protection layer works. Type the following command to configure the “.htaccess“ file for phpMyAdmin.

sudo nano /usr/share/phpmyadmin/.htaccess 

Write the following into it.

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user

And then make a user for the extra protection layer, you will be prompted to enter a password.

sudo htpasswd -c /etc/phpmyadmin/.htpasswd chenpan-extra-protection-layer

** If you configure a virtual host that is using /usr/share/phpMyAdmin as DocumentRoot, then you can visit phpMyAdmin with a domain, instead of the ip address.

Configure SSH keys

If you want to access your virtual machine without a password but using a key. You can copy and paste the key into the following files.

sudo nano ~/.ssh/authorized_keys

You can do it before you make the non-root user. If so, you can use the following command to make synchronization of the keys.

rsync --archive --chown=chenpan:chenpan ~/.ssh /home/chenpan

Generate System Languages (Optional)

sudo dpkg-reconfigure locales

Install PageSpeed Module (Optional)

sudo wget https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_amd64.deb
sudo dpkg -i mod-pagespeed-stable_current_amd64.deb
sudo systemctl restart apache2

Then

nano /etc/apache2/mods-available/pagespeed.conf

Write the following into the configuration file.

<Location /pagespeed_admin>
    Order allow,deny
    Allow from localhost
    Allow from 127.0.0.1
    Allow from all
    SetHandler pagespeed_admin
</Location>

<Location /pagespeed_global_admin>
    Order allow,deny
    Allow from localhost
    Allow from 127.0.0.1
    Allow from all
    SetHandler pagespeed_global_admin
</Location>

Restart Apache

systemctl restart apache2

Add Swap Space (Optional)

You can reserve some disk space as “Swap Space“, which can be regarded as “Memory”. It is especially useful if your VPS doesn’t have ample RAM.

sudo fallocate -l 4G /swapfile

Enable the Swap Space

sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile

Now, to make the swap running on boot, we need to open the following file first.

sudo nano /etc/fstab

Then write the following into it.

/swapfile   none swap    sw 0 0

Errors

If you see any errors, you can try the following command to check the specific error message.

sudo cat /var/log/apache2/error.log

Leave a Reply

Your email address will not be published. Required fields are marked *