sudo apt update
sudo apt install apache2
sudo ufw app list
Output
Available applications:
Apache
Apache Full
Apache Secure
OpenSSH
If you look at the Apache Full
profile, it should show that it enables traffic to ports 80 and 443:
sudo ufw app info "Apache Full"
Output
Profile: Apache Full
Title: Web Server (HTTP,HTTPS)
Description: Apache v2 is the next generation of the omnipresent Apache web
server.
Ports:
80,443/tcp
Allow incoming HTTP and HTTPS traffic for this profile:
sudo ufw allow in "Apache Full"
Go to your url with ip as follows
http://your_server_ip
One is using iproute2
ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'
An alternative method is to use the curl utility to contact an outside party to tell you how it sees your server. This is done by asking a specific server what your IP address is:
sudo apt install curl
curl http://icanhazip.com
Use apt to acquire and install this software:
sudo apt install mysql-server
Configure MySql
sudo mysql_secure_installation
This will ask if you want to configure the VALIDATE PASSWORD PLUGIN
.
Answer Y
for yes, or anything else to continue without enabling.
VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?
Press y|Y for Yes, any other key for No:
If you answer “yes”, you'll be asked to select a level of password validation. Keep in mind that if you enter 2 for the strongest level, you will receive errors when attempting to set any password which does not contain numbers, upper and lowercase letters, and special characters, or which is based on common dictionary words.
There are three levels of password validation policy:
LOW Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary
Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1
Regardless of whether you chose to set up the VALIDATE PASSWORD PLUGIN
, your server will next ask you to select and confirm a password for the MySQL root user. This is an administrative account in MySQL that has increased privileges. Think of it as being similar to the root account for the server itself (although the one you are configuring now is a MySQL-specific account). Make sure this is a strong, unique password, and do not leave it blank.
If you enabled password validation, you'll be shown the password strength for the root password you just entered and your server will ask if you want to change that password. If you are happy with your current password, enter N
for "no" at the prompt:
Using existing password for root.
Estimated strength of the password: 100
Change the password for root ? ((Press y|Y for Yes, any other key for No) : n
Note that in Ubuntu systems running MySQL 5.7 (and later versions), the root MySQL user is set to authenticate using the auth_socket
plugin by default rather than with a password. This allows for some greater security and usability in many cases, but it can also complicate things when you need to allow an external program (e.g., phpMyAdmin) to access the user.
If you prefer to use a password when connecting to MySQL as root, you will need to switch its authentication method from auth_socket
to mysql_native_password
. To do this, open up the MySQL prompt from your terminal:
sudo mysql
mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;
Output
+------------------+-------------------------------------------+-----------------------+-----------+
| user | authentication_string | plugin | host |
+------------------+-------------------------------------------+-----------------------+-----------+
| root | | auth_socket | localhost |
| mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| debian-sys-maint | *CC744277A401A7D25BE1CA89AFF17BF607F876FF | mysql_native_password | localhost |
+------------------+-------------------------------------------+-----------------------+-----------+
4 rows in set (0.00 sec)
Note that the password
must be strong enough.
mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
Then run FLUSH PRIVILEGES
FLUSH PRIVILEGES;
Check the authentication methods employed by each of your users again to confirm that root no longer authenticates using the auth_socket plugin:
mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;
Output
+------------------+-------------------------------------------+-----------------------+-----------+
| user | authentication_string | plugin | host |
+------------------+-------------------------------------------+-----------------------+-----------+
| root | *3636DACC8616D997782ADD0839F92C1571D6D78F | mysql_native_password | localhost |
| mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| debian-sys-maint | *CC744277A401A7D25BE1CA89AFF17BF607F876FF | mysql_native_password | localhost |
+------------------+-------------------------------------------+-----------------------+-----------+
4 rows in set (0.00 sec)
Then exit
MySql
mysql> exit;
Once again, leverage the apt system to install PHP.
sudo apt install php libapache2-mod-php php-mysql
Apache will first look for a file called index.html
. We want to tell the web server to prefer PHP files over others, so make Apache look for an index.php
file first.
sudo nano /etc/apache2/mods-enabled/dir.conf
It will look like this:
<IfModule mod_dir.c>
DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
</IfModule>
Move the PHP index file to the first position after the DirectoryIndex
specification, like this:
<IfModule mod_dir.c>
DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
</IfModule>
When you are finished, save and close the file by pressing CTRL+X
. Confirm the save by typing Y
and then hit ENTER
to verify the file save location.
Restart Apache Server
sudo systemctl restart apache2
You can also check on the status of the apache2
service using systemctl
:
sudo systemctl status apache2
Sample Output
● apache2.service - LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: active (running) since Tue 2018-04-23 14:28:43 EDT; 45s ago
Docs: man:systemd-sysv-generator(8)
Process: 13581 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
Process: 13605 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)
Tasks: 6 (limit: 512)
CGroup: /system.slice/apache2.service
├─13623 /usr/sbin/apache2 -k start
├─13626 /usr/sbin/apache2 -k start
├─13627 /usr/sbin/apache2 -k start
├─13628 /usr/sbin/apache2 -k start
├─13629 /usr/sbin/apache2 -k start
└─13630 /usr/sbin/apache2 -k start
Press Q
to exit this status output.
Apache on Ubuntu 18.04 has one server block enabled by default that is configured to serve documents from the /var/www/html
directory. While this works well for a single site, it can become unwieldy if you are hosting multiple sites. Instead of modifying /var/www/html
, let's create a directory structure within /var/www
for our your_domain site, leaving /var/www/html
in place as the default directory to be served if a client request doesn't match any other sites.
Create the directory for your_domain as follows:
sudo mkdir /var/www/your_domain
Next, assign ownership of the directory with the $USER
environment variable:
sudo chown -R $USER:$USER /var/www/your_domain
If you haven't modified your unmask
value, but you can make sure by typing:
sudo chmod -R 755 /var/www/your_domain
Next, create a sample index.html page using nano or your favorite editor:
nano /var/www/your_domain/index.html
Inside it, add the following
<html>
<head>
<title>Welcome to Your_domain!</title>
</head>
<body>
<h1>Success! The your_domain server block is working!</h1>
</body>
</html>
Save and close the file when you are finished.
Let's make a new one at /etc/apache2/sites-available/your_domain.conf
:
sudo nano /etc/apache2/sites-available/your_domain.conf
Something like this works
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName your_domain
ServerAlias www.your_domain
DocumentRoot /var/www/your_domain
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Let's enable the file with the a2ensite
tool:
sudo a2ensite your_domain.conf
Disable the default site defined in 000-default.conf
:
sudo a2dissite 000-default.conf
Let's check for configuration errors:
sudo apache2ctl configtest
You should see the following:
Output
Syntax OK
Restart Apache to see the changes
sudo systemctl restart apache2
Apache should now be serving your domain name
. You can test this by navigating to http://your_domain, where you should see something like this:
Create a very basic PHP script called info.php
sudo nano /var/www/your_domain/info.php
Add the following inside it
<?php
phpinfo();
?>
Visit the following
http://your_domain/info.php
After checking it remove this file using the following command
sudo rm /var/www/your_domain/info.php