Ubuntu 20 LAMP Setup

ubuntu_20_lamp_setup.txt

-- Prerequisites

apt update
apt upgrade

-- Supervisor

apt install supervisor -y

supervisord --version

service supervisor status

echo_supervisord_conf > /etc/supervisor/conf.d/supervisord.conf

-- Apache

apt install apache2

a2enmod rewrite

service apache2 status

-- Firewall

ufw allow in "Apache"
ufw allow ssh
ufw app list

https://xxx.xxx.xxx.xxx

-- MySQL

apt install mysql-server

mysql --version

service mysql status

mysql_secure_installation

mysql -u root -p

telnet localhost 3306

mysql> SHOW GLOBAL VARIABLES LIKE 'PORT';

-- PHP

apt-cache policy php

apt install -y \
  php \
  libapache2-mod-php \
  php-mysql

php --version

apt install -y \
  php-cli \
  php-dev \
  php-pgsql \
  php-sqlite3 \
  php-gd \
  php-curl \
  php-memcached \
  php-imap \
  php-mysql \
  php-mbstring \
  php-xml \
  php-zip \
  php-bcmath \
  php-soap \
  php-intl \
  php-readline \
  php-pcov \
  php-msgpack \
  php-igbinary \
  php-ldap \
  php-redis \
  php-xdebug

php -m

-- Composer

php -r "readfile('http://getcomposer.org/installer');" | php -- --install-dir=/usr/bin/ --filename=composer

composer --version

-- NodeJS

curl -sL https://deb.nodesource.com/setup_14.x | bash -
apt install -y nodejs
npm install -g yarn

node --version
npm --version
yarn --version

-- Src

https://www.youtube.com/watch?v=baYfrxay8zM
https://www.youtube.com/watch?v=4d0lir5XWjs

Setup non-root user

# Create user - with home dir and shell
sudo useradd -ms /bin/bash bmatovu

# Set user password
sudo passwd bmatovu

# Add user to sudo group
sudo usermod -aG sudo bmatovu

# Add user to Apache group
sudo usermod -aG www-data bmatovu

# Confirm user details
sudo id bmatovu

# Utilities ---------------

# View users 
cat /etc/passwd | grep bmatovu

# View available groups
cat /etc/group | grep bmatovu

# Delete user
sudo userdel -r bmatovu

https://www.youtube.com/watch?v=ItW_QQ96vzk

Issue #2 - When installing local package

[ErrorException]
  file_put_contents(./composer.lock): failed to open stream: Permission denied

Change /var/www ownership to the root user and www-data group.

sudo chown -R root:www-data /var/www

Grant group www-data users rights to /var/www

sudo chmod -R g+rwX /var/www

Add current user to www-data groups

sudo usermod -aG www-data $USER

Refs:

• Allow /var/www to non-root users
• mkdir(): Permission denied

Issue #1 - When installing a global package

  [ErrorException]
  file_put_contents(./composer.json): failed to open stream: Permission denied

Switch to the non-root user - create .composer if non-existent

su - bmatovu
mkdir /home/bmatovu/.composer

If the .composer dir exists - assign it to the non-root user

sudo chown -R $USER ~/.composer

Setup ssh access for non-root user

ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa_bmatovu -C "root@165.227.127.66"

# Host: DigitalOcean
# Account: mtvbrianking@gmail.com
# Droplet: bmatovu
Host bmatovu
    HostName 165.227.127.66
    User root
    PreferredAuthentications publickey
    IdentityFile ~/.ssh/id_rsa_bmatovu

Login into digitalocean
-> username/password

Reset root password if you forgot it
-> Username: root

Launch recovery console
-> Run: "wget -qO- https://repos-droplet.digitalocean.com/install.sh | sudo bash"

Launch console
-> Login with root password

Add your server public to authorized keys

Exit

Access from your server via ssh

---------

chmod 700 ~/.ssh

chmod 600 ~/.ssh/config
chmod 600 ~/.ssh/known_hosts
chmod 600 ~/.ssh/authorized_keys

-- todo

https://shandou.medium.com/testing-out-digitalocean-droplet-1-steps-for-ssh-into-droplet-as-non-root-user-with-sudo-access-c2a7a5229cd6

VirtualHosts

bmatovu@bmatovu-pc:/etc/nginx/sites-available$ sudo cp -rp default laravel.test

server {
    listen 80;
    listen [::]:80;
    server_name laravel.test www.laravel.test;
    root /var/www/laravel/public;
 
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-Content-Type-Options "nosniff";
 
    index index.php;
 
    charset utf-8;
 
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
 
    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }
 
    error_page 404 /index.php;
 
    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
    }
 
    location ~ /\.(?!well-known).* {
        deny all;
    }
}

bmatovu@bmatovu-pc:/etc/nginx/sites-available$ sudo ln -s /etc/nginx/sites-available/laravel.test /etc/nginx/sites-enabled/

bmatovu@bmatovu-pc:/etc/nginx/sites-available$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

bmatovu@bmatovu-pc:/etc/nginx/sites-available$ sudo service nginx restart

Database

jdoe@home-pc:~$ sudo mysql

mysql> SELECT DISTINCT user, host, authentication_string, password_expired FROM mysql.user;

mysql> CREATE USER jdoe@localhost IDENTIFIED BY 'xGrQsM7kVwKTXnFh';

mysql> CREATE DATABASE blog;

mysql> GRANT ALL PRIVILEGES ON blog.* TO jdoe@localhost;

mysql> FLUSH PRIVILEGES;

mysql> \q

jdoe@home-pc:~$ mysql -u jdoe -D blog -p

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE="blog"
DB_USERNAME="jdoe"
DB_PASSWORD="xGrQsM7kVwKTXnFh"