Skip to content

Instantly share code, notes, and snippets.

@shopglobal

shopglobal/LAMP.md

Last active Mar 24, 2018
Embed
What would you like to do?
LAMP stack on ubuntu 16.04

you should be able to get your ip from AngryIP or some other tools in this example it's 192.168.0.22

ssh root@192.168.0.22

Let's make a static IP to broadcast in this example it's 192.168.0.195

vim etc/network/interfaces

# The loopback network interface
auto lo eth0
iface lo inet loopback

# The primary network interface
iface eth0 inet static
  address 192.168.0.195
  gateway 192.168.0.1
  netmask 255.255.255.0
  network 192.168.0.22
  broadcast 192.168.0.195
  dns-nameservers 8.8.4.4 8.8.8.8

Then restart the network

sudo /etc/init.d/networking restart 

You should be greeted with success:

[ ok ] Restarting networking (via systemctl): networking.service.

and finally reboot

sudo reboot

LAMP STACK Ubuntu 16.04

sudo apt-get update
sudo apt-get dist-update
sudo apt-get full-upgrade
sudo apt-get upgrade
sudo apt-get install mysql-server phpmyadmin php libapache2-mod-php php-mcrypt php-mysql php-cli vim build-essential libnet-libidn-perl php-all-dev php-common php-dev php-gd apache2

During the installation, your server will ask you to select and confirm a password for the MySQL "root" user. This is an administrative account in MySQL that has increased privileges. Think of it as being similar to the root account for the server itself (the one you are configuring now is a MySQL-specific account, however). Make sure this is a strong, unique password, and do not leave it blank.

When the installation is complete, we want to run a simple security script that will remove some dangerous defaults and lock down access to our database system a little bit. Start the interactive script by running:

mysql_secure_installation

Then proceed to configure apache:

sudo apache2ctl configtest
sudo vim /etc/apache2/apache2.conf

add this at the bottom > ServerName $SERVERIP where $SERVERIP is your localhost: '

visit http://your_server_IP_address Check best IP to use

ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'

then restart apache:

sudo systemctl restart apache2

In most cases, we'll want to modify the way that Apache serves files when a directory is requested. Currently, if a user requests a directory from the server, Apache will first look for a file called index.html. We want to tell our web server to prefer PHP files, so we'll make Apache look for an index.php file first.

To do this, type this command to open the dir.conf file in a text editor with root privileges:

sudo nano /etc/apache2/mods-enabled/dir.conf

It will look like this:

/etc/apache2/mods-enabled/dir.conf
<IfModule mod_dir.c>
    DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
</IfModule>

We want to move the PHP index file highlighted above to the first position after the DirectoryIndex specification, like this:

/etc/apache2/mods-enabled/dir.conf
<IfModule mod_dir.c>
    DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
</IfModule>

After this, we need to restart the Apache web server in order for our changes to be recognized. You can do this by typing this:

sudo systemctl restart apache2

We can also check on the status of the apache2 service using systemctl:

sudo systemctl status apache2

Add apache to the UFW and install UFW if you haven't already:

sudo apt-get install ufw
sudo ufw enable
sudo ufw app list
sudo ufw app info "Apache Full"
sudo ufw allow in "Apache Full"
reboot

Reboot is necessary for UFW to be fully enabled.

Setup The steps in this tutorial require the user to have root privileges on your virtual private server. You can see how to set that up here in steps 3 and 4.

Before working with phpMyAdmin you need to have LAMP installed on your server. If you don't have the Linux, Apache, MySQL, PHP stack on your server, you can find the tutorial for setting it up here.

Once you have the user and required software, you can start installing phpMyAdmin on your VPS!

Install phpMyAdmin The easiest way to install phpmyadmin is through apt-get:

sudo apt-get install phpmyadmin apache2-utils During the installation, phpMyAdmin will walk you through a basic configuration. Once the process starts up, follow these steps:

Select Apache2 for the server Choose YES when asked about whether to Configure the database for phpmyadmin with dbconfig-common Enter your MySQL password when prompted Enter the password that you want to use to log into phpmyadmin After the installation has completed, add phpmyadmin to the apache configuration.

sudo nano /etc/apache2/apache2.conf

Add the phpmyadmin config to the file.

Include /etc/phpmyadmin/apache.conf

Restart apache:

sudo service apache2 restart You can then access phpmyadmin by going to youripaddress/phpmyadmin. The screen should look like this

Security Unfortunately older versions of phpMyAdmin have had serious security vulnerabilities including allowing remote users to eventually exploit root on the underlying virtual private server. One can prevent a majority of these attacks through a simple process: locking down the entire directory with Apache's native user/password restrictions which will prevent these remote users from even attempting to exploit older versions of phpMyAdmin.

Set Up the .htaccess File To set this up start off by allowing the .htaccess file to work within the phpmyadmin directory. You can accomplish this in the phpmyadmin configuration file:

sudo nano /etc/phpmyadmin/apache.conf 

Under the directory section, add the line “AllowOverride All” under “Directory Index”, making the section look like this:

<Directory /usr/share/phpmyadmin>
        Options FollowSymLinks
        DirectoryIndex index.php
        AllowOverride All
        [...]

Configure the .htaccess file With the .htaccess file allowed, we can proceed to set up a native user whose login would be required to even access the phpmyadmin login page.

Start by creating the .htaccess page in the phpmyadmin directory:

sudo nano /usr/share/phpmyadmin/.htaccess

Follow up by setting up the user authorization within .htaccess file. Copy and paste the following text in:

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/apache2/.phpmyadmin.htpasswd
Require valid-user

Below you’ll see a quick explanation of each line

AuthType: This refers to the type of authentication that will be used to the check the passwords. The passwords are checked via HTTP and the keyword Basic should not be changed. AuthName: This is text that will be displayed at the password prompt. You can put anything here. AuthUserFile: This line designates the server path to the password file (which we will create in the next step.) Require valid-user: This line tells the .htaccess file that only users defined in the password file can access the phpMyAdmin login screen. Create the htpasswd file Now we will go ahead and create the valid user information.

Start by creating a htpasswd file. Use the htpasswd command, and place the file in a directory of your choice as long as it is not accessible from a browser. Although you can name the password file whatever you prefer, the convention is to name it .htpasswd.

sudo htpasswd -c /etc/apache2/.phpmyadmin.htpasswd username

A prompt will ask you to provide and confirm your password.

Once the username and passwords pair are saved you can see that the password is encrypted in the file.

sudo a2enmod ssl
sudo a2enmod headers

Next, we can enable our SSL Virtual Host with the a2ensite command:

sudo a2ensite default-ssl

We will also need to enable our ssl-params.conf file, to read in the values we set:

sudo a2enconf ssl-params

At this point, our site and the necessary modules are enabled. We should check to make sure that there are no syntax errors in our files. We can do this by typing:

sudo apache2ctl configtest

FInish up by restarting apache:

sudo service apache2 restart
### LAMP STACK Ubuntu 16.04
```
sudo apt-get update
sudo apt-get dist-update
sudo apt-get full-update
sudo apt-get full-upgrade
sudo apt-get upgrade
sudo apt-get install mysql-server phpmyadmin php apache2-utils libapache2-mod-php php-mcrypt php-mysql php-cli libnet-libidn-perl php-all-dev php-common php-dev php-gd apache2
mysql_secure_installation
sudo apache2ctl configtest
sudo systemctl restart apache2
sudo systemctl status apache2
sudo apt-get install ufw
# sudo ufw enable
sudo ufw app list
sudo ufw app info "Apache Full"
sudo ufw allow in "Apache Full"
sudo ufw allow out "Apache Full"
sudo ufw allow in "OpenSSH"
sudo ufw allow out "OpenSSH"
sudo ufw allow 22
sudo apt-get install mysql-server phpmyadmin php apache2-utils libapache2-mod-php php-mcrypt php-mysql php-cli libnet-libidn-perl php-all-dev php-common php-dev php-gd apache2
sudo service apache2 restart

Add SSH

You (may) have to create the .ssh directory and the authorized_keys file the first time.

Create the .ssh directory:

mkdir ~/.ssh

Set the right permissions:

chmod 700 ~/.ssh

Create the authorized_keys file:

touch ~/.ssh/authorized_keys

Set the right permissions:

chmod 600 ~/.ssh/authorized_keys

The permissions are important! It won't work without the right permissions!

We can write this in a one line bash script:

echo -e '#!/usr/bin/env bash\necho "Creating the .ssh directory:"\nmkdir ~/.ssh\necho "Setting the right permissions:"\nchmod 700 ~/.ssh\necho "Creating the authorized_keys file:"\ntouch ~/.ssh/authorized_keys\necho "Setting the right permissions:"\nchmod 600 ~/.ssh/authorized_keys' > ssh-auth.sh

When we less the file, it should look like this: less ssh-auth.sh

#!/usr/bin/env bash
echo "Creating the .ssh directory:"
mkdir ~/.ssh
echo "Setting the right permissions:"
chmod 700 ~/.ssh
echo "Creating the authorized_keys file:"
touch ~/.ssh/authorized_keys
echo "Setting the right permissions:"
chmod 600 ~/.ssh/authorized_keys

Hit enter. Then copy the file and run it on each node:

bash ssh-auth.sh

SSH Login

So, we're ready to login with SSH. Let's vim mynode-1.sh. First we'll replace 192.168.0.1 in the example below with your IP address, and repeat once for each node.

#!/usr/bin/env bash
eval $(ssh-agent -s)
ssh-add ~/.ssh/droplet_rsa
cat ~/.ssh/droplet_rsa.pub | ssh root@192.168.0.1 "cat >> ~/.ssh/authorized_keys" 
ssh root@192.168.0.1 

Save as mynode-1.sh then save a copy with edits as mynode-2.sh etc.

Then create a master key file.

#!/usr/bin/env bash
start ./mynode-1.sh
start ./mynode-2.sh

Save as start_mynode.sh

bash start_mynnode.sh to start your cluster and enter your SSH key password for authentication.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment