6.4.10 Installation and configuration of LAMP

Banner

LAMP is a software bundle that represents a popular technology stack for developing and deploying web applications. LAMP is widely used due to its reliability, flexibility, and open-source nature. This acronym stands for:

  • L — Linux family operating system.
  • A — Apache web server.
  • M — MySQL or MariaDB database management system.
  • P — PHP programming language for creating web pages.

In this article, we’ll look at the process of installing and configuring LAMP on various Linux distributions, including Debian, Ubuntu, CentOS, AlmaLinux, and RockyLinux.

Important: Before starting the installation, make sure You have superuser (root) rights or the ability to use sudo. It’s also recommended to create a backup of important data before making changes to the system.

We recommend performing all the actions described below on a clean OS image, without pre-installed control panels or other functionality.

Note: instructions have been verified on the following OS versions: Ubuntu 18.04-22.04; Debian 8–12; CentOS 7, 8; AlmaLinux 8, 9. Functionality on later versions is not guaranteed.

Installation for Debian and Ubuntu

1. System update

Before starting the installation, update the package list and the system itself:

System update.
  1. sudo apt update && sudo apt upgrade -y

2. Installing Apache

Install the Apache web server:

Installing Apache2 and enabling autostart.
  1. sudo apt install apache2 -y

  2. sudo systemctl enable apache2

3. Installing MySQL

Install the MySQL server:

Installing MySQL and enabling autostart.
  1. sudo apt install mysql-server -y

  2. sudo systemctl enable mysql

After installation, run the MySQL secure installation script:

Running the security script.
  1. sudo mysql_secure_installation

Answer the script’s questions, it’s recommended to answer Y to all questions to enhance security:

  • Set root password? [Y/n] – Set a password for root if it wasn’t set before.
  • Remove anonymous users? [Y/n] – Remove anonymous user.
  • Disallow root login remotely? [Y/n] – Prohibit remote login as root.
  • Remove test database and access to it? [Y/n] – Remove test database.
  • Reload privilege tables now? [Y/n] – Apply changes.

4. Installing PHP

Install PHP and necessary modules. In this example, we’ll use PHP 8.1, but You can replace the version with the one relevant to Your case:

Ubuntu 18.04-22.04 and Debian 9–12: installing PHP 8.1.

To install PHP 8.1 or another needed version, use the PPA repository:

Installing additional PHP repository.
  1. sudo add-apt-repository ppa:ondrej/php -y

  2. sudo apt update

Then install PHP and necessary modules:

Installing PHP 8.1 and components.
  1. sudo apt install php8.1 php8.1-fpm libapache2-mod-php8.1 php8.1-mysql php8.1-common php8.1-cli -y
Debian 8 and older versions: installing PHP 8.1.

To install PHP 8.1 or another needed version, use a third-party repository:

Adding sury.org repository for PHP.
  1. sudo apt install apt-transport-https lsb-release ca-certificates -y

  2. sudo wget -qO - https://packages.sury.org/php/apt.gpg | sudo apt-key add -

  3. echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee /etc/apt/sources.list.d/php.list

  4. sudo apt update

Then install PHP and necessary modules:

Installing PHP 8.1 and components.
  1. sudo apt install php8.1 php8.1-fpm libapache2-mod-php8.1 php8.1-mysql php8.1-common php8.1-cli -y

Note: if You need a different PHP version (for example, PHP 7.4 or PHP 8.2), replace php8.1 with the needed version.

You can check the installed PHP version with the command:

Checking the default PHP version.
  1. php -v

The command output will display the installed PHP version: PHP Version

5. Configuring Apache for PHP

Create a test PHP file:

Creating a test script.
  1. echo "<?php phpinfo(); ?>" | sudo tee /var/www/html/phptest.php

5. Checking services status

After installing all LAMP components, check their status and make sure they are set to autostart:

Checking services status.
  1. sudo systemctl status apache2 mysql php8.1-fpm

When checking, the status should display with the text active (running) – this will mean that everything was installed correctly. Services Status

Make sure all services are added to autostart:

Activating autostart.
  1. sudo systemctl enable apache2 mysql php8.1-fpm

6. Configuring firewall for Debian and Ubuntu

If You’re using UFW (Uncomplicated Firewall), allow HTTP and HTTPS traffic:

Permanently allowing HTTP and HTTPS traffic.
  1. sudo ufw allow "Apache Full"
Alternatively: if You plan to work with the IPTables utility.

Execute commands for automatic rule loading:

Automatic loading of IPTables rules.
  1. sudo apt install iptables-persistent

  2. systemctl enable netfilter-persistent.service

Then, allow access to HTTP and HTTPS by executing the following commands:

Forwarding ports 80 and 443.
  1. iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT

  2. iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT

7. Testing after reboot

To ensure that all LAMP components start automatically after server reboot, perform the following actions:

Rebooting the server.
  1. sudo reboot

After the server reboots, check the services status:

Checking services status.
  1. sudo systemctl status apache2 mysql php8.1-fpm

When checking, the status should display with the text active (running) – this will mean that everything was installed correctly. Services Status

8. Check the web server functionality

To check PHP operation, check the file created earlier, open it in the browser’s address bar.

http://255.255.255.255/phptest.php, where instead of numbers 255 (255.255.255.255) You need to specify the IP that was issued when creating the server. You can view the IP address in the letter about opening the service.

Example

We inform: the installation has been successfully completed. Now You can upload Your website files to the /var/www/html/ folder

Installation for CentOS, AlmaLinux, and RockyLinux

1. System update

Before starting the installation, update the system:

System update.
  1. sudo dnf update -y

2. Installing Apache

Install the Apache web server:

Installing Apache and enabling autostart.
  1. sudo dnf install httpd -y

  2. sudo systemctl start httpd

  3. sudo systemctl enable httpd

3. Installing MySQL (MariaDB)

Install MariaDB:

Installing MariaDB and enabling autostart.
  1. sudo dnf install mariadb-server -y

  2. sudo systemctl start mariadb

  3. sudo systemctl enable mariadb

After installation, run the MariaDB secure installation script:

Activating the security script.
  1. sudo mysql_secure_installation

Answer the script’s questions, it’s recommended to answer Y to all questions to enhance security:

  • Set root password? [Y/n] – Set a password for root if it wasn’t set before.
  • Remove anonymous users? [Y/n] – Remove anonymous user.
  • Disallow root login remotely? [Y/n] – Prohibit remote login as root.
  • Remove test database and access to it? [Y/n] – Remove test database.
  • Reload privilege tables now? [Y/n] – Apply changes.

4. Installing PHP

Depending on Your operating system version, execute the appropriate commands to install PHP 8.1.

AlmaLinux 9 and RockyLinux 9: installing PHP 8.1.

For AlmaLinux 9 and RockyLinux 9, execute the following commands:

Installing EPEL repository.
  1. sudo dnf install epel-release -y
Installing Remi repository.
  1. sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-9.rpm -y
Activating PHP 8.1 module.
  1. sudo dnf module enable php:remi-8.1 -y
Installing PHP and necessary modules.
  1. sudo dnf install php php-cli php-common php-fpm php-mysqlnd php-zip php-gd php-mbstring php-curl php-xml php-pear php-bcmath php-json -y
Restarting Apache.
  1. sudo systemctl restart httpd
CentOS 8, AlmaLinux 8, RockyLinux 8: installing PHP 8.1.

For CentOS 8, AlmaLinux 8, and RockyLinux 8, use dnf and install the repositories:

Installing EPEL repository.
  1. sudo dnf install epel-release -y
Installing Remi repository.
  1. sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm -y
Activating PHP 8.1 module.
  1. sudo dnf module enable php:remi-8.1 -y
Installing PHP and necessary modules.
  1. sudo dnf install php php-cli php-common php-fpm php-mysqlnd php-zip php-gd php-mbstring php-curl php-xml php-pear php-bcmath php-json -y
Restarting Apache.
  1. sudo systemctl restart httpd
CentOS 7: installing PHP 8.1.

For CentOS 7, use yum and install the EPEL and Remi repositories:

Installing EPEL repository.
  1. sudo yum install epel-release -y
Installing Remi repository.
  1. sudo yum install https://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
Activating PHP 8.1 module.
  1. sudo yum-config-manager --enable remi-php81
Installing PHP and necessary modules.
  1. sudo yum install php php-cli php-common php-fpm php-mysqlnd php-zip php-gd php-mbstring php-curl php-xml php-pear php-bcmath php-json -y
Restarting Apache.
  1. sudo systemctl restart httpd

Note: if You need a different PHP version (for example, PHP 7.4 or PHP 8.2), replace php8.1 with the needed version.

You can check the installed PHP version with the command:

Checking the default PHP version.
  1. php -v

The command output will display the installed PHP version: PHP Version

5. Configuring Apache for PHP

Create a test PHP file:

Creating a test script.
  1. echo "<?php phpinfo(); ?>" | sudo tee /var/www/html/phptest.php

6. Checking services status

After installing all LAMP components, check their status and make sure they are set to autostart:

Checking services status.
  1. sudo systemctl status httpd mariadb php-fpm

When checking, the status should display with the text active (running) – this will mean that everything was installed correctly. Services Status

Make sure all services are added to autostart:

Enabling autostart.
  1. sudo systemctl enable httpd mariadb php-fpm

7. Configuring firewall for CentOS, AlmaLinux, and RockyLinux

Allow HTTP and HTTPS traffic through the firewall:

Configuring Firewall.
  1. sudo firewall-cmd --permanent --add-service=http

  2. sudo firewall-cmd --permanent --add-service=https

  3. sudo firewall-cmd --reload
Alternatively: if You plan to work with the IPTables utility.
  1. Install iptables-services to ensure automatic rule loading:
Automatic rule loading.
  1. sudo yum install iptables-services
  1. Enable and start the iptables service:
Enabling and starting the service.
  1. sudo systemctl enable iptables

  2. sudo systemctl start iptables
  1. Allow access via HTTP and HTTPS using the following commands:
Forwarding ports 80 and 443.
  1. sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT

  2. sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT
  1. Save the iptables rules:
Saving rules.
  1. sudo service iptables save
  1. To ensure that the rules are applied upon reboot, execute:
Restart the utility to verify success.
  1. sudo systemctl restart iptables

8. Testing after reboot

To ensure that all LAMP components start automatically after server reboot, perform the following actions:

Rebooting the server.
  1. sudo reboot

After the server reboots, check the services status:

Checking services status.
  1. sudo systemctl status httpd mariadb php-fpm

When checking, the status should display with the text active (running) – this will mean that everything was installed correctly. Services Status

9. Check the web server functionality

To check PHP operation, check the file created earlier, open it in the browser’s address bar.

http://255.255.255.255/phptest.php, where instead of numbers 255 (255.255.255.255) You need to specify the IP that was issued when creating the server. You can view the IP address in the letter about opening the service.

Example

We inform: the installation has been successfully completed. Now You can upload Your website files to the /var/www/html/ folder

Security Recommendations

Now You have installed and configured the LAMP stack on Your system. This is a basic configuration that can be further customized for Your project’s specific needs. It is recommended to regularly update LAMP components to ensure security and stability.

We remind You: after completing the testing, it is recommended to delete the phptest.php file, as it may provide potential attackers with information about Your system:

  1. sudo rm /var/www/html/phptest.php

Additionally:

  1. Consider changing the standard SSH port (22) to a non-standard one to reduce the number of automated attacks.

  2. Use key-based authentication instead of passwords for SSH.

  3. Configure fail2ban to protect against brute-force attacks.

  4. Regularly check server logs for suspicious activity.

  5. Consider using a Web Application Firewall (WAF) for additional protection of web applications.