Knowing how to deal with web servers is a necessary skill to have in 2021, because for all things you want to do, you need a website, either for e-commerce or WordPress or whatever.
There are 2 most known web servers in the market: Apache and NGINX.
In this article, we will talk about Apache.
Apache is a really great web server for any type of work you have, it has a lot of features and a huge community that will help you with any problem you faced.
We already configured a virtual cloud server and make some important configurations and security stuff on it in the past article, if you want to take a look at it click on this article: Important Configurations and Settings You Should Do When You Launch Your Cloud Server.
Login with ssh to your server, then update the local package index, it’s always a best practice to update them, every time you want to install new software.
sudo apt update
Then install the Apache2:
sudo apt install apache2 -y
You can check if the webserver successfully installed, by checking its status:
sudo systemctl status apache2
Or:
sudo service apache2 status
If everything is ok, you will see this on the terminal:
Before testing the webserver if it works on public, we should first add a rule on the firewall to allow port 80, in some cloud provider you should allow the port from the dashboard and from the server, because in the previous article we set up a firewall, we should allow Apache from the UFW firewall, to show all apps we have we type:
sudo ufw app list
Then you will see different apps, we are interested in the Apache one, so we can see that we have 3 Apache services:
Apache is to allow unencrypted traffic which is port 80.
Apache Secure is to allow only encrypted traffic which is port 443.
Apache Full allows the encrypted and the unencrypted traffic which is allow port 80 and 443.
For best practice, we need to be more restricted, for that reason we will allow just the Apache which is unencrypted because we didn't set up a certificate yet, when we set up a certificate we will go back and change the rule, Now allow port 80 by typing:
sudo ufw allow Apache
Or:
sudo ufw allow 80
To check if the rule added successfully, type:
sudo ufw status
You will see that the rule has been added:
Now, you can type your server IP in your browser and you will see the default index of Apache, which means everything is work just fine.
Let's install the MySql server, and PHP related stuff to make everything work properly:
sudo apt install mysql-server -y
When the installation is complete, we can secure our MySQL installation, this is a good practice, and just mean getting rid of dangerous default settings that can be a security risk to your database server, so to so, type the following command:
sudo mysql_secure_installation
So, we'll go through the various prompts to complete this installation.
The first one is it's asking if we want to use the validate password plugin, this can be used to enhance password security by default, so anytime you want to set a password, it will force you to stick to a certain format for the password, a secure format. It's great to use this if you're comfortable with MySQL, also if you don't intend on using many plugins, for example, WordPress, or if you're gonna be installing PHP MyAdmin, that can be certain thing that conflict with this particular plugin, So, for this purpose, we'll go ahead and type in No and press Enter.
So, now we have to enter a password for MySQL, this is to connect to your database server, so again just make sure that is something secure, but something you can remember as well, if you pick a very complicated password, do remember to write it down and stored somewhere safe, Enter your password and confirm it.
The next prompt here is asking about anonymous users, it says by default my actual installation has an anonymous user allowing anyone to log in to MySQL, without having to have a user account created for them. This is attended only for testing and make the installation go a bit smoother, you should remove them before moving into a production environment. So even we're setting this up, the ultimate goal is to move to production, so we go ahead and select yes to remove the anonymous user and press Enter.
Now, we want to disallow root login remotely, typically you only want to allow the local host to log in as root, this is a great practice for security, go ahead and select yes, so remote users can not log in as root.
By default, MySQL comes with a database named test, which anyone can access. This is also intended only for testing and should be removed before moving into a production environment. So again we don't need this test database, type y, and press Enter.
The next step here is reloading the privilege tables, and this will ensure that all the changes we just made take effect immediately, type y and press Enter.
We're done with setting up MySQL.
One last step is the change our authentication method that MySql uses to authenticate the root user, although the default authentication method does offer some additional security, it conflicts with other tools that we need to install later such as PHP MyAdmin. For this reason, we'll need to switch our authentication method from auth_socket to mysql_native_password, you'll understand how this works in just a second.
This basically means we can use a regular password to authenticate, now to do this, you need to type the following command:
sudo mysql
So now we've opened up MySQL.
Let's check which authentication method each of our MySQL user account uses to authenticate by typing the following command:
SELECT user,authentication_string,plugin,host FROM mysql.user;
The table that you see below confirm that the root user does in fact connect with auth_socket.
To change this, we need to type the command and change the password word with your own MySQL password.
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
If everything is ok you will see this Query Ok message:
Now we'll need to run the flush privileges command and this tells the server to reload the grant tables and put your new changes into effect.
FLUSH PRIVILEGES;
You'll get Query OK for confirmation.
Now we've completed these steps, let's confirm that the root user no longer authenticates using the auth_socket plugin, so type this command that we typed before:
SELECT user,authentication_string,plugin,host FROM mysql.user;
We can confirm in this table below, that the root user now authenticates with mysql_native_password and no longer with the auth_socket.
In this example, I used mysql_native_password for anyone using the older versions of MySQL, if you want the use the newest one you use caching_sha2_password instead, if you want the use the newest one just type:
ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'password';
Then run this command for changes to take effect:
FLUSH PRIVILEGES;
You can learn more about the caching_sha2_password by visiting the Mysql Doc.
For me, I will stick with caching_sha2_password.
Now that we have MySQL installed, we can install PHP, so we can later install PHPMyAdmin without any issues. With PHP integration, you can communicate with your MySQL databases to execute tasks such as inserting, updating, or retrieving data, before we begin the installation we need to exit of mysql, just type exit end press Enter.
exit
To start the installation process for PHP, type the following command:
sudo apt install php libapache2-mod-php php-mysql -y
For changes to take effect we'll go ahead and restart our Apache server:
sudo systemctl restart apache2
Now we can go and test our PHP configuration to make sure that is working properly, to do this we need to create a file called info.php and place it into our HTML directory, this file will contain basic script that displays data about the PHP configuration, so you can create this file by running the following command:
sudo nano /var/www/html/info.php
nano is a text editor that we used when you hit Enter you will see the text editor open with a blank prompt, so write the following script, this is a basic PHP code to show PHP information on server when we load this page on the browser:
<?php
phpinfo();
?>
So after you typed this code, we need to save this file so we press CTRL+X then Y then Enter
Open your browser and type your server IP following by the name of the file which is info.php, like this:
http://your-server-ip/info.php
in my case is:
http://20.199.88.158/info.php
If everything is working perfectly fine you should see this page on your browser containing the info about the PHP and other stuff on the server.
One important point to mention here is you'll want to delete this file for your production server because it does contain a lot of information about your configuration that you wouldn't want this information in the wrong hands, so we go ahead and delete this file, to do that type this command:
sudo rm /var/www/html/info.php
Now if you try to load the same page you will see that it's not found anymore.
With Apache, MySQL and PHP installed, we can go ahead and install PHPMyAdmin, PHPMyAdmin is a very handy tool that can be used to interact with your MySQL databases through a graphical user interface (GUI). This makes the administration of databases much easier than trying to do it through executing command lines.
Before we install PHPMyAdmin, let's go ahead and update our package index like we did earlier. Although it's likely not necessary since we just updated our package index pretty recently, it's a good practice to run an update command prior to the installation of any major component, so type:
sudo apt update
and now typing the following command to get PHPMyAdmin:
sudo apt install phpmyadmin php-mbstring -y
Here you need to select web server, make sure you have apache2 highlighted, also make sure you hit the space button the make sure that apache2 is checked, as you can see in the picture below, once you've done that press OK (you can go to the OK button by click on TAB on the keyboard).
Now you will see a message, it says that the PHPMyAdmin package must have a database installed and configured before it can be used, you can read the rest in the image below, so we do want this installer to configure a database for PHPMyAdmin, so make sure that you select Yes and press Enter.
You'll now have to enter MySQL application password for PHPMyAdmin, so again make sure that is something you can remember and something that is secure:
Then confirm the password:
The installation process automatically adds the PHPMyAdmin configuration file into the following directory /etc/apache2/conf-enabled/ So all we need to do now is enable the mbstring PHP extension by typing the following command:
sudo phpenmod mbstring
The last step here is the restart Apache for the changes to be recognized:
sudo systemctl restart apache2
To make sure that PHPMyAdmin has been installed successfully, you can go to your browser and type:
http://your-server-ip/phpmyadmin
in my case:
http://20.199.88.158/phpmyadmin
If everything works good, you should see the PHPMyAdmin login page, you can enter your username which is root and the password is the password that you'd configured during installation:
Click OK and you will see the PHPMyAdmin user interface.
Now you have the LAMP stack installed, you can add your WordPress site or make a different virtual host, so you can host multiple websites on the same server, we'll see how to host multiple websites on the same server in the future article.