Skip to content

Instantly share code, notes, and snippets.

@nasirhafeez
Last active September 10, 2024 11:24
Show Gist options
  • Save nasirhafeez/d47c9d68742227a23f1011455a190490 to your computer and use it in GitHub Desktop.
Save nasirhafeez/d47c9d68742227a23f1011455a190490 to your computer and use it in GitHub Desktop.
LAMP Server Setup on Ubuntu 20

LAMP Server Setup on Ubuntu 20

Contents

Basic Setup

MySQL Setup

Apache Site Setup

Web Security

Let’s Encrypt Setup for Apache

Basic Setup

Assuming all commands are run as root:

apt update && apt upgrade -y
apt install -y apache2 nano curl
apt install -y php
apt install -y --allow-unauthenticated php-pear php-curl php-dev php-xml php-gd php-mbstring php-zip php-mysql php-xmlrpc libapache2-mod-php

MySQL Setup

Install and secure MySQL

apt-get install -y mysql-server

MySQL Root Password

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '';

MySQL Secure Installation

mysql_secure_installation

Create regular user

CREATE USER 'user'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON portal.* TO 'user'@'localhost';

Install phpMyAdmin

Disable password validation component in SQL:

UNINSTALL COMPONENT "file://component_validate_password";

Install phpmyadmin

apt-get install -y phpmyadmin

Apache Site Setup

Create the first virtual host file:

nano /etc/apache2/sites-available/example.com.conf

Add or modify the following directives:

<VirtualHost *:80>
    ServerName your_domain
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/your_domain
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Enable site:

a2ensite example.com.conf

Disable default site:

a2dissite 000-default.conf

Restart Apache:

systemctl restart apache2

Disable access to .env files

Locate the following code in /etc/apache2/apache2.conf:

<FilesMatch "^\.ht">
Require all denied
</FilesMatch>

Add the following code below it:

<Files .env>
    Order allow,deny
    Deny from all
</Files>

Web Security

Apache Security

nano /etc/apache2/apache2.conf

Go to:

<Directory /var/www/>

Change:

Options Indexes FollowSymLinks

To:

Options -Indexes +FollowSymLinks

Add the following at the end:

TraceEnable off
ServerTokens Prod
ServerSignature Off

Let’s Encrypt Setup for Apache

Install Certbot

apt install certbot python3-certbot-apache
certbot --apache

Run certbot interactive wizard:

certbot --apache

Obtain certificates in non-interactive way:

certbot --apache --agree-tos -m <email address> --no-eff-email --redirect -d <domain>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment