vk5

How to install LAMP STACK

LAMP stack is Linux Apache MariaDB PHP. (mariadb or mysql same thing) Everything needed to run a fully working website, a operating system, a server, a database and PHP. This will be a detailed tutorial how to get build your own LAMP stack securely. The first part LINUX we already have setup with the Digital Ocean droplet.

Setup: Digital Ocean droplet 1core, 1GB ram, Ubuntu 18.04

First things first when you install a new Linux distro is to run.

$ sudo apt update && sudo apt upgrade -y

It will update all your preinstalled apps etc. to the latest version. Now we have a clean state to start with. After that we install Apache2 and test its working. We are going to test every piece one by one so the errors are easy to manage and don’t pile up.

$ sudo apt install apache2 -y

Then we go to the ip and look if our server is already running. And yes, yes it is.

We are going to replace the default apache page because even when we are not using it many attackers will look specifically for it because it’s a sign of a brand-new webpage with potential vulnerability’s. With the command

$ echo "Default"|sudo tee /var/www/html/index.html

This will replace the default index.html content with just the world “Default”.

Next, we need to allow normal users to make websites and make a public_html

$ sudo a2enmod userdir

$ sudo systemctl restart apache2

$ cd; mkdir public_html; cd public_html

$ echo 'User created Apache works!'> index.php

Test it. Great! Apache works!

PHP

In production use you should never install more stuff than needed. The more stuff you install the more options you give to the attackers. So, we don’t install the whole PHP just the Apache and MariaDB dependencies. And again, normal users are not allowed to run PHP on their side, so we need to allow php run on user directory’s. Never run your server only as root.

$ sudo apt install libapache2-mod-php php-mysql -y

$ sudoedit /etc/apache2/mods-available/php7.2.conf # Choose the right php version and comment out ifmodule stanza to allow PHP in userdir

Now restart apache again
sudo systemctl restart apache2

Let’s create some php to test it out

cd; cd public_html; echo 'Php works if it says four > <?php print(2+2+"\n\n"); ?>'> index.php

Well done! Let’s go straight to last part MariaDB

MariaDB database

The database should never be allowed to access from the outside. So its best to turn on the firewall UFW on with minimal ports open. For LAMP only http, https and most likely SSH are the only ports needed to keep open. And only the TCP version we don’t need UDP

$ sudo ufw allow 22/tcp && sudo ufw allow 80/tcp && sudo ufw allow 443/tcp

Now turn on the UFW and check that its running.

$ sudo ufw enable && sudo ufw status

Sidenote UFW

I checked the command sudo ufw allow ssh && sudo ufw allow http && sudo ufw allow https makes also them only as TCP connections as show here

But if you put just the port number without the /tcp ending you will get both UDP and TCP allowed wich is bad.

Next, we install the actual mariadb

$ sudo apt install mariadb-client mariadb-server -y

and login straight away with

$ sudo mariadb -u root

Then we create a new Mariadb user and a database with the same name. Make a super strong password you don’t need to remember it. We will setup an autologin. Don’t just smash the keyboard with both hands that is not a random password.

$ CREATE DATABASE plants CHARACTER SET utf8;

$ GRANT ALL ON plants.* TO plants@localhost IDENTIFIED BY 'zxvj010jdg75z.-b!%G/&u';

Now exit Mariadb with

$ exit

And make the autologin with. The second command will restrict the use of the autologin file only to the current user and the third command will check it. It should look like this

$ cd; touch .my.cnf

$ chmod og-rwx .my.cnf

$ nano .my.cnf

$ nano .my.cnf

Add the following

[client]

user=”plants”

database=”plants”

password=”zxvj010jdg75z.-b!%G/&u”

Now try to login without your password as the newly created user

$ mariadb -u plants

Nice you get in! Let’s create some tables for our plants database.

$ USE plants;
$ CREATE TABLE plants (id INT AUTO_INCREMENT PRIMARY KEY, name VARCHAR(1024), price FLOAT);

$ SHOW TABLES;

After that we should fill the table with something. For example

INSERT INTO plants(name, price) VALUES ("Willow", 1504.3);

INSERT INTO plants(name, price) VALUES ("Blueberry", 1153);

Check it with

SELECT * FROM plants;

Nice! Seems to be working.

Putting everything together

We grab the code from this and edit the “hats” to “plants” and put our own password in.

http://terokarvinen.com/2018/php-database-select-and-insert-example-php-pdo

“;

$pdoStatement=$pdo->prepare(“INSERT INTO plants (name) VALUES (:name)”);

$pdoStatement->bindParam(‘:name’, $name);

$pdoStatement->execute();

}

// list

$pdoStatement=$pdo->prepare(‘SELECT * FROM plants;’);

$pdoStatement->execute();

$hits=$pdoStatement->fetchAll();

foreach($hits as $row) {

echo “

“.$row[‘id’].” “.htmlentities($row[‘name’]).” price “.$row[‘price’].” rupees

\n”;

}

?>

Paste it in to the index.php with

$ cd; cd public_html; nano index.php

We See that it works almost. It will show the prices of the items we added manually but strangely it will not list prices of the items added with the form. I don’t know enough PHP and SQL so I could fix the problem.

But we now have a working LAMP stack with each part correctly talking to each other securely.

Sources:

This was also a school assignment, but I think this time the information is so useful I publish it also in my other section. Here is the assignment its “h5”.

http://terokarvinen.com/2018/aikataulu-%E2%80%93-linux-palvelimet-ict4tn021-3003-to-8-14-alkusyksy-2018p1-%E2%80%93-5-op

PHP test form: http://terokarvinen.com/2018/php-database-select-and-insert-example-php-pdo

Share this post

Leave a Reply

Your email address will not be published. Required fields are marked *