LAMP with Salt

Installing LAMP (Linux, Apache, Mariadb, PHP) is quite easy with Salt. We will use my previous LAMP installing guide as reference.

First lets install apache:

lamp:
  pkg.installed:
   - pkgs:
- apache2

Thats it for the installing! So easy. But we need to remove default html page for security reasons, attackers will always look for newely installed apache instances with it and it could point to weaknesses. So we make a new index.html file inside our salt master that we will use to replace the default one. It can be anything, I made it to say.

Placeholder indexfile

And in salt we will continue to build the same salt file by adding

# Apache config
/var/www/html/index.html:
  file.managed:
- source: salt://lamp/index.html

PHP

Its as easy as with Apache now we just add PHP to the mix.

lamp:
  pkg.installed:
   - pkgs:
     - apache2
- libapache2-mod-php

Next part is to add normal users to be able to use PHP not just root for that we need a new file with our init.sls what looks like this:

<FilesMatch ".+\.ph(ar|p|tml)$">
    SetHandler application/x-httpd-php
</FilesMatch>
<FilesMatch ".+\.phps$">
    SetHandler application/x-httpd-php-source
    # Deny access to raw php sources by default
    # To re-enable it's recommended to enable access to the files
    # only in specific virtual host or directory
    Require all denied
</FilesMatch>
# Deny access to files without filename (e.g. '.php')
<FilesMatch "^\.ph(ar|p|ps|tml)$">
    Require all denied
</FilesMatch>

# Running PHP scripts in user directories is disabled by default
# 
# To re-enable PHP in user directories comment the following lines
# (from <IfModule ...> to </IfModule>.) Do NOT set it to On as it
# prevents .htaccess files from disabling it.
#<IfModule mod_userdir.c>
#    <Directory /home/*/public_html>
#        php_admin_flag engine Off
#    </Directory>
#</IfModule>

We add it to the minions pc with this code in init.sls

# PHP Config
/etc/apache2/mods-available/php7.2.conf:
  file.managed:
- source: salt://lamp/php7.2.conf

Mariadb

Installing mariadb just as before add mariadb to salt

lamp:
  pkg.installed:
   - pkgs:
     - apache2
     - libapache2-mod-php
     - php-mysql
     - mariadb-client
     - mariadb-server

The last thing to install is firewall with adding “-ufw” to the end. So the final config wil look like this “`yaml
lamp:
pkg.installed:
– pkgs:
– apache2
– libapache2-mod-php
– php-mysql
– mariadb-client
– mariadb-server
– ufw

Apache config

/var/www/html/index.html:
file.managed:
– source: salt://lamp/index.html

PHP Config

/etc/apache2/mods-available/php7.2.conf:
file.managed:
– source: salt://lamp/php7.2.conf
“`

This time assignment was left a bit unfinished do to playing too much around with the final courseproject. You can find it here.

Sources:

Assignment: http://terokarvinen.com/2018/aikataulu–palvelinten-hallinta-ict4tn022-3004-ti-ja-3002-to–loppukevat-2018-5p

Leave a Replay