Set Up Server with LAMP Stack on Ubuntu 20.04

Purchase VPS (Virtual Private Server)

I purchased a VPS from Hostwinds. There are various operating systems available. I used Ubuntu 20.04.

Login to the Server

I login using the MobaXterm SSH Client. The server is a remote computer to which you do not have physical access, so instead of plugging in a keyboard, mouse and screen, you establish a connection that gives you access to command prompt. SSH stands for secure shell, meaning the data you transfer between your computer and the server are encrypted.

Remote host is the IP address of your server (available in your Hostwinds account)

Username is “root”

password is whatever you set in Hostwinds

Useful Linux Commands

https://vitux.com/40-most-used-ubuntu-commands/

Update Server Operating System

Update Ubuntu (only required if there is a new version of Ubuntu). Be sure you can login as the non-root user before doing this as the new install will not allow root login.:

sudo do-release-upgrade

Update the advanced package tool:

sudo apt-get update (without the -get is newer, so I use it)

sudo apt update

Install the “L-A-M-P” Programs

L: Linux, already installed. I used 20.04.

A: Apache. The Apache2 default site appears immediately by typing server IP address in browser.

sudo apt install apache2

P: php

sudo apt install php php-mysql

sudo reboot

php -v

M: MySQL. Mariadb seems to be the most widely-used version of MySQL, so I installed mariadb instead of the standard MySQL. The XAMPP controller that establishes localhost for developing uses mariadb. Mariadb is a version of MySQL.

sudo apt install mariadb-server

(I don’t think this was necessary) Enable mysqli in /etc/php/7.2/apache2/php.ini by removing comment ‘;’

extension=mysqli    ; nate enabled this

also:

sudo phpenmod mysqli

You can test the php functionality by making index.php file in the /html/ directory and visiting the file in a browser:

<?phpphpinfo();

Create Non-Root Super-User, Make It Useful

Logging in as a non-root sudo user is safer. For example, some installations of Ubuntu default to external root login disabled, which means for a remote server you would be locked out if this were set.

sudo adduser new_username

usermod -a -G sudo new_username

Change the password for the current user as desired with:

passwd

Grant all privileges to the user with:

visudo

and add a line in the .ini file below the root user line:

new_username ALL=(ALL:ALL)ALL

This only allows the user to give itself privileges. The user does not have all read/write privileges like the root itself. Log in as the new user through SSH.

Now, make a new group:

sudo addgroup servermanager

add the new user to the group:

sudo adduser new_username servermanager

groups new_username

make the new group the owner of the required directories:

sudo chown -v -R :servermanager /var/www/

sudo chown -v -R :servermanager /etc/apache2/sites-available/

sudo chown -v -R :servermanager /etc/apache2/sites-enabled

then modify the directory permission to be written by the owner group:

sudo chmod -v -R g+w /var/www/

sudo chmod -v -R g+w /etc/apache2/sites-available

sudo chmod -v -R g+w /etc/apache2/sites-enabled

Useful “Permissions” Commands

Linux has a group and user structure to manage permissions and it is very useful to be able to view the current state:

List all users in the system:

cat etc/passwd

List all groups on the system:

cat etc/group or less etc/group

or

getent group

for all members of a single group:

getent group group_name

check ownership of a directory, for example:

ls -ld /var/www/

check ownership of a file:

ls -l /var/www/

Find all the files owned by a particular user (may take some time):

sudo find / -user username

You may have to change the active group for the session, possibly not:

newgrp servermanager

delete a group:

sudo groupdel group_name

delete a user (-r removes the user’s directory and mail spool):

sudo userdel -r username

search “linux octal permissions” to understand the numbering system.

Show all currently logged in users on a system:

w

Upload and Enable a Site

You can now login as the non-root user with sufficient permission to set up sites.

Upload any site directory to /var/www/html/your_site/

Go to /etc/apache2/sites-available/ and copy the default .conf file:

cp 000-default.conf your_site.conf

and modify with the following information:

ServerName your_site.com

ServerAlias www.your_site.com

ServerAdmin you@email.com

DocumentRoot /var/www/html/your_site

Use the following command to enable the site. What it actually does is copy the .conf file from /sites-available/ to /sites-enabled/:

sudo a2ensite your_site opposite is sudo a2dissite your_site

sudo systemctl reload apache2

to show some server information:

ps aux | grep apache2 | less

#q

to get out of this command.

MySQL

From the MySQL command prompt, which is “MariaDB” – a version of MySQL, same thing:

mysql -u root

MariaDB [(none)]> CREATE user 'new_username'@'localhost';

SELECT user, host, authentication_string FROM mysql.user;

DROP user 'new_username'@'localhost'

CREATE USER 'new_username'@'localhost' IDENTIFIED BY 'yourpassword';

CREATE database yourdatabasename;

GRANT SELECT, INSERT, UPDATE ON yourdatabasename.* TO 'new_username'@'localhost';

ALTER USER 'new_username'@'localhost' IDENTIFIED BY 'yournewpassword';

USE yourdatabasename;

Create the appropriate table(s) using the database code you keep with your website code.

CREATE table ...

To Do: Establish an SSH Connection with SSH Keys for the Non-Root User

Normally, you generate a public and private key on your local computer then copy the public key to the server along with some settings. Hostwinds has an option in server management to generate the key, download the private key, and install the public key on the server. Reboot required.