Installing a Ubuntu LAMP server
Ubuntu is an open-source operating system that offers a worthy alternative to mainstream commercial systems such as Windows. You can install the classic open-source LAMP software package (Linux, Apache, MySQL, and PHP) on Ubuntu, creating a fully functioning server for free.Ubuntu is a Linux program, so will already have Linux installed. You will need to focus on the three remaining programs to complete the open-source stack. To help keep your Ubuntu LAMP server secure, it is useful to back it up in the cloud. Security becomes an issue any time a computer is connected to a network.
The best thing you can do is take precautions, such as creating a secure backup server using a virtual private network in the cloud or a server on site. Administrators that have little more than working knowledge of their computer systems can be easy targets for hackers, but this is also enough knowledge to set up a reasonably secure LAMP server.
 |
| Photo Credit: Andrew Mason |
Step 1: Administrator account and root password
Create an administrator account in the cloud with a new root password. The bigger and more complicated the password, the more secure the account will be. Create a SSH (secure shell) key for the password, and copy the public key to the newly created backup server. This will make the server more secure, while enabling ease of access for the administrator.Disable the root login and authorise login only for the administrator, which will heighten security against “dictionary attacks” and streamline SSH access to only the administrator’s password. Create a custom group of logins that have access to SSH, so that unauthorised accounts cannot be created. This process is known as “hardening SSH”.
Step 2: NTP
Set up the network time protocol (NTP) to regulate the server with the actual time. The easiest way to do this is to use the default Ubuntu time server.Step 3: Firewall
Create a firewall for your server. This is easiest using “uncomplicated firewall” (ufw), a firewall that automatically creates iptables for you. If you do not need remote access to your server, you can restrict access to one IP address.Step 4: Apache
For Apache, create as many directories as you need, in addition to the default Ubuntu setup and security updates. At the end of the process, you will be presented with a white screen that confirms, “It works!” Although you can use the default Ubuntu site, it is better to generate your own configuration and take away the default site afterwards.Do a configuration test and password protect your site. However, never run Apache as root, as it will open your server to a number of vulnerabilities.
Step 5: MySQL
To set up MySQL, set a root password as prompted by Ubuntu. Make this password different from other SQL passwords to help protect against SQL injection attacks. Answer “yes” to the rest of the Ubuntu prompts to enable the automatic installation script, log in to your database, and run a test.Step 6: PHP
PHP installation is simple, requiring only a script to be run, which will automatically perform configurations. Restart Apache, and PHP should be running. However, it is always best to test the installation. As an aside, it is best not to use PHPMyAdmin due to security vulnerabilities.Step 7: Finish it off
Other functionalities that are good to have include Postfix, a mail server that will deliver backup logs to the administrator, and Fail2Ban, which scans for malicious activity in the firewall and blocks suspicious IP addresses. Once the setup is complete, reboot to make sure everything is displayed and functioning properly. Always allow security patches.Sources:
http://blog.al4.co.nz/2011/05/setting-up-a-secure-ubuntu-lamp-server/
http://www.unixmen.com/install-lamp-with-1-command-in-ubuntu-1010-maverick-meerkat/
http://www.linuxcandy.com/2012/05/how-to-install-lamp-in-ubuntu-12-04-precise-pangolin.html
https://www.digitalocean.com/community/articles/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu
MikeAbout the Guest Author:
Mike, who runs his linux cloud servers using ElasticHosts, enjoys the feedom of virtual computers as it means he can create virtual instances of almost any operating system at any time!