Before starting the fifth part of the series, I would like to state that it is strongly recommended to follow the 3 "Basic Server Security" posts I made. It won't make your server 100% secure, but it is the first step to stop most "bored attackers". If a serious attacker/hacker makes you a target, you would need a specialist to secure yourserver.
In the webserver series, we will configure a web server. We will install Apache, PHP 7.1 and MySQL, we will setup a Let's Encrypt bot, and a bandwidth monitor. We will also setup Wordpress, phpMyAdmin and we will open the needed ports on UFW.
What we WON'T do, is to install an FTP server. When time comes, I will help you configure Filezilla to use your private key (the one we made on the 3rd part of the "Basic Server Security" series), and you will upload anything you want via this.
This series will be split into 3 or 4 parts, as it is large as well. Writing everything in one post is counter productive for me.
On the first part of the series, we will take care of the installation Apache, PHP 7.1, MySQL and the Bandwidth Monitor. Please note: We will not do any configuration on this part!
Note: most widely used Debian & Ubuntu versions don't support PHP 7.1 natively. We will use a repository by Ondřej Surý, who takes care of this issue and provides updates as well.
What you need (a.k.a. intro)
You need to know your server's IP. If you are using a NAT VPS, this tutorial isn't for you, although I am gathering some information to make a NAT Web Server tutorial, but it will be about providers taking part in Low End Spirit project, and others having similar configuration.
The instructions you will read, are tailored for Ubuntu 17.04 or Debian 9. For older versions, chances are that they'll work as is, but I suggest that you install a newer and supported version of the OS. If you run a VPS on a company that has no new versions, I would suggest that you not renew with them and switch to a company that provides the latest versions, such as Vultr.
Apache Server
A good advice is that you start with an update of your system:
sudo apt-get update
sudo apt-get upgrade
And then, install Apache 2:
sudo apt-get install apache2 -y
The -y I added at the end, forces the installation, without waiting for you to confirm it. I usualy use this only when I know what packages will be installed.
When it finishes, run apache2 -v. You should see something like this:
Server version: Apache/2.4.25 (Ubuntu)
Server built: 2017-06-26T11:50:10
Congrats! Pat yourself in the back, you now have a web server running!
To make sure it works correctly as well, run this command to get your public ip address:
curl ipecho.net/plain
Type the IP address you will see in your web browser.
This is the default web page of Apache2 in Ubuntu. Debian features a similar "default" web page for Apache2.
MySQL Database
We won't install MySQL, but the drop-in replacement MariaDB. MariaDB is developed by the original MySQL developers, committed to keep the project completely Open Source. Run this command:
sudo apt-get install mariadb-server
You may be asked to enter a password, which will be your root login password.
Congrats, we have installed a database, it was very simple, right?
PHP 7.1
PHP 7.1 isn't yet available in the official repositories of Debian 9 or Ubuntu 17.04. As I stated in the intro, we will use a repository by Ondřej Surý, who provides the packages and their updates.
Here is the beginning:
Ubuntu users Debian users should skip this part, and go to Debian users section
sudo apt-get install -y python-software-properties
sudo add-apt-repository -y ppa:ondrej/php
Python-software-properties includes the add-apt-repository command, which allows us to add PPAs (Personal Package Archives). PPAs are repositories made by developers in order to allow them to provide users with updated versions of software.
Debian users Ubuntu users should skip this part
sudo apt-get install apt-transport-https lsb-release ca-certificates
sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
sudo echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list
Essentially, it's the same thing as in ubuntu's, but in a very different way! We add the GPG key of Ondřej'es repository to our archives, and then include the repository to our configuration.
Ubuntu & Debian users:
Now we proceed to install PHP 7.1. We will install the most used stuff only. If you think you need something else as well, feel free to include it!
sudo apt-get update
sudo apt-get install php7.1-cli php7.1-apcu php7.1-mcrypt php7.1-intl php7.1-mysql php7.1-curl php7.1-gd php7.1-soap php7.1-xml php7.1-zip php7.1-bcmath libapache2-mod-php7.1
DO NOT skip the apt-get update I wrote, as we installed a different repository, and we have to download the package list from this repository as well.
It will take a while to download and install these packages and configure them, so grab a coffee or something!
Bandwidth monitor
By installing a bandwidth monitor we can check out our bandwidth usage. It may not be 100% correct, as your provider probably calculates it in a different way, but you will get a small idea.
sudo apt-get install vnstat vnstati
vnstat is the console bandwidth monitor we will be using. vnstati allows you to generate images with your usage, in order -for example- to include it in a page you will be using to monitor your server.
That's it for now! In the upcoming parts we will configure everything we installed! For now, pat yourself in your back once again and shout "Congrats" :)
Part 2 is now available! Click here to read it
Image courtesy of Quora
Thank you for reading. If you liked my small tutorial, or have any questions, feel free to leave a comment.
If you need a place to host your servers consider Vultr, Digital Ocean and BuyVM.
These are affiliate links. If you sign up through them, you support me and I will have more free time to write more content like this.
Also If you signup for Digital Ocean through my affiliate link, you will get $10 to try them out. Note: to battle abusers of this offer, you'll have to make a $5 deposit via Paypal or add your credit/debit card, so they can confirm that you are a new user. I did a deposit via Paypal to test them out, and then I added my credit card so I won't have to deposit money manually every now and then.
doesn't using PHP 7.1 on Debian increase insecurity which is why without personal repositories you can only install PHP 7??
If the personal repository is trusted, you have no problems using them. But security is all about tradeoffs. If the older packages available from the default repositories are full of bugs, it's almost all of the time advisable to install updated packages from either third-party repositories (after doing some personal research of course), or to compile them yourself.
awesome thanks.
on ubuntu 16.04 it installed apache/2.4.18 . is there a reason for this? should it be updated to 2.4.25 or is it because 2.4.18 is the stable and secure version currently??
This is the most recent version Ubuntu has included in 16.04 repositories. You could try compiling it on your own if you want the most recent version.
do you think it's worth it? what are the differences?