LAMP Installation On Ubuntu 6.06 For Linux Noobs

Want to support HowtoForge? Become a subscriber!
 
Submitted by chrisfay (Contact Author) (Forums) on Thu, 2006-07-27 04:56. :: Ubuntu

LAMP On Ubuntu 6.06 For Noobs

 I, like many others, made the decision to attempt an install of Ubuntu 6.06 server with the preconfigured LAMP option without having ever attempted using Linux before. My goal was to build a setup that I could host my personal web site from. Embarking on this journey I had no idea how much knowledge I lacked and in turn would learn in my quest to host. I floundered around on forums and clung helplessly to Google for aid in all the places I fell short. I found that a really good resource for building a LAMP configuration for complete Linux noobs was either not available, or stuffed neatly in some Google Bermutan triangle which my browser was afraid to go. Hence, I am writing this as a partial documentation of my trials and tribulations with hopes of aiding all Linux noobs on the steps necessary to create a basic Linux, Apache2, MySQL5 and PHP5 system with FTP. Again, this document is tailored to complete Linux beginners and is in no way a complete guide to attacking such a setup. It will get you up and running but will need security hardening like no other.

If you have a decent amount of RAM I would suggest downloading a copy of Vmware and use that to mess around with installing Linux within it. That would be the best way to tamper with everything here while easily restoring it if you have problems. Vmware server edition is available as a free download (for now) from here.

 

Installing Ubuntu 6.06 Server

First off, when you download the Ubuntu 6.06 server edition CD from Ubuntu you will obviously have to install it. This document will not go into detail on the installation of the OS itself, as I will assume you already know how to burn an image and boot to the disk. If not, you can write me with questions related to that aspect of the installation. Once you have the disk burned and booted you are presented with the menu options for the installation. Choose the LAMP installation option and follow the prompts to configure the OS.

os installation options

If you where like me than you had no idea that after installing the LAMP option you would be left with a command prompt and absolutely no idea what to do. It is now that you should make the decision to either learn to use a command prompt to navigate, or install a desktop environment from the prompt in order to navigate in a friendly GUI environment. I will continue with the assumption that you would rather work in a GUI environment, though not resource friendly for your server system, it will make navigation and software installation within Linux much easier for a beginner.

In order to obtain a desktop GUI from the terminal prompt after installing the Ubuntu LAMP server OS you have to type a command. There are I believe a couple different desktop environments to choose from ie. KDE or Gnome but I prefer (for none other than aesthetics) the Gnome option. It is nice and clean and I found a little easier to use. Both use the apt-get for software installation and updates, which is ridiculously easy to use in my opinion.

So, here you are staring at a command prompt. To obtain a desktop GUI you have to type:

sudo apt-get update

sudo apt-get install ubuntu-desktop

(it may ask for the Ubuntu install disk; I can't remember if it uses that or the Universe repositories.) either way, stay connected to the internet just in case.

It should prompt you for the password you entered during the install of Ubuntu since the "sudo" command invokes root privileges. This was something I had a hard time understanding at first since Windows users come from the mentality that users default to administrator access to files. Ubuntu does not; you have to invoke root privileges by using the sudo or su command in order to modify most aspects of the system. This gets most frustrating later on but as you get used to it, it is an extremely preventative measure, which could have saved Windows from so many mono-user based security exploits.

Now that you have entered the commands to begin the installation of the desktop and you see the files loading and installing, you can sit back and relax for a bit. If you're installing on an old system it may take a while for it all to complete.

Once the desktop installation finishes it will prompt you to reboot. Once rebooted you should find yourself with a familiar GUI logon interface requesting your username and password you entered again from the OS installation.  Log in and it will bring you to the brown Gnome desktop.

 

Configuration

At this point you now have Ubuntu 6.06 up with Apache2, MySQl 5, PhP5 and Pearl5 all running on your system you just don't know it. The next step is to configure each to your own needs. Again, this is a drastic difference from Windows type software configuration as most things Windows based include a nice, easy to use setup.exe file that prompts for any configuration needs. This is not the case with Linux for the most part. In order to modify the necessary files within each of these servers you have two options. You can either find the config file for each and manually edit that in a text editor, or you can download a web-based server management utility which simplifies the task for you using a GUI type interface. I found that WebMin made configuring my servers extremely easy as I was not familiar, nor comfortable, manually editing most of the config files.

webmin

WebMin is a freely available resource and can be downloaded here. I would suggest downloading it directly from the website as the repository may be outdated (It may not even have it). WebMin will require a bit of configuration itself as it defaults to using Apache 1's config files instead of Apache2, which causes some issues when using the interface to adjust Apache2 settings.

After downloading the file you will be left with a file called "webmin-1.290.tar.gz". This is a compressed file that will need to be uncompressed. Just double click it and uncompress it to the desktop.

Now, the next step is to install the WebMin software. Installing software in linux is much different than Windows and to do so you must first have the latest compiling software installed. You can either use Synaptic and search for the package called Build Essential or enter the command in a terminal prompt:

sudo apt-get install build-essential

This will install everything needed for installing the software.

Now that you have the tools to install WebMin, the next step is to open a terminal and navigate to the decompressed folder you created on the desktop. To do this in the terminal you need to type a few commands.

cd Desktop

Type

ls      (modified from "dir" as recomended by anonymous)

to make sure the uncompressed folder webmin-1.290 is there.

cd webmin-1.290

You will now be in the folder containing the files for WebMin. The next step is to run the command that will actually install it.

./setup.sh /usr/local/webmin

This will start the installation, which will then prompt you for some configuration settings. Use the default settings except for the username and password of course.

With WebMin installed, you can now configure most of your other servers from WebMin's control panel which is much easier for new linux users than finding and modifying each server's config files. In order to make any modifications to Apache2 within WebMin you will have to change a couple settings within.

First navigate to WebMin's control panel by typing http://chris:10000/ in your internet browser. (replacing "chris" with the default username you installed linux with.) This should bring up the interface for WebMin.

Click on the "servers" option and navigate to the "Apache Webserver" icon.

In the upper left hand corner you will see a tab called "module configuration" which you will need to click on and change a few things therein.

1. change the "File or directory to add virtual servers to" to "/etc/apache2/sites-available/default". This will change to the correct directory if you want to host multiple sites.

2. change the "Directory to create links in for new virtual servers" to "/etc/apache2/sites-enabled/000-default". This will enable the chosen virtual sites.
(should look like this pic)

conf
(yeah, I know the pic looks diff....I'm at work :)

2. scroll down into "system configuration" and change the "server root directory" to "/etc/apache2".

3. change the "path to httpd executable" to "/usr/sbin/apache2ctl".

4. change the "path to apache2ctl" to "/usr/sbin/apache2ctl".

5. change the "command to start apache" to "/etc/init.d/apache2 start"

6. change the "command to stop apache" to "/etc/init.d/apache2 stop"

7. change anything else below that has the word "apache" to "apache2" or it will not access the correct directory or file. I believe this is due to the default settings being designed for apache1 not apache2. (should look like the image below)

apache2 configuration

After completing these steps you will need to save, and then navigate back to the "apache webserver" icon where you can restart apache2. You will need to do this in order for the changes to take effect. After restarting you will have WebMin configured correctly for use with apache2. If you can't restart apache after the changes, it is because the "restart" button is still using the old configuration from prior to your editing it. You will need to restart the computer as I don't remember the apache restart command for apache1.

In order to reach your web server from the outside world you will have to make sure that port 80 is open. Some ISP's block inbound traffic to this port with the intent to block web servers from running on their network. This can be bypassed by routing through another port (8080 or whatever else) though you will have to update your DNS with the correct port.

Now is the time to test your settings. You will need to know the WAN IP address of your computer; the one that others would use to access you on the web. This can be found by going to www.myip.dk or another site which will give it to you. Do not use your LAN address (something like 192.168.x.x) as this is your internal address unreachable from outside your internal network. Enter your WAN IP into your web browser and it should bring you to the default Apache2 web page. It should say something about Apache2 having been installed successfully and that you are at the default page.

apache2 default page

If you found the default page, then you DO have port 80 available and your server is up and running. From here, all you would have to do is put your site in the directory "/var/www" and lable your home page "index.html" and it would be accessible from your external WAN IP. A little bit later we will discuss how to configure a DNS so others can type in your domain name instead of your IP to reach your site. If for some reason you did not access the default Apache2 page, your ISP may be blocking the port. To circumvent this you will have to port forward using something similar to this:

  1. If you are behind a router you will need to give your pc a static IP. Do this by going into your "network setting" option in the System drop down menu in Ubuntu. Choose "Ethernet connection" and then properties.
  2. In the IP address option type "192.168.1.3". (you can change the "3" to anything else; if you have DHCP setup make sure you use a number that isn't being used or it will cause conflicts. Generally its ok to use a number below 50)
  3. In the "subnet mask" it should default to "255.255.255.0". Leave that.
  4. In the "default gateway" use your routers ip. It should be 192.168.1.1
    (should look similar to the pic below ; if you want to use 192.168.1.10 as I have then it would look exactly the same.)

static ip configuration

Next, you will need to login to your router and forward HTTP requests to port 8080. I use a Linksys wrt54g router to do this but if you use a different model I'm sure the steps are similar. First you need to type in the ip of the router itself which is generally 192.168.1.1. This should bring up a login box for a username and password. It should be something like :

usrname:
passwrd: admin

Once logged into your router, you will see a simple GUI interface for adusting properties within your router. On the Linksys, you will see a section called "Gaming and Accessories" which is the tab you need to click on. It will bring up the option to portforward I think 10 individual ports. Enter:

Description: "HTTP"
Port from: "8080"
Port to : "8080"
IP: "192.168.1.3" (or whatever statip IP you gave your computer)
Make sure and click the checkbox for "Enable" or it wont activate the portforwarding
(should look like this pic only using 8080 instead of 80)

port configuration

This will allow you to port forward to the internal IP 192.168.1.3 for port 8080. If you were stuck before and couldn't reach the default Apache2 page, and you have now given your pc a static ip, you will need to change the Apache2 listen port in WebMin from 80 to 8080. To do this:

-open WebMin and click on the "apache webserver" icon.
-click on "network and addresses" and change the port there.
-restart apache using the "restart apache" option in WebMin

To reach your webserver externally you will now have to type your WAN IP and 8080 in your browser. Ex. "66.665.66.1:8080". This is only necessary if your IP is blocking port 80.

At this point you should have the ability to access your webserver. Try replacing the default Apache2 index.html page with your own. You should easily be able to have your own site up after that. From here you have the option to setup FTP to access your web folder from anywhere, a DNS server for configuring your own domain name, mail and ftp routing and many other fun options. I will continue on focusing on FTP, DNS and Mail server configuration.

If you've made it this far, you have probably realized how different it is to navigate in Linux vs Windows. With a little more practice and configuration it may start feeling a bit more comfortable. After getting my web server online I was so eager to be able to add content to it from my other pc or my work computer that my next step was to install a functioning FTP server. The next section will deal with that specifically.

 

FTP Configuration

The FTP software I have been using is Proftpd. This software may not be any better than others available but it seemed the easiest to configure which is all I really care about as a new linux user. WebMin has the icon for Proftpd already listed but it will not work until you actually install it from Synaptic. To do so:

- Open synaptic in Ubuntu and search for Proftpd.
- Let synaptic download and configure it for you. WebMin will work with it after you have it installed.
- You now have an FTP server on your system. Next you will need to configure a few things.

First, you need to add a new user to your Ubuntu users list. Go to your "system" tab on the desktop again, Go to "administration" then "users and groups". Here you will be able to add a new user and name it whatever you want. Next, add a new group and call it "ftp". Make sure and add the user you made to the group "ftp". You will also need to give your user access to the directory "/var/www" or whatever your site address is so you can access the correct directory.

Next you will need to use WebMin to add the user to Proftpd. Click on the Proftpd server icon in WebMin and navigate to the "edit confi files" icon within. There you will have to manually add your user and group into the file. In the config file find where it says:
"set the user and group that the server usually runs at" and add them into the file manually.
(should look like this before you change them)

proftp configuration

While you're in the config file you may want to change the "umask" setting to something a little less strict or your files will have a high user permission setting and may be inaccessible by users to your site. You may want to Google how file permissions work in order to gain a better understanding. To test your server you can change your umask setting to a lower setting like "002" or something to test it. 

After adding the user and group, you may need to port forward port 21 to your static IP. (this is only if you are behind a router or firewall). Do this in the same fashion as the configuration change earlier for port 8080.

Now you should be able to access your users directory on your Linux PC using FTP. You can try it by opening a new network connection in Windows using "ftp://username@IP". Substitue the username and IP for your ftp username and the external IP of your computer (plus port if you use a port other than 21) and you should be able to access the directory you specified.

MySQL and PHP are both configured for you upon installation of the Ubuntu LAMP Server so configuring them is unnecessary unless you need to. If you do, use the WebMin interface to make those changes as it is probably the easiest. You can also download phpMyAdmin if you want more control over your MySQL databases.

Again, in no way is this a professional outline of how your system should be setup. I intended this document to aid in making the installation and configuration a bit easier for the beginner and have left out probably a few things here and there. If you have anything to add or criticize you can email me.

Written by Chris L. Fay on 7/15/2006


Please do not use the comment function to ask for help! If you need help, please use our forum.
Comments will be published after administrator approval.
Submitted by zipserve (not registered) on Mon, 2011-05-23 09:48.
Two thumps up on LAMPS tutorial.Ideally you'd want to monitor the server while making config changes from multiple locations around the world.
Submitted by isheahan (registered user) on Fri, 2007-04-13 08:57.

Great article, great comments - thanks for the posting...

As M$ gets more expensive and unrealistic for hosting just-for-fun and personal sites, OSI resources have become more and more appealing, yet, I too have been suffering with the same findings as you have with regard to total noob install guides.

(bs.)
http://devcamp.us

Submitted by Anonymous (not registered) on Wed, 2006-08-16 15:05.

First, thanks so much for the howto!  It saved me a great deal of time.

I wanted to add a post about a problem that I had that took a while to figure out.  After adding webmin, I couldn't navigate to the http://user:10000 page.  It forced me to go to an https://user10000 page and login.  Unfortunately, you can only login as the root user, and for whatever reason, it didn't copy the root password that I assigned when I installed ubuntu intially.  After much gnashing of teeth trying every combination of root, root@user, 'root', etc.,  I decided to try changing the password for webmin.

http://www.webmin.com/faq.html Step 2. Has the instructions for doing this from the command line.

Worked like a champ after that.

 

Submitted by Anonymous (not registered) on Sat, 2006-08-05 16:42.
Following your guide (thanks by the way) and I found that after installing the desktop (sudo apt-get install ubuntu-desktop) it did not prompt me to restart, just set me back at the command prompt. Rather than do a hard reset, I recalled my previous experiences with linux and issued the command "sudo shutdown -r now".
Submitted by Anonymous (not registered) on Mon, 2008-09-22 19:56.
Try: sudo reboot
Submitted by Anonymous (not registered) on Fri, 2006-08-04 18:36.

The Apache1 command for restarting the server is:

apachectl graceful 

 ...which will check the configuration file for errors, and if there isn't any, restart the apache server without closing the currently open connections

Submitted by Anonymous (not registered) on Fri, 2006-08-04 06:15.

As an experienced Linux user and admin (I have use Linux on the desktop exclusively for about 5 years, and have been using Linux longer; I have also setup many Linux servers), I have to recommend some changes. First, you should use Apache 1.3.x not 2. Apache 2 is insecure. Second, if you have to use a gui, XFCE is much more lightweight, and the desktop of choice for the admins who can't live without a gui. Third, you should NEVER use proftpd for your ftp server; use vsftp instead. Proftp is not secure, whereas vsftpd was designed to be secure from the start, and is the choice of "those who know." For instance, kernel.org (the site which hosts the Linux kernel itself) uses vsftp.

You should also put an iptables firewall on a publicly available webserver configured like this, and have two network cards. On one ethernet interface, you can generally leave everything open for your internal LAN. On the other, you firewall everything but your http and (if needed) ftp. This heavily firewalled interface is the one you expose to the outside world. You don't want your webmin interface and everything else to be accessible/hackable to the outside world, do you? If setting up an iptables firewall manually is beyond you, guarddog should do a good job for this I believe. I'm not positive about guarddog, though, as I do this by hand.

Port 8080 isn't, btw, the best port to recommend for an alternative port. It's a very popular port for admins to use for their proxy server, so it may cause confusion.

I would also recommend setting up a bind9 server for your internal lan, so that you can name your machine www and anything else you like, and all machines on your network will be able to find it. If you have a static IP and wish to register a domain name to your IP, this will be absolutely neccessary, as you'll have to specify both a primary and a backup dns server for your site with the registrar.

You should use apt-get to install webmin rather than installing it from a downloaded package. Using apt-get to install it will mean it will get updated automatically in case of any security updates. You do have a cron job running 'apt-get update && apt-get upgrade' on a daily basis, right?

You also must change the default root password for MySql. Otherwise, any random person on the net will be able to take control of your MySql database.

You should also have stated the need to run:

chmod 644 -R /var/www/*

to set your permissions correctly. Speaking of which, WebDAV is a nicer way to update your website than ftp. Alternatively, you could set up an ssh server (sshd) to use utilities on the server itself to edit your site. Using ssh -X from another Linux machine will allow you to run GUI apps on your webserver, with the GUI itself being displayed on your local machine.

Submitted by whatwasthat (registered user) on Mon, 2007-07-09 19:17.

If you followed the path of this article and  decided you wish to take the advice to install xfce, you will eventually discover that the ubuntu package called xubuntu is just that, but I had just installed the ubuntu daper-drake LAMP install and decided I needed the lighter xfce gui because it is "lighter". The way you get there from here is to look here: http://www.debianadmin.com/install-xfce-desktop-in-ubuntu.html

Which explains that the following command installs the lighter gui

sudo apt-get install xubuntu-desktop

Submitted by Anonymous (not registered) on Fri, 2006-08-11 13:28.
Why is Apache 1.3.x more secure than Apache2??
Submitted by Anonymous (not registered) on Mon, 2006-08-14 21:18.

It isn't, except in some sort of metaphysical way. New features are not being added to the 1.3 line, in fact the 2.0 line has been dead-ended. Both are only receiving security updates any more. New features are the biggest risk for adding new holes in a program, thus a dead project is less likely to grow new holes than a live one.

But a live project is more likely to find and patch security holes faster... shrug.

The OpenBSD project's Apache release is a hacked version of the 1.3 line and is supposedly more security hardened than other Apache distros, but that's a whole nother can of worms not worth getting into.

Submitted by Anonymous (not registered) on Mon, 2006-08-07 07:14.

[QUOTE] You should use apt-get to install webmin rather than installing it from a downloaded package. Using apt-get to install it will mean it will get updated automatically in case of any security updates. [/QUOTE]

The Webmin package in the repository is outdated...do not do use it....

Also, I'm curious what the point of a firewall or ip tables is if you only open the ports that have to be open anyways. Sounds to me like its counterintuitive to close ports with a firewall, which are already closed (or not being listened on)  when you need them open to gain access externally.

Seems rather pointless...

Submitted by Anonymous (not registered) on Tue, 2006-08-01 09:18.

There is now also a .debian package available
for Webmin, so you can use that too and install it with:

sudo dpkg -i package_name.deb
Submitted by Anonymous (not registered) on Mon, 2006-07-31 22:24.
Here's an unofficial starter guide that I used to get started: http://ubuntuguide.org/wiki/Dapper
Submitted by Anonymous (not registered) on Thu, 2006-08-03 22:20.

Thanks, very useful

----

My project: http://www.assicuratevi.com 

Submitted by Anonymous (not registered) on Mon, 2006-07-31 15:54.
Why not doing the normal desktop setup and adding the server packages using synaptic?
This way, you will never see the command prompt. That's what I did with my server...
Submitted by spencer (registered user) on Mon, 2006-07-31 22:49.

Yeah, I have done it both ways and I guess it just boils down to personal preference.

Submitted by Anonymous (not registered) on Tue, 2008-11-04 17:36.
If you already have the files, then you can use the text based system for performance.
Submitted by Anonymous (not registered) on Sun, 2006-07-30 23:02.

For an easy to install LAMP environment with Apache 2, PHP 5, etc, you may want to try http://bitrock.com/download_lamp_download.html

(no FTP server though) 

Submitted by Anonymous (not registered) on Sun, 2006-07-30 22:13.
You may want to double check, as i am no expert ... and things may be different if you use the ubuntu-server install as a base.

But i think the build-essential package is unneccessary in this context.
It is required when you want to compile your own binaries from source code.

And in this case, with WebAdmin there seems to be binaries in both tar and deb forms availible.

If you have the deb which should be the simplest route to take i imagine, you could just:

sudo dpkg --install package.deb

But even ubuntu has an easy deb installer now, so really you could just double click on the deb and install it within the GNOME desktop instead of resorting to the terminal or command-line. Much like an installer in windows.

But as i said things may be different with the server install. So you may want to check with the more informed on the ubuntu forums.
Submitted by spencer (registered user) on Mon, 2006-07-31 22:51.
Yeah, you're right...But, it never hurts to have it as you may run into some packages or modules later on that might need it.
Submitted by Anonymous (not registered) on Sun, 2006-07-30 15:30.

Well done!

Apart from maybe changing to the suggested stuff supplied by the other posters, I must commend you to a work well done! I will link to your howto when others ask about this!

Howto's are a drag to write, but a blessing to have :)

roxville from #elive on freenode 

Submitted by Anonymous (not registered) on Sat, 2006-07-29 13:10.

You have actually put li instead of ls in the walkthrough. Which is very confusing, might be a good idea to change that :)

 

ChrisNTR 

Submitted by spencer (registered user) on Sun, 2006-07-30 00:05.

I blame the crack......

 

Submitted by Anonymous (not registered) on Fri, 2006-07-28 22:46.

Good call....I will start using that...

Submitted by Anonymous (not registered) on Fri, 2006-07-28 17:50.

Thanks for this great tutorial, however i think since this guide is geared toward people new to linux, it seems there should be more information about security.

 

 

--------

Luca Nori
PHP Developer - http://www.rcassicura.com

Submitted by Anonymous (not registered) on Wed, 2006-08-02 16:38.
I agree, every LAMP server should have some sort of security.  Firestarter would be an easy way to deploy security.
Submitted by spencer (registered user) on Wed, 2006-08-02 22:09.

I agree that security is an important aspect to any server. As Firestarter is only a firewall, you would be well suited to look into alternative ways to secure your setup since Ubuntu already ships with all ports closed. When you install a server, only those ports are allowed open. Unless you wanted to block those ports at certain times, it would not do you any good.

There are plenty of resources on hardening your server which I very strongly recomend anyone reading my tutorial to research. Like I said in the beginning, this was for getting the server up and running but, "would nead hardening like no other".

Submitted by Anonymous (not registered) on Tue, 2006-08-08 20:54.

Firestarter is NOT a firewall.  It's a GUI frontend to IPtables, which is a firewall.

Submitted by Anonymous (not registered) on Fri, 2006-07-28 01:25.
One thing that I might add about this great walkthrough.  Instead of using the "dir" command to list files/folders, you should get in the habbit of using "ls".  The "dir" command is actually an alias (like a shortcut in Linux) for the "ls" command.  It's added to some distributions of Linux to make it easier for people who are used to the Windows command prompt.  But this isn't universal in Linux, and won't work on all Linux machines.  There are a few options for the "ls" command, which you can learn about by entering "man ls" in the terminal window.  The "man" command brings up the "manual" page for most linux commands, and is another good command to know.  The description is a bit lengthy, and if you just want a "refresher" of the available options, type "ls --help", which will print out the different options.