Install Apache, PHP And MySQL On CentOS 7 (LAMP)

This tutorial shows how you can install an Apache2 webserver on a CentOS 7.0 server with PHP5 support (mod_php) and MySQL support. LAMP is short for Linux, Apache, MySQL, PHP.

1 Preliminary Note

In this tutorial, I use the hostname server1.example.com with the IP address 192.168.0.100. These settings might differ for you, so you have to replace them where appropriate.

I will add the EPEL repo here to install latest phpMyAdmin as follows:

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
yum -y install epel-release

2 Installing MySQL / MariaDB

MariaDB is a MySQL fork of the original MySQL developer Monty Widenius. MariaDB is compatible with MySQL and I've chosen to use MariaDB here instead of MySQL. To install MySQL, we do install MariaDB like this:

yum -y install mariadb-server mariadb

Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the system boots) and start the MySQL server:

systemctl start mariadb.service
systemctl enable mariadb.service

Set passwords for the MySQL root account:

mysql_secure_installation

[[email protected] ~]# mysql_secure_installation
/usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): <--ENTER
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n]
New password: <--yourmariadbpassword
Re-enter new password: <--yourmariadbpassword
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] <--ENTER
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] <--ENTER
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] <--ENTER
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] <--ENTER
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
[[email protected] ~]#

3 Installing Apache2

CentOS 7 ships with apache 2.4. Apache2 is directly available as a CentOS 7.0 package, therefore we can install it like this:

yum -y install httpd

 [[email protected] ~]# yum install httpd
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: ftp.plusline.de
 * extras: mirror.23media.de
 * updates: mirror.23media.de
Package httpd-2.4.6-17.el7.centos.1.x86_64 already installed and latest version
Nothing to do
[[email protected] ~]#

By default apache will be installed, if-not then please install it as shown above

Now configure your system to start Apache at boot time...

systemctl start httpd.service

systemctl enable httpd.service

In CentOS 7.0 uses Firewall-cmd, so I will customize it to allow external access to port 80 (http) and 443 (https).

firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --reload

Now direct your browser to http://192.168.0.100, and you should see the Apache2 placeholder page:

4 Installing PHP5

We can install PHP5 and the Apache PHP5 module as follows:

yum -y install php

We must restart Apache afterwards:

 systemctl restart httpd.service

5 Testing PHP5 / Getting Details About Your PHP5 Installation

The document root of the default website is /var/www/html. We will now create a small PHP file (info.php) in that directory and call it in a browser. The file will display lots of useful details about our PHP installation, such as the installed PHP version.

vi /var/www/html/info.php

<?php
phpinfo();
?>

Now we call that file in a browser (e.g. http://192.168.0.100/info.php):

As you see, PHP5 is working, and it's working through the Apache 2.0 Handler, as shown in the Server API line. If you scroll further down, you will see all modules that are already enabled in PHP5. MySQL is not listed there which means we don't have MySQL support in PHP5 yet.

6 Getting MySQL Support In PHP5

To get MySQL support in PHP, we can install the php-mysql package. It's a good idea to install some other PHP5 modules as well as you might need them for your applications. You can search for available PHP5 modules like this:

yum search php

Pick the ones you need and install them like this:

yum -y install php-mysql

In the next step I will install some common PHP modules that are required by CMS Systems like Wordpress, Joomla and Drupal:

yum -y install php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap curl curl-devel

Now restart Apache2:

 systemctl restart httpd.service

Now reload http://192.168.0.100/info.php in your browser and scroll down to the modules section again. You should now find lots of new modules like curl etc there.:

7 phpMyAdmin installation

phpMyAdmin is a web interface through which you can manage your MySQL databases.
phpMyAdmin can now be installed as follows:

yum install phpMyAdmin

Now we configure phpMyAdmin. We change the Apache configuration so that phpMyAdmin allows connections not just from localhost (by commenting out the <Directory "/usr/share/phpmyadmin"> stanza):

vi /etc/httpd/conf.d/phpMyAdmin.conf

[...]
Alias /phpMyAdmin /usr/share/phpMyAdmin Alias /phpmyadmin /usr/share/phpMyAdmin #<Directory /usr/share/phpMyAdmin/> # <IfModule mod_authz_core.c> # # Apache 2.4 # <RequireAny> # Require ip 127.0.0.1 # Require ip ::1 # </RequireAny> # </IfModule> # <IfModule !mod_authz_core.c> # # Apache 2.2 # Order Deny,Allow # Deny from All # Allow from 127.0.0.1 # Allow from ::1 # </IfModule> #</Directory> <Directory /usr/share/phpMyAdmin/> Options none AllowOverride Limit Require all granted </Directory>

[...]

Next we change the authentication in phpMyAdmin from cookie to http:

vi /etc/phpMyAdmin/config.inc.php

[...]
$cfg['Servers'][$i]['auth_type']     = 'http';    // Authentication method (config, http or cookie based)?
[...]

Restart Apache:

systemctl restart  httpd.service

Afterwards, you can access phpMyAdmin under http://192.168.0.100/phpmyadmin/:


    Apache: http://httpd.apache.org/
    PHP: http://www.php.net/
    MySQL: http://www.mysql.com/
    CentOS: http://www.centos.org/
    phpMyAdmin: http://www.phpmyadmin.net/

Share this page:

52 Comment(s)

Add comment

Comments

From: ShootDawg at: 2014-07-17 01:22:09

links at the bottom of the page, says 8, only 5 listed.

  of the 5 listed, everything after php points to php.net instead of their desired target

From: at: 2014-07-24 15:20:47

Thnak you for pointing out the broken link targets, it is fixed now. 8 is the number of the chapter here, not the number of the links.

From: Gavin at: 2014-09-04 20:10:15

The Fedora package has been upreved. It is now epel-release-7-1.noarch.rpm

 

 

From: Pudgy at: 2014-07-19 12:37:29

Hello, just wanted to let you know that you actually installed an old phpMyAdmin package. There are two PMA packages, "phpmyadmin" which installs v2.11.11 and "phpMyAdmin" which installs v3.5.7. I don't know if you wanted to use the old version intentionally, but I just thought that I'd point it out.

From: at: 2014-07-24 15:21:24

The tutorial has been updated to a newer phpmyadmin version now.

From: at: 2014-07-25 23:36:25

Why mariaDB and not mysql, or are they the same now ?

From: admin at: 2014-07-27 10:56:33

MariaDB is the free MySQL fork, MariaDB is compatible with MySQL and the commands from MariaDB are still nemad "mysql" or "mysqldump", so there are no differences from the Client side. All Major Linux Distributions replaced MySQL with MariaDB now, so we will use that for the tutorials as well. Some users also Report that MariDB is faster then MySQL in the latest releases.

From: Anonymous at: 2014-08-05 12:03:34

FYI, this process installed PHP 5.4.16, not PHP 5.5.x:

#  php -v

PHP 5.4.16 (cli) (built: Jun 10 2014 02:52:47) 
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies

From: Erick at: 2014-09-03 18:21:13

Following the article, I just installed the phpMyAdmin-4.2.7.1.
And, after install, and doing the comments suggested in the lines of Directory  for phpMyAdmin, it doesn't show in the webpage. I did  to include this lines to see it in the url:

 <Directory "/usr/share/phpMyAdmin/">
   Options Indexes
    AllowOverride None
    Require all granted
</Directory>

Any alternative?

From: Nick at: 2014-09-21 21:22:18

Thanks for the one stop instructions. Everything worked as expected. Very common setup for CMS systems.

-nick

From: Ted van den Brink at: 2014-10-17 09:47:32

Step one, installing EPEL can be done by simply installing it with yum, since it is included in the default repository;

yum install epel-release

From: Jonathan at: 2014-11-26 08:22:13

Strange, but true...

I could net get access to my new site after extracting it to the html folder until I disabled selinux.

I was able to access info.php no problem, but not index.php or / "root"

From: PatL at: 2014-12-27 20:31:13

Thanks for this howtoforge LAMP/CentOS7

Just one point... which annoyed me; you should consider changing all MySQL terms by MariaDB... or at least mention MySQL only as a reference and only once as it is not about installing MySQL at all but MariaDB (MySQL has been thrown out by many Linux distros as of now) my 2 cents ... but again thanks a lot for this howtoforge tutorial which saved me a lot of research time ;-)

  
 

 

From: Andries Ellis at: 2015-01-10 22:03:31

Nice Clear Instructions. Thanks!

From: Sumeet Shetty at: 2015-03-02 05:31:15

phpMyAdmin is not available in CentOS 7's default repository. before installing phpMyAdmin, run sudo yum install epel-release

From: till at: 2015-03-02 06:35:44

See step one of the tutorial. It explains the installation of the epel repo.

From: Jamie at: 2015-03-09 03:42:04

phpMyAdmin Repo now at

rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm

 

 

From: thanks at: 2015-05-19 17:12:37

I want to thank you very much for this very helpful tutorial, appreciate it, please don't stop writing as you've a very good skills in explaining things :)

From: Eli Goldhar at: 2015-05-26 07:30:15

thanks man!!!

you don't know how much your tutorial helped me.

all the best dearest man :)

From: Eli Goldhar at: 2015-05-26 07:31:20

thanks man. You don't know how much your tutorial helped me.

All the best dearest man :)

From: Itamar at: 2015-05-26 10:35:15

great tutorial, 

Thanks!!

From: Rich at: 2015-08-23 16:41:23

I was able to get this all installed and working.  Only problem I am having is I cannot login to phpmyadmin from my laptop to my headless CentOS server.  It will not take my login credentials on root, my regular user account, or leaving it blank.  I can login to both the root and my user account via my ssh connection to the server with no problem.  But the same accounts will not work via the web page.  I get the prompt, but it just keeps reprompting me.  Any ideas on what to check? 

From: Jakke at: 2015-12-07 18:52:12

Use your MySQL/MariaDB password. You are not using your Linux login to access the database, which you're trying to do with phpmyadmin

From: Anil at: 2015-09-29 08:03:43

Hi,

I'm getting below things while I'm trying to access phpmyadmin in GUI mode.

Forbidden

You don't have permission to access /phpMyAdmin on this server.

 

 

From: Carlos at: 2016-04-10 00:03:05

I'm having the same issue like you. Did you fix it?

From: Brian at: 2015-10-30 15:05:43

Great tutorial and very well-explained. Works perfectly if you follow all the steps. I did notice the link for epel in step 1 is old. I used the latest one, 7.5,  which is referenced elsewhere in these comments. Also, when I commented out the section of code in phpMyAdmin, I could not log into it from localhost, so I un-commented them since I likely would not be logging into phpMyAdmin from a different machine anyway. Otherwise, Great stuff! Thanks a million!

From: uptoeleven at: 2015-11-27 19:41:30

If you comment out the entire

<Directory /usr/share/phpMyAdmin/>

then no-one can use phpMyAdmin - because the directory can't be served by Apache.

The correct approach as per http://stackoverflow.com/questions/23235363/forbidden-you-dont-have-permission-to-access-phpmyadmin-on-this-server is to only comment out two "Require IP" lines and replace them with a Require all granted thus:

<Directory /usr/share/phpMyAdmin/> AddDefaultCharset UTF-8 <IfModule mod_authz_core.c> # Apache 2.4 <RequireAny> #Require ip 127.0.0.1 #Require ip ::1 Require all granted </RequireAny> </IfModule> <IfModule !mod_authz_core.c> # Apache 2.2 Order Deny,Allow Deny from All Allow from 127.0.0.1 Allow from ::1 </IfModule> </Directory>

From: mutwakel at: 2015-12-06 23:28:04

Strange, but true...

 

I could net get access to my new site after extracting it to the html folder until I disabled selinux.

 

I was able to access info.php no problem, but not index.php or / "root"

------------------------------------------------------------------------------------------

solve this by 

$ restorecon -r /var/www/html

From: Janus at: 2016-01-16 12:31:33

First line requested url not found :-/

From: till at: 2016-01-16 12:38:47

CentOS changes the package names / URL's quite often. I updated the URL to the new name now.

From: Dave at: 2016-01-24 18:47:56

What a great tutorial for a lamp server.

From: Chris at: 2016-03-08 13:51:00

Very helpful, thanks

From: Din at: 2016-04-07 09:35:58

Nice tutorial :)

From: Edgar at: 2016-04-27 00:35:11

Very useful tutorial. Keep the good work and thank you for sharing. Gracias

From: axi6ne8us at: 2016-04-30 15:03:27

Thank you for great article for noobs like myself. I have running into a problem after I edited the phpmyadmin.conf file with commenting out the line you said. Now when I run #systemctl restart httpd.service, I get this error: "job for httpd.service failed because the control process exited with error code. see "systemctl status httpd.service" and "journalctl -xe" for details."

What did I get wrong?

This is conf edited:

[...]Alias /phpMyAdmin /usr/share/phpMyAdmin Alias /phpmyadmin /usr/share/phpMyAdmin #<Directory "/usr/share/phpMyAdmin/"> # # # Apache 2.4 # # Require ip 127.0.0.1 # Require ip ::1 Require all granted # # # # # Apache 2.4 # Order Deny,Allow # Deny from All # Allow from 127.0.0.1 # Allow from ::1 # # Options none AllowOverride Limit Require all granted [...]

From: red_fairview at: 2016-05-02 04:13:12

Great tutorial.  I do have one request, can you add some information about getting SELinux to play nice with Apache?  I'm new to setting up Linux servers and this is the first time I have worked with CentOS, so I wasn't aware of what kinds of problems can be caused by SELinux, or how easy it is to fix them.  Lets just say it would have saved me some time, and a lot of frustrations if I had known about the restorecon command before trying to install a CMS.

From: Alberto Bernal at: 2016-05-02 22:05:29

This is the correct link: rpm -ivh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-6.noarch.rpm

From: Mintia at: 2016-05-15 08:56:01

EPEL-7 repo URL seems to be out of date again

From: Lenilson at: 2016-05-19 13:03:04

Muito obrigado por dedicar um tempo a ajudar outras pessoas... Foi o único tutorial que funcionou. Parabens !!!

From: Nattapol at: 2016-06-24 06:19:18

at June 2016, epel version release is 7.7you can checked version in url in this belowhttp://dl.fedoraproject.org/pub/epel/7/x86_64/e/

From: Alfonso at: 2016-06-25 05:32:10

muy buena guia, completa y clara mil gracias

From: Ryan B at: 2016-07-15 21:48:50

I can't seem to get the phpinfo to display in the browser. I typed myip/info.php (obviously my ip address instead of myip) and also tried localhost/info.php however it just brings me to a still white screen. Not sure if I have to enable something?

From: Joshua Atlee at: 2016-07-21 11:37:49

Maybe you didn't close it properly. tail -f /var/log/httpd/error_logs will give you exactly whats wrong usually.

From: VAISHU at: 2016-07-22 11:19:52

Hey!! good tutorial. one thing which i want to point out is that CentOs 7 has bugs with php5. Php 7 works better. I followed all the steps except that I installed php 7.  In the editor/console, I checked and LAMP is installed. Even my welcome page after installing apache was working. But after i created info.php, in the web server I am having three problems: 

1. http://localhost/ gives me a blank page.

2. http://my-ip-address/info.php/ the requested url was not found in this server/

3. http://my-ip-address/phpmyadmin the requested url was not found in this server

 

really really need help. I am a newbie. Thanks a lot . :D 

 

From: Bonnet.cl at: 2016-08-14 00:25:26

Really thanks you.

From: JeffH at: 2016-08-28 08:01:57

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

results in: import read failed(0) 

Any idea what I might be doing wrong??

From: Kudret at: 2016-09-06 13:39:45

Thanks A Lot :)

From: Xander at: 2016-09-12 16:32:09

Apache "placeholder" doesn't actually work...so there's that.

From: till at: 2016-09-12 16:44:29

Then you might have missed a step. Re-Check that you run all installation commands and then check the httpd error.log to see if there are any errors on your server.

From: Techno Crusaders at: 2016-10-09 08:48:19

Setting up centos 7 in vmwere for developemnt

  disable Firewall

---------------

systemctl disable firewalld

systemctl stop firewalld

systemctl status firewalld

// connect via ftp

ifconfig to find out Ip

ifconfig

eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 192.168.170.128  netmask 255.255.255.0  broadcast 192.168.170.255

        inet6 fe80::20c:29ff:fec4:b8ca  prefixlen 64  scopeid 0x20<link>

        ether 00:0c:29:c4:b8:ca  txqueuelen 1000  (Ethernet)

        RX packets 254  bytes 20919 (20.4 KiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 95  bytes 10225 (9.9 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

192.168.170.128 is the ip

connect with FileZilla

----------

setup LAMP

-----------

rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*

yum -y install epel-release

yum -y install mariadb-server mariadb

systemctl start mariadb.service

systemctl enable mariadb.service

mysql_secure_installation

yum -y install httpd

systemctl start httpd.service

systemctl enable httpd.service

yum -y install php

service httpd restart

yum -y install php-mysql

yum -y install php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-snmp php-soap curl curl-devel

service httpd restart

yum install phpMyAdmin

on windows open cmd, type ipconfig

 find

   Ethernet adapter VMware Network Adapter VMnet8:

    Connection-specific DNS Suffix  . : localdomain

    Link-local IPv6 Address . . . . . : fe80::94b8:9e5c:c772:3d47%19

    IPv4 Address. . . . . . . . . . . : 192.168.170.1 [ this is the widnows ip to allow ]

    Subnet Mask . . . . . . . . . . . : 255.255.255.0

    Default Gateway .

in  /etc/httpd/conf.d/phpMyAdmin.conf change:

<Directory /usr/share/phpMyAdmin/>

    AddDefaultCharset UTF-8

    <IfModule mod_authz_core.c>

      # Apache 2.4

      <RequireAny>

        Require ip 127.0.0.1

        Require ip ::1

      </RequireAny>

    </IfModule>

    <IfModule !mod_authz_core.c>

      # Apache 2.2

      Order Deny,Allow

      Deny from All

      Allow from 127.0.0.1

      Allow from ::1

    </IfModule>

</Directory>

to:

 <Directory /usr/share/phpMyAdmin/>

    AddDefaultCharset UTF-8

 

    <IfModule mod_authz_core.c>

      # Apache 2.4

      <RequireAny>

        Require ip 127.0.0.1

        Require ip ::1

      </RequireAny>

    </IfModule>

    <IfModule !mod_authz_core.c>

      # Apache 2.2

      Order Deny,Allow

      Deny from All

      Allow from 127.0.0.1

      Allow from ::1

    </IfModule>

    

    <IfModule mod_authz_core.c>

      # Apache 2.4

      <RequireAny>

        Require ip [ WINDOWS IP TO ALLOW GOES HERE ]

        Require ip ::1

      </RequireAny>

    </IfModule>

    <IfModule !mod_authz_core.c>

      # Apache 2.2

      Order Deny,Allow

      Deny from All

      Allow from [ WINDOWS IP TO ALLOW GOES HERE ]

      Allow from ::1

    </IfModule>

</Directory>

service httpd restart

change $cfg['Servers'][$i]['auth_type']     = 'cookie'; to $cfg['Servers'][$i]['auth_type']     = 'http';

service httpd restart

/etc/selinux/config change

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

#     enforcing - SELinux security policy is enforced.

#     permissive - SELinux prints warnings instead of enforcing.

#     disabled - No SELinux policy is loaded.

SELINUX=enforcing

# SELINUXTYPE= can take one of three two values:

#     targeted - Targeted processes are protected,

#     minimum - Modification of targeted policy. Only selected processes are protected. 

#     mls - Multi Level Security protection.

SELINUXTYPE=targeted 

to

# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:

#     enforcing - SELinux security policy is enforced.

#     permissive - SELinux prints warnings instead of enforcing.

#     disabled - No SELinux policy is loaded.

SELINUX=disabled 

# SELINUXTYPE= can take one of three two values:

#     targeted - Targeted processes are protected,

#     minimum - Modification of targeted policy. Only selected processes are protected. 

#     mls - Multi Level Security protection.

SELINUXTYPE=targeted 

reboot centos

IN WINDOWS POINT BROWSER TO: http://192.168.170.128/phpmyadmin, should be all good

copy website to: /var/www/html/[ WEBSITE NAME ]

chmod -R 777 html

 

 

 

 

  

 

 

From: Ezechiel at: 2016-10-27 17:39:59

Very helpfull tutorial.

Thank you 

From: deandownsouth at: 2016-11-23 02:36:10

If you are going to show people how to disable all security, as you do by by commenting out the entire block, you should warn them that this makes it so any IP is accepted--so if they place this configuration on a web facing network, anyone will be able to get to phpmyadmin from any IP address. They should be asked if that is what they intend. However, it is far better to simply show them the correct way, that is by putting in either their internal subnet only, if they only manage from a private IP space (so that would be done in CIDR format as in 192.168.1.0/24 or 10.0.0.0/24 and so on. If they want to be able to get to and manage from the Internet (which should only be done if you don't have any other way to get to it) they should find out what their external IP is from where they will be managing and put that IP address in i.e. 67.67.77.156 but certainly you don't want any of the millions of IP address from all over the planet to be able to bang away at the php administration logon, do you?

For those that say this is just for testing or developing...I've lost count of how many times a dev or test system somehow got placed in production with security either very relaxed or non-existent and then next thing you know, the site is hacked.

 

And for those requesting that SELinux be disabled. Do yourselves a favor, learn how to work with it. Don't just disable it or put it in permissive mode. It is one of many things that is between you and hackers. Why purposely, for the lack of spending time with a book or documentation, weaken the security of a system on the Internet? 

If a person can't deploy and configure a LAMP stack without disabling security then maybe they shouldn't be trying to deploy and configure a LAMP stack.

Do it right or don't do it at all.