This post will detail the series of steps that are required to set-up and configure a LAMP server using Ubuntu 10.04 LTS. The server will have all of the normal features that everyone has come to expect.

Specifically, it will have the following features:

  • Locales will be set properly.
  • MySQL will be secured.
  • MySQL Query Caching will be configured.
  • Iptables will be configured (optional).
  • Alternative PHP Cache (APC) will be installed and configured.
  • Web directory permissions will be set.
  • Virtual hosts will be created.

A couple assumptions are made concerning this procedure:

  • Ubuntu Server 10.04 LTS was used as the installation distribution.
  • The only task chosen during the installation process was SSH server.

Initial Server Pre-LAMP Install Configuration

First, the root account should be enabled temporarily. It saves time and eliminates some annoyances. At the end of the procedure, the root account can be disabled and sudo can be used once again for all tasks.

To disable the root account, log into the account that was created during the install process and use the following command, and then enter a new password (choose something secure):

sudo passwd root

Log out and then log back in as root.

Distributions are always in a constant state of updating. Therefore, the distribution should be updated to include all of the latest packages for performance and security reasons. Perform the following to update the system:

aptitude update
aptitude upgrade

Set the locales to the appropriate setting:

/usr/sbin/locale-gen en_US.UTF-8
/usr/sbin/update-locale LANG=en_US.UTF-8

Iptables Configuration (Optional)

Iptables is a software firewall. This server will only be listening on ports 22 (SSH), 80 (http), and 443 (https). This is a fairly small surface area for attack. Therefore, having a software firewall may be considered not needed. However, it is being included here for completeness.

Iptables is installed by default on Ubuntu Server. Therefore, installing it via aptitude is not needed. To begin the configuration process, flush any current rules:

iptables --flush

Now add the following rules via the command line:

iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport ssh -j ACCEPT
iptables -A INPUT -p tcp --dport www -j ACCEPT
iptables -A INPUT -p tcp --dport https -j ACCEPT
iptables -A INPUT -j DROP
iptables -A OUTPUT -j ACCEPT
iptables -A INPUT -j LOG
iptables -A INPUT -j REJECT

Save the rules to a file in the etc directory:

iptables-save > /etc/iptables.rules

Edit the /etc/network/interfaces to include the following:

auto eth0
iface eth0 inet dhcp
    pre-up iptables-restore < /etc/iptables.rules

Depending on the number of packages that may have been updated in the previous section, a reboot may be in order. Additionally, a reboot will ensure that the iptable rules are restored properly. To view the currently active iptable rules, use the following:

iptables -L

Installing Apache

To install the Apache 2 web server, issue the following command:

aptitude install apache2

Activate several commonly used modules:

a2enmod rewrite
a2enmod headers
a2enmod expires

Initiate an Apache restart to ensure that the modules are active:

/etc/init.d/apache restart

If everything is working correctly, the browsing to the server via the IP address should display a page claiming that the server is working.

Installing PHP5

To install PHP5, perform the following command:

aptitude install php5 php5-curl php5-gd php5-mcrypt

To install APC:

aptitude install php-apc

Installing MySQL

To install MySQL, issue the following command:

aptitude install mysql-server mysql-client php5-mysql

During the install process, a prompt for a root password will be shown. Choose a secure root password.

Secure the MySQL installation using the following and choose the defaults for all of the prompts:

mysql_secure_installation

Add the following to the [mysqld] section of the /etc/mysql/my.cnf file:

[mysqld]
# Query Caching
query-cache-type = 1
# Default to InnoDB
default-storage-engine=innodb

Restart Apache and MySQL to ensure that all of the configuration changes are active:

service mysql restart
/etc/init.d/apache restart