Ubuntu 18 Initial Server Setup Install PHP, MySQL and Apache

Ubuntu 18 Initial Server Setup Install PHP, MySQL and Apache

In this article, we will configure Ubuntu 18.04 VM instance on Google Cloud Compute Engine.

We will cover following key points in this article.

  • Create a new VM instance.
  • Install PHP and Apache
  • Install MySQL
  • Secure MySQL
  • Test Database Access
  • Install phpMyAdmin

Step 1 Create a new Ubuntu 18.04 VM Instance

For this, first create a new VM Inance. Following are VM Instance details.

  • Name: ubuntu-1804-blog.
  • Region: us-central1 (lowa)
  • Zone: us-central1-c
  • CPU: 1 vCPU
  • RAM: 3.75 GB
  • OS: Ubuntu 18.04 LTS
  • Firewall: Allow HTTP and HTTPS traffic.

Create VM Instance, launch and open ssh.

At this time server not able to handle HTTP request. It will work correctly after Apache2 installation.

Let’s open SSH and install Apache2, PHP, and MySQL.

Step 2 Install Apache2 and PHP

To install Apache and PHP, execute the following command.

sudo apt-get update
sudo apt-get install apache2 php libapache2-mod-php

After installing Apache2 and PHP, let's try to visit our server IP one more time. This time you are welcome by Apache2 default index.html page. It means everything is working correctly. By default, Apache2 start automatically. No need to make any other configuration changes for Apache2.

Visit http://<ServerIP>/ not https://<ServerIP>/

If your domain is pointing to VM Instance IP, you can visit your server using the domain name as well.

Step 3 Install MySQL

Our test website http://maynktest.tk/ is running fine. It's time to install MySQL on our VM Instance. Execute following command in the terminal.

sudo apt update
sudo apt install mysql-server

Above two commands will install My SQL version 5.7 on Ubuntu 18.04 LTS. Next, we need to secure the MySQL installation.

Step 4 Configure and Secure MySQL Installation

To configure and secure MySQL installation execute command “sudo mysql_secure_installation” in the terminal and follow the instructions.

The first configuration step is to enable VALIDATE PASSWORD PLUGIN. It can be used to test password strength and improve security. For the production environment, it needs to be enabled. Type Y to enable it and hit enter.

VALIDATE PASSWORD PLUGIN can be used to test passwords and improve security. It checks the strength of password and allows the users to set only those passwords which are secure enough. Would you like to setup VALIDATE PASSWORD plugin?

 

 If you selected Y then you need to select the password policy. For this, we have three options. I am recommended to select at least medium for Password Policy. Following are the available options.

There are three levels of password validation policy:
LOW Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary    file
Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG:

Regardless whether you selected Y or N for the above configuration step, next you need to provide MySQL root user password. Enter the password and confirm the password. If you enable the VALIDATE PASSWORD PLUGIN then your password must be based on the selected password validation rule. Also, it will calculate the password strength. 100 means it is a good password. Confirm your password to go to next configuration Step.

Next Question "Remove anonymous users?".

What are anonymous users?

An anonymous user or account is available in MySQL. It allows anyone to gain access into the MySQL Server without having an account. Anonymous user accounts are available for testing purpose. We don't want such account on our production environment. Type Y and hit enter for this question.

Disallow root login remotely?

For the MySQL root, the user has all the privileges on the database server. If anyone can guess the correct password for the root user, he or she can do anything on the database server. To make your production MySQL database server secure, you must need to disable the root login for the remote users. 

Remove test database and access to it? 

By default, MySQL comes with a database named 'test1 that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment.

Reload privilege tables now? 

To ensure all the changes made so far will take effect immediately we need to reload the privilege tables. It is the last step in the MySQL initial configuration for the production environment.

Step 5 Test Database Connectivity

Our database is installed correctly. Let's try to access MySQL shell using the root user. Execute the "mysql -u root -p " command in the terminal and provide the password for the root user. You will encounter following error message.

ERROR 1698 (28000): Access denied for user 'root'@'localhost'

What is wrong here? We provide the correct password.

By default, for MySQL the root user is set to authenticate using "auth_socket" plugin rather than with a password. Applicable only for Ubuntu systems running MySQL 5.7 (and newer). It improves security and usability, but it can also complicate things when you need to allow an external program (e.g., phpMyAdmin) to access the MySQL Server. To allow easy access to MySQL database server, we will switch authentication method from "auth_socket" to "mysql_native_password". Execute "sudo mysql" command into the terminal to open MySQL shell.

We are in MySQL shell. Now we can execute MySQL Database command.

Execute "SELECT user,authentication_string,plugin,host FROM mysql.user;" and check the current authentication status for the root user. We need to change it from "auth_socket" to "mysql_native_password".

Execute “ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'yourpasswordhere';”. Please change the password to reuired password. Finally, run “FLUSH PRIVILEGES” which reload the grant tables and put your new changes into effect. One more time execute “SELECT user,authentication_string,plugin,host FROM mysql.user;”to check the new status. To exit from MySQL shell type "exit" and hit enter from your keyboard.

Let's try to access MySQL shell access with root user. Execute "mysql -u root -p" and enter your root user password.

Now we are able to access MySQL shell using root user.

Step 6 Install PHP MySQL Drivers

We are done with Apache2, PHP, and MySQL installation. To connect our PHP scripts to MySQL we need to install PHP MySQL drivers. Execute "sudo apt install php-mysql" command in the terminal.

Step 7 Install and Secure phpMyAdmin

Following are the step by step guide to download, install and secure phpMyAdmin installation. To start the download and install for phpMyAdmin execute the following command in the terminal.

sudo apt-get update  
sudo apt-get install phpmyadmin php-mbstring php-gettext

After executing above command type Y in terminal for Do you want to continue? Question followed by enter. 

During the installation we need to Configure the phpMyAdmin installation. Below is the options for different questions 

  • Please choose the web server that should be automaically configured to run phpmyadmin. Web Server to reconfigure automatically: Select apache2 

  • Configure database for phpmyadmin with dbconfig-common?: Select Yes

  • MySQL application password for phpmyadmin: Provide password and select OK 

  • Confirm Password and then select OK 

Next, we need to enable PHP mcrypt and mbstring extension for this execute below command in terminal

sudo phpenmod mcrypt  
sudo phpenmod mbstring 

Finally, we need to restart the apache.

sudo systemctl restart apache2 

Now we can able to access phpMyAdmin by visiting below URL 

https://<domainname or domainip>/phpmyadmin 

For login use root as user name and MySQL password for root user which we used at the time of MySQL installation in our previous article

Now it's time to secure out phpMyAdmin installation. 

First, we need to enable the use of .htaccess file overrides by editing our Apache configuration file. 

For this we are going to open phpmyadmin config file execute below command in terminal

sudo nano /etc/apache2/conf-available/phpmyadmin.conf 

We need to add an AllowOverride All directive within the <Directory /usr/share/phpmyadmin> section of the configuration file, like this:  

<Directory /usr/share/phpmyadmin>  
Options FollowSymLinks  
DirectoryIndex index.php  
AllowOverride All

Finally, for apply the above changes we need to restart the apache  

sudo systemctl restart apache2 

Now we are going to create .htaccess file. Execute below command in terminal for creating a new .htaccess file 

sudo nano /usr/share/phpmyadmin/.htaccess 
AuthType Basic  
AuthName "Restricted Files"  
AuthUserFile /etc/phpmyadmin/.htpasswd  
Require valid-user 

Let's understand all the lines in our .htaccess file: 

AuthType Basic: This line specifies the authentication type that we are implementing. This type will implement password authentication using a password file. 

AuthName: This sets the message for the authentication dialog box. You should keep this generic so that unauthorized users won't gain any information about what is being protected. 

AuthUserFile: This sets the location of the password file that will be used for authentication. This should be outside of the directories that are being served. We will create this file shortly. 

Require valid-user: This specifies that only authenticated users should be given access to this resource. This is what actually stops unauthorized users from accessing phpMyAdmin. 

Now we need to create .htpasswd for storing users and password related information 

For creating .htpasswd we need extra utility execute below command to install the utility 

sudo apt-get install apache2-utils 

 

Now we can use htpasswd utility for creating users 

Execute below command to create first user. In terminal you need to provide a valid password and confirm password for new user. 

sudo htpasswd -c /etc/phpmyadmin/.htpasswd username 

If you want to create another user then execute below command 

“sudo htpasswd /etc/phpmyadmin/.htpasswd username2“
Now retry to open below URL 

https://<domainname or domainip>/phpmyadmin 

This time we need to first provide apache authentication the we are able to access regular phpMyAdminPage.

Now if you want to delete an user account execute below command. Assumption we need to delete username2

sudo htpasswd -D /etc/phpmyadmin/.htpasswd username2

You may also like below articles.

 

...

About The Author

Hello, I am Mayank Sanghvi I am primarily a BI developer with experience in MSBI and Cognos BI Suit. Also having interest in various other technologies such as Android, Java, C#, ASP .NET and other. I enjoy learning new technologies and share my experience with others.

1 Comments
Leave A Comment

Please login to post your valuable comments.


Join the newsletter

Get the latest vLemonn news first

share