In this article, we will configure Ubuntu 18.04 VM instance on Google Cloud Compute Engine.
We will cover following key points in this article.
For this, first create a new VM Inance. Following are VM Instance details.
Create VM Instance, launch and open ssh.
At this time server not able to handle HTTP request. It will work correctly after Apache2 installation.
Let’s open SSH and install Apache2, PHP, and MySQL.
To install Apache and PHP, execute the following command.
sudo apt-get update sudo apt-get install apache2 php libapache2-mod-php
After installing Apache2 and PHP, let's try to visit our server IP one more time. This time you are welcome by Apache2 default index.html page. It means everything is working correctly. By default, Apache2 start automatically. No need to make any other configuration changes for Apache2.
Visit http://<ServerIP>/ not https://<ServerIP>/
If your domain is pointing to VM Instance IP, you can visit your server using the domain name as well.
Our test website http://maynktest.tk/ is running fine. It's time to install MySQL on our VM Instance. Execute following command in the terminal.
sudo apt update sudo apt install mysql-server
Above two commands will install My SQL version 5.7 on Ubuntu 18.04 LTS. Next, we need to secure the MySQL installation.
To configure and secure MySQL installation execute command “sudo mysql_secure_installation” in the terminal and follow the instructions.
The first configuration step is to enable VALIDATE PASSWORD PLUGIN. It can be used to test password strength and improve security. For the production environment, it needs to be enabled. Type Y to enable it and hit enter.
VALIDATE PASSWORD PLUGIN can be used to test passwords and improve security. It checks the strength of password and allows the users to set only those passwords which are secure enough. Would you like to setup VALIDATE PASSWORD plugin?
If you selected Y then you need to select the password policy. For this, we have three options. I am recommended to select at least medium for Password Policy. Following are the available options.
There are three levels of password validation policy:
LOW Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file
Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG:
Regardless whether you selected Y or N for the above configuration step, next you need to provide MySQL root user password. Enter the password and confirm the password. If you enable the VALIDATE PASSWORD PLUGIN then your password must be based on the selected password validation rule. Also, it will calculate the password strength. 100 means it is a good password. Confirm your password to go to next configuration Step.
Next Question "Remove anonymous users?".
What are anonymous users?
An anonymous user or account is available in MySQL. It allows anyone to gain access into the MySQL Server without having an account. Anonymous user accounts are available for testing purpose. We don't want such account on our production environment. Type Y and hit enter for this question.
Disallow root login remotely?
For the MySQL root, the user has all the privileges on the database server. If anyone can guess the correct password for the root user, he or she can do anything on the database server. To make your production MySQL database server secure, you must need to disable the root login for the remote users.
Remove test database and access to it?
By default, MySQL comes with a database named 'test1 that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment.
Reload privilege tables now?
To ensure all the changes made so far will take effect immediately we need to reload the privilege tables. It is the last step in the MySQL initial configuration for the production environment.
Our database is installed correctly. Let's try to access MySQL shell using the root user. Execute the "mysql -u root -p " command in the terminal and provide the password for the root user. You will encounter following error message.
ERROR 1698 (28000): Access denied for user 'root'@'localhost'
What is wrong here? We provide the correct password.
By default, for MySQL the root user is set to authenticate using "auth_socket" plugin rather than with a password. Applicable only for Ubuntu systems running MySQL 5.7 (and newer). It improves security and usability, but it can also complicate things when you need to allow an external program (e.g., phpMyAdmin) to access the MySQL Server. To allow easy access to MySQL database server, we will switch authentication method from "auth_socket" to "mysql_native_password". Execute "sudo mysql" command into the terminal to open MySQL shell.
We are in MySQL shell. Now we can execute MySQL Database command.
Execute "SELECT user,authentication_string,plugin,host FROM mysql.user;" and check the current authentication status for the root user. We need to change it from "auth_socket" to "mysql_native_password".
Execute “ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'yourpasswordhere';”. Please change the password to reuired password. Finally, run “FLUSH PRIVILEGES” which reload the grant tables and put your new changes into effect. One more time execute “SELECT user,authentication_string,plugin,host FROM mysql.user;”to check the new status. To exit from MySQL shell type "exit" and hit enter from your keyboard.
Let's try to access MySQL shell access with root user. Execute "mysql -u root -p" and enter your root user password.
Now we are able to access MySQL shell using root user.
We are done with Apache2, PHP, and MySQL installation. To connect our PHP scripts to MySQL we need to install PHP MySQL drivers. Execute "sudo apt install php-mysql" command in the terminal.
Following are the step by step guide to download, install and secure phpMyAdmin installation. To start the download and install for phpMyAdmin execute the following command in the terminal.
sudo apt-get update sudo apt-get install phpmyadmin php-mbstring php-gettext
After executing above command type Y in terminal for Do you want to continue? Question followed by enter.
During the installation we need to Configure the phpMyAdmin installation. Below is the options for different questions
Please choose the web server that should be automaically configured to run phpmyadmin. Web Server to reconfigure automatically: Select apache2
Configure database for phpmyadmin with dbconfig-common?: Select Yes
MySQL application password for phpmyadmin: Provide password and select OK
Confirm Password and then select OK
Next, we need to enable PHP mcrypt and mbstring extension for this execute below command in terminal
sudo phpenmod mcrypt sudo phpenmod mbstring
Finally, we need to restart the apache.
sudo systemctl restart apache2
Now we can able to access phpMyAdmin by visiting below URL
https://<domainname or domainip>/phpmyadmin
For login use root as user name and MySQL password for root user which we used at the time of MySQL installation in our previous article
Now it's time to secure out phpMyAdmin installation.
First, we need to enable the use of .htaccess file overrides by editing our Apache configuration file.
For this we are going to open phpmyadmin config file execute below command in terminal
sudo nano /etc/apache2/conf-available/phpmyadmin.conf
We need to add an AllowOverride All directive within the <Directory /usr/share/phpmyadmin> section of the configuration file, like this:
<Directory /usr/share/phpmyadmin> Options FollowSymLinks DirectoryIndex index.php AllowOverride All
Finally, for apply the above changes we need to restart the apache
sudo systemctl restart apache2
Now we are going to create .htaccess file. Execute below command in terminal for creating a new .htaccess file
sudo nano /usr/share/phpmyadmin/.htaccess
AuthType Basic AuthName "Restricted Files" AuthUserFile /etc/phpmyadmin/.htpasswd Require valid-user
Let's understand all the lines in our .htaccess file:
AuthType Basic: This line specifies the authentication type that we are implementing. This type will implement password authentication using a password file.
AuthName: This sets the message for the authentication dialog box. You should keep this generic so that unauthorized users won't gain any information about what is being protected.
AuthUserFile: This sets the location of the password file that will be used for authentication. This should be outside of the directories that are being served. We will create this file shortly.
Require valid-user: This specifies that only authenticated users should be given access to this resource. This is what actually stops unauthorized users from accessing phpMyAdmin.
Now we need to create .htpasswd for storing users and password related information
For creating .htpasswd we need extra utility execute below command to install the utility
sudo apt-get install apache2-utils
Now we can use htpasswd utility for creating users
Execute below command to create first user. In terminal you need to provide a valid password and confirm password for new user.
sudo htpasswd -c /etc/phpmyadmin/.htpasswd username
If you want to create another user then execute below command
“sudo htpasswd /etc/phpmyadmin/.htpasswd username2“
Now retry to open below URL
https://<domainname or domainip>/phpmyadmin
This time we need to first provide apache authentication the we are able to access regular phpMyAdminPage.
Now if you want to delete an user account execute below command. Assumption we need to delete username2
sudo htpasswd -D /etc/phpmyadmin/.htpasswd username2
You may also like below articles.
Please login to post your valuable comments.
Get the latest vLemonn news first