Site Tools

en:lamp

LAMP

LAMP is the acronym for Linux Apache Mysql Php.

For the “Linux” side of Lamp, it all depends on your hosting and your preferences. We advise beginners to take a Debian Stable distribution, which is robust, secure and not too complicated. Experts are also numerous to remain under this distribution for their servers!

A good part of this doc is based on the Ubuntu documentation concerning LAMP.

Installing basic packages:

sudo apt-get install apache2 php5 mariadb-server libapache2-mod-php5 php5-mysql apache2-utils php5-gd php5-imagick

The installation of the mysql database will ask you to create a password for “root”. Be sure to write it down!

You can ofcourse install Mysql instead of Mariadb, but we don't recommend it here at khagnat…

Go to the address of the server and admire the page: “It works” :) This means installed and running!!

Apache

Apache is basically functional from scratch, but there are some small useful tricks for a configuration similar to Khaganat.

Enable URL rewriting

For wiki farm or pastebin(among others), it is necessary to activate the rewriting of the URLs.

Run the command:

 Sudo a2enmod rewrite

Then, edit /etc/apache2/apache2.conf and add at the end(if it is not already there):

 <ifModule mod_rewrite.c>
RewriteEngine On
</ IfModule> 

Then check that in the “/etc/apache2/sites-available/default” file, the “AllowOverride” option is set to “All” for the parts that are being rewritten by url (all “/var/www” to not complicate the task):

 Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow, deny
Allow from all 

Do not forget to restart the Apache Web service:

 /etc/init.d/apache2 restart

Editing urls to go to folders (alias)

With a basic configuration, Apache indicates that you must read the directory /var/www as the base directory of the site, each folder being added to the address. For example, if your “www” folder is organized as follows:

  • Www
    • File1
      • Page1.html

To access page1 through the web, it's necessary to put the following in the address bar(of the browser): www.mon_site.net/dossier1/page1.html. We can change this by making aliases in the file: /etc/apache2/sites-enable/000-default.conf, like this:

Alias /adresse /var/www/dossier1
<Directory /var/www/dossier1>
	Options Indexes FollowSymLinks MultiViews
	AllowOverride All
	Order allow,deny
	Allow from all
</Directory>

Change /address to whatever you want; If it's just the bar /, then it will be the root of the site(as will be seen by typing www.mon_site.net/). You can also point to addresses outside of /var/www. For example: pointing to home/user/monsite allows you to work in a directory with basic user rights.

For a site accessible to all, these kind of alias options suffices.

Relaunch Apache

To restart the apache server:

Logged in as root

 /etc/init.d/apache restart

Rights on www

There are several possibilities to allow our user “Lambda”1) to modify what's in the folder /var/www. The easiest and fastest way is to assign the rights of this folder to the www-data group, and then put lambda in that www-data group.

 Sudo adduser lambda www-data
 Chown -R www-data: www-data /var/www

Alternative method:

To add the lambda user to www-data, there is also the command:

 Usermod -a -G www-data lambda

Both commands do the job!

Restart the session so that Apache can take the rights into account for the current user.

It's better to let the www-data group manage the rights, basically because otherwise it's an open bazaar. Adding the user “lambda” in this group makes it possible to modify everything without taking the lead.

From a security perspective, maybe www-data shouldn't have these kind of rights, but(at the same time) it requires it to be able to understand everything, otherwise Apache will just block everything.. so let's keep it simple!

If some cms causes problems, the following command sequence(on the folder in question) can reassign the rights to www-data and allow them to be resolved(Run these as root):

chgrp -R www-data "folder"
chown -R www-data "folder"
chmod -R g+w "folder"

chgrp to reassign the owner group, chown to change the owner anyway(less important, in theory chgrp should already fix most of the worries), chmod to give the right permissions write on the folder, add, w for write, so write). The -R option allows recursion(so the change applies to subfolders).

Proxy

Some services are accessible via specific ports. This is what Etherpad does for example: when installed, it is accessible at the address http://myserverur.com:9001.

To be able to access it via the web address http://monserverur.com/pad, you must use the proxy option in Apache.

Begin by activating the proxy modules:

 A2enmod proxy proxy_http

Then add this information in /etc/apache2/sites-availables/000-default.conf:

<VirtualHost *:80>

  ProxyVia On
  ProxyRequests Off
  ProxyPass /pad/ http://localhost:9001/
  ProxyPassReverse /pad/ http://localhost:9001/
  ProxyPreserveHost on
  <Proxy *>
    Options FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
  </Proxy>

</VirtualHost>

Restart the apache service

 Service apache2 restart

Your etherpad should now be accessible at the right address!

Mysql

Phpmyadmin

Installation

Phpmyadmin is considered as a program with high potential security breaches.. and you would be better off without it. But at the same time, going without a database would be ideal…

In short, despite these considerations, phpmyadmin is a handy way to manage a database when you have little knowledge, because it helps you do the job well. So… we'll try to install it.

OBS: MySQL Workbench would be a better solution, “all in all”!!

 Sudo apt-get install phpmyadmin

Select “apache” in the options, then for the database, let the process complete.

 Please enter the password for the administrative account that will be used to create the MySQL database as well as the users.
Database administrator password: 

This is the root password.

Choose the database password… and do not forget to pass it in a “secure way” to the other admins.

Web location

By default, phpmyadmin is accessible at site.net/phpmyadmin, which helps a malicious user find the door. It can be modified via the file /etc/apache2/conf.d/phpmyadmin.conf, You can change the default alias like this:

 Alias/phpmyadmin/usr/share/phpmyadmin

For example:

 Alias/ploufphpmyadmin/usr/share/phpmyadmin

The simple addition of the “plouf” in front should already avoid automatic attacks!

Relaunch Apache for this to take effect.

Having a login other than “root” would be as good. But can it be easily changed?

OBS: It's pretty bad to use ROOT as the database login. A better way is to make a user and select the rights accordingly!!

Importing a database

To import a database via phpmyadmin(for ex: forum backups ), you must create the database, associate it with a user who is the only one having access to the database, then lastly import the saved “.sql”.

If the database is too large, there will be errors. One fix is to change /etc/php5/apache2/php.ini to increase the maximum size allowed. The phpmyadmin program makes error linking(so you can see what needs to be changed).

Various Mysql commands

Creating a user and a mysql database for the different services:

1) launch mysql

 $ Mysql -u root -p

The password will be requested.

2) Create the database:

 Mysql> create database MyDatabase;

3) Create a user and grant him access rights to the database without a password but only locally:

 Mysql> GRANT ALL ON MyDatabase. * TO User @ localhost;

3.1) Do the same thing but with a password:

 Mysql> GRANT ALL PRIVILEGES ON MyDatabase * TO User @ localhost IDENTIFIED BY 'Password';

4) Do not forget to update the database:

mysql> FLUSH PRIVILEGES; 
1)
yes, our test user is called “Lambda”.
en/lamp.txt · Last modified: 2016/12/20 13:34 by Domperss