Build a LAMP stack on a Ubuntu instance - Elastic Compute Service

LAMP is an acronym for the names of the following components: Linux operating system, Apache HTTP Server, MySQL relational database management system, and PHP programming language. LAMP stacks are commonly used to build websites. LAMP has extensive community support and a wealth of resources and is suitable for developing, deploying, and maintaining web applications of different sizes. LAMP stacks are highly flexible and allow you to modify and customize servers. You can configure LAMP stack components based on your business requirements to maximize performance and security. This topic describes how to build a LAMP stack on an Elastic Compute Service (ECS) instance that runs Ubuntu.

Prerequisites

An ECS instance that is used to deploy a LAMP stack is created. For more information, see Create an instance on the Custom Launch tab.

The instance meets the following requirements:

The instance is assigned a public IP address by the system or is associated with an elastic IP address (EIP). For information about how to associate an EIP with an instance, see Associate or disassociate an EIP.
The instance runs Ubuntu 22.04 or Ubuntu 20.04.
An inbound rule is added to a security group of the instance to allow traffic on ports 22, 80, and 443. For information about how to add an inbound security group rule, see Add a security group rule.

Step 1: Install Apache

Run the following command to update the Ubuntu software packages:
```
sudo apt update
```
Run the following command to install Apache:
```
sudo apt-get -y install apache2
```
Run the following command to check the version of Apache:
```
apache2 -v
```
A command output similar to the following one indicates that Apache is installed.
Run the following commands to start Apache and configure Apache to automatically start on system startup:
```
sudo systemctl start apache2
sudo systemctl enable apache2
```
Run the following command to check the status of Apache:
```
sudo systemctl status apache2
```
A command output similar to the following one indicates that Apache is started.

Step 2: Install and configure MySQL

Install MySQL.
1. Run the following command to install MySQL:
```
sudo apt -y install mysql-server
```
2. Run the following command to check the version of MySQL:
```
mysql -V
```
  A command output similar to the following one indicates that MySQL is installed.
Run the following command to start MySQL:
```
sudo systemctl start mysql
```
Run the following commands in sequence to configure MySQL to start on system startup:
```
sudo systemctl enable mysql
sudo systemctl daemon-reload
```

Configure MySQL.

Run the following command to access MySQL:
```
sudo mysql
```

Run the following command to set a password for the root user:

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password by 'mynewpassword';

In this example, the password is Mysql@1234. Sample command:

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password by 'Mysql@1234';

Run the following command to exit MySQL:
```
exit;
```
Run the following command to configure the security settings of MySQL:
```
sudo mysql_secure_installation
```

Follow the command line instructions to configure the following settings in sequence.

Enter the password of the root user. In this example, Mysql@1234 is entered.
```
ecs-user@iZbp19jsi7s0g7m4zgc****:~# sudo mysql_secure_installation

Securing the MySQL server deployment.

Enter password for user root: 
```
Note
For data security purposes, no output is returned when you enter a password. You need only to enter the correct password and then press the Enter key.

Enter Y to configure a password strength policy.

VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?

Press y|Y for Yes, any other key for No: Y

Specify a password strength value.

In this example, 2 is used.

There are three levels of password validation policy:

LOW Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 0

Enter Y to change the password of the root user.

Change the password for root ? ((Press y|Y for Yes, any other key for No) : Y

Enter the new password of the root user.

New password:

Re-enter new password:

Estimated strength of the password: 100

Enter Y to use the new password that you set.

Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : Y

Enter Y to delete the anonymous user account that comes with MySQL.

By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y

Enter Y to deny remote access by the root user to MySQL.

Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y

Enter Y to delete the database named test.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) :

Enter Y to reload privilege tables.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y

When the configuration is complete, All done! is displayed in the command output.

Check whether you can log on to MySQL.

Run the following command to log on to MySQL:
```
sudo mysql -uroot -p
```

At the Enter password: prompt, enter the password that you set for MySQL.

Note

For data security purposes, no output is returned when you enter a password. You need only to enter the correct password and then press the Enter key.

The following sample command output indicates that you are logged on to MySQL.

ecs-user@iZbp19jsi7s0g7m4zgc****:~# sudo mysql -uroot -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 15
Server version: 8.0.29-0ubuntu0.20.04.3 (Ubuntu)

Copyright (c) 2000, 2022, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

Run the following command to exit MySQL:
```
exit;
```

(Optional) Modify the listening configurations.
By default, MySQL listens on port 3306 and accepts connection requests only from the local IP address 127.0.0.1. To allow MySQL to accept connections from any IP address, you need to change the listening IP address to 0.0.0.0.
Important
If you configure MySQL to listen to 0.0.0.0, the database may be more vulnerable to unauthorized access. Before you configure MySQL to allow connections from any IP address, make sure that you are aware of the relevant security threats and take necessary protective measures, such as deploying VPN and firewalls and strengthening account permission management, to protect against the threats.
1. Run the following command to open the my.cnf configuration file:
```
sudo vim /etc/mysql/my.cnf
```
2. Press the I key to enter Insert mode, and then add the following content:
```
[mysqld]
bind-address = 0.0.0.0
```
  Press the Esc key, enter :wq, and then press the Enter key to save and close the configuration file.
3. Run the following command to restart MySQL:
```
sudo systemctl restart mysql
```

Step 3: Install PHP

Install PHP.
1. Run the following command to install the software-properties-common software package:
```
sudo apt-get install -y software-properties-common
```
2. Run the following command to add Ondrej PPA:
  The latest version of PHP is contained in Ondrej PPA.
```
sudo add-apt-repository ppa:ondrej/php
```
  When the message shown in the following figure is returned, press the Enter key.
3. Run the following command to install PHP.
  Note
  In this example, PHP 8.3 is installed. If you want to install another version, replace php8.3 in the command with the version that you want to install.
```
sudo apt-get install -y php8.3 php8.3-fpm libapache2-mod-php8.3
```
4. Run the following command to check the version of PHP:
```
php -v
```
  A command output similar to the following one indicates that PHP is installed.
Run the following command to back up the Apache configuration file:
```
sudo cp /etc/apache2/apache2.conf /etc/apache2/apache2.conf.bak
```
Modify the Apache configuration file to allow Apache to support PHP.
Important
If you do not add support for PHP, PHP pages cannot be displayed when you access the pages by using a web browser.
1. Run the following command to open the Apache configuration file:
```
sudo vim /etc/apache2/apache2.conf
```
2. Press the I key to enter Insert mode.
3. Add the following configuration:
```
DirectoryIndex index.html index.php
<FilesMatch \.php$>
    SetHandler application/x-httpd-php
</FilesMatch>
```
4. Press the Esc key, enter :wq, and then press the Enter key to save and close the configuration file.
In the root directory of the Apache website, create a test webpage.
1. Run the following command to view the root directory of the Apache website:
```
sudo cat /etc/apache2/sites-available/000-default.conf
```
  The DocumentRoot /var/www/html line in the command output indicates that the website root directory is /var/www/html.
2. Run the following command to create a test webpage in the website root directory and add the phpinfo() function to the webpage.
  The phpinfo() function is used to display all configuration information of PHP.
```
sudo sh -c 'echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php'
```
Run the following command to restart Apache:
```
sudo systemctl restart apache2
```
Enter http://<Public IP address of the ECS instance>/phpinfo.php in the address bar of a web browser on your computer and press the Enter key.
A page similar to the following one indicates that PHP is installed.
After the LAMP stack is built, we recommend that you run the following command to delete the phpinfo.php file to prevent data leaks:
```
sudo rm -rf <Website root directory>/phpinfo.php
```
In this example, the website root directory /var/www/html is used. Run the following command to delete the test file:
```
sudo rm -rf /var/www/html/phpinfo.php
```