This post is part of a larger series about Building a Cloud at Home For Free as part of building scalable web applications from the ground up. This post starts at the point of setting up our LAMP stack on the a new Debian server. If you still need to setup your hypervisor, virtual server and install Debian, then check out my post Installing Virtualbox and Debian on Windows 10.
Setting Up Debian as a LAMP Server
The first step to setting up the server is to log into the machine as root using the password you setup for your root account.
Setup a Static IP
Use the text editor nano to edit the network configuration file by typing the following command;
You will find something like this;
Comment out the old settings for the primary network interfaces and add the new lines shown below. You will need to select an IP and use the correct gateway for your network;
Hold down control+x and then press enter to save your changes. Type the command “reboot” into the console to restart the server and apply the changes.
Type the following command to get to the config file for SSHD, the service which allows you to remote into the terminal and access
Find the line that says PermitRootLogin with-password and change it to;
Save your changes.
Enabling root remotely is potentially a security concern as someone could brute-force the password and have root access. So we need to install fail2ban to prevent this. If too many failed attempts are made, the remote user will be banned from attempting to log into the server.
This is a good time to reboot; then you can use putty to connect securely to the server! At this point, I switch to putty instead of using the virtual machine, as it is much easier to do the rest of this process with the ability to copy and paste commands. This is not possible when using the console directly, outside of putty. Putty is free software available through ninite or from putty’s website.
Set APT To Online-Only
We need to set the package manager to use the online-repositories only, so it won’t be constantly asking us to insert the CD.
Find the line that starts with “deb cdrom”… Add a “#” at the beginning to comment it out, and then Ctrl+X to save! Simple as that.
Install Apache2 With SSL
If you do not want to buy an SSL certificate, you can create your own, but it will prompt visitors that your certificate is invalid every 24 hours when they look at your page. Depending on what you are doing, either option might be appropriate, but in the spirit of doing this for free, I am demonstrating the free self-signed certificate process option.
Logged in as root, run the command;
This will update all your installed packages and get you ready to run this command to install Apache2;
Now enable SSL by executing the following series of commands;
SSL will ask you several questions as shown below. The most important one is the FQDN which should be the domain name if you are using one or else the hostname or ip if you are not using a public domain.
Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:California Locality Name (eg, city) :Sacramento Organization Name (eg, company) [Internet Widgits Pty Ltd]:CJTrowbridge Organizational Unit Name (eg, section) :Projects Common Name (e.g. server FQDN or YOUR name) :projects.cjtrowbridge.com Email Address :email@example.com
Now run this command to set the correct permissions for your new self-signed certificate;
Now you need to edit the configuration file for both SSL and non-SSL connections in Apache by running the following commands;
You will need to pick a document root. The typical default is /var/www/html but i prefer /var/www for simplicity’s sake. Just make sure it matches in both of the following files…
Most likely this will already be basically setup correctly. You will need to set the correct paths to the certificate files you created above, change ‘example.com’ to your FQDN, set the correct email address, and make sure these other lines are written somewhere in the file and not commented out with a hashtag before them.
Run the following command to restart apache now that these changes have been saved;
Test the SSL by typing in your hostname or ip to a browser like ‘https://22.214.171.124’ You should see a warning about an invalid certificate. Select the option to proceed anyway, or in chrome type out the word ‘danger’ and it will bypass this screen for 24 hours. These warnings can be very obnoxious, and it is a tempting buy at around $50/year for a valid SSL certificate, but the 24 hour setting can also be changed in chrome in order to avoid paying for a certificate while also avoiding the warnings. :]
For the purposes of this project, I will creating a separate, dedicated MySQL server. BUT, installing MySQL on this server fulfills some dependencies for PHP and Apache that can cause issues with connecting to databases, so we install it anyway by running the following command;
You will be prompted to create a root MySQL password. Make it a strong one! After installation is done, execute the following command to run the secure installation. It will give you lots of suggestions for securing your installation.
Now we install PHP, the real heart and soul behind the web applications we will be building on this server. Type the following commands;
Install mcrypt to enable php to use cryptography.
cURL is required by things like wordpress, and generally good to have, so let’s install that too;
Finally restart apache to let all the changes take effect;
Test Your Server!
Let’s create a phpinfo file. Run the following command;
Note that depending on the path you used in setting up your SSL configuration file, the file might need to be in /var/www/html instead of /var/www/
Put the following code into the file and save it.
The moment of truth…
Now navigate to https://hostname/info.php
If it works, you will get a certificate error and then a page like this telling you all about your php server 😀
Now you’re ready to move on to Setting Up Debian as a Postfix Mail Server