Linux: Ubuntu 14.04 full LAMP server setup tutorial

This Ubuntu server setup tutorial is written in cookbook style to get a new server up and running from scratch. It includes setting up your main user properly, some mild security measures and of course Apache 2.4, PHP 5.5 and Mysql setup. I will also setup Git to make deployments more controlled and easier.

Cookbook style means that I will list the steps and the commands in an order that you can quickly use to get your Ubuntu 14.04 server up and running quickly without getting into too much detail.

Commands that start with the # character are shell commands.

1: Install a server

This one should be easy. Just download an image from Ubuntu or install an image via your VPS control panel.

2: Add user to www-data group and assign sudo rights

There are several cases in which you might be after installing your server. Just follow the one that is relevant for you:

1: You already created a user during installation:

  • Try out if your user is already setup with sudo rights by typing # sudo -i
    • If you are asked for your password and after proving it see: root@ at the start of the console then you already have sudo rights.
    • If not then login as root and type # gpasswd -a thisisme sudo to add your user (thisisme in this case) to the sudo file.
  • Type # sudo usermod -a -G www-data thisisme to add your user to the www-data group.

2: You did not create a new user and are logged in as root user:

  • Create your new user within the www-data group: # useradd -g www-data thisisme.
  • Set the new user's password: # passwd thisisme
  • Add the new user to the sudoers file: # gpasswd -a thisisme sudo

Now your user can execute root commands and is able to modify files written to the system by the Apache2 group user.

3: Make sure your machine is fully up-to-date

  • Run # sudo apt-get update
  • Run # sudo apt-get upgrade
  • Run # sudo apt-get dist-upgrade

4a: (optional) Add some security (ssh key)

You can setup your user to need an ssh key to be able to sign into the server. This is more secure that a simple password and therefore highly advised.

Windows users should follow this tutorial. Linux and mac users, read on:

On your local machine:

  • create your public key: # ssh-keygen -t rsa -C "your_email@youremail.com" and hit enter to store the file at the default location and optionally also enter a passphrase.
  • Open the file: # cat ~/.ssh/id_rsa.pub and and copy the key to your clipboard

On the remote machine

  • login as your new user or switch from root to your new user by typing: # su - thisisme
  • Execute the following commands:
    • # cd ~
    • # mkdir .ssh
    • # chmod 700 .ssh
  • Now add a file and copy in your public key from your local machine:
    • # vi .ssh/authorized_keys (in vi type i to enter edit mode and then copy in the key. Hit escape to exit enter mode and then type :wq to save and exit.
    • # chmod 600 .ssh/authorized_keys
  • Now you should be able to login to your server and will be asked for an ssh keyphase.
  • Make sure to first try this out in a new console windows before closing your current session!

4b: (optional) Add some security (change default settings)

Change the default ssh port:

  • Run: # sudo vi /etc/ssh/sshd_config
    • Find the line that states: Port 22
    • type i to enter edit mode and change the 22 to something else that you will remember, e.g. your year of birth: Port 1985.
    • Find the line that states: PermitRootLogin yes and change it to PermitRootLogin no which will disable root access via ssh (so be sure that your local user's sudo rights are working correct before doing this).
    • Hit escape and type :wq to exit vi.
    • Reload ssh: # sudo service ssh restart
  • Do not close your current terminal, open a new terminal to test the configuration:
    • Linux / mac: # ssh -p 1985 thisisme@SERVERIPADDRESS
    • Windows: With putty click on the putty icon on the top left of your putty console and select new session. Make sure to enter the new port and use your ssh key (as was shown in the above mentioned tutorial).
  • When logged in type # sudo -i to verify that you can still execute sudo (root) commands. If that is the case then you can safely close previous terminals.

5a: Install Apache 2.4 and configure www root

Install apache:
# sudo apt-get install apache2

Setup www root to be writable by the apache server user.

  • # sudo chown -R www-data:www-data /var/www
  • # sudo chmod 755 -R /var/www
  • # sudo chmod g+s -R /var/www

Add a directory for your new website:

  • # sudo mkdir /var/www/yoursite.com
  • # sudo mkdir /var/www/yoursite.com/logs
  • # sudo chmod -R 775 /var/www/yoursite.com/
  • # sudo chmod -R 770 /var/www/yoursite.com/logs

Create a vhost file and activate the site

  • # cd /etc/apache2/sites-available/
  • # sudo vim yoursite.com.conf

Now copy in the following configuration and modify it to match your new site's need:
<VirtualHost *:80> ServerAdmin you@yoursite.com ServerName yoursite.com ServerAlias www.yoursite.com DocumentRoot /var/www/yoursite.com/public_html/ ErrorLog /var/www/yoursite.com/logs/error.log CustomLog /var/www/yoursite.com/logs/access.log combined <Directory /var/www/yoursite.com/public_html> Require all granted Options Indexes FollowSymLinks AllowOverride All </Directory> </VirtualHost>
Hit escape and type :wq to safe the file with vi.

Enable your new virtual host / site.

  • # sudo a2ensite yoursite.com
  • # sudo service apache2 reload

5b: Install PHP

# sudo apt-get install php5 php-pear php5-mysql

Verify that your settings are correct:

  • # sudo vim /etc/php5/apache2/php.ini
  • # sudo vim /etc/php5/cli/php.ini

install missing extensions where needed, e.g. # sudo apt-get install php5-gd
And restart Apache afterwards to ensure all your changes are loaded: # sudo service apache2 restart

5c: install mysql:

  • # sudo apt-get install mysql-server (make sure to enter a root password when asked)
  • run # mysqlsecureinstallation and anser the questions.

Your needs for using mysql will be quite specific, but everyone needs to have a database and a user to connect to this. You can do this by the following commmands:

  • # mysql -uroot -p
  • enter your password (-p means aks for password, you should never directly enter it in the command since it will be stored in your command history which is not secure at all)
  • mysql> CREATE DATABASE yourDataBaseName;
  • mysql> CREATE USER 'yourUser'@'localhost' IDENTIFIED BY 's3CurEPassw@ord!';
  • mysql> GRANT ALL PRIVILEGES ON yourDataBaseName.* TO 'yourUser'@'localhost';
  • mysql> FLUSH PRIVILEGES;
  • mysql> EXIT

6: (optional) use Git to control your sourcecode

I would just be copying this excellent post: http://machiine.com/2013/pulling-a-git-repo-from-github-to-your-ubuntu-server/ so just go there and follow the steps. I do have one addition for Windows users however, after the steps:

  • git config --global user.name "Your Name"
  • git config --global user.email youremail@example.com

Also execute the following command:

  • git config core.filemode false

This will avoid your initial git clone command to look like a complete new commit for Git. Without this each file will be compared to it's privileges, which will be different from Windows and Mac.

Questions?

Drop me a line on Twitter or Google+.