Actions

Difference between revisions of "Configuring a LAMPP server for PHP development/Linux desktop"

From Joomla! Documentation

< Configuring a LAMPP server for PHP development
(Method 1: Implementing suPHP)
(20 intermediate revisions by one user not shown)
Line 1: Line 1:
{{inuse}}
+
{{underconstruction}}
 
{{RightTOC}}
 
{{RightTOC}}
  
Line 7: Line 7:
  
 
Theses instructions should work fine on any Debian based distribution such as Debian, Ubuntu, LinuxMint, Xubuntu, Kbuntu and others.
 
Theses instructions should work fine on any Debian based distribution such as Debian, Ubuntu, LinuxMint, Xubuntu, Kbuntu and others.
 +
 +
<span style="color:red; font-weight:bold;"> '''NOTE:'''To complement the security of your computer install a firewall to block external incoming traffic to your web service, you may also have to change some directives on your site configuration file to only serve request to the localhost address.</span>
  
 
== Installation ==
 
== Installation ==
'''NOTE:''' You need a stable Internet connection for this tutorial
+
'''NOTE:''' You need a stable Internet connection for this tutorial, if you previously tried to install the LAMP stack and failed for any reason visit this page and follow the instruction here to delete any server configuration and start from scratch "[https://help.ubuntu.com/community/ApacheMySQLPHP#Starting_over:_How_to_remove_the_LAMP_stack How to remove the LAMP stack]"
  
 
The installation of a LAMPP server on Linux is extremely easy, just follow this instructions:
 
The installation of a LAMPP server on Linux is extremely easy, just follow this instructions:
Line 15: Line 17:
 
*Open a terminal and type:
 
*Open a terminal and type:
  
  <tt>sudo apt-get install apache2 php5-mysql libapache2-mod-php5 mysql-server phpmyadmin libapache2-mod-suphp</tt>
+
  <tt>sudo apt-get install apache2 php5-mysql libapache2-mod-php5 mysql-server phpmyadmin php5-curl</tt>
  
 
*Say yes [Y] when the package manager ask you download and install the packages, this step will take some time depending on your connection speed
 
*Say yes [Y] when the package manager ask you download and install the packages, this step will take some time depending on your connection speed
Line 65: Line 67:
 
Location: "/var/www/"
 
Location: "/var/www/"
  
Description: by default the Apache server enables a test website and store the website files in that location, so every time you visit the page local host, the browser display the html page located there..
+
Description: by default the Apache server enables a test website and store the website files in that location, so every time you visit the page http://localhost, the browser display the page located at "/var/www/"
  
With your file browser navigate to "/var/www/" there should be a file called "index.html", change the content of the file for whatever you want and refresh the web page to see the changes.  
+
With your file browser navigate to "/var/www/" there should be a file called "index.html", change the content of the file for whatever you want and refresh the web page to see the changes.
  
 
=== Apache web sites configuration files ===  
 
=== Apache web sites configuration files ===  
Line 93: Line 95:
  
 
Description: That folder contain several files to keep track of several events on your Apache web server, such as errors in the services, errors in code of your site, failed authentication attempts and more, this is a good place to look at when something is not working file or you suspect some is trying to breach your server security
 
Description: That folder contain several files to keep track of several events on your Apache web server, such as errors in the services, errors in code of your site, failed authentication attempts and more, this is a good place to look at when something is not working file or you suspect some is trying to breach your server security
 +
  
 
== Configuration ==
 
== Configuration ==
  
=== Deploying a new site location ===
+
=== Enabling mod_rewrite ===
 +
 
 +
The mod_rewrite module uses a rule-based rewriting engine, based on a PCRE regular-expression parser, to rewrite requested URLs on the fly. By default, mod_rewrite maps a URL to a filesystem path. However, it can also be used to redirect one URL to another URL, or to invoke an internal proxy fetch.
 +
 
 +
for more information visit http://httpd.apache.org/docs/current/mod/mod_rewrite.html
 +
 
 +
* open a terminal and type
 +
 
 +
<tt>sudo a2enmod rewrite</tt>
 +
 
 +
* now that the rewrite module is enabled we need to restart apache
 +
 
 +
<tt>sudo service apache2 restart</tt>
 +
 
 +
* done
 +
 
 +
=== Deploying a new site folder structure ===
  
 
By default the web server is hosting the files in the location "/var/www" but for security reason and for the sake of avoid ownership problems we are going to use another place to host our web site files
 
By default the web server is hosting the files in the location "/var/www" but for security reason and for the sake of avoid ownership problems we are going to use another place to host our web site files
  
Lets create a new folder to store the web files and the log files of the server
+
Lets create a new folder to store the web files and the log files of the site
  
 
* open a terminal and type
 
* open a terminal and type
Line 258: Line 277:
 
  <tt>sudo gedit /etc/apache2/ports.conf</tt>
 
  <tt>sudo gedit /etc/apache2/ports.conf</tt>
  
*Find the line "listen: 80" and insert this line underneath
+
*Find the line "listen 80" and insert this line underneath
  
  <tt>Listen: 8080</tt>
+
  <tt>Listen 8080</tt>
  
 
*Save changes
 
*Save changes
Line 270: Line 289:
 
*Find this directive "<VirtualHost *:80>" and make the following modification  
 
*Find this directive "<VirtualHost *:80>" and make the following modification  
  
<tt> <VirtualHost *:80 *:8080> </tt>
+
<tt> <VirtualHost *:80 *:8080> </tt>
  
 
*Save changes
 
*Save changes
Line 280: Line 299:
 
*To test your new configuration try to access your site from another computer over Internet, just type your IP in the browser's address bar and press enter, if the request fails try the new alternative port like this xxx.xxx.xxx.xxx:8080
 
*To test your new configuration try to access your site from another computer over Internet, just type your IP in the browser's address bar and press enter, if the request fails try the new alternative port like this xxx.xxx.xxx.xxx:8080
  
=== Enforcing security ===
+
=== Preventing ownership and permissions problems ===
  
Since your computer is now running web services, this services are listening for requests and will reply to anyone who have the correct IP and port, in other words other people in your LAN and Internet can access your local site without your permission or they can even try to crack/hack your workstation. To prevent this you just need to install a firewall and "deny" by default any external incoming requests to your computer.
+
On Linux machines file permissions is a serious thing, Linux uses a mechanism to control what users can do an what they can not about folders, files and even the execution of applications, this mechanism consist in town set of parameters, the ownership and the permissions.
  
For Linux users there is a nice and simple firewall called "Uncomplicated Firewall" to install the user interface and manage the firewall from your desktop just follow these steps
+
==== Files and folders ownership ====
  
*open a terminal and type:
+
Ownership have tow parameters the owner and group
  
<tt> sudo apt-get install gufw </tt>
+
The "owner" is who own the file or folder and it is represented by a "user name", in Linux a persons, applications and services use usernames, on most Linux distributions the Apache service runs under the user name "www-data".
  
Note: you can also install the application from the software center
+
The "group" is used to associate users into an logical group, this figure is useful when an administrator needs to grand or deny permissions to several users with one single command and not user by user.
  
*Open the application when the installation finishes
+
==== Files and folders permissions ====
  
*Press the "unlock" button and type your administrative password
+
The permissions have three parameters that represents file and folder permissions for the owner, the group and others. the number goes from 0 to 7 and the following list explains what they means:
  
*Make sure "status = On" and "Incoming = Deny" leave the rest in their default values
+
* 4 = permission to read
 +
* 2 = permission to write
 +
* 1 = permission to execute
 +
* 0 = no permissions at all
  
*To test your firewall just try to connect to your local site from a local computer on your LAN or a remote computer over Internet when the firewall status is "Status = On", your shouldn't be able to connect whatsoever
+
Note: "Others" represents everybody, this parameter is used to grant permission to everyone no matter the user they are or the group they belong to. This parameter should be set with care under certain situations grant incorrect permission to sensitive files and folders can cause security problems.
  
*Now "temporally" change the status of your firewall to "Status = Off" and try to connect again, people should be able to see your local site just fine, remember to set "Status = On" after this test
+
For example if we got a file with permissions like this "644", it means (owner=read+write)(group=read)(others=read)
  
Note: In this tutorial we are denying any incoming external requests to any port, as a side note you can also Deny all incoming requests and manually allow incoming requests to few specific ports if you wish, but that kind of settings are up to you, since a PC workstation is not a server is ok to deny all incoming traffic by default
+
To get more information about the Linux file systems and file permissions read [http://docs.joomla.org/How_do_UNIX_file_permissions_work%3F this] article.
  
=== Preventing ownership problems ===
+
==== Adding yourself to the Apache group and modifying permissions ====
  
By default in some Linux installations the Apache server runs under the user "www-data" which is also in the "www-data" group, this behavior will bring us problems in the future because any file modified or created by the server will have a different ownership, in other words you wouldn't be able to edit some files created or modified by the server unless you manually change the permissions of each file to something like 777 or execute your editor as "super user" which both are really bad ideas.
+
For this example your username will be "youruser", on most Linux distributions the Apache service runs on the user "wwww-data" and the group "www-data", we need to include our user "youruser" in to the "www-data" group to be able to set permissions to the web server files and have no problems when we have to edit them.
  
==== Method 1: Implementing suPHP ====
+
*To add "youruser" to the Apache group, open a terminal and type
  
suPHP is an Apache module used to execute PHP scripts with the permissions of their file owners
+
<tt>sudo adduser youruser www-data</tt>
  
This is how the server will work thanks to suPHP
+
*Now we need to change the owner and group of all our web server files to owner "www-data" and group "www-data"
  
*If a PHP file have the owner "dexter" suPHP will execute that file as "dexter" and not as the Apache user aka "www-data",
+
<tt>sudo chown -R www-data:www-data /home/youruser/lamp/public_html</tt>
*If another file PHP file have the owner "adam" suPHP will execute that file as "adam" and not as the Apache user aka "www-data"
+
*If another file PHP file have the owner "www-data" suPHP will execute that file as "www-data" which is the Apache user
+
*If a folder have the owner "dexter" and it have a PHP file inside it with the owner "adam" the server will throw a "500" error when some one tries to request that file because it does not belong to "dexter"
+
*If a any PHP script tries to read or write files or folders outside the server's document root, then the server will deny the action
+
*If a file have too permissive permissions such as "chmod 666", then the server will throw a "500" error because suPHP don't allow too permissive permissions for security reasons
+
  
We already have suPHP installed, to Configure it follow this steps:
+
*Finally we have to set the correct folder permission so both APahce and our user can edit the files with no problems, on a terminal type
  
*Open a terminal and Type
+
<tt>sudo chmod -R 775 /home/youruser/lamp/public_htm</tt>
  
<tt>sudo gedit /etc/suphp/suphp.conf</tt>
+
==== Common problems and confusions ====
  
*Find the option "docroot" and set the location of your public_html folder, like this
+
When Joomla creates files on extension installations or any other operation it uses the default mask 755 for folders and 644 for files, this permissions are correct and secure for production servers but it will give us problems on our local server because our editor will not be able to edit those files and folders. To fix this problems simple run again this tow commands.
  
  <tt>docroot= /home/youruser/lamp/public_html</tt>
+
  <tt>sudo chown -R www-data:www-data /home/youruser/lamp/public_html</tt>
  
'''NOTE:''' You can place your new site folders on any location you desire, this is just an example, replace "youruser" with your actual Linux username
+
In the case you manually move files from your personal folders to the server web folder "public_html" those new files most likely will be owned by your username, this can cause problems if the server need to modify or delete information, to prevent this problem every time you move or copy information to your server web folder you ahve to set the correct owner and group for all those new files, open a terminal and run this command.
  
*Save changes
+
<tt>sudo chmod -R 775 /home/youruser/lamp/public_htm</tt>
*Type in your terminal
+
  
<tt>sudo gedit /etc/apache2/mods-available/php5.conf</tt>
+
Note: If your server have too many files this commands could be slow but you can always set a more specific path to apply permission in less files.
  
*On your editor create a new empty line at the first line of the document and add this text there
+
=== Other configurations ===
  
<tt><Directory /usr/share></tt>
+
*open a terminal and type
  
*Then at the end of the document create another empty line and add this text there
+
<tt> sudo gedit /etc/php5/apache2/php.ini </tt>
  
<tt></Directory></tt>
+
*Find the line
  
*As you can see we just enclosed the original content withing those lines
+
<tt>output_buffering =</tt>
  
*Save changes
+
*Set the value to "= Off"
  
*Type in your terminal
+
*Find the line
  
  <tt>sudo service apache2 restart</tt>
+
  <tt>post_max_size =</tt>
  
*Lets create a file to do a quick test to see if suPHP is working correctly, type in your terminal
+
*Set the value to "= 20M"
  
<tt>echo "<?php echo 'whoim = '.exec('/usr/bin/whoami');?>" | tee /home/youruser/lamp/public_html/whomi.php</tt>
+
*Find the line
  
*Open your browser and navigate to "localhost/whomi.php", most likely the browser will show you a "500" server error, this is because suPHP does not allow too permissive file and folder permissions and also does not allow mixed file and folder ownership, to correct this type in your terminal
+
<tt>upload_max_filesize =</tt>
  
<tt>sudo find /home/youruser/lamp/ -type f -exec chmod 644 {} \;
+
*Set the value to "= 20M"
sudo find /home/youruser/lamp/ -type d -exec chmod 755 {} \;
+
sudo chown youruser:youruser -R /home/youruser/lamp/</tt>
+
  
'''NOTE:''' You can place your new site folders on any location you desire, this is just an example, replace "youruser" with your actual Linux username
+
* Save changes
  
Those commands enforce a secure and correct file and folder permission and also set a correct user and group ownership for all of them
+
*Type in your terminal
  
*Open your browser and navigate to "localhost/whomi.php", you should see something like this
+
<tt>sudo service apache2 restart</tt>
  
whomi = youruser
+
=== Enforcing security ===
  
That means the script is being executed with your user and not the Apache user unless you specified so
+
Since your computer is now running web services, this services are listening for requests and will reply to anyone who have the correct IP and port, in other words other people in your LAN and Internet can access your local site without your permission or they can even try to crack/hack your workstation. To prevent this you just need to install a firewall and "deny" by default any external incoming requests to your computer.
  
==== Method 2: Changing Apache user and group ====
+
For Linux users there is a nice and simple firewall called "Uncomplicated Firewall" to install the user interface and manage the firewall from your desktop just follow these steps
  
<span style="color:red; font-weight:bold;"> '''NOTE:'''This method is highly discouraged, do not implement it in a computer with personal or sensitive information if you are not sure what are you doing, to complement the security install a firewall to block external incoming traffic to your web server, you may also should change some directives on your site configuration to only serve request to the localhost address.</span>
+
*open a terminal and type:
  
To make Apache execute under your current user and group you got to edit some parameters in the Apache configuration file and make it execute under our current user and group, this will solve our file ownership problems <span style="color:red; font-weight:bold;"> but opens a severe security hole</span>.
+
  <tt> sudo apt-get install gufw </tt>
  
To change the user and group of the Apache service, follow these instructions:
+
Note: you can also install the application from the software center
  
*open a terminal and type
+
*Open the application when the installation finishes
  
<tt>sudo gedit /etc/apache2/envvars</tt>
+
*Press the "unlock" button and type your administrative password
  
*Find the lines
+
*Make sure "status = On" and "Incoming = Deny" leave the rest in their default values
  
<tt>export APACHE_RUN_USER=www-data
+
*To test your firewall just try to connect to your local site from a local computer on your LAN or a remote computer over Internet when the firewall status is "Status = On", your shouldn't be able to connect whatsoever
export APACHE_RUN_GROUP=www-data</tt>
+
  
*Replace the "www-data" with your current username in both lines
+
*Now "temporally" change the status of your firewall to "Status = Off" and try to connect again, people should be able to see your local site just fine, remember to set "Status =  On" after this test
*Save changes
+
*Type in your terminal
+
 
+
<tt>sudo service apache2 restart</tt>
+
 
+
*Lets create a file to do a quick test to see if the new configuration is working correctly, type in your terminal
+
  
<tt>echo "<?php echo 'whoim = '.exec('/usr/bin/whoami');?>" | tee /home/youruser/lamp/public_html/whomi.php</tt>
+
Note: In this tutorial we are denying any incoming external requests to any port, as a side note you can also Deny all incoming requests and manually allow incoming requests to few specific ports if you wish, but that kind of settings are up to you, since a PC workstation is not a server is ok to deny all incoming traffic by default
 
+
*Open your browser and navigate to "localhost/whomi.php", you should see something like this
+
 
+
whomi = youruser
+
 
+
That means the script is being executed with the new user (you)
+
 
+
== Further reading ==
+
  
* ApacheMySQLPHP - Community Ubuntu Documentation [https://help.ubuntu.com/community/ApacheMySQLPHP link]
+
[[Category:Server configurations]]
* Running phpmyadmin and suphp [http://serverfault.com/questions/211935/running-phpmyadmin-and-suphp/211942#211942 link]
+
* Security and Performance FAQs [[Security and Performance FAQs | link]]
+
* Apache directive index [http://httpd.apache.org/docs/2.0/mod/directives.html link]
+
[[Category:Development]]
+

Revision as of 15:45, 7 August 2013

Documentation all together tranparent small.png
Under Construction

This article or section is in the process of an expansion or major restructuring. You are welcome to assist in its construction by editing it as well. If this article or section has not been edited in several days, please remove this template.
This article was last edited by Tom Hutchison (talk| contribs) 13 months ago. (Purge)

Contents

Introduction

This article provides detailed instructions for configuring a LAMPP server, not only for Joomla! it also should work fine for PHP development in general.

Theses instructions should work fine on any Debian based distribution such as Debian, Ubuntu, LinuxMint, Xubuntu, Kbuntu and others.

NOTE:To complement the security of your computer install a firewall to block external incoming traffic to your web service, you may also have to change some directives on your site configuration file to only serve request to the localhost address.

Installation

NOTE: You need a stable Internet connection for this tutorial, if you previously tried to install the LAMP stack and failed for any reason visit this page and follow the instruction here to delete any server configuration and start from scratch "How to remove the LAMP stack"

The installation of a LAMPP server on Linux is extremely easy, just follow this instructions:

  • Open a terminal and type:
sudo apt-get install apache2 php5-mysql libapache2-mod-php5 mysql-server phpmyadmin php5-curl
  • Say yes [Y] when the package manager ask you download and install the packages, this step will take some time depending on your connection speed
  • At some point the installer will ask you for the MySQL root password use any password you like, but for this example we are going to use "myadmin"
  • The installer will ask for "the web server that should be automatically configured to run phpmyadmin", press [spacebar] to choose "apache2" and press [enter], NOTE: make sure the selection is marked with and asterisk [*]
  • The installer will ask for "Configure database for phpmyadmin with dbconfig-common", choose "<yes>" and press [enter]
  • The installer will ask for "password of the database's administrative user", use any password you like, but for this example we are going to use "myadmin"
  • The installer will ask for "mysql application password for phpmyadmin", use any password you like, but for this example we are going to use "myadmin"
  • If no errors have being displayed then the installation is finish

1st test for Apache

  • Open your web browser and type in the address bar "localhost" and press [enter]
  • Normally Apache display a test page with some text like this:
It works!
This is the default web page for this server.
The web server software is running but no content has been added, yet.

1st test for PHP server

To test if PHP server is working lets create a quick test file using the command line

  • Open a terminal and type
echo "<?php phpinfo(); ?>" | sudo tee /var/www/test.php 
  • Open your web browser and type in the address bar "localhost/test.php" and press [enter]
  • The next thing you should see in your browser is a really long page displaying information about the PHP server, if not then something went wrong
  • Now that we know the PHP server is working fine we don't need that test file anymore, type the following command in your terminal to delete the file
sudo rm /var/www/test.php

1st test for phpMyAdmin

  • Open your web browser and type in the address bar "localhost/phpmyadmin" and press [enter]
  • The next thing you should see is the phpMyadmin login page, if not then something went wrong, most likely you skip or not marked the option "apache2" at the question "web server that should be automatically configured to run phpmyadmin", to fix this problem just purge the installation and start over again the installation steps
  • Login to phpmyadmin with the following credentials
    • username = root
    • password = myadmin
  • You should be able to login normally and have no error messages at all

Understanding the folder structure

There are several folders and files that the LAMP server uses to store the configurations of the LAMP services and to store the files of your hosted websites

Apache default web site folder

Location: "/var/www/"

Description: by default the Apache server enables a test website and store the website files in that location, so every time you visit the page http://localhost, the browser display the page located at "/var/www/"

With your file browser navigate to "/var/www/" there should be a file called "index.html", change the content of the file for whatever you want and refresh the web page to see the changes.

Apache web sites configuration files

Location: "/etc/apache2/sites-available/"

Description: You can host multiples sites in the same server, this folder a configuration file for each site.

Apache configuration file

Location: "/etc/apache2/apache2.conf" Location: "/etc/apache2/envvars"

Description: This files contains very important information about the Apache service.

Apache ports configuration file

Location: "/etc/apache2/ports.conf"

Description: This files configure what port will Apache server listen to for http requests, by default http request are assigned to the port 80 but you can modify or add more ports.

Apache log files

Location: "/var/log/apache2/"

Description: That folder contain several files to keep track of several events on your Apache web server, such as errors in the services, errors in code of your site, failed authentication attempts and more, this is a good place to look at when something is not working file or you suspect some is trying to breach your server security


Configuration

Enabling mod_rewrite

The mod_rewrite module uses a rule-based rewriting engine, based on a PCRE regular-expression parser, to rewrite requested URLs on the fly. By default, mod_rewrite maps a URL to a filesystem path. However, it can also be used to redirect one URL to another URL, or to invoke an internal proxy fetch.

for more information visit http://httpd.apache.org/docs/current/mod/mod_rewrite.html

  • open a terminal and type
sudo a2enmod rewrite
  • now that the rewrite module is enabled we need to restart apache
sudo service apache2 restart
  • done

Deploying a new site folder structure

By default the web server is hosting the files in the location "/var/www" but for security reason and for the sake of avoid ownership problems we are going to use another place to host our web site files

Lets create a new folder to store the web files and the log files of the site

  • open a terminal and type
mkdir /home/youruser/lamp/
mkdir /home/youruser/lamp/public_html/
mkdir /home/youruser/lamp/logs/

NOTE: You can place your new site folders on any location you desire, this is just an example, replace "youruser" with your actual Linux username

To store the web site files we are going to use the folder "plublic_html" and for our log files we are going to use the folder "logs"

Creating the new site

To create and enable a new site in your server follow this steps:

NOTE: gedit is a common Linux editor but you can use any other alternative you like such as geany, nano, vim, pico, etc...

  • open a terminal an type
sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/mydevsite

NOTE: "mydevsite" is the name of the new site used in this example, you can use any other name you like

  • Open the site configuration
sudo gedit /etc/apache2/sites-available/mydevsite
  • The content of that file should be something like this
<VirtualHost *:80>
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>

  • Make some modifications to make it looks like this, or simply copy and paste it
<VirtualHost *:80>
        ServerAdmin webmaster@localhost

        DocumentRoot /home/youruser/lamp/public_html
        <Directory />
                Options FollowSymLinks
                AllowOverride All
        </Directory>
        <Directory /home/youruser/lamp/public_html>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride All
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /home/youruser/lamp/logs/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /home/youruser/lamp/logs/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride All
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>

NOTE: Replace "youruser" with your current user name

  • Save changes
  • Now we need to enable the site, in a terminal type
sudo a2ensite mydevsite
  • Lets disable the default site, we don't need it anymore
sudo a2dissite default
  • Restart Apache to complete the process, in a terminal type
sudo service apache2 restart
  • To test out our new site lets create a quick test file, in a terminal type
echo "<?php echo 'Hello world, today is is: '.date('Y/m/d'); ?>" | tee /home/youruser/lamp/public_html/today.php 

NOTE: Replace "yourname" with your current user name

  • Open your browser an navigate to "localhost/today.php"
  • If everything is working ok you should see something like this
Hello world, today is is: 2012/05/05

Enabling additional ports

Note: If you have no plans to show your local site to another person over Internet just skip this section.

With the last configuration you should be able to access your page and access it from another computer connected to your LAN, if your computer is connected to Internet and also have assigned a Public IP you can access your site using that IP from any web browser, but for some reason some ISPs does not allow HTTP traffic (HTTP = port 80) over dynamic IPs, to solve this you just need to configure Apache to reply requests from a different port, in this case we are going to use the port number 8080 which is easy to remember.

If you are using a router to connect to Internet you should have to configure a port forwarding setting on your router to let other people see your local site, Google "how to do port forwarding" on your current router model. If you don't now what is the difference between a Static IP, Dynamic IP, Private IP and a Public IP we recommend you to do a Wikipedia reading about these topics.

  • Open a terminal and type:
sudo gedit /etc/apache2/ports.conf
  • Find the line "listen 80" and insert this line underneath
Listen 8080
  • Save changes
  • Open your new site configuration
sudo gedit /etc/apache2/sites-available/mydevsite
  • Find this directive "<VirtualHost *:80>" and make the following modification
 <VirtualHost *:80 *:8080> 
  • Save changes
  • Restart Apache to complete the process, in a terminal type
sudo service apache2 restart
  • To test your new configuration try to access your site from another computer over Internet, just type your IP in the browser's address bar and press enter, if the request fails try the new alternative port like this xxx.xxx.xxx.xxx:8080

Preventing ownership and permissions problems

On Linux machines file permissions is a serious thing, Linux uses a mechanism to control what users can do an what they can not about folders, files and even the execution of applications, this mechanism consist in town set of parameters, the ownership and the permissions.

Files and folders ownership

Ownership have tow parameters the owner and group

The "owner" is who own the file or folder and it is represented by a "user name", in Linux a persons, applications and services use usernames, on most Linux distributions the Apache service runs under the user name "www-data".

The "group" is used to associate users into an logical group, this figure is useful when an administrator needs to grand or deny permissions to several users with one single command and not user by user.

Files and folders permissions

The permissions have three parameters that represents file and folder permissions for the owner, the group and others. the number goes from 0 to 7 and the following list explains what they means:

  • 4 = permission to read
  • 2 = permission to write
  • 1 = permission to execute
  • 0 = no permissions at all

Note: "Others" represents everybody, this parameter is used to grant permission to everyone no matter the user they are or the group they belong to. This parameter should be set with care under certain situations grant incorrect permission to sensitive files and folders can cause security problems.

For example if we got a file with permissions like this "644", it means (owner=read+write)(group=read)(others=read)

To get more information about the Linux file systems and file permissions read this article.

Adding yourself to the Apache group and modifying permissions

For this example your username will be "youruser", on most Linux distributions the Apache service runs on the user "wwww-data" and the group "www-data", we need to include our user "youruser" in to the "www-data" group to be able to set permissions to the web server files and have no problems when we have to edit them.

  • To add "youruser" to the Apache group, open a terminal and type
sudo adduser youruser www-data
  • Now we need to change the owner and group of all our web server files to owner "www-data" and group "www-data"
sudo chown -R www-data:www-data /home/youruser/lamp/public_html
  • Finally we have to set the correct folder permission so both APahce and our user can edit the files with no problems, on a terminal type
sudo chmod -R 775 /home/youruser/lamp/public_htm

Common problems and confusions

When Joomla creates files on extension installations or any other operation it uses the default mask 755 for folders and 644 for files, this permissions are correct and secure for production servers but it will give us problems on our local server because our editor will not be able to edit those files and folders. To fix this problems simple run again this tow commands.

sudo chown -R www-data:www-data /home/youruser/lamp/public_html

In the case you manually move files from your personal folders to the server web folder "public_html" those new files most likely will be owned by your username, this can cause problems if the server need to modify or delete information, to prevent this problem every time you move or copy information to your server web folder you ahve to set the correct owner and group for all those new files, open a terminal and run this command.

sudo chmod -R 775 /home/youruser/lamp/public_htm

Note: If your server have too many files this commands could be slow but you can always set a more specific path to apply permission in less files.

Other configurations

  • open a terminal and type
 sudo gedit /etc/php5/apache2/php.ini 
  • Find the line
output_buffering =
  • Set the value to "= Off"
  • Find the line
post_max_size =
  • Set the value to "= 20M"
  • Find the line
upload_max_filesize =
  • Set the value to "= 20M"
  • Save changes
  • Type in your terminal
sudo service apache2 restart

Enforcing security

Since your computer is now running web services, this services are listening for requests and will reply to anyone who have the correct IP and port, in other words other people in your LAN and Internet can access your local site without your permission or they can even try to crack/hack your workstation. To prevent this you just need to install a firewall and "deny" by default any external incoming requests to your computer.

For Linux users there is a nice and simple firewall called "Uncomplicated Firewall" to install the user interface and manage the firewall from your desktop just follow these steps

  • open a terminal and type:
 sudo apt-get install gufw 

Note: you can also install the application from the software center

  • Open the application when the installation finishes
  • Press the "unlock" button and type your administrative password
  • Make sure "status = On" and "Incoming = Deny" leave the rest in their default values
  • To test your firewall just try to connect to your local site from a local computer on your LAN or a remote computer over Internet when the firewall status is "Status = On", your shouldn't be able to connect whatsoever
  • Now "temporally" change the status of your firewall to "Status = Off" and try to connect again, people should be able to see your local site just fine, remember to set "Status = On" after this test

Note: In this tutorial we are denying any incoming external requests to any port, as a side note you can also Deny all incoming requests and manually allow incoming requests to few specific ports if you wish, but that kind of settings are up to you, since a PC workstation is not a server is ok to deny all incoming traffic by default