Difference between revisions of "Configuring a LAMPP server for PHP development/Linux desktop"

Latest revision as of 16:40, 10 July 2022

This Article Needs Your Help

This article provides detailed instructions for configuring a LAMP server, not only for Joomla! but it also should work fine for PHP development in general. For information on installing other stacks see Installing_Joomla_on_Debian_Linux

These instructions should work fine on any Linux-based distribution such as Debian, Ubuntu, Linux Mint, Xubuntu, Kubuntu and others.

NOTE To complement the security of your computer, install a firewall to block external incoming traffic to your Web service. You may also have to change some directives on your site configuration file to serve only requests to the localhost address.

Installation[edit]

NOTE You need a stable internet connection for this tutorial. If you previously tried to install the LAMP stack and failed for any reason, visit How to remove the LAMP stack and follow the instructions to delete any server configuration and start from scratch.

The installation of a LAMP server on Linux is easy. Just follow these instructions:

Open a terminal and type:

sudo apt-get install apache2 php5-mysql libapache2-mod-php5 mysql-server phpmyadmin php5-curl

Say yes [Y] when the package manager asks you download and install the packages. This step will take some time.
At some point the installer will ask you for the MySQL root password. Use any password you like. For this example we are going to use myadmin.
The installer will ask for the Web server that should be automatically configured to run PHPMyAdmin. Press the [spacebar] to choose apache2 and press [enter]. NOTE Make sure the selection is marked with an asterisk [*].
The installer will ask for Configure database for PHPMyAdmin with dbconfig-common. Choose <yes> and press [enter].
The installer will ask for password of the database's administrative user. Use any password you like, but for this example we are going to use myadmin.
The installer will ask for MySQL application password for PHPMyAdmin. Use any password you like, but for this example we are going to use admin.
If no errors have being displayed, the installation is finished.

Apache Installation Test[edit]

Open your Web browser and type in the address bar localhost and press [enter].
Normally Apache display a test page with some text such as:

It works!
This is the default Web page for this server.
The Web server software is running but no content has been added yet.

PHP Installation Test[edit]

To verify that the PHP server is working, create a quick test file using the command line.

Open a terminal and type:

echo "<?php phpinfo(); ?>" | sudo tee /var/www/html/test.php

Open your Web browser and type in the address bar localhost/test.php and press [enter].
The next thing you should see in your browser is a long page displaying information about the PHP server. If not, the installation was not successful.
Once the PHP server is working fine, we don't need that test file anymore. Type the following command in your terminal to delete the file:

sudo rm /var/www/html/test.php

PHPMyAdmin Installation Test[edit]

Open your Web browser and type in the address bar localhost/phpmyadmin and press [enter].
The next thing you should see is the PHPMyAdmin login page. If not, then most likely you skipped or did not mark the option apache2 at the question Web server that should be automatically configured to run PHPMyAdmin. To fix this problem, purge the installation and start over again.
Login to PHPMyAdmin with the following credentials:
- username = root
- password = myadmin
You should be able to login normally and have no error messages.

Understanding the Folder Structure[edit]

There are several folders and files that the LAMP server uses to store the configurations of the LAMP services and to store the files of your hosted Websites.

Apache Default Web Site Folder[edit]

Location: /var/www/

Description: By default the Apache server enables a test website and stores the website files in that location. Every time you visit the page http://localhost, the browser displays the page located at /var/www/.

With your file browser, navigate to /var/www/. There should be a file called index.html. Change the content of the file to whatever you want and refresh the Web page to see the changes.

Apache Web Sites Configuration Files[edit]

Location: /etc/apache2/sites-available/

Description: You can host multiple sites on the same server. This folder contains a configuration file for each site.

Apache Configuration Files[edit]

Location: /etc/apache2/apache2.conf Location: /etc/apache2/envvars

Description: These files contain important information about the Apache service.

Apache Ports Configuration File[edit]

Location: /etc/apache2/ports.conf

Description: This file configures which port the Apache server will listen to for HTTP requests. By default, HTTP requests are assigned to port 80 but you can modify or add more ports.

Apache Log Files[edit]

Location: /var/log/apache2/

Description: This folder contains several files to keep track of events on your Apache Web server such as errors in the services, errors in the code of your site and failed authentication attempts. This is a good place to look when something is not working or you suspect someone is trying to breach your server security.

Configuration[edit]

Enabling mod_rewrite[edit]

The mod_rewrite module uses a rule-based rewriting engine based on a PCRE regular expression parser to rewrite requested URLs on the fly. By default, mod_rewrite maps a URL to a filesystem path. However, it can also be used to redirect one URL to another URL, or to invoke an internal proxy fetch.

For more information, visit the Apache mod_rewrite page.

Open a terminal and type:

sudo a2enmod rewrite

Now that the rewrite module is enabled, restart Apache.

sudo service apache2 restart

done

Deploying a New Site Folder Structure[edit]

By default the Web server is hosting the files in the location /var/www, but for security reasons and to avoid ownership problems, we are going to use another place to host our website files.

Let's create a new folder to store the web files and the log files of the site.

Open a terminal and type:

 mkdir /home/youruser/lamp/
 mkdir /home/youruser/lamp/public_html/
 mkdir /home/youruser/lamp/logs/

NOTE You can place your new site folders at any location. This is just an example. Replace youruser with an actual Linux username.

To store the Website files we are going to use the folder public_html. For our log files, we are going to use the folder logs.

Creating the New Site[edit]

To create and enable a new site in your server follow these steps:

NOTE gedit is a common Linux editor but you can use another alternative such as geany, nano, vim, pico etc.

Open a terminal an type:

sudo cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/mydevsite.conf

NOTE mydevsite is the name of the new site used in this example. You can use any other name you like.

Open the site configuration

sudo gedit /etc/apache2/sites-available/mydevsite.conf

The content of that file should be something like this:

 <VirtualHost *:80>
	# The ServerName directive sets the request scheme, hostname and port that
	# the server uses to identify itself. This is used when creating
	# redirection URLs. In the context of virtual hosts, the ServerName
	# specifies what hostname must appear in the request's Host: header to
	# match this virtual host. For the default virtual host (this file) this
	# value is not decisive as it is used as a last resort host regardless.
	# However, you must set it for any further virtual host explicitly.
	#ServerName www.example.com

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

	# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
	# error, crit, alert, emerg.
	# It is also possible to configure the loglevel for particular
	# modules, e.g.
	#LogLevel info ssl:warn

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	# For most configuration files from conf-available/, which are
	# enabled or disabled at a global level, it is possible to
	# include a line for only one particular virtual host. For example the
	# following line enables the CGI configuration for this host only
	# after it has been globally disabled with "a2disconf".
	#Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Make some modifications to make it look like this, or simply copy and paste it:

 <VirtualHost *:80>
 	ServerAdmin webmaster@localhost
 
 	DocumentRoot /home/youruser/lamp/public_html
 	<Directory />
                Options Indexes FollowSymLinks MultiViews
 		AllowOverride All
                Order allow,deny
                Allow from all
                Require all granted
 	</Directory>
 
 	ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
 	<Directory "/usr/lib/cgi-bin">
 		AllowOverride All
 		Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
 		Order allow,deny
 		Allow from all
 	</Directory>
 
 	ErrorLog /home/youruser/lamp/logs/error.log
 
 	# Possible values include: debug, info, notice, warn, error, crit,
 	# alert, emerg.
 	LogLevel warn
 
 	CustomLog /home/youruser/lamp/logs/access.log combined
 
     Alias /doc/ "/usr/share/doc/"
     <Directory "/usr/share/doc/">
         Options Indexes MultiViews FollowSymLinks
         AllowOverride All
         Order deny,allow
         Deny from all
         Allow from 127.0.0.0/255.0.0.0 ::1/128
     </Directory>
 </VirtualHost>

NOTE Replace youruser with your current user name.

Save your changes.
Now we need to enable the site. In a terminal type:

sudo a2ensite mydevsite

Let's disable the default site, since we don't need it anymore.

sudo a2dissite 000-default

Restart Apache to complete the process. In a terminal type:

sudo service apache2 restart

To test our new site, let's create a quick test file. In a terminal type:

echo "<?php echo 'Hello world, today is is: '.date('Y/m/d'); ?>" | tee /home/youruser/lamp/public_html/today.php

NOTE Replace yourname with your current user name.

Open your browser and navigate to localhost/today.php.
If everything is working okay, you should see something like this:

Hello world, today is is: 2022/07/10

Enabling Additional Ports[edit]

Note: If you have no plans to show your local site to another person over the Internet, skip this section.

With the last configuration you should be able to access your page and access it from another computer connected to your LAN. If your computer is connected to the Internet and also has an assigned Public IP, you can access your site using that IP from any Web browser. Note that some ISPs do not allow HTTP traffic (HTTP = port 80) over dynamic IP addresses. To solve this, you need to configure Apache to reply to requests from a different port. In this case we are going to use the port number 8080 which is easy to remember.

If you are using a router to connect to the Internet, you have to configure a port forwarding setting on your router to let other people see your local site. Google how to do port forwarding on your current router model. If you don't know the difference between a Static IP, Dynamic IP, Private IP and a Public IP, we recommend you to do a Wikipedia reading about these topics.

Open a terminal and type:

sudo gedit /etc/apache2/ports.conf

Find the line listen 80 and insert this line underneath:

Listen 8080

Save the changes.

Open your new site configuration.

sudo gedit /etc/apache2/sites-available/mydevsite

Find this directive <VirtualHost *:80> and make the following modification:

 <VirtualHost *:80 *:8080>

Save the changes.

Restart Apache to complete the process. In a terminal type:

sudo service apache2 restart

To test your new configuration, try to access your site from another computer over internet. Just type your IP address in the browser's address bar and press enter. If the request fails, try the new alternative port like this: xxx.xxx.xxx.xxx:8080

Preventing Ownership and Permissions Problems[edit]

On Linux machines, file permissions are an important thing. Linux uses a mechanism to control what users can do and cannot do with folders, files and even the execution of applications. This mechanism consists of parameters, the ownership and the permissions.

Files and Folders Ownership[edit]

Ownership has two parameters: The owner and the group.

The owner is the user that owns the file or folder and is represented by a username. In Linux persons, applications and services use usernames. On most Linux distributions, the Apache service runs under the username www-data.

The group is used to associate users into an logical group. This figure is useful when an administrator needs to grant or deny permissions to several users with one single command and not user by user.

Files and Folders Permissions[edit]

The permissions have three parameters that represent file and folder permissions for the owner, the group and others. These number range from 0 to 7, and mean the following:

4 = permission to read
2 = permission to write
1 = permission to execute
0 = no permissions at all

Note: Others represents everybody. This parameter is used to grant permission to everyone no matter the user or the group they belong to. This parameter should be set with care. Granting incorrect permissions to sensitive files and folders can cause security problems.

For example, if we have a file with permissions such as 644, it means (owner=read+write) (group=read) (others=read).

To get more information about the Linux file systems and file permissions read the How do UNIX file permissions work? article.

Adding Yourself to the Apache Group and Modifying Permissions[edit]

For this example, your username will be youruser. On most Linux distributions, the Apache service runs on the user www-data and the group www-data. We need to include our user youruser in the www-data group to be able to set permissions to the Web server files and have no problems when we have to edit them.

To add youruser to the Apache group, open a terminal and type:

sudo adduser youruser www-data

Now we need to change the owner and group of all our Web server files to owner www-data and group www-data.

sudo chown -R www-data:www-data /home/youruser/lamp/public_html

Finally, we have to set the correct folder permissions so both Apache and our user can edit the files with no problems. On a terminal type:

sudo chmod -R 775 /home/youruser/lamp/public_html

Common Problems and Confusions[edit]

When Joomla creates files on extension installations or any other operation, it uses the default mask 755 for folders and 644 for files. These permissions are correct and secure for production servers but it will give us problems on our local server because our editor will not be able to edit those files and folders. To fix these problems, simply run this command again:

sudo chmod -R 775 /home/youruser/lamp/public_html

In case you manually move files from your personal folders to the server Web folder public_html, those new files most likely will be owned by your username. This can cause problems if the server needs to modify or delete information. To prevent this problem, every time you move or copy information to your server web folder you have to set the correct owner and group permissions for all those new files. Open a terminal and run this command:

sudo chown -R www-data:www-data /home/youruser/lamp/public_html

Note: If your server has too many files, these commands could be slow but you can always set a more specific path to apply permission in fewer files.

Another option is to configure the default Apache owner and group. For all new files created by the server these settings are used. We can change the in the environment variables file. Run this command to open and edit the file:

sudo gedit /etc/apache2/envvars

Find the following lines and change them this way (replacing youruser with your current username):

export APACHE_RUN_USER=youruser
export APACHE_RUN_GROUP=www-data

Restart Apache with the following command:

sudo service apache2 restart

Other Configurations[edit]

Open a terminal and type:

 sudo gedit /etc/php5/apache2/php.ini

Find the line:

output_buffering =

Set the value to = Off.

Find the line:

post_max_size =

Set the value to = 20M.

Find the line:

upload_max_filesize =

Set the value to = 20M.

Save the changes.

Type in your terminal:

sudo service apache2 restart

Enforcing Security[edit]

Since your computer is now running web services, these services are listening for requests and will reply to anyone who has the correct IP and port. In other words, other people in your LAN and the internet can access your local site without your permission or they can even try to crack or hack your workstation. To prevent this, you need to install a firewall and deny by default any external incoming requests to your computer.

For Linux users, there is a nice and simple firewall called Uncomplicated Firewall. To install the user interface and manage the firewall from your desktop, just follow these steps:

Open a terminal and type:

sudo apt-get install gufw

Note: You can also install the application from the Software Manager.

Open the application. When the installation finishes, press the unlock button and type your administrative password.

Set Status = On and Incoming = Deny. Leave the rest of the settings at their default values.

To test your firewall, just try to connect to your local site from a local computer on your LAN or a remote computer over the internet. When the firewall status is Status = On, you shouldn't be able to connect at all.

Now temporarily change the status of your firewall to Status = Off and try to connect again. People should be able to see your local site just fine. Remember to set Status = On after this test.

Note: In this tutorial we are denying any incoming external requests to any port. As a side note, you can also Deny all incoming requests and manually allow incoming requests to few specific ports if you wish, but those kinds of settings are up to you. Since a PC workstation is not a server, it is okay to deny all incoming traffic by default.