It’s been a while since I’ve posted something useful. Quite busy with all my studies, and different projects going on. Nevertheless, I’ve had to do some installations at work and decided to document some of the process taken to install LAMP and PhpMyAdmin on Ubuntu 18.04. If you’re looking to install LAMP then you know what you’re in for, for those who do not LAMP is a collection of open source software bundled together to enable a server to host dynamic web applications. Stands for Linux, Apahce, MySql, and PhP = LAMP
Step 1 – Installing & Configuring Apache
So we’ll start by updating and installing the apache web server. Note, these commands are used with the sudo option which is for root privileges on the Ubunut OS. Once we have it installed we’ll configure the firewall to allow web traffic for HTTP and HTTPs. This is done using the following commands.
sudo apt update
sudo apt install apache2
sudo ufw allow in “Apache Full”
You’ll notice the last command above gave you your IP address. You can type that in a browser and you should see something like what’s on the screenshot below. If you’re on the same computer/server where it is being installed with a grapical user interface you can just type localhost instead of the IP address and you should recieve the same. One you get a page like that of the screenshot you’ve successfully installed apache2.
Step 2 – Installing MySql
Since our webserver is now up and running, we now want to tackle the database management system which in this case is MySql. Essentially, you can store and provide access to data being stored.
We’ll start by installing the mysql server using the command below:
sudo apt install mysql-server
We want to secure our installation by removing some dangerous default settings and locking down access to our database system.
In this process you’ll be asked if you want to configure the VALIDATE PASSWORD PLUGIN. This is your preference, of course by enabling it things will be more secure. It will tell you if you’re using weak passwords and force you to use more secure one’s. If you select Yes you’ll be prompted to chose a level of security between LOW, MEDIUM, & STRONG. Again your preference, but I would recommend enabling this setup.
Either way, you’ll be prompted for a password for the root user. Once you’ve done that just press Y which is Yes for each of the following prompts and hti Enter key after each prompt.
This is done using the following command:
Note that in Ubuntu systems running MySQL 5.7 (and later versions), the root MySQL user is set to authenticate using the auth_socket plugin by default rather than with a password. This allows for some greater security and usability in many cases, but it can also complicate things when you need to allow an external program (e.g., phpMyAdmin) to access the user. Since we’ll be using phpMyAdmin we’ll move forward and do this using the following commands, please ensure ‘password’ is something you choose, it’s going to be for the root user in mysql.
ALTER USER ‘root’@’localhost’ IDENTIFIED WITH mysql_native_password BY ‘password‘;
We’ve now secured MySql to a certain point, and we can move on to install PhP.
Step 3 – Installing PhP
Next up we have PhP, it allows dynamic content to be displayed and interpreted using our webserver. This ranges from scripts, database connections, and processing content. We’ll start by installing it along with some helper packages that allows it to run on Apache2 and communicate with MySql.
sudo apt install php libapache2-mod-php php-mysql
Apache by default looks for html pages first, so we want it to read and prefer PhP files first. So first let’s open the configuration file.
sudo nano /etc/apache2/mods-enabled/dir.conf
Move the PhP index file to the first position after the DirectoryIndex and make it look like the configuration below:
<IfModule mod_dir.c> DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm </IfModule>
Save the file, and restart apache for the changes to take effect.
sudo systemctl restart apache2
We’ll now test PhP processing on our webserver. To do this we will create a very simple script that Apache will interpret and tell us information about PhP. Our web directory is located at /var/www/html/, so please go to that directory using the cd command and create a file called info.php , once you’ve created that file type in the following contents.
<?php phpinfo(); ?>
Now save your changes, and exit. After you’ve done that go to a webbrowser and type in the IP Address of the server you’re working on, or if you’re in the same machine just type localhost.
The page that appears should look something like this:
As you can see there’s a lot of information about PhP. Tells you what modules are installed, versions, and a whole lot of information. This means PhP is indeed working. It is essential that you remove this file, you woudn’t want attackers to know all the details of your PhP on your server. If you ever need this information back you can always recreate the file and refer to it back. So please remember, delete the info.php file from your /var/www/html folder.
Step 4: Installing PhpMyadmin
There are various reasons why one would want a front end system for MySql. Some people find it hard to deal with the command line, and sometimes it just makes things easier. Of course with that also comes vulnerabilities and other forms of attacks. However, phpMyAdmin was created so that users can interact with MySql through a web interface.
We’ll begin by installing it using the commands below. During the installation you will be prompted with a few questions:
- For server selection choose Apache2
- Select Yes when asked if whether to use dbconfig-common.
- Chose a phpMyAdmin password.
The installation adds phpMyadmin apache configuration file in /etc/apache2/conf-enabled/ so we need to explicityly enable the mbstring. Later we simply restart apache for the changes to take effect.
This is done via the following commands:
sudo apt install phpmyadmin php-mbstring php-gettext
sudo phpenmod mbstring
sudo systemctl restart apache2
Before you can log in and begin interacting with your MySQL databases, you will need to ensure that your MySQL users have the privileges required for interacting with the program. When you installed phpMyAdmin onto your server, it automatically created a database user called
phpmyadmin which performs certain underlying processes for the program. Rather than logging in as this user with the administrative password you set during installation, it’s recommended that you log in as either your root MySQL user or as a user dedicated to managing databases through the phpMyAdmin interface. Since we already set a password for root when we were dealing with MySql you can use that password to manage phpMyAdmin.
Again you go to your domain followed by /phpmyadmin and the interface should pop up such as one in the image below.
Step 5: Securing PhpMyAdmin
PhpMyAdmin becomes quite a target once its discovered by attackers. Hence, an additional layer of security to prevent unauthorized access is to place a gateway infront of the application with an authorized autheticated .htaccess
We must override Apache’s configuration file located in the directory /etc/apache2/conf-available/phpmyadmin.conf
Open the file and enter the contents such as the one in the image below. Essentionally you’re adding and AllowOverride All directive. When you’ve added the line save and close the file and restart apache.
Now we need to create the .htaccess file. Create one by opening a file using your text editor such as nano with the following command
sudo nano /usr/share/phpmyadmin/.htaccess
Next enter the following information to it.
AuthType Basic AuthName "Restricted Files" AuthUserFile /etc/phpmyadmin/.htpasswd Require valid-user
Here is what each of these lines mean:
AuthType Basic: This line specifies the authentication type that you are implementing. This type will implement password authentication using a password file.
AuthName: This sets the message for the authentication dialog box. You should keep this generic so that unauthorized users won’t gain any information about what is being protected.
AuthUserFile: This sets the location of the password file that will be used for authentication. This should be outside of the directories that are being served. We will create this file shortly.
Require valid-user: This specifies that only authenticated users should be given access to this resource. This is what actually stops unauthorized users from entering.
When you are finished, save and close the file.
The location that you selected for your password file was
/etc/phpmyadmin/.htpasswd. You can now create this file and pass it an initial user with the
sudo htpasswd -c /etc/phpmyadmin/.htpasswd username
You will need to enter a password for the user being created. Later this file is created with a hashed password. Now whenever you try to access phpmyadmin you’ll be prompted to enter the user and password you created in this process. Thus, that’s two layers for any attacker to try to get through. See screenshot below of what you’d get before reaching phpmyadmin.
That’s it, you can now have fun with your webserver and start creating interactive applications. You have a LAMP stack installed and ready to be used with the additional phpmyadmin front end where you can create databases.