Installing a LAMP stack on Ubuntu Server 18.04 LTS

Prerequisites. You need:

Installation

  1. Update the latest packages from Ubuntu, then install the Apache web server.
    sudo apt update
    sudo apt install apache2

    Since this is a sudo command, these operations are executed with root privileges. It will ask you for your regular user's password to verify permission.
    Once you've entered your password, apt will tell you which packages it plans to install and how much extra disk space they'll take up. Press Y and hit ENTER to continue, and the installation will proceed.
  2. Adjust the firewall to allow web traffic.
    1. Check the the uncomplicated firewall (UFW) has an application profile for Apache.
      sudo ufw app list
      You should see the following output.
      Available applications:
      Apache
      Apache Full
      Apache Secure
      OpenSSH

      If you look at the Apache Full profile, it should show that it enables traffic to ports 80 and 443.
      sudo ufw app info "Apache Full"
      You should see the following output.
      Profile: Apache Full
      Title: Web Server (HTTP,HTTPS)
      Description: Apache v2 is the next generation of the omnipresent Apache web server.

      Ports:
      80,443/tcp
    2. Allow incoming HTTP and HTTPS traffic for this profile.
      sudo ufw allow in "Apache Full"
  3. Check to see if Apache installed and started correctly by visiting your server's public IP address.
    http://your_server_ip
    If you don't know your server's IP address, install curl and ask an outside service what your IP address is.
    sudo apt install curl
    curl http://icanhazip.com
  4. Install MySQL Now that you have your web server up and running, it is time to install MySQL. MySQL is a database management system. Basically, it will organize and provide access to databases where your site can store information.
    1. Again, use apt to install the software.
      sudo apt install mysql-server
    2. Run the security script that comes with MySQL that removes some dangerous defaults and locks down the database.
      sudo mysql_secure_installation
    3. This will begin an interactive script.
      • When asked if you want the VALIDATE PASSWORD PLUGIN, answer N.
      • When asked if you want to remove MySQL's anonymous user, answer Y.
      • When asked if you want to disallow root login remotely, answer Y.
      • When asked if you want to remove the test database and access to it, answer Y.
      • When asked if you want to reload privilege tables, answer Y.
    4. You'll need to change the authentication method for the root user from auth_socket to mysql_native_password.
      1. Open the MySQL prompt from the terminal.
        sudo mysql
      2. Check which authentication method your MySQL accounts use.
        mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;
        You should see the following output.
        +------------------+-------------------------------------------+-----------------------+-----------+
        | user | authentication_string | plugin | host |
        +------------------+-------------------------------------------+-----------------------+-----------+
        | root | | auth_socket | localhost |
        | mysql.session | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
        | mysql.sys | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
        | debian-sys-maint | *CC744277A401A7D25BE1CA89AFF17BF607F876FF | mysql_native_password | localhost |
        +------------------+-------------------------------------------+-----------------------+-----------+
        4 rows in set (0.00 sec)
        If the root user does authenticate with the auth_socket plugin, continue. If it authenticates using a mysql_native_password, skip this step.
      3. Alter the user to change the password and method.
        mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';
        where password is replaced with a strong password of your choosing.
      4. Reload the grant tables and put the new changes into effect.
        mysql> FLUSH PRIVILEGES;
      5. Double check your work by running the same SELECT line from above.
        mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;
        You should see that the row with the root user has changed plugins to mysql_native_password.
      6. Exit the MySQL shell.
        mysql> exit
  5. Install PHP
    sudo apt install php libapache2-mod-php php-mysql
    then restart the Apache2 service for changes to be recognized.
    sudo systemctl restart apache2
    Check to make sure the service has restarted.
    sudo systemctl status apache2
    You should see that the Apache 2 service is running. Hit Q to exit the status view.
  6. Install phpMyAdmin
    sudo apt install phpmyadmin php-mbstring php-gettext
    During the installation, the installer will ask which web server you're using. For the server selection, choose apache2. Select Yes when asked whether to use dbconfig-common. You'll then be asked to choose and confirm a MySQL application password for phpMyAdmin.
    WARNING: When the prompt appears, “apache2” is highlighted, but not selected. If you do not hit SPACE to select Apache, the installer will not move the necessary files during installation. Hit SPACE, TAB, and then ENTER to select Apache.
  7. Enable the mbstring PHP extension for proper operation.
    sudo phpenmod mbstring
  8. Restart Apache again.
    sudo systemctl restart apache2
  9. You can now go to phpMyAdmin in a web browser, login with the root user, using the MySQL password you set earlier, then add the users that you want under the User Accounts tab.
  10. If you are not setting up your server as a local-only virtualized environment (i.e., your server is publically accessible), you should get a SSL certificate. Run the following lines.
    sudo apt-get update
    sudo apt-get install software-properties-common
    sudo add-apt-repository universe
    sudo add-apt-repository ppa:certbot/certbot
    sudo apt-get update
    sudo apt-get install certbot python-certbot-apache
    sudo certbot --apache
    sudo certbot renew --dry-run
    During the installation, you'll be asked whether you'd like to redirect traffic. Select the redirect option.