| | 1 | = LAMP Installation and Web hardening = |
| | 2 | LAMP is one of the most common web systems we find today. Letters L A M P stands for '''Linux''' , '''Apache''', '''MySQL''' & '''PHP'''. [[br]] |
| | 3 | |
| | 4 | From your yesterday’s work, we already have our first objective ‘L’, i.e. Linux or in our case its Ubuntu. Therefore, let’s see how to install other three and then in to some security hardening. |
| | 5 | |
| | 6 | == Prerequisites == |
| | 7 | Before we begin, we need to have a non-root user account with '''sudo''' privileges set up on your Ubuntu 16.04 LTS server clean installation.[[br]] |
| | 8 | Check whether you can ping your vm from the pc using its domain name www.'yourdomain'.ws.learn.ac.lk |
| | 9 | |
| | 10 | == Installation of Apache == |
| | 11 | Apache is a web server application that is widely used in the internet for more than 20 years and it is a well-documented piece of Free and Open Source Software managed by Apache Foundation. |
| | 12 | (https://httpd.apache.org/) |
| | 13 | |
| | 14 | Before installing we need to update our repositories. Therefore we will first add debian apache repo to our list and do a update on the list. Since we will be using sudo commands, It will ask you for your user's password as these processors will be granted root privileges. |
| | 15 | {{{ |
| | 16 | sudo add-apt-repository ppa:ondrej/apache2 |
| | 17 | }}} |
| | 18 | |
| | 19 | When Asked press ‘Enter’ to Continue. Once the ppa is imported do an update. |
| | 20 | {{{ |
| | 21 | sudo apt-get update |
| | 22 | }}} |
| | 23 | |
| | 24 | Once the repo lists are updated run, |
| | 25 | {{{ |
| | 26 | sudo apt-get install apache2 |
| | 27 | }}} |
| | 28 | |
| | 29 | When asked press '''Y''' and hit '''Enter''' to continue, and the installation will proceed. |
| | 30 | |
| | 31 | Check installed apache version details by issuing, |
| | 32 | {{{ |
| | 33 | $ apache2 -v |
| | 34 | }}} |
| | 35 | '''NOTE''': if you had installed apache2 while installing Ubuntu OS then we should update it to the latest by, |
| | 36 | {{{ |
| | 37 | sudo apt-get --only-upgrade install apache2 -y |
| | 38 | }}} |
| | 39 | |
| | 40 | Now goto your browser and type '''http://www.'your domain'.ws.learn.ac.lk''' and check whether you are able to access the apache test page. |
| | 41 | |
| | 42 | == MySQL Installation == |
| | 43 | |
| | 44 | Once the web server is installed and running we need to install a database management system to host our dynamic data. For that we use MySQL database as another popular FOSS. |
| | 45 | |
| | 46 | So to install MYSQL run, |
| | 47 | {{{ |
| | 48 | sudo apt-get install mysql-server |
| | 49 | }}} |
| | 50 | |
| | 51 | Again you will be asked to press Y to continue. During the installation process you will be asked to type in and confirm a root password for your MySQL system. Please keep in mind that MySQL root is also similar to root access of your server and therefore choose a strong and unique password, never leave it |
| | 52 | blank. |
| | 53 | |
| | 54 | As the installation completes let’s tighten some security in MySQL by running, |
| | 55 | {{{ |
| | 56 | sudo mysql_secure_installation |
| | 57 | }}} |
| | 58 | Enter your MySQL root password when asked. As the first step it will ask |
| | 59 | |
| | 60 | '''VALIDATE PASSWORD PLUGIN''' |
| | 61 | |
| | 62 | |
| | 63 | where this will make your passwords associated with databases much stronger by enforcing password restrictions. Once you click y it will give three options LOW, MEDIUM, STRONG. Then select a level of password validation. Make sure to keep in mind that if you enter 1, for the medium level, you will receive errors when attempting to set any password which does not contain numbers, upper and lowercase letters, and special characters. [[br]] Then there will be several questions asked, please enter Y for every answer and enter.[[br]] Once the script ends running we can test our MySQL instance by login in to it. |
| | 64 | {{{ |
| | 65 | mysql –u root –p |
| | 66 | }}} |
| | 67 | Enter your MySQL root password when requested. |
| | 68 | |
| | 69 | == Install PHP 7 == |
| | 70 | As the last option of LAMP lets install PHP version 7. |
| | 71 | |
| | 72 | type in, |
| | 73 | {{{ |
| | 74 | sudo apt-get -y install php7.0 libapache2-mod-php7.0 |
| | 75 | }}} |
| | 76 | the switch –y will automatically put yes on the installation process when it is prompted.[[br]] |
| | 77 | Once the installation is finished restart apache. |
| | 78 | {{{ |
| | 79 | sudo service apache2 restart |
| | 80 | }}} |
| | 81 | To check php, lets create a test php file. |
| | 82 | {{{ |
| | 83 | sudo nano /var/www/html/info.php |
| | 84 | }}} |
| | 85 | '''Note''': /var/www/html/ is the default document root for apache in Ubuntu unless you have changed it in apache configuration. |
| | 86 | |
| | 87 | Enter the following in info.php |
| | 88 | {{{ |
| | 89 | <?php |
| | 90 | phpinfo(); |
| | 91 | ?> |
| | 92 | }}} |
| | 93 | Now let us call that file in a browser (e.g. http://www.'yourdomain'.ws.learn.ac.lk /info.php) |
| | 94 | |
| | 95 | If your PHP 7 is working you will see all your php server settings in a one single place. |
| | 96 | |
| | 97 | == Enabling Virtual Hosts == |
| | 98 | |
| | 99 | Before we go further test your domain names are correctly resolving to the same server IP address by issuing Ubuntu dig commands. |
| | 100 | {{{ |
| | 101 | dig @192.248.1.161 web1.’yourdomain’.ws.learn.ac.lk |
| | 102 | dig @192.248.1.161 web2.’yourdomain’.ws.learn.ac.lk |
| | 103 | }}} |
| | 104 | Next, create two directories on /var/www/ to host two separate web sites. |
| | 105 | {{{ |
| | 106 | sudo mkdir /var/www/web1 |
| | 107 | sudo mkdir /var/www/web2 |
| | 108 | }}} |
| | 109 | Create index pages on each directories containing following. |
| | 110 | {{{ |
| | 111 | sudo nano /var/www/web1/index.php |
| | 112 | }}} |
| | 113 | You may change the content as appropriate. |
| | 114 | {{{ |
| | 115 | <html> |
| | 116 | <head> |
| | 117 | <title>Web 1</title> |
| | 118 | </head> |
| | 119 | <body> |
| | 120 | <h1> <?php |
| | 121 | Echo "Hello, I’m Web1"; |
| | 122 | ?> |
| | 123 | </h1> |
| | 124 | </body> |
| | 125 | </html> |
| | 126 | }}} |
| | 127 | Default host configuration is located in /etc/apache2/sites-available/000-default.conf which serves any requests coming to its domain name or IP address. To make other two domains work, lets create virtual host files for each domain names; |
| | 128 | {{{ |
| | 129 | sudo nano /etc/apache2/sites-available/web1.conf |
| | 130 | }}} |
| | 131 | with the following content, |
| | 132 | {{{ |
| | 133 | <VirtualHost *:80> |
| | 134 | ServerAdmin admin@yourdomain.ws.learn.ac.lk |
| | 135 | ServerName yourdomain.ws.learn.ac.lk |
| | 136 | ServerAlias web1.yourdomain.ws.learn.ac.lk |
| | 137 | DocumentRoot /var/www/web1 |
| | 138 | ErrorLog ${APACHE_LOG_DIR}/error.log |
| | 139 | CustomLog ${APACHE_LOG_DIR}/access.log combined |
| | 140 | </VirtualHost> |
| | 141 | }}} |
| | 142 | Then create the virtual host for web2 as web2.conf on the same directory as web1.conf with the folowing. |
| | 143 | {{{ |
| | 144 | <VirtualHost *:80> |
| | 145 | ServerAdmin admin@yourdomain.ws.learn.ac.lk |
| | 146 | ServerName yourdomain.ws.learn.ac.lk |
| | 147 | ServerAlias web2.yourdomain.ws.learn.ac.lk |
| | 148 | DocumentRoot /var/www/web2 |
| | 149 | ErrorLog ${APACHE_LOG_DIR}/error.log |
| | 150 | CustomLog ${APACHE_LOG_DIR}/access.log combined |
| | 151 | </VirtualHost> |
| | 152 | }}} |
| | 153 | Once both files are written these needs to be enabled by, |
| | 154 | {{{ |
| | 155 | sudo a2ensite web1.conf |
| | 156 | sudo a2ensite web2.conf |
| | 157 | }}} |
| | 158 | Now restart the apache and check your browsers for following and see how three websites are hosted in one server. |
| | 159 | |
| | 160 | http://www.yourdomain.ws.learn.ac.lk [[br]] |
| | 161 | http://web1.yourdomain.ws.learn.ac.lk [[br]] |
| | 162 | http://web2.yourdomain.ws.learn.ac.lk [[br]] |
| | 163 | |
| | 164 | == CGI Scripts == |
| | 165 | == Apache Hardening == |
| | 166 | == file/folder permissions == |
| | 167 | == https configuration == |
| | 168 | == http2 == |
