LAMP Server – Linux (CentOS) + Apache + MySQL + PHP Server setup

Okay, this one has been done a million times over, in fact at the time of writing if you were to type the search “LAMP guide” into Google you will get around 331,000,000 pages! So why would I bother writing about it again? Well everyone has their own flavor of doing a LAMP server, and mine is probably just like yours! However I will be referencing a LAMP as a base server in many other posts of mine so if someone (or you) were later to want to do one of them you could start off with the same base system as me in the tutorials!

Anyway let’s get to it shall we?

But wait! I’m lazy or I don’t care about how you setup LAMP I just want it!

Ahhh ok, if you have done this all before and just want a no hassle get it over with script, then just copy and paste the below into a bash session and you’re done, with the exception of Securing your MySQL installation:

yum install httpd php mysql-server mysql php-mysql -y
service httpd start
service mysqld start
echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php

However if you aren’t interested in learning about a LAMP setup, then that’s ok! Not everyone wants to be intimate with Linux, however I don’t feel that you should be running your own server without this knowledge, so why not use a web hosting service and let them take care of it for you? πŸ™‚

What is a LAMP server

A LAMP server essentially means a server (virtual or dedicated) with a Linux based Operating System and the following packages installed:

  • Apache – The HTTP service, it’s what listens for requests for HTTP data and replies in kind
  • MySQL – The database product and dare I say the most common database solution for Linux based systems (that are not mission critical, even though MySQL is still a great product for that!)
  • PHP – The intelligence behind a lot of websites, it’s what runs logic and code before Apache goes and throws the requested data to a client’s machine (this is a very high level explanation of PHP and it’s not meant to offend!).

So why would I want one?

A LAMP server represents the most common but ‘basic’ webserver setup that is used to build upon. It will parse PHP script, reply to HTTP requests and the website can utilize a database storage system.

Ok, let’s get installing!

Prerequisites and assumptions

So during this tutorial I will be using a fresh installation of CentOS 6.5 x86 edition, different versions of CentOS and other flavors of Linux each have their own quirks, so see if you can follow, if you really get stuck try Google (only because its quicker than….) or post a comment and I will help you out as soon as I can!

For each of these steps we will be doing as the Linux user ‘root’ which gives us no hassle complete unrestricted use of the system. If you are not using root you should prefix all the bash commands with the following:

sudo

Installing all the packages

Ok we are going to install all the packages we need with a short and quick command:

yum install httpd php mysql-server mysql php-mysql -y

So what does this do?

  • yum – This is the package manager application, a bit like the “Add and Remove Programs” feature in Windows’s Control Panel
  • install – This let’s yum know what we are going to be doing (install, update or remove are most common)
  • httpd – This is the primary Apache package
  • php – This is the primary PHP package
  • mysql-server – This is the primary MySQL server package.
  • mysql – this is the primary MySQL client package
  • php-mysql – This is an extension for PHP that gives it the ability to perform actions with MySQL.
  • -y – This means don’t prompt us about y/n decisions regarding dependencies and download / install usage, just do it!

You should see it finish by summarizing the installed packages and dependencies and that will be the main installation done!

Making sure that Apache and MySQL start

We will issue a restart command to these services by executing the below bash commands:

service httpd start
service mysqld start

And then you should see 2 green OK messages like the below:

You will notice I have a warning message after my Apache and MySQL OK messages.

Don’t worry about the Apache one, the hostname I gave to my server when I created it doesn’t actually exist in the xaviertidus.com DNS, so Apache is warning us to take a look at that. In a real world situation we should definitely take care of this but as this is a demo for you we can just ignore it!

As for the MySQL warning, it’s valid because when MySQL is installed the root login doesn’t have a password, and it contains a bunch of permissions for a demo database which needs to be removed if you don’t plan to use it, but we will talk about that a little later on in the tutorial.

Securing your MySQL

Okay so your LAMP setup is almost complete however you need to secure your MySQL installation by running the following command:

/usr/bin/mysql_secure_installation

If you want to read more about this then check out another article I wrote all about securing MySQL post install here: Securing your new MySQL installation with /usr/bin/mysql_secure_installation

Testing your installation

Everything is done, however we should probably test it right?

The simplest way of doing this is creating a php info file, this is a file that contains only a single line of code (PHP code) and will display in a web browser all the information PHP has about your hosting environment. So let’s create one now, type the following in your shell:

echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php

Now you can view the page by browsing to it in your web browser, changing the ip address in my demo below to your server’s IP or hostname.

http://192.168.1.60/phpinfo.php

AndΒ  you should see something similar to the following:

And that’s it you’re done!

Having trouble seeing the phpinfo.php page?

I did too! Try just navigating to the server’s IP address or hostname, you should see something like this:

if you do, then the problem is probably in that php file we just created, edit using nano and see if you can fix the error or comment below for help.

If you cannot even see this page and your page request seems to time out after a long while then the problem is most likely that port 80 isn’t open.

To fix then edit the iptables file using the command below (I use nano which may not yet be installed, you can install it or use vi or whatever editor you like)

nano /etc/sysconfig/iptables

And we need to add the following line to your iptables file

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

The best place for it is just before the reject commands, so once you are finished it should look something like this:

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Now we just need to restart iptables for the changes to take effect, we do this by running this command:

/etc/init.d/iptables restart

You should see green across the board like the below:

However if you see something like this:

Just make sure that your iptables file has no blank lines or lines that begin with spaces and that you copied the rule correctly from here. Then try restarting iptables again.

Now hopefully you should be able to access your server on port 80, you may have to repeat this process with port 445 as well if you intend on using SSL.

Enjoy!

 

 

Install FreeRadius on CentOS 5 or 6 in just 3 commands!

Inspired by my previous post here:Β How to install a PPTPD VPN server on Centos 6.X in just 4 commands I wanted to make an installer for FreeRadius that could be achieved in as little steps as PPTPD.

And here we go, FreeRadius in 3 steps (or 5 if you’re using CentOS 5).

What you will need for this tutorial

  1. A VPS with Centos 5.x or 6.x (32 or 64 bit is ok)
  2. About 2 minutes of free time! (yes it’s that quick!)
  3. Putty terminal already connected to your server, ready to go!

Need a VPS? I highly recommend DigitalOcean if you are shopping around, pretty quick support and their entire website is perfectly automated. It’s a very impressive place to hang out!

Let’s begin, and finish in one step!

Simply copy and paste the appropriate set of commands below for your OS version into your putty session:

CentOS 6:

yum install -y git
cd /opt && git clone git://github.com/xaviertidus/FreeRadiusQuickScript.git
cd FreeRadiusQuickScript && bash install.centos6.sh

CentOS 5:

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
rpm -K rpmforge-release-0.5.2-2.el5.rf.i386.rpm
rpm -i rpmforge-release-0.5.2-2.el5.rf.i386.rpm
yum install -y git
cd /opt && git clone git://github.com/xaviertidus/FreeRadiusQuickScript.git
cd FreeRadiusQuickScript && bash install.centos5.sh

Once the final command from the lists above is input, my installer will start. It will ask you for two new passwords at the beginning, these are (in order of appearance):

Radius SQL User Password – this is the password that FreeRadius will use to connect to MySQL to verify logins sent to it for authorization.

Localhost Auth Request Secret – This is the secret that applications running on localhost will pass to FreeRadius to verify they are allowed to query.

Both of these have a default password set in the installer, so if you aren’t to bothered about security you can just hit enter for both of these without entering a thing.

Why does CentOS5 have a couple extra steps?

CentOS 5 was released back when Git was still a lil baby, and so it wasn’t in the repos for CentOS5. However we can add it in by using the few extra commands above our quick install script.

Ok I am done, what should I do now?

I recommend that if you’re actually doing to use this application for something other than fun you read the tutorial here: Β Installing FreeRadius on CentOS 5/6 or Ubuntu 11 for a more in depth explination about FreeRadius and it’s configuration files.

However if you already know all this or don’t care here are the next steps you should take (and with links on how to do them!)

  1. Secure your MySQL installation!
    We didn’t set a password for root in MySQL during this install, which means anyone can gain access to MySQL using root with no password. MySQL comes with a utility to help us with that called “mysql_secure_installation”, you can execute it by running this in your terminal “/usr/bin/mysql_secure_installation“, or you can read the tutorial on this here: Securing your new MySQL installation with /usr/bin/mysql_secure_installation
  2. Authorize additional servers to use your new FreeRadius server!
    At the moment only applications on the same server as FreeRadius only have access to FreeRadius’s authorization abilities, wouldn’t it be nice to only maintain one configuration of logins across multiple servers and applications? You need to add a few entries to your /etc/raddb/clients.conf (CentOS6) or /etc/freeradius/clients.conf (CentOS5) to do this, or you can read my tutorial on this here: Authorzing External Servers to use your FreeRadius Server
  3. Add additional user accounts to your FreeRadius server!
    If you only needed the one login for your purposes then FreeRadius is severely overkill, so you need to add more user accounts to the MySQL database we created during the script called ‘radius’, within that database is a table called ‘radcheck’ and that’s were you need to add more accounts. If you like however I have an tutorial on how to do this here: Adding and removing users from the FreeRadius Database (MySQL)

Adding and removing users from the FreeRadius Database (MySQL)

In this tutorial I will show you how to add and remove users from the radius database.  It’s a pretty easy task and yes I am even including a script like usual to make it easy for those of you who are not ‘lazy’ just time poor πŸ˜‰

This is a very popular topic based on visitor statistics! If you need more information or wish to improve upon the content let me know in the comments section.

Okay, before we begin we need:

  • A VPS with FreeRadius / MySQL installed
    If you need to set this up still, take a quick look here for how to set one up in a hurry: Install FreeRadius on CentOS 5 or 6 in just 3 commands!
    Or if you want to learn a little while you set one up then take a look at this How To here:  Installing FreeRadius on CentOS 5/6 or Ubuntu 11
  • The MySQL root password
    Or any account that has the appropriate permissions, to keep it simple though during this tutorial we will use root, you can use whatever account you feel will do the trick though if you like.
  • Some user accounts you want to setup in FreeRadius
    Write down a few usernames and passwords to go with to use during this tutorial and have them ready because we will need them soon.
  • An active putty session already logged into your server, ready to go!
    You can use whatever shell utility you like, but throughout this tutorial we will reference ‘putty’ which is available from here if you would like to download it: http://www.putty.org/
  • About 10-15 minutes of free time to do stuff
    Like I said it’s pretty easy however you might need a little background knowledge of MySQL. However if you managed to install FreeRadius previously you will probably be alright! πŸ™‚

A little about FreeRadius’s MySQL Database

When FreeRadius is used in conjunction with MySQL (most common practice I dare say) it will use a database usually called ‘radius’ and within that database there is a database table called ‘radcheck’. This table is the table we need to interact with as it is the one that contains all the user accounts that can be authenticated with FreeRadius.

It’s important to remember that like a lot of things you can choose what usernames something uses, what the database is called for something and you can even choose to use a remote MySQL server! However for this tutorial we will assume that MySQL and FreeRadius exist on the same server, and that the database is called ‘radius’ and the user account we will use with MySQL is root.

Adding a user account to ‘radcheck’

First connect to your database using the below, if your username is not root, then substitute root in the command for your username.

mysql -uroot -p

Then we need to switch to the radius database, so go ahead and enter in the following at the MySQL prompt:

use radius;

Remember to terminate your MySQL queries with a semi colon!

Now we will run our insert command to add a user. For this example the user we will be adding is Beyonce, and she will have the following login details:
Username: beyonce
Password: putaringonit

The insert code is like the following, I have highlighted the username part we need to replace in red and the password part we need to replace in blue.

INSERT INTO radcheck (id, username, attribute, op, value) VALUES (1,’myusername‘,’User-Password’,’:=’,’mypassword‘);

So here is the code we will run add Beyonce to our FreeRadius server:

INSERT INTO radcheck (id, username, attribute, op, value) VALUES (1,'beyonce','User-Password',':=','putaringonit');

When we run that in the MySQL prompt we should get no errors and Beyonce is now able to log on to our FreeRadius server.

Removing a user account from radcheck

Unfortunately Beyonce has decided to leave our FreeRadius server and so we need to delete her account.

There are a few different ways to target her record in radcheck however we’re going to use her username for this example, but you could also use the id column.

Here is the code to delete a record from radcheck, I have again highlighted the username part we need to change in red.

delete from radcheck where username = ‘myusername

Now, for our example of deleting Beyonce’s login from the database we will do the following:

delete from radcheck where username = 'beyonce'

And we should see from the console output that MySQL has removed her record from radcheck, so she will not be able to pass authentication anymore

Deleting – Afterthoughts…

There are probably times when you want to disable or delete (but keep a record of past user accounts), and if so you will need to think of a solution that is best for you. Generally FreeRadius is used as an endpoint for information, normally there is a greater system in play that sits above FreeRadius that manages user accounts such as WHMCS for example.

It’s also important to remember that deleting someone out of radclient doesn’t kick them out of whatever service they are currently logged into at the time! FreeRadius merely says yes or no at the point of authentication, it doesn’t keep tabs of the user’s session and it doesn’t report back to services to say that someone has been disabled or deleted! So you need to consider how you will manage active sessions with your services for users you want to delete or suspend.

Securing your new MySQL installation with /usr/bin/mysql_secure_installation

After you install MySQL you need to secure it. By default MySQL’s account for ‘root’ does not have a password associated for it, and the server also includes a demo database and all the permissions associated with it. If this server is going to be public or used for anything remotely serious we need to beef up security a bit.

And thats where mysql_secure_installation comes in.

Let’s begin!

After MySQL is installed it will prompt you to run the following command, so that is what we are going to do now!

/usr/bin/mysql_secure_installation

Then you should be greeted by a message asking you to enter the current root password, as there is no current root password we can just hit enter!

Next it will ask us if we want to set a password for root, to this we should say yes!

Now it will ask us for a new password, and then ask us to confirm it, go ahead!

Great now you should see the following success messages and then it should ask us if we want to remove anonymous users, yes we do!

Next it will ask us if we want to allow or disallow root to login remotely, ideally you shouldn’t allow this but there are circumstances where you may want to allow it. In this tutorial we’re going to say we don’t want root to be able to login from anywhere other than localhost, but if your preference is otherwise please google up some information about the subject first! πŸ™‚

Next it will ask us if we want to delete the test database and associated permissions – yes we want to do this!

Lastly it will ask if we want to reload the privilage table, which means our settings will come into immediate effect, to this we will again say yes!

And you’re done! You should see the following message:

This means your server is now post install secure, congrats!