Setup an Ubuntu 14.04 LTS based LAMP stack on Rackspace
A little howto to set up a Ubuntu server on Rackspace, configure firewall, setup LAMP and configure vhosts.
As a few prerequisites to follow these instructions you should:
- be comfortable with terminal and basic Linux commands
- know to work with your favorite text editor on terminal
- have basic knowledge of the LAMP stack
Assuming you have already spun up an Ubuntu 14.04 LTS server from the Rackspace backend, let’s get started by opening terminal and ssh into your server:
ssh root@your.ip.address
Software installs
First let’s get the system up to date & run:
apt-get update
apt-get upgrade
Then let’s install what we will be needing for our LAMP stack:
apt-get install mysql-server apache2 php5 php5-mysql php5-gd
In all likelihood you will want to activate mod_rewrite:
a2enmod rewrite
Also, install your preferred text editor. My favorite is vim
apt-get install vim
User access management
We don’t want to login as root all the time, that’s bad practice. So, let’s add a new administrator user. And please.. try not to use the same password as the root ;)
adduser admin
And add the new admin to sudoers & apache group:
useradd -G sudo,www-data admin
Run ‘visudo’ and confirm that you see following:
%sudo ALL=(ALL:ALL) ALL
Now this should allow you to ssh into your server with your newly created admin user and start a root session via:
sudo su -
To make sure we don’t allow root to connect, in /etc/ssh/sshd_config edit set “PermitRootLogin yes” to “no”
Time to configure the firewall.
There are 2 easy ways to do that: IP Tables or UFW. We will go for IP tables and most of this section you find on the Rackspace pages. First let’s allow already established traffic (our current ssh connection):
iptables -A INPUT -m state —state ESTABLISHED,RELATED -j ACCEPT
Then we set a rule to allow ssh connections and incoming http traffic (port 80):
iptables -A INPUT -p tcp —dport ssh -j ACCEPT
iptables -A INPUT -p tcp —dport 80 -j ACCEPT
That’s all we need for now and we should decline all other incoming traffic to the server:
iptables -A INPUT -j DROP
To allow internal loopback traffic for inter-server communication:
iptables -I INPUT 1 -i lo -j ACCEPT
Now we need to save those rules with:
iptables-save > /etc/iptables.rules
And make sure they are loaded when we boot our server. For this we create two executable bash / shell scripts. First a new startup file with vim called iptablesload:
vim /etc/network/if-pre-up.d/iptablesload
and add:
#!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0
Make the new file executable with chmod:
chmod +x /etc/network/if-pre-up.d/iptablesload
Create another file iptablessave with vim:
vim /etc/network/if-post-down.d/iptablessave
and add:
#!/bin/sh
iptables-save -c > /etc/iptables.save
if [ -f /etc/iptables.downrules ]; then iptables-restore < /etc/iptables.downrules
fi
exit 0
Again make the file executable:
chmod +x /etc/network/if-post-down.d/iptablessave
That’s it. Best we reboot the server and the login with our new admin account.
shutdown -r now
Virtual Hosts
Once we are back up and ssh’d in let’s get cracking on vhosts and such ☺
You will notice that when we installed apache a basic index.html file was created: /var/www/html/index.html
That is the file you will see when you type in your IP address in your browser. If you don’t want to proceed setting up virtual hosts (see below) it might be a good idea to change this file to some generic placeholder index file you find appropriate, or start building your website there ☺
Otherwise, let’s proceed with vhosts and create a new folder
vim /etc/apache2/vhost.d
Then open the apache config file
vim /etc/apache2/apache2.conf
At the bottom of the file add:
Include vhost.d/*.conf
When working this vhost configuration it is important to remember that apache decides on the default vhost for the IP alphabetically. You should prefix the file in vhost.d that you want to use as default with ‘000-default-’ to make sure this will be the first one in the alphabet.
Let’s assume the first vhost entire will be our default and create a standard vhost config file for this:
vim /etc/apache2/vhost.d/000-default-mydomain.com.conf
And add:
<VirtualHost *:80>
DocumentRoot /var/www/html/mydomain
ServerName mydomain.com
ServerAlias www.mydomain.com
<Directory “/var/www/html/mydomain”>
AllowOverride all
</Directory>
CustomLog /var/log/apache2/mydomain.com-access.log forwarded
ErrorLog /var/log/apache2/mydomain.com.at-error.log
LogLevel warn
</VirtualHost>
Time to restart apache so that all those changes we made go into effect.
service apache2 restart
You are all set.