Prepare Ubuntu 18.04 with LAMP (Linux, Apache, MySQL, PHP)
Step 1 — Installing Apache
Install Apache using Ubuntu’s package manager, apt:
sudo apt update
sudo apt install
apache2
Step 2 — Installing MySQL
sudo apt install
mysql-server
Logon to MySQL server by running the commands below
sudo mysql -u root
Notice no password?
That should get you into the database server. After that,
run the commands below to disable plugin authentication for the root user
USE mysql;
UPDATE user SET
plugin='mysql_native_password' WHERE User='root';
FLUSH PRIVILEGES;
exit;
Restart and run the commands below to set a new password.
sudo systemctl
restart mysql.service
After that, run the commands below to secure MySQL server
and create a new root password.
sudo
mysql_secure_installation
When prompted, answer the questions below by following the
guide.
Enter current password for root (enter for none):
Just press Enter
Set root password? [Y/n]: Y
New password: Enter
password
Re-enter new password: Repeat password
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y
You should now be able to logon with password authentication
and other applications should now work with the root password authentication.
Step 3 — Installing PHP
apt-get install
python-software-properties
add-apt-repository
ppa:ondrej/php
apt install php5.6
libapache2-mod-php5.6 php5.6-mysql php5.6-curl php5.6-json php5.6-cgi
php5.6-xml php5.6-readline php5.6-common php5.6-cgi php5.6-cli
systemctl restart
apache2
Step 4 — Setting Up Virtual Hosts
/etc/apache2/sites-available/your_domain.conf
ServerAdmin
webmaster@localhost
ServerName your_domain
ServerAlias www.your_domain
DocumentRoot /var/www/your_domain
ErrorLog
${APACHE_LOG_DIR}/error.log
CustomLog
${APACHE_LOG_DIR}/access.log combined
Enable site:
sudo a2ensite
your_domain.conf
Disable site:
sudo a2dissite
000-default.conf
Test for configuration errors:
sudo apache2ctl
configtest
Restart Apache:
sudo systemctl
restart apache2
Ubuntu 18.04 Chronicles: removing cloud-init
1.
dpkg-reconfigure cloud-init
·
Then deselect all
the options except None
2.
sudo apt-get
purge cloud-init
3.
sudo mv
/etc/cloud/ ~/; sudo mv /var/lib/cloud/ ~/cloud-lib
·
I prefer to move,
rather than delete, in case something goes wrong and you wish to restore the
files.
When you remove cloud-init following
those steps, your machine stops booting and there is apparently a service that
is waiting for network to be up. This would normally be just an inconvenience,
but the boot hangs indefinitely waiting for said network. Odd choice of
configuration out of the box, but anyway, you can fix this by:
- List the services which depend on
network being online.
o sudo systemctl show -p WantedBy
network-online.target
- This will list the culprits as
some iscsi services that you probably don’t need.
- Disable the services
o systemctl disable
Copy
Configuration and Files into New Server
1.
Copy wp-config.php
2.
Copy all files using rsync (be careful with
rsync, you can use option -anv as dry run script)
a.
rsync –option
i.
Server Old: xxx.xxx.xxx.xxx
ii.
Run rsync from new server:
3.
a2enmod dir
4.
a2enmod cgi
5.
a2enmod rewrite
6.
Backup Database: mysqldump
-uiradio_root -p --default-character-set=utf8 --databases iwpress_db >
191128iwpress_db.sql
7.
Restore Database: mysql -uroot
-p --default-character-set=utf8 <191128iwpress_db .sql="" span="">
8.
Grant privileges: grant all privileges on
namadb.* to 'namadb_admin'@'localhost' identified by 'password';
After iwpress.contoso.com available, you can access wp-admin and update
the wordpress, plugin and themes. After get the latest version of Wordpress
(version 5.3 – on date 29/11/2019), then you can upgrade the php5.6 to php7.3
Upgrade
PHP 5.6 to PHP 7.3
Use the following set of command to add PPA for PHP 7.3 in
your Ubuntu system and install PHP 7.3.
sudo apt-get install
python-software-properties
sudo
add-apt-repository ppa:ondrej/php
sudo apt-get update
Install PHP 7.3
apt-get install
libapache2-mod-php7.3 php7.3-cgi php7.3-cli
php7.3-common php7.3-curl php7.3-json php7.3-mysql php7.3-opcache
php7.3-readline php7.3-xml
Disable mod php apache
a2dismod php5.6
Enable mod php apache
a2enmod php7.3
Remove PHP 5.6
apt-get remove libapache2-mod-php5.6 php5.6-cgi
php5.6-cli php5.6-common php5.6-curl
php5.6-json php5.6-mysql php5.6-opcache php5.6-readline php5.6-xml
Listing any package with php
dpkg --get-selections
| grep php
Restart Apache Services
service apache2 restart
Hardening
Wordpress Sites
Change WordPress Database Prefix
By default, WordPress uses wp_ as the prefix for all tables
in your WordPress database. If your WordPress site is using the default
database prefix, then it makes it easier for hackers to guess what your table
name is. This is why we recommend changing it. You can change your database
prefix by following our step by step tutorial on how to change WordPress
database prefix to improve security.
Note: This can
break your site if it’s not done properly. Only proceed, if you feel
comfortable with your coding skills.
Security.conf
Edit /etc/apache2/conf-enabled/security.conf to
send only minimal information about the server:
ServerTokens Prod
ServerSignature Off
TraceEnable Off
mod_headers to be enabled
a2enmod headers
Add the following to your Apache configuration file /etc/apache2/conf-enabled/security.conf:
# Prevent MSIE from interpreting files as something else
than declared by the content type in the HTTP headers.
# Requires mod_headers to be enabled.
Header set
X-Content-Type-Options: "nosniff"
# Prevent other sites
from embedding pages from this site as frames. This defends against
clickjacking attacks.
# Requires mod_headers to be enabled.
Header set
X-Frame-Options: "sameorigin"
# Block pages from
loading when they detect reflected XSS attacks
# Requires mod_headers to be enabled.
Header set
X-XSS-Protection: "1; mode=block"
Restart Apache:
sudo service apache2
restart
