Goal
Goal of this blog is to setup a PHP 5.6 LAMP Stack on Oracle cloud infrastructure, Install PHPMyAdmin to manage MySQL Database, Setup FTP Server to transfer files from local file system to cloud and Configure Email Server to send Emails
Generate SSH Keys
Create Virtual Cloud Network and Ubuntu 16.04 Image with Basic Settings
SSH to New Ubuntu Environment
Install LAMP Stack – APACHE 2
I would recommend referring this detailed link , however you can just copy paste the commands as well
ubuntu@cblogs1:~$ sudo apt-get update Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [107 kB] Get:2 http://security.ubuntu.com/ubuntu xenial-security/main Sources [126 kB] Get:3 http://security.ubuntu.com/ubuntu xenial-security/restricted Sources [2,116 B] ... ubuntu@cblogs1:~$ sudo apt-get install apache2 ... ubuntu@cblogs1:~$ sudo apache2ctl configtest AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message Syntax OK ... ubuntu@cblogs1:~$ sudo vi /etc/apache2/apache2.conf # Add this below line in the END ServerName < your server public IP > # Save and Exit ubuntu@cblogs1:~$ sudo apache2ctl configtest Syntax OK
Configure Firewall for Apache
ubuntu@cblogs1:~$ sudo systemctl restart apache2 ubuntu@cblogs1:~$ sudo ufw app list Available applications: Apache Apache Full Apache Secure OpenSSH ubuntu@cblogs1:~$ sudo ufw app info "Apache Full" Profile: Apache Full Title: Web Server (HTTP,HTTPS) Description: Apache v2 is the next generation of the omnipresent Apache web server. Ports: 80,443/tcp ubuntu@cblogs1:~$ sudo ufw allow in "Apache Full" Rules updated Rules updated (v6)
Ubuntu Firewall Rules
ubuntu@cblogs1:~$ sudo iptables --list --line-numbers Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED 2 ACCEPT icmp -- anywhere anywhere 3 ACCEPT all -- anywhere anywhere 4 ACCEPT udp -- anywhere anywhere udp spt:ntp 5 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh 6 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) num target prot opt source destination 1 BareMetalInstanceServices all -- anywhere link-local/16 Chain BareMetalInstanceServices (1 references) num target prot opt source destination 1 ACCEPT tcp -- anywhere 169.254.0.2 owner UID match root tcp dpt:iscsi-target /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */ 2 ACCEPT tcp -- anywhere 169.254.2.0/24 owner UID match root tcp dpt:iscsi-target /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */ .... removing this rule */ reject-with icmp-port-unreachable ubuntu@cblogs1:~$ sudo iptables -D INPUT 6 ubuntu@cblogs1:~$ sudo netfilter-persistent save run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables save run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables save ubuntu@cblogs1:~$ sudo netfilter-persistent reload run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
Oracle Linux Firewall Rules
To Open Port 8080 and 80
sudo firewall-cmd --zone=public --permanent --add-port=8080/tcp sudo firewall-cmd --zone=public --permanent --add-port=80/tcp sudo firewall-cmd --reload sudo firewall-cmd --zone=public --list-all
Restart Apache
ubuntu@cblogs1:~$ sudo systemctl restart apache2
ubuntu@cblogs1:~$ sudo systemctl status apache2
● apache2.service - LSB: Apache2 web server
Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: active (running) since Tue 2018-07-03 13:47:58 UTC; 8s ago
Docs: man:systemd-sysv-generator(8)
Process: 12344 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
Process: 12368 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)
Tasks: 55
Memory: 2.4M
CPU: 60ms
CGroup: /system.slice/apache2.service
├─12386 /usr/sbin/apache2 -k start
├─12389 /usr/sbin/apache2 -k start
└─12390 /usr/sbin/apache2 -k start
Jul 03 13:47:57 cblogs1 systemd[1]: Starting LSB: Apache2 web server...
Jul 03 13:47:57 cblogs1 apache2[12368]: * Starting Apache httpd web server apache2
Jul 03 13:47:58 cblogs1 apache2[12368]: *
Jul 03 13:47:58 cblogs1 systemd[1]: Started LSB: Apache2 web server.
Reality Check 1
This should open Apache2 Ubuntu Default Page on public IP address
Install MySQL Server Edition
ubuntu@cblogs1:~$ sudo apt-get install mysql-server Reading package lists... Done Building dependency tree Reading state information... Done The following packages were automatically installed and are no longer required: grub-pc-bin linux-headers-virtual linux-image-virtual Use 'sudo apt autoremove' to remove them. The following additional packages will be installed: ....
You can refer this Blog for MySQL Secure Installation
Install PHP 5.6
Be default Ubuntu Installs Version PHP 7, Since i dont want to do major changes to my code , i am more comfortable with 5.6
I referred this thread for PHP 5.6 Installation
You can follow below steps as well
ubuntu@cblogs1:~$ sudo add-apt-repository ppa:ondrej/php Co-installable PHP versions: PHP 5.6, PHP 7.x and most requested extensions are included. Only Supported Versions of PHP (http://php.net/supported-versions.php) for Supported Ubuntu Releases (https://wiki.ubuntu.com/Releases) are provided. Don't ask for end-of-life PHP versions or Ubuntu release, they won't be provided. Debian oldstable and stable packages are provided as well: https://deb.sury.org/#debian-dpa You can get more information about the packages at https://deb.sury.org BUGS&FEATURES: This PPA now has a issue tracker: https://deb.sury.org/#bug-reporting CAVEATS: 1. If you are using php-gearman, you need to add ppa:ondrej/pkg-gearman 2. If you are using apache2, you are advised to add ppa:ondrej/apache2 3. If you are using nginx, you are advise to add ppa:ondrej/nginx-mainline or ppa:ondrej/nginx PLEASE READ: If you like my work and want to give me a little motivation, please consider donating regularly: https://donate.sury.org/ WARNING: add-apt-repository is broken with non-UTF-8 locales, see https://github.com/oerdnj/deb.sury.org/issues/56 for workaround: # LC_ALL=C.UTF-8 add-apt-repository ppa:ondrej/php More info: https://launchpad.net/~ondrej/+archive/ubuntu/php Press [ENTER] to continue or ctrl-c to cancel adding it gpg: keyring `/tmp/tmptapcasgc/secring.gpg' created gpg: keyring `/tmp/tmptapcasgc/pubring.gpg' created gpg: requesting key E5267A6C from hkp server keyserver.ubuntu.com gpg: /tmp/tmptapcasgc/trustdb.gpg: trustdb created gpg: key E5267A6C: public key "Launchpad PPA for Ondřej Surý" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) OK ubuntu@cblogs1:~$ sudo apt-get install software-properties-common Reading package lists... Done Building dependency tree Reading state information... Done software-properties-common is already the newest version (0.96.20.7). The following packages were automatically installed and are no longer required: grub-pc-bin linux-headers-virtual linux-image-virtual Use 'sudo apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 13 not upgraded.
ubuntu@cblogs1:~$ sudo apt-get update
ubuntu@cblogs1:~$ sudo apt-get install php5.6ubuntu@cblogs1:~$
sudo apt-get install php5.6-mbstring php5.6-mcrypt php5.6-mysql php5.6-xmlubuntu@cblogs1:~$ sudo php -v
PHP 5.6.36-1+ubuntu16.04.1+deb.sury.org+1 (cli)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies
Create a simple PHP Info page
ubuntu@cblogs1:/var/www/html$ vi info.php ubuntu@cblogs1:/var/www/html$ sudo vi info.php phpinfo();
Reality Check 2
Refresh the webpage public-ip/info.php
Install PHPMyAdmin
ubuntu@cblogs1:/var/www/html$ sudo apt-get install phpmyadmin apache2-utils Reading package lists... Done ubuntu@cblogs1:/var/www/html$ sudo vi /etc/apache2/apache2.conf # Add this line in the End Include /etc/phpmyadmin/apache.conf # Save and Exit , Restart Apache ubuntu@cblogs1:/var/www/html$ sudo service apache2 restart
Reality Check 3
public-ip/phpmyadmin , should take you to PHPMyAdmin Web UI
Where is my PPK file ?
To do FTP we will be using .ppk file when you generate OpenSSH keys which is of open ssh format, you need to generate PPK file from it – we can do this using Putty KenGen Utility , Import Private Key and Save Public Key
if you are using Ubuntu OS as host and like to convert OpenSSH Key to .PPK file try this
puttygen bm_ssh_key -o bm_ssh_key.ppk
Installing FTP Server
You can refer this link for detailed installation steps or just follow the blog below
Removing Directory Browsing
sudo vi /etc/apache2/apache.conf
remove Indexes
sudo systemctl restart apache2
Add Ubuntu as user for /var/www folder with write permission
ubuntu@cblogs1:~$ sudo apt-get install vsftpd
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
grub-pc-bin linux-headers-virtual linux-image-virtual
Use 'sudo apt autoremove' to remove them.
The following NEW packages will be installed:
vsftpd
0 upgraded, 1 newly installed, 0 to remove and 4 not upgraded.
Need to get 115 kB of archives.
After this operation, 336 kB of additional disk space will be used.
Get:1 http://iad-ad-3.clouds.archive.ubuntu.com/ubuntu xenial/main
amd64 vsftpd amd64 3.0.3-3ubuntu2 [115 kB]
Fetched 115 kB in 0s (1,443 kB/s)
Preconfiguring packages ...
Selecting previously unselected package vsftpd.
(Reading database ... 97301 files and directories currently installed.)
Preparing to unpack .../vsftpd_3.0.3-3ubuntu2_amd64.deb ...
Unpacking vsftpd (3.0.3-3ubuntu2) ...
Processing triggers for systemd (229-4ubuntu21.2) ...
Processing triggers for ureadahead (0.100.0-19) ...
Processing triggers for man-db (2.7.5-1) ...
Setting up vsftpd (3.0.3-3ubuntu2) ...
Processing triggers for systemd (229-4ubuntu21.2) ...
Processing triggers for ureadahead (0.100.0-19) ...
ubuntu@cblogs1:~$ sudo systemctl restart vsftpd
ubuntu@cblogs1:~$ sudo systemctl status vsftpd
● vsftpd.service - vsftpd FTP server
Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-07-04 08:51:56 UTC; 12s ago
Process: 22017 ExecStartPre=/bin/mkdir -p /var/run/vsftpd/empty
(code=exited, status=0/SUCCESS)
Main PID: 22020 (vsftpd)
Tasks: 1
Memory: 364.0K
CPU: 3ms
CGroup: /system.slice/vsftpd.service
└─22020 /usr/sbin/vsftpd /etc/vsftpd.conf
Jul 04 08:51:56 cblogs1 systemd[1]: Starting vsftpd FTP server...
Jul 04 08:51:56 cblogs1 systemd[1]: Started vsftpd FTP server.
ubuntu@cblogs1:~$ sudo adduser ubuntu www-data
Adding user `ubuntu' to group `www-data' ...
Adding user ubuntu to group www-data
Done.
ubuntu@cblogs1:~$ sudo chown -R www-data:www-data /var/www
ubuntu@cblogs1:~$ sudo chmod -R g+rwX /var/www
Check for Routing rules for FTP and HTTP Ports at Ingress Rules
Ensure that FTP Port 21 and Port 80
Reality Check 5 Accessing FTP through Filezilla
Connect as ubuntu user in filezilla, give the Public IP and the PPK file that we generated , now FTP is enabled
Upload the file
Check the webpage
Setting up Mail Server
to be continued