setting up LAMP Stack , PHP 5.6, PhpMyAdmin , FTP and Mail Server on OCI

Goal

Goal of this blog is to setup a PHP 5.6 LAMP Stack on Oracle cloud infrastructure, Install PHPMyAdmin to manage MySQL Database, Setup FTP Server to transfer files from local file system to cloud and Configure Email Server to send Emails

Generate SSH Keys 

Refer this link 

Create Virtual Cloud Network and Ubuntu 16.04 Image with Basic Settings

Refer this link  

SSH to New Ubuntu Environment 

Refer this link

Install LAMP Stack – APACHE 2

I would recommend referring this detailed link , however you can just copy paste the commands as well

ubuntu@cblogs1:~$ sudo apt-get update
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [107 kB]
Get:2 http://security.ubuntu.com/ubuntu xenial-security/main Sources [126 kB]
Get:3 http://security.ubuntu.com/ubuntu xenial-security/restricted Sources [2,116 B]
...
ubuntu@cblogs1:~$ sudo apt-get install apache2
...
ubuntu@cblogs1:~$ sudo apache2ctl configtest
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, 
using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message Syntax OK ... ubuntu@cblogs1:~$ sudo vi /etc/apache2/apache2.conf # Add this below line in the END ServerName < your server public IP > # Save and Exit ubuntu@cblogs1:~$ sudo apache2ctl configtest Syntax OK

Configure Firewall for Apache

ubuntu@cblogs1:~$ sudo systemctl restart apache2
ubuntu@cblogs1:~$ sudo ufw app list
Available applications:
  Apache
  Apache Full
  Apache Secure
  OpenSSH
ubuntu@cblogs1:~$ sudo ufw app info "Apache Full"
Profile: Apache Full
Title: Web Server (HTTP,HTTPS)
Description: Apache v2 is the next generation of the omnipresent Apache web
server.

Ports:
  80,443/tcp
ubuntu@cblogs1:~$ sudo ufw allow in "Apache Full"
Rules updated
Rules updated (v6)

Ubuntu Firewall Rules

ubuntu@cblogs1:~$ sudo iptables --list --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
2    ACCEPT     icmp --  anywhere             anywhere
3    ACCEPT     all  --  anywhere             anywhere
4    ACCEPT     udp  --  anywhere             anywhere             udp spt:ntp
5    ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
6    REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
1    BareMetalInstanceServices  all  --  anywhere             link-local/16

Chain BareMetalInstanceServices (1 references)
num  target     prot opt source               destination
1    ACCEPT     tcp  --  anywhere             169.254.0.2          
owner UID match root tcp dpt:iscsi-target /* See the Oracle-Provided Images 
section in the Oracle Bare Metal documentation for security 
impact of modifying or removing this rule */
2    ACCEPT     tcp  --  anywhere             169.254.2.0/24       
owner UID match root tcp dpt:iscsi-target /* See the Oracle-Provided Images 
section in the Oracle Bare Metal documentation for security impact of 
modifying or removing this rule */
....
removing this rule */ reject-with icmp-port-unreachable
ubuntu@cblogs1:~$ sudo iptables -D INPUT 6
ubuntu@cblogs1:~$ sudo netfilter-persistent save
run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables save
run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables save
ubuntu@cblogs1:~$ sudo netfilter-persistent reload
run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start

Oracle Linux Firewall Rules

To Open Port 8080 and 80

sudo firewall-cmd --zone=public --permanent --add-port=8080/tcp
sudo firewall-cmd --zone=public --permanent --add-port=80/tcp
sudo firewall-cmd --reload
sudo firewall-cmd --zone=public --list-all

Restart Apache

ubuntu@cblogs1:~$ sudo systemctl restart apache2
ubuntu@cblogs1:~$ sudo systemctl status apache2
● apache2.service - LSB: Apache2 web server
   Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
           └─apache2-systemd.conf
   Active: active (running) since Tue 2018-07-03 13:47:58 UTC; 8s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 12344 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
  Process: 12368 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)
    Tasks: 55
   Memory: 2.4M
      CPU: 60ms
   CGroup: /system.slice/apache2.service
           ├─12386 /usr/sbin/apache2 -k start
           ├─12389 /usr/sbin/apache2 -k start
           └─12390 /usr/sbin/apache2 -k start

Jul 03 13:47:57 cblogs1 systemd[1]: Starting LSB: Apache2 web server...
Jul 03 13:47:57 cblogs1 apache2[12368]:  * Starting Apache httpd web server apache2
Jul 03 13:47:58 cblogs1 apache2[12368]:  *
Jul 03 13:47:58 cblogs1 systemd[1]: Started LSB: Apache2 web server.

Reality Check 1

This should open Apache2 Ubuntu Default Page on public IP address

Install MySQL Server Edition

ubuntu@cblogs1:~$ sudo apt-get install mysql-server
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  grub-pc-bin linux-headers-virtual linux-image-virtual
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
....

You can refer this Blog for MySQL Secure Installation

Install PHP 5.6

Be default Ubuntu Installs Version PHP 7, Since i dont want to do major changes to my code , i am more comfortable with 5.6 

I referred this thread for PHP 5.6 Installation

You can follow below steps as well

ubuntu@cblogs1:~$ sudo add-apt-repository ppa:ondrej/php
 Co-installable PHP versions: PHP 5.6, PHP 7.x and most requested extensions are included. 
Only Supported Versions of PHP (http://php.net/supported-versions.php) 
for Supported Ubuntu Releases (https://wiki.ubuntu.com/Releases) are provided. Don't ask for
end-of-life PHP versions or Ubuntu release, they won't be provided. Debian oldstable and stable packages are provided as well: https://deb.sury.org/#debian-dpa You can get more information about the packages at https://deb.sury.org BUGS&FEATURES: This PPA now has a issue tracker: https://deb.sury.org/#bug-reporting CAVEATS: 1. If you are using php-gearman, you need to add ppa:ondrej/pkg-gearman 2. If you are using apache2, you are advised to add ppa:ondrej/apache2 3. If you are using nginx, you are advise to add ppa:ondrej/nginx-mainline    or ppa:ondrej/nginx PLEASE READ: If you like my work and want to give me a little motivation, please consider donating regularly: https://donate.sury.org/ WARNING: add-apt-repository is broken with non-UTF-8 locales, see https://github.com/oerdnj/deb.sury.org/issues/56 for workaround: # LC_ALL=C.UTF-8 add-apt-repository ppa:ondrej/php More info: https://launchpad.net/~ondrej/+archive/ubuntu/php Press [ENTER] to continue or ctrl-c to cancel adding it gpg: keyring `/tmp/tmptapcasgc/secring.gpg' created gpg: keyring `/tmp/tmptapcasgc/pubring.gpg' created gpg: requesting key E5267A6C from hkp server keyserver.ubuntu.com gpg: /tmp/tmptapcasgc/trustdb.gpg: trustdb created gpg: key E5267A6C: public key "Launchpad PPA for Ondřej Surý" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) OK ubuntu@cblogs1:~$ sudo apt-get install software-properties-common Reading package lists... Done Building dependency tree Reading state information... Done software-properties-common is already the newest version (0.96.20.7). The following packages were automatically installed and are no longer required: grub-pc-bin linux-headers-virtual linux-image-virtual Use 'sudo apt autoremove' to remove them. 0 upgraded, 0 newly installed, 0 to remove and 13 not upgraded.
ubuntu@cblogs1:~$ sudo apt-get update
ubuntu@cblogs1:~$ sudo apt-get install php5.6
ubuntu@cblogs1:~$ 
sudo apt-get install php5.6-mbstring php5.6-mcrypt php5.6-mysql php5.6-xml
ubuntu@cblogs1:~$ sudo php -v
PHP 5.6.36-1+ubuntu16.04.1+deb.sury.org+1 (cli)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
    with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend Technologies

Create a simple PHP Info page

ubuntu@cblogs1:/var/www/html$ vi info.php
ubuntu@cblogs1:/var/www/html$ sudo vi info.php

phpinfo();
 

Reality Check 2

Refresh the webpage public-ip/info.php

Install PHPMyAdmin

ubuntu@cblogs1:/var/www/html$ sudo apt-get install phpmyadmin apache2-utils
Reading package lists... Done
ubuntu@cblogs1:/var/www/html$ sudo vi /etc/apache2/apache2.conf
# Add this line in the End
Include /etc/phpmyadmin/apache.conf
# Save and Exit , Restart Apache
ubuntu@cblogs1:/var/www/html$ sudo service apache2 restart

Reality Check 3

public-ip/phpmyadmin , should take you to PHPMyAdmin Web UI

Where is my PPK file ?

To do FTP we will be using .ppk file when you generate OpenSSH keys which is of open ssh format, you need to generate PPK file from it – we can do this using Putty KenGen Utility , Import Private Key and Save Public Key

if you are using Ubuntu OS as host and like to convert OpenSSH Key to .PPK file try this

puttygen bm_ssh_key -o bm_ssh_key.ppk

Refer this blog

Installing FTP Server

You can refer this link for detailed installation steps or just follow the blog below

Removing Directory Browsing

sudo vi /etc/apache2/apache.conf

remove Indexes

sudo systemctl restart apache2

Add Ubuntu as user for /var/www folder with write permission

ubuntu@cblogs1:~$ sudo apt-get install vsftpd
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
  grub-pc-bin linux-headers-virtual linux-image-virtual
Use 'sudo apt autoremove' to remove them.
The following NEW packages will be installed:
  vsftpd
0 upgraded, 1 newly installed, 0 to remove and 4 not upgraded.
Need to get 115 kB of archives.
After this operation, 336 kB of additional disk space will be used.
Get:1 http://iad-ad-3.clouds.archive.ubuntu.com/ubuntu xenial/main 
amd64 vsftpd amd64 3.0.3-3ubuntu2 [115 kB] Fetched 115 kB in 0s (1,443 kB/s) Preconfiguring packages ... Selecting previously unselected package vsftpd. (Reading database ... 97301 files and directories currently installed.) Preparing to unpack .../vsftpd_3.0.3-3ubuntu2_amd64.deb ... Unpacking vsftpd (3.0.3-3ubuntu2) ... Processing triggers for systemd (229-4ubuntu21.2) ... Processing triggers for ureadahead (0.100.0-19) ... Processing triggers for man-db (2.7.5-1) ... Setting up vsftpd (3.0.3-3ubuntu2) ... Processing triggers for systemd (229-4ubuntu21.2) ... Processing triggers for ureadahead (0.100.0-19) ... ubuntu@cblogs1:~$ sudo systemctl restart vsftpd ubuntu@cblogs1:~$ sudo systemctl status vsftpd ● vsftpd.service - vsftpd FTP server Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2018-07-04 08:51:56 UTC; 12s ago Process: 22017 ExecStartPre=/bin/mkdir -p /var/run/vsftpd/empty
(code=exited, status=0/SUCCESS) Main PID: 22020 (vsftpd) Tasks: 1 Memory: 364.0K CPU: 3ms CGroup: /system.slice/vsftpd.service └─22020 /usr/sbin/vsftpd /etc/vsftpd.conf Jul 04 08:51:56 cblogs1 systemd[1]: Starting vsftpd FTP server... Jul 04 08:51:56 cblogs1 systemd[1]: Started vsftpd FTP server. ubuntu@cblogs1:~$ sudo adduser ubuntu www-data Adding user `ubuntu' to group `www-data' ... Adding user ubuntu to group www-data Done. ubuntu@cblogs1:~$ sudo chown -R www-data:www-data /var/www ubuntu@cblogs1:~$ sudo chmod -R g+rwX /var/www

Check for Routing rules for FTP and HTTP Ports at Ingress Rules

Ensure that FTP Port 21 and Port 80

Reality Check 5 Accessing FTP through Filezilla

Connect as ubuntu user in filezilla, give the Public IP and the PPK file that we generated , now FTP is enabled

Upload the file

Check the webpage

Setting up Mail Server

to be continued

Setting up DNS and HTTPS