Full install and setup of Apache, PHP, MySQL, SSL and FTP Ubuntu 18.10

How to install a full web server setup on Ubuntu 18.10 x64. This will also work on other versions of Ubuntu such as 18.04 and 16.04 x64. Installing Apache with PHP and MySQL enabling SSL with lets encrypt for your hostname and finally a secure FTP connecting to allow ease of web server file modifying and uploading.

I did this tutorial on a $5 server from Vultr in which they currently have a great promo where you get $50 free credit to use, click here to check it out.

Once your server is set up SSH into it as root and start things of by updating the server package index, as these commands are sudo (root privilege) it will ask you to re-enter your password once again.

sudo apt update

Apache

First part is setting up Apache which is a very popular open source web server.

sudo apt install apache2

Installs Apache and its required dependencies. Now we have to allow Apache through the firewall so traffic can access the web server:

sudo ufw allow in "Apache Full"

This allows HTTP and HTTPS traffic for Apache, you can check it worked by running:

sudo ufw status

Check Apache is running with this command:

sudo systemctl status apache2

Now in your web browser go to http://youripaddress or http://yourhostname.com and you will be greeted with the Apache Ubuntu default page. This is a sign of success.

MySQL

Lets install MySQL a popular database management system:

sudo apt install mysql-server

Lets secure MySQL

sudo mysql_secure_installation

You will be prompted to configure the VALIDATE PASSWORD PLUGIN which adds a level of security measurement to created passwords for MySQL. Its guide on ensuring your passwords are strong, you are then tasked with creating the root user password for MySQL.

By default the connection to MySQL is by auth socket rather than password, lets change this for simplicity. Connect to MySQL with:

sudo mysql

Check the authentication for each of the MySQL users:

SELECT user,authentication_string,plugin,host FROM mysql.user;

You will see in the output that root has auth_socket for the plugin, change this to password auth and set the password with:

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'CHANGEMEPASSWORD';

Change ‘CHANGEMEPASSWORD’ to a strong password!

Reload MySQL to have the changes active and exit from MySQL:

FLUSH PRIVILEGES;

exit

PHP

Time to install PHP

This command will also install php-mysql which helps integration.

sudo apt install php libapache2-mod-php php-mysql

Open the dir config file with

sudo nano /etc/apache2/mods-enabled/dir.conf

We need to change the order of which Apache will look for and load files, by default it will look like:

<IfModule mod_dir.c>
    DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
</IfModule>

Which means if a directory has an index.html and index.php file in it the index.html will be loaded as it sits earlier in the chain. Change it to look like this:

<IfModule mod_dir.c>
    DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
</IfModule>

Press CTRL + X, Y to save and ENTER to confirm location.

Restart Apache with:

sudo systemctl restart apache2

SSL

Lets secure your server with a free Lets Encrypt SSL certificate.

Start by installing Certbot, if you get apt-add-repository: Command not found run this command

sudo apt install --reinstall software-properties-common

Then or otherwise install Certbot:

sudo add-apt-repository ppa:certbot/certbot

Install Certbot Apache:

sudo apt install python-certbot-apache

Check you have the correct virtual host setup by replacing example.com with your hostname in the code below:

sudo nano /etc/apache2/sites-available/example.com.conf

Find where it says:

ServerName yourhostname.com;

If it doesn’t say that add it, Press CTRL + X, Y to save and ENTER to confirm location.

We can test if the file is valid by running:

sudo apache2ctl configtest

If it returns correct restart Apache:

sudo systemctl reload apache2

Call and configure the SSL certificate, remember to add your domain or hostname here that you have A records for. (Replace example.com and www.example.com)

sudo certbot --apache -d example.com -d www.example.com

It will ask you some details such as if you agree to the terms and for your email address. You will then get an output hopefully stating its a success and you can confirm this by going to https://domainname.com and getting the green padlock.

As the certificate expires every 90 days instead of manually renewing it Certbot can do it for you. To test that Certbots renew is functioning correctly run:

sudo certbot renew --dry-run

No errors? Then your certificates will auto renew.

FTP

The last part is installing and setting up FTP. THis will make editing files and/or developing on your server much more efficient.

vsftpd means very secure ftp daemon, it is the default FTP server for many linux distributions.

To install vsftpd run:

sudo apt-get install vsftpd

To check it was installed successfully and is running use:

sudo service vsftpd status

Now to open some ports, run each of the commands individually:

sudo ufw allow OpenSSH
sudo ufw allow 20/tcp
sudo ufw allow 21/tcp
sudo ufw allow 40000:50000/tcp
sudo ufw allow 990/tcp

sudo ufw enable

Check that the rules were applied correctly:

sudo ufw status

Create a FTP user, the username in the code below is ftpusername (change this)

sudo adduser ftpusername

Lets apply directory permissions assuming that as per the setup we have the default apache web server location (/var/www/).

Set /var/www as home directory for our FTP user:

sudo usermod -d /var/www ftpusername

Set ownership of the root directory (/var/www/html) to our FTP user. This allows read, write, delete and create

sudo chown ftpusername:ftpusername /var/www/html

NOTE: This is assuming you followed the apache setup above, over configurations could be such as (/var/www/domain.com/public_html) or (var/www/sub.domain.com/html). Make sure to check your directory structure.

vsftpd configuration file

Open the config file

sudo nano /etc/vsftpd.conf

Find the following 3 lines and remove the # from the beginning:

#write_enable=YES

#chroot_local_user=YES

#local_umask=022

This un-comments them and makes the value be abided by.

Press CTRL + X, Y to save and ENTER to confirm location.

FTP with TLS

Using openssl to generate a certificate for our server:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem

It will ask for details but you can enter empty values which is done by pressing the enter key

Open the config file again

sudo nano /etc/vsftpd.conf

Find

ssl_enable=NO

Change it to

ssl_enable=YES

Paste at the end of the file

rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
pasv_min_port=40000
pasv_max_port=50000

Press CTRL + X, Y to save and ENTER to confirm location.

Restart vsftpd with

sudo systemctl restart vsftpd

Test your FTP connection, you should be able to connect securely aswell as create, edit and delete files on your web server.

Thats it, you know have a fullly functioning web server, secured with SSL and equipped with FTP access.