Building a LAMP Server

8/2/2019 Building a LAMP Server

1/12

Building a LAMP Server

by Bruce TimberlakeLast update: May 10, 2006

This document will walk you through the installation of what is known as a "LAMP" system:Linux, Apache, MySQL and PHP. Depending on who you talk to, the P also stands forPerlorPython, but in general, it is assumed to be PHP. I run CentOSon my servers; thesedirections were written for CentOS/Red Hat/Fedora. I have had requests for SuSE (anotherRPM-based distribution) as well as Debian-based systems, so I will work on variants of thesedirections for those distributions in the future (donations might help speed that process up!).The main difference between the distributions is in the paths to the startup scripts. Red Hatsystems used /etc/rc.d/init.d and SuSE uses /etc/init.d.

If you are not comfortable with trying this procedure yourself, I am available for hire toinstall LAMP systems, or assist you with any other Linux-based projects.

You can checkmy resume for background and contact information, or emailbrucetimberlake at gmail.com with your project details!

If you need an SSL-enabled server, I have a LAMP with SSL howto as well.

I designed this document so you can just copy/paste each line or block of commands intoyour shell session and it will "just work" for you. This avoids tedious typing, and theinevitable typos or missed steps that result. These commands work properly viacopy/paste. If you are having problems and you are not using copy/paste, please re-

check your typing before sending me an email saying "It doesn't work."

Text in a "command" box like this one is a literal Linux commandline, and should be typedor pasted exactly as written.

One note: many many people have followed these directions as written, and have not had anyproblems.If you are having a problem, chances are it's something you are doing (or not doing),something differentabout your computer, etc.

It is probably NOT this procedure. :)

Initial Steps

PLEASE BE AWARE THAT A SOURCE-BASED INSTALLATION LIKE THIS ONE ISNOT NEEDED FOR A BASIC LAMP SERVER! You should only be doing a source-basedinstallation if you need to alter settings in one or more components of the LAMP stack (e.g.,you need a feature in PHP that isn't in the default RPM). If you are just getting started with
http://brucetimberlake.com/http://www.centos.org/http://www.centos.org/http://brucetimberlake.com/resume.htmlhttp://lamphowto.com/lampssl.htmlhttp://www.centos.org/http://brucetimberlake.com/resume.htmlhttp://lamphowto.com/lampssl.htmlhttp://brucetimberlake.com/


2/12

LAMP, use the binaries provided by your distribution - it is much simpler, and a lot easier toupgrade later.

Most out-of-the-box Red Hat Linux installations will have one or more of the LAMPcomponents installed via RPM files. I personally believe in installing things like this from

source, so I get the most control over what's compiled in, what's left out, etc. But source codeinstalls can wreak havoc if overlaid on top of RPM installs, as the two most likely won't sharethe same directories, etc.

If you have not yet installed your Linux OS, or just for future reference, do not choose toinstall Apache, PHP, or MySQL during the system installation. Then you can immediatelyproceed with the source-based install listed here.

Note: to install applications from source code, you will need a C++ compiler (gcc++)installed. This is generally taken care of, but I've had enough queries about it that I've addedthis note to avoid getting more! You can use your distribution's install CDs to get the proper

version of the compiler. Or, if you are using an RPM based distro, you can use a site likehttp://www.rpmfind.net/ to locate the correct RPM version for your system. (You willobviously not be able to use/rebuild a source RPM to get the compiler installed, as you needthe compiler to build the final binary RPM!) On a Fedora system, you can do this command:

su - rootyum install gcc gcc-c++

Log in as root

Because we will be installing software to directories that "regular" users don't have write

access to, and also possibly uninstalling RPM versions of some applications, we'll log in asroot. The only steps that needroot access are the actual installation steps, but by doing the

configure and make steps as root, the source code will also be inaccessible to "regular"

users.

If you do not have direct access (via keyboard) to the server, PLEASE use Secure Shell(SSH) to access the server and not telnet!! Whenever you use telnet (or plain FTP for that

matter), you are transmitting your username, password, and all session information in "plaintext". This means that anyone who can access a machine someplace between your PC andyour server can snoop your session and get your info. Use encryption wherever possible!

su - root

Remove RPM Versions of the Applications

Before we start with our source code install, we need to remove all the existing RPM files forthese products. To find out what RPMs are already installed, use the RPM query command:

rpm -qa
http://www.rpmfind.net/http://www.openssh.com/http://www.openssh.com/http://www.rpmfind.net/http://www.openssh.com/http://www.openssh.com/


3/12

in conjunction with grep to filter your results:

rpm -qa | grep -i apacherpm -qa | grep -i httpdrpm -qa | grep -i php

rpm -qa | grep -i mysql

The 'httpd' search is in case you have Apache2 installed via RPM.

To remove the RPMs generated by these commands, do

rpm -efilename

for each RPM you found in the query. If you have any content in your MySQL databasealready, the RPM removal step should not delete the database files. When you reinstallMySQL, you should be able to move all those files to your new MySQL data directory and

have access to them all again.

Get the Source Code for all Applications

We want to put all our source code someplace central, so it's not getting mixed up insomeone's home directory, etc.

cd /usr/local/src

One way application source code is distributed is in what are known as "tarballs." The tar

command is usually associated with making tape backups - tar stands forTape ARchive. It's

also a handy way to pack up multiple files for easy distribution. Use the man tar commandto learn more about how to use this very flexible tool.

At the time of updating this, the current versions of all the components we'll use are:

MySQL - 4.1.22Apache - 1.3.37PHP - 4.4.6

Please note: these are the only versions of these that I have set up myself, and verified thesesteps against. If you use another version of any component, especially a newer version, this

HOWTO may not be accurate, and I won't be able to provide free support under thosecircumstances. Paid support and assistance is always available however.

wget http://www.php.net/distributions/php-4.4.6.tar.gzwget http://apache.oregonstate.edu/httpd/apache_1.3.37.tar.gz

There may be an Apache mirror closer to you - check theirmirror page for other sources.Then insert the URL you get in place of the above for the wget command.
http://httpd.apache.org/download.cgihttp://httpd.apache.org/download.cgi


4/12

For MySQL, go tohttp://www.mysql.com/and choose an appropriate mirror to get thenewest MySQL version (v4.1.22).

Unpack the Source Code

tar zxf php-4.4.6.tar.gztar zxf apache_1.3.37.tar.gztar zxf mysql-4.1.22.tar.gz

This should leave you with the following directories:

/usr/local/src/php-4.4.6/usr/local/src/apache_1.3.37/usr/local/src/mysql-4.1.22

Build and Install MySQL

First, we create the group and user that "owns" MySQL. For security purposes, we don't wantMySQL running as root on the system. To be able to easily identify MySQL processes in

top or a ps list, we'll make a user and group named mysql:

groupadd mysqluseradd -g mysql -c "MySQL Server" mysql

If you get any messages about the group or user already existing, that's fine. The goal is justto make sure we have them on the system.

What the useradd command is doing is creating a usermysql in the group mysql with the"name" of MySQL Server. This way when it's showed in various user and process watchingapps, you'll be able to tell what it is right away.

Now we'll change to the "working" directory where the source code is, change the file'ownership' for the source tree (this prevents build issues in reported in some cases where thepackager's username was included on the source and you aren't using the exact same name tocompile with!) and start building.

The configure command has many options you can specify. I have listed some fairlycommon ones; if you'd like to see others, do:

./configure --help | less

to see them all. Read thedocumentation on the MySQL website for a more detailedexplanation of each option.

cd /usr/local/src/mysql-4.1.22
http://dev.mysql.com/downloads/mysql/4.0.htmlhttp://dev.mysql.com/downloads/mysql/4.0.htmlhttp://dev.mysql.com/downloads/mysql/4.0.htmlhttp://www.mysql.com/documentation/index.htmlhttp://www.mysql.com/documentation/index.htmlhttp://dev.mysql.com/downloads/mysql/4.0.htmlhttp://www.mysql.com/documentation/index.html


5/12

chown -R root.root *

make clean

./configure \

--prefix=/usr/local/mysql \--localstatedir=/usr/local/mysql/data \--disable-maintainer-mode \--with-mysqld-user=mysql \--with-unix-socket-path=/tmp/mysql.sock \--without-comment \--without-debug \--without-bench

18-Jul-2005: If you are installing MySQL 4.0.x on Fedora Core 4, there is a problem withLinuxThreads that prevents MySQL from compiling properly. Installing on Fedora Core 3

works fine though. Thanks to Kevin Spencer for bringing this to my attention. There is aworkaround listed at http://bugs.mysql.com/bug.php?id=9497. Thanks to Collin Campbell forthat link. Another solution can be found at http://bugs.mysql.com/bug.php?id=2173. Thanksto Kaloyan Raev for that one.

Now comes the long part, where the source code is actually compiled and then installed. Planto get some coffee or take a break while this step runs. It could be 10-15 minutes or more,depending on your system's free memory, load average, etc.

make && make install

Configure MySQL

MySQL is "installed" but we have a few more steps until it's actually "done" and ready tostart. First run the script which actually sets up MySQL's internal database (named, oddlyenough, mysql).

./scripts/mysql_install_db

Then we want to set the proper ownership for the MySQL directories and data files, so thatonly MySQL (and root) can do anything with them.

chown -R root:mysql /usr/local/mysqlchown -R mysql:mysql /usr/local/mysql/data

Copy the default configuration file for the expected size of the database (small, medium,large, huge)
http://bugs.mysql.com/bug.php?id=9497http://bugs.mysql.com/bug.php?id=2173http://bugs.mysql.com/bug.php?id=9497http://bugs.mysql.com/bug.php?id=2173


6/12

cp support-files/my-medium.cnf /etc/my.cnfchown root:sys /etc/my.cnfchmod 644 /etc/my.cnf

If you get an error message about the data directory not existing, etc., something went wrong

in the mysql_install_db step above. Go back and review that; make sure you didn't getsome sort of error message when you ran it, etc.

Now we have to tell the system where to find some of the dynamic libraries that MySQL willneed to run. We use dynamic libraries instead of static to keep the memory usage of theMySQL program itself to a minimum.

echo "/usr/local/mysql/lib/mysql" >> /etc/ld.so.confldconfig

Now create a startup script, which enables MySQL auto-start each time your server is

restarted.

cp ./support-files/mysql.server /etc/rc.d/init.d/mysqlchmod +x /etc/rc.d/init.d/mysql/sbin/chkconfig --level 3 mysql on

Then set up symlinks for all the MySQL binaries, so they can be run from anyplace withouthaving to include/specify long paths, etc.

cd /usr/local/mysql/binfor file in *; do ln -s /usr/local/mysql/bin/$file /usr/bin/$file; done

MySQL Security Issues

First, we will assume that only applications on the same server will be allowed to access thedatabase (i.e., not a program running on a physically separate server). So we'll tell MySQLnot to even listen on port 3306 for TCP connections like it does by default.

Edit /etc/my.cnf and uncomment the

skip-networking

line (delete the leading #).

For more security info, check this great tutorialover atSecurityFocus.

Start MySQL

First, test the linked copy of the startup script in the normal server runlevel start directory, tomake sure the symlink was properly set up:
http://www.securityfocus.com/infocus/1726http://www.securityfocus.com/infocus/1726http://www.securityfocus.com/http://www.securityfocus.com/http://www.securityfocus.com/infocus/1726http://www.securityfocus.com/


7/12

cd ~/etc/rc.d/rc3.d/S90mysql start

If you ever want to manually start or stop the MySQL server, use these commands:

/etc/rc.d/init.d/mysql start/etc/rc.d/init.d/mysql stop

Let's "test" the install to see what version of MySQL we're running now:

mysqladmin version

It should answer back with the version we've just installed...

Now we'll set a password for the MySQL root user (note that the MySQL root user is not

the same as the system root user, and definitely should not have the same password as the

system root user!).

mysqladmin -u root password new-password

(obviously, insert your own password in the above command instead of the "new-password"string!)

You're done! MySQL is now installed and running on your server. It is highly recommendedthat you read about MySQL security and lock down your server as much as possible. TheMySQL site has info at http://www.mysql.com/doc/en/Privilege_system.html.

Test MySQL

To run a quick test, use the command line program mysql:

mysql -u root -p

and enter your new root user password when prompted. You will then see the MySQL

prompt:

mysql>

First, while we're in here, we'll take care of another security issue and delete the sampledatabase test and all default accounts except for the MySQL root user. Enter each of these

lines at the mysql> prompt:

drop database test;use mysql;delete from db;
http://www.mysql.com/doc/en/Privilege_system.htmlhttp://www.mysql.com/doc/en/Privilege_system.html


8/12

delete from user where not (host="localhost" and user="root");flush privileges;

As another security measure, I like to change the MySQL administrator account name fromroot to something harder to guess. This will make it that much harder for someone who

gains shell access to your server to take control of MySQL.

MAKE SURE YOU REMEMBER THIS NEW NAME, AND USE IT WHEREVERYOU SEE "root" IN OTHER DIRECTIONS, WEBSITES, ETC.

ONCE YOU DO THIS STEP, THE USERNAME "root" WILL CEASE TOEXIST IN YOUR MYSQL CONFIGURATION!

update user set user="sqladmin" where user="root";flush privileges;

Now, on with the "standard" testing... First, create a new database:

create database foo;

You should see the result:

Query OK, 1 row affected (0.04 sec)

mysql>

Delete the database:

drop database foo;

You should see the result:

Query OK, 0 rows affected (0.06 sec)

mysql>

To exit from mysql enter\q:

\q

Build and Install Apache (with DSO support)

The advantage to building Apache with support for dynamically loaded modules is that in thefuture, you can add functionality to your webserver by just compiling and installing modules,and restarting the webserver. If the features were compiled into Apache, you would need to


9/12

rebuild Apache from scratch every time you wanted to add or update a module (like PHP).Your Apache binary is also smaller, which means more efficient memory usage.

The downside to dynamic modules is a slight performance hit compared to having themodules compiled in.

cd /usr/local/src/apache_1.3.37

make clean

./configure \--prefix=/usr/local/apache \--enable-shared=max \--enable-module=rewrite \--enable-module=so


Build and Install PHP

This section has only been tested with PHP v4.x. If you are trying to build PHP 5.x, I do nothave experience with this yet, and do not provide free support for you to get it working.Please note that there are many options which can be selected when compiling PHP. Somewill have library dependencies, meaning certain software may need to be already installed onyour server before you start building PHP. You can use the command

./configure --help | less

once you change into the PHP source directory. This will show you a list of all possibleconfiguration switches. For more information on what these switches are, please check thePHP website documentation.

cd /usr/local/src/php-4.4.6

./configure \--with-apxs=/usr/local/apache/bin/apxs \--disable-debug \--enable-ftp \--enable-inline-optimization \--enable-magic-quotes \--enable-mbstring \--enable-mm=shared \--enable-safe-mode \--enable-track-vars \--enable-trans-sid \--enable-wddx=shared \--enable-xml \
http://www.php.net/manual/en/configure.phphttp://www.php.net/manual/en/configure.phphttp://www.php.net/manual/en/configure.php


10/12

--with-dom \--with-gd \--with-gettext \--with-mysql=/usr/local/mysql \--with-regex=system \

--with-xml \--with-zlib-dir=/usr/lib


cp php.ini-dist /usr/local/lib/php.ini

I like to keep my config files all together in /etc. I set up a symbolic link like this:

ln -s /usr/local/lib/php.ini /etc/php.ini

Then I can just open /etc/php.ini in my editor to make changes.

Recommended reading on securing your PHP installation is this article at SecurityFocus.com.

Edit the Apache Configuration File (httpd.conf)

I like to keep all my configuration files together in /etc, so I set up a symbolic link from the

actual location to /etc:

ln -s /usr/local/apache/conf/httpd.conf /etc/httpd.conf

Now open /etc/httpd.conf in your favorite text editor, and set all the basic Apacheoptions in accordance withthe official Apache instructions (beyond the scope of thisHOWTO).

Also recommended is the article on securing Apache.

To ensure your PHP files are properly interpreted, and not just downloaded as text files,remove the # at the beginning of the lines which read:

#AddType application/x-httpd-php .php#AddType application/x-httpd-php-source .phps

If the AddType lines above don't exist, manually enter them (without the leading # of course)

after the line

AddType application/x-tar .tgz

or anyplace within the section ofhttpd.conf.
http://www.securityfocus.com/infocus/1706http://www.securityfocus.com/http://www.securityfocus.com/http://httpd.apache.org/docs/install.html#trad_installhttp://httpd.apache.org/docs/install.html#trad_installhttp://www.securityfocus.com/infocus/1694http://www.securityfocus.com/infocus/1706http://www.securityfocus.com/http://httpd.apache.org/docs/install.html#trad_installhttp://www.securityfocus.com/infocus/1694


11/12

If you wish to use other/additional extensions/filetypes for your PHP scripts instead of just.php, add them to the AddType directive:

AddType application/x-httpd-php .php .fooAddType application/x-httpd-php-source .phps .phtmls

An example: if you wanted every single HTML page to be parsed and processed like a PHPscript, just add .htm and .html:

AddType application/x-httpd-php .php .htm .html

There will be a bit of a performance loss if every single HTML page is being checked forPHP code even if it doesn't contain any. But if you want to use PHP but be "stealthy" aboutit, you can use this trick.

Add index.php to the list of valid Directory Index files so that your "default page" in a

directory can be named index.php.

DirectoryIndex index.php index.htm index.html

You can add anything else you want here too. If you want foobar.baz to be a valid directory

index page, just add the .baz filetype to the AddType line, and add foobar.baz to the

DirectoryIndex line.

Start Apache

We want to set Apache up with a normal start/stop script in /etc/rc.d/init.d so it can be

auto-started and controlled like other system daemons. Set up a symbolic link for theapachectl utility (installed automatically as part of Apache):

ln -s /usr/local/apache/bin/apachectl /etc/rc.d/init.d/apache

Then set up auto-start for runlevel 3 (where the server will go by default):

ln -s /etc/rc.d/init.d/apache /etc/rc.d/rc3.d/S90apache

Then start the daemon:

/etc/rc.d/init.d/apache start

You can check that it's running properly by doing:

ps -ef


12/12

and look for the httpd processes.

A note from the author

I hope you find this guide, HOWTO, tutorial -- call it what you will -- useful. I also hope itsaves you some time. If you do find it useful, I would be grateful if you could make adonation using the button below (and if it wasn't useful, mail me and tell me why not).

I receive a great deal of mail as a result of this HOWTO, much of it asking me to solvevarious LAMP-related problems. Please bear in mind that the money that puts food on myfamily's table comes from the consultancy work that I do. If you would like help with any ofthe points discussed in this article,mail me and tell me what that help is worth to you. Quoteany amount you like, and if I'm able to help you out, you can make a PayPal donation by wayof thanks. Fair enough?
mailto:[email protected]:[email protected]:[email protected]:[email protected]:[email protected]

Building a LAMP Server

Documents

Transcript of Building a LAMP Server