LAMP is an acronym that historically referred to a certain stack of software, namely Linux, Apache, MySQL, and PHP. Nowadays, any component in the acronym could be swapped out with an alternative, but it’s my feeling that a Linux system is incomplete without a LAMP environment, to include desktop workstations as well as headless servers. It isn’t just that the platform was used for most of the early web and is still a competitive platform for the web, today, but also that it makes an excellent application platform for the home or office network.
This howto is going to demonstrate how to begin to set up the LAMP development environment on an openSUSE Leap 42.2 desktop system. It is important to note that this means the package selection and the configuration are driven by the need to have a wide set of libraries and tools for development and a permissive configuration, and is not concerned with the kind of security hardening required for a server that would be directly accessible from the Web. In fact, this article assumes the reader wants a system that can perform double-duty as a development workstation and a functional node on a home or business network with controlled access. We will configure our apps to use a secure connection over HTTPS, despite having created a walled garden, simply because web applications that are developed for the Web must be secure, these days. It is best to develop against that standard by default.
Just one convention. Any place in the text where you see orange text, remember to replace those values with your own.
Here’s the plan
This is not a hard howto to follow, but it is a bit lengthy, and the order in which the steps are performed does matter. Here is my proposal, then:
- Give your system a static network address
- Install the nano text editor
- Modify the hosts file
- Install the software from the openSUSE repositories
- Configure MySQL and Apache2 to start automatically on boot
- Create a folder for containing web development projects
- Modify the Apache2 configuration
- Define the default host as a virtual host
- Create a self-signed SSL certificate
- Define the SSL configuration for the default host
- Enable the secure site in Apache2
- Modify the PHP configuration
- Restart Apache2 and test HTTPS and PHP at the same time
Give your system a static network address
Frankly, it is not necessary to set a static IP address on a development machine where you are serving and editing files, but the moment that you decide that you would like to be able to allow another device on the network to access the apps you are developing is the moment that you are going to need a static IP address. Rather than waiting to cross that bridge some time in the future, let’s go ahead and set it up and plan on developing on it that way.
Let’s open the network configuration app by first opening YaST, using the application menu, and selecting System -> YaST. Provide your password, then press the OK button. In the main YaST window, scroll down to the System section and click the Network Settings icon.
By default, openSUSE is configured to use DHCP for connecting to the network, and we can see that it has recognized my network adapter. If YaST has also found your network adapter make sure it is highlighted and click the Edit button down near the bottom left corner of the app window.
How to set up a home network is outside the scope of this article. I am going to assume for demonstration purposes that you have a typical Class C network, and that addresses on it look something like 192.168.1.202. In this example, our network is 192.168.1.0/24, which means that all of the addresses will begin with 192.168.1. and the last number identifies each machine, specifically. The /24 means that your network’s netmask value is 255.255.255.0. The router on this network will take up the address 192.168.1.1, and it will serve as our network DNS and gateway, as well. Finally, the LAMP workstation we are going to build will reside at address 192.168.1.202. I’ve chosen this because in the previous article I wrote, How to set up a basic LAMP environment on Ubuntu 16.04, I assigned that system to the address 192.168.1.201 on my network, and I know that the next address is available.
Here are the IPv4 settings for our hypothetical server, and of course your settings may be different from mine:
Address: 192.168.1.202 Netmask: 255.255.255.0 Gateway: 192.168.1.1 DNS Servers: 192.168.1.1, 22.214.171.124, 126.96.36.199
You’ll note that this is one place where you can declare your host name on the openSUSE system. In my case, it is opensuse-virtual. Click on the Next button in the bottom right corner of the app window.
Your router, if configured to be a DHCP server, is probably also caching the DNS provided by your ISP. That’s why we make it the primary DNS server. Feel free to add a second and third DNS server, if you like. The ones I have included are Google’s DNS servers, 188.8.131.52 and 184.108.40.206.
Finally, click the Routing tab and enter the router address as the gateway for IPv4 and IPv6 connections. When finished, click the OK button and then close out of YaST, altogether. Please note that when you do, it will break any connection you have as the network device is restarted with a new address.
Install the nano text editor
“Real” programmers will sniff when I say that nano is a good, lightweight text editor for the command-line. It is the default in-terminal text editor on Ubuntu, but openSUSE offers vim, instead. Now, vim is a powerful editor, but it is a tad more complex than nano, and ain’t nobody got time for unnecessary complexity. So, I’m going to install nano from the terminal. Open a terminal and enter the following command to update the system software. It is a good idea to always update the software before installing anything.
sudo zypper up
When zypper is finished updating the system, install nano using the following command:
sudo zypper in nano
Enter “y” into the terminal and press the Enter key to continue.
Modify the hosts file
In the terminal window, enter the following command:
sudo nano /etc/hosts
The hosts file acts as the highest authority of hostname-to-IP address mapping on each system. You can see the IP address and hostname we gave to the system when we configured the static address on the network appended to the bottom of the file. In the future, as you add new virtual hosts, each new hostname and the IP address that it matches will be appended to the bottom of this file.
Close the document with the keyboard combination Ctrl-X.
Install the software from the openSUSE repositories
Okay, now we will install the basic LAMP environment with one command.
sudo zypper in patterns-openSUSE-lamp_server apache2-mod_php7 php7-bcmath php7-bz2 php7-calendar php7-ctype php7-curl php7-exif php7-ftp php7-gd php7-gettext php7-gmp php7-imap php7-intl php7-mcrypt php7-mysql php7-odbc php7-pcntl php7-pgsql php7-phar php7-posix php7-pspell php7-snmp php7-soap php7-sockets php7-wddx php7-xmlrpc php7-xsl php7-zip php7-zlib
You will be asked to confirm the installation. Enter “y” into the terminal and press the Enter key on your keyboard.
Configure MySQL and Apache2 to start automatically on boot
The next step is to set the local database server and web server to start up when ever the system starts up, and so we will run MySQL and Apache as system services, or daemons, that are always on. This takes surprisingly little processing power or memory. Even on my 13-year-old PCs, there is no noticeable difference in system performance with these services running full-time in the background.
Paste the following command to enable MySQL as a system service:
sudo systemctl enable mysql
The output should resemble the following:
Created symlink from /etc/systemd/system/multi-user.target.wants/mysql.service to /usr/lib/systemd/system/mysql.service.
You can start MySQL right now using the following command:
sudo systemctl start mysql
…and if you want to stop it:
sudo systemctl stop mysql
You can check the status of the MySQL server with this:
sudo systemctl status -l mysql
There is a script that is packaged with MySQL/MariaDB that will help us to get the database up and running, and will afford us an opportunity to set the password for the MySQL administrative user. Enter the following command into the terminal:
The script is interactive, and here are the values that I provided:
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
The Apache server will be handled in exactly the same way. To enable the web server to start at system boot time, paste the following into the terminal and press the Enter key:
sudo systemctl enable apache2
Start the web server with:
sudo systemctl start apache2
At this point you might want to open up a browser window and enter your system’s address into the browser’s address input box. You can use the hostname of your system, such as http://opensuse-virtual, or you can instead use your IP address, like http://192.168.1.202. You can also use the loopback network address or hostname, http://127.0.0.1 and http://localhost, respectively. You should find the default Apache2 landing page.
Except, it isn’t working, yet. Not really. We need to enable the PHP7 module in Apache2, and the Rewrite module as well, which some applications rely upon to use pretty URLs, among other things. Enter the following to enable PHP7:
sudo a2enmod php7
sudo a2enmod rewrite
Create a folder for containing web development projects
There is no one right place to put your web projects. I like to put my projects in my home folder, in a subfolder named Websites. The document root for the default website is located in the filesystem at /srv/www/htdocs. You can create the new folder using the openSUSE file manager, or you can do it from the terminal. In the terminal, make sure that you are in your home directory by entering the following command:
The cd command means “change directory”, and the tilde character (~) is a shortcut meaning the home directory. Create the new folder with the following command:
That’s where our virtual hosts will go. Enter the command below to list the visible contents of your home directory:
Modify the Apache2 configuration
At this time, let’s modify the main Apache configuration file to make our system permissive enough for development duty. In the terminal window, enter the following:
sudo nano /etc/apache2/default-server.conf
We’re going to modify the configuration file to make it a more permissive environment than it is by default, not being worried about being exposed directly to the Web. Find the lines that look like this
and then change them to matchthis
Options Indexes FollowSymLinks
Save the file with the keyboard combination Ctrl-O (letter “o”) followed by pressing the Enter key. Close the file with Ctrl-X.
Define the default host as a virtual host
When you decide to run virtual hosts on your system, Apache2 needs the default host to be redefined as a virtual host, itself.
Virtual hosts are defined in corresponding configuration files in the Apache2 website configuration directory, /etc/apache2/vhosts.d. Note that the configuration for the default server MUST be loaded first, therefore we typically give that file a name that will keep it at the top of the list, alphabetically and numerically, 000-default.conf. Look inside the virtual hosts configuration folder by entering the following command into the terminal:
sudo ls -l /etc/apache2/vhosts.d
The output should resemble the following:
-rw-r--r-- 1 root root 1741 Jan 19 06:17 vhost-ssl.template -rw-r--r-- 1 root root 4581 Jan 19 06:17 vhost.template
I’m going to copy the file vhost.template to a new file named 000-default.conf, and then I am going to open the new file in nano. Use the commands shown below to follow along.
sudo cp /etc/apache2/vhosts.d/vhost.template /etc/apache2/vhosts.d/000-default.conf
sudo nano /etc/apache2/vhosts.d/000-default.conf
I’m going to set the correct values in 000-default.conf, and I am going to get rid of commented and unused directives. After pruning, I am left with the following configuration:
<VirtualHost *:80> ServerAdmin firstname.lastname@example.org ServerName opensuse-virtual DocumentRoot /srv/www/htdocs ErrorLog /var/log/apache2/opensuse-virtual-error_log CustomLog /var/log/apache2/opensuse-virtual-access_log combined HostnameLookups Off UseCanonicalName Off ServerSignature On <Directory "/srv/www/htdocs"> Options Indexes FollowSymLinks AllowOverride All <IfModule !mod_access_compat.c> Require all granted </IfModule> <ifModule mod_access_compat.c> Order allow,deny Allow from all </IfModule> </Directory> </VirtualHost>
When you’re finished making changes, save the file and close it.
Create a self-signed SSL certificate
There is a lot to know when it comes to SSL and encryption on the Web, but for the sake of brevity, I will simply say that self-signed certificates are not insecure, nor does the use of self-signed certificates fall short in any way of best practices when used on a private network. The warnings that the use of self-signed certificates produces in browsers are of a certain hyperbolic pitch which may leave the lay user with the wrong impression about the suitability or the appropriateness of self-signed certificates in general. Even web-facing hosts might have legitimate reasons to use self-signed certificates, however, and if anyone tells you otherwise, you tell them to go pound sand.
In any case, we are going to use them, and we’re going to like it.
We can use a single command to create both a private key and a certificate, both of which are needed to operate the Apache2 web server in SSL mode:
sudo openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/apache2/ssl.key/opensuse-virtual.key -out /etc/apache2/ssl.crt/opensuse-virtual.crt
When you enter the above command into the terminal, it will initiate an interactive process wherein you will define your default server identity. It should resemble the following, except for the values in orange, which should replaced by your own values:
Generating a 4096 bit RSA private key ................................................++ ........................++ writing new private key to '/etc/apache2/ssl.key/opensuse-virtual.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:North Carolina Locality Name (eg, city) :Youngsville Organizational Name (eg, company) [Internet Widgits Pty Ltd]:Applebiter Consulting Organization Unit Name (eg, section) :Home Common Name (eg, server FQDN or YOUR name) :opensuse-virtual Email Address :email@example.com
Define the SSL configuration for the default host
As I did with the default virtual host definition, I’m going to copy the SSL virtual host template to a new file, this time named default-ssl.conf, and then I’m going to open the new file in the nano editor.
sudo cp /etc/apache2/vhosts.d/vhost-ssl.template /etc/apache2/vhosts.d/default-ssl.conf
sudo nano /etc/apache2/vhosts.d/default-ssl.conf
Again, just I did with the virtual host template, I am going to set the correct values for my default server, and I am going to remove comments and unused directives. After pruning, the default-ssl.conf file resembles the text and image below. Note that the template does not provide a Directory section in the configuration, but this will be required when virtual hosts are added. Go ahead and add the Directory section in the text below.
<IfDefine SSL> <ifDefine !NOSSL> <VirtualHost _default_:443> DocumentRoot "/srv/www/htdocs" ServerName opensuse-virtual:443 ServerAdmin firstname.lastname@example.org ErrorLog /var/log/apache2/opensuse-virtual-error_log TransferLog /var/log/apache2/opensuse-virtual-access_log SSLEngine on SSLCertificateFile /etc/apache2/ssl.crt/opensuse-virtual.crt SSLCertificateKeyFile /etc/apache2/ssl.key/opensuse-virtual.key CustomLog /var/log/apache2/ssl_request_log ssl_combined
<Directory "/srv/www/htdocs"> Options Indexes FollowSymLinks AllowOverride All <IfModule !mod_access_compat.c> Require all granted </IfModule> <ifModule mod_access_compat.c> Order allow,deny Allow from all </IfModule> </Directory>
</VirtualHost> </IfDefine> </IfDefine>
Enable the secure site in Apache2
On openSUSE, need to set an SSL flag in Apache2, and you can do it by entering the following command:
sudo a2enflag SSL
Modify the PHP configuration
Enter the following command into the terminal to have a look inside the PHP configuration folder:
sudo ls -l /etc/php7
You should see something like this:
total 0 drwxr-xr-x 1 root root 14 Mar 7 09:25 apache2 drwxr-xr-x 1 root root 14 Mar 7 09:25 cli drwxr-xr-x 1 root root 794 Mar 7 09:25 conf.d
The first two folders each hold a version of php.ini, the PHP configuration file. Because you can run PHP from the terminal as well as inside the Apache2 web server, there are two different environments, and can be configured independently. The third folder contains the configuration files for all of the installed PHP modules.
We are going to ignore the modules and modify the two php.ini files. Let’s start with the one apache2 subfolder. Enter the following command into the terminal to open the configuration in nano:
sudo nano /etc/php7/apache2/php.ini
Let’s find three directives and give them new values. The first will be the server time zone and the second and third will define the maximum POST size and maximum file upload size. This is kind of a large file, do let’s use the keyboard combo Ctrl-W to open a search input box, and then type “timezone” and press the Enter key. You can see in the screen grab below that I replaced the default ‘UTC’ with my time zone, ‘America/New_York’.
Use the keyboard combo Ctrl-W again to locate ‘upload_max_filesize’. I’m going to go ahead and jack mine up to 100M. You do what ever you like.
Finally, there is a setting for the maximum POST size, or how much data you can submit at once. This variable is named post_max_size and its value must be at least as big as the max_upload_filesize value, since multiple files could be uploaded at once. Although the default max number of simultaneous file uploads is 20, it is unlikely I will ever need to upload 20 100 mb files at once. So, I’m going to just set the value to 108M.
Save and close the file, then open the other php.ini file, the one used to define the configuration for PHP on the command-line. Let’s use the following command to open it in nano:
sudo nano /etc/php7/cli/php.ini
Now, just repeat the steps from above to modify the timezone parameter, and you’re done, here.
Restart Apache2 and test HTTPS and PHP at the same time
First, let’s create a very simple PHP script in the document root of our default web host using the following command:
sudo nano /srv/www/htdocs/info.php
And now, in the empty editor, type the following text. When you are finished, save and close the file.
The script we just created invokes a built-in function in PHP which renders its configuration to the screen. Hopefully, that configuration is exactly what we will see when we open the web browser.
Restart the Apache2 web server since we have made configuration changes:
sudo systemctl restart apache2
Remember that we are using self-signed certificates. I am going to show you how both Google Chrome and Firefox treat the situation when we open our default host over a secure web connection using the hostname or IP address of your system, such as https://opensuse-virtual/info.php or https://192.168.1.202/info.php.
Let’s begin by opening the site in Firefox.
Well, yes, in fact your connection is secure, it’s just that a Trusted Authority, which is a 3rd party whom you pay to endorse your claim that you are indeed who you say you are, has not been given their fee, and so your website is made to look like a criminal endeavor by default.
In Firefox, click the Advanced button, then the Add Exception… button, and finally click the Confirm Security Exception button to make Firefox relent and let you into your own web host. When the page loads, browse the details of your PHP installation at your leisure.
Now let’s see how Google Chrome presents our new website. Open up Chrome and again, enter the URL to your system into the input box, such as https://opensuse-virtual/info.php or https://192.168.1.202/info.php.
Chrome matches Firefox by blandly asserting a falsehood. Click the ADVANCED link on the bottom left.
You just installed and configured the LAMP stack on your system, but there is more work to do to finish erecting the development part of the environment. The remaining work will be demonstrated in upcoming articles. Thank you for participating in open source culture, and good luck.