Nah.

Actually, this little WP blog is going nowhere. I still want to generate helpful content, but I think the way to go will be to produce a whole course worth of stuff, and then try to shop it around, perhaps generate some passive income. So, hey, thanks for stopping by, and I’ll probably replace this WP installation with something I made, myself, soon. 

Ubuntu 18.* LAMP Development Setup Part 1 of 3

Stepwise Overview

  1. Install LAMP server metapackage
  2. Install PHP modules
  3. Prepare MySQL
  4. Install phpMyAdmin
  5. Configure Apache2 
  6. Configure firewall to allow access to the host
  7. Prepare system for developer access

1. Install LAMP server metapackage

sudo apt-get update
// monitor for queries
sudo apt-get install lamp-server^ 

2. Install PHP modules

sudo apt-get install php php-all-dev php-bcmath php-bz2 php-cli php-common php-curl php-date php-db php-fpdf php-fxsl php-gd php-geshi php-getid3 php-gettext php-gmp php-gnupg php-imagick php-imap php-interbase php-intl php-json php-ldap php-mapi php-markdown php-mbstring php-mysql php-odbc php-pear php-pgsql php-pspell php-snmp php-soap php-solr php-sqlite3 php-sybase php-tcpdf php-tidy php-xml php-xmlrpc php-zip php-zmq 

3. Prepare MySQL

sudo systemctl enable mysql
sudo systemctl start mysql
sudo mysql_secure_installation
...

This script will have you create a password for the root user, but before it does, it will try to convince you to use stricter rules governing allowed passwords. Enter “no”, and then use any password you want. It’s a development machine, so there is no advantage to forcing you to use complicated or long passwords on entirely local items. After setting the root user password, just follow the prompts to choose the default answers until done.

Before doing anything else, go ahead and make a non-root user and grant them all permissions on all databases. This one, all-powerful user will have access to and privileges over all databases you decide to create, moving ahead. In the code below, I have named that user “devops”.

sudo mysql -u root -p
// enter your password
create user 'devops'@'%' identified by 'your-password-here';
grant all privileges on *.* to 'devops'@'%';
flush privileges;
\q

4. Install phpMyAdmin

// mysql root password will be requested by setup
sudo apt-get install phpmyadmin 

5. Configure Apache2

A few things need to be accomplished, here:

  • Generate a self-signed certificate
  • Activate SSL and Rewrite modules
  • Define default host & default SSL host
  • Enable the default SSL host
  • Tweak /etc/apache2/apache2.conf to allow .htaccess files to modify settings
  • Restart apache2

Generate a self-signed certificate

sudo openssl req -x509 -nodes -days 3650 -newkey rsa:4096 -keyout /etc/ssl/private/your-host-name.key -out /etc/ssl/certs/your-host-name.crt

Activate SSL and Rewrite modules

sudo a2enmod ssl
sudo a2enmod rewrite

Define default host & SSL host

sudo nano /etc/apache2/sites-available/000-default.conf

Modify the file to look similar to the following:

<VirtualHost *:80>
    ServerName your-host-name
    ServerAdmin webmaster@your-host-name
    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Next, open the default SSL template…

sudo nano /etc/apache2/sites-available/default-ssl.conf

Once opened, change it to look similar to the following:

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerName your-host-name
        ServerAdmin webmaster@your-host-name
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/your-host-name.crt
        SSLCertificateKeyFile /etc/ssl/private/your-host-name.key

        <FilesMatch "\.(cgi|shtml|phtml|php)$">
            SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
            SSLOptions +StdEnvVars
        </Directory>

        # BrowserMatch "MSIE [2-6]" \
        # nokeepalive ssl-unclean-shutdown \
        # downgrade-1.0 force-response-1.0
    </VirtualHost>
</IfModule>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Enable the default SSL host

sudo a2ensite default-ssl

Tweak /etc/apache2/apache2.conf needs to allow .htaccess files to modify settings

sudo nano /etc/apache2/apache2.conf

Once inside apache2.conf, scroll down until you find something that looks similar to the following:

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride All // change this from "None" to "All"
        Require all granted
</Directory>

Restart apache2

sudo systemctl restart apache2

6. Configure firewall to allow access to the host

This is contingent on your home network settings. Some people go nuts and give themselves millions of possible network addresses with a 10.* address, but it’s just not worth the effort anymore. For the sake of this thing, let’s say the home network is 192.168.0.0/24 and not quibble. This particular host could work even as a DHCP client, with a dynamically changing octet address, but even a DHCP client is on a given network, and if you are putting your hands on one host as a developer, then my hunch is that you might have more than one host on this network and you probably want them to play together nicely. So, this example home or lab network is set to 192.168.0.0/24. Given that, then the command to the Ubuntu firewall to allow only other hosts from the same network is as follows:

sudo ufw allow proto tcp from 192.168.0.0/24 to any port 80
sudo ufw allow proto tcp from 192.168.0.0/24 to any port 443

In the commands above, we’ve allowed traffic to ports 80 and 443, for HTTP and HTTPS, respectively, from any device on our local, private network.

7. Prepare system for developer access

These are the tasks that we need to accomplish at this stage:

  • Create a new user group named ‘devops’
  • Change group ownership of the HTML document root to devops group
  • Give group members read-write permission
  • Add your user account to the devops group
  • Log out or restart the system
  • Test your ability to write to the www directory

Create a new user group named ‘devops’:

sudo groupadd devops

Change group ownership of the HTML document root to ‘devops’ group

sudo chown -R root:devops /var/www

Give group members read-write permission

sudo chmod -R g+rw /var/www

Add your user account to the devops group

sudo usermod -a -G devops applebiter

Log out or restart the system

Log out or restart the system. Then come back here.

Test your ability to write to the www directory

mkdir /var/www/your-host-name

Summary

You’ve reached the end of Part 1, and if you’re still game, I will soon publish a Part 2 to this rundown, which will address installing Eclipse IDE for PHP, and further configuring Ubuntu to run multiple, virtual hosts. Part 3 will involve setting up a new project repository on Bitbucket.org, and then creating a whole web application using CakePHP 3.6.

Ubuntu 18.* Post-Install Checklist

sudo apt-get update
sudo apt-get full-upgrade
... 
sudo reboot
sudo systemctl stop apport
sudo systemctl disable apport
sudo nano /etc/default/apport
...
// inside file /etc/default/apport set enabled=0

enabled=0
sudo nano /etc/sysctl.conf
// inside file /etc/sysctl.conf 

...
vm.swappiness=10 // add to bottom of file
sudo apt-get install gdebi synaptic zip unzip rar unrar p7zip-full file-roller curl default-jre default-jdk g++ build-essential
...
sudo reboot
sudo apt-get install ubuntu-restricted-extras 
sudo apt-get install libdvd-pkg
sudo dpkg-reconfigure libdvd-pkg
sudo apt-mark hold libdvd-pkg libdvdcss2