A LAMP stack is a collection of open-source software used for web application development and hosting. The stack typically consists of an operating system, web server, database management system, and programming language.
LAMP has all the resources developers need to build and run dynamic websites and web apps.
Learn how to install LAMP on Debian 11 and start utilizing a fully functional web development platform.
Prerequisites
- A Debian 11 or 10 system.
- A user account with root or sudo privileges.
How to Install LAMP on Debian 11/10
A LAMP stack consists of the following four components:
Component | Description |
---|---|
Linux | The Operating System in which the other components run. |
Apache | The HTTP Server that handles requests and serves web pages. |
MariaDB | The Database Management System used for storing and retrieving data. MariaDB is the default drop-in replacement for MySQL in Debian 11 and 10. |
PHP | The Programming Language primarily used for server-side scripting. Pearl and Python are also sometimes used. |
The steps below explain how to install and set up Apache, MariaDB, and PHP on Debian 11 and 10 systems. The guide uses Debian 11.
Step 1: Install Apache
To install the Apache web server on Debian 11:
1. Enter the following command in the terminal to update the Debian packages list:
sudo apt update
2. Use the following command to install Apache:
sudo apt install apache2 -y
3. The Apache service starts automatically after installation. To check the status of the Apache service, type:
sudo systemctl status apache2
The active (running) message in the output confirms Apache is active. Press Ctrl+Z to exit the status screen and return to the command line.
4. The ufw tool is designed to streamline the setup and management of iptables firewall rules. Use ufw to configure the server firewall and enable incoming HTTP and HTTPS traffic.
Enter the following command to install ufw (Uncomplicated Firewall) on Debian 11:
sudo apt install ufw
5. Check if the ufw firewall contains the necessary Apache profiles:
sudo ufw app list
The WWW profiles manage ports that web servers use.
6. Access the WWW Full profile to confirm that traffic to ports 80 and 443 is allowed:
sudo ufw app info "WWW Full"
7. Enable incoming HTTP and HTTPS traffic for the WWW Full profile:
sudo ufw allow in "WWW Full"
8. Open a web browser and navigate to your server's public IP address, http://your_server_ip, or localhost, http://localhost, to verify Apache is running.
The Apache2 Debian default welcome page indicates that the Apache server is working. There are a few additional steps you can take to secure your web server:
- Use HTTPS. Use SSL certificates to implement HTTPS and secure the communication between the server and clients.
- Restrict Access. Modify the Apache .htaccess file to limit access to specific directories on your server.
- Configure mod_security and mod_evasive modules. The mod_security Apache module is a web application firewall that blocks common attacks, while mod_evasive helps mitigate DDoS, DoS, and brute force attacks.
- Virtual Hosts. Configure Apache virtual hosts to host multiple domains or websites on a single server.
- Regular Updates. Each Apache update includes security patches and performance improvements. Ensure the server is always up to date with the latest version.
- Disable Unused Modules. Apache installation uses modules to extend web server functionality. Disable unused modules to reduce the attack surface and mitigate potential liabilities.
- Enable Logging. Logs can alert admins about malicious activity and provide valuable data when investigating and troubleshooting issues.
Note: This essential guide does not cover all the security aspects needed for a production server.
Step 2: Install MariaDB
MariaDB is an open-source database system used as a compatible replacement for MySQL in Debian 11/10.
To install MariaDB on Debian 11:
1. Update the Debian packages list using the following command:
sudo apt update
2. Use the apt package manager to install the latest MariaDB version and all required dependencies:
sudo apt install mariadb-server -y
4. After the installation is complete, the MariaDB service starts automatically. To check the MariaDB status, type:
sudo systemctl status mariadb
The active (running) message confirms the MariaDB service is active. Press Ctrl+Z to exit the status screen.
5. The mysql_secure_installation script is an optional but recommended step for securing the MariaDB installation. Start the interactive script using the following command:
sudo mysql_secure_installation
The system displays a series of questions regarding database server security:
Note: Starting from MariaDB 10.4, the default authentication method for the MySQL root user changed from mysql_native_password to unix_socket. Instead of using a password to authenticate as the root user, the system uses the user's OS credentials.
- Enter current password for root (enter for none): If you have just installed MariaDB and have not set a root password, press the Enter key.
- Switch to unix_socket authentication [Y/n]: Since your root system account is password protected, select
n
and press Enter. - Change the root password? [Y/n]: Select
n
and press Enter. - Remove anonymous users? [Y/n]: Press
Y
and then Enter. Allowing anonymous users to connect is a security risk. - Disallow root login remotely? [Y/n]: Press
Y
and then Enter. Allowing root to connect from network interfaces other than the localhost is a security risk. - Remove test database and access to it? [Y/n]: Press
Y
and then Enter. The test databases do not contain sensitive data but are meant only for testing. It's safe to remove them. - Reload privilege tables now? [Y/n]: Press
Y
and then Enter. This operation saves the changes.
6. If you are logged in to your Unix/Linux system as the root or sudoer user, you can access MariaDB without entering a password. Use the following command to log in to MariaDB:
sudo mariadb
Type exit
to return to the Debian command line.
Administrators must take additional steps to secure data and optimize database performance when setting up a database server for a production environment. These tasks include implementing backup and restore options, setting up redundancy, creating new MariaDB users, installing phpMyAdmin, tuning for performance, and more.
Step 3: Install PHP
PHP is a server-side scripting language that executes website code. To install PHP and allow it to interface with Apache and MariaDB on Debian 11:
1. Update the Debian packages list:
sudo apt update
2. Install the latest PHP version and the libapache2-mod-php
and php-mysql
extensions, which allow Apache and MariaDB to interface with PHP:
sudo apt install php libapache2-mod-php php-mysql -y
3. Check the PHP version to verify the installation:
php -v
The system confirms that PHP version 7.4.33 is installed.
4. Restart the Apache service for the changes to take effect:
sudo systemctl restart apache2
You have installed all four LAMP stack components on your system. Keep in mind that this essential PHP installation guide may not cover all the security and performance considerations needed for your specific use case.
Step 4: Testing Your LAMP Stack
Test the LAMP stack by creating a simple PHP file:
1. Use a preferred text editor, for example, nano, to create an info.php file in the web server's root directory:
sudo nano /var/www/html/info.php
2. Copy the following content to the file:
php
<?php
phpinfo();
?>
3. Press Ctrl+X, then Y, followed by Enter to save and exit the info.php file.
4. Use a preferred browser and navigate to the info.php page on your server, http://your_server_ip/info.php.
The web page displays information about the server's PHP configuration.
Conclusion
You have successfully installed the LAMP stack on your Debian 11/10 system, and now you can use its components to develop and deploy web applications.
Server management tasks are time-consuming, and even small mistakes can have serious consequences. Consider using managed services to help you set up, secure, and optimize a server before transitioning to a production environment.