Deploy a LAMP stack on an Alibaba Cloud Linux 3 instance - Elastic Compute Service

LAMP is an acronym of the names of its original four components: the Linux operating system, Apache HTTP Server, MySQL relational database management system, and PHP programming language. LAMP stacks are commonly used to build websites. This topic describes how to deploy a LAMP stack on an Elastic Compute Service (ECS) instance that runs Alibaba Cloud Linux 3.

Prerequisites

An ECS instance is created and assigned a public IP address. For more information, see Creation method overview.
In this topic, an ECS instance that has the following configurations is used. To prevent command errors caused by operating system version issues, we recommend that you use the operating system version that is used in this topic.
- Instance type: ecs.c6.large
- Operating system: Alibaba Cloud Linux 3.2104 LTS 64-bit
- Network type: Virtual Private Cloud (VPC)
- IP address: a public IP address
Inbound rules are added to a security group of the ECS instance to allow traffic on ports 22 and 80. For more information, see Add a security group rule.
Note For security purposes, this topic describes only the inbound rules that allow traffic on the ports required to deploy and test an LAMP stack. You can configure security group rules to allow traffic on more ports based on your requirements. For example, if you want to connect to a MySQL database that is deployed on an ECS instance, you must add an inbound rule to a security group of the instance to allow traffic on port 3306, which is the default port used for MySQL.

Background information

This topic is intended for individual users who are familiar with Linux operating systems but new to building websites by using Alibaba Cloud ECS. The following software versions are used in the examples in this topic. Operations may vary based on your software versions.

Apache: 2.4.37
MySQL: 5.7.40
PHP: 7.4.33
phpMyAdmin: 4.0.10.20

This topic describes how to manually build a LAMP stack. You can also purchase a LAMP image on Alibaba Cloud Marketplace and create an ECS instance from the image to build websites.

Step 1: Make preparations

Connect to the ECS instance on which you want to build a LAMP stack.
For more information, see Connection methodsGuidelines on instance connection.
Run the following command to check the operating system version:
```
cat /etc/redhat-release
```
A command output similar to the following one indicates that the operating system is Alibaba Cloud Linux 3:
```
[root@iZbp14h7n3cwipjln62**** ~]# cat /etc/redhat-release
Alibaba Cloud Linux release 3 (Soaring Falcon)
```
Disable the firewall.
1. Run the following command to check the state of the firewall:
```
systemctl status firewalld
```
  - If the firewall is in the inactive state, the firewall is disabled.
  - If the firewall is in the active state, the firewall is enabled. In this example, the firewall is in the active state and must be disabled.
    - To temporarily disable the firewall, run the following command:
      systemctl stop firewalld
      Note After you run the preceding command, the firewall is disabled. The next time you restart the Linux operating system, the firewall is re-enabled and enters the active state.
    - To permanently disable the firewall, run the following command:
      systemctl disable firewalld
      Note You can re-enable the firewall after it is disabled. For more information, visit the official firewalld website.
Disable Security-Enhanced Linux (SELinux).
1. Run the following command to check the state of SELinux:
```
getenforce
```
  - If SELinux is in the Disabled state, SELinux is disabled.
  - If SELinux is in the Enforcing state, SELinux is enabled.
2. Disable SELinux. Skip this step if SELinux is already disabled.
  - To temporarily disable SELinux, run the setenforce 0 command.
    Note After you run the preceding command, SELinux is disabled. The next time you restart the Linux operating system, SELinux is re-enabled and enters the Enforcing state.
  - To permanently disable SELinux, run the vi /etc/selinux/config command to edit the SELinux configuration file. Press the Enter key. Move the pointer to the SELINUX=enforcing line and press the I key to switch to the edit mode. Change the line to SELINUX=disabled and press the Esc key. Enter :wq and press the Enter key to save the changes and close the SELinux configuration file. Restart the operating system to apply the settings.
    Note You can re-enable SELinux after it is disabled. For more information, see the official SELinux documentation.

Step 2: Install Apache

Apache is the number one web server software on the Internet. Apache can run on almost any operating systems and is well accepted as a secure, cross-platform web server.

Run the following commands to install Apache and its extension package:

yum -y install httpd httpd-manual mod_ssl mod_perl
yum -y install httpd httpd-devel

Run the following command to check the version of Apache:
```
httpd -v
```
A command output similar to the following one indicates that the Apache version is 2.4.6:
```
[root@iZbp14h7n3cwipjln62**** ~]# httpd -v
Server version: Apache/2.4.37 (Alibaba Cloud Linux)
Server built:   Jul 21 2022 15:33:44
```
Run the following commands in sequence to start Apache and configure Apache to auto-start on system startup:
```
systemctl start httpd
systemctl enable httpd
```
Check whether Apache is installed and started.
1. Log on to the ECS console.
2. In the left-side navigation pane, choose Instances & Images > Instances.
3. On the Instances page, find the instance on which you want to deploy a LAMP stack and copy its public IP address from the IP Address column.
4. Enter http://<Public IP address of the ECS instance> in the address bar of a browser on your computer and press the Enter key.
  A page similar to the one shown in the following figure indicates that Apache is started.
  Note By default, Apache listens on port 80. If Apache is inaccessible, check that an inbound rule is added to a security group of the ECS instance to allow traffic on port 80. For more information, see Add a security group rule.

Step 3: Install and configure MySQL

Run the following command to install MySQL:

wget http://dev.mysql.com/get/mysql57-community-release-el7-10.noarch.rpm && yum -y install mysql57-community-release-el7-10.noarch.rpm && yum -y install mysql-community-server --nogpgcheck

Run the following command to check the version of MySQL:
```
mysql -V
```
A command output similar to the following one indicates that MySQL is installed:
```
[root@iZbp14h7n3cwipjln62**** ~]# mysql -V
mysql  Ver 14.14 Distrib 5.7.40, for Linux (x86_64) using  EditLine wrapper
```
Run the following command to start MySQL:
```
systemctl start mysqld
```
Run the following commands in sequence to configure MySQL to auto-start on system startup:
```
systemctl enable mysqld
systemctl daemon-reload
```
Run the following command to check the initial password of the root account used to log on to MySQL:
```
grep "password" /var/log/mysqld.log
```
A command output similar to the following one is returned. In this example, the initial password is dyrksweb****.
```
[root@iZbp14h7n3cwipjln62kxvZ ~]# grep "password" /var/log/mysqld.log
2022-10-26T09:29:00.515789Z 1 [Note] A temporary password is generated for root@localhost: dyrksweb****
```

Run the following command to configure the security settings of MySQL:

mysql_secure_installation

Perform one of the following operations based on the command output:

If a command output similar to the following one is returned, reset the password of the root account as prompted:

Note Keep the password of the root account secure. For security purposes, the password that you enter is not displayed.

Enter password for user root: # Enter the initial password of the root account that you obtained in the preceding step. Example: dyrksweb****. 

The existing password for the user account root has expired. Please set a new password.

New password: # Enter a new password. The password must be 8 to 30 characters in length and must contain uppercase letters, lowercase letters, digits, and special characters. Supported special characters include ( ) ` ~ ! @ # $ % ^ & * - + = | { } [ ] : ; ' < > , . ? /

Re-enter new password: # Enter the new password again. 
The 'validate_password' plugin is installed on the server.
The subsequent steps will run with the existing configuration
of the plugin.
Using existing password for root.

Estimated strength of the password: 100
Change the password for root ? ((Press y|Y for Yes, any other key for No) :Y # Enter Y and enter the new password again. 

New password: # Enter the new password again. 

Re-enter new password: # Enter the new password again. 

Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) :Y # Enter Y to use the new password.

If a command output similar to the following one is returned, enter Y to delete the anonymous user account:

By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y  # Enter Y to delete the anonymous user.
Success.

If a command output similar to the following one is returned, enter Y to deny remote access by the root account:

Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y # Enter Y to deny remote access by the root account.
Success.

If a command output similar to the following one is returned, enter Y to delete the test database and the access permissions on the database:

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y # Enter Y to delete the test database and the access permissions on the database.
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

If a command output similar to the following one is returned, enter Y to reload privilege tables:

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y # Enter Y to reload privilege tables.
Success.

All done!

Step 4: Install PHP

Run the following command to add and update the Extra Packages for Enterprise Linux (EPEL) repository:
```
rpm -ivh --nodeps https://rpms.remirepo.net/enterprise/remi-release-8.rpm
```

Run the following commands to install PHP:

dnf update -y dnf libdnf
sed -i 's/PLATFORM_ID="platform:al8"/PLATFORM_ID="platform:el8"/g' /etc/os-release
yum -y module install php:remi-7.4
sed -i 's/PLATFORM_ID="platform:el8"/PLATFORM_ID="platform:al8"/g' /etc/os-release

Run the following command to check the version of PHP:

php -v

A command output similar to the following one indicates that PHP is installed:

[root@iZbp14h7n3cwipjln62**** ~]# php -v
PHP 7.4.33 (cli) (built: Dec 19 2022 13:23:13) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.33, Copyright (c), by Zend Technologies

Run the following command to create a test file in the root directory of the Apache website:
```
echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php
```
Run the following command to restart Apache:
```
systemctl restart httpd
```
Enter http://<Public IP address of the ECS instance>/phpinfo.php in the address bar of a browser on your computer and press the Enter key.
A page similar to the following one indicates that PHP is installed.
After the LAMP stack is built, we recommend that you delete the phpinfo.php test file to prevent data leaks.
```
rm -rf <Website root directory> /phpinfo.php
```
In this example, /var/www/html is used as the website root directory. Run the following command to delete the test file:
```
rm -rf /var/www/html/phpinfo.php
```

Step 5: (Optional) Install phpMyAdmin

phpMyAdmin is a MySQL databases management tool that allows you to manage databases by using web interfaces.

Run the following command to create a directory to store phpMyAdmin data:
```
mkdir -p /var/www/html/phpmyadmin
```
Download and decompress the phpMyAdmin package.
1. Run the following commands in sequence to switch to the home directory and download the phpMyAdmin package:
```
cd
wget --no-check-certificate https://files.phpmyadmin.net/phpMyAdmin/4.0.10.20/phpMyAdmin-4.0.10.20-all-languages.zip
```
2. Run the following command to install the unzip tool and decompress the phpMyAdmin package:
```
unzip phpMyAdmin-4.0.10.20-all-languages.zip
```
Run the following command to copy the phpMyAdmin files to the created directory:
```
mv phpMyAdmin-4.0.10.20-all-languages/*  /var/www/html/phpmyadmin
```
Enter http://<Public IP address of the ECS instance>/phpmyadmin in the address bar of a browser on your computer and press the Enter key to go to the logon page of phpMyAdmin.
A page similar to the following one indicates that phpMyAdmin is installed.
Enter the username and password of your MySQL account and click Go.
The default username for MySQL is root. The password is the one that you reset in the following step: If a command output similar to the following one is returned, reset the password of the root account as prompted.