====== Ubuntu LAMP + Bind ======
<code bash Update server>
$ apt update
$ apt upgrade
</code>

<code bash Add new sudo user "sudouser">
$ adduser sudouser
$ usermod -aG sudo sudouser
# Login via SSH using the new user and test if sudo works
</code>

<code bash Deny root login via ssh>
$ vim /etc/ssh/sshd_config

# Find line 'PermitRootLogin' and set it to 'no'
PermitRootLogin no

# Restart SSH server
$ systemctl restart sshd
</code>

<code bash Enable firewall>
# List available applications
$ ufw app list

# Output
Available applications:
  OpenSSH

# Allow OpenSSH
$ ufw allow OpenSSH

# Enable UFW
$ ufw enable

# Type "y" and press ENTER to proceed. You can see that SSH connections are still allowed by typing:
$ ufw status

# Output
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
</code>

<code bash Install apache and add it to firewall exceptions>
$ sudo apt install apache2
$ sudo ufw app list
# Output
Available applications:
  Apache
  Apache Full
  Apache Secure
  OpenSSH

$ sudo ufw app info "Apache Full"

#Output
Profile: Apache Full
Title: Web Server (HTTP,HTTPS)
Description: Apache v2 is the next generation of the omnipresent Apache web
server.

Ports:
  80,443/tcp

# Allow incoming HTTP and HTTPS traffic for this profile:
$ sudo ufw allow in "Apache Full"
</code>

<code bash Install MySql server>
$ sudo apt install mysql-server
# Secure the installation (Login doesn't work without this)
$ sudo mysql_secure_installation

# For temporary remote access, you can unbind MySql Server from 127.0.0.1 by editing the config file
$ sudo vim /etc/mysql/mysql.conf.d/mysqld.cnf
# Comment out the line
bind-address            = 127.0.0.1
# By adding # at the beginning
$ sudo systemctl restart mysql

# Add remote root user. Remove 'WITH mysql_native_password' to use new password encryption
$ sudo mysql
CREATE USER 'newuser'@'%' IDENTIFIED WITH mysql_native_password BY 'password'; 
GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
quit;

# Allow MySql through firewall
sudo ufw allow from any to any port 3306
# This is dangerous, as you basicly gave a root user access from anywhere. Disable this after you finish, and bind the server to locahhost
</code>

<code bash Install PHP>
$ sudo apt install php libapache2-mod-php php-mysql php-cli
# Move index.php to first place
$ sudo vim /etc/apache2/mods-enabled/dir.conf
<IfModule mod_dir.c>
    DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
</IfModule>

# Restart apache
$ sudo systemctl restart apache2

# You can also check on the status of the apache2 service using systemctl:
$ sudo systemctl status apache2

# Sample Output
● apache2.service - LSB: Apache2 web server
   Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
           └─apache2-systemd.conf
   Active: active (running) since Tue 2018-04-23 14:28:43 EDT; 45s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 13581 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
  Process: 13605 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)
    Tasks: 6 (limit: 512)
   CGroup: /system.slice/apache2.service
           ├─13623 /usr/sbin/apache2 -k start
           ├─13626 /usr/sbin/apache2 -k start
           ├─13627 /usr/sbin/apache2 -k start
           ├─13628 /usr/sbin/apache2 -k start
           ├─13629 /usr/sbin/apache2 -k start
           └─13630 /usr/sbin/apache2 -k start
</code>

<code bash Install bind>
$ sudo apt install bind9
# Set listening IP
$ sudo vim /etc/bind/named.conf.options
listen-on { any; };

# Add zone
$ sudo vim /etc/bind/named.conf.local
zone "example.eu" IN {
        type master; // type 'slave' for secondary server
        file "/etc/bind/example.eu.zone";
        allow-transfer { 10.0.0.2; }; // Enter you secondary server IP
        // masters { 10.0.0.1; }; // Use this line instead of 'allow-transfer' for secondary server, and replace the IP with your master server
};

# Edit zone
$ sudo vim /etc/bind/example.eu.zone
$TTL 86400

@ IN SOA example.eu. example.example.eu. (
        2018082700      ; Serial
        3600            ; Refresh
        900             ; Retry
        604800          ; Expire
        86400           ; Negative TTL
)

@       IN      NS      ns1
@       IN      NS      ns2
        IN      MX      1       mx
        IN      A       10.0.0.2
ns1     IN      A       10.0.0.2
ns2     IN      A       10.0.0.3
mx      IN      A       10.0.0.2

# Check configuration and zone
$ sudo named-checkconf
$ sudo named-checkzone example.eu /etc/bind/example.eu.zone
zone example.eu/IN: loaded serial 2018082700
OK

# Add bind firewall exception
$ ufw allow Bind9

# List loaded zones
$ sudo rndc dumpdb -zones
$ cat /var/cache/bind/named_dump.db
</code>

<code bash Custom port for apache>
#ufw
sudo ufw allow from any to any port 88

#apache
sudo vim /etc/apache2/ports.conf
#add line
Listen 88

#Change port on virtual host
<VirtualHost *:88>
</code>