Ubuntu LAMP + Bind

Update server
$ apt update
$ apt upgrade
Add new sudo user "sudouser"
$ adduser sudouser
$ usermod -aG sudo sudouser
# Login via SSH using the new user and test if sudo works
Deny root login via ssh
$ vim /etc/ssh/sshd_config
# Find line 'PermitRootLogin' and set it to 'no'
PermitRootLogin no
# Restart SSH server
$ systemctl restart sshd
Enable firewall
# List available applications
$ ufw app list
# Output
Available applications:
# Allow OpenSSH
$ ufw allow OpenSSH
# Enable UFW
$ ufw enable
# Type "y" and press ENTER to proceed. You can see that SSH connections are still allowed by typing:
$ ufw status
# Output
Status: active
To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
Install apache and add it to firewall exceptions
$ sudo apt install apache2
$ sudo ufw app list
# Output
Available applications:
  Apache Full
  Apache Secure
$ sudo ufw app info "Apache Full"
Profile: Apache Full
Title: Web Server (HTTP,HTTPS)
Description: Apache v2 is the next generation of the omnipresent Apache web
# Allow incoming HTTP and HTTPS traffic for this profile:
$ sudo ufw allow in "Apache Full"
Install MySql server
$ sudo apt install mysql-server
# Secure the installation (Login doesn't work without this)
$ sudo mysql_secure_installation
# For temporary remote access, you can unbind MySql Server from by editing the config file
$ sudo vim /etc/mysql/mysql.conf.d/mysqld.cnf
# Comment out the line
bind-address            =
# By adding # at the beginning
$ sudo systemctl restart mysql
# Add remote root user. Remove 'WITH mysql_native_password' to use new password encryption
$ sudo mysql
CREATE USER 'newuser'@'%' IDENTIFIED WITH mysql_native_password BY 'password'; 
# Allow MySql through firewall
sudo ufw allow from any to any port 3306
# This is dangerous, as you basicly gave a root user access from anywhere. Disable this after you finish, and bind the server to locahhost
Install PHP
$ sudo apt install php libapache2-mod-php php-mysql php-cli
# Move index.php to first place
$ sudo vim /etc/apache2/mods-enabled/dir.conf
<IfModule mod_dir.c>
    DirectoryIndex index.php index.html index.cgi index.xhtml index.htm
# Restart apache
$ sudo systemctl restart apache2
# You can also check on the status of the apache2 service using systemctl:
$ sudo systemctl status apache2
# Sample Output
● apache2.service - LSB: Apache2 web server
   Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
   Active: active (running) since Tue 2018-04-23 14:28:43 EDT; 45s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 13581 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
  Process: 13605 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)
    Tasks: 6 (limit: 512)
   CGroup: /system.slice/apache2.service
           ├─13623 /usr/sbin/apache2 -k start
           ├─13626 /usr/sbin/apache2 -k start
           ├─13627 /usr/sbin/apache2 -k start
           ├─13628 /usr/sbin/apache2 -k start
           ├─13629 /usr/sbin/apache2 -k start
           └─13630 /usr/sbin/apache2 -k start
Install bind
$ sudo apt install bind9
# Set listening IP
$ sudo vim /etc/bind/named.conf.options
listen-on { any; };
# Add zone
$ sudo vim /etc/bind/named.conf.local
zone "" IN {
        type master; // type 'slave' for secondary server
        file "/etc/bind/";
        allow-transfer {; }; // Enter you secondary server IP
        // masters {; }; // Use this line instead of 'allow-transfer' for secondary server, and replace the IP with your master server
# Edit zone
$ sudo vim /etc/bind/
$TTL 86400
@ IN SOA (
        2018082700      ; Serial
        3600            ; Refresh
        900             ; Retry
        604800          ; Expire
        86400           ; Negative TTL
@       IN      NS      ns1
@       IN      NS      ns2
        IN      MX      1       mx
        IN      A
ns1     IN      A
ns2     IN      A
mx      IN      A
# Check configuration and zone
$ sudo named-checkconf
$ sudo named-checkzone /etc/bind/
zone loaded serial 2018082700
# Add bind firewall exception
$ ufw allow Bind9
# List loaded zones
$ sudo rndc dumpdb -zones
$ cat /var/cache/bind/named_dump.db
Custom port for apache
sudo ufw allow from any to any port 88
sudo vim /etc/apache2/ports.conf
#add line
Listen 88
#Change port on virtual host
<VirtualHost *:88>
Enter your comment:
213 -11᠎ = 
  • linux/ubuntu/ubuntu_lamp_bind.txt
  • Last modified: 2022-02-13 15:29
  • by tplecko