Eureka Moment Wiki

One eureka moment at the time

User Tools

Site Tools


linux:ubuntu:ubuntu_lamp_bind

Ubuntu LAMP + Bind

Update server
$ apt update
$ apt upgrade
Add new sudo user "sudouser"
$ adduser sudouser
$ usermod -aG sudo sudouser
# Login via SSH using the new user and test if sudo works
Deny root login via ssh
$ vim /etc/ssh/sshd_config
 
# Find line 'PermitRootLogin' and set it to 'no'
PermitRootLogin no
 
# Restart SSH server
$ systemctl restart sshd
Enable firewall
# List available applications
$ ufw app list
 
# Output
Available applications:
  OpenSSH
 
# Allow OpenSSH
$ ufw allow OpenSSH
 
# Enable UFW
$ ufw enable
 
# Type "y" and press ENTER to proceed. You can see that SSH connections are still allowed by typing:
$ ufw status
 
# Output
Status: active
 
To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
Install apache and add it to firewall exceptions
$ sudo apt install apache2
$ sudo ufw app list
# Output
Available applications:
  Apache
  Apache Full
  Apache Secure
  OpenSSH
 
$ sudo ufw app info "Apache Full"
 
#Output
Profile: Apache Full
Title: Web Server (HTTP,HTTPS)
Description: Apache v2 is the next generation of the omnipresent Apache web
server.
 
Ports:
  80,443/tcp
 
# Allow incoming HTTP and HTTPS traffic for this profile:
$ sudo ufw allow in "Apache Full"
Install MySql server
$ sudo apt install mysql-server
# Secure the installation (Login doesn't work without this)
$ sudo mysql_secure_installation
 
# For temporary remote access, you can unbind MySql Server from 127.0.0.1 by editing the config file
$ sudo vim /etc/mysql/mysql.conf.d/mysqld.cnf
# Comment out the line
bind-address            = 127.0.0.1
# By adding # at the beginning
$ sudo systemctl restart mysql
 
# Add remote root user
$ sudo mysql
CREATE USER 'newuser'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
quit;
 
# Allow MySql through firewall
sudo ufw allow from any to any port 3306
# This is dangerous, as you basicly gave a root user access from anywhere. Disable this after you finish, and bind the server to locahhost
Install PHP
$ sudo apt install php libapache2-mod-php php-mysql php-cli
# Move index.php to first place
$ sudo vim /etc/apache2/mods-enabled/dir.conf
<IfModule mod_dir.c>
    DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
</IfModule>
 
# Restart apache
$ sudo systemctl restart apache2
 
# You can also check on the status of the apache2 service using systemctl:
$ sudo systemctl status apache2
 
# Sample Output
● apache2.service - LSB: Apache2 web server
   Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
           └─apache2-systemd.conf
   Active: active (running) since Tue 2018-04-23 14:28:43 EDT; 45s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 13581 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
  Process: 13605 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)
    Tasks: 6 (limit: 512)
   CGroup: /system.slice/apache2.service
           ├─13623 /usr/sbin/apache2 -k start
           ├─13626 /usr/sbin/apache2 -k start
           ├─13627 /usr/sbin/apache2 -k start
           ├─13628 /usr/sbin/apache2 -k start
           ├─13629 /usr/sbin/apache2 -k start
           └─13630 /usr/sbin/apache2 -k start
Install bind
$ sudo apt install bind9
# Set listening IP
$ sudo vim /etc/bind/named.conf.options
listen-on { any; };
 
# Add zone
$ sudo vim /etc/bind/named.conf.local
zone "example.eu" IN {
        type master; // type 'slave' for secondary server
        file "/etc/bind/example.eu.zone";
        allow-transfer { 10.0.0.2; }; // Enter you secondary server IP
        // masters { 10.0.0.1; }; // Use this line instead of 'allow-transfer' for secondary server, and replace the IP with your master server
};
 
# Edit zone
$ sudo vim /etc/bind/example.eu.zone
$TTL 86400
 
@ IN SOA example.eu. example.example.eu. (
        2018082700      ; Serial
        3600            ; Refresh
        900             ; Retry
        604800          ; Expire
        86400           ; Negative TTL
)
 
@       IN      NS      ns1
@       IN      NS      ns2
        IN      MX      1       mx
        IN      A       10.0.0.2
ns1     IN      A       10.0.0.2
ns2     IN      A       10.0.0.3
mx      IN      A       10.0.0.2
 
# Check configuration and zone
$ sudo named-checkconf
$ sudo named-checkzone example.eu /etc/bind/example.eu.zone
zone example.eu/IN: loaded serial 2018082700
OK
 
# Add bind firewall exception
$ ufw allow Bind9
 
# List loaded zones
$ sudo rndc dumpdb -zones
$ cat /var/cache/bind/named_dump.db
linux/ubuntu/ubuntu_lamp_bind.txt · Last modified: 2018/08/30 13:53 by tplecko