linux:ubuntu:ubuntu_lamp_bind

Differences

This shows you the differences between two versions of the page.


linux:ubuntu:ubuntu_lamp_bind [2022/02/13 15:29] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +====== Ubuntu LAMP + Bind ======
 +<code bash Update server>
 +$ apt update
 +$ apt upgrade
 +</code>
  
 +<code bash Add new sudo user "sudouser">
 +$ adduser sudouser
 +$ usermod -aG sudo sudouser
 +# Login via SSH using the new user and test if sudo works
 +</code>
 +
 +<code bash Deny root login via ssh>
 +$ vim /etc/ssh/sshd_config
 +
 +# Find line 'PermitRootLogin' and set it to 'no'
 +PermitRootLogin no
 +
 +# Restart SSH server
 +$ systemctl restart sshd
 +</code>
 +
 +<code bash Enable firewall>
 +# List available applications
 +$ ufw app list
 +
 +# Output
 +Available applications:
 +  OpenSSH
 +
 +# Allow OpenSSH
 +$ ufw allow OpenSSH
 +
 +# Enable UFW
 +$ ufw enable
 +
 +# Type "y" and press ENTER to proceed. You can see that SSH connections are still allowed by typing:
 +$ ufw status
 +
 +# Output
 +Status: active
 +
 +To                         Action      From
 +--                         ------      ----
 +OpenSSH                    ALLOW       Anywhere
 +OpenSSH (v6)               ALLOW       Anywhere (v6)
 +</code>
 +
 +<code bash Install apache and add it to firewall exceptions>
 +$ sudo apt install apache2
 +$ sudo ufw app list
 +# Output
 +Available applications:
 +  Apache
 +  Apache Full
 +  Apache Secure
 +  OpenSSH
 +
 +$ sudo ufw app info "Apache Full"
 +
 +#Output
 +Profile: Apache Full
 +Title: Web Server (HTTP,HTTPS)
 +Description: Apache v2 is the next generation of the omnipresent Apache web
 +server.
 +
 +Ports:
 +  80,443/tcp
 +
 +# Allow incoming HTTP and HTTPS traffic for this profile:
 +$ sudo ufw allow in "Apache Full"
 +</code>
 +
 +<code bash Install MySql server>
 +$ sudo apt install mysql-server
 +# Secure the installation (Login doesn't work without this)
 +$ sudo mysql_secure_installation
 +
 +# For temporary remote access, you can unbind MySql Server from 127.0.0.1 by editing the config file
 +$ sudo vim /etc/mysql/mysql.conf.d/mysqld.cnf
 +# Comment out the line
 +bind-address            = 127.0.0.1
 +# By adding # at the beginning
 +$ sudo systemctl restart mysql
 +
 +# Add remote root user. Remove 'WITH mysql_native_password' to use new password encryption
 +$ sudo mysql
 +CREATE USER 'newuser'@'%' IDENTIFIED WITH mysql_native_password BY 'password'; 
 +GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'%' WITH GRANT OPTION;
 +FLUSH PRIVILEGES;
 +quit;
 +
 +# Allow MySql through firewall
 +sudo ufw allow from any to any port 3306
 +# This is dangerous, as you basicly gave a root user access from anywhere. Disable this after you finish, and bind the server to locahhost
 +</code>
 +
 +<code bash Install PHP>
 +$ sudo apt install php libapache2-mod-php php-mysql php-cli
 +# Move index.php to first place
 +$ sudo vim /etc/apache2/mods-enabled/dir.conf
 +<IfModule mod_dir.c>
 +    DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
 +</IfModule>
 +
 +# Restart apache
 +$ sudo systemctl restart apache2
 +
 +# You can also check on the status of the apache2 service using systemctl:
 +$ sudo systemctl status apache2
 +
 +# Sample Output
 +● apache2.service - LSB: Apache2 web server
 +   Loaded: loaded (/etc/init.d/apache2; bad; vendor preset: enabled)
 +  Drop-In: /lib/systemd/system/apache2.service.d
 +           └─apache2-systemd.conf
 +   Active: active (running) since Tue 2018-04-23 14:28:43 EDT; 45s ago
 +     Docs: man:systemd-sysv-generator(8)
 +  Process: 13581 ExecStop=/etc/init.d/apache2 stop (code=exited, status=0/SUCCESS)
 +  Process: 13605 ExecStart=/etc/init.d/apache2 start (code=exited, status=0/SUCCESS)
 +    Tasks: 6 (limit: 512)
 +   CGroup: /system.slice/apache2.service
 +           ├─13623 /usr/sbin/apache2 -k start
 +           ├─13626 /usr/sbin/apache2 -k start
 +           ├─13627 /usr/sbin/apache2 -k start
 +           ├─13628 /usr/sbin/apache2 -k start
 +           ├─13629 /usr/sbin/apache2 -k start
 +           └─13630 /usr/sbin/apache2 -k start
 +</code>
 +
 +<code bash Install bind>
 +$ sudo apt install bind9
 +# Set listening IP
 +$ sudo vim /etc/bind/named.conf.options
 +listen-on { any; };
 +
 +# Add zone
 +$ sudo vim /etc/bind/named.conf.local
 +zone "example.eu" IN {
 +        type master; // type 'slave' for secondary server
 +        file "/etc/bind/example.eu.zone";
 +        allow-transfer { 10.0.0.2; }; // Enter you secondary server IP
 +        // masters { 10.0.0.1; }; // Use this line instead of 'allow-transfer' for secondary server, and replace the IP with your master server
 +};
 +
 +# Edit zone
 +$ sudo vim /etc/bind/example.eu.zone
 +$TTL 86400
 +
 +@ IN SOA example.eu. example.example.eu. (
 +        2018082700      ; Serial
 +        3600            ; Refresh
 +        900             ; Retry
 +        604800          ; Expire
 +        86400           ; Negative TTL
 +)
 +
 +@       IN      NS      ns1
 +@       IN      NS      ns2
 +        IN      MX      1       mx
 +        IN      A       10.0.0.2
 +ns1     IN      A       10.0.0.2
 +ns2     IN      A       10.0.0.3
 +mx      IN      A       10.0.0.2
 +
 +# Check configuration and zone
 +$ sudo named-checkconf
 +$ sudo named-checkzone example.eu /etc/bind/example.eu.zone
 +zone example.eu/IN: loaded serial 2018082700
 +OK
 +
 +# Add bind firewall exception
 +$ ufw allow Bind9
 +
 +# List loaded zones
 +$ sudo rndc dumpdb -zones
 +$ cat /var/cache/bind/named_dump.db
 +</code>
 +
 +<code bash Custom port for apache>
 +#ufw
 +sudo ufw allow from any to any port 88
 +
 +#apache
 +sudo vim /etc/apache2/ports.conf
 +#add line
 +Listen 88
 +
 +#Change port on virtual host
 +<VirtualHost *:88>
 +</code>