Differences
This shows you the differences between two versions of the page.
— | linux:ubuntu:ubuntu_lamp_bind [2022/02/13 15:29] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Ubuntu LAMP + Bind ====== | ||
+ | <code bash Update server> | ||
+ | $ apt update | ||
+ | $ apt upgrade | ||
+ | </ | ||
+ | <code bash Add new sudo user " | ||
+ | $ adduser sudouser | ||
+ | $ usermod -aG sudo sudouser | ||
+ | # Login via SSH using the new user and test if sudo works | ||
+ | </ | ||
+ | |||
+ | <code bash Deny root login via ssh> | ||
+ | $ vim / | ||
+ | |||
+ | # Find line ' | ||
+ | PermitRootLogin no | ||
+ | |||
+ | # Restart SSH server | ||
+ | $ systemctl restart sshd | ||
+ | </ | ||
+ | |||
+ | <code bash Enable firewall> | ||
+ | # List available applications | ||
+ | $ ufw app list | ||
+ | |||
+ | # Output | ||
+ | Available applications: | ||
+ | OpenSSH | ||
+ | |||
+ | # Allow OpenSSH | ||
+ | $ ufw allow OpenSSH | ||
+ | |||
+ | # Enable UFW | ||
+ | $ ufw enable | ||
+ | |||
+ | # Type " | ||
+ | $ ufw status | ||
+ | |||
+ | # Output | ||
+ | Status: active | ||
+ | |||
+ | To | ||
+ | -- | ||
+ | OpenSSH | ||
+ | OpenSSH (v6) | ||
+ | </ | ||
+ | |||
+ | <code bash Install apache and add it to firewall exceptions> | ||
+ | $ sudo apt install apache2 | ||
+ | $ sudo ufw app list | ||
+ | # Output | ||
+ | Available applications: | ||
+ | Apache | ||
+ | Apache Full | ||
+ | Apache Secure | ||
+ | OpenSSH | ||
+ | |||
+ | $ sudo ufw app info " | ||
+ | |||
+ | #Output | ||
+ | Profile: Apache Full | ||
+ | Title: Web Server (HTTP, | ||
+ | Description: | ||
+ | server. | ||
+ | |||
+ | Ports: | ||
+ | 80,443/tcp | ||
+ | |||
+ | # Allow incoming HTTP and HTTPS traffic for this profile: | ||
+ | $ sudo ufw allow in " | ||
+ | </ | ||
+ | |||
+ | <code bash Install MySql server> | ||
+ | $ sudo apt install mysql-server | ||
+ | # Secure the installation (Login doesn' | ||
+ | $ sudo mysql_secure_installation | ||
+ | |||
+ | # For temporary remote access, you can unbind MySql Server from 127.0.0.1 by editing the config file | ||
+ | $ sudo vim / | ||
+ | # Comment out the line | ||
+ | bind-address | ||
+ | # By adding # at the beginning | ||
+ | $ sudo systemctl restart mysql | ||
+ | |||
+ | # Add remote root user. Remove 'WITH mysql_native_password' | ||
+ | $ sudo mysql | ||
+ | CREATE USER ' | ||
+ | GRANT ALL PRIVILEGES ON * . * TO ' | ||
+ | FLUSH PRIVILEGES; | ||
+ | quit; | ||
+ | |||
+ | # Allow MySql through firewall | ||
+ | sudo ufw allow from any to any port 3306 | ||
+ | # This is dangerous, as you basicly gave a root user access from anywhere. Disable this after you finish, and bind the server to locahhost | ||
+ | </ | ||
+ | |||
+ | <code bash Install PHP> | ||
+ | $ sudo apt install php libapache2-mod-php php-mysql php-cli | ||
+ | # Move index.php to first place | ||
+ | $ sudo vim / | ||
+ | < | ||
+ | DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm | ||
+ | </ | ||
+ | |||
+ | # Restart apache | ||
+ | $ sudo systemctl restart apache2 | ||
+ | |||
+ | # You can also check on the status of the apache2 service using systemctl: | ||
+ | $ sudo systemctl status apache2 | ||
+ | |||
+ | # Sample Output | ||
+ | ● apache2.service - LSB: Apache2 web server | ||
+ | | ||
+ | Drop-In: / | ||
+ | | ||
+ | | ||
+ | Docs: man: | ||
+ | Process: 13581 ExecStop=/ | ||
+ | Process: 13605 ExecStart=/ | ||
+ | Tasks: 6 (limit: 512) | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | </ | ||
+ | |||
+ | <code bash Install bind> | ||
+ | $ sudo apt install bind9 | ||
+ | # Set listening IP | ||
+ | $ sudo vim / | ||
+ | listen-on { any; }; | ||
+ | |||
+ | # Add zone | ||
+ | $ sudo vim / | ||
+ | zone " | ||
+ | type master; // type ' | ||
+ | file "/ | ||
+ | allow-transfer { 10.0.0.2; }; // Enter you secondary server IP | ||
+ | // masters { 10.0.0.1; }; // Use this line instead of ' | ||
+ | }; | ||
+ | |||
+ | # Edit zone | ||
+ | $ sudo vim / | ||
+ | $TTL 86400 | ||
+ | |||
+ | @ IN SOA example.eu. example.example.eu. ( | ||
+ | 2018082700 | ||
+ | 3600 ; Refresh | ||
+ | 900 ; Retry | ||
+ | 604800 | ||
+ | 86400 ; Negative TTL | ||
+ | ) | ||
+ | |||
+ | @ | ||
+ | @ | ||
+ | IN MX 1 mx | ||
+ | IN A | ||
+ | ns1 | ||
+ | ns2 | ||
+ | mx IN A | ||
+ | |||
+ | # Check configuration and zone | ||
+ | $ sudo named-checkconf | ||
+ | $ sudo named-checkzone example.eu / | ||
+ | zone example.eu/ | ||
+ | OK | ||
+ | |||
+ | # Add bind firewall exception | ||
+ | $ ufw allow Bind9 | ||
+ | |||
+ | # List loaded zones | ||
+ | $ sudo rndc dumpdb -zones | ||
+ | $ cat / | ||
+ | </ | ||
+ | |||
+ | <code bash Custom port for apache> | ||
+ | #ufw | ||
+ | sudo ufw allow from any to any port 88 | ||
+ | |||
+ | #apache | ||
+ | sudo vim / | ||
+ | #add line | ||
+ | Listen 88 | ||
+ | |||
+ | #Change port on virtual host | ||
+ | < | ||
+ | </ |