How to Set Up a LAMP Stack on RHEL 7

How to Set Up a LAMP Stack on RHEL 7

A LAMP stack — Linux, Apache, MySQL, and PHP — is one of the most widely deployed web server configurations in the world. On Red Hat Enterprise Linux 7, setting up a fully functional LAMP stack requires pulling packages from multiple repositories, because RHEL 7’s default channels do not ship MySQL 5.7 or modern PHP versions. This tutorial walks you through installing Apache, MySQL 5.7 from the MySQL Community repository, and PHP from the Remi repository, then wires everything together so you can serve dynamic PHP applications backed by a relational database. By the end you will have a working stack, a secured MySQL installation, and a verified PHP info page.

Prerequisites

• A running RHEL 7 server with a non-root sudo user or direct root access.
• A valid Red Hat subscription (or CentOS 7 equivalent) so that base packages can be resolved.
• Outbound internet access to download third-party repositories.
• Basic familiarity with the Linux command line and vi or nano.
• Firewall access on ports 80 and 443 if you intend to serve traffic externally.

Step 1: Update the System and Install EPEL

Before installing any new software, bring all existing packages up to date and enable the Extra Packages for Enterprise Linux (EPEL) repository, which is a prerequisite for several Remi dependencies.

sudo yum -y update
sudo yum -y install epel-release

RHEL 7 does not include EPEL by default. If epel-release is not found in the standard channels, install it from the Fedora project directly:

sudo yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Step 2: Install Apache (httpd)

Apache is available in the base RHEL 7 repository and installs cleanly with a single command.

sudo yum -y install httpd

Once installed, enable the service to start automatically at boot and then start it immediately:

sudo systemctl enable httpd
sudo systemctl start httpd
sudo systemctl status httpd

Open the firewall for HTTP and HTTPS traffic:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Verify Apache is responding by navigating to your server’s IP address in a browser, or use curl locally:

curl -I http://localhost

You should see HTTP/1.1 200 OK with an Apache header in the response.

Step 3: Install MySQL 5.7 from the MySQL Community Repository

RHEL 7 ships MariaDB in its default repositories, but this tutorial targets MySQL 5.7. Download and install the official MySQL Community repository RPM:

sudo yum -y install https://dev.mysql.com/get/mysql80-community-release-el7-11.noarch.rpm

After installing the repo RPM, the MySQL 8.0 repository will be enabled by default. Disable it and enable the MySQL 5.7 repository instead:

sudo yum-config-manager --disable mysql80-community
sudo yum-config-manager --enable mysql57-community

Confirm the correct repository is active:

sudo yum repolist enabled | grep mysql

You should see mysql57-community listed. Now install MySQL Server:

sudo yum -y install mysql-community-server

Enable and start the MySQL service:

sudo systemctl enable mysqld
sudo systemctl start mysqld
sudo systemctl status mysqld

MySQL 5.7 generates a temporary root password on first start. Retrieve it from the error log:

sudo grep 'temporary password' /var/log/mysqld.log

Note the password — you will use it in the next step.

Step 4: Secure MySQL with mysql_secure_installation

Run the interactive security script to change the temporary root password, remove anonymous users, disallow remote root login, and drop the test database:

sudo mysql_secure_installation

When prompted, enter the temporary password you retrieved above. The script will then ask you to set a new strong password. MySQL 5.7’s default password validation policy requires at least one uppercase letter, one lowercase letter, one digit, and one special character. After setting the password, answer Y to all remaining prompts:

Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

Verify you can log in with the new password:

mysql -u root -p

Step 5: Install PHP from the Remi Repository

RHEL 7’s default PHP is version 5.4, which is end-of-life. The Remi repository provides PHP 7.x and 8.x. First install the Remi repo RPM:

sudo yum -y install https://rpms.remirepo.net/enterprise/remi-release-7.rpm

Enable the PHP 7.4 Remi collection (adjust the version as needed):

sudo yum-config-manager --enable remi-php74

Install PHP and the essential extensions including php-mysql for database connectivity:

sudo yum -y install php php-mysql php-cli php-common php-gd php-mbstring php-xml php-opcache php-fpm

Verify the installed PHP version:

php --version

Step 6: Configure Apache for PHP via mod_php

When you install PHP using yum on RHEL 7 with Apache, the mod_php module is configured automatically. Verify the module is loaded:

httpd -M | grep php

You should see php7_module in the output. Apache reads PHP configuration from /etc/httpd/conf.d/php.conf, which is created automatically. Restart Apache to load the PHP module:

sudo systemctl restart httpd

If you prefer PHP-FPM over mod_php for better process isolation, enable and start the PHP-FPM service:

sudo systemctl enable php-fpm
sudo systemctl start php-fpm

Then configure Apache to forward PHP requests to FPM by editing /etc/httpd/conf.d/php.conf. Replace the SetHandler application/x-httpd-php line with a proxy directive pointing to the PHP-FPM socket:

<FilesMatch .php$>
    SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
</FilesMatch>

Restart Apache after making changes:

sudo systemctl restart httpd

Step 7: Test PHP with a phpinfo() Page

Create a simple PHP test file in Apache’s document root to verify PHP is processing correctly:

sudo bash -c 'echo "<?php phpinfo(); ?>" > /var/www/html/info.php'

Open a browser and navigate to http://your-server-ip/info.php. You should see the full PHP information page showing the version, loaded extensions, and configuration values. Confirm that the MySQL/PDO section lists mysqlnd and that the php-mysql extension is enabled.

Important: Remove the info page after testing — it exposes sensitive server configuration details:

sudo rm /var/www/html/info.php

Step 8: Verify the Full Stack with a Database Connection Test

Log into MySQL and create a test database and user:

mysql -u root -p

CREATE DATABASE lamptest;
CREATE USER 'lampuser'@'localhost' IDENTIFIED BY 'SecureP@ss1';
GRANT ALL PRIVILEGES ON lamptest.* TO 'lampuser'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Create a PHP script that connects to this database:

sudo tee /var/www/html/dbtest.php <<'EOF'
<?php
$conn = new mysqli('localhost', 'lampuser', 'SecureP@ss1', 'lamptest');
if ($conn->connect_error) {
    die('Connection failed: ' . $conn->connect_error);
}
echo 'MySQL connection successful. Server version: ' . $conn->server_info;
$conn->close();
EOF

Access http://your-server-ip/dbtest.php in your browser. You should see the success message with the MySQL server version. Remove the test file immediately after verification:

sudo rm /var/www/html/dbtest.php

Step 9: Configure SELinux for Apache

RHEL 7 ships with SELinux enforcing by default. If Apache cannot write to certain directories or connect to external services, SELinux may be blocking it. Common booleans you may need:

# Allow Apache to connect to the network (e.g., for PHP-FPM proxying)
sudo setsebool -P httpd_can_network_connect 1

# Allow Apache to connect to databases
sudo setsebool -P httpd_can_network_connect_db 1

# Allow Apache to read/write user home directories
sudo setsebool -P httpd_enable_homedirs 1

If you create custom document root directories outside of /var/www/html, apply the correct SELinux context:

sudo semanage fcontext -a -t httpd_sys_content_t "/srv/myapp(/.*)?"
sudo restorecon -Rv /srv/myapp

Conclusion

You now have a fully operational LAMP stack running on RHEL 7 with Apache serving HTTP traffic, MySQL 5.7 managing your relational data, and PHP 7.4 processing dynamic content. The stack is ready for deploying applications such as WordPress, Drupal, or custom PHP projects. From here, consider hardening Apache with SSL/TLS certificates, tuning MySQL’s my.cnf for your workload, and enabling PHP OPcache for improved performance. Keep all components updated via yum update on a regular maintenance schedule to ensure you receive security patches.