Table of Contents
In this guide, we will install a LAMP stack on a Debian 10 server.
Introduction
A *LAMP* stack is a group of open-source software typically installed together to enable a server to host dynamic websites and web apps. This term is an acronym that represents the Linux operating system, with the Apache web server. The site data is stored in a MariaDB database, and dynamic content is processed by PHP.
Although this software stack typically includes MySQL as the database management system, some Linux distributions — including Debian — use MariaDB as a drop-in replacement for MySQL.
In this guide, you will install a LAMP stack on a Debian 10 server, using MariaDB as the database management system.
Prerequisites
To follow this tutorial, you will need to have a Debian 10 server with a non-root sudo-enabled user account and a basic firewall. This can be configured using our initial server setup guide for Debian 10.
Step 1 — Installing Apache and Updating the Firewall
The Apache web server is among the most popular web servers in the world. It's well-documented and has been in wide use for much of the history of the web, which makes it a great default choice for hosting a website.
Start by updating the package manager cache. If this is the first time you're using sudo within this session, you'll be prompted to provide your user's password to confirm you have the right privileges to manage system packages with apt:
sudo apt update
Then install Apache with the following:
sudo apt install apache2
This command prompts you to confirm Apache's installation. Confirm by pressing Y, then ENTER. Once the installation is complete, you need to adjust your firewall settings. Assuming that you followed the initial server setup instructions to install and enable the UFW firewall, make sure that your firewall allows HTTP and HTTPS traffic.
On Debian 10, UFW comes loaded with app profiles that you can use to adjust your firewall settings. View the full list of application profiles by running:
sudo ufw app list
The WWW profiles are used to manage ports used by web servers:
[secondary_label Output]
Available applications:
. . .
WWW
WWW Cache
WWW Full
WWW Secure
. . .
If you inspect the WWW Full profile, it shows that it enables traffic to ports 80 and 443:
sudo ufw app info "WWW Full"
[secondary_label Output]
Profile: WWW Full
Title: Web Server (HTTP,HTTPS)
Description: Web Server (HTTP,HTTPS)
Ports:
<^>80<^>,<^>443/tcp<^>
Allow incoming HTTP and HTTPS traffic for this profile:
sudo ufw allow in "WWW Full"
You can verify that everything went as planned by visiting your server's public IP address in your web browser:
http://<^>your_server_ip<^>
This will return the default Debian 10 Apache web page, which is there for informational and testing purposes:
If your browser returns this page, then your web server is now correctly installed and accessible through your firewall.
How To Find Your Server's Public IP Address
If you do not know what your server's public IP address is, there are several ways you can find it. Usually, this is the address you use to connect to your server through SSH.
There are a few different ways to do this from the command line. First, you can use the iproute2 tools to get your IP address by running:
ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'
This will return two or three lines back. They are all correct addresses, but your computer may only be able to use one, so feel free to try each one.
An alternative method is to use the curl utility to contact an outside party to tell you how it views your server. You can run the following command and ask a specific server what your IP address is:
Since Debian 10 does not have curl be default, you will need to install it first:
sudo apt install curl
Then run the following command and ask a specific server what your IP address is:
curl http://icanhazip.com
Regardless of the method, write your IP address into your web browser to verify that your server is running the default Apache page.
Step 2 — Installing MariaDB
Now that you have a web server up and running, you need to install the database system to be able to store and manage data for your site.
In Debian 10, the metapackage mysql-server, which was traditionally used to install the MySQL server, was replaced by default-mysql-server. This metapackage references MariaDB, a community fork of the original MySQL server by Oracle, and it's currently the default MySQL-compatible database server available on Debian-based package manager repositories.
For longer-term compatibility, however, it’s recommended that instead of using the metapackage you install MariaDB using the program’s actual package, mariadb-server.
To install the MariaDB software, run:
sudo apt install mariadb-server
When the installation is finished, it's recommended that you run a security script that comes pre-installed with MariaDB. This script will remove some insecure default settings and lock down access to your database system. Start the interactive script by running:
sudo mysql_secure_installation
This script will take you through a series of prompts where you can make some changes to your MariaDB setup. The first prompt will ask you to enter the current database root password. This is not to be confused with the system root. The database root user is an administrative user with full privileges over the database system. Since you recently installed MariaDB and haven’t made any configuration changes yet, this password will be blank, so press ENTER at the prompt.
The next prompt asks you whether you'd like to set up a database root password. Since MariaDB uses a special authentication method for the root user that is typically safer than using a password, you don't need to set this now. Press N and then ENTER.
From there, you can press Y and then ENTER to accept the defaults for all the subsequent questions. This will remove anonymous users and the test database, disable remote root login, and load these new rules so that MariaDB immediately respects the changes you have made.
When you're finished, log in to the MariaDB console:
sudo mariadb
This will connect to the MariaDB server as the administrative database user root, which is inferred by the use of sudo when running this command. You should receive the following output:
[secondary_label Output]
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 42
Server version: 10.3.36-MariaDB-0+deb10u2 Debian 10
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
Notice that you didn't need to provide a password to connect as the root user. That works because the default authentication method for the administrative MariaDB user is unix_socket instead of password. Even though this might seem like a security concern at first, it makes the database server more secure because the only users allowed to log in as the root MariaDB user are the system users with sudo privileges connecting from the console or through an application running with the same privileges. In practical terms, that means you won't be able to use the administrative database root user to connect from your PHP application.
For increased security, it's best to have dedicated user accounts with less expansive privileges set up for every database, especially if you plan on having multiple databases hosted on your server.
You can exit the MariaDB console with the following:
exit
Your MariaDB server is now installed and secured. Next, you will install PHP, the final component in the LAMP stack.
Step 3 — Installing PHP
You have Apache installed to serve your content and MariaDB installed to store and manage your data. PHP is the component of your setup that will process code to display dynamic content to the final user. It can run scripts, connect to your MariaDB databases to get information, and hand the processed content over to your web server to display.
In addition to the php package, you will need php-mysql, a PHP module that allows PHP to communicate with MySQL-based database, such as MariaDEB. You will also need libapache2-mod-php to enable Apache to handle PHP files. Core PHP packages will automatically be installed as dependencies.
To install these packages, run the following command:
sudo apt install php libapache2-mod-php php-mysql
Once installation is complete, you can verify your PHP version with the following command:
php -v
[secondary_label Output]
PHP 7.3.31-1~deb10u2 (cli) (built: Dec 15 2022 09:39:10) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.31, Copyright (c) 1998-2018 Zend Technologies
with Zend OPcache v7.3.31-1~deb10u2, Copyright (c) 1999-2018, by Zend Technologies
In most cases, you will want to modify the way that Apache serves files. Currently, if a user requests a directory from the server, Apache will first search for a file called index.html. To instruct the web server to prefer PHP files over others, you can set Apache to search for an index.php file first.
To do this, run the following command to open the dir.conf file in your preferred text editor with root privileges. In this example, we're using nano:
sudo nano /etc/apache2/mods-enabled/dir.conf
The contents will be as follows:
[label /etc/apache2/mods-enabled/dir.conf]
<IfModule mod_dir.c>
DirectoryIndex index.html index.cgi index.pl <^>index.php<^> index.xhtml index.htm
</IfModule>
Move the PHP index file to the first position after the DirectoryIndex specification, like in the following:
[label /etc/apache2/mods-enabled/dir.conf]
<IfModule mod_dir.c>
DirectoryIndex <^>index.php<^> index.html index.cgi index.pl index.xhtml index.htm
</IfModule>
When you are finished, save and close the file. If you're using nano, you can do so by pressing CTRL+X, then Y and ENTER to confirm.
Now reload Apache's configuration:
sudo systemctl reload apache2
You can check on the status of the apache2 service with systemctl status:
sudo systemctl status apache2
[secondary_label Sample Output]
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset:
Active: active (running) since Fri 2023-01-20 22:21:24 UTC; 2min 12s ago
Docs: https://httpd.apache.org/docs/2.4/
Process: 13076 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCC
Process: 13097 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/
Main PID: 13080 (apache2)
Tasks: 6 (limit: 4915)
Memory: 13.7M
CGroup: /system.slice/apache2.service
├─13080 /usr/sbin/apache2 -k start
├─13101 /usr/sbin/apache2 -k start
├─13102 /usr/sbin/apache2 -k start
├─13103 /usr/sbin/apache2 -k start
├─13104 /usr/sbin/apache2 -k start
└─13105 /usr/sbin/apache2 -k start
At this point, your LAMP stack is fully operational, but before you can test your setup with a PHP script, it's best to set up a proper Apache Virtual Host to hold your website's files and folders. You will set this up in the next step.
Step 4 — Creating a Virtual Host for your Website
When using the Apache web server, you can create *virtual hosts* (similar to server blocks in Nginx) to encapsulate configuration details and host more than one domain from a single server. In this section, you'll set up a domain called your_domain, but you should replace this with your own domain name.
Note: In case you are using the cloud provider as a DNS provider, check out our product documentation for detailed instructions on how to set up a new domain name and point it to you server
By default, Apache serves its content from a directory located at /var/www/html, using the configuration contained in /etc/apache2/sites-available/000-default.conf. Instead of modifying the default website configuration file, you are going to create a new virtual host for testing your PHP environment. Virtual hosts enable you to keep multiple websites hosted on a single Apache server. You will also create a directory structure within /var/www for the your_domain site, leaving /var/www/html in place as the default directory to be served if a client request doesn't match any other sites.
Begin by creating the root web directory for your_domain as follows:
sudo mkdir /var/www/<^>your_domain<^>
Next, assign ownership of the directory with the $USER environment variable, which will reference your current system user:
sudo chown -R $USER:$USER /var/www/<^>your_domain<^>
Then, open a new configuration file in Apache's sites-available directory using your preferred text editor. nano is used in the following example:
sudo nano /etc/apache2/sites-available/<^>your_domain<^>.conf
This creates a new blank file. Add in the following bare-bones configuration with your own domain name:
[label /etc/apache2/sites-available/your_domain]
<VirtualHost *:80>
ServerName <^>your_domain<^>
ServerAlias www.<^>your_domain<^>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/<^>your_domain<^>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
With this VirtualHost configuration, you're telling Apache to serve <^>your_domain<^> using /var/www/<^>your_domain<^> as the web root directory. If you'd like to test Apache without a domain name, you can remove or comment out the options ServerName and ServerAlias by adding a pound sign (#) character in the beginning of each option's lines.
Save and close the file when you're done.
Now use a2ensite to enable this virtual host:
sudo a2ensite <^>your_domain<^>
You might want to disable the default website that comes installed with Apache. This is required if you're not using a custom domain name, because in this case Apache's default configuration would overwrite your Virtual Host. To disable Apache's default website, run:
sudo a2dissite 000-default
To make sure your configuration file doesn't contain syntax errors, you can run:
sudo apache2ctl configtest
Finally, reload Apache so these changes take effect:
sudo systemctl reload apache2
Next, you will create a PHP script to test that PHP is correctly installed and configured on your server.
Step 5 — Testing PHP Processing on your Web Server
Now that you have a custom location to host your website's files and folders, create a PHP test script to confirm that Apache is able to handle and process requests for PHP files.
Start by creating a new file named info.php inside your custom web root folder:
nano /var/www/<^>your_domain<^>/info.php
This will open a blank file. Add the following text, which is valid PHP code, inside the file:
[label /var/www/your_domain/info.php]
<?php
phpinfo();
When you are finished, save and close the file.
To test the script, go to your web browser and access your server's domain name or IP address, followed by the script name, which in this case is info.php:
http://<^>your_domain<^>/info.php
Here is an example of the default PHP web page:
This page provides some basic information about your server from the perspective of PHP. It is useful for debugging and to ensure that your settings are being applied correctly.
If you receive this page in your browser, then your PHP installation is working as expected.
After checking the relevant information about your PHP server through that page, it's best to remove the file you created as it contains sensitive information about your PHP environment and your Debian server. You can use rm to do so:
sudo rm /var/www/<^>your_domain<^>/info.php
You can always recreate this page if you need to access the information again later.
Step 6 — Testing Database Connection from PHP (Optional)
If you want to test whether PHP is able to connect to MariaDB and execute database queries, you can create a test table with test data and query for its contents from a PHP script. Before you do that, you need to create a database and a new MariaDB user properly configured to access it.
First, connect to the MariaDB console using the root account:
sudo mariadb
To create a new database, run the following command from your MariaDB console:
CREATE DATABASE <^>example_database<^>;
Now create a new user and grant them full privileges on the custom database you've created.
The following command creates a new user named <^>example_user<^> that authenticates with a password. We're defining this user's password as <^>password<^>, but you should replace this value with a secure password of your own choosing:
CREATE USER '<^>example_user<^>'@'%' IDENTIFIED BY '<^>password<^>';
Next, give this user permission over the <^>example_database<^> database:
GRANT ALL ON <^>example_database<^>.* TO '<^>example_user<^>'@'%';
This will give the example_user user full privileges over the example_database database, while preventing this user from creating or modifying other databases on your server.
Next, flush the privileges to ensure that they are saved and available in the current session:
FLUSH PRIVILEGES;
Following this, exit the MariaDB shell:
exit
You can test if the new user has the proper permissions by logging in to the MariaDB console again, this time using the custom user credentials:
mariadb -u <^>example_user<^> -p
Note the -p flag in this command, which will prompt you for the password used when creating the example_user. After logging in to the MariaDB console, confirm that you have access to the example_database:
SHOW DATABASES;
This will give you the following output:
[secondary_label Output]
+--------------------+
| Database |
+--------------------+
| <^>example_database<^> |
| information_schema |
+--------------------+
2 rows in set (0.000 sec)
Next, create a test table named todo_list. From the MariaDB console, run the following statement:
CREATE TABLE <^>example_database<^>.<^>todo_list<^> (
item_id INT AUTO_INCREMENT,
content VARCHAR(255),
PRIMARY KEY(item_id)
);
Insert a few rows of content in the test table. Repeat the next command a few times, using different values to populate your test table:
INSERT INTO <^>example_database<^>.<^>todo_list<^> (content) VALUES ("<^>My first important item<^>");
To confirm that the data was successfully saved to your table, run:
SELECT * FROM <^>example_database<^>.<^>todo_list<^>;
You will receive the following output:
[secondary_label Output]
+---------+--------------------------+
| item_id | content |
+---------+--------------------------+
| 1 | My first important item |
| 2 | My second important item |
| 3 | My third important item |
| 4 | and this one more thing |
+---------+--------------------------+
4 rows in set (0.000 sec)
After confirming that you have valid data in your test table, you can exit the MariaDB console:
exit
Now you can create the PHP script that will connect to MariaDB and query for your content. Create a new PHP file in your custom web root directory using your preferred editor. nano is used in this example:
nano /var/www/<^>your_domain<^>/<^>todo_list.php<^>
The following PHP script connects to the MariaDB database and queries for the content of the todo_list table, exhibiting the results in a list. If there's a problem with the database connection, it will throw an exception.
Add this content into your todo_list.php script, remembering to replace the <^>example_user<^> and <^>password<^> values with your own:
[label /var/www/your_domain/todo_list.php]
<?php
$user = "<^>example_user<^>";
$password = "<^>password<^>";
$database = "<^>example_database<^>";
$table = "<^>todo_list<^>";
try {
$db = new PDO("mysql:host=localhost;dbname=$database", $user, $password);
echo "<h2>TODO</h2><ol>";
foreach($db->query("SELECT content FROM $table") as $row) {
echo "<li>" . $row['content'] . "</li>";
}
echo "</ol>";
} catch (PDOException $e) {
print "Error!: " . $e->getMessage() . "<br/>";
die();
}
Save and close the file when you're done editing.
You can now access this page in your web browser by visiting the domain name or public IP address for your website, followed by /todo_list.php:
http://<^>your_domain<^>/todo_list.php
This web page will reveal the content you've inserted in your test table to your visitor:
That means your PHP environment is ready to connect and interact with your MariaDB server.
Conclusion
In this guide, you've built a flexible foundation for serving PHP websites and applications to your visitors, using Apache as a web server and MariaDB as the database system.
As an immediate next step, you should ensure the connections to your web server are secured, by serving them via HTTPS. To accomplish that, you can use Let's Encrypt. You can also read our guide on How to Install and Use Composer for dependency and package management in PHP.
