After you’ve hardened your server by disabling root logins, using private keys, and installing a firewall, it’s time to install the Apache web server. If you’re using an admin interface like cPanel/WHM, you have GUI tools to do this for you. But in this tutorial, I’m going to focus on operations from the command line to install Apache on Linux. This will be more or less the same for all version of Linux – only the package manager will differ. So in these examples I’m using “yum” for CentOS. If you’re using Ubuntu, you need to use “apt-get” etc. So let’s get started.
Step 1: Enabling the EPEL Repository
Since some of the required packages are not available through the main CentOS repository, you must enable the EPEL repository (Extra Packages for Enterprise Linux). As root, run these commands:
rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY*
rpm --import https://fedoraproject.org/static/0608B895.txt
yum -y install epel-release
Step 2: Removing the Previous PHP Version
It is essential to remove the existing PHP packages (if there are any) since Apache will need the PHP7 packages to run PHP scripts:
yum -y remove php-cli mod_php php-common
Step 3: Enabling the PHP7 Repository
Since PHP7 has not been officially packaged for major distributions, we’ll use the packages from the IUS Community Project. Here’s how to install the IUS repository:
curl 'https://setup.ius.io/' -o setup-ius.sh
chmod 0755 setup-ius.sh
Step 4: Enabling the MariaDB 10.2 Repository
By default, Yum will install MariaDB 5.5. In order to force Yum to install MariaDB 10.3, you must create a file named MariaDB.repo in /etc/yum.repos.d:
Insert the following content into the newly created file:
name = MariaDB-10.2.3
baseurl = http://yum.mariadb.org/10.2.3/centos7-amd64
You can browse the MariaDB repositories if you wish to install a different version of MariaDB.
Step 5: Installing the Required Modules
You can install all the required packages using a single yum command (I assume you’re logged into root):
yum -q -y install httpd mod_ssl mod_php71u php71u-cli php71u-mbstring php71u-mcrypt php71u-mysqlnd php71u-json MariaDB-server MariaDB-client MariaDB-devel
This will pull the required packages and their dependencies from the repositories. Again, keep in mind that you should change this command depending on your specific flavor of Linux. Running the above command will look like this:
Confirm the download of packages and wait for it to finish. And you’re done! Apache, PHP 7, and MariaDB 10.2 are installed.
Step 6: Check if the httpd Service is Running
Package installation doesn’t mean that it’s automatically running. To verify whether or not Apache is running on your server, type the following command:
systemctl status httpd
This will show you an output like this:
As you can see, the current status is “inactive”. This means that Apache isn’t running yet and won’t be able to service any requests. So we need to manually start it.
Step 7: Starting Apache HTTPD Server
To start Apache, use the following:
systemctl start httpd
This won’t generate any output, but Apache will start running in the background. Using the previous step, you can now check once again to see if the httpd service is active. If so, it’ll highlight the status in green as shown here:
Step 8: Open up your Firewall Port
Apache uses port 80 by default and port 443 for SSL to receive incoming connections. Depending on your firewall setup, these ports might not be open. If you’re using ConfigServer Firewall for example, the list of open ports is located in the following file:
Open it and scroll down till you see the line starting with TCP_IN. It’ll show you a list of ports separated by a comma. Make sure that 80 and 443 are among the opened ports:
So use whatever command is necessary for your specific firewall. After that, you’ll probably need to restart the firewall for the rules to take effect. With CSF, the command to achieve that is:
Now that port 80 is open and Apache is running, we can test to see if everything is working.
Step 9: Testing Apache
To test if all is well, simply open a browser and visit your server by typing in the IP address or the domain name into the address bar using http. If all the above steps have gone smoothly, you should see a page like this:
This means that Apache is up and running and working fine!
Step 10: Setting Apache to Run on Boot
Even though Apache is running right now, httpd will not persist through server reboots. To make that happen, we need to enable the service. Doing this is simple. Just use:
systemctl enable httpd
This will show a message after execution and return you to the prompt:
And we’re done with Apache. In a few easy steps, we’ve managed to install Apache on Linux, start the service, enable it on boot, and configure it to receive incoming HTTP connections over ports 80 and 443.
Step 11: Testing PHP 7.1
To make sure that PHP7 is working correctly, create a file named phpinfo.php and save it to /var/www/html:
Add the following content to the PHP file and save it:
<?php phpinfo(); ?>
Now open http://[your server hostname]/phpinfo.php using your web browser. You should get the information page for PHP:
Make sure to delete the phpinfo.php file when you are done since it exposes your PHP configuration to the whole world:
Step 12: Starting the MariaDB Server
In order for the MariaDB server to start automatically at boot, use this command:
systemctl enable mariadb
Next, start the MariaDB server:
systemctl start mariadb
Step 13: Securing the MariaDB Server
As root, run the mysql_secure_installation script to harden your MariaDB server:
Make sure to specify the MariaDB root password, remove the anonymous users and disallow remote root login.
Step 14: Creating a New MariaDB User and Database
We’re now going to create a test database as well as a MariaDB user. To do so, we’ll use the “mysql” command line tool. Type this command and enter your MariaDB root password when prompted:
mysql -u root -p
You will get a command prompt like this:
Now we’ll create a database named “maindb” and a user named “johndoe”:
MariaDB [(none)]> create database maindb;
MariaDB [(none)]> create user 'johndoe'@localhost identified by 'password';
MariaDB [(none)]> grant all on maindb.* to 'johndoe' identified by 'password';
MariaDB [(none)]> exit;
Step 15: Installing phpMyAdmin
Since I wanted to show you how to test the connection to the MariaDB server using PHP 7, I figured it would be best to install phpMyAdmin. phpMyAdmin is a PHP application that allows you to manage MySQL and MariaDB databases through a web interface.
Since the phpMyAdmin package for CentOS depends on PHP 5 packages, it will not be possible to install it using Yum. Here’s how to install phpMyAdmin manually:
tar xvzf phpMyAdmin-22.214.171.124-all-languages.tar.gz
mv phpMyAdmin-126.96.36.199-all-languages phpmyadmin
mv phpmyadmin /var/www/html/
chown -R nobody.nobody /var/www/html/phpmyadmin
Next you need to create a configuration file. Copy the sample file provided with phpMyAdmin:
cp /var/www/html/phpmyadmin/config.sample.inc.php /var/www/html/phpmyadmin/config.inc.php
Set the value for the $cfg[‘blowfish_secret’] parameter. The minimum length for the password is 32 characters:
$cfg['blowfish_secret'] = 'my_blowfish_secret_32_chars';
Save the file and exit the editor. Open your web browser to http://[your server hostname]/phpmyadmin and use the johndoe account credentials you created earlier to log in:
If all is working well, you should now be able to manage your databases through phpMyAdmin.
So that’s it, you now have a brand new web server running Apache 2.4, PHP 7.1 and MariaDB 10.2. This is a pretty basic setup so feel free to add your recommendations in the comments.