← Writings

Setup Apache site in Ubuntu in 10 minutes

01 Sep, 2022

I often find myself setting up a new domain/website for a new project. In order to streamline the setup process, I have this handy guide with step by step instructions on how to setup an Apache server on Ubuntu in 10 minutes.

  1. Install the latest LAMP module from the Digital Ocean marketplace.
  2. Add a new sudo user using the following commands:
    • adduser advait
    • usermod -aG sudo advait
  3. Upgrade all existing dependencies using the following commands:
    • sudo apt update
    • sudo apt upgrade
    • sudo apt full-upgrade
    • sudo apt autoremove
    • sudo reboot
  4. Setup domain folders by creating the following directories in /var/www/:
    • cd /var/www/
    • sudo mkdir domain.ext
    • cd domain.ext
    • sudo mkdir cron_scripts
    • sudo mkdir executables
    • sudo mkdir public_html
    • sudo touch public_html/index.html
  5. Secure the directory permissions using the following commands:
    • sudo chown -R advait /var/www/
    • sudo chgrp -R www-data /var/www/
    • sudo chmod -R 750 /var/www/
    • sudo chmod g+s /var/www/
  6. Setup Apache Virtual Hosts using the following commands:
    • cd /etc/apache2/sites-available/
    • Remove any existing files using sudo rm -rf *
    • sudo vi domain.ext.conf
    • Enter the following Virutal Host template and replace the variables with the correct values

      •     ServerAdmin [email protected]
            ServerName domain.ext
            ServerAlias www.domain.ext
            DocumentRoot /var/www/domain.ext/public_html/
            ErrorLog ${APACHE_LOG_DIR}/error.log
            CustomLog ${APACHE_LOG_DIR}/access.log combined
    • Enable the site using sudo a2ensite domain.ext.conf
    • Disable the default site using sudo a2dissite 000-default.conf
    • Reload Apache configurations using sudo systemctl reload apache2
  7. Verify that the configuration syntax is OK with sudo systemctl status apache2
  8. Restart the server using the following command: sudo systemctl restart apache2
  9. Harden the Apache configuration:
    • cd /etc/apache2
    • sudo vi apache2.conf
    • Edit the to match:

      •         Options -Indexes
                AllowOverride All
                Require all granted
                ServerSignature Off
  10. Configure MySQL to turn off strict mode, turn off verbose logging, and enable SSL-based remote access (for later backups):
    1. cd /etc/mysql/
    2. sudo vi my.cnf (or sudo vi mysql.cnf)
    3. If you see a line with [mysqld] then add the following items below it, else scroll to the bottom and add a new line with [mysqld] and then add the following items below it:
      • [mysqld]
        sql_mode = ""
        disable_log_bin
        require_secure_transport = ON
        bind-address = 0.0.0.0
    4. sudo reboot
  11. Setup PHPMyAdmin:
    1. Go to the website root directory using: cd /var/www/domain.ext/public_html/
    2. Create the database directory using the following command: mkdir database
    3. Get the latest PHPMyAdmin application download URL from https://www.phpmyadmin.net/downloads/ and download the zip file using the following command: wget https://files.phpmyadmin.net/phpMyAdmin/5.2.0/phpMyAdmin-5.2.0-all-languages.zip
    4. Install zip/unzip: sudo apt install zip unzip
    5. Unzip PHPMyAdmin and rename the unzipped folder to a random value like dEpofpP923iFFoid
    6. cd dEpofpP923iFFoid
    7. mv config.sample.inc.php config.inc.php
    8. sudo vi config.inc.php 
      1. Add a randomized string for the Blowfish secret
      2. Add the following to the cfg array
        1. $cfg['TempDir'] = '/tmp';
        2. $cfg['ExecTimeLimit'] = 0;
        3. $cfg['TablePrimaryKeyOrder'] = 'DESC';
  12. Change your DNS A record to match your server's IP address.
  13. Setup HTTPS for your domain via CertBot's instructions
  14. Setup a MYSQL user for PHPMyAdmin database administration:
    1. Enter MYSQL using the following command: sudo mysql
    2. Create a MYSQL user with all access using the following commands:
      1. CREATE USER 'adminUser'@'localhost' IDENTIFIED BY 'password';
      2. GRANT ALL PRIVILEGES ON *.* TO 'adminUser'@'localhost' WITH GRANT OPTION;
      3. FLUSH PRIVILEGES;
  15. Similarly, setup a MYSQL user for programmatic access (without administration privileges)
  16. Install PHP Composer and dependancies using sudo apt-get install php-curl and install any dependancies in the composer.lock file using composer update 
  17. Import any old database data using mysql -u username -p database_name < file.sql