Saturday, 6 December 2014

Up and Away - Setting up a LAMPi

Acknowledgements:
For guidance I found a great article by Etel Sverdlov on Digital Ocean.  Written for Ubuntu 12.04 - but none the less still valid
https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-ubuntu


Installing a LAMP (server) on your Raspberry Pi

This is something that I have done a number of times now, but I've always dashed in and just done it in whatever order worked.  Having looked at this in a bit more of a planned manner, I read Etel Sverdlov's article first, and that made a lot of sense.  What I'm attempting to present here is based upon that, but with a few updates to call out some important points.

Step 1 - Latest repositories

First of all, need to update the repositories for aptitude (I prefer aptitude to apt-get - use apt-get if you wish)

sudo aptitude update



Step 2 - Install Apache2

Apache2 is a nice web server.  Get used to it and it can be really friendly to use and administer.  To install:

sudo aptitude install apache2

It's pretty straight forward.  You'll be asked to confirm the installation of new files - just answer 'y'.  Once that is done, then it is time to test your Apache2 installation using your browser.  If you are running the Pi GUI on your RasPi, point your browser at 127.0.0.1.  If like me, you are setting up your RasPi to be a headless server, with only the command line interface, you'll have to point another machine on your network at the RasPi's address.  You should see a web page like this:






IMPORTANT!
During the Apache2 installation, there was one message - "Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName".  This possibly happened on your install too.  Depending on what you want to do with your RasPi, this may need to be addressed later on.  For now, I'm letting it slide.  Let's call it a Priority 2 TODO

Now you may have read my previous post, where I setup multiple IP addresses on the RasPi NIC at eth0 through aliases.  So when I point my browser at the root address of the alias, I still get Apache's default index page.  So, the web server is running, on both aliases.  This is a bit more urgent - let's say a Priority 1 TODO.

I'll come back to these points in future posts.  Moving on for now.


Step 3 - Install MySQL


MySQL is quite a nice bit of kit.  Haven't used it enough.  And full credit to Etel, I've followed her instructions quite closely this time.  In the past I was quite nervous about attempting an install without the test DB, and without other features, but as Etel rightly point's out, these aren't necessary, and fixing them now will lead to a tighter installation, better for security.  Keeping in mind that this RasPi is due to be effectively a production level machine, that's what we need.

Installing MySQL is a bit more involved, with a few choices to be made.  To kick off the process:

sudo aptitude install mysql-server libapache2-mod-auth-mysql php5-mysql

From this command, your system may detect some conflicts in the packages, particularly apache2-mpm-prefork vs apache2-mpm-worker. Where we go from here depends upon what you want to do with your box.

For mine, I'm going to accept removing apache2-mpm-worker module. The apache2-mpm-worker is a more memory efficient module for handling multiple calls using thread processing.  However it constrains then that you should only use thread safe calls, and this module is known to have issues with PHP.  If we were building a dedicated MySQL box, without the Apache and PHP components, for a large, highly scalable commercial system, I would probably recommend differently.  But for a low volume server, where system performance is non-critical, where some code used may not be thread-safe, I am choosing apache2-mpm-prefork.

Set the MySQL Root password when prompted.  Just get it done and dusted.  You can do it later, but doing it now will help avoid forgetting later.

Next, set-up and configure the database with the following commands:

sudo mysql_install_db

sudo /usr/bin/mysql_secure_installation


The system should prompt you for the MySQL Root password:

Enter current password for root (enter for none):


OK, successfully used password, moving on...


Now come the important security choices in the MySQL installation.  The first will be the choice to remove anonymous users.  For me, this is a no-brainer.  Unless you want to setup a publicly accessible free-to-play database server, there is no reason.  To support a web server, your install should only have known users with roughly three levels of access; root for admin, developer accounts for developing (or deploying/troubleshooting), and web app/service accounts for the applications that are going to consume the database.  So, that's a yes to removing anonymous users.

Remove anonymous users? [Y/n] y                                           
 ... Success!


Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y

... Success!



HOLD THE FORT!  Don't let root login remotely?  How will we administer this?  Don't stress, before putting the RasPi to it's final config, we will create the other user accounts.  If however, you are already running your RasPi through SSH, you may wish to choose 'n' for this option for now. (Just note down for later that you need to change it)

Removing the default test database is another no-brainer.  For this to be a production level box, we should not have any test artifacts.  If this was for a development server, or a classroom education server, I'd say keep it, but for this one, it's going.

Remove test database and access to it? [Y/n] y

 - Dropping test database...

 ... Success!

 - Removing privileges on test database...

 ... Success!


Reloading the privilege tables will ensure that all changes made so far will take effect immediately.

Reload privilege tables now? [Y/n] y

 ... Success!


Step 4 - Install PHP

Installing PHP is pretty straight forward, but there will be some more choices to be made along the way.  Let's start with:

sudo aptitude install php5 libapache2-mod-php5 php5-mcrypt

Then as the chosen packages are identified, we have another choice to make, a conflict between libapache2-mod-php5filter and libapache2-mod-php5.  "What's the difference?" you ask - well here goes:

  • libapache2-mod-php5filter is not thread safe, so if you opted for apache2-mpm-worker in MySQL (see above), do not use libapache2-mod-php5filter
  • libapache2-mod-php5filter does not pass PUT and OPTIONS calls to the PHP processor - sends them straight to Apache and can break WebDAV - possibly not good for collaboration platforms

So, with this reasoning together, my selection was easy - libapache2-mod-php5 stays.

Next we want to make sure that if we have a PHP coded index page for a site, that it will get recognised as the index page.  This may, or may not have been put into the dir.conf file during installation.  Double check by using sudo to open dir.conf in your preferred editor.


sudo nano /etc/apache2/mods-enabled/dir.conf

If necessary add index.php to the beginning of index files. The page should now look like this:

<IfModule mod_dir.c>

          DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm

</IfModule>


Check!

Next, you may want to add some extra modules to extend the PHP functionality.  This does not need to be done right now, but if you want to, check which modules are available in the repositories first:

apt-cache search php5-

Choose your modules and install.  Finally test the PHP install.  Use your preferred text editor to create the following file: /var/www/info.php

<?php
phpinfo();
?>


Then restart Apache

sudo service apache2 restart

Now test the page in your browser:  127.0.0.1/info.php
If you see a page like the one below, all has been successful.