Tuesday, March 12, 2013
How to Install a LAMP (Linux-Apache-MySQL-PHP) Server on CentOS 6
LAMP (Linux-Apache-MySQL-PHP) servers power a huge portion of the global Internet. If you're using Wordpress, Joomla!, Drupal, or any of the myriad other content management systems, you're probably running them on a LAMP server.
In this blog post, I'll show you the basics of installing the LAMP stack on an existing server running CentOS 6.3.
You must have root access to a server running CentOS 6.x. These procedures should also work on a RedHat 6.x installation. The server should have access to the public Internet, either directly or through a firewall or router, as indicated in the network diagram. You should also be comfortable working in the command-line interface, including the use of yum to install software and vi (or any text editor) to edit configuration files. For this tutorial, I'm using a server named centos6.soundtraining.local configured with an IP address of 192.168.101.3. You'll probably want to use a different host name and IP address.
The Companion Video
Installing Apache 2
Use yum to install Apache2, configure Apache to start when the server is powered up, and start Apache (the -y switch automatically confirms that you want to continue the installation):
yum -y install httpd
chkconfig --levels 3 httpd on
service httpd start
Test your installation by pointing a browser to http://192.168.101.3. You should see the default Apache landing page. If not, check that the Linux firewall isn't preventing connections. You can use the command system-config-firewall to check and modify, if necessary.
As with Apache, use yum to install the MySQL client and MySQL server, configure the MySQL server to start at power up, and start the server:
yum -y install mysql mysql-server
chkconfig --levels 3 mysqld on
service mysqld start
Configuring MySQL's Initial Security
As a MySQL administrator, there are many security considerations. For the purpose of this tutorial, we'll take care of some of the basics, including setting a root password, removing anonymous users, disallowing remote root logins, and removing the test database. Use the following command to run a script that will prompt you through the previous procedures:
Say yes to Set root password?, enter and confirm the root password, as shown in the screen capture:
Say yes to Remove anonymous users?, say yes to Disallow root login remotely?, say yes to Remove test database and access to it?, and finally, say Yes to Reload privilege tables now?
As with Apache and MySQL, we'll use yum to install PHP, then we'll restart Apache to enable PHP on our server:
yum -y install php
service httpd restart
Testing the PHP Installation
Use vi (or your favorite text editor) to create a file called info.php in the document root of your new Apache server (the document root is typically in the path indicated below, but yours' might be different):
In the blank file, enter the following lines of text (if you're using vi, you can enable input mode by pressing the i key):
(When you're finished entering the above information, if you're using vi, press ESC, then enter :wq to save the file.)
Now, point a browser to http://192.168.101.3/info.php and you should see the PHP info page. If you're not able to see the PHP Info page, you may need to modify your firewall's configuration to allow port 80 (WWW) traffic to reach the server, as detailed in the next section. If you are able to connect to the PHP Info page, you can skip the next section and go to the section titled Adding Additional Modules.
The PHP Info Page
Allowing Port 80 Traffic to the Server
If you can't reach the PHP Info page, your CentOS server may have a firewall enabled. The easiest way to allow port 80 (WWW) traffic to reach the server is by using the system-config-firewall tool. At a command prompt, issue the command system-config-firewall.
When the system-config-firewall tool opens, use your tab key to move the highlight to the Customize button and press the Enter key.
In the Trusted Services window, use the down arrow key to move the highlight to WWW (HTTP) and press the space bar to select WWW (HTTP) as a trusted service. (You may want to do the same thing with Secure WWW (HTTPS).) Then, use your tab key to move the highlight to the Close button and press the Enter key.
In the Firewall Configuration window, use your tab key to move the highlight to the OK button and press the Enter key to apply the changes.
Now, try connecting to http://192.168.103.1/info.php in a browser again. This time it should work.
Adding Additional Modules
If you examine this page, you can see all the modules that are loaded automatically in a base installation of PHP. You'll notice that MySQL is not supported by default, so you must load the necessary MySQL PHP modules. The exact modules you'll need will vary based on your intended use of the server. You'll definitely need php-mysql. For a Wordpress installtion, for example, you'll probably need php-gd for things like picture thumbnails, php-xml and php-xmlrpc for import and export. PHPMyAdmin requires php-mbstring, php-odbc, and php-pear. Use the following command to install these modules:
yum install php-mysql php-gd php-mbstring php-odbc php-pear php-xml php-xmlrpc
I've seen other tutorials recommend php-imap and php-ldap as part of a generic LAMP installation, but unless you know you need them, I'd leave them out. My thought is, as usual, to keep the installation as lightweight as possible to avoid having any unnecessary components running, thus reducing the attack surface.
You will most likely want to install phpMyAdmin to help manage the database. I've created a separate tutorial for that here in another blog post.
For More Linux Configuration Information
Pick up a copy of my configuration guide The Accidental Administrator: Linux Server Step-by-Step Configuration Guide or my Linux command reference Tweeting Linux: 140 Linux Configuration Commands Explained in 140 Characters or Less, both available through Amazon and other resellers.
Please Leave a Comment
If you find this tutorial helpful or if you notice something that needs to be corrected, please leave a comment.