Minimal setup of Apache2, MariaDB, PHP, HTTP Proxy, phpMyAdmin, and WordPress.

16 Dec

A detailed setup on how to install Apache, MariaDB, PHP, minimal Apache2 modules to get everything up and running.

This post also details on how to create a non-SSL Apache configuration file, an SSL Apache SSL configuration file, as well as a Proxy Apache configuration file.

Let’s start by updating the repository data and performing a system update:

apt-get update
apt-get upgrade

Next, install OpenSSH server so we can use another computer (copy and paste)

apt-get install openssh-server

A while back, root SSH logins were disabled by default, so we need to enable it:

nano /etc/ssh/sshd_config

Edit line #32:

PermitRootLogin yes

Restart the SSH server to reload the new configuration:

service sshd restart

Now install the required software:

apt-get install net-tools vnstat ntp apache2 php libapache2-mod-php7.0 php-mysql php-mbstring mariadb-server ca-certificates

Complete the MariaDB (replacement for MySQL) installation:

mysql_secure_installation

Create directories which will hold website data:

mkdir -p /var/vhosts/domain-name/www
mkdir -p /var/vhosts/phpmyadmin.domain-name/www

Download the desired version of WordPress and phpMyAdmin:

cd /tmp
wget https://en-ca.wordpress.org/wordpress-4.9.9-en_CA.tar.gz
tar xzf wordpress-4.9.9-en_CA.tar.gz
wget https://files.phpmyadmin.net/phpMyAdmin/4.8.4/phpMyAdmin-4.8.4-english.tar.gz
tar xzf phpMyAdmin-4.8.4-english.tar.gz

Copy the extracted files to the directories you created:

cd /tmp/wordpress
cp * -R /var/vhosts/domain-name/www
cd /tmp/phpMyAdmin-4.8.4-english
cp * -R /var/vhosts/phpmyadmin.domain-name/www

Create an Apache website configuration file:

nano /etc/apache2/sites-available/domain-name.conf

Add the following to the config file:

<VirtualHost 0.0.0.0:80>
ServerName domain-name

Redirect / https://domain-name/

</VirtualHost>

<VirtualHost *:443>
ServerName domain-name

SSLEngine on

SSLCertificateFile /var/vhosts/domain-name/ssl/domain-name.crt
SSLCertificateKeyFile /var/vhosts/domain-name/ssl/domain-name.key
SSLCertificateChainFile /var/vhosts/domain-name/ssl/ca-cert.crt

DocumentRoot "/var/vhosts/domain-name/www"

<Directory />
AllowOverride All
Require all granted
</Directory>

</VirtualHost>

AllowOverride All instructs Apache to respect the options in the .htaccess file (included with WordPress). If you don’t enable AllowOverride All you will not be able to use RewriteEngine (unless defined elsewhere).

Create another Apache configuration file (phpMyAdmin does not have an .htaccess file):

nano /etc/apache2/sites-available/phpmyadmin.domain-name.conf

Add the config file content:

<VirtualHost 0.0.0.0:443>
ServerName phpmyadmin.domain-name

SSLEngine on

SSLCertificateFile /var/vhosts/domain-name/ssl/domain-name.crt
SSLCertificateKeyFile /var/vhosts/domain-name/ssl/domain-name.key
SSLCertificateChainFile /var/vhosts/domain-name/ssl/ca-cert.crt

DocumentRoot "/var/vhosts/phpmyadmin.domain-name/www"
    
<Directory />
Require all granted
</Directory>

</VirtualHost>

Allow access to phpMyAdmin (you cannot login as root as of MySQL v5.7):

mysql -u root -p

Create a user that can use phpMyAdmin (instead of root):

CREATE USER 'phpmyadmin'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'phpmyadmin'@'%' WITH GRANT OPTION;
quit;

Create another directory to hold SSL private key, cert, and chain cert:

mkdir -p /var/vhosts/domain-name/ssl

Add your cert data:

nano /var/vhosts/domain-name/ssl/domain-name.crt
nano /var/vhosts/domain-name/ssl/domain-name.key
nano /var/vhosts/domain-name/ssl/ca-cert.crt

Let’s create an Apache site which will serve as a proxy:

nano /etc/apache2/sites-available/sabnzbdplus.domain-name.conf

Add the config file content:

<VirtualHost 0.0.0.0:80>
ServerName sabnzbdplus.domain-name

Redirect permanent / https://sabnzbdplus.domain-name/

</VirtualHost>

<VirtualHost *:443>
ServerName sabnzbdplus.domain-name

SSLEngine on

SSLCertificateFile /var/vhosts/domain-name/ssl/domain-name.crt
SSLCertificateKeyFile /var/vhosts/domain-name/ssl/domain-name.key
SSLCertificateChainFile /var/vhosts/domain-name/ssl/ca-cert.crt

ProxyPass / http://192.168.24.42:8080/
ProxyPassReverse / http://192.168.24.42:8080/

</VirtualHost>

We’ve been downloading and coping data user the user root, Apache runs as “www-data”, so we need to change the owner on the directories and files which hold web data:

chown -R www-data:www-data /var/vhosts

Enable a few Apache modules:

a2enmod rewrite proxy_http ssl

Simply enable the websites you created:

a2ensite domain-name.conf phpmyadmin.domain-name.conf sabnzbdplus.domain-name.conf

Restart Apache to set everything as active:

systemctl reload apache2

Leave a Reply

Your email address will not be published.