Debian LAMP Environment Configuration Guide

The LAMP stack (Linux, Apache, MySQL/MariaDB, PHP) is a classic web development environment. This guide walks through installing and configuring each component on Debian, along with essential optimizations and security measures.

1. Update System Packages

Before installing any software, update your system to ensure you have the latest security patches and package versions:

sudo apt update && sudo apt upgrade -y

2. Install Apache Web Server

Apache is the most widely used web server for Debian. Install it with:

sudo apt install apache2 -y

After installation, Apache starts automatically. Verify its status:

sudo systemctl status apache2

You should see active (running). To confirm Apache is accessible, open a browser and navigate to your server’s IP address—you’ll see the default Apache welcome page.

3. Install MariaDB (MySQL-Compatible Database)

Debian uses MariaDB as the default MySQL alternative. Install it with:

sudo apt install mariadb-server -y

Run the security script to harden your database:

sudo mysql_secure_installation

Follow the prompts to:

• Set a strong root password.
• Remove anonymous users.
• Disallow remote root login.
• Remove the test database.
• Reload privilege tables.

4. Install PHP and Essential Extensions

Install PHP and common extensions for web development (e.g., MySQL support, JSON parsing):

sudo apt install php libapache2-mod-php php-mysql php-cli php-fpm php-gd php-mbstring php-curl php-xml -y

Key extensions:

• php-mysql: Enables PHP to interact with MySQL/MariaDB.
• php-fpm: Improves performance for handling PHP requests (recommended for high-traffic sites).
• php-gd/php-mbstring: Support for image manipulation and multibyte characters.

5. Configure PHP

Edit the PHP configuration file to adjust settings like memory limit and upload size. For PHP running under Apache:

sudo nano /etc/php/8.2/apache2/php.ini

(Uncomment and modify these lines as needed—adjust values based on your server’s resources):

memory_limit = 256M
upload_max_filesize = 10M
post_max_size = 10M
max_execution_time = 300

For PHP-FPM (if installed), edit the pool configuration:

sudo nano /etc/php/8.2/fpm/pool.d/www.conf

Ensure the following lines are uncommented and set correctly:

listen = /run/php/php8.2-fpm.sock
listen.owner = www-data
listen.group = www-data

Restart services to apply changes:

sudo systemctl restart apache2
sudo systemctl restart php8.2-fpm  # Only if using PHP-FPM

6. Test PHP Functionality

Create a test file in Apache’s default document root to verify PHP is working:

sudo nano /var/www/html/info.php

Add the following content:

<?php phpinfo(); ?>

Save the file and access it in your browser at http://your_server_ip/info.php. You should see a detailed PHP information page—this confirms PHP is correctly installed and integrated with Apache.

7. Configure Apache Virtual Hosts (Optional but Recommended)

Virtual hosts allow you to host multiple websites on a single server. Create a new configuration file for your site:

sudo nano /etc/apache2/sites-available/example.com.conf

Add this template (replace example.com with your domain and /var/www/example.com with your document root):

<VirtualHost *:80>
    ServerAdmin webmaster@example.com
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com
    ErrorLog ${APACHE_LOG_DIR}/example.com_error.log
    CustomLog ${APACHE_LOG_DIR}/example.com_access.log combined
    <Directory /var/www/example.com>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

Enable the site and disable the default site:

sudo a2ensite example.com.conf
sudo a2dissite 000-default.conf

Reload Apache to apply changes:

sudo systemctl reload apache2

8. Enable HTTPS with Let’s Encrypt (Optional but Highly Recommended)

HTTPS encrypts traffic between your server and users. Install Certbot (a tool for obtaining free SSL certificates) and the Apache plugin:

sudo apt install certbot python3-certbot-apache -y

Obtain a certificate for your domain:

sudo certbot --apache -d example.com -d www.example.com

Certbot will automatically configure Apache to use HTTPS and set up automatic renewal. Verify HTTPS works by accessing https://your_domain.com in your browser (you should see a padlock icon).

9. Configure Firewall (Optional but Recommended)

Use ufw (Uncomplicated Firewall) to allow only necessary traffic (HTTP/HTTPS). Install ufw if not already installed:

sudo apt install ufw -y

Allow Apache and HTTPS traffic:

sudo ufw allow 'Apache Full'

Enable the firewall:

sudo ufw enable

Check the status to confirm rules are applied:

sudo ufw status

10. Secure Your LAMP Environment

• Change Default Credentials: Update the MySQL root password from the default (set during mysql_secure_installation).
• Restrict File Permissions: Ensure website files have proper ownership (e.g., www-data for Apache) and permissions (e.g., 755 for directories, 644 for files).
• Regular Updates: Run sudo apt update && sudo apt upgrade -y weekly to patch vulnerabilities.
• Backup Data: Use tools like rsync or cloud backups to regularly back up your website files and database.

By following these steps, you’ll have a secure, functional LAMP environment on Debian ready for web development. Adjust configurations (e.g., PHP versions, virtual hosts) based on your project requirements.