1. Introduction
· We’re going to install the Ubuntu Server operating system.
· We’re going to install an OpenSSH server. This allows you to administer your server from remote computers.
· A LAMP (Linux, Apache, MySQL, and PHP) stack is going to be installed.
· In order to follow this tutorial, you’re going to need a few items:
· A computer to use as your server. It doesn’t need to be powerful; as long as it’s not ancient, it’ll work fine.
· A CD burner and a blank CD. These are so that you can burn Ubuntu to a disk in order to install it.
2. Download Ubuntu Server
Now you need to burn the ISO (the file that you downloaded) to a blank CD
3. Install Ubuntu Server
Now that you’ve downloaded and burned the ISO, let’s get Ubuntu installed on your server. Put the disk in the drive, and boot from the CD. In most modern computers, this will happen by default if a disk is in the drive when you turn it on. If it doesn’t, then you need to press a key on your keyboard right when you turn it on. For my laptop, it’s F12, and for my server, it’s F2. It just depends on your computer.
Select your language, and hit enter. Now you’ll see this screen:
Select “Install Ubuntu Server”, and away we go!
The installer will now ask you if you want it to detect your keyboard layout. Personally, I always choose no, because
it’s faster to select a standard american keyboard from the list than to have the installer detect it. Either option is fine,
just follow the on-screen instructions.
After you’ve done that, you’ll now see a bunch of loading screens saying things like “Detecting CD-ROM drives” and such.
These should pass quickly and without problems. However, during these screens, the installer will try to auto-configure your
network settings. For most cases, this will work without complaint. However, if it doesn’t work for you, just follow the
on-screen instructions to get it working.
After it’s done with all of that, it will ask you for a host name. You can usually set this to anything; I always set
mine to “web-server”.
The system will now want you to set the time zone for your clock. For me, it’s Pacific. Choose the one that applies to
you.
Now, the system will detect more hardware, and you’ll be prompted to “partion the disk(s)”. Select “Guided – use entire
disk”.
You will now need to select the disk you wish to partition. For most setups, only one disk will be available; however,
for more specialized systems, more options will be available here. Choose the one that applies to you.
It will ask you if you want to write the changes to the disk. Select “Yes” and hit enter. The installer will now proceed
to format the drive and set up the partitions.
Now the magic happens. The system will begin to install. While this happens, go get a cup of coffee. This can take anywhere
from 10 minutes to an hour. It just depends on your system. There might be times that it seems like it’s frozen; don’t worry,
it isn’t. Just let it do it’s thing. However, if it’s stuck on one thing for upwards of an hour, then yes, it is frozen.
Now that the system is installed, it needs to set up the account you are going to login with. First, give it your full
name and hit “Continue”.
Now give it your username. It will normally just set it as your first name,
but you can change it. One name you may not use is “root”.
The system will now attempt to configure the “Package Manager” (we’ll get to what that is shortly). Provide it with your
proxy information, or leave it blank if you don’t use a proxy, and select “Continue”.
The system will now scan several servers looking for updates and configuration settings.
After that has completed, you will be presented with several options to install server software. Now, listen VERY carefully.
Select OpenSSH server, and press SPACE, NOT ENTER. If you hit enter, the install will proceed without installing the OpenSSH server.
You could install “LAMP server” as well, but I have no experience with this option, so we’re going to install it all with a different
command later on.
The system will now install your selected software, as well as other system components.
Finally, the install will finish. Remove the CD, and hit enter. The computer will reboot. If all goes well, you will be
presented with a screen that looks similar to the following:
Congratulations! You’ve just finished the hardest part. Ubuntu is now installed, and it is time to turn this computer into
a web server.
4. Update Your New Server
Before we go any further, we need to make sure your server is up-to-date. To do this, you need to login. First, type your username
(the one you chose earlier), press enter, and then type your password. As you’re typing your password, you’ll notice that nothing
seems to be happening. Don’t worry, that’s the way it was designed to work. After you’ve finished typing your password, hit enter,
and your screen should look similar to the one below if all went well:
Now, type:
sudo aptitude update && sudo aptitude dist-upgrade
It will ask you for you password, and again, you won’t see anything as you’re typing it. After you’ve done that, it will ask you if
you want to continue. Type “y” and press enter. Your screen will look similar to the following:
Your system will now download and install all the latest updates. This will take a while depending on your internet connection. After
it has finished, your computer will need to be rebooted. To do this, type:
sudo shutdown -r now
And let it reboot. Your server is now completely updated.
5. Install Apache, MySQL, and PHP
It is now time to install some programs. In order to access your sites from the internet, we’re going to need to install a web server (Apache). In additon to the web server, we’ll
also want a database server (MySQL) and a server-side language (PHP) so that we can run popular applications such as WordPress. So,
let’s get to it!
Installing programs on Ubuntu is a lot different than installing programs on Windows or
OS X, in that Ubuntu will download and install the programs for you with a simple command. This is because Ubuntu has something called
a Package Manager, which manages nearly all the programs on your system. All we have to do is tell the package manager
(called “aptitude”) that we want it to install Apache, MySQL, and PHP. To do this, type the following command:
sudo aptitude install apache2 php5-mysql libapache2-mod-php5 mysql-server
And press enter. Aptitude will download and install of the programs you specified. It will also download and install any
dependencies.
During the install process, MySQL will ask you for a root password. You can set this to anything, just be sure you make it long and secure.
Whatever you do, DO NOT leave this blank.
After that has all finished, you now have a fully working web server. To test it out, first find your server’s IP by typing:
ifconfig | grep inet
It’s usually the first IP returned. In my case, it’s 192.168.177.129. Now that you know the IP, open your web browser and point it
to your server IP. If you see the “It works!” message, then congratulations, it works.
However, we’re not done yet. We don’t want Apache or PHP to disclose any information about themselves, as this information is not needed
by your users and could pose a security risk. First, back up the original Apache configuration file:
sudo cp /etc/apache2/apache2.conf /etc/apache2/apache2.conf.bak
Now open the configuration file:
sudo nano /etc/apache2/apache2.conf
Scroll down (down arrow) to where it says “ServerTokens Full” and change it to read “ServerTokens Prod”
Now, scroll down a little further and change “ServerSignature On” to “ServerSignature Off”
Finally, press Control-O followed by Control-X. That will save the file and exit the text editor.
Now, we need to do the same thing for PHP. First, back up the original PHP configuration file:
sudo cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.ini.bak
Open the configuration file:
sudo nano /etc/php5/apache2/php.ini
Change “expose_php = On” to “expose_php = Off”
Again, press Control-O followed by Control-X. Now that the configuration files are updated, restart Apache:
sudo /etc/init.d/apache2 restart
You are done setting up Apache, MySQL, and PHP.
6. Install a Firewall
We now are going to lock down our server a bit more by installing Shorewall, a command-line firewall. To install it:
sudo aptitude install shorewall
By default, Shorewall is installed with no rules, allowing complete access. However, this is not the behavior we want.
Instead, we’re going to block all connections to anything other than port 80 (HTTP) and port 22 (SSH). First, copy the configuration
files to the Shorewall directory:
sudo cp /usr/share/doc/shorewall-common/examples/one-interface/* /etc/shorewall/
Now, open the “rules” file:
sudo nano /etc/shorewall/rules
Add these lines above where it says “#LAST LINE”
HTTP/ACCEPT net $FW
SSH/ACCEPT net $FW
Then press Control-O and Control-X. Your firewall is now configured to only accept HTTP and SSH traffic. The last thing we need to
do is tell Shorewall to start on boot. So, open up the main Shorewall configuration file:
sudo nano /etc/shorewall/shorewall.conf
Scroll down to “STARTUP_ENABLED=No” and set it to “STARTUP_ENABLED=Yes”
Press Control-O and Control-X. Now, open the Shorewall default configuration file:
sudo nano /etc/default/shorewall
And change “startup=0″ to “startup=1″. Press Control-O and Control-X. Finally, start your firewall:
sudo /etc/init.d/shorewall start
Congratulations! Your firewall is now set up and protecting your server.
7. Add Your Website to Your Web Server
Now that you’ve got everything all set up, you’d probably like to add a website to it. By default, all of the files Apache serves
up to the internet are located at “/var/www/”. However, you cannot write to this folder. Let’s make it so you can:
sudo usermod -g www-data [YOUR USERNAME]
sudo chown -R www-data:www-data /var/www
sudo chmod -R 775 /var/www
What happened there was you added yourself to the “www-data” group, and made the website folder writable to the members of the “www-data”
group.
Cheers !!
You now have a completely functioning web server. It makes for a great testing ground, and would even be suitable to host websites with fairly
low traffic. There is obviously a lot left to be learned, but hopefully you have gained a little insight into how web servers work.