From Windows to a Debian GNU/Linux desktop, sans the geekness
The Original - since June 2006 - Run Debian GNU/Linux and be Happy.
Spanky writes:
"Thank God for Debian or we'd have no real option."
I was thinking the very same thing.
 

this site  web    
The Goods
Home Page
Forum
debiantutorials.org Licensing
Website Disclaimer
Site Map
Links
w32codecs
How to really switch Mom to Linux
Documentation
Release Notes
Developers Reference
Debian Survival Guide
Debian Books
Manuals
Debian Security
Linux Dictionary
Debian "Testing"
Leaving Windows
Resize Windows Partition for Dual-Booting
Back up your Partitions, Imaging
Still Suffering Windows
Keep your Money, your Sanity and your Self-Respect
Installing Debian Etch
Debian GNU/Linux (Etch) Installation Tutorial
My Etch Desktop in 150 words or Less
Upgrade Sarge to Etch
Configure Debian Etch
Multimedia on Debian Etch
Install nVIDIA 3d driver on Debian Etch
Wireless on Debian Etch: Broadcom - bcm43xx
Klikit, Klikit good
Handy Little Things
Package Management
Peripherals & Debian Etch
Set up your web cam on Debian Etch
Printing in Debian (Browsers, too)
Your ipod on Debian Etch
Atheros Wireless
Broadcom Wireless
Etch on the Desktop
Visitors apache log reader
Andrea del Sarto
(Poetry snippet for your Ignorant Ass)
Beagle on Debian Etch
Convert Digital Camera .mov Files
Some Debian Etch System Files
My Debian Desktop
Using wget
Copying or Ripping DVD's in Linux (Debian)
Reset root password
So, you want to run Linux
Convert mov files
Securing Debian
Password Protect Grub Boot Loader
Debian Etch as Server
Debian Linux file and print server: NFS, CUPS, LPR
Stream your music with gnump3d
Simple local web server on Etch
Web Server on Debian Etch
Miscellaneous Linux
Linux Conventions
Can People read my Documents?
Install Software on your Linux System (Debian)
Partition your Hard Drive
History of debiantutorials.org
A School Without Windows (PDF)
How to talk to Tech Support
Linux Demystified
Off Topic
A DRM Dissertation
An Artist's take on Downloading Music
An Insane and Damaging lack of Understanding
On Children and Drugs
On Visitor Q
Intellectualism for the Masses
debiantutorials.org stats
Smart Crows
How old are We?
Why we run Debian
How not to ask an egomaniac like myself for an article
Sarge Specific Tutorials
Installing Debian Sarge, net install, no DHCP
Easy Graphical Sarge Installation Tutorial
Rebuilding my Debian Sarge Machine
Multimedia for Sarge
w32codecs
nVIDIA on Sarge
Trouble Burning discs: cdrecord
Athcool on Debian Sarge
Where are my Newly Installed Apps?
Easy LAMP on Debian Sarge
Archive
Sites Worth a Look
Debian Mailing List
spidercider
Linux Comparison at PolishLinux.org
Thin Clients
Common Commands
Common iptables Filtering
iwouldntsteal.net
Big-Ass iptables info Page
iptables Port Reference
README: Firewall
General Security Tips
Newbie Security
Kickass RFC's
Data Breaches
Hemp Seed Oil
linux-hardcore.com
Search for a local Computer Tech
Evelyn's Linux Cheat Sheet
Lotsa (687) Linux Commands

Favorite Utilities

Super Grub Disc
System Rescue Disc
News Feeds
visitors run
operating system
Linux
Windows
Mac
Unknown
BSD 		53.3 %
42.2 %
2.10 %
1.90 %
0.10 %

web browser
Firefox
Mozilla
IE
Opera
Epiphany
 41.9 %
22.0 %
21.9 %
4.30 %
3.60 %
updated 22jun08
What's Root?
Root is the super-ultra-mega. All system commands on a Linux box need to be done as root. This means installing software and changing files not in your /home directory, etc. In your terminal, if you're logged in already become root by typing su at your $ prompt, then the root password. Log in the system directly as root from a terminal, but not the graphical login. # shows root.
dediantutorials.org is ad-free
debiantutorials.org has always been and will always remain ad-free I make no unrealistic demands that you "owe me for my time and bandwidth" in order to use my site. I detest all those scumbags out there that think that they are owed something for putting a web site up. I do debiantutorials.org because I love it. You owe me nothing.
If you can walk and chew gum at the same time, you can run Linux
We have 7 guests online

    Wednesday, July 23, 2008      Contact  Etch Info  what's new in Etch  Linux Demystified  Our Forum
LAMP Stack: Run a web server on Debian Etch PDF Print E-mail
Your home LAN
Written by Administrator   
Monday, 23 July 2007
Setting up a LAMP stack on Debian is "wicked easy". In this tutorial I dispense with the usual blah, blah, blah and get right to the meat. Also, we'll be setting up ssl so we'll have encryption, and we'll be using different rules for the way our port 80 virtual server works as well as port 443. Maintaining to tradition of tutorials here at "debtoots" I do bounce around a bit forcing you to read the whole tutorial first (I'm cool like that). You could have a web server running in as little as 15 minutes, and most of that is typing time or downloading time. Check this for a simple local web server.

WARNING:

As a commenter has pointed out, this tutorial leaves a little up to you to figure out. If you have zero knowledge then you might want to seek assistance elsewhere. I will be writing a more detailed tutorial very soon that will endeavor to explain more about DNS and I'll add more on security.

We'll be doing everything form the command line in this tutorial because it's so quick and easy this way. If you need to install Etch first, go ahead, I'll wait the 10 minutes. Keep it simple, don't install anything but the base system. Don't forget to have your /etc/apt/sources.list repos all set. I like to add the mod-security repo to my sources.list file...because I use it. You should, too. Add the following repository to your list:
deb http://etc.inittab.org/~agi/debian/libapache-mod-security/etch ./ (don't worry about the key warning)

My web server doubles as an NFS server as well and is pretty bare. No audio, no nvidia setup, no desktop. Just a plain server box serving stuff up on my LAN. Let's begin.

Everyone should be at the root terminal right now...You are either working on your server box directly or you are ssh'd in.

#apt-get update

I like to install all the LAMP components in a certain order. First up: MySQL

#apt-get install mysql-server mysql-client libmysqlclient15-dev

Immediately following the MySQL install you need to set a password.

#mysqladmin -u root password <PASSWORD>

Next up comes Apache2

#apt-get install apache2 apache2-doc apache2-mpm-prefork apache2-utils libexpat1 ssl-cert

See how easy? Finally we install php5

#apt-get install libapache2-mod-php5 php5 php5-common php5-curl php5-dev php5-gd php5-idn php-pear php5-imagick php5-mcrypt php5-mysql php5-ps php5-pspell php5-recode php5-xsl

Now, there are all kinds of crazy things that you can install to make php do marvelous things. The above list is pretty complete, but if you know that you need something else, have at it.

You now what? While we're at it, how 'bout we go ahead and install phpmyadmin as well. It does make things easier -- although I get a certain sense of "that's cool" when running MySQL from the command line. All 3 things that I know -- LOL.

#apt-get install phpmyadmin

I like to install a couple more things as well.

#apt-get install munin munin-node webalizer apachetop

Munin has nothing to do with Apache per say, it monitors the machine. Feel free to install your favorites, they are probably in Debian repos anyway.

After we've got everything installed (which was cake, wasn't it?) we can now start configuring the components. MySQL is all set as is. However if you know that you need to mod my.cnf then go ahead. Like, for allowing MySQL to listen on all addresses. What I do first is allow php to work with MySQL.

#nano /etc/php5/apache2/php.ini

ctrl+w in nano will search, so go ahead and search for "mysql". You'll find the following

; Example lines:

;extension=mysql.so
;extension=gd.so

Those semi-colons are comments so go ahead and delete them, both - from the gd line as well. Save and close nano but don't restart Apache2 just yet. We need to do a little more tweaking.

READ: you don't have to do this. Your server is set up now and is ready for use. If you're just playing with a web server for the first time and serving up a site to your machine only or maybe a document repository on your local network, then you can leave the rest of this tutorial alone and run

#/etc/init.d/apache2 restart

right now. Otherwise...

On to Apache2. As I wrote earlier we'll be using different rules for how regular sites work (http - port 80) and how encrypted sites (https - port 443) work. This means minimal changes to apache2.conf and instead we set up rules for virtual servers in a different file. Security wise it's a good idea not to give too much information away about the software that you're running. It's pretty easy to narrow exploits or attack vectors when a bad-guy knows what versions of software you are running. So we hide that. Go ahead and

#nano /etc/apache2/apache2.conf

We're only changing 1 thing here, so ctrl+w to search for it. Find ServerTokens. You'll see that it reads

ServerTokens Full

Change the full to Prod. Save and close the file. We are going to turn off Server Signature as well, but this is done elsewhere.

Now we'll tell Apache to listen on port 443 (encryption) in addition to port 80.

#nano /etc/apache2/ports.conf

See how it reads Listen 80? Add Listen 443 beneath that line, save and close the file.

Let's go ahead and create a security certificate for your server now. This is a piece of cake on your Linux machine.

#openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/sitecert.pem -keyout /etc/apache2/sitecert.pem

You can call your certificate whatever you like. I just use "sitecert".

Following, let's protect that certificate...

#chmod 600 /etc/apache2/sitecert.pem

We're almost finished. I mentioned earlier that I set up different rules for how my regular sites and encrypted ones work. This is done in /etc/apache2/sites-enabled/000-default. Apache2 has a function server-status that I like to use, but only on my machine on my LAN, and only encrypted (originally just for this exercise). I allow this in the virtual server settings for my encrypted sites. I also have slightly different rules for what I allow on my regular sites -- port 80. See the following contents of my 000-default file. 

NameVirtualHost *:80
<VirtualHost *:80>
        ServerAdmin root@localhost
        DocumentRoot /var/www/
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride All
                Order allow,deny
                allow from 192.168.0.1/8
                # This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
                RedirectMatch ^/$ /apache2-default/
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined
        ServerSignature Off
    Alias /doc/ "/usr/share/doc/"
   <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>
</VirtualHost>

NameVirtualHost *:443
ServerSignature Off
ExtendedStatus On
<VirtualHost *:443>
ServerAdmin root@localhost
SSLEngine on
SSLCertificateFile /etc/apache2/sitecert.pem
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
RedirectMatch ^/$ /apache2-default/
</Directory>
<Location /server-status>
SetHandler server-status
Order deny,allow
Allow from crumbly.home.org
Allow from 192.168.0.102
Allow from 192.168.0.103
</Location>
</VirtualHost>

Some of you may be able to tell from this configuration that I allow .htaccess overrides on my port 80 sites and not on my port 443 sites. I do this so I can enable SEO, or, URLs without special characters. You can see that I allow overrides to all computers on my LAN. Apache uses mod_rewrite for this and since we're at this point, basically finished, we can enable the mods that we want running in Apache.

a2enmod suexec
a2enmod rewrite
a2enmod include
a2enmod ssl

If you want to use server-status like I do, then you can

#a2enmod info

You can disable mods just as easily: a2dismod.

Go ahead and make your modifications to the 000-default file. Save and close the file.

Now you can

#/etc/init.d/apache2 force-reload

visit Your server now: if on your regular machine just point your browser to http://127.0.0.1 and you'll see a default Apache page. If you set this machine up as a web server to your LAN then pick a machine on your LAN and goto your new server install - http://server.domain.

You can read up on how I try to scare people away from starting websites at my friend's Xmodfree Forum here I don't really try to scare potential web site owners away so much as give them some cold-hard-facts. In my regular crotchety manner.

--machiner 12 may 07, finally published 23 July 2007




Reddit!Del.icio.us!Facebook!Slashdot!Netscape!Technorati!StumbleUpon!Newsvine!Furl!Yahoo!Ma.gnolia!Free social bookmarking plugins and extensions for Joomla! websites!
Trackback(0)
Comments (6)Add Comment
not step by step
written by 'Guest', July 23, 2007
but it works out anyway.

thanks
dadada! good work
written by 'Guest', October 20, 2007
Thanks, this is goooooooooooood!
Holy Shit
written by 'Guest', November 08, 2007
After a terribly long night which included disk failure, power supply failure, and a good bit of swearing at various machines, this page saved my ass. Once I got all of our mid-90\'s hardware back up and stumbling along, I got red hat 6 removed and Etch installed in about 20 minutes thanks to your tutorial.

Thank you. Rock on.

RPG/EMPulse Records
gr8
written by 'Guest', December 05, 2007
it is perfect! Well done
thanks
written by 'Guest', December 06, 2007
I was trying to set up a web server at my work for publishing our web site. In the same time we will try a php based homework web page which contain homeworks stundents can make search and find their homeworks. I tried to install it along a week. Yes I installed but there is a problem when we use the static ip. Computer which I installed Debian has two ethernet eth0, and eth1. This cause problems. If I solve that we will publish our sites. I hope that I can find good tutorial for such kind of things. Thank you again.

EDIT Piece of cake. contact me, include your email address - we'll get you fishing in no time./EDIT

...
written by guest, February 10, 2008
This was great, but I ran into problems. I get an error message when calling https://192.168.1.110/phpmyadmin
error code 12263
I googled that to find:
SSL_ERROR_RX_RECORD_TOO_LONG

"SSL received a record that exceeded the maximum permissible length."

This generally indicates that the remote peer system has a flawed implementation of SSL, and is violating the SSL specification.


I tried the apache default page,with the same results. Any Ideas off the top of your head?

Write comment

security code
Write the displayed characters


busy
 
Linux Stuff at digg
How folks arrive at debtoots

direct Address/bookmarks...............79.1 % (woohoo!)
Links from search engines...............17.9 %
links from external pages.................2.70 %
Updated 22jun08
Creative Commons License © debiantutorials.org Thanks for dropping by. I hope you have found this site to be helpful.   Search for a local Computer Tech  debiantutorials.org