Install Apache + PHP + Mysql under Ubuntu

2. First logon
   Open the terminal in the local device, execute the SSH command, log on to the server.
   ssh [email protected]
   Enter the root user password and press ENTER to confirm.

4. Upgrade software
   To ensure that the default software in the operating system has the latest updates and patches installed, we need to upgrade the system software. In the terminal, enter:
   apt-get update
apt-get upgraded

6. Install PHP
   #确保操作系统中有add-apt-repository, this command installs the Software-properties-common package that contains the add-apt-repository binaries. Now it's time to add a custom PPA.
   sudo apt-get install software-properties-common

   #添加ppa: ondrej/php5-5.6 PPA
   sudo add-apt-repository ppa:ondrej/php5-5.6

   #ubuntu会缓存所有可用的软件, so when you add a new software source, you refresh the cache
   sudo apt-get update

   #安装PHP
   sudo apt-get install php5

   #安装apache2
   sudo apt-get install apache2

   #libapache2-MOD-PHP5 is designed to allow Apache to support PHP5
   sudo apt-get install libapache2-mod-php5

   #可选, open the GD library support, such as WordPress upload images need GD library.
   sudo apt-get install php5-gd

   #enable Rewrite module
   sudo a2enmod rewrite

   #重启apache2
   sudo service apache2 restart

7. Configure Apache (enable HTTPS only)

   • Copy the WWW.TEST.COM.CRT certificate to the/etc/ssl/certs/folder

   • Copy the key www.test.com.key to/etc/ssl/private/ folder under

   • Copy the ROOT_BUNDLE.CRT to the/etc/ssl/certs/folder

   Create a Test-ssl.config file under the-available folder
   cd/etc/apache2/sites-available
Touch test-ssl.config The
   copies the following to the Test-ssl.config file.
   <virtualhost *:443>
ServerAdmin www.test.com
ServerName www.test.com
documentroot/var/ Www/test
Errorlog/var/www/logs/error.log
Customlog/var/www/logs/access.log
Combined
Sslengine on
Sslprotocol all-sslv2-sslv3
Sslhonorcipherorder on
sslciphersuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM eecdh+ecdsa+sha384 eecdh+ecdsa+sha256 eecdh+arsa+sha384 eecdh+arsa+sha256 eecdh+arsa+rc4 EECDH EDH+aRSA RC4!aNULL! Enull! Low!3des! MD5! Exp! Psk! SRP! Dss! RC4 "
Sslcertificatefile/etc/ssl/certs/www.test.com.crt
sslcertificatekeyfile/etc/ssl/private/ Www.test.com.key
Sslcertificatechainfile/etc/ssl/certs/root_bundle.crt
</virtualhost>
   If you just turn on HTTP, you can name the file Test.config, the port is changed to 80 or other required ports, and the config file does not require sslengine on the settings below.

   #重启apache2
   sudo service apache2 restart

9. Non-root users
   We need to create a non-root user to enhance the security of the server. We should try to make it impossible for others to access the server because the root user has super privileges in the server and can execute any command.
   #创建非根用户
   adduser deploy
   #把deploy用户加入sudo用户组, let the deploy user have sudo permissions so that the # tasks requiring special permissions can be performed after password authentication.
   usermod –a –G sudo deploy

11. SSH Key pair Authentication
    The local device execution can execute the following command to log on to the server as a non-root user:
    ssh [email protected]
    This command will ask you to enter the password of the deploy user and then log on to the server. Because password authentication is subject to brute force attacks, SSH login servers should be authenticated using an SSH key pair.
    Execute the following command on the local device to generate the ~/.ssh/id_rsa.pub (public key) and ~/.ssh/id_rsa (private key).
    ssh-keygen
    The private key is saved locally, and the public key is copied to the server:
    #注意, the last colon must have
    scp ~/.ssh/id_rsa.pub [email protected]:
    Log on to the server, make sure that the ~/.ssh folder exists, and if it does not, execute the following command to create the ~/.ssh folder.
    mkdir ~/.ssh
    #创建authorized_keys文件
    touch ~/.ssh/authorized_keys
    #该文件的内容是一系列登录这台远程服务器的公钥, execute the following command to add the newly uploaded public key to the file
    cat ~/id_rsa.pub>> ~/.ssh/authorized_keys

13. Disable password, prevent root user from logging in
    Open the/etc/ssh/sshd_config file in a text editor, locate the Permitrootlogin setting, and change its value to No. Look for the Passwordauthentication setting and change its value to No. Enter the following command in the Terminal window to make the change effective:
    sudo service ssh restart

Install Apache + PHP + Mysql under Ubuntu