| copyright | lastupdated | ||
|---|---|---|---|
|
2018-11-14 |
{:shortdesc: .shortdesc} {:new_window: target="_blank"} {:codeblock: .codeblock} {:screen: .screen} {:tip: .tip} {:pre: .pre}
This tutorial walks you through the creation of an Ubuntu Linux virtual server with Apache web server, MySQL database and PHP scripting. This combination of software - more commonly called a LAMP stack - is very popular and often used to deliver websites and web applications. Using {{site.data.keyword.BluVirtServers}} you will quickly deploy your LAMP stack with built-in monitoring and vulnerability scanning. To see the LAMP server in action, you will install and configure the free and open source WordPress content management system.
- Provision a LAMP server in minutes
- Apply the latest Apache, MySQL and PHP version
- Host a website or blog by installing and configuring WordPress
- Utilize monitoring to detect outages and slow performance
- Assess vulnerabilities and protect from unwanted traffic
This tutorial uses the following runtimes and services:
This tutorial may incur costs. Use the Pricing Calculator to generate a cost estimate based on your projected usage.
- End user accesses the LAMP server and applications using a web browser
{: #prereqs}
- Contact your infrastructure administrator to get the following permissions.
- Network permission required to complete the Public and Private Network Uplink
-
Ensure your VPN Access is enabled.
You should be a Master User to enable VPN access or contact master user for access. {:tip}
-
Obtain your VPN Access credentials in your profile page.
-
Log in to the VPN through the web interface or use a VPN client for Linux, macOS or Windows.
For the VPN client use the FQDN of a single data center VPN access point from the VPN web access page, of the form vpn.xxxnn.softlayer.com as the Gateway address. {:tip}
In this section, you will provision a public virtual server with a fixed configuration. {{site.data.keyword.BluVirtServers_short}} can be deployed in a matter of minutes from virtual server images in specific geographic locations. Virtual servers often address peaks in demand after which they can be suspended or powered down so that the cloud environment perfectly fits your infrastructure needs.
- In your browser, access the {{site.data.keyword.BluVirtServers_short}} catalog page.
- Select Public Virtual Server and click Create.
- Under Image, select LAMP latest version under Ubuntu. Even though this comes pre-installed with Apache, MySQL and PHP, you'll re-install PHP and MySQL with the latest version.
- Under Network Interface select the Public and Private Network Uplink option.
- Review the other configuration options and click Provision to create your virtual server.
After the server is created, you'll see the server login credentials. Although you can connect through SSH using the server public IP address, it is recommended to access the server through the Private Network and to disable SSH access on the public network.
- Follow these steps to secure the virtual machine and to disable SSH access on the public network.
- Using your username, password and private IP address, connect to the server with SSH.
{: pre}
sudo ssh root@<Private-IP-Address>
You can find the server's private IP address and password in the dashboard. {:tip}
It's advised to update the LAMP stack with the latest security patches and bug fixes periodically. In this section, you'll run commands to update Ubuntu package sources and re-install Apache, MySQL and PHP with latest version. Note the caret (^) at the end of the command.
sudo apt update && sudo apt install lamp-server^{: pre}
An alternative option is to upgrade all packages with sudo apt-get update && sudo apt-get dist-upgrade.
{:tip}
In this section, you'll verify that Apache, MySQL and PHP are up to date and running on the Ubuntu image. You'll also implement the recommended security settings for MySQL.
- Verify Ubuntu by opening the public IP address in the browser. You should see the Ubuntu welcome page.
- Verify port 80 is available for web traffic by running the following command.
{: pre}
sudo netstat -ntlp | grep LISTEN
- Review the Apache, MySQL and PHP versions installed by using the following commands.
apache2 -v{: pre}
mysql -V{: pre}
php -v{: pre} 4. Run the following script to secure the MySQL database.
mysql_secure_installation{: pre}
5. Enter the MySQL root password and configure the security settings for your environment. When you're done, exit the mysql prompt by typing \q.
mysql -u root -p{: pre}
The MySQL default user name and password is root and root. {:tip} 6. Additionally you can quickly create a PHP info page with the following command.
sudo sh -c 'echo "<?php phpinfo(); ?>" > /var/www/html/info.php'{: pre}
7. View the PHP info page you created: open a browser and go to http://{YourPublicIPAddress}/info.php. Substitute the public IP address of your virtual server. It will look similar to the following image.
Experience your LAMP stack by installing an application. The following steps install the open source WordPress platform, which is often used to create websites and blogs. For more information and settings for production installation, see the WordPress documentation.
- Run the following command to install WordPress.
{: pre}
sudo apt install wordpress
- Configure WordPress to use MySQL and PHP. Run the following command to open a text editor and create the file
/etc/wordpress/config-localhost.php.{: pre}sudo sensible-editor /etc/wordpress/config-localhost.php
- Copy the following lines to the file substituting yourPassword with your MySQL database password and leaving the other values unchanged. Save and exit the file using
Ctrl+X.{: pre}<?php define('DB_NAME', 'wordpress'); define('DB_USER', 'wordpress'); define('DB_PASSWORD', 'yourPassword'); define('DB_HOST', 'localhost'); define('WP_CONTENT_DIR', '/usr/share/wordpress/wp-content'); ?>
- In a working directory, create a text file
wordpress.sqlto configure the WordPress database.{: pre}sudo sensible-editor wordpress.sql
- Add the following commands substituting your database password for yourPassword and leaving the other values unchanged. Then save the file.
{: pre}
CREATE DATABASE wordpress; GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP,ALTER ON wordpress.* TO wordpress@localhost IDENTIFIED BY 'yourPassword'; FLUSH PRIVILEGES;
- Run the following command to create the database.
{: pre}
cat wordpress.sql | sudo mysql --defaults-extra-file=/etc/mysql/debian.cnf - After the command completes, delete the file
wordpress.sql. Move the WordPress installation to the web server document root.{: pre}sudo ln -s /usr/share/wordpress /var/www/html/wordpress sudo mv /etc/wordpress/config-localhost.php /etc/wordpress/config-default.php
- Complete the WordPress setup and publish on the platform. Open a browser and go to
http://{yourVMPublicIPAddress}/wordpress. Substitute the public IP address of your VM. It should look similar to the following image.
To use an existing domain name with your LAMP server, update the A record to point to the virtual server's public IP address. You can view the server's public IP address from the dashboard.
To ensure server availability and the best user experience, monitoring should be enabled on every production server. In this section, you'll explore the options that are available to monitor your virtual server and understand the usage of the server at any given time.
Two basic monitoring types are available: SERVICE PING and SLOW PING.
- SERVICE PING checks that server response time is equal to 1 second or less
- SLOW PING checks that server response time is equal to 5 seconds or less
Since SERVICE PING is added by default, add SLOW PING monitoring with the following steps.
- From the dashboard, select your server from the list of devices and then click the Monitoring tab.
- Click Manage Monitors.
- Add the SLOW PING monitoring option and click Add Monitor. Select your public IP address for the IP address.
Note: Duplicate monitors with the same configurations are not allowed. Only one monitor per configuration can be created.
If a response is not received in the allotted time frame, an alert is sent to the email address on the {{site.data.keyword.Bluemix_notm}} account.
Select the Usage tab to understand the current server's memory and CPU usage.
{{site.data.keyword.BluVirtServers}} provide several security options such as vulnerability scanning and add-on firewalls.
The vulnerability scanner scans the server for any vulnerabilities related to the server. To run a vulnerability scan on the server follow the steps below.
- From the dashboard, select your server and then click the Security tab.
- Click Scan to start the scan.
- After the scan completes, click Scan Complete to view the scan report.
- Review any reported vulnerabilities.
Another way to secure the server is by adding a firewall. Firewalls provide an essential security layer: preventing unwanted traffic from hitting your servers, reducing the likelihood of an attack and allowing your server resources to be dedicated for their intended use. Firewall options are provisioned on demand without service interruptions.
Firewalls are available as an add-on feature for all servers on the Infrastructure public network. As part of the ordering process, you can select device-specific hardware or a software firewall to provide protection. Alternatively, you can deploy dedicated firewall appliances to the environment and deploy the virtual server to a protected VLAN. For more information, see Firewalls.
To remove your virtual server, complete the following steps.
- Log in to the {{site.data.keyword.slportal}}.
- From the Devices menu, select Device List.
- Click Actions for the virtual server you want to remove and select Cancel.