How To Install LAMP Stack on CentOS Stream 10

In this tutorial, we will show you how to install LAMP Stack on CentOS Stream 10. Setting up a robust web server environment is crucial for developers and system administrators alike. The LAMP stack, consisting of Linux, Apache, MySQL (or MariaDB), and PHP, has long been a popular choice for hosting dynamic websites and web applications. In this comprehensive guide, we’ll walk you through the process of installing and configuring a LAMP stack on CentOS Stream 10, the latest rolling-release version of CentOS.

Introduction

The LAMP stack is a powerful combination of open-source software that forms the backbone of many web applications. Let’s break down the components:

• Linux: The operating system (CentOS Stream 10 in our case)
• Apache: The web server
• MariaDB: The database management system (a fork of MySQL)
• PHP: The server-side scripting language

CentOS Stream 10 offers a stable yet cutting-edge platform for your LAMP stack. Its rolling-release model ensures you have access to the latest features and security updates, making it an excellent choice for modern web development environments.

Prerequisites

Before we dive into the installation process, ensure you have the following:

• A CentOS Stream 10 server with at least 2GB RAM and 20GB storage
• Root access or a user with sudo privileges
• Basic familiarity with the Linux command line
• A stable internet connection for downloading packages

It’s crucial to have these prerequisites in place to ensure a smooth installation process. If you’re using a cloud provider, make sure your instance meets these minimum requirements.

Server Preparation

Let’s start by updating your system and configuring essential settings:

1. Update Your System

First, ensure your system is up to date:

sudo dnf update -y

This command updates all installed packages to their latest versions, ensuring you have the most recent security patches and features.

2. Configure Firewall

CentOS Stream 10 uses firewalld by default. Let’s open the necessary ports:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

These commands allow incoming HTTP and HTTPS traffic through the firewall.

3. SELinux Considerations

SELinux is enabled by default on CentOS Stream 10. For now, we’ll keep it in enforcing mode, but you may need to adjust SELinux policies later if you encounter permission issues:

sudo sestatus

This command displays the current SELinux status. If you need to temporarily disable SELinux for troubleshooting, you can use:

sudo setenforce 0

Remember to re-enable it with sudo setenforce 1 after troubleshooting.

4. Verify Network Settings

Ensure your network is properly configured:

ip addr show
ping -c 4 google.com

These commands display your network interfaces and test internet connectivity.

Apache Installation and Configuration

Apache is the web server component of our LAMP stack. Let’s install and configure it:

1. Install Apache

sudo dnf install httpd -y

This command installs the Apache web server package.

2. Start and Enable Apache

sudo systemctl start httpd
sudo systemctl enable httpd

These commands start the Apache service and enable it to start automatically on system boot.

3. Configure Virtual Hosts

Create a new virtual host configuration file:

sudo nano /etc/httpd/conf.d/example.com.conf

Add the following content, replacing example.com with your domain name:

<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com
    ErrorLog /var/log/httpd/example.com-error.log
    CustomLog /var/log/httpd/example.com-access.log combined
</VirtualHost>

Create the document root directory:

sudo mkdir -p /var/www/example.com
sudo chown -R apache:apache /var/www/example.com
sudo chmod -R 755 /var/www/example.com

4. Test Apache Installation

Create a test HTML file:

echo "<h1>Welcome to example.com</h1>" | sudo tee /var/www/example.com/index.html

Restart Apache to apply changes:

sudo systemctl restart httpd

Now, open a web browser and navigate to your server’s IP address or domain name. You should see the welcome message.

5. Apache Security Best Practices

• Disable directory listing to prevent information disclosure
• Use mod_security to protect against common web attacks
• Regularly update Apache to patch security vulnerabilities
• Implement strong SSL/TLS configurations for HTTPS

MariaDB Installation and Setup

MariaDB is the database component of our LAMP stack. Let’s install and secure it:

1. Install MariaDB

sudo dnf install mariadb-server -y

2. Start and Enable MariaDB

sudo systemctl start mariadb
sudo systemctl enable mariadb

3. Secure MariaDB Installation

Run the security script:

sudo mysql_secure_installation

Follow the prompts to set a root password, remove anonymous users, disallow root login remotely, and remove the test database.

4. Optimize MariaDB

Edit the MariaDB configuration file:

sudo nano /etc/my.cnf.d/server.cnf

Add the following under the [mysqld] section:

innodb_buffer_pool_size = 256M
innodb_log_file_size = 64M
innodb_flush_log_at_trx_commit = 2
innodb_flush_method = O_DIRECT

These settings optimize MariaDB for better performance. Adjust values based on your server’s resources.

5. Create a Database and User

Log into MariaDB:

sudo mysql -u root -p

Create a database and user:

CREATE DATABASE example_db;
CREATE USER 'example_user'@'localhost' IDENTIFIED BY 'strong_password';
GRANT ALL PRIVILEGES ON example_db.* TO 'example_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;

6. Configure Backups

Create a backup script:

sudo nano /usr/local/bin/backup_databases.sh

Add the following content:

#!/bin/bash
BACKUP_DIR="/var/backups/mysql"
MYSQL_USER="root"
MYSQL_PASSWORD="your_root_password"
DATABASES=$(mysql -u $MYSQL_USER -p$MYSQL_PASSWORD -e "SHOW DATABASES;" | grep -Ev "(Database|information_schema|performance_schema)")

mkdir -p $BACKUP_DIR

for db in $DATABASES; do
    mysqldump -u $MYSQL_USER -p$MYSQL_PASSWORD --databases $db | gzip > "$BACKUP_DIR/$db-$(date +%F).sql.gz"
done

Make the script executable and set up a cron job to run it daily:

sudo chmod +x /usr/local/bin/backup_databases.sh
echo "0 2 * * * root /usr/local/bin/backup_databases.sh" | sudo tee -a /etc/crontab

PHP Installation and Configuration

PHP is the scripting language that powers dynamic web applications. Let’s install and configure it:

1. Install PHP and Required Modules

sudo dnf install php php-cli php-fpm php-mysqlnd php-zip php-devel php-gd php-mcrypt php-mbstring php-curl php-xml php-pear php-bcmath php-json -y

This command installs PHP and common modules needed for web development.

2. Configure PHP-FPM

Edit the PHP-FPM configuration file:

sudo nano /etc/php-fpm.d/www.conf

Ensure the following lines are set:

user = apache
group = apache
listen = /run/php-fpm/www.sock
listen.owner = apache
listen.group = apache
listen.mode = 0660

3. Start and Enable PHP-FPM

sudo systemctl start php-fpm
sudo systemctl enable php-fpm

4. Optimize PHP Configuration

Edit the PHP configuration file:

sudo nano /etc/php.ini

Adjust the following settings for better performance and security:

memory_limit = 256M
max_execution_time = 60
max_input_time = 60
post_max_size = 32M
upload_max_filesize = 32M
expose_php = Off

5. Test PHP Installation

Create a PHP info file:

echo "<?php phpinfo(); ?>" | sudo tee /var/www/example.com/info.php

Access this file through your web browser (e.g., http://example.com/info.php) to verify PHP is working correctly. Remember to remove this file after testing for security reasons.

LAMP Stack Integration

Now that we have all components installed, let’s ensure they work together seamlessly:

1. Create a Test Database

Log into MariaDB and create a test table:

USE example_db;
CREATE TABLE test_table (id INT AUTO_INCREMENT PRIMARY KEY, name VARCHAR(50));
INSERT INTO test_table (name) VALUES ('LAMP Stack Test');
EXIT;

2. Create a PHP Test Page

Create a new PHP file to test database connectivity:

sudo nano /var/www/example.com/db_test.php

Add the following content:

<?php
$servername = "localhost";
$username = "example_user";
$password = "strong_password";
$dbname = "example_db";

$conn = new mysqli($servername, $username, $password, $dbname);

if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

$sql = "SELECT * FROM test_table";
$result = $conn->query($sql);

if ($result->num_rows > 0) {
    while($row = $result->fetch_assoc()) {
        echo "id: " . $row["id"]. " - Name: " . $row["name"]. "<br>";
    }
} else {
    echo "0 results";
}
$conn->close();
?>

3. Set Proper Permissions

Ensure Apache can read your web files:

sudo chown -R apache:apache /var/www/example.com
sudo chmod -R 755 /var/www/example.com

4. Test the Entire Stack

Access the db_test.php file through your web browser. If you see the test data, congratulations! Your LAMP stack is fully functional.

Security Considerations

Securing your LAMP stack is crucial. Here are some additional steps to enhance security:

1. Implement SSL/TLS

Use Let’s Encrypt to obtain free SSL certificates:

sudo dnf install epel-release
sudo dnf install certbot python3-certbot-apache
sudo certbot --apache

2. Harden Apache Configuration

Edit the main Apache configuration file:

sudo nano /etc/httpd/conf/httpd.conf

Add or modify the following lines:

ServerTokens Prod
ServerSignature Off
TraceEnable Off

3. Implement Fail2Ban

Install and configure Fail2Ban to protect against brute-force attacks:

sudo dnf install fail2ban
sudo systemctl start fail2ban
sudo systemctl enable fail2ban

Congratulations! You have successfully installed LAMP. Thanks for using this tutorial for installing the LAMP Stack on CentOS Stream 10 system. For additional help or useful information, we recommend you check the official CentOS website.