We are continuing to work with our Raspberry Pi installation, and today’s plan is to set up LAMP.
General disclaimer applies, no liability will be accepted for any loss or damage, use at your own risk and do frequent backups!
Install and Configure LAMP
The packages we need to install:
# pacman -S apache mariadb php php-apache php-gd php-intl php-xcache
As you may already know, the MySQL implementation chosen by Arch Linux is called MariaDB.
Configure MySQL
Start MySQL daemon with:
# /usr/bin/mysqld_safe --datadir='/var/lib/mysql' &
To add a password for root user, remove the test databases and anonymous user created by default, we will run the setup script:
# /usr/bin/mysql_secure_installation
Enable MySQL daemon to start on boot:
# systemctl enable mysqld.service
MySQL server is accessible from the network by default what enables remote access and is not required in our particular case. Since MySQL is only needed for the localhost, we can improve security by disabling listening on TCP port 3306.
# netstat -nlp | grep -i mysql tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2796/mysqld unix 2 [ ACC ] STREAM LISTENING 10396 2796/mysqld /run/mysqld/mysqld.sock
To refuse remote connections, we need to open:
# vim /etc/mysql/my.cnf
And uncomment the following line:
skip-networking
We will still be able to log in from the localhost – that’s all we actually need. Restart MySQL server:
# systemctl restart mysqld
Check that MySQL is no longer listening on a TCP port:
# netstat -nlp | grep mysql unix 2 [ ACC ] STREAM LISTENING 10647 2855/mysqld /run/mysqld/mysqld.sock
It isn’t, excellent.
Configure Apache2
Open the configuration file:
# vim /etc/httpd/conf/httpd.conf
And change the following settings:
User http Group http ServerAdmin [email protected] ServerName localhost:80
Remove Indexes from <Directory “/srv/http”> section. Open:
# vim /etc/httpd/conf/extra/httpd-default.conf
And turn off our server’s signature as well as hide server’s information:
ServerSignature Off ServerTokens Prod
Enable and start the service appropriately:
# systemctl enable httpd # systemctl start httpd
Run a configtest to check for any configuration errors:
# apachectl configtest Syntax OK
Configure SSL
Create a self-signed certificate (you can change the key size and the number of days of validity):
# cd /etc/httpd/conf # openssl genrsa -out server.key 2048 # chmod 0600 server.key # openssl req -new -key server.key -out server.csr # openssl x509 -req -days 1825 -sha256 -in server.csr -signkey server.key \ -out server.crt
Then, open:
# vim /etc/httpd/conf/httpd.conf
Uncomment the line containing:
Include conf/extra/httpd-ssl.conf
Restart Apache to pick up changes:
# systemctl restart httpd
Configure PHP
Open Apache config file again:
# vim /etc/httpd/conf/httpd.conf
Add the following lines anywhere after LoadModule dir_module modules/mod_dir.so:
LoadModule php5_module modules/libphp5.so
Place this line at the end of the Include list:
Include conf/extra/php5_module.conf
Make sure that the following line is uncommented in the <IfModule mime_module> section:
TypesConfig conf/mime.types
Also uncomment the following line:
MIMEMagicFile conf/magic
Add this line to /etc/httpd/conf/mime.types:
application/x-httpd-php php php5
Open PHP configuration file:
# vim /etc/php/php.ini
Add:
date.timezone = Europe/London
Also uncomment the following extensions:
extension=gd.so extension=intl.so extension=xcache.so extension=mysql.so
Restart Apache daemon:
# systemctl restart httpd
We can no proceed with Mediawiki installation.