Install LAMP on Ubuntu or CentOS with firewall configuration

Getting started with Ubuntu

Install these packages if you are using Ubuntu. This article is based on Ubuntu 22.04 but the same process can also tried on other Debian-based distributions. You need to make sure your system is updated and upgraded using the below command:

sudo apt -y update && sudo apt -y upgrade

The above command might take some time because it will upgrade the system packages. After updating & upgrading, it would be better if you reboot the system.

Required packages for Ubuntu:

Packages required for Ubuntu are apache2 mysql-server php php-mysql. Install them using the command below:

sudo apt -y install apache2 mysql-server php php-mysql

After installing these required packages, you need to enable the mysql and apache service to start automatically on system reboot. Use the below command to achieve this:

sudo systemctl enable --now apache2 mysql

Firewall Configuration for Ubuntu

UFW comes pre-installed in most debian distributions as default firewall. There is a high probability that UFW in your Ubuntu system is already installed but it's not active. You can use sudo ufw status to check the status of your Firewall. If not installed, you can install it using sudo apt install ufw command. If it's inactive then you have to enable firewall using sudo ufw enable command.

By default, UFW allows all outgoing traffic and deny all incoming traffic. You can check your Firewall default policy using sudo ufw status verbose command.

However, while setting up a web server, we usually need to allow specific ports so that the web server can receive incoming traffic. Default port for HTTP is 80/tcp and for HTTPS is 443/tcp. We need to allow these ports in Firewall.

sudo ufw allow 80/tcp

sudo ufw allow 443/tcp

sudo ufw reload

Now that your LAMP stack is installed, the required services are enabled and UFW Firewall configuration is also done.

Gettting started with CentOS

Install these packages for CentOS. Make sure you perform a system update using sudo yum -y update before proceeding with this process. It would be better if you reboot the system after updating.

Required packages for CentOS:

Packages required for CentOS are httpd php-mysql php mariadb mariadb-server. Install them using the command below:

sudo yum -y install httpd php-mysql php mariadb-server mariadb

To start and enable Apache and MariaDB server, use sudo systemctl enable --now httpd mariadb command.

You might face some issues with the PHP being outdated in CentOS (non-subscription-based). To install the latest PHP version on CentOS 8 or 7, follow this article Latest PHP package for CentOS.

Firewall Configuration for CentOS:

Firewalld comes pre-installed in CentOS Linux. There is high probability that Firewalld in your CentOS system is not active. You can use sudo firewall-cmd --state command to check the status of your Firewall. If the firewall is not present in your system, install it using sudo yum -y install firewalld command. If it's inactive then enable it using sudo systemctl enable firewalld --now command.

By default, Firewalld allows all outgoing traffic and deny all incoming traffic. But for CentOS as web server, we need to allow specific ports to receive incoming traffic. These ports will be TCP port 80 for HTTP and TCP port 443 for HTTPS.

sudo firewall-cmd --permanent --add-port 80/tcp

sudo firewall-cmd --permanent --add-port 443/tcp

sudo firewall-cmd --reload

In CentOS, there is a security feature called SELinux. By default it's always in enforcing mode. If you want to use other than default ports, then ports 80, 81, 443, 488, 8008, 8009, 8443, 9000 are available for usage unless . You can specify these ports in your server's configuration file instead of 80 or 443. To use your custom port, you cannot use that without defining it in the SELinux policy first.