Install LAMP on Ubuntu or CentOS with firewall configuration

Created: Wed 22 Mar 2023 Updated: 8 months, 4 weeks ago


This tutorial will be focused on installing the LAMP stack (Linux Apache MySQL PHP) on Ubuntu and CentOS. The underlying process for both Ubuntu and CentOS or any other Linux distribution is somewhat similar except for the required packages.

Getting started with Ubuntu

Install these packages if you are using Ubuntu. This article is based on Ubuntu 22.04 but the same process can also tried on other Debian-based distributions. You need to make sure your system is updated and upgraded using the below command:

sudo apt -y update && sudo apt -y upgrade

The above command might take some time because it will upgrade the system packages. After updating & upgrading, it would be better if you reboot the system.

Required packages for Ubuntu:

Packages required for Ubuntu are apache2 mysql-server php php-mysql. Install them using the command below:

sudo apt -y install apache2 mysql-server php php-mysql

After installing these required packages, you need to enable the mysql and apache service to start automatically on system reboot. Use the below command to achieve this:

sudo systemctl enable --now apache2 mysql

Firewall Configuration for Ubuntu

UFW comes pre-installed in most debian distributions as default firewall. There is a high probability that UFW in your Ubuntu system is already installed but it's not active. You can use sudo ufw status to check the status of your Firewall. If not installed, you can install it using sudo apt install ufw command. If it's inactive then you have to enable firewall using sudo ufw enable command.

By default, UFW allows all outgoing traffic and deny all incoming traffic. You can check your Firewall default policy using sudo ufw status verbose command.

However, while setting up a web server, we usually need to allow specific ports so that the web server can receive incoming traffic. Default port for HTTP is 80/tcp and for HTTPS is 443/tcp. We need to allow these ports in Firewall.

To allow web-server ports in Firewall, use below commands:
sudo ufw allow 80/tcp

sudo ufw allow 443/tcp

sudo ufw reload

Now that your LAMP stack is installed, the required services are enabled and UFW Firewall configuration is also done.

Gettting started with CentOS

Install these packages for CentOS. Make sure you perform a system update using sudo yum -y update before proceeding with this process. It would be better if you reboot the system after updating.

Required packages for CentOS:

Packages required for CentOS are httpd php-mysql php mariadb mariadb-server. Install them using the command below:

sudo yum -y install httpd php-mysql php mariadb-server mariadb

To start and enable Apache and MariaDB server, use sudo systemctl enable --now httpd mariadb command.

You might face some issues with the PHP being outdated in CentOS (non-subscription-based). To install the latest PHP version on CentOS 8 or 7, follow this article Latest PHP package for CentOS.

Firewall Configuration for CentOS:

Firewalld comes pre-installed in CentOS Linux. There is high probability that Firewalld in your CentOS system is not active. You can use sudo firewall-cmd --state command to check the status of your Firewall. If the firewall is not present in your system, install it using sudo yum -y install firewalld command. If it's inactive then enable it using sudo systemctl enable firewalld --now command.

By default, Firewalld allows all outgoing traffic and deny all incoming traffic. But for CentOS as web server, we need to allow specific ports to receive incoming traffic. These ports will be TCP port 80 for HTTP and TCP port 443 for HTTPS.

To allow web-server ports in Firewall, use below commands:
sudo firewall-cmd --permanent --add-port 80/tcp

sudo firewall-cmd --permanent --add-port 443/tcp

sudo firewall-cmd --reload
Now Firewall will allow the web server's default ports for incoming traffic.

In CentOS, there is a security feature called SELinux. By default it's always in enforcing mode. If you want to use other than default ports, then ports 80, 81, 443, 488, 8008, 8009, 8443, 9000 are available for usage unless . You can specify these ports in your server's configuration file instead of 80 or 443. To use your custom port, you cannot use that without defining it in the SELinux policy first.

Firewall Configuration for LAMP Server

Author: Harpreet Singh
Server Administrator

  1. Linux
  2. Cloud
  3. Cyber Security
Suggested Posts:
LINUX post image
How to setup on-premise MySQL master and slave servers

In this article I'll be demonstrating how you can configure MySQL master and slave …

LINUX post image
Configure UFW Firewall in Linux

Firewalls in Linux play an important role in controlling the incoming and outgoing network …

LINUX post image
Create desktop entry of application on Linux

In this article, I'll show you how you can create desktop entrie for application …

LINUX post image
Understand SELinux module and manage security policies in Linux

This article is all about SELinux. It's a security component that protects Linux systems from …

LINUX post image
Create python virtual environment on windows and linux

Creating and managing a Python virtual environment is very crucial part of any project. …

Sign up or Login to post comment.

Sign up Login

Comments (0)