HW03: LAMP Setup due Sat 16 Sep 23:59

\begin{purpose} This assignment gives practice in installing and configuring Ap... ... ssl, and adjust the time zone. %, and install a PHP frame work. \end{purpose}

What To Turn In

In a text file (i.e., NOT MS Word or other word processor) document the steps you take to complete these steps. Be sure to include headers and exact commands that you typed on the command-line. The goal is to produce a document someone else could follow to complete these same steps. Upload the text file to this assignment in Canvas.

To grade your work I will look at the document you created, visit the sites you set up, and access your server from the command-line.

Apache

Perform these tasks to install Apache:
  1. sudo apt install apache2
  2. Verify it is running: sudo systemctl status apache2
  3. Verify set to start on boot: sudo systemctl is-enabled apache2
  4. Adjust firewall (ufw) to allow http (80) and https (443) traffic by enabling “Apache Full” settings.
  5. In AWS modify the security group associated with your EC2 instance to allow http and https traffic from anywhere.
  6. Look up your external IP number (available in AWS console or do this: curl http://icanhazip.com). You'll want to put this in a convenient place because you'll use it a lot moving forward.
  7. In a browser visit: http://youripnumber to verify apache is working and reachable.

Some useful file locations to keep in mind moving forward: 

	File Locations
		Apache Config Files: /etc/apache2
			apache2.conf
			sites-available/
			sites-enabled/
		Log Files: /var/log/apache2
		Web Space: /var/www/html

MySQL

Perform these tasks to install MySQL:
  1. sudo apt install mysql-server
  2. sudo mysql_secure_installation (NOTE: not necessary to configure VALIDATE PASSWORD PLUGIN but it is okay to do so)
  3. Connect to MySQL server as root: mysql -u root
  4. Assign password to MySQL root/admin:

    ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';

    FLUSH PRIVILEGES;

  5. Exit MySQL and then verify the new password work by connecting using:

    mysql -u root -p

PHP

Perform these tasks to install PHP:
  1. sudo apt install php libapache2-mod-php php-mysql php-cli
  2. sudo systemctl restart apache2
  3. delete /var/www/html/index.html
  4. create /var/www/html/index.php with this: 
    	<?php
		echo "Today is: ".date('l jS \of F Y h:i:s A');
	?>
  5. Visit: http://yourip to verify PHP is working
  6. Observe that the date presented in UTC rather than CDT timezone.

Time Zone

Here are some time zone commands. 
timedatectl
timedatectl list-timezones | grep Chicago
timedatectl set-timezone America/Chicago

After setting the timezone, restart apache, and refresh the PHP script to verify the time is correct.

Apache Virtual Hosting

Apache can host a variety of websites. We want those sites to each have their own configuration and space. For example, we may host all of these sites on a single server: www.example.com, blog.example.com, sales.example.com, www.another.com.

Our plan is that for live/production sites we'll provide web space as follows: 

/var/www/live/yourdomain
/var/www/live/blog.yourdomain
/var/www/live/app.yourdomain
Each of the directories will be organized as follows:
/html
is the actual web space
/logs
contains the apache and other application log files should be owned by www-data group of your personal account and www-data should be allowed to write

To tell apache how to handle each site we create .conf files in /etc/apache2/sites-available: 

yourdomain.conf
blog.yourdomain.conf
app.yourdomain.conf

If your domain is example.com your .conf file should look something like this: 

<VirtualHost *:80>
    ServerAdmin your_email_address
    ServerName example.com
    ServerAlias www.example.com   # all domains listed here auto-forward to example.com
    DocumentRoot /var/www/live/example.com/html
    ErrorLog /var/www/live/example.com/logs/error.log
    CustomLog /var/www/live/example.com/logs/access.log combined
</VirtualHost>
<Directory "/var/www/live/example.com/html">
	Options FollowSymLinks
	AllowOverride None
	Order allow,deny
	Allow from all
</Directory>

To tell apache to use these .conf file you need to create a symbolic links in sites-enabled to each of them. Then restart apache.

NOTE: To test this on your local machine BEFORE DNS entries have been made, add entries for the domains of interest to your hosts file:

Verify that both www.yourdomain and and yourdomain.com display a web page.

IMPORTANT: In the html directory of each site create a simple index.php that will simply say which site it is.

DNS

Add entries in Route 53 so that yourdomain, www.yourdomain, app.yourdomain, and blog.yourdomain all resolve to your server.

If you haven't done so already, in Apache set up virtual hosts for app and blog. Create very simple, distinguishing landing pages. Then test them. NOTE: It may take a while for DNS changes to propagate.

SSL with Let's Encrypt's Certbot

Perform these tasks to install signed SSL certificates for your various domains.
  1. sudo apt install certbot python3-certbot-apache
  2. NOTE: My domain was abilenebites.com. Here is the command I entered to actually install certificates:

    sudo certbot --apache -d abilenebites.com -d www.abilenebites.com -d blog.abilenebites.com -d app.abilenebites.com

    Go ahead and let certbot modify your configuration to redirect http traffic to https.

  3. Look in /etc/apache2/sites-available/ to see new config files. Also notice that your original .conf files have been modified.
  4. Restart apache
  5. Refresh your site in the browser. Your site should now redirect to https for all domains. NOTE: The certificate expires in 90 days. The install script set up a cron job (/etc/cron.d/certbot) to perform the renewal automatically.

Course Resources

Grades and Homework

Quick Links