Arch Linux provides a flexible cutting age system environment and is a powerful best suited solution for developing web applications on small non-critical systems due to the fact that is a complete Open Source and provides the last up to date releases on Kernels and web software for servers and databases.
This main scope of this tutorial is to guide you through a complete step by step instructions that in the end will lead on installing one of the most used software combination in Web Development: LAMP (Linux, Apache, MySQL/MariaDB, and PHP/PhpMyAdmin ) and it will present you some nice features (quick and dirty Bash scripts) that are not present in an Arch Linux system, but can ease the job on creating multiple Virtual Hosts, generate SSL Certificates and Keys needed for secure HTTS transactions.
Requirements
- Previous Arch Linux Installation process – skip the last part with DHCP.
- Previous LEMP installation on Arch Linux – only the part with configuring Static IP Address and remote SSH access.
Step 1: Install Basic Software LAMP
1. After minimal system installation with static IP address and remote system access using SSH, upgrade your Arch Linux box using pacman utility.
$ sudo pacman -Syu
2. When the upgrade process finishes install LAMP from pieces, first install Apache Web Server and start/verify every server process daemon.
$ sudo pacman -S apache $ sudo systemctl start httpd $ sudo systemctl status httpd
3. Install PHP dynamic server-side scripting language and its Apache module.
$ sudo pacman -S php php-apache
4. On the last step install MySQL database, choose 1 (MariaDB) community database fork then start and check daemon status.
$ sudo pacman -S mysql $ sudo systemctl start mysqld $ sudo systemctl status mysqld
Now you have the basic LAMP software installed and started with default configurations so far.
Step 2: Secure MySQL Database
5. The next step is to secure MySQL database by setting a password for root account, remove anonymous users accounts, remove test database and disallow remote login for user root ( press [Enter] key for root account current password and answer with Yes on all security questions).
$ sudo mysql_secure_installation
6. Verify MySQL database connectivity by running the following command then leave database shell with quit or exit statement.
$ mysql -u root -p
Step 3: Modify Apache Main Configuration File
7. The following configurations are most of them related to Apache Web Server to provide a dynamic interface for Virtual Hosting with PHP scripting language, SSL or non-SSL Virtual Hosts and can be done by modifying httpd service file configurations.
First open main Apache file configuration with your favourite text editor.
$ sudo nano /etc/httpd/conf/httpd.conf
At the very bottom of the file, append the following two lines.
IncludeOptional conf/sites-enabled/*.conf IncludeOptional conf/mods-enabled/*.conf
The role of Include statements here is to tell Apache that from now on, it should read further configurations from all files that reside in /etc/httpd/conf/sites-enabled/ (for Virtual Hosting) and /etc/httpd/conf/mods-enabled/ ( for enabled server modules) system paths that ends in a .conf extension.
8. After Apache has been instructed with this two directives, create the necessary system directories issuing the following commands.
$ sudo mkdir /etc/httpd/conf/sites-available $ sudo mkdir /etc/httpd/conf/sites-enabled $ sudo mkdir /etc/httpd/conf/mods-enabled
The sites-available path holds all Virtual Hosts configurations files that are not activated on Apache but the next Bash script will use this directory to link and enable websites that are located there.
Step 4: Create a2eniste and a2diste Apache Commands
9. Now it’s time to create a2ensite and a2dissite Apache scripts that will serve as commands to enable or disable Virtual Host configuration file. Type the cd command to return to your $HOME user path and create your bash a2eniste and a2dissite scripts using your favourite editor.
$ sudo nano a2ensite
Add the following content on this file.
#!/bin/bash if test -d /etc/httpd/conf/sites-available && test -d /etc/httpd/conf/sites-enabled ; then echo "-------------------------------" else mkdir /etc/httpd/conf/sites-available mkdir /etc/httpd/conf/sites-enabled fi avail=/etc/httpd/conf/sites-available/\.conf enabled=/etc/httpd/conf/sites-enabled site=`ls /etc/httpd/conf/sites-available/` if [ "$#" != "1" ]; then echo "Use script: n2ensite virtual_site" echo -e "\nAvailable virtual hosts:\n$site" exit 0 else if test -e $avail; then sudo ln -s $avail $enabled else echo -e "$avail virtual host does not exist! Please create one!\n$site" exit 0 fi if test -e $enabled/\.conf; then echo "Success!! Now restart Apache server: sudo systemctl restart httpd" else echo -e "Virtual host $avail does not exist!\nPlease see avail virtual hosts:\n$site" exit 0 fi fi
Now create a2dissite bash script file.
$ sudo nano a2dissite
Append the following content.
#!/bin/bash avail=/etc/httpd/conf/sites-enabled/\.conf enabled=/etc/httpd/conf/sites-enabled site=`ls /etc/httpd/conf/sites-enabled` if [ "$#" != "1" ]; then echo "Use script: n2dissite virtual_site" echo -e "\nAvailable virtual hosts: \n$site" exit 0 else if test -e $avail; then sudo rm $avail else echo -e "$avail virtual host does not exist! Exiting" exit 0 fi if test -e $enabled/\.conf; then echo "Error!! Could not remove $avail virtual host!" else echo -e "Success! $avail has been removed!\nsudo systemctl restart httpd" exit 0 fi fi
10. After the files had been created allocate execute permissions and copy them to a $PATH executable directory to make them system wide available.
$ sudo chmod +x a2ensite a2dissite $ sudo cp a2ensite a2dissite /usr/local/bin/
Step 5: Create Virtual Hosts in Apache
11. Virtual Host default configuration file for Apache Web server on Arch Linux is provided by httpd-vhosts.conf file located in /etc/httpd/conf/extra/ path but if you have a system that uses a lot of Virtual Hosts can be very difficult to keep track of what website is activated or not and. If you want to disable a website you must comment or delete all of its directives and that can be a difficult mission if you system provides a lot of websites and your website has more configuration directives.
Using sites-available and sites-enabled paths, greatly simplifies the job of enabling or disabling websites and also preserves all your websites configuration files even though they are activated or not.
On the next step we are going to construct the first Virtual Host that points to default localhost with the default DocumentRoot path for serving websites files (/srv/http.
$ sudo nano /etc/httpd/conf/sites-available/localhost.conf
Add the following Apache directives here.
<VirtualHost *:80> DocumentRoot "/srv/http" ServerName localhost ServerAdmin [email protected] ErrorLog "/var/log/httpd/localhost-error_log" TransferLog "/var/log/httpd/localhost-access_log" <Directory /> Options +Indexes +FollowSymLinks +ExecCGI AllowOverride All Order deny,allow Allow from all Require all granted </Directory> </VirtualHost>
The most important statements here are Port and ServerName directives that instructs Apache to open a network connection on port 80 and redirect all queries with localhost name to serve files located in /srv/http/ path.
12. After localhost file has been created, activate it then restart httpd daemon to view changes.
$ sudo a2ensite localhost $ sudo systemctl restart httpd
13. Then point your browser to http://localhost, if you run it from Arch system or http://Arch_IP if you use a remote system.
Step 6: Enable SSL with Virtual Hosting on LAMP
SSL (Secure Sockets Layer) is a protocol designed to encrypt HTTP connections over networks or Internet, which make data flow to be transmitted over a secure channel using symmetric/asymmetric cryptography keys and is provided in Arch Linux by OpenSSL package.
14. By default SSL module is not enabled on Apache in Arch Linux and can be activated by uncommenting mod_ssl.so module from main httpd.conf configuration file and Include httpd-ssl.conf file located in extra httpd path.
But to simplify things we are going to create a new module file for SSL in mods-enabled path and leave main Apache configuration file untouched. Create the following file for SSL module and add the below content.
$ sudo nano /etc/httpd/conf/mods-enabled/ssl.conf
Append the following content.
LoadModule ssl_module modules/mod_ssl.so LoadModule socache_shmcb_module modules/mod_socache_shmcb.so Listen 443 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/run/httpd/ssl_scache(512000)" SSLSessionCacheTimeout 300
15. Now create a Virtual Host file that points to the same localhost name but using SSL server configurations this time, and slightly change its name to remind you that it stands for localhost with SSL.
$ sudo nano /etc/httpd/conf/sites-available/localhost-ssl.conf
Add the following content on this file.
<VirtualHost *:443> DocumentRoot "/srv/http" ServerName localhost ServerAdmin [email protected] ErrorLog "/var/log/httpd/localhost-ssl-error_log" TransferLog "/var/log/httpd/localhost-ssl-access_log" SSLEngine on SSLCertificateFile "/etc/httpd/conf/ssl/localhost.crt" SSLCertificateKeyFile "/etc/httpd/conf/ssl/localhost.key" <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/srv/http/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "/var/log/httpd/ssl_request_log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" <Directory /> Options +Indexes +FollowSymLinks +ExecCGI AllowOverride All Order deny,allow Allow from all Require all granted </Directory> </VirtualHost>
Besides Port and ServerName directives, other important directives here are those pointing to SSL Certificate file and SSL Key file which are not yet created so don’t restart Apache Web Server or you will get some errors.
16. To create required SSL Certificate file and Keys install OpenSSL package issuing the command below.
$ sudo pacman -S openssl
17. Then create the following Bash script that automatically creates and stores all your Apache Certificates and Keys in /etc/httpd/conf/ssl/ system path.
$ sudo nano apache_gen_ssl
Add the following file content then save it and make it executable.
#!/bin/bash mkdir /etc/httpd/conf/ssl cd /etc/httpd/conf/ssl echo -e "Enter your virtual host FQDN: \nThis will generate the default name for Nginx SSL certificate!" read cert openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out $cert.key chmod 600 $cert.key openssl req -new -key $cert.key -out $cert.csr openssl x509 -req -days 365 -in $cert.csr -signkey $cert.key -out $cert.crt echo -e " The certificate "$cert" has been generated!\nPlease link it to Apache SSL available website!" ls -all /etc/httpd/conf/ssl exit 0
$ sudo chmod +x apache_gen_ssl
If you want the script to be available system wide copy it to an executable $PATH.
$ sudo cp /apache_gen_ssl /usr/local/bin/
18. Now generate your Certificate and Keys by running the script. Provide your SSL options and don’t forget the certificate name and Common Name to match your official domain (FQDN).
$ sudo ./apache_gen_ssl
After certificate and keys had been created don’t forget to modify your SSL Virtual Host certificate and keys configurations to match the name of this certificate.
19. The last step is to activate newly SSL Virtual Host and restart your server to apply configurations.
$ sudo a2ensite localhost-ssl $ sudo systemctl restart httpd
That’s it! To verify it open browser and add Arch IP on URL using HTTPS protocol: https://localhost or https://system_IP.
Step 7: Enable PHP on Apache
20. By default Apache only serves HTML static files content in Arch Linux with no dynamic scripting languages support. To activate PHP first open Apache main configuration file then search and uncomment the following LoadModule statement (php-apache does not work with mod_mpm_event in Arch Linux).
$ sudo nano /etc/httpd/conf/httpd.conf
Using [Ctrl]+[w] search and comment the following line to look like this.
#LoadModule mpm_event_module modules/mod_mpm_event.so
21. Then create a new file for PHP module in mods-enabled path with the following content.
$ sudo nano /etc/httpd/conf/mods-enabled/php.conf
Add the exactly following content (you must use mod_mpm_prefork).
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so LoadModule php5_module modules/libphp5.so Include conf/extra/php5_module.conf
22. To verify setting create PHP a file named info.php in your DocumnetRoot (/srv/http/), then restart Apache and point your browser to info.php file: https://localhost/info.php.
<?php phpinfo(); ?>
$ sudo systemctl restart httpd
That’s it! If everything looks like image above, you now have PHP dynamic server-side scripting language enabled on Apache and you can now develop websites using Open Source CMS like WordPress for example.
If you want to verify Apache syntax configurations and see a list of loaded modules without restarting httpd daemon run the following commands.
$ sudo apachectl configtest $ sudo apachectl -M
Step 8: Install and Configuring PhpMyAdmin
23. If you don’t master MySQL command line and want a simple remote access to MySQL database provided through web interface then you need PhpMyAdmin package installed on your Arch box.
$ sudo pacman -S phpmyadmin php-mcrypt
24. After the packages had been installed you need to enable some PHP extensions (mysqli.so, mcrypt.so – for internal authentication) and you can, also, enable other modules for needed for future CMS platforms like openssl.so, imap.so or iconv.so etc.
$ sudo nano /etc/php/php.ini
Locate and uncomment the above extensions.
extension=mcrypt.so extension=mssql.so extension=mysqli.so extension=openssl.so extension=iconv.so extension=imap.so extension=zip.so extension=bz2.so
Also, on same file, search and locate open_basedir statement and add PhpMyAdmin system path (/etc/webapps/ and /usr/share/webapps/) to make sure PHP can access and read files under those directories (If you, also, change Virtual Hosts DocumentRoot path from /srv/http/ to another location you need to append the new path here too).
25. The last thing you need to do in order to access PhpMyAdmin Web Interface is to add PhpMyAdmin Apache statements on Virtual Hosts. As a security measure will make sure that PhpMyAdmin Web Interface can be accessible only from localhost ( or system IP address) using HTTPS protocol and not from other different Virtual Hosts. So, open your localhost-ssl.conf Apache file and at the bottom, before last statement add the following content.
$ sudo nano /etc/httpd/conf/sites-enabled/localhost-ssl.conf
Alias /phpmyadmin "/usr/share/webapps/phpMyAdmin" <Directory "/usr/share/webapps/phpMyAdmin"> DirectoryIndex index.html index.php AllowOverride All Options FollowSymlinks Require all granted </Directory>
26. Afterwards restart Apache daemon and point your browser to the following address and you should be able to access your PhpMyAdmin Web Interface: https://localhost/phpmyadmin or https://system_IP/phpmyadmin.
27. If, after you login to PhpMyAdmin, you see a bottom error concerning a blowfish_secret, open and edit /etc/webapps/phpmyadmin/config.inc.php file and insert a random string like the one in the following statement, then refresh page.
$cfg['blowfish_secret'] = ‘{^QP+-(3mlHy+Gd~FE3mN{gIATs^1lX+T=KVYv{ubK*U0V’ ;
Step 9: Enable LAMP System Wide
28. If you want LAMP stack to be automatically started after system reboot run the following commands.
$ sudo systemctl enable httpd mysqld
This are some of main configuration settings on LAMP needed to transform an Arch Linux system into a simple but powerful, fast and robust web platform with cutting-age server software for small non-critical environments, but if you get stubborn and still want to use it in a large production environment you should arm yourself with plenty of patience and pay an extra attention on packages updates and make regular system backup images for a fast system restoring in case of system failures.
Great post. It has saved me a lot of tinkering.
For those who are having issues with /etc/httpd/conf/mods-enabled/php.conf, see; https://bugs.php.net/bug.php?id=78681
Apparently, there has been a new naming implementation that dictates that now you do not need to add the php version numbers i.e /libphp8.so becomes /libphp.so The same applies to all other references see;
LoadModule php_module modules/libphp.so
AddHandler php-script php
Include conf/extra/php_module.conf
Chapter 21 (Add the exactly following content (you must use mod_mpm_prefork) For php 7:
and install from aur:
Hi, thanks for the great guide! I’ve tried to enable ssl but my site is not responding…
I’ve used localhost as ServerName because I’ve activated a noip account: but when I try to reach
https://mydomain.ddns.net
the site isn’t available, buthttp://mydomain.ddns.net
is ok…Does the server responds on localhost with ssl,port 443. run netstat to confirm it binds on 443. are you behind a router? if yes, forward ports on the router side. Also, does ddns record replay on port 80.
Great post, Thanks!
after completing the configuration, I try to make the applications using CodeIgniter framework, but at run time instead of blank page is opened, I use PHP version 5.9 is okay, but the current version of PHP 5.6 there is a problem, whether the issue of versions of PHP or from the wrong configuration …
I had 2 problems getting PhpMyAdmin installed:
Replacing config.inc.php with config.sample.inc.php fixed the problem.
Hope this helps someone.
The whole /etc/httpd/conf/mods-enabled/php.conf file wasn’t working for me.
I had to comment out “mpm_event_module” in the httpd.conf file and below it put in the
LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
# Followed later at the end of the modules by# Use for PHP 5.x:
LoadModule php5_module modules/libphp5.so
AddHandler php5-script php
Include conf/extra/php5_module.conf
## Took me some doing just to get PHP running, otherwise the article is solid.
this is perfect, thank you
Absolutely amazing post, thanks Matei.
aa ok, I think my previous comment was… not written well? I don’t see my code. please read the link above that i posted, and correct step 5.
Hi
Thanks for this amazing post, but there’s a problem with step 5.
needs to be changed to
If you don’t do that, the .htaccess file won’t be read by apache.
Here’s the related link that i found:
http://drupal.stackexchange.com/questions/98854/drupal-installed-with-drush-doesnt-display-home-page
Such a great tutorial. I was searching for a tutorial like this for hours without any afford…
Great work. Thank you!
Loved the article; one of the best and most comprehensive about the subject of setting up a LAMP stack for newbies.
Everything is working fine except when I get to php.conf in mods-enabled. When I got to restart Apache, I get this error below:
“Job for httpd.service failed. See ‘systemctl status httpd.service’ and ‘journalctl -xn’ for details.”
Not sure what to do :/
Nevermind. It was an error on my part. Please dis-regard above comment. Works great. Thank you!!!!
Typo on Step 4 line 9…. It should be “a2ensite”
Thanks Chad, corrected in the article..
Hi, nice one. Thank you very much.
When I rode your tutorial I show an misstake in command.
In line 15 ”
$ sudo nano /etc/httpd/conf/sites-availble/localhost-ssl.conf
should be
$ sudo nano /etc/httpd/conf/sites-available/localhost-ssl.conf
You eat “a” letter
Oh man! thanks for a correction, we corrected in the article.
The a2ensite script (ln -s) make this when I try to reload the httpd service :
Could not open configuration file /etc/httpd/conf/sites-enabled/localhost.conf: Too many levels of symbolic links
:(
read the point 24 again….focus on open_basedir and it should work!
whenever i change my DocumentRoot i get 403 Access Forbidden on localhost. i only need apache and php for production code, no hosting or whatever. i chmodded my whole profile, all/granted/indexes followsymlinks, still apache won’t access my folders.
this is a huge example and so very helpful for web developers as well
Nice work. I just needed it to solve my issue with php under arch after the apache-update and what can I say…THANK YOU.
But after reading the hole post, I`ve found a lot of useful configurations.
greetz from germany,
Kanasaru