Installing LAMP (Linux, Apache, MySQL/MariaDB, and PHP/PhpMyAdmin) in Arch Linux

Arch Linux provides a flexible cutting age system environment and is a powerful best suited solution for developing web applications on small non-critical systems due to the fact that is a complete Open Source and provides the last up to date releases on Kernels and web software for servers and databases.

Install LAMP in Arch Linux
Install LAMP in Arch Linux

This main scope of this tutorial is to guide you through a complete step by step instructions that in the end will lead on installing one of the most used software combination in Web Development: LAMP (Linux, Apache, MySQL/MariaDB, and PHP/PhpMyAdmin ) and it will present you some nice features (quick and dirty Bash scripts) that are not present in an Arch Linux system, but can ease the job on creating multiple Virtual Hosts, generate SSL Certificates and Keys needed for secure HTTS transactions.

Requirements

  1. Previous Arch Linux Installation process – skip the last part with DHCP.
  2. Previous LEMP installation on Arch Linux – only the part with configuring Static IP Address and remote SSH access.

Step 1: Install Basic Software LAMP

1. After minimal system installation with static IP address and remote system access using SSH, upgrade your Arch Linux box using pacman utility.

$ sudo pacman -Syu

2. When the upgrade process finishes install LAMP from pieces, first install Apache Web Server and start/verify every server process daemon.

$ sudo pacman -S apache 
$ sudo systemctl start httpd 
$ sudo systemctl status httpd
Install Apache in Arch Linux
Install Apache Web Server

3. Install PHP dynamic server-side scripting language and its Apache module.

$ sudo pacman -S php php-apache

4. On the last step install MySQL database, choose 1 (MariaDB) community database fork then start and check daemon status.

$ sudo pacman -S mysql 
$ sudo systemctl start mysqld 
$ sudo systemctl status mysqld
Install MySQL in Arch Linux
Install MySQL Database
Start MySQL Database
Start MySQL Database

Now you have the basic LAMP software installed and started with default configurations so far.

Step 2: Secure MySQL Database

5. The next step is to secure MySQL database by setting a password for root account, remove anonymous users accounts, remove test database and disallow remote login for user root ( press [Enter] key for root account current password and answer with Yes on all security questions).

$ sudo mysql_secure_installation
Secure MySQL Database
Secure MySQL Database
Set MySQL root Password
Set MySQL root Password

6. Verify MySQL database connectivity by running the following command then leave database shell with quit or exit statement.

$ mysql -u root -p
Connect to MySQL in Arch Linux
Verify MySQL Database Connectivity

Step 3: Modify Apache Main Configuration File

7. The following configurations are most of them related to Apache Web Server to provide a dynamic interface for Virtual Hosting with PHP scripting language, SSL or non-SSL Virtual Hosts and can be done by modifying httpd service file configurations.

First open main Apache file configuration with your favourite text editor.

$ sudo nano /etc/httpd/conf/httpd.conf

At the very bottom of the file, append the following two lines.

IncludeOptional conf/sites-enabled/*.conf
IncludeOptional conf/mods-enabled/*.conf
Include Virtual Host Configuration
Include Virtual Host Configuration

The role of Include statements here is to tell Apache that from now on, it should read further configurations from all files that reside in /etc/httpd/conf/sites-enabled/ (for Virtual Hosting) and /etc/httpd/conf/mods-enabled/ ( for enabled server modules) system paths that ends in a .conf extension.

8. After Apache has been instructed with this two directives, create the necessary system directories issuing the following commands.

$ sudo mkdir /etc/httpd/conf/sites-available
$ sudo mkdir /etc/httpd/conf/sites-enabled
$ sudo mkdir /etc/httpd/conf/mods-enabled

The sites-available path holds all Virtual Hosts configurations files that are not activated on Apache but the next Bash script will use this directory to link and enable websites that are located there.

Step 4: Create a2eniste and a2diste Apache Commands

9. Now it’s time to create a2ensite and a2dissite Apache scripts that will serve as commands to enable or disable Virtual Host configuration file. Type the cd command to return to your $HOME user path and create your bash a2eniste and a2dissite scripts using your favourite editor.

$ sudo nano a2ensite

Add the following content on this file.

#!/bin/bash
if test -d /etc/httpd/conf/sites-available && test -d /etc/httpd/conf/sites-enabled  ; then
echo "-------------------------------"
else
mkdir /etc/httpd/conf/sites-available
mkdir /etc/httpd/conf/sites-enabled
fi

avail=/etc/httpd/conf/sites-available/\.conf
enabled=/etc/httpd/conf/sites-enabled
site=`ls /etc/httpd/conf/sites-available/`

if [ "$#" != "1" ]; then
        echo "Use script: n2ensite virtual_site"
        echo -e "\nAvailable virtual hosts:\n$site"
        exit 0
else
if test -e $avail; then
sudo ln -s $avail $enabled
else
echo -e "$avail virtual host does not exist! Please create one!\n$site"
exit 0
fi
if test -e $enabled/\.conf; then
echo "Success!! Now restart Apache server: sudo systemctl restart httpd"
else
echo  -e "Virtual host $avail does not exist!\nPlease see avail virtual hosts:\n$site"
exit 0
fi
fi
Create a2eniste Apache Script
Create a2eniste Apache Script

Now create a2dissite bash script file.

$ sudo nano a2dissite

Append the following content.

#!/bin/bash
avail=/etc/httpd/conf/sites-enabled/\.conf
enabled=/etc/httpd/conf/sites-enabled
site=`ls /etc/httpd/conf/sites-enabled`

if [ "$#" != "1" ]; then
        echo "Use script: n2dissite virtual_site"
        echo -e "\nAvailable virtual hosts: \n$site"
        exit 0
else
if test -e $avail; then
sudo rm  $avail
else
echo -e "$avail virtual host does not exist! Exiting"
exit 0
fi
if test -e $enabled/\.conf; then
echo "Error!! Could not remove $avail virtual host!"
else
echo  -e "Success! $avail has been removed!\nsudo systemctl restart httpd"
exit 0
fi
fi
Create a2dissite Apache Script
Create a2dissite Apache Script

10. After the files had been created allocate execute permissions and copy them to a $PATH executable directory to make them system wide available.

$ sudo chmod +x a2ensite a2dissite
$ sudo cp a2ensite a2dissite /usr/local/bin/
Set Execute Permissions
Set Execute Permissions

Step 5: Create Virtual Hosts in Apache

11. Virtual Host default configuration file for Apache Web server on Arch Linux is provided by httpd-vhosts.conf file located in /etc/httpd/conf/extra/ path but if you have a system that uses a lot of Virtual Hosts can be very difficult to keep track of what website is activated or not and. If you want to disable a website you must comment or delete all of its directives and that can be a difficult mission if you system provides a lot of websites and your website has more configuration directives.

Using sites-available and sites-enabled paths, greatly simplifies the job of enabling or disabling websites and also preserves all your websites configuration files even though they are activated or not.

On the next step we are going to construct the first Virtual Host that points to default localhost with the default DocumentRoot path for serving websites files (/srv/http.

$ sudo nano /etc/httpd/conf/sites-available/localhost.conf

Add the following Apache directives here.

<VirtualHost *:80>
        DocumentRoot "/srv/http"
        ServerName localhost
        ServerAdmin [email protected]
        ErrorLog "/var/log/httpd/localhost-error_log"
        TransferLog "/var/log/httpd/localhost-access_log"

<Directory />
    Options +Indexes +FollowSymLinks +ExecCGI
    AllowOverride All
    Order deny,allow
    Allow from all
Require all granted
</Directory>

</VirtualHost>
Create Virtual Hosts in Apache
Create Virtual Hosts in Apache

The most important statements here are Port and ServerName directives that instructs Apache to open a network connection on port 80 and redirect all queries with localhost name to serve files located in /srv/http/ path.

12. After localhost file has been created, activate it then restart httpd daemon to view changes.

$ sudo a2ensite localhost
$ sudo systemctl restart httpd
Active a2ensite Script
Active a2ensite Script

13. Then point your browser to http://localhost, if you run it from Arch system or http://Arch_IP if you use a remote system.

Browse Apache
Browse Apache

Step 6: Enable SSL with Virtual Hosting on LAMP

SSL (Secure Sockets Layer) is a protocol designed to encrypt HTTP connections over networks or Internet, which make data flow to be transmitted over a secure channel using symmetric/asymmetric cryptography keys and is provided in Arch Linux by OpenSSL package.

14. By default SSL module is not enabled on Apache in Arch Linux and can be activated by uncommenting mod_ssl.so module from main httpd.conf configuration file and Include httpd-ssl.conf file located in extra httpd path.

But to simplify things we are going to create a new module file for SSL in mods-enabled path and leave main Apache configuration file untouched. Create the following file for SSL module and add the below content.

$ sudo nano /etc/httpd/conf/mods-enabled/ssl.conf

Append the following content.

LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so

Listen 443

SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/run/httpd/ssl_scache(512000)"
SSLSessionCacheTimeout  300
Enable SSL with Virtual Hosting
Enable SSL with Virtual Hosting

15. Now create a Virtual Host file that points to the same localhost name but using SSL server configurations this time, and slightly change its name to remind you that it stands for localhost with SSL.

$ sudo nano /etc/httpd/conf/sites-available/localhost-ssl.conf

Add the following content on this file.

<VirtualHost *:443>
        DocumentRoot "/srv/http"
        ServerName localhost
        ServerAdmin [email protected]
        ErrorLog "/var/log/httpd/localhost-ssl-error_log"
        TransferLog "/var/log/httpd/localhost-ssl-access_log"

SSLEngine on

SSLCertificateFile "/etc/httpd/conf/ssl/localhost.crt"
SSLCertificateKeyFile "/etc/httpd/conf/ssl/localhost.key"

<FilesMatch "\.(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars
</FilesMatch>

<Directory "/srv/http/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>

BrowserMatch "MSIE [2-5]" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog "/var/log/httpd/ssl_request_log" \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

<Directory />

    Options +Indexes +FollowSymLinks +ExecCGI
    AllowOverride All
    Order deny,allow
    Allow from all
Require all granted
</Directory>

</VirtualHost>
Create SSL Virtual Host
Create SSL Virtual Host

Besides Port and ServerName directives, other important directives here are those pointing to SSL Certificate file and SSL Key file which are not yet created so don’t restart Apache Web Server or you will get some errors.

16. To create required SSL Certificate file and Keys install OpenSSL package issuing the command below.

$ sudo pacman -S openssl

17. Then create the following Bash script that automatically creates and stores all your Apache Certificates and Keys in /etc/httpd/conf/ssl/ system path.

$ sudo nano apache_gen_ssl

Add the following file content then save it and make it executable.

#!/bin/bash
mkdir /etc/httpd/conf/ssl
cd /etc/httpd/conf/ssl

echo -e "Enter your virtual host FQDN: \nThis will generate the default name for Nginx  SSL certificate!"
read cert

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out $cert.key
chmod 600 $cert.key
openssl req -new -key $cert.key -out $cert.csr
openssl x509 -req -days 365 -in $cert.csr -signkey $cert.key -out $cert.crt

echo -e " The certificate "$cert" has been generated!\nPlease link it to Apache SSL available website!"

ls -all /etc/httpd/conf/ssl
exit 0
Store Apache Certificates and Keys
Store Apache Certificates and Keys
$ sudo chmod +x apache_gen_ssl

If you want the script to be available system wide copy it to an executable $PATH.

$ sudo cp /apache_gen_ssl  /usr/local/bin/

18. Now generate your Certificate and Keys by running the script. Provide your SSL options and don’t forget the certificate name and Common Name to match your official domain (FQDN).

$ sudo ./apache_gen_ssl
Create Apache Certificates and Keys
Create Apache Certificates and Keys
Enter Certificates Details
Enter Certificates Details

After certificate and keys had been created don’t forget to modify your SSL Virtual Host certificate and keys configurations to match the name of this certificate.

19. The last step is to activate newly SSL Virtual Host and restart your server to apply configurations.

$ sudo a2ensite localhost-ssl
$ sudo systemctl restart httpd
Activate SSL Virtual Host
Activate SSL Virtual Host

That’s it! To verify it open browser and add Arch IP on URL using HTTPS protocol: https://localhost or https://system_IP.

Browse Apache over SSL
Browse Apache over SSL

Step 7: Enable PHP on Apache

20. By default Apache only serves HTML static files content in Arch Linux with no dynamic scripting languages support. To activate PHP first open Apache main configuration file then search and uncomment the following LoadModule statement (php-apache does not work with mod_mpm_event in Arch Linux).

$ sudo nano /etc/httpd/conf/httpd.conf

Using [Ctrl]+[w] search and comment the following line to look like this.

#LoadModule mpm_event_module modules/mod_mpm_event.so
Enable PHP Module
Enable PHP Module

21. Then create a new file for PHP module in mods-enabled path with the following content.

$ sudo nano /etc/httpd/conf/mods-enabled/php.conf

Add the exactly following content (you must use mod_mpm_prefork).

LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
LoadModule php5_module modules/libphp5.so

Include conf/extra/php5_module.conf
Enable mod_mpm_prefork Module
Enable mod_mpm_prefork Module

22. To verify setting create PHP a file named info.php in your DocumnetRoot (/srv/http/), then restart Apache and point your browser to info.php file: https://localhost/info.php.

<?php

phpinfo();

?>
$ sudo systemctl restart httpd
Verify PHP Information
Verify PHP Information

That’s it! If everything looks like image above, you now have PHP dynamic server-side scripting language enabled on Apache and you can now develop websites using Open Source CMS like WordPress for example.

If you want to verify Apache syntax configurations and see a list of loaded modules without restarting httpd daemon run the following commands.

$ sudo apachectl configtest
$ sudo apachectl -M

Step 8: Install and Configuring PhpMyAdmin

23. If you don’t master MySQL command line and want a simple remote access to MySQL database provided through web interface then you need PhpMyAdmin package installed on your Arch box.

$ sudo pacman -S phpmyadmin php-mcrypt

24. After the packages had been installed you need to enable some PHP extensions (mysqli.so, mcrypt.so – for internal authentication) and you can, also, enable other modules for needed for future CMS platforms like openssl.so, imap.so or iconv.so etc.

$ sudo nano /etc/php/php.ini

Locate and uncomment the above extensions.

extension=mcrypt.so
extension=mssql.so
extension=mysqli.so
extension=openssl.so
extension=iconv.so
extension=imap.so
extension=zip.so
extension=bz2.so
Install and Configuring PhpMyAdmin
Install and Configuring PhpMyAdmin

Also, on same file, search and locate open_basedir statement and add PhpMyAdmin system path (/etc/webapps/ and /usr/share/webapps/) to make sure PHP can access and read files under those directories (If you, also, change Virtual Hosts DocumentRoot path from /srv/http/ to another location you need to append the new path here too).

Enable open_basedir
Enable open_basedir

25. The last thing you need to do in order to access PhpMyAdmin Web Interface is to add PhpMyAdmin Apache statements on Virtual Hosts. As a security measure will make sure that PhpMyAdmin Web Interface can be accessible only from localhost ( or system IP address) using HTTPS protocol and not from other different Virtual Hosts. So, open your localhost-ssl.conf Apache file and at the bottom, before last statement add the following content.

$ sudo nano /etc/httpd/conf/sites-enabled/localhost-ssl.conf
Alias /phpmyadmin "/usr/share/webapps/phpMyAdmin"

<Directory "/usr/share/webapps/phpMyAdmin">
    DirectoryIndex index.html index.php
    AllowOverride All
    Options FollowSymlinks
    Require all granted
</Directory>
Create PhpMyAdmin Virtual Host Configuration
Create PhpMyAdmin Virtual Host Configuration

26. Afterwards restart Apache daemon and point your browser to the following address and you should be able to access your PhpMyAdmin Web Interface: https://localhost/phpmyadmin or https://system_IP/phpmyadmin.

Access PhpMyAdmin Web Interface
Access PhpMyAdmin Web Interface

27. If, after you login to PhpMyAdmin, you see a bottom error concerning a blowfish_secret, open and edit /etc/webapps/phpmyadmin/config.inc.php file and insert a random string like the one in the following statement, then refresh page.

$cfg['blowfish_secret'] = ‘{^QP+-(3mlHy+Gd~FE3mN{gIATs^1lX+T=KVYv{ubK*U0V’ ;
Fix blowfish_secret Error
Fix blowfish_secret Error

Step 9: Enable LAMP System Wide

28. If you want LAMP stack to be automatically started after system reboot run the following commands.

$ sudo systemctl enable httpd mysqld
Enable LAMP System Wide
Enable LAMP System Wide

This are some of main configuration settings on LAMP needed to transform an Arch Linux system into a simple but powerful, fast and robust web platform with cutting-age server software for small non-critical environments, but if you get stubborn and still want to use it in a large production environment you should arm yourself with plenty of patience and pay an extra attention on packages updates and make regular system backup images for a fast system restoring in case of system failures.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Matei Cezar
I'am a computer addicted guy, a fan of open source and linux based system software, have about 4 years experience with Linux distributions desktop, servers and bash scripting.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

25 Comments

Leave a Reply
  1. Great post. It has saved me a lot of tinkering.

    For those who are having issues with /etc/httpd/conf/mods-enabled/php.conf, see; https://bugs.php.net/bug.php?id=78681

    Apparently, there has been a new naming implementation that dictates that now you do not need to add the php version numbers i.e /libphp8.so becomes /libphp.so The same applies to all other references see;

    LoadModule php_module modules/libphp.so
    AddHandler php-script php
    Include conf/extra/php_module.conf

    Reply
  2. Chapter 21 (Add the exactly following content (you must use mod_mpm_prefork) For php 7:

    LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
    LoadModule php7_module modules/libphp7.so
    AddHandler php7-script php
    Include conf/extra/php7_module.conf
    
    Reply
  3. Hi, thanks for the great guide! I’ve tried to enable ssl but my site is not responding…

    I’ve used localhost as ServerName because I’ve activated a noip account: but when I try to reach https://mydomain.ddns.net the site isn’t available, but http://mydomain.ddns.net is ok…

    Reply
    • Does the server responds on localhost with ssl,port 443. run netstat to confirm it binds on 443. are you behind a router? if yes, forward ports on the router side. Also, does ddns record replay on port 80.

      Reply
  4. after completing the configuration, I try to make the applications using CodeIgniter framework, but at run time instead of blank page is opened, I use PHP version 5.9 is okay, but the current version of PHP 5.6 there is a problem, whether the issue of versions of PHP or from the wrong configuration …

    Reply
  5. I had 2 problems getting PhpMyAdmin installed:

    • the code to create a vhost alias in localhost.conf didn’t work, I had to add the code to httpd.conf for it to work.
    • PhpMyAdmin created a bad symlink /usr/share/webapps/phpMyAdmin/config.inc.php pointed to [ lowercase ] /usr/share/webapps/phpmyadmin/config.inc.php.

    Replacing config.inc.php with config.sample.inc.php fixed the problem.

    Hope this helps someone.

    # Enable Mod Rewrite in “/etc/httpd/conf/httpd.conf” by uncommenting
    #LoadModule rewrite_module modules/mod_rewrite.so
    LoadModule alias_module modules/mod_alias.so
    
    # Append to end of file “/etc/httpd/conf/httpd.conf”
    
    # PhpMyAdmin
    Include conf/phpmyadmin.conf
    
    
    # Create File “/etc/httpd/conf/phpmyadmin.conf” with contents
    
    Alias /phpmyadmin "/usr/share/webapps/phpMyAdmin"
    
    <Directory "/usr/share/webapps/phpMyAdmin">
        DirectoryIndex index.html index.php
        AllowOverride All
        Options FollowSymlinks
        Require all granted
    </Directory>
    
    
    # PhpMyAdmin Symlinks are bad
    mv /usr/share/webapps/phpMyAdmin/config.inc.php /usr/share/webapps/phpMyAdmin/config.inc.php.bak
    
    
    # Copy Config
    sudo cp /usr/share/webapps/phpMyAdmin/config.sample.inc.php /usr/share/webapps/phpMyAdmin/config.inc.php
    
    Reply
  6. The whole /etc/httpd/conf/mods-enabled/php.conf file wasn’t working for me.

    I had to comment out “mpm_event_module” in the httpd.conf file and below it put in the

    LoadModule mpm_prefork_module modules/mod_mpm_prefork.so

    # Followed later at the end of the modules by# Use for PHP 5.x:
    LoadModule php5_module modules/libphp5.so
    AddHandler php5-script php
    Include conf/extra/php5_module.conf

    ## Took me some doing just to get PHP running, otherwise the article is solid.

    Reply
  7. aa ok, I think my previous comment was… not written well? I don’t see my code. please read the link above that i posted, and correct step 5.

    Reply
  8. Loved the article; one of the best and most comprehensive about the subject of setting up a LAMP stack for newbies.

    Everything is working fine except when I get to php.conf in mods-enabled. When I got to restart Apache, I get this error below:

    “Job for httpd.service failed. See ‘systemctl status httpd.service’ and ‘journalctl -xn’ for details.”

    Not sure what to do :/

    Reply
  9. Hi, nice one. Thank you very much.

    When I rode your tutorial I show an misstake in command.
    In line 15 ”
    $ sudo nano /etc/httpd/conf/sites-availble/localhost-ssl.conf

    should be
    $ sudo nano /etc/httpd/conf/sites-available/localhost-ssl.conf

    You eat “a” letter

    Reply
  10. The a2ensite script (ln -s) make this when I try to reload the httpd service :
    Could not open configuration file /etc/httpd/conf/sites-enabled/localhost.conf: Too many levels of symbolic links

    :(

    Reply
  11. whenever i change my DocumentRoot i get 403 Access Forbidden on localhost. i only need apache and php for production code, no hosting or whatever. i chmodded my whole profile, all/granted/indexes followsymlinks, still apache won’t access my folders.

    Reply
  12. Nice work. I just needed it to solve my issue with php under arch after the apache-update and what can I say…THANK YOU.

    But after reading the hole post, I`ve found a lot of useful configurations.

    greetz from germany,
    Kanasaru

    Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.