How to Install LAMP Stack on Debian 11 Bullseye

LAMP is a collection of open-source software commonly used to serve web applications that have been around since the late 1990s. LAMP is an acronym that stands for Linux, Apache, MySQL/MariaDB, and PHP and provides the components needed to host and manage web content and is still arguably the most utilized stack deployment for developers and web applications today.

In the following tutorial, you will learn how to install the LAMP stack (Apache, MariaDB, PHP) on Debian 11 Bullseye using the most up-to-date packages instead of the default Debian 11 repository versions.

Note, you can install LAMP on Debian 11 using this method without the newer repositories; use the same commands without importing any third-party repositories.

Advertisement

Prerequisites

Update Operating System

Update your Debian operating system to make sure all existing packages are up to date:

sudo apt update && sudo apt upgrade -y

The tutorial will be using the sudo command and assuming you have sudo status.

To verify sudo status on your account:

sudo whoami

Example output showing sudo status:

[joshua@debian~]$ sudo whoami
root

To set up an existing or new sudo account, visit our tutorial on Adding a User to Sudoers on Debian.

To use the root account, use the following command with the root password to log in.

su

Install Depedencies

The first step is to install the dependencies needed during the installation, use the following command to install or check that they are present.

sudo apt-get install software-properties-common dirmngr ca-certificates apt-transport-https nano wget curl -y

Install Latest Apache – (LAMP Stack)

To kickstart the LAMP stack installation, you will need to install the Apache 2 (HTTPD) webserver. By default, this is featured on Debian 11’s default repository. However, this can often be lagging in updates unless an urgent security update has been pushed.

To maintain the most up-to-date Apache web server, install the package from the  Ondřej Surý’s repository. Many Ubuntu users would know his PPA, and you can do the same in Debian.

In your terminal, use the following command to begin the installation.

curl -sSL https://packages.sury.org/apache2/README.txt | sudo bash -x

Now that you have installed the Apache repository and updated the repository list, install Apache2 with the following:

sudo apt install apache2

Example output:

How to Install LAMP Stack on Debian 11 Bullseye

TYPE Y, then press the ENTER KEY to proceed and complete the installation.

Next, confirm the installation was successful by confirming the version.

sudo apache2 -v

Example output:

Server version: Apache/2.4.52 (Debian)
Server built:   2021-12-20T21:09:16

Now, make sure Apache is running by using the systemctl command:

systemctl status apache2

Example output:

How to Install LAMP Stack on Debian 11 Bullseye

If Apache is not activated, to start the webserver application, use the following command:

sudo systemctl enable apache2 --now

Example output if successful:

Synchronizing state of apache2.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable apache2

Next, visit the page located at your server’s local IP address or external into your browser.

Example landing page:

How to Install LAMP Stack on Debian 11 Bullseye

If you cannot reach this page without using UFW Firewall, use the following command to allow port 80.

sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT

Optional. Configure UFW Firewall for Apache

After installing Apache 2 web server, you will need to modify the UFW rules if you have UFW installed. To allow outside access to the default web ports. Luckily, during the installation, Apache registers itself with UFW to provide a few profiles that can be used to enable or disable access, making it easy and quick to configure.

If you would like to install the UFW firewall, run the following command:

sudo apt install ufw -y

Once UFW is installed, enable UFW to start and be active on system boot.

sudo ufw enable

Next, list the application profiles to see the Apache profiles that are available by the following command:

sudo ufw app list

Example output:

Available applications:
  Apache
  Apache Full
  Apache Secure

From the output above, you have three profile options to choose from. To break it down, Apache runs on port 80 (HTTP), Apache Secure runs on port 443 (HTTPS), and Apache Full is a combination of allowing both. The most common is either Apache Full or Apache Secure.

For the tutorial, since we have not set up SSL, we will enable (Apache) profile with the following command:

sudo ufw allow 'Apache'

Example output:

Rule added
Rule added (v6)

As above, the rules have been added for both IPV4 and IPV6. Later on, you can disable this profile and enable secure only or disable the Apache rule and use the Apache Full rule instead.

Advertisement

Install Latest MariaDB Server – (LAMP Stack)

The tutorial will recommend installing MariaDB constantly over MySQL due to performance more than anything else.

First, import the official MariaDB repository, 10.6 is the current stable but 10.7 is the new version out but maybe not as stable.

Option 1 – Import MariaDB 10.6:

curl -LsS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash -s -- --mariadb-server-version=10.7 --skip-maxscale --skip-tools

Option 2 – Import MariaDB 10.7:

curl -LsS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash -s -- --mariadb-server-version=10.7 --skip-maxscale --skip-tools

Once you have picked a version, update your APT repository.

sudo apt update

Install MariaDB on Debian Desktop or Server

To install MariaDB, you will need to install the client and the server packages. This can be done as follows:

sudo apt install mariadb-server mariadb-client

Example output (MariaDB 10.7):

How to Install LAMP Stack on Debian 11 Bullseye

Type Y and then press the ENTER KEY to proceed with the installation.

Confirm the installation of MariaDB by checking the version and build:

mariadb --version

Example output:

mariadb  Ver 15.1 Distrib 10.7.1-MariaDB, for debian-linux-gnu (x86_64) using readline EditLine wrapper

Remember, this is just an example. You can easily change the MariaDB as described at the start of the section.

Check MariaDB 10.7 Service Status

Now you have installed MariaDB, and you can verify the status of the database software by using the following systemctl command:

systemctl status mariadb

Example:

How to Install LAMP Stack on Debian 11 Bullseye

By default, you will find MariaDB status to be activated. If not, start MariaDB, use the following command:

sudo systemctl start mariadb

To stop MariaDB:

sudo systemctl stop mariadb

To enable MariaDB on system startup:

sudo systemctl enable mariadb

To disable MariaDB on system startup:

sudo systemctl disable mariadb

To restart the MariaDB service:

sudo systemctl restart mariadb

Secure MariaDB with Security Script

When installing MariaDB fresh, default settings are considered weak by most standards and cause concern for potentially allowing intrusion or exploiting hackers. A solution is to run the installation security script with the MariaDB installation.

First, use the following command to launch the (mysql_secure_installation):

sudo mysql_secure_installation

Next, follow below:

  • Setting the password for root accounts.
  • Removing root accounts that are accessible from outside the local host.
  • Removing anonymous-user accounts.
  • Removing the test database, which by default can be accessed by anonymous users.

Note, you use (Y) to remove everything.

Example:

[joshua@debian ~]$ sudo mariadb-secure-installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] Y <---- Type Y then press the ENTER KEY.
Enabled successfully!
Reloading privilege tables..
 ... Success!


You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] Y <---- Type Y then press the ENTER KEY.
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y <---- Type Y then press the ENTER KEY.
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Install Latest PHP – LAMP Stack

The last part of the tutorial will be to install PHP, which is the backend that communicates between Apache and MariaDB, the middle man. PHP 8.0 is becoming relatively stable, and the newer versions of PHP 8.1 are now available.

The tutorial will focus on importing Ondřej Surý’s latest PHP version, the maintainer for Debian PHP. This is always up to date even when new PHP versions are dropped.

Import Ondřej Surý PHP Repository

The first step is to import and install the GPG key before adding the repository.

In your terminal, use the following command.

In your terminal, use the following command to begin the installation.

curl -sSL https://packages.sury.org/php/README.txt | sudo bash -x

This command will install the PHP repository and update your APT repository.

After running the update command, you may notice some packages require updating, make sure to do this before continuing.

sudo apt upgrade

Example – Install PHP 8.0 or 8.1 with Apache Option

The option below will install either PHP 8.0 or 8.1. The exact process can be used to install the older stable 7.4 or, in the future, 8.2 8.3 and PHP 8.4.

The tutorial will cover both native PHP Apache module installation along the PHP-FPM. For most users, the native module is recommended over PHP-FPM.

Install Apache Module

To install the Apache module, enter the following command.

Option 1 PHP 8.0:

sudo apt install php8.0 libapache2-mod-php8.0

Option 2 PHP 8.1:

sudo apt install php8.1 libapache2-mod-php8.1

Example output:

How to Install LAMP Stack on Debian 11 Bullseye

Type Y, then press the ENTER KEY to proceed.

The module should be loaded automatically after the installation. However, if you need to load the module, use the following command.

sudo a2enmod php{version}

Example:

sudo a2enmod php8.1

Example output:

How to Install LAMP Stack on Debian 11 Bullseye

As above, PHP 8.1 was already enabled, but these commands will come in handy in the future.

Once installation is complete, restart your Apache server to load the new PHP module.

sudo systemctl restart apache2

Note, to disable the module to re-enable another version, for instance swapping between 8.0 and 8.1, and you would first install the PHP packages and use the following.

Disconnect PHP 8.0 using the following command.

sudo a2dismod php8.0

Then enable PHP 8.1 module.

sudo a2enmod php8.1

Restart your Apache server to load the new PHP module.

sudo systemctl restart apache2

Make sure the PHP Apache module is disabled if you are going to use the following method of installing PHP-FPM with Apache.

Alternative Option – Install Apache PHP-FPM

Install Apache with PHP-FPM

PHP-FPM (an acronym of FastCGI Process Manager) is a hugely popular alternative PHP (Hypertext Processor) FastCGI implementation.

To install PHP-FPM with the following commands.

Option 1 PHP-FPM 8.0:

sudo apt install php8.0-fpm libapache2-mod-fcgid

Option 2 PHP-FPM 8.1:

sudo apt install php8.1-fpm libapache2-mod-fcgid

Note, by default, PHP-FPM is not enabled for Apache.

Example with PHP-FPM 8.1:

How to Install LAMP Stack on Debian 11 Bullseye

Now enable it by the following command.

Example with PHP-FPM 8.1:

sudo a2enmod proxy_fcgi setenvif && sudo a2enconf php8.1-fpm

Lastly, restart Apache.

sudo systemctl restart apache2

Verify that PHP-FPM is working:

sudo systemctl status php8.1-fpm

Example output:

How to Install LAMP Stack on Debian 11 Bullseye

To disable PHP-FPM for Apache, use the following command example with PHP-FPM 8.1 as the example again.

sudo a2dismod proxy_fcgi setenvif && sudo a2disconf php8.1-fpm

Next, restart the service.

sudo systemctl restart apache2

Now you can re-enable the PHP module Apache extension.

sudo a2enmod php8.1

Create PHP Test Info Page

To test PHP or PHP-FPM with the Apache Web server, you must create a file in the webroot directory.

For the guide, you will name the file (info.php) as follows:

sudo nano /var/www/html/info.php

Paste the following the (info.php) file:

<?php

phpinfo();

?>

Save the file (CTRL+O), then exit (CTRL+X).

Now in your Internet Browser address bar, enter (server-ip-address/info.php). If you have installed Apache on your local computer, use the default (127.0.0.1/info.php) or (localhost/info.php).

Example (LAMP – PHP APACHE MODULE HANDLER):

How to Install LAMP Stack on Debian 11 Bullseye

Example (LAMP – APACHE PHP-FPM):

How to Install LAMP Stack on Debian 11 Bullseye

This information shows PHP scripts can run properly with the Apache (HTTPD) webserver.

For security purposes, you should remove the file. To do this, use the following command:

sudo rm -f /var/www/html/info.php

Optional – Secure Apache with Let’s Encrypt SSL Free Certificate

Ideally, you would want to run your Apache on HTTPS using an SSL certificate. The best way to do this is to use Let’s Encrypt, a free, automated, and open certificate authority run by the nonprofit Internet Security Research Group (ISRG).

First, install the certbot package as follows:

sudo apt install python3-certbot-apache -y

Once installed, run the following command to start the creation of your certificate:

sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d www.example.com

This ideal setup includes force HTTPS 301 redirects, a Strict-Transport-Security header, and OCSP Stapling. Just make sure to adjust the e-mail and domain name to your requirements.

Now your URL will be HTTPS://www.example.com instead of HTTP://www.example.com.

If you use the old HTTP URL, it will automatically redirect to HTTPS.

Comments and Conclusion

In the tutorial, you have learned how to install the LAMP stack on Debian 11 Bullseye using the latest packages available.

LAMP is still one of the better options and considered an easier learning curve than Nginx, along with the ability to add more features and modules without having to compile and install as much as you need to with Nginx makes it possible a favorite amongst most.

Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments
adplus-dvertising
0
Would love your thoughts, please comment.x
()
x