Install LAMP Stack on Rocky Linux 8

LAMP is a collection of open-source software commonly used to serve web applications that have been around since the late 1990s. LAMP is an acronym that stands for Linux, Apache, MySQL/MariaDB, and PHP and provides the components needed to host and manage web content and is still arguably the most utilized stack deployment for developers and web applications today.

In the following tutorial, you will learn how to install the LAMP stack (Apache, MariaDB/MySQL, PHP) on Rocky Linux 8 Workstation or Server.

Prerequisites

  • Recommended OS: Rocky Linux 8.xx.
  • User account: A user account with sudo or root access.
  • Internet Access

For desktop users, the tutorial will utilize the terminal for the installation found in Activities > Show Applications > Terminal.

Example:

Install LAMP Stack on Rocky Linux 8

Update Operating System

Update your Rocky Linux operating system to make sure all existing packages are up to date:

sudo dnf upgrade --refresh -y

The tutorial will be using the sudo command and assuming you have sudo status.

To verify sudo status on your account:

sudo whoami

Example output showing sudo status:

[joshua@rockylinux ~]$ sudo whoami
root

To set up an existing or new sudo account, visit our tutorial on How to Add a User to Sudoers on Rocky Linux.

To use the root account, use the following command with the root password to log in.

su

Install Apache (HTTPD) – (LAMP Stack)

To kickstart the LAMP stack installation, you will need to install the Apache 2 (HTTPD) webserver. By default, this is featured on the Rocky Linux App stream.

To begin the Apache installation, use the following command.

sudo dnf install httpd

Example output:

Install LAMP Stack on Rocky Linux 8

Type Y, then press the ENTER KEY to proceed.

Once installed, you will need to enable the application service using the following command.

sudo systemctl enable httpd --now

Lastly, check that the service is active with no errors.

sudo systemctl status httpd

Example output:

Install LAMP Stack on Rocky Linux 8

Another way to confirm that everything is in working order is to visit the test landing page. Use the server’s internal, external, or domain name in your browser, depending on the existing setup.

http://server-IP
OR
http://domain.com

Example output:

Configure HTTPD with FirewallD

When installing HTTPD, the application does not automatically add firewall rules to the standard port 80 or 443. Before you continue, you should set the following rules, this will depend on what ports you will use, but all options are listed.

Open port 80 or HTTP:

sudo firewall-cmd --permanent --zone=public --add-service=http

Open port 443 or HTTPS:

sudo firewall-cmd --permanent --zone=public --add-service=https

Reload firewall to make changes into effect

sudo firewall-cmd --reload

Install MYSQL or MariaDB – (LAMP Stack)

The next part of the installation is to install the database side. MySQL is most commonly associated with the LAMP stack, but you can install MariaDB as well, and the tutorial will cover both.

The first option is to install MariaDB, and this is typically recommended given it is open source and will remain so along with better performance benefits. Also, the team behind MySQL is mostly behind MariaDB, given the Oracle take over so you can assure the compatibility is essentially the same.

By default, MariaDB 10.3 will be installed. However, this is now aging, given 10.5 is considered the old stable, so it is recommended to change to this version on fresh installs while keeping the principle of stability of Rocky Linux.

At the time of this tutorial, MariaDB 10.6 is considered stable, and MariaDB 10.7 has also been released.

First, enable MariaDB 10.5.

sudo dnf module enable mariadb:10.5 -y

First, in your terminal, use the following command to install MariaDB.

sudo dnf install mariadb-server mariadb

Example output:

Install LAMP Stack on Rocky Linux 8

Type Y, then press the ENTER KEY to proceed.

Once installed, verify the version to ensure the installation was successful.

mariadb --version

Example output:

mariadb  Ver 15.1 Distrib 10.5.9-MariaDB, for Linux (x86_64) using  EditLine wrapper

Next, enable the MariaDB service.

sudo systemctl enable mariadb --now

Verify the service is active with no errors using the systemctl command again.

systemctl status mariadb

Example output:

Install LAMP Stack on Rocky Linux 8

Other standard system commands you may need to get familiar with are as follows.

sudo systemctl start mariadb

To stop MariaDB:

sudo systemctl stop mariadb

To enable MariaDB on system startup:

sudo systemctl enable mariadb

To disable MariaDB on system startup:

sudo systemctl disable mariadb

To restart the MariaDB service:

sudo systemctl restart mariadb

Before you continue further, you will need to run the post-installation security script, and this should be run to secure your database.

When installing MariaDB fresh, default settings are considered weak by most standards and cause concern for potentially allowing intrusion or exploiting hackers. A solution is to run the installation security script with the MariaDB installation.

First, use the following command to launch the (mysql_secure_installation):

sudo mariadb-secure-installation

Next, follow below:

  • Setting the password for root accounts.
  • Removing root accounts that are accessible from outside the local host.
  • Removing anonymous-user accounts.
  • Removing the test database, which by default can be accessed by anonymous users.

Note you use (Y) to remove everything.

Example:

[joshua@rockylinux-8 ~]$ sudo mariadb-secure-installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] Y <---- Type Y then press the ENTER KEY.
Enabled successfully!
Reloading privilege tables..
 ... Success!


You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] Y <---- Type Y then press the ENTER KEY.
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y <---- Type Y then press the ENTER KEY.
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Option 2 – Install MySQL

The App stream only at the time of this tutorial supports MySQL 8 unless you import a newer version from the community edition.

First, in your terminal, use the following command to install MariaDB.

sudo dnf install mysql-server mysql

Example output:

Install LAMP Stack on Rocky Linux 8

Type Y, then press the ENTER KEY to proceed.

Once installed, verify the version to ensure the installation was successful.

mysql --version

Example output:

mysql  Ver 8.0.26 for Linux on x86_64 (Source distribution)

Next, enable the MariaDB service.

sudo systemctl enable mysqld --now

Verify the service is active with no errors using the systemctl command again.

systemctl status mysqld

Example output:

Install LAMP Stack on Rocky Linux 8

Other standard system commands you may need to get familiar with are as follows.

To stop the MySQL service:

sudo systemctl stop mysqld

To start the MySQL service:

sudo systemctl start mysqld

To disable the MySQL service at system startup:

sudo systemctl disable mysqld

To activate the MySQL service at system startup:

sudo systemctl enable mysqld

To restart the MySQL service:

sudo systemctl restart mysqld

Before you continue further, you will need to run the post-installation security script, and this should be run to secure your database.

You will be prompted for your root password, and then you will see a question about VALIDATE PASSWORD COMPONENT; this involves defining password complexity checks; for the most part, the default is correct.

Then follow below:

  • Setting the password for root accounts.
  • Setting the password for the accounts.
  • Removal of root accounts accessible from outside the local host.
  • Removal of anonymous user accounts.
  • Removal of the test database, accessible by default to anonymous users.

Be careful; you use (Y) to delete everything. In addition, if you wish, you can reset your root password by creating a new one; you can ignore it if you want, as you already set it during the initial installation with the pop-ups.

Example:

[joshua@rockylinux-8 ~]$ mysql_secure_installation

Securing the MySQL server deployment.

Enter password for user root: 

The existing password for the user account root has expired. Please set a new password.

New password: <---- SET NEW PASSWORD

Re-enter new password: <---- RE-ENTER NEW PASSWORD

Re-enter new password: 
The 'validate_password' component is installed on the server.
The subsequent steps will run with the existing configuration
of the component.
Using existing password for root.

Estimated strength of the password: 100 
Change the password for root ? ((Press y|Y for Yes, any other key for No) : Y <---- Type Y then press the ENTER KEY (SKIP IF YOU ALREADY JUST SET)

New password: 

Re-enter new password: 

Estimated strength of the password: 100 
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : Y <---- Type Y then press the ENTER KEY.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y <---- Type Y then press the ENTER KEY.
Success.


Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y <---- Type Y then press the ENTER KEY.
Success.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y <---- Type Y then press the ENTER KEY.
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y <---- Type Y then press the ENTER KEY.
Success.

All done!

Install PHP (HTTPD) – (LAMP Stack)

The last part of the tutorial will be to install the PHP side that communicates between your front end and back end.

First, by default, PHP 7.2 is the default version. This should be changed to PHP 7.4, which is still considered the old stable. PHP 7.4 comes with lots of performance improvements, not as much as PHP 8.0 but still keeping the stability aspect of Rocky Linux first.

To enable PHP 7.4, use the following command.

sudo dnf module enable php:7.4 -y

To install the PHP module, enter the following command.

sudo dnf install php php-curl php-zip php-opcache php-mysqlnd

Example output:

Install LAMP Stack on Rocky Linux 8

Type Y, then press the ENTER KEY to proceed.

Once PHP is installed, all you need to do to activate the service is restart HTTPD.

sudo systemctl restart httpd

Create a PHP Information Test Page

The best way to test if PHP has been installed, along with the modules and information about sizes and settings, is to create a PHP test page. This is handy but can be a security risk, so you will need to delete it often after using it or make sure it is locked and secure from outside viewing.

In your HTTP directory, create a test page using any text editor.

sudo nano /var/www/html/info.php

Next, add the following.

<?php

phpinfo();

?>

For people using nano as per the tutorial command, use CTRL+O to save the file and CTRL+X to exit.

Next, enter the internal, external, or domain name in your browser address bar to view the page.

http://server-IP
OR
http://domain.com

Now you will arrive at your PHP information page. Depending on how many modules you install, this can be pretty detailed.

Example:

Install LAMP Stack on Rocky Linux 8

This information shows PHP scripts can run properly with the Apache (HTTPD) webserver.

For security purposes, you should remove the file. To do this, use the following command:

sudo rm -f /var/www/html/info.php

Optional – Secure Apache with Let’s Encrypt SSL Free Certificate

Ideally, you would want to run your HTTPD on HTTPS using an SSL certificate. The best way to do this is to use Let’s Encrypt, a free, automated, and open certificate authority run by the nonprofit Internet Security Research Group (ISRG).

First, install the EPEL repository and the mod_ssl package for better-updated packages and security.

sudo dnf install epel-release mod_ssl -y

Next, install the certbot package as follows:

sudo dnf install python3-certbot-apache -y

Once installed, run the following command to start the creation of your certificate:

sudo certbot --apache --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d www.example.com

This ideal setup includes force HTTPS 301 redirects, a Strict-Transport-Security header, and OCSP Stapling. Just make sure to adjust the e-mail and domain name to your requirements.

Now your URL will be https://www.example.com instead of HTTP://www.example.com.

Note if you use the old HTTP URL, it will automatically redirect to HTTPS.

Optionally, you can set a cron job to renew the certificates automatically. Certbot offers a script that does this automatically, and you can first test to make sure everything is working by performing a dry run.

sudo certbot renew --dry-run

If everything is working, open your crontab window using the following terminal command.

sudo crontab -e

By default, cron should be installed on systems. If not to install it, use the following command.

sudo dnf install cronie -y

Open the crontab with the following command.

sudo crontab -e

Next, specify the time when it should auto-renew. This should be checked daily at a minimum, and if the certificate needs to be renewed, the script will not update the certificate. If you need help finding a good time to set, use the crontab.guru free tool.

00 00 */1 * * /usr/sbin/certbot-auto renew

Now save the file by pressing (SHIFT) and (:) then typing (wa), which saves the file, then exit with the same method using (qa).

You should see the following output in the terminal to see if adding the new task was successful.

crontab: installing new crontab

Comments and Conclusion

In the tutorial, you have learned how to install the LAMP stack on Rocky Linux 8 with various options and changes such as installing MySQL or MariaDB along with changing versions of certain packages.

LAMP is still one of the better options and is considered an easier learning curve than Nginx. The ability to add more features and modules without compiling and installing as much as you need to with Nginx makes it possible a favorite amongst most for a primary web server for a website.



Follow LinuxCapable.com!

Like to get automatic updates? Follow us on one of our social media accounts!