Configurations on LAMP

Submitted by doka on 2008, July 20 - 16:16

How to configure the LAMP server in a virtual machine for Drupal developments.

These are the configuration steps before Drupal install.

  • Fix IP and DNS

    • To work with NFS and web server, you'll need a fix IP and a domain name for the LAMP server. The quick-and-dirty solution is to edit some files like /etc/hosts and /etc/network/interfaces. Or you can install and config a BIND9 server for DNS and DHCP services.

    We are going to have the quick-and-dirty solution, so let's login to the LAMP server and type:
    sudo nano /etc/network/interfaces

    Change this line in the file, where eth0 can be differ in your environment:
    iface eth0 inet dhcp

    ... to these lines, but use your own IP and gateway addresses:
    iface eth0 inet static
    address 192.168.2.20
    netmask 255.255.255.0
    gateway 192.168.2.1

    I will use in the following 192.168.2.20 as the fixed IP address of the LAMP server. Save (ctrl-o), exit (ctrl-x) and restart the networking:
    sudo /etc/init.d/networking restart

    Now adjust the hosts file:
    sudo nano /etc/hosts

    Add the following line at the end:
    192.168.2.20 drupal.local drupal
    192.168.2.30 host.local

    One line refers the developer server (drupal.local), the other one is the hosts static IP address. Don't forget to use your own IP address! Save and exit.

    I will use in the following drupal.local as the basic domain name on the LAMP server. You can have so many local domain names for your development projects, as you want, you just have to update the /etc/hosts
    192.168.2.20 project1.local project1
    192.168.2.20 project2.local project2

    So from now on the LAMP server has a fix IP address, and can be found on your local network as drupal.local.

    You can check the result with ping from a terminal of an other host:
    ping drupal.local

  • SSH login

    • We are going to use the SSH protocol to login to the LAMP server. It should work out-of-the-box, but first update the etc/hosts file of your host, as well. So open a terminal from your host, and type:

    sudo nano /etc/hosts

    Add the following line at the end:
    192.168.2.20 drupal.local drupal

    Save and exit, then you can login via ssh from a terminal of your host:
    ssh user@drupal.local

    Type yes, if it complains about the unknown authenticity of the LAMP server, and type your password also.

    In best case, you are logged in, but here you are some steps for smooth usage.

    • Public key propagation

      • This optional part is to upload your public key to the LAMP. If you don't have any public key, you can skip this section, but then you have to always supply your password during SSH login. See more details at http://sial.org/howto/openssh/publickey-auth/.
      First, upload public key from host to guest. At the host's terminal:
      scp ~/.ssh/id_rsa.pub user@drupal.local:

      Next, configure the public key on the LAMP server. Login to LAMP and type:
      ssh user@drupal.local
      mkdir ~/.ssh
      cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
      chmod 600 ~/.ssh/authorized_keys
      chmod 700 ~/.ssh
      rm ~/id_rsa.pub

      Logout and close the terminal. From the next ssh login on, there is no more password needed.

    • Install SSH client on your host

      • If you need an SSH client on your host, type:
      sudo apt-get install openssh-client

  • NFS mount

    • Instead of copy or ftp the drupal source to the web directory (/var/www) of the LAMP, we are going to setup a NFS mount. So we can store and edit our source away from the LAMP, but can do real-time testing using the LAMP server.

    We assume here the source are properly exported at this point in your host (host.local), serving as an NFS server. To check it, type in a terminal of your host:
    exportfs

    How to setup an NFS server, see: http://www.howtoforge.com/perfect-nfs-on-ubuntu-8.04-amd64

    On the LAMP server, start by creating the mounting points at /var/www
    cd /var/www
    sudo mkdir drupal6
    sudo mount host.local:/home/www/projects/drupal-6.6 /var/www/drupal6

    To check the mount, switch to /var/www/drupal6 and make a directory listing by ls. You should see the content in the mounting directory

    If it's OK, then let's set up mounting also in boot time. Open the fstab file:
    sudo nano /etc/fstab

    and add one line to the end:
    host.local:/home/www/projects/drupal-6.6 /var/www/drupal6 nfs defaults 0 0

    So, that's it. We have the source code mounted into the LAMP servers web directory. To test it, type df at the LAMP servers terminal. Or go with your browser to: http://drupal.local/drupal6. It should start the drupal install procedure. But stop now here, we have some other steps ahead us.

  • Adjust the default LAMP configs

    • We have to activate the Rewrite Engine in Apache. It is needed by Drupals "Clean-URL" feature.
    sudo a2enmod rewrite

    Next, we increase the memory limit of 16 MB in PHP5,
    sudo nano /etc/php5/apache2/php.ini
    Search for memory, and set it at least to 32M.

    Don't forget to restart the webserver.
    sudo /etc/init.d/apache2 force-reload

  • Firewall

    • As the last step here, we also configure iptables, the build-in firewall of Ubuntu. You can skip this step, if you will have the LAMP server away from others.

    So, let's check what we have running now:
    sudo iptables -L

    You will see something like this:

    Chain INPUT (policy ACCEPT)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy ACCEPT)
    target prot opt source destination

    As you can see, we are accepting anything from anyone on any port and allowing anything to happen.

    To edit the firewall rules, dump the present configuration:
    sudo iptables-save > ~/iptables.up.rules

    Then open this file and replace the content by this:

    *filter

    # Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
    -A INPUT -i lo -j ACCEPT
    -A INPUT -i ! lo -d 127.0.0.0/8 -j REJECT

    # Accepts all established inbound connections
    -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

    # Allows all outbound traffic
    # You can modify this to only allow certain traffic
    -A OUTPUT -j ACCEPT

    # Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
    -A INPUT -p tcp --dport 80 -j ACCEPT
    -A INPUT -p tcp --dport 443 -j ACCEPT

    # Allows SSH connections
    -A INPUT -p tcp -m state --state NEW --dport 22 -j ACCEPT

    # Allows ping
    -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

    # Allows NFS connections
    -A INPUT -p tcp --dport 111 -j ACCEPT
    -A INPUT -p tcp --dport 2049 -j ACCEPT
    -A INPUT -p tcp --dport 32771 -j ACCEPT

    # log iptables denied calls
    -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

    # Reject all other inbound - default deny unless explicitly allowed policy
    -A INPUT -j REJECT
    -A FORWARD -j REJECT

    COMMIT

    Then load this new configuration to the firewall by:
    sudo iptables-restore < ~/iptables.up.rules

    To check it, type:
    sudo iptables -L

    If it looks good, then move the config file to its place:
    sudo mv iptables.up.rules /etc/iptables.up.roles

    To switch on these rules at boot, edit the interface file:
    sudo nano /etc/network/interfaces

    Add this line to the loopback interface:
    pre-up iptables-restore < /etc/iptables.up.rules

    It should look like this:
    # The loopback network interface
    auto lo
    iface lo inet loopback
    pre-up iptables-restore < /etc/iptables.up.rules

    Please note, this rule set is not the strongest one. We could also change the default ports, and so on. But for Drupal development, it should be enough.