Wednesday, March 25, 2020

Create a LAMP(Linux, Apache, MySQL & PHP) stack with Wordpress

In this example I create a LAMP stack and add Wordpress along with Node.js for additional customization later on. The LAMP stack includes Linux, Apache, MySQL and PHP. Once that is setup I loaded Wordpress which is equipped with PHP to run scripts and interact with an SQL database to store and retrieve data The Apache backend is the most efficient for serving SQL content so that is why this stack is so powerful is that we have 4 major elements which are each the best for their own assigned specific tasks.

 I am creating this in the cloud on a droplet using DigitalOcean. From my fresh server I started with updating Ubuntu and then connected to the command line interface through SSH on my work machine. From the command line I installed Apache and configured the firewall to initially accept HTTP and HTTPS traffic. Later I will add an SSL certificate and make sure all HTTP requests are upgraded to HTTPS for security.

Apache2 on Ubuntu up and running
Here I have now confirmed that my Apache server is up and running on my virtual machine loaded up with Ubuntu in the cloud. Next I will include the MySQL server. The main steps are that I create a 'wordpress' database, a 'wordpress user' and assign a password to that user as well as assign appropriate read/write access. Initially root uses the 'auth_socket' to authenticate but I add in a strong password before connecting everything. 

mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;
+------------------+-------------------------------------------+-----------------------+-----------+
| user             | authentication_string                     | plugin                | host      |
+------------------+-------------------------------------------+-----------------------+-----------+
| root                                                       | auth_socket           | localhost |
| mysql.session    | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| mysql.sys        | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| debian-sys-maint | *BF4801BAF768EFD5C026C28EF9EAC1F56A063511 | mysql_native_password | localhost |
+------------------+-------------------------------------------+-----------------------+-----------+
HERE I HAVE THE INTIAL AUTHENTICATION METHODS. NOTE THAT ROOT BEGINS WITHOUT A PASSWORD AND STARTS WITH AUTH_SOCKET. 


I at this point have most of the 3/4 of the LAMP stack setup. I now need to include PHP and configure the server files accordingly. In the mod_dir file I make sure to include index.php at the front of the module Directory Index so that the server brings up index.php before index.html. I at this point restart the Apache server and check the status before continuing to make sure the configurations are correct.

root@ubuntu-lamp-1:~# sudo systemctl restart apache2
root@ubuntu-lamp-1:~# sudo systemctl status apache2
 apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
  Drop-In: /lib/systemd/system/apache2.service.d
           └─apache2-systemd.conf
   Active: active (running) since Tue 2020-03-24 18:18:40 UTC; 6s ago
  Process: 21869 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
  Process: 21874 ExecStart=/usr/sbin/apachectl start (code=exited, status=0/SUCCESS)
 Main PID: 21891 (apache2)
    Tasks: 6 (limit: 1152)
   CGroup: /system.slice/apache2.service
           ├─21891 /usr/sbin/apache2 -k start
           ├─21894 /usr/sbin/apache2 -k start
           ├─21895 /usr/sbin/apache2 -k start
           ├─21896 /usr/sbin/apache2 -k start
           ├─21897 /usr/sbin/apache2 -k start
           └─21901 /usr/sbin/apache2 -k start

I now did a quick check on my PHP CLI:

root@ubuntu-lamp-1:~# apt show php-cli
Package: php-cli
Version: 1:7.2+60ubuntu1
Priority: optional
Section: php
Source: php-defaults (60ubuntu1)
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Original-Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 12.3 kB
Depends: php7.2-cli
Supported: 5y
Download-Size: 3160 B
APT-Sources: http://mirrors.digitalocean.com/ubuntu bionic/main amd64 Packages
Description: command-line interpreter for the PHP scripting language (default)
 This package provides the /usr/bin/php command interpreter, useful for
 testing PHP scripts from a shell or performing general shell scripting tasks.
 .
 PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used
 open source general-purpose scripting language that is especially suited
 for web development and can be embedded into HTML.
 .
 This package is a dependency package, which depends on Ubuntu's default
 PHP version (currently 7.2).


I then created an info.php file and put it within the directory serving my webpages to see the PHP information for my server and to verify that PHP scripts are executing correctly.

PHP info page
Now I can see that PHP is running and that completes the LAMP stack initial setup. I now have a stack on my server that includes Linux, Apache, MySQL and PHP.

 Additionally here I added Wordpress. And for site security I added a self-signed SSL certificate for encrypting traffic. In one line I create a certificate: 
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout
/etc/ssl/private/apache-selfsigned.key -out
/etc/ssl/certs/apache-selfsigned.crt

The command above creates a X.509 cert that will be valid for 365 days and is 2048 bits. I used recommended settings from Cipherli.st by Remy Van Elst. And the ssl-params.conf file is the following:


Next I configured the virtual host to redirect all HTTP traffic to HTTPS. Within Apache I did this by adding in the redirect to the default.conf file I created. With a few additional commands I have now enabled my SSL Virtual Host and so my website here is only accepting secure client side connections. 

Now for WordPress I went ahead, downloaded and extracted the tar files and then added the site files to the directory where I am serving content from. Now when I load my site I am greeted by the WordPress setup page. And in just a few minutes I now have WordPress installed and am ready to create content for my WordPress site on my LAMP stack.



And finally to test that everything is working correctly I created a sample post and it works!


Great! The LAMP stack with WordPress works!














at







































No comments:















Post a Comment























        

      









Subscribe to:
Post Comments (Atom)









Automated Exploitation of a Bluetooth vulnerability that leads to 0-click code execution



This blog post covers an interesting vulnerability that was just discovered earlier this year and an open source free tool that was created ...