Tutorial: Install a LAMP server on AL2023

Connect to your instance. For more information, see Connecting to AL2023 instances.

To ensure that all of your software packages are up to date, perform a quick software update on your instance. This process might take a few minutes, but it is important to make sure that you have the latest security updates and bug fixes.

The -y option installs the updates without asking for confirmation. If you would like to examine the updates before installing, you can omit this option.

[ec2-user ~]$ sudo dnf upgrade -y

Install the latest versions of Apache web server and PHP packages for AL2023.

[ec2-user ~]$ sudo dnf install -y httpd wget php-fpm php-mysqli php-json php php-devel

Install the MariaDB software packages. Use the dnf install command to install multiple software packages and all related dependencies at the same time.

[ec2-user ~]$ sudo dnf install mariadb105-server

You can view the current versions of these packages using the following command:

[ec2-user ~]$ sudo dnf info package_name

Example:

[root@ip-172-31-25-170 ec2-user]# dnf info mariadb105
Last metadata expiration check: 0:00:16 ago on Tue Feb 14 21:35:13 2023.
Installed Packages
Name         : mariadb105
Epoch        : 3
Version      : 10.5.16
Release      : 1.amzn2023.0.6
Architecture : x86_64
Size         : 18 M
Source       : mariadb105-10.5.16-1.amzn2023.0.6.src.rpm
Repository   : @System
From repo    : amazonlinux
Summary      : A very fast and robust SQL database server
URL          : http://mariadb.org
License      : GPLv2 and LGPLv2
Description  : MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded
             : SQL database server. It is a client/server implementation consisting of
             : a server daemon (mariadbd) and many different client programs and libraries.
             : The base package contains the standard MariaDB/MySQL client programs and
             : utilities.

Start the Apache web server.

[ec2-user ~]$ sudo systemctl start httpd

Use the systemctl command to configure the Apache web server to start at each system boot.

[ec2-user ~]$ sudo systemctl enable httpd

You can verify that httpd is on by running the following command:

[ec2-user ~]$ sudo systemctl is-enabled httpd

Add a security rule to allow inbound HTTP (port 80) connections to your instance if you have not already done so. By default, a launch-wizard-N security group was created for your instance during launch. If you did not add additional security group rules, this group contains only a single rule to allow SSH connections.

1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

2. In the left navigator, choose Instances, and select your instance.

3. On the Security tab, view the inbound rules. You should see the following rule:

   Port range   Protocol     Source
   22           tcp          0.0.0.0/0

   Warning

   Using 0.0.0.0/0 allows all IPv4 addresses to access your instance using SSH. This is acceptable for a short time in a test environment, but it's unsafe for production environments. In production, you authorize only a specific IP address or range of addresses to access your instance.

4. If there is no inbound rule to allow HTTP (port 80) connections, you must the add rule now. Choose the link for the security group. Using the procedures in see Authorize inbound traffic for your Linux instances, add a new inbound security rule with the following values:

   • Type: HTTP

   • Protocol: TCP

   • Port Range: 80

   • Source: Custom

Test your web server. In a web browser, type the public DNS address (or the public IP address) of your instance. If there is no content in /var/www/html, you should see the Apache test page, which will display the message "It works!".

You can get the public DNS for your instance using the Amazon EC2 console (check the Public IPv4 DNS column; if this column is hidden, choose Preferences (the gear-shaped icon) and toggle on Public IPv4 DNS).

Verify that the security group for the instance contains a rule to allow HTTP traffic on port 80. For more information, see Add rules to security group.

Add your user (in this case, ec2-user) to the apache group.

[ec2-user ~]$ sudo usermod -a -G apache ec2-user

Log out and then log back in again to pick up the new group, and then verify your membership.

1. Log out (use the exit command or close the terminal window):

   [ec2-user ~]$ exit

2. To verify your membership in the apache group, reconnect to your instance, and then run the following command:

   [ec2-user ~]$ groups
   ec2-user adm wheel apache systemd-journal

Change the group ownership of /var/www and its contents to the apache group.

[ec2-user ~]$ sudo chown -R ec2-user:apache /var/www

To add group write permissions and to set the group ID on future subdirectories, change the directory permissions of /var/www and its subdirectories.

[ec2-user ~]$ sudo chmod 2775 /var/www && find /var/www -type d -exec sudo chmod 2775 {} \;

To add group write permissions, recursively change the file permissions of /var/www and its subdirectories:

[ec2-user ~]$ find /var/www -type f -exec sudo chmod 0664 {} \;

Create a PHP file in the Apache document root.

[ec2-user ~]$ echo "<?php phpinfo(); ?>" > /var/www/html/phpinfo.php

If you get a "Permission denied" error when trying to run this command, try logging out and logging back in again to pick up the proper group permissions that you configured in To set file permissions.

In a web browser, type the URL of the file that you just created. This URL is the public DNS address of your instance followed by a forward slash and the file name. For example:

http://my.public.dns.amazonaws.com/phpinfo.php

You should see the PHP information page:

If you do not see this page, verify that the /var/www/html/phpinfo.php file was created properly in the previous step. You can also verify that all of the required packages were installed with the following command.

[ec2-user ~]$ sudo dnf list installed httpd mariadb-server php-mysqlnd

If any of the required packages are not listed in your output, install them with the sudo yum install package command.

Delete the phpinfo.php file. Although this can be useful information, it should not be broadcast to the internet for security reasons.

[ec2-user ~]$ rm /var/www/html/phpinfo.php

Start the MariaDB server.

[ec2-user ~]$ sudo systemctl start mariadb

Run mysql_secure_installation.

[ec2-user ~]$ sudo mysql_secure_installation

1. When prompted, type a password for the root account.

   1. Type the current root password. By default, the root account does not have a password set. Press Enter.

   2. Type Y to set a password, and type a secure password twice. For more information about creating a secure password, see https://identitysafe.norton.com/password-generator/. Make sure to store this password in a safe place.

      Setting a root password for MariaDB is only the most basic measure for securing your database. When you build or install a database-driven application, you typically create a database service user for that application and avoid using the root account for anything but database administration.

2. Type Y to remove the anonymous user accounts.

3. Type Y to disable the remote root login.

4. Type Y to remove the test database.

5. Type Y to reload the privilege tables and save your changes.

(Optional) If you do not plan to use the MariaDB server right away, stop it. You can restart it when you need it again.

[ec2-user ~]$ sudo systemctl stop mariadb

(Optional) If you want the MariaDB server to start at every boot, type the following command.

[ec2-user ~]$ sudo systemctl enable mariadb

Install the required dependencies.

[ec2-user ~]$ sudo dnf install php-mbstring php-xml -y

Restart Apache.

[ec2-user ~]$ sudo systemctl restart httpd

Restart php-fpm.

[ec2-user ~]$ sudo systemctl restart php-fpm

Navigate to the Apache document root at /var/www/html.

[ec2-user ~]$ cd /var/www/html

Select a source package for the latest phpMyAdmin release from https://www.phpmyadmin.net/downloads. To download the file directly to your instance, copy the link and paste it into a wget command, as in this example:

[ec2-user html]$ wget https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-all-languages.tar.gz

Create a phpMyAdmin folder and extract the package into it with the following command.

[ec2-user html]$ mkdir phpMyAdmin && tar -xvzf phpMyAdmin-latest-all-languages.tar.gz -C phpMyAdmin --strip-components 1

Delete the phpMyAdmin-latest-all-languages.tar.gz tarball.

[ec2-user html]$ rm phpMyAdmin-latest-all-languages.tar.gz

(Optional) If the MySQL server is not running, start it now.

[ec2-user ~]$ sudo systemctl start mariadb

In a web browser, type the URL of your phpMyAdmin installation. This URL is the public DNS address (or the public IP address) of your instance followed by a forward slash and the name of your installation directory. For example:

http://my.public.dns.amazonaws.com/phpMyAdmin

You should see the phpMyAdmin login page:

Log in to your phpMyAdmin installation with the root user name and the MySQL root password you created earlier.

Your installation must still be configured before you put it into service. We suggest that you begin by manually creating the configuration file, as follows:

1. To start with a minimal configuration file, use your favorite text editor to create a new file, and then copy the contents of config.sample.inc.php into it.

2. Save the file as config.inc.php in the phpMyAdmin directory that contains index.php.

3. Refer to post-file creation instructions in the Using the Setup script section of the phpMyAdmin installation instructions for any additional setup.

For information about using phpMyAdmin, see the phpMyAdmin User Guide.