Previous Next
by danduran on Development 8 min read, Comments: 0 (Add Your Comment!)

A Complete Guide for Installing and Securing LAMP Stacks on Debian 12 - Part 1

Newsletter Signup
@tutorials

Introduction

Welcome to our complete guide on installing, configuring, and securing a LAMP (Linux, Apache, MySQL, PHP) stack on Debian 12 (Bookworm). This series is designed to take you through the entire process of setting up a robust, secure, and efficient web server environment using the latest Debian release.

The guide is divided into four parts, each focusing on a crucial aspect of the setup process:

Part 1: Setting Up Debian 12 on AWS EC2 (this tutorial)

  • Creating an AWS account
  • Launching a Debian 12 EC2 instance
  • Configuring security groups
  • Allocating an Elastic IP
  • Connecting to the instance
  • Initial server setup and security measures

Go to Section 1

Part 2: Installing and Configuring LAMP Stack Components

  • Installing Apache web server
  • Setting up MariaDB (MySQL) database
  • Installing PHP and essential modules
  • Configuring Apache with PHP
  • Basic optimizations for each component

Jump to Part 2

Part 3: Implementing Advanced Security Measures

  • Installing and configuring SSL certificates with Let's Encrypt
  • Hardening Apache configurations
  • Securing PHP settings
  • Enhancing MariaDB security
  • Setting up fail2ban and modsecurity for intrusion prevention
  • Configuring and optimizing firewalls

Jump to Part 3

Part 4: Maintenance, Backups, and Performance Tuning

  • Establishing comprehensive backup routines
  • Setting up automated security updates
  • Implementing log rotation and management
  • Performance tuning for Apache, PHP, and MariaDB
  • Monitoring system health and performance
  • Best practices for ongoing maintenance

Jump to Part 4

Part 5 BONUS: Installing and Working with Docker

  • Installing Docker on Debian 12
  • Basic Docker commands and concepts
  • Creating and managing Docker containers
  • Working with Docker images
  • Setting up Docker Compose
  • Containerizing a simple web application
  • Docker networking basics
  • Docker volume management
  • Docker security best practices
  • Integrating Docker with your LAMP stack
  • Monitoring and logging Docker containers

Jump to Part 5

Setting up a Debian 12 instance on AWS EC2.

In this initial section, we'll walk you through the process of setting up a Debian 12 instance on Amazon Web Services (AWS) Elastic Compute Cloud (EC2).

This will serve as the foundation for our LAMP stack, which we'll build and secure in the subsequent parts of this series.

Prerequisites

  • An AWS account
  • Basic familiarity with AWS console
  • Understanding of basic Linux commands

Step 1: Create an AWS Account and Log In

  1. Go to https://aws.amazon.com/
  2. Click "Create an AWS Account" in the top right corner
  3. Follow the prompts, providing necessary information including email, password, and payment method
  4. Once the account is created, return to https://aws.amazon.com/
  5. Click "Sign In to the Console" in the top right corner
  6. Enter your email and password to log in

Step 2: Choose AWS Region

  1. After logging in, locate the region dropdown in the top right corner of the AWS Management Console
  2. Click the dropdown and select the region closest to you or your target audience
    Note: Choosing a nearby region can help reduce latency for your users

Step 3: Navigate to EC2 Dashboard

  1. In the AWS Management Console, click on "Services" in the top left corner
  2. In the search bar that appears, type "EC2"
  3. Click on "EC2" in the search results to open the EC2 dashboard

Step 4: Launch a Debian 12 EC2 Instance

  1. On the EC2 dashboard, click the orange "Launch instance" button
  2. In the "Name and tags" section, enter a name for your instance (e.g., "Debian12-LAMP-Server")
  3. In the "Application and OS Images" section:
  4. Click on "Quick Start"
  5. In the search bar, type "Debian"
  6. Look for "Debian 12 (Bookworm)" in the Community AMIs
  7. Ensure it says "Free tier eligible" next to it
  8. Select this AMI
  9. In the "Instance type" section:
  10. Select "t2.micro" (This should be pre-selected as it's free tier eligible)
  11. In the "Key pair (login)" section:
  12. Click "Create new key pair"
  13. Enter a name for your key pair (e.g., "Debian12-LAMP-keypair")
  14. For "Key pair type", select "RSA"
  15. For "Private key file format", select ".pem"
  16. Click "Create key pair"
  17. The key pair file will automatically download. Keep this file safe and don't lose it
  18. In the "Network settings" section:
  19. Keep "Create security group" selected
  20. Ensure "Allow SSH traffic from" is checked and set to "Anywhere"
  21. Check "Allow HTTPS traffic from the internet"
  22. Check "Allow HTTP traffic from the internet"
  23. In the "Configure storage" section:
  24. Keep the default 8 GB gp2 (SSD) root volume
  25. Review all settings, then click "Launch instance" in the right sidebar

Step 5: Allocate and Associate an Elastic IP Address

Note: Elastic IP addresses are not part of the free tier. They're free when associated with a running instance but incur a small hourly cost when not associated.

  1. In the EC2 dashboard's left sidebar, under "Network & Security", click on "Elastic IPs"
  2. Click the orange "Allocate Elastic IP address" button
  3. In the "Allocate Elastic IP address" page:
  4. For "Network border group", keep your current region selected
  5. For "Public IPv4 address pool", keep "Amazon's pool of IPv4 addresses" selected
  6. Click "Allocate"
  7. You'll see a success message. Click "Close"
  8. In the Elastic IPs list, select your newly created Elastic IP
  9. Click "Actions" at the top, then "Associate Elastic IP address"
  10. In the "Associate Elastic IP address" page:
  11. For "Resource type", select "Instance"
  12. For "Instance", select your Debian 12 instance from the dropdown
  13. For "Private IP address", keep the pre-filled address
  14. Check "Allow this Elastic IP address to be reassociated"
  15. Click "Associate"

Step 6: Connect to Your Debian 12 Instance Using Termius

  1. Download and install Termius from https://termius.com/ if you haven't already
  2. Open Termius
  3. Click on "New Host" (usually a "+" icon)
  4. In the "New Host" window, enter the following details:
  5. Label: Give your instance a name (e.g., "Debian12-LAMP-Server")
  6. Address: Enter your instance's Elastic IP (the one you just associated)
  7. Username: admin
  8. In the "Authentication" section:
  9. Click "New Key"
  10. Click "Import" and select the .pem file you downloaded when creating the key pair
  11. Give the key a name (e.g., "Debian12-LAMP-key")
  12. Click "Save" for the key
  13. Back in the "New Host" window, select the key you just imported
  14. Click "Save" to save the host configuration
  15. In the hosts list, double-click on the newly created host to connect
  16. If prompted about the authenticity of the host, click "Continue"

You should now be connected to your Debian 12 instance via SSH.

Step 7: Initial System Update

Once connected to your instance, run the following commands:

sudo apt update
sudo apt upgrade -y

This will update the package lists and upgrade all installed packages to their latest versions.

Step 8: Install ZRAM for Swap

ZRAM provides a more efficient alternative to traditional swap files. To set it up:

  1. Install zram-tools:
sudo apt install zram-tools -y
  1. The default configuration should work well for most use cases. However, if you want to adjust settings:
sudo nano /etc/default/zramswap

You can modify settings like PERCENT (percentage of RAM to use for ZRAM) or PRIORITY (swap priority).

  1. Enable and start the ZRAM service:
sudo systemctl enable zramswap
sudo systemctl start zramswap
  1. Verify ZRAM is working:
swapon -s

You should see a /dev/zram0 device listed.

Step 9: Install Basic Utilities

Install some common tools that will be useful for system management:

sudo apt update
sudo apt install htop neovim wget curl syslog-ng net-tools -y

This installs:
- htop: an interactive process viewer
- neovim: an improved version of the vim text editor
- wget: a utility for retrieving files using HTTP, HTTPS, and FTP
- curl: a tool for transferring data using various protocols
- syslog-ng: a flexible and scalable system logging application
- net-tools: includes important networking tools like netstat

Conclusion

You have now successfully:
1. Set up a free tier eligible Debian 12 instance on AWS EC2
2. Associated an Elastic IP address for consistent access
3. Connected to your instance using Termius
4. Performed initial system updates
5. Configured ZRAM for efficient memory management
6. Installed essential system utilities

You have now successfully set up a free tier eligible Debian 12 instance on AWS EC2 with an Elastic IP address, basic security measures, and system preparations. The Elastic IP ensures your instance maintains the same public IP address even after stops and starts, which is crucial for consistent access, especially for web servers. In the next part of this guide, we'll install and configure the core components of our LAMP stack.

What's Coming in Part 2

In the next part of our series, we'll dive into installing and configuring the core components of our LAMP stack:
- Apache web server
- MariaDB (MySQL) database
- PHP and essential modules

We'll also cover basic optimizations and initial security measures for each component.

Latest Comments
Sign in to add a comment

No comments yet. Be the first to comment!