To prepare a database for use with your software, follow the instructions below. You will need to provide the database credentials (name, user, and password) when installing an application, such as a CMS (e.g., WordPress or Drupal). Best Practice: Avoid using the same database for multiple applications.
How to set up a web server (LAMP) on Debian or Ubuntu
Introduction
Whether you are hosting a dynamic WordPress blog, a custom PHP application, or simply learning the ropes of server management, the LAMP stack remains the gold standard for web hosting. LAMP stands for Linux, Apache, MariaDB and PHP a powerful suite of open-source software that powers a significant portion of the internet.
By combining the stability of Debian or Ubuntu with the robustness of the Apache web server, the data management of MySQL, and the scripting power of PHP, you create a flexible and secure environment ready to handle everything from small personal projects to enterprise-level traffic. This guide will walk you through installing, configuring, and securing your own LAMP server, giving you full control over your web presence.
Requirements
- Operating System: A running instance of Debian or Ubuntu (Desktop or Server edition).
- User Privileges: A user account with
sudo(root) privileges. - Internet Access: Required to download packages from repositories.
- Command Line Interface: Access to the Terminal (Ctrl+Alt+T).
Instructions
To ensure the most stable foundation for your web server and applications, it is highly recommended to begin with a pristine environment. If your server is not currently running a fresh instance of Debian or Ubuntu, please navigate to your Control Panel to perform a reinstallation.
While the instructions below have been specifically verified for Debian 11, the shared architecture between the two systems ensures that this tutorial is equally effective for current Ubuntu distributions.
1
Updating the system
Once you’ve logged into your server using SSH, ensure that all packages are up-to-date:
BASH
sudo apt update && sudo apt upgrade -y
Now you can install the latest LAMP packages. Because software packages are updated regularly, you may need to adjust the instructions below to match the latest versions.
2
Installing Apache
Proceed to install the Apache packages along with their documentation:
BASH
sudo apt install -y apache2 apache2-doc
Verify that the installation was successful by running the following command:
BASH
sudo systemctl status apache2
Alternatively, open
http://server_IP in a web browser. The "Apache2 Debian Default Page" should appear.
3
Installing the database server and PHP
Proceed to install the packages for MariaDB and PHP:
BASH
sudo apt install -y php php-pdo php-mysql php-zip php-gd php-mbstring php-curl php-xml php-pear php-bcmath mariadb-server
4
Configuring the database server
MariaDB includes a script to help with initial configuration and apply basic security settings. Run it using the following command:
BASH
sudo mariadb-secure-installation
Confirm the initial prompt by pressing Enter, then select a method to secure access to the database server.
OUTPUT
Switch to unix_socket authentication [Y/n]
We recommend using the default authentication method (unix_socket) instead of root password access. Press y followed by Enter.(To use root access, press n and define a root password at the following prompt.)
Enter n at the next prompt:
OUTPUT
Change the root password? [Y/n]
Since the following prompts relate to security settings, confirm each one by pressing y until the script completes.
OUTPUT
Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
If you followed the recommended (unix_socket) setup, you now have automatic administrative (root) access to MariaDB whenever you are logged in as a user with (sudo) privileges.
Setting Up Your First Database and Database User (optional)
Open the MariaDB shell:
BASH
sudo mariadb
Create a database:
SQL
CREATE DATABASE database_name;
Create a "user" with a name of your choice and grant it all rights on this database. Replace
database_name, user_name, and password accordingly.
SQL
GRANT ALL ON database_name.* TO 'user_name'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
Ensure all changes are applied, and then exit the MariaDB shell using the following command:
SQL
FLUSH PRIVILEGES;
SQL
exit;
5
Configuring the firewall (optional)
Enhancing your server’s security can be achieved by configuring a firewall with iptables. This process is made easier with the Uncomplicated Firewall (UFW) and its predefined profiles. Install UFW using the following command:
BASH
sudo apt install ufw
The relevant profiles are labelled as "WWW" in the application list:
BASH
sudo ufw app list | grep WWW
WWW
WWW Cache
WWW Full
WWW Secure
By entering the following command, the ports defined by the profile "WWW Full" (port 80 and 443) will be opened:
BASH
sudo ufw allow 'WWW Full'
Important: Make sure to allow SSH connections (port 22 in a default configuration) as well:
BASH
sudo ufw allow 'SSH'
Finally, activate the firewall rules and verify the configuration:
BASH
sudo ufw enable
BASH
sudo ufw status
OUTPUT
Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), disabled (routed) New profiles: skip To Action From -- ------ ---- 80,443/tcp (WWW Full) ALLOW IN Anywhere 22/tcp (SSH) ALLOW IN Anywhere 80,443/tcp (WWW Full (v6)) ALLOW IN Anywhere (v6) 22/tcp (SSH (v6)) ALLOW IN Anywhere (v6)
6
DNS configuration (optional)
To access your web server via a domain name, you must link the domain to your service. You can do this by editing the DNS zone in your CTCservers Control Panel, provided we are your domain registrar and the domain uses our DNS servers.
Note: If the domain name is currently in use, you should only update the DNS settings after your new website or application is fully ready.
7
Enabling secure connections with Let’s Encrypt (optional)
To get a secure HTTPS connection, you need a certificate from a provider like "Let’s Encrypt" and must set up Apache using a tool like "Certbot." If you don't do this, your website can only accept unencrypted http requests.
Before you start, check your DNS settings. You need to make sure your domain name actually points to your server's IP address.
This command installs an older version of Certbot (1.12.0). It still works, but if you want the absolute latest version, you need to use the "snappy" package manager instead. You can find those instructions on the Certbot website.
Install the required packages for the Certbot client:
BASH
sudo apt install -y certbot python3-certbot-apache
Obtain the certificate for your domain name and the "www" subdomain:
BASH
sudo certbot --apache -d domainname.com -d www.domainname.com
CTCservers Recommended Tutorials
Web, Network
Step-by-Step Guide: Install AMD ROCm on Ubuntu with RX 6600 GPU
Learn how to quickly and easily set up AMD ROCm on Ubuntu for your RX 6600 GPU, enabling powerful machine learning, AI workloads, and GPU-accelerated computing right on your system.
Web, Network, Linux, Mysql, Ubuntu
LAMP Setup Guide 2026: Ubuntu & Debian | CTCservers
Install a secure LAMP stack on Debian or Ubuntu. Follow our step-by-step guide to configure Linux, Apache, MySQL, and PHP for your web server.
Web, Network, Ubuntu
Deploy Phi-3 with Ollama on Ubuntu GPU | CTCservers
Learn how to easily deploy the Phi-3 LLM on an Ubuntu 24.04 GPU server using Ollama and WebUI. Follow our step-by-step tutorial for seamless AI hosting.
Discover CTCservers Dedicated Server Locations
CTCservers servers are available around the world, providing diverse options for hosting websites. Each region offers unique advantages, making it easier to choose a location that best suits your specific hosting needs.