All great websites have a great server behind them. In this tutorial, I’ll show you how to set up a dedicated web server (with Apache, MySQL, and PHP) using that old computer you have lying around the house and some free software.
A Quick Overview
In this tutorial, we are aiming to accomplish several things:
- We’re going to install the Ubuntu Server operating system. I commonly use Ubuntu because of its ease of use and
simple administration. It also has a rather large and extremely active community behind it, which makes getting
support a breeze. - We’re going to install an OpenSSH server. This allows you to administer your server from remote computers.
- A LAMP (Linux, Apache, MySQL, and PHP) stack is going to be installed. This provides the backbone that will run
your web site. Apache is the industry standard web server on Unix-based operating systems; it’s what most web hosts
use (NETTUTS is using it right now!) and it’s what we’re going to use. - We’re going to install a firewall to protect your server from unauthorized access.
In order to follow this tutorial, you’re going to need a few items:
- A computer to use as your server. It doesn’t need to be powerful; as long as it’s not ancient, it’ll work fine. Please
don’t do this on your desktop PC; Ubuntu will completely wipe your computer. - A CD burner and a blank CD. These are so that you can burn Ubuntu to a disk in order to install it.
- Time. Seriously, this process is time-consuming, especially if you run into problems. Try to set aside an afternoon
to follow this tutorial.
You may be asking why you’d want to have your own web server. There are several reasons, a few of them being: you can have your own testing
ground for your websites; with a little modification, you could host your own site; and, you will learn a lot about Linux/Unix as you go.
With that said, let’s get started!
Download Ubuntu Server
First and foremost, we’re going to need a CD with Ubuntu on it. Point your web browser to http://www.ubuntu.com/,
and click download from the menu to the left. You will now be presented with a box with two tabs: “Desktop Edition” and
“Server Edition”. Click the “Server Edition” tab, and select “Ubuntu 8.04 LTS”. Next, select a download location from the
drop-down box. Finally, hit the “Begin Download” button.
Now you need to burn the ISO (the file that you downloaded) to a blank CD. If you don’t know how to do this, there is an
excellent guide at https://help.ubuntu.com/community/BurningIsoHowto
Install Ubuntu Server
Now that you’ve downloaded and burned the ISO, let’s get Ubuntu installed on your server. Put the disk in the drive, and boot from the CD. In most modern computers, this will happen by default if a disk is in the drive when you turn it on. If it doesn’t, then you need to press a key on your keyboard right when you turn it on. For my laptop, it’s F12, and for my server, it’s F2. It just depends on your computer. You can find it by looking at the text on your screen right when you turn the computer on, during the BIOS. You’ll see something like “Press [KEY] to change boot order”. Press that key, and select your CD drive.
Still with me? Good. Now that you’ve booted up Ubuntu, you should see the following screen:
Select your language, and hit enter. Now you’ll see this screen:
Select “Install Ubuntu Server”, and away we go!
The installer will now ask you if you want it to detect your keyboard layout. Personally, I always choose no, because
it’s faster to select a standard american keyboard from the list than to have the installer detect it. Either option is fine,
just follow the on-screen instructions.
After you’ve done that, you’ll now see a bunch of loading screens saying things like “Detecting CD-ROM drives” and such.
These should pass quickly and without problems. However, during these screens, the installer will try to auto-configure your
network settings. For most cases, this will work without complaint. However, if it doesn’t work for you, just follow the
on-screen instructions to get it working.
After it’s done with all of that, it will ask you for a host name. You can usually set this to anything; I always set
mine to “web-server”.
The system will now want you to set the time zone for your clock. For me, it’s Pacific. Choose the one that applies to
you.
Now, the system will detect more hardware, and you’ll be prompted to “partion the disk(s)”. Select “Guided – use entire
disk”.
You will now need to select the disk you wish to partition. For most setups, only one disk will be available; however,
for more specialized systems, more options will be available here. Choose the one that applies to you.
It will ask you if you want to write the changes to the disk. Select “Yes” and hit enter. The installer will now proceed
to format the drive and set up the partitions.
Now the magic happens. The system will begin to install. While this happens, go get a cup of coffee. This can take anywhere
from 10 minutes to an hour. It just depends on your system. There might be times that it seems like it’s frozen; don’t worry,
it isn’t. Just let it do it’s thing. However, if it’s stuck on one thing for upwards of an hour, then yes, it is frozen.
Now that the system is installed, it needs to set up the account you are going to login with. First, give it your full
name and hit “Continue”.
Now give it your username. It will normally just set it as your first name,
but you can change it. One name you may not use is “root”.
You will now be asked to provide a password. It is ESSENTIAL that you choose a strong password, or your server will not
be secure at all. I recommend at LEAST a mixture of numbers, lowercase letters, and uppercase letters. However, for my servers
I use symbols, as well as a mixture of the above. DO NOT use a password shorter than 7 characters.
Then, re-enter your password to verify that you typed it correctly.
The system will now attempt to configure the “Package Manager” (we’ll get to what that is shortly). Provide it with your
proxy information, or leave it blank if you don’t use a proxy, and select “Continue”.
The system will now scan several servers looking for updates and configuration settings.
After that has completed, you will be presented with several options to install server software. Now, listen VERY carefully.
Select OpenSSH server, and press SPACE, NOT ENTER. If you hit enter, the install will proceed without installing the OpenSSH server.
You could install “LAMP server” as well, but I have no experience with this option, so we’re going to install it all with a different
command later on.
The system will now install your selected software, as well as other system components.
Finally, the install will finish. Remove the CD, and hit enter. The computer will reboot. If all goes well, you will be
presented with a screen that looks similar to the following:
Congratulations! You’ve just finished the hardest part. Ubuntu is now installed, and it is time to turn this computer into
a web server.
Update Your New Server
Before we go any further, we need to make sure your server is up-to-date. To do this, you need to login. First, type your username
(the one you chose earlier), press enter, and then type your password. As you’re typing your password, you’ll notice that nothing
seems to be happening. Don’t worry, that’s the way it was designed to work. After you’ve finished typing your password, hit enter,
and your screen should look similar to the one below if all went well:
Now, type:
sudo aptitude update && sudo aptitude dist-upgrade
It will ask you for you password, and again, you won’t see anything as you’re typing it. After you’ve done that, it will ask you if
you want to continue. Type “y” and press enter. Your screen will look similar to the following:
Your system will now download and install all the latest updates. This will take a while depending on your internet connection. After
it has finished, your computer will need to be rebooted. To do this, type:
sudo shutdown -r now
And let it reboot. Your server is now completely updated.
A Quick Note About “Sudo”
By now, you may have noticed that all of the commands you have typed have started with “sudo”. This is because they require
administrator privileges, and that’s what “sudo” does. It runs the command (i.e. “shutdown”) as an administrator, allowing it to work
properly. This is also why it asks you for your password. However, after you have typed “sudo” once and entered your password,
you do not have to enter your password again for five minutes. Not all commands require sudo, only ones that modify parts of the system.
Got all of that? Good.
Install Apache, MySQL, and PHP
It is now time to install some programs. In order to access your sites from the internet, we’re going to need to install a web server (Apache). In additon to the web server, we’ll
also want a database server (MySQL) and a server-side language (PHP) so that we can run popular applications such as WordPress. So,
let’s get to it!
Installing programs on Ubuntu is a lot different than installing programs on Windows or
OS X, in that Ubuntu will download and install the programs for you with a simple command. This is because Ubuntu has something called
a Package Manager, which manages nearly all the programs on your system. All we have to do is tell the package manager
(called “aptitude”) that we want it to install Apache, MySQL, and PHP. To do this, type the following command:
sudo aptitude install apache2 php5-mysql libapache2-mod-php5 mysql-server
And press enter. Aptitude will download and install of the programs you specified. It will also download and install any
dependencies.
During the install process, MySQL will ask you for a root password. You can set this to anything, just be sure you make it long and secure.
Whatever you do, DO NOT leave this blank.
After that has all finished, you now have a fully working web server. To test it out, first find your server’s IP by typing:
ifconfig | grep inet
It’s usually the first IP returned. In my case, it’s 192.168.177.129. Now that you know the IP, open your web browser and point it
to your server IP. If you see the “It works!” message, then congratulations, it works.
However, we’re not done yet. We don’t want Apache or PHP to disclose any information about themselves, as this information is not needed
by your users and could pose a security risk. First, back up the original Apache configuration file:
sudo cp /etc/apache2/apache2.conf /etc/apache2/apache2.conf.bak
Now open the configuration file:
sudo nano /etc/apache2/apache2.conf
Scroll down (down arrow) to where it says “ServerTokens Full” and change it to read “ServerTokens Prod”
Now, scroll down a little further and change “ServerSignature On” to “ServerSignature Off”
Finally, press Control-O followed by Control-X. That will save the file and exit the text editor.
Now, we need to do the same thing for PHP. First, back up the original PHP configuration file:
sudo cp /etc/php5/apache2/php.ini /etc/php5/apache2/php.ini.bak
Open the configuration file:
sudo nano /etc/php5/apache2/php.ini
Change “expose_php = On” to “expose_php = Off”
Again, press Control-O followed by Control-X. Now that the configuration files are updated, restart Apache:
sudo /etc/init.d/apache2 restart
You are done setting up Apache, MySQL, and PHP.
Install a Firewall
We now are going to lock down our server a bit more by installing Shorewall, a command-line firewall. To install it:
sudo aptitude install shorewall
By default, Shorewall is installed with no rules, allowing complete access. However, this is not the behavior we want.
Instead, we’re going to block all connections to anything other than port 80 (HTTP) and port 22 (SSH). First, copy the configuration
files to the Shorewall directory:
sudo cp /usr/share/doc/shorewall-common/examples/one-interface/* /etc/shorewall/
Now, open the “rules” file:
sudo nano /etc/shorewall/rules
Add these lines above where it says “#LAST LINE”
HTTP/ACCEPT net $FW SSH/ACCEPT net $FW
Then press Control-O and Control-X. Your firewall is now configured to only accept HTTP and SSH traffic. The last thing we need to
do is tell Shorewall to start on boot. So, open up the main Shorewall configuration file:
sudo nano /etc/shorewall/shorewall.conf
Scroll down to “STARTUP_ENABLED=No” and set it to “STARTUP_ENABLED=Yes”
Press Control-O and Control-X. Now, open the Shorewall default configuration file:
sudo nano /etc/default/shorewall
And change “startup=0″ to “startup=1″. Press Control-O and Control-X. Finally, start your firewall:
sudo /etc/init.d/shorewall start
Congratulations! Your firewall is now set up and protecting your server.
Add Your Website to Your Web Server
Now that you’ve got everything all set up, you’d probably like to add a website to it. By default, all of the files Apache serves
up to the internet are located at “/var/www/”. However, you cannot write to this folder. Let’s make it so you can:
sudo usermod -g www-data [YOUR USERNAME] sudo chown -R www-data:www-data /var/www sudo chmod -R 775 /var/www
What happened there was you added yourself to the “www-data” group, and made the website folder writable to the members of the “www-data”
group.
Now, you’re going to log into your server using SFTP (not to be confused with FTPS). Some clients that support SFTP are:
WinSCP (Windows, Free), FileZilla (Windows, Linux, OS X, Free),
Cyberduck (OS X, Free), and, my personal favorite, Transmit
(OS X, $30)
Connect to your server using your username and password, and, if your client supports it, a default path of “/var/www” (if it doesn’t,
simply browse to /var/www once you have logged in): (Transmit pictured)
You may now add your files to this folder (/var/www) and they will show up on your server when you browse to it with your
web browser.
Now, you may wonder why we’re using SFTP instead of FTP. Mainly, because SFTP is already built into OpenSSH (which you installed
earlier). However, it is also a lot more secure than FTP, and makes it difficult (if not impossible) for malicious users to gain access
to your login credentials.
Make Your Server Accesible to the Internet
Most modern home networks are behind a router these days. Because of this, your web server will not be visible to the internet without
a little work. As I don’t have every router available to test with, I can only give you general directions in this area.
There are two ways to open your server up to the internet: a DMZ or Port Forwarding. The main difference you’ll notice is that with a DMZ, your server uses the
firewall we installed earlier to protect itself. However, with Port Forwarding, your server will be protected by your router’s firewall.
However, before we go on, you’re going to want to give your server a static LAN address. To do that, login to your router, and look for something
along the lines of “Static IPs” or “Static Routing”. After you have given your server a static LAN address, you can do these next parts. Remember,
Google is your friend.
To port foward, there is an excellent website, PortForward.com, that, while ugly, can
help you get the job done for almost any router. The ports that you want to forward are 22 and 80.
To create a DMZ, you need to login to your router and look for something like “DMZ settings”. Once you find it, add your server to
the DMZ, and you’ll be set. Again, Google is helpful in situations like this.
Now, find your public IP, and voila! You can access your server from anywhere as long
as your IP doesn’t change.
Managing Your Server Remotely
Beside allowing you to upload files, OpenSSH allows you to login to your server from anywhere as long as you know it’s IP. For Windows, you’ll
need an SSH client. I recommend Putty. For OS X, SSH is
already installed. Simply open up Terminal, and type “ssh you@yourip“. For Putty, choose SSH, and put in your IP, username, and password
when it asks for it. You’ll notice that, once you login, it looks exactly the same as the screen on the server:
You can do anything from here that you would do actually sitting at the server. To logout from the server, simply type “exit” and hit enter.
That’s It!
You now have a completely functioning web server. It makes for a great testing ground, and would even be suitable to host websites with fairly
low traffic. There is obviously a lot left to be learned, but hopefully you have gained a little insight into how web servers work.
If you’d like to read more on the topics I covered, here are some great guides:
- Installing Software
- Setting Up Apache, MySQL, and PHP
- Shorewall Configuration Guide
- How to Port Forward
Enjoyed this Post?
Subscribe to our RSS Feed, Follow us on Twitter or simply recommend us to friends and colleagues!
By Alex Villmann
Premium Members
Source Files, Bonus Tutorials & More for all relevant Tuts+ sites in one subscription. Join Now
Related Posts
Premium Membership
Source Files, Bonus Tutorials & More for all relevant Tuts+ sites in one subscription
Breezi Comming Soon page - More
Web Basix
Just getting started? Start with our basix tutorials on the fundamentals. View All Basix Tutorials
Other Plus Sites ...
aetuts+ audiotuts+ vectortuts+ tuts+ phototuts+ cgtuts+ nettuts+ psdtuts+ activetuts+Create a Tutorial, Get Paid!
Have something to teach the world? Want to earn money doing it? Tutorials, screencasts, and articles published here on Nettuts+ are largely contributed by readers just like you! We'll pay you great money for good content. Find Out More
I don’t know if you could help but I would really like help setting up a server with ubuntu. If anyone has any ideas or links to instructions it would help a TON!!!
Hey, really cool guide! Thanks!
However I’d like to make a small remark regarding uploading your website files into the ‘www’ folder…
you said in the guide that we should give the folder ‘www’ the following permission: “sudo chmod -R 775 /var/www”
well, when I use that configuration, I get an error message in my ftp client every time I want to upload a file (I use FileZilla, for Windows)… it goes something like “Permission denied: you don’t have write permissions” or something like that.
The thing is, if I set the folder permissions to “sudo chmod -R 777 /var/www” it works just fine.
I don’t know a lot about permissions or setting up servers, so I don’t know if giving this kind of permissions (I mean, 777) to a user could pose a security threat in the future, or something like that, so I would like to know if someone has a better (or safer) idea to make this work….
Anyway, excelent guide!
Thank you!
What a wealth of knowledge /virtual/dedicated server tid bit’s
Thank you very much. best artical I have ever seen
Great tut, took me about 5hrs to setup in VMware.
My keyboard not responding at web-server:
login Login name is ok but when i start to write pass my keyboard not work only enter work , what can I do ?
sorry for my bad English
Linux(Ubuntu) doesn’t show what you type when you type your password in command line. It’s accepting/processing everything you type, it’s just not echoing it. Just type it like you normally would and hit enter.
can i do this with Virtual PC? or some programa?
Btw, nice jog, i feel i like it.
thank!
Cant get shorewall to start. Anyone else having this problem? I couldnt install shorewall the way it was listed in the tut because it was tellng me it doesnt exist. Reading through the comments I found shorewall-common which installed fine. Now im at the command to start up shorewall and its telling me to check
/var/log/shorewall-common-init.log
when i look into that file it is telling me there isnt a compiler for shorewall. I dont even know what that means. If anyone could point me in a direction, or give me a thread to pull on this Id appreciate it. The problem with not knowing anything that Im doing is that I dont know where to start to look.
Thanks.
I think I fixed the issue we were experiencing. See comments
Hi. I am having exactly the same promblem as Zac Ball. I also could not install shorewall the way the tutorial said and had to find the comment that suggested shorewall-common.
When running the command:
sudo /etc/init.d/shorewall start
I get the error:
Starting “Shorewall firewall”: not done (check /var/log/shorewall-init.log).
Has anyone got any ideas or suggestions? Any help would be greatly appreciated.
Thanks!
I seem to have fixed the problem. I found the comment suggesting installing shorewall-shell and shorewall-perl in addition to shorewall-common. After doing this i attempted ruuning the command:
sudo /etc/init.d/shorewall start
THis time it worked. Excellent.
I am now experiencing a problem of a differnet nature, however. When I connect to my server over SFTP I cannot see a /var/www folder. Is anyone else having the same problem?
Thanks
Koooool !!!
I have a problem, I set up the server (9.10) in VirtualBox, but can’t figure how to forward ports, any ideas?
i have been looking for something like this for soooo long
thank you very much!!
I went to the Ubuntu website and it looked like the download for the server software was listed as 64 bit I sure this machine is 32 bit does the server software has a 32 bit download or are both versions in the one download
Thanks
great tut.
lots of questions here regarding things that should perhaps be googled.
port forwarding: you’re using a router, either wireless or wired. it has it’s own IP. a lot are 192.168.1.100 or whatever. you can type ifconfig and it will tell you something similar to that IP address. type it into an internet browser and it will bring up your router’s settings page. from there look for something called ‘virtual servers’. this can vary depending on the model of router. once in the virtual servers, you will actually be telling it the server’s IP, which you got from that ifconfig (ipconfig for windows), and then which port you want to ‘allow’. you can have as many of these entries as you want.
there’s also a setting called ‘DMZ’ that lets you put on IP outside of the router’s firewall, etc. make sure you put your server’s IP there. this let’s it talk to the world a little easier.
for people having errors when trying to read/write certain files during the setup of apache, etc. make sure you aren’t mistyping. sounds dumb, but several times i typed “apaceh” instead of “apache”. you have to double check every line you type.
another thing…make sure to read through all of these comments. some useful stuff is in here, like the issue with ServerTokens Prod_. you have to go to a different file than the tut specified.
for those that messed up the install of ubuntu server, just reinstall it. it will go faster the second time because you’ll have a bit of a better understanding. and hey, this is some major stuff you’re doing. it’s going to take time. it’s fun. enjoy it!
i think the real final part for a lot of people here is going to be getting their godaddy (or whatever registrar they used) domain to actually talk to their server. this is the part that is most difficult for me, so i have no info on it. other than ‘forward with masking’ from your domain name to your server IP. it’s in the settings on your godaddy page. you’ll see it. just look for it.
make sure though, that you have went to those router settings that i told you about earlier and put in exceptions for your server’s IP. port 80, and port 22 (to ssh outside of your network). also make sure you don’t have any other computers forwarding ports outside your router’s network. only one (1) computer can be setup for this on your router.
if anyone has any questions or wants to trade info with me, email me at ftechinc@gmail.com
i think the best advice for people is to just be patient. understand that this is a major amount of work for most people. take your time. put some love into it because once you get it done you’ll be so freaking proud and happy.
alax v is a great guy. check out his site and just see how good he is at what he does. the guy even allows you to copy aspects of his page source!
and it’s a badass page, by the way.
I have been looking for a tutorial such as this for a good little while. Hopefully this will save me some time! This is great, thanks again.
Thanks post admin.
very nice post. Thanks.
i could not find servertokens or serversignature in my apache2.conf file? i even searched for it. can someone help with this?
very nice post. Thanks
Thanks for this excellent guide. However I am stuck at the following point:
When I use this command
sudo usermod -g www-data [jeff] where jeff stands for my username. I get the line:
usermod: user [jeff] does not exist.
So can’t go forward.
Any help appreciated.
I Cannot connect to my server remotely at all
I am behind a router and i did forward the following ports (22.80). to its destination. whenever i try to connect it says “connection refused”. Is there anything i may have missed? Something else blocking the connection perhaps?
I figured out what i did wrong, at the beginning when selecting your software i didn’t select (space) openSSH, instead as warned i pressed enter not selecting openSSH… Great guide! Thanks!
Now that i re-installed it the correct way i cannot figure out how to access the mysql database remotely,