LoRa
Raspberry Pi LAMP Stack

Raspberry Pi LAMP Stack

The “LAMP” stack is a group of open-source software (Apache, MariaDB and PHP) that is typically installed together to enable a server to host dynamic websites and web apps. This term is actually an acronym which represents the Linux operating system, with the Apache web server. The site data is stored in a MySQL database, and dynamic content is processed by PHP or Python on Debian Linux.

LAMP to support simple web interface and restful API. This is not an in-depth step by step process. There are other sites with detailed instructions. Google  will help, these this are my notes as how I have successfully installed.

So first install the base packages;

#sudo apt install apache2 -y
#sudo apt install php -y
#sudo service apache2 restart
#sudo apt install mariadb-server php-mysql -y

Then setup MariaDB;

#sudo mysql_secure_installation

setup DB user as root can’t login root. Use admin;

sudo mysql --user=root —password
>create user admin@localhost identified by 'your_password';
>grant all privileges on *.* to admin@localhost;
>FLUSH PRIVILEGES;
>exit;

continue installing phpmyadmin to administer the database;

#sudo apt install phpmyadmin -y
#sudo phpenmod mysqli

There are comparability issues with phpmyadmin and PHP 7.2. The version in the Debian archives is not as current as it could be. Not a big concern. Google the errors returned and with a couple of quick updates it runs as expected. May need to add symbolic link to the installation in /usr/share if failing to access localhost: http://localhost/phpmyadmin.

sudo ln -s /usr/share/phpmyadmin/ /var/www/phpmyadmin. 

UPDATE : 18112021 PHP 7.4

sudo nano /etc/apache2/apache2.conf

and add

Include /etc/phpmyadmin/apache.conf

to the end of the file.

May have to add system name. Go to:

/etc/apache2/apache2.conf

and add ServerName to either localhost to resolve to 120.0.0.1 or hostname to resolve to ip address:

ServerName localhost   

Restart apache by typing into the terminal:

sudo systemctl reload apache2

Ok now setup Apache to support API.

Create .htaccess in /var/www

RewriteOptions inherit
DirectoryIndex index.php
php_flag log_errors On
php_value error_log /tmp/API.log

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule api/(.*)$ api/api.php?request=$1 [QSA,NC,L]
RewriteRule (recipe/.*) api/app.php?request=$1 [QSA,NC,L]
</IfModule>

then update 000-default.conf in /etc/apache2/sites-available with the following;

    <Directory /var/www/html>
            Options Indexes FollowSymLinks MultiViews
            AllowOverride All
            Require all granted
    </Directory>

enable mod rewrite then reload apache and away you go.

$ sudo a2enmod rewrite
$ sudo systemctl restart apache2 

Add HTTPS Support;

Generate Private Key and Certificate. We’ll use OpenSSL package (already available in Raspberry PI OS) to generate the self signed certificate. We’ll also include following options:

  • req: This subcommand enables certificate request and certificate generating utility
  • -x509: this option outputs a self signed certificate instead of an external certificate request
  • -nodes: this option requires a not encrypted private key
  • -days 356: this option sets expiration days to 365. default value is 30 days
  • -newkey rsa:2048: this option creates a new certificate request and a new private key. The argument rsa:nbits, where nbits is the number of bits, generates an RSA key nbits in size.
  • -keyout: This options set private key name (optional, using a full path you can also put key in desired folder)
  • -out: This option set certificate name (optional, using a full path you can also put certificate in desired folder)

You can use whatever certificate/key file name you want. It is important that you then refer correctly files in following configuration. From terminal:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out certificate.crt

After generating the private key, OpenSSL will ask you for some info requests. Answer according to your preferences. The most important line is “Common Name”, which will require domain name or IP address (this being my case):

Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:<ServerName>
Email Address []:

You will have now 2 files in your folder. With “cat” terminal command you can verify that certificate has first and last row indicating begin and end of certificate, with encrypted data inside these limiters:

pi@raspberrypi:~ $ cat certificate.crt
-----BEGIN CERTIFICATE-----
..... (omitted incomprensible chars) .....
-----END CERTIFICATE-----

Same for private key, which will require sudo permissions for catting text:

pi@raspberrypi:~ $ sudo cat private.key
-----BEGIN PRIVATE KEY-----
..... (omitted incompresible chars) .....
-----END PRIVATE KEY-----

Move certificate and private key in ssl folder:

sudo mv private.key /etc/ssl/private/
sudo mv certificate.crt /etc/ssl/certs/

Configure Apache to use Self Signed Certificate and Key

Edit Apache 000-default.conf, the default Apache Virtual Host file. Remember default ports (https=443, http=80). From terminal:

sudo nano /etc/apache2/sites-available/000-default.conf

You will find a pre-configured generic VirtualHost answering to port 80 (*:80). Append following code to add a new VirtualHost which will answer to all requests received on port 443 (https):

<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
        SSLCertificateFile "/etc/ssl/certs/certificate.crt"
        SSLCertificateKeyFile "/etc/ssl/private/private.key"
</VirtualHost>

Close and save. From terminal, enable ssl, check configuration (if you used IP address, you can skip “Could not reliably determine the server’s fully qualified domain name” warnings) and restart apache:

sudo a2enmod ssl
sudo apache2ctl configtest
sudo systemctl restart apache2.service

Back to browser, change http to https (with same URL using Raspberry PI’s IP address).

Tags :