How To Install Linux, Apache, MariaDB, PHP (LAMP) stack on Debian 11

Introduction

A “LAMP” stack is a group of open-source software that is typically installed together to enable a server to host dynamic websites and web apps. This term is an acronym that represents the Linux operating system, with the Apache web server. The site data is stored in a MariaDB database, and dynamic content is processed by PHP.

Although this software stack typically includes MySQL as the database management system, some Linux distributions — including Debian — use MariaDB as a drop-in replacement for MySQL.

In this guide, you will install a LAMP stack on a Debian 11 server, using MariaDB as the database management system.

Prerequisites

To follow this tutorial, you will need a Debian 11 server with a non-root sudo-enabled user account and a basic firewall. This can be configured using our initial server setup guide for Debian 11.

Step 1 — Installing Apache and Updating the Firewall

The Apache web server is among the most popular web servers in the world. It’s well documented, has an active community of users, and has been in wide use for much of the history of the web, which makes it a great choice for hosting a website.

Start by updating the package manager cache. If this is the first time you’re using sudo within this session, you’ll be prompted to provide your user’s password to confirm you have the right privileges to manage system packages with apt:

sudo apt update

Then, install Apache with the following:

sudo apt install apache2

This command will prompt you to confirm Apache’s installation. Confirm by writing Y, then ENTER. Once the installation is complete, you need to adjust your firewall settings. Assuming that you followed the initial server setup instructions to install and enable the UFW firewall, make sure that your firewall allows HTTP and HTTPS traffic.

On Debian 11, UFW comes loaded with app profiles that you can use to adjust your firewall settings. View the full list of application profiles by running:

sudo ufw app list

The WWW profiles listed are used to manage ports used by web servers:

Output
Available applications:
. . .
  WWW
  WWW Cache
  WWW Full
  WWW Secure
. . .

If you inspect the WWW Full profile with ufw app info, your output will show that it enables traffic to ports 80 and 443:

sudo ufw app info "WWW Full"

Output
Profile: WWW Full
Title: Web Server (HTTP,HTTPS)
Description: Web Server (HTTP,HTTPS)

Ports:
  80,443/tcp

Next, allow incoming HTTP and HTTPS traffic for this profile:

sudo ufw allow in "WWW Full"

You can verify that everything went as planned by visiting your server’s public IP address in your web browser:

http://your_server_ip

This will return the default Debian 11 Apache web page, which is there for informational and testing purposes:

If your browser returns this page, then your web server is now correctly installed and accessible through your firewall.

How To Find your Server’s Public IP Address

If you do not know what your server’s public IP address is, there are a number of ways you can find it. Usually, this is the address you use to connect to your server through SSH.

There are a few different ways to do this from the command line. First, you could use the iproute2 tools to get your IP address by running::

ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'

This will return two or three lines back. They are all correct addresses, but your computer may only be able to use one of them, so feel free to try each one.

An alternative method is to use the curl utility to contact an outside party to tell you how it sees your server. You can run the following command and ask a specific server what your IP address is:

curl http://icanhazip.com

Whichever method you prefer, write your IP address into the web browser to verify that your server is running the default Apache page.

Step 2 — Installing MariaDB

Now that you have a web server up and running, you need to install the database system to be able to store and manage data for your site.

In Debian 11, the metapackage mysql-server, which was traditionally used to install the MySQL server, was replaced by default-mysql-server. This metapackage references MariaDB, a community fork of the original MySQL server by Oracle, and it’s currently the default MySQL-compatible database server available on Debian-based package manager repositories.

For longer-term compatibility, however, it’s recommended that instead of using the metapackage, you install MariaDB using the program’s actual package, mariadb-server.

To install the MariaDB software, run:

sudo apt install mariadb-server

When the installation is finished, it’s recommended that you run a security script that comes pre-installed with MariaDB. This script will remove some insecure default settings and lock down access to your database system. Start the interactive script by running:

sudo mysql_secure_installation

This script will take you through a series of prompts where you can make some changes to your MariaDB setup. The first prompt will ask you to enter the current database root password. This is not to be confused with the system root. The database root user is an administrative user with full privileges over the database system. Since you just installed MariaDB and haven’t made any configuration changes yet, this password will be blank, so press ENTER at the prompt.

The next prompt asks whether you’d like to set up a database root password. Since MariaDB uses a special authentication method for the root user that is typically safer than using a password, you don’t need to set this now. Press N and then ENTER.

From there, you can press Y and then ENTER to accept the defaults for all the subsequent questions. This will remove anonymous users and the test database, disable remote root login, and load these new rules so that MariaDB immediately respects the changes you have made.

When you’re finished, log in to the MariaDB console:

sudo mariadb

This will connect to the MariaDB server as the administrative database user root, which is inferred by the use of sudo when running this command. You should receive output like the following:

Output
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 41
Server version: 10.5.15-MariaDB-0+deb11u1 Debian 11

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

Notice that you didn’t need to provide a password to connect as the root user. That’s because the default authentication method for the administrative MariaDB user is unix_socket instead of password. Even though this might seem like a security concern at first, it makes the database server more secure because the only users allowed to log in as the root MariaDB user are the system users with sudo privileges connecting from the console, or through an application running with the same privileges. In practical terms, that means you won’t be able to use the administrative database root user to connect from your PHP application.

For increased security, it’s best to have dedicated user accounts with less expansive privileges set up for every database, especially if you plan on having multiple databases hosted on your server.

You can exit the MariaDB console with the following:

exit

Your MariaDB server is now installed and secured. Next, you will install PHP, the final component in the LAMP stack.

Step 3 — Installing PHP

You have Apache installed to serve your content and MariaDB installed to store and manage your data. PHP is the component of your setup that will process code to display dynamic content to the final user. It can run scripts, connect to your MariaDB databases to get information, and hand the processed content over to your web server to display.

In addition to the php package, you will need php-mysql, a PHP module that allows PHP to communicate with MySQL-based database, such as MariaDB. You will also need libapache2-mod-php to enable Apache to handle PHP files. Core PHP packages will automatically be installed as dependencies.

To install these packages, run the following command:

sudo apt install php libapache2-mod-php php-mysql

Once installation is complete, you can verify your PHP version with the following command:

php -v

Output
PHP 7.4.30 (cli) (built: Jul  7 2022 15:51:43) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.30, Copyright (c), by Zend Technologies

At this point, your LAMP stack is fully operational, but before testing your setup with a PHP script, it’s best to set up a proper Apache Virtual Host to hold your website’s files and folders.

Step 4 — Creating a Virtual Host for your Website

When using the Apache web server, you can create virtual hosts (similar to server blocks in Nginx) to encapsulate configuration details and host more than one domain from a single server. In this guide, we’ll set up a domain called your_domain, but you should replace this with your own domain name.

By default, Apache serves its content from a directory located at /var/www/html, using the configuration contained in /etc/apache2/sites-available/000-default.conf. Instead of modifying the default website configuration file /var/www/html, you are going to create a new virtual host for testing your PHP environment. Virtual hosts enable you to keep multiple websites hosted on a single Apache server. You will also create a directory structure within /var/www for the your_domain site, leaving /var/www/html in place as the default directory to be served if a client request doesn’t match any other sites.

Begin by creating the root web directory for your_domain as follows:

sudo mkdir /var/www/your_domain

Next, assign ownership of the directory with the $USER environment variable, which will reference your current system user:

sudo chown -R $USER:$USER /var/www/your_domain

Then, open a new configuration file in Apache’s sites-available directory using your preferred command-line editor. Here, we’ll use nano:

sudo nano /etc/apache2/sites-available/your_domain.conf

This will create a new blank file. Add in the following bare-bones configuration with your own domain name:

<VirtualHost *:80>
    ServerName your_domain
    ServerAlias www.your_domain 
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/your_domain
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Save and close the file when you’re done. If you’re using nano, you can do this by pressing CTRL + X, then Y and ENTER.

With this VirtualHost configuration, you’re telling Apache to serve your_domain using /var/www/your_domain as the web root directory. If you’d like to test Apache without a domain name, you can remove or comment out the options ServerName and ServerAlias by adding a pound sign (#) to the beginning of each option’s lines.

Now, use a2ensite to enable this virtual host:

sudo a2ensite your_domain

You might want to disable the default website that comes installed with Apache. This is required if you’re not using a custom domain name, because in this case Apache’s default configuration would override your virtual host. To disable Apache’s default website, run:

sudo a2dissite 000-default

To make sure your configuration file doesn’t contain syntax errors, run the following command:

sudo apache2ctl configtest

Finally, reload Apache so these changes take effect:

sudo systemctl reload apache2

Next, you will create a PHP script to test that PHP is correctly installed and configured on your server.

Step 5 — Testing PHP Processing on your Web Server

Now that you have a custom location to host your website’s files and folders, create a PHP test script to confirm that Apache is able to handle and process requests for PHP files.

Begin by creating a new file named info.php inside your custom web root folder:

nano /var/www/your_domain/info.php

This will open a blank file. Add the following text, which is valid PHP code, inside the file:

<?php
phpinfo();

When you are finished, save and close the file.

To test the script, go to your web browser and access your server’s domain name or IP address, followed by the script name, which in this case is info.php:

http://your_domain/info.php

Here is an example of the default PHP web page:

This page provides information about your server from the perspective of PHP. It is useful for debugging and ensuring that your settings are being applied correctly.

If you can see this page in your browser, then your PHP installation is working as expected.

After checking the relevant information about your PHP server through that page, it’s best to remove the file you created as it contains sensitive information about your PHP environment and your Debian server. Use rm to do so:

sudo rm /var/www/your_domain/info.php

You can always recreate this page if you need to access the information again later.

Step 6 — Testing Database Connection from PHP (Optional)

If you want to test whether PHP is able to connect to MariaDB and execute database queries, you can create a test table with test data and query for its contents from a PHP script. Before you do that, you need to create a test database and a new MariaDB user properly configured to access it.

Create a database named example_database and a user named example_user. You can replace these names with different values.

First, connect to the MariaDB console using the root account:

sudo mariadb

To create a new database, run the following command from your MariaDB console:

CREATE DATABASE example_database;

Now create a new user and grant them full privileges on the custom database you’ve created.

The following command creates a new user named example_user that authenticates with a password. We’re defining this user’s password as password, but you should replace this value with a secure password of your own choosing:

CREATE USER 'example_user'@'%' IDENTIFIED BY 'password';

Next, give this user permission over the example_database database:

GRANT ALL ON example_database.* TO 'example_user'@'%';

This will give the example_user user full privileges over the example_database database, while preventing this user from creating or modifying other databases on your server.

Next, flush the privileges to ensure that they are saved and available in the current session:

FLUSH PRIVILEGES;

Following this, exit the MariaDB shell:

exit

You can test if the new user has the proper permissions by logging in to the MariaDB console again, this time using the custom user credentials:

mariadb -u example_user -p

Note the -p flag in this command, which will prompt you for the password used when creating the example_user user. After logging in to the MariaDB console, confirm that you have access to the example_database database:

SHOW DATABASES;

This will give you the following output:

Output
+--------------------+
| Database           |
+--------------------+
| example_database   |
| information_schema |
+--------------------+
2 rows in set (0.000 sec)

Next, create a test table named todo_list. From the MariaDB console, run the following statement:

CREATE TABLE example_database.todo_list (
	item_id INT AUTO_INCREMENT,
	content VARCHAR(255),
	PRIMARY KEY(item_id)
);

Insert a few rows of content in the test table. Repeat the next command a few times, using different values, to populate your test table:

INSERT INTO example_database.todo_list (content) VALUES ("My first important item");

To confirm that the data was successfully saved to your table, run:

SELECT * FROM example_database.todo_list;

You will receive the following output:

Output
+---------+--------------------------+
| item_id | content                  |
+---------+--------------------------+
|       1 | My first important item  |
|       2 | My second important item |
|       3 | My third important item  |
|       4 | and this one more thing  |
+---------+--------------------------+
4 rows in set (0.000 sec)

After confirming that you have valid data in your test table, you can exit the MariaDB console:

exit

Now you can create the PHP script that will connect to MariaDB and query for your content. Create a new PHP file in your custom web root directory using your preferred editor:

nano /var/www/your_domain/todo_list.php

The following PHP script connects to the MariaDB database and queries for the content of the todo_list table, exhibiting the results in a list. If there’s a problem with the database connection, it will throw an exception.

Add this content into your todo_list.php script, remembering to replace the example_user and password values with your own:

<?php
$user = "example_user";
$password = "password";
$database = "example_database";
$table = "todo_list";

try {
  $db = new PDO("mysql:host=localhost;dbname=$database", $user, $password);
  echo "<h2>TODO</h2><ol>"; 
  foreach($db->query("SELECT content FROM $table") as $row) {
    echo "<li>" . $row['content'] . "</li>";
  }
  echo "</ol>";
} catch (PDOException $e) {
    print "Error!: " . $e->getMessage() . "<br/>";
    die();
}

Save and close the file when you’re done editing.

You can now access this page in your web browser by visiting the domain name or public IP address for your website, followed by /todo_list.php:

http://your_domain/todo_list.php

This web page will reveal the content you’ve inserted in your test table to your visitor:

That means your PHP environment is ready to connect and interact with your MariaDB server.

Conclusion

In this guide, you’ve built a flexible foundation for serving PHP websites and applications to your visitors, using Apache as a web server and MariaDB as the database system.

As an immediate next step, you should ensure the connections to your web server are secured, by serving them via HTTPS. In order to accomplish that, you can use Let’s Encrypt. You can also read our guide on How to Install and Use Composer for dependency and package management in PHP.