How to Install LAMP Apache2, MySQL 8.0 and PHP 8.1 on Debian 11.

Prerequisites to Install LAMP

•Root access to your server or a sudo user.
•Domain pointed to your server IP to install Let’sEncrypt SSL

Step 1: Setup Initialization

Start by updating the packages to the latest version available using the
following command.
sudo apt update
sudo apt upgrade
Install wget package.
sudo apt install wget
Once you have updated the setup you can start install LAMP stack.

Step 2: Install Apache

Install Apache using the following command.
sudo apt install apache2
This will install apache2 and all required dependencies.

Step 3: Setup Firewall

Now you can set up Uncomplicated Firewall (UFW) with Apache to allow
public access on default web ports for HTTP and HTTPS
sudo ufw app list
You will see all listed applications.
Output
Available applications:
Apache
Apache Full
Apache Secure
OpenSSH
•Apache: This profile opens port 80 (normal, unencrypted web traffic)
•Apache Full: This profile opens both port 80 (normal, unencrypted web
traffic) and port 443 (TLS/SSL encrypted traffic)
•Apache Secure: This profile opens only port 443 (TLS/SSL encrypted
traffic)
•OpenSSH: This profile opens port 22 for SSH access.

If you are not going to use SSL you need to enable only the Apache profile.
Now we will enable Apache Full.
sudo uff allow OpenSSH
sudo ufw allow 'Apache Full'
With this command you can view the status of UFW.
sudo ufw status
You will see the output as follows.
Output
Status: active
To Action From
-- ------ ----
Apache Full ALLOW Anywhere
OpenSSH ALLOW Anywhere
Apache Full (v6) ALLOW Anywhere (v6)
OpenSSH (v6) ALLOW Anywhere (v6)

Step: 4 Check Apache Installation

Once Apache is installed is is started automatically and already be up and
running.
Every process in Apache is managed with the systemctl command. Check
the status of Apache with the following command.
sudo systemctl status apache2
Output
● apache2.service - The Apache HTTP Server
Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset:
enabled)
Drop-In: /lib/systemd/system/apache2.service.d
└─apache2-systemd.conf
Active: active (running) since Tue 2022-02-02 10:29:51 UTC; 5min ago
Main PID: 10617 (apache2)
Tasks: 55 (limit: 667)
CGroup: /system.slice/apache2.service
├─10617 /usr/sbin/apache2 -k start
├─10619 /usr/sbin/apache2 -k start
└─10620 /usr/sbin/apache2 -k start
Feb 02 10:29:51 apache systemd[1]: Starting The Apache HTTP Server…
Feb 02 10:29:51 apache systemd[1]: Started The Apache HTTP Server.
Now we have Apache installed and configured Firewall.

Step 5: Install MySQL

To add the MySQL APT repository to your system go to the
repository download page and download the latest release package using the
following command.
wget https://dev.mysql.com/get/mysql-apt-config_0.8.22-1_all.deb
Install the release package.
sudo apt install ./mysql-apt-config_0.8.22-1_all.deb
We’re going to install MySQL version 8.0. Select OK by pressing Tab and hit
Enter (as shown in the image above).
Now you can install MySQL.
sudo apt update
sudo apt install mysql-server
Once the installation is completed, the MySQL service will start
automatically. To verify that the MySQL server is running, type:
sudo service mysql status
The output should show that the service is enabled and running:
mysql.service - MySQL Community Server
Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset:
enabled)
Active: active (running) since Wed 2022-02-02 06:12:30 UTC; 17s ago
Docs: man:mysqld(8)
http://dev.mysql.com/doc/refman/en/using-systemd.html
Main PID: 101929 (mysqld)
Status: "Server is operational"
Tasks: 38 (limit: 1148)
Memory: 369.3M
CPU: 805ms
CGroup: /system.slice/mysql.service
└─101929 /usr/sbin/mysqld

Feb 02 06:12:29 demo systemd[1]: Starting MySQL Community Server...

Feb 02 06:12:30 demo systemd[1]: Started MySQL Community Server.

Step 6: Secure MySQL

MySQL installation comes with a script
named mysql_secure_installation that allows you to easily improve the
MySQL server security.
sudo mysql_secure_installation
You will be asked to configure the VALIDATE PASSWORD PLUGIN which is
used to test the strength of the MySQL users passwords and improve the
security.
Press y if you want to set up the validate password plugin or any other key to
move to the next step.
There are three levels of password validation policy, low, medium, and
strong.
Enter 2 for strong password validation.
On the next prompt, you will be asked to set a password for the MySQL root
user.
If you set up the validate password plugin, the script will show you the
strength of your new password. Type y to confirm the password.
Next, you’ll be asked to remove the anonymous user, restrict root user access
to the local machine, remove the test database, and reload privilege tables.
You should answer y to all questions.

Step 7: Install PHP

Add the SURY PPA for PHP 8.1
sudo apt -y install lsb-release apt-transport-https ca-certificates
sudo wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
Now you can add the PPA to the server packages.
echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | sudo tee
/etc/apt/sources.list.d/php.list
Update the packages and install PHP 8.1
sudo apt update

sudo apt install php libapache2-mod-php php8.1-mysql php8.1-common php8.1-mysql php8.1-

xml php8.1-xmlrpc php8.1-curl php8.1-gd php8.1-imagick php8.1-cli php8.1-dev php8.1-
imap php8.1-mbstring php8.1-opcache php8.1-soap php8.1-zip php8.1-intl -y
Once PHP is installed you can check the version using the following
command.
php -v

Step 8: Configure PHP

Now we configure PHP for Web Applications by changing some values
in php.ini file.
For PHP 8.1 with Apache the php.ini location will be in following directory.
sudo nano /etc/php/8.1/apache2/php.ini
Hit F6 for search inside the editor and update the following values for better
performance.
upload_max_filesize = 32M
post_max_size = 48M
memory_limit = 256M
max_execution_time = 600
max_input_vars = 3000
max_input_time = 1000
Once you have modified your PHP settings you need to restart your Apache
for the changes to take effect.
Step 9: Configure Apache
Disable default Apache configuration.
sudo a2dissite 000-default
Create website directories.
sudo mkdir -p /var/www/html/domainname/public
Setup correct permissions.
sudo chmod -R 755 /var/www/html/domainname
sudo chown -R www-data:www-data /var/www/html/domainname
Create a new virtual host configuration.
sudo nano /etc/apache2/sites-available/domainname.conf
Paste the following configurations in the new file.
<VirtualHost *:80>
ServerAdmin admin@domainname.com
ServerName domainname.com
ServerAlias www.domainname.com

DocumentRoot /var/www/html/domainname/public

<Directory /var/www/html/domainname/public>
Options Indexes FollowSymLinks
 AllowOverride All
Require all granted
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Enable the new configuration.
sudo a2ensite domainname.conf

Step 10: Install Let’s Encrypt SSL

HTTPS is a protocol for secure communication between a server (instance)
and a client (web browser). Due to the introduction of Let’s Encrypt, which
provides free SSL certificates, HTTPS are adopted by everyone and also
provides trust to your audiences.
Here we will install Certbot to install Let’sEncrypt SSL using Snap.
sudo apt update
sudo apt install snapd -y
sudo snap install core
sudo snap refresh core
Install Certbot tool.
sudo snap install --classic certbot
Configure Certbot to be executable as as a command.
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Now we have installed Certbot to install Let’s Encrypt for Debian 11.
Execute the following command to install your certificates.
sudo certbot --apache --agree-tos --redirect -m youremail@email.com -d domainname.com
-d www.domainname.com
Select the appropriate option and hit Enter
This command will install Free SSL, configure redirection to HTTPS and
restarts the Apache server.
Step 11: Renewing SSL Certificate
Certificates provided by Let’s Encrypt are valid for 90 days only, so you need
to renew them often. So, let’s test the renewal feature using the following
command.
sudo certbot renew --dry-run
This command will test the certificate expiry and configures the auto-
renewable feature.
Step: 12: Test the Setup
Once you have done the able steps you can create a new test PHP file in your
web directory.
sudo nano /var/www/html/domainname/public/info.php
Paste the below code inside the file.
<?php phpinfo();
Save the file.
Now go ahead and check your domain name with the info.php in the url
(domainname.com/info.php).
You will see that your domain got redirected to HTTPS and see the PHP
information details.

Conclusion
Now you have learned how to install LAMP stack on Debian 11 with Let’s
Encrypt.
Thanks for your time. If you face any problem or any feedback, please leave
a comment below.