Remember to remove the install media, and then press enter to reboot and start the server.

 
Welcome to Ubuntu!

Initial Server Setup with Ubuntu 20.04

The new Ubuntu 20.04 server need some important configuration steps as part of the basic setup. These steps will increase the security and usability of your server, and will give you a solid foundation for subsequent actions.

This requires a Command Line Interface (CLI). Either you can continue on the server itself with the connected screen and keyboard or connect to the server via SSH (secure TELNET) from another device that has SSH client installed. A recommended client is PUTTY. Windows 10 also has a build in SSH client that can run from the command window

First time login

SSH is activated by default and should be use over unsafe TELNET. Open your favorite SSH client and enter the IP address set in the 'Networking' part of the installation. If you forgot, check on the server console with command 

Using Putty; Set the IP address and select ssh (port 22). Click open to start the terminal.

From Windows command window enter: $ ssh Username@server_ip

Login with password created during the 'user profile' part of the installation. This User should have 'root' or superuser privileges, which you will need to install the LAMP stack and other features later.

Uncomplicated Firewall (UFW)

If you are behind a router you are fairly isolated from the Internet. If you feel the need for some extra protection, configure the UFW.

Applications can register their profiles with UFW upon installation. These profiles allow UFW to manage applications by name. OpenSSH, the service allowing to connect to the server now, has a profile registered with UFW. Let's see if there are any registered:

$ sudo ufw app list  sudo means 'SuperUser DO'. It elevates the command to superuser and requires a (superuser)-password. 

The answer most likely be:

Available applications:
OpenSSH

 We need to make sure that the firewall allows SSH connections so that we can log back in next time.

$ ufw allow OpenSSH

Enable UFW

$ ufw enanble

Check the status:

$ ufw status

Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)


UFW is up and running and new web-apps will be added later

UBUNTU Server successfully installed

Install LAMP Stack

Introduction

A “LAMP” stack is a group of open-source software that is typically installed together in order to enable a server to host dynamic websites and web apps written in PHP. This term is an acronym which represents the Linux operating system, with the Apache web server. The site data is stored in a MySQL database, and dynamic content is processed by PHP.

Other versions like WAMP is suited for Windows and more versions are listed here.

The installation requires a Command Line Interface (CLI). Either you can continue on the server itself with the connected screen and keyboard or connect to the server via TELNET or better SSH (secure TELNET). 

Installing Apache

The Apache web server is among the most popular web servers in the world. It’s well documented, has an active community of users, and has been in wide use for much of the history of the web, which makes it a great default choice for hosting a website.

Assumed to be logged in and have root privilege:

$ sudo apt update
$ sudo apt install apache2

Press Y when promted to install.

Update UFW.

$ sudo ufw app list

Should display:

Available applications:
Apache
Apache Full
Apache Secure
OpenSSH

What does this mean:

• Apache: This profile opens only port 80 (normal, unencrypted web traffic).
• Apache Full: This profile opens both port 80 (normal, unencrypted web traffic) and port 443 (TLS/SSL encrypted traffic).
• Apache Secure: This profile opens only port 443 (TLS/SSL encrypted traffic).

Although no secure certificate is available yet, let's use the FULL profile.

$sudo ufw allow in "Apache"

Verify:

$ ufw status

Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Apache Full ALLOW ANYWHERE
OpenSSH (v6) ALLOW Anywhere (v6)
Apache Full (v6) ALLOW ANYWHERE (v6)

Do a spot check right away to verify that everything went as planned by visiting your server’s IP address in your web browser: http://server-ip-address
The following page should be downloaded.

Apache installation successfully completed

Install MySQL Database

MySQL is a popular database management system used within PHP environments. It store's most of your web-data.
An alternative Database is MariaDB and highly compatible with MySQL, because many of the developers of MySQL were involved in its development.
A list of some popular databases here.

Install MySQL:

$ sudo apt install mysql-server

 confirm installation by typing Y, and then ENTER.

When the installation is finished, it’s recommended to run a security script that comes pre-installed with MySQL. This script will remove some insecure default settings and lock down access to your database system. Start the interactive script by running:

$ sudo mysql_secure_installation

It present a question if you want to configure the VALIDATE PASSWORD PLUGIN.

Note: Enabling this feature is something of a judgment call. If enabled, passwords which don’t match the specified criteria will be rejected by MySQL with an error. It is safe to leave validation disabled, but you should always use strong, unique passwords for database credentials.

Answer Y for yes, or anything else to continue without enabling.

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No:


If answer is Y, a new question follows

There are three levels of password validation policy:

LOW Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1

Next question will ask to select and confirm a password for the MySQL root user. This is not to be confused with the system root. The database root user is an administrative user with full privileges over the database system.  Define a strong password here as an additional safety measure.

If password validation enabled, the password strength for the root password entered shown. If satisfactory, enter Y for “yes” at the prompt:

Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : y


For remaining questions, press Y and hit the ENTER key at each prompt. This will remove some anonymous users and the test database, disable remote root logins, and load these new rules so that MySQL immediately activates the changes made.

When done, test if you’re able to log in to the MySQL console:
$ sudo mysql

A connection to the MySQL server is established as administrative database user root, which is inferred by the use of sudo when running this command. Output like this should be displayed:

Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 22
Server version: 8.0.19-0ubuntu5 (Ubuntu)

Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

Exit with command:

mysql> exit

MySQL installation successfully completed

Installing PHP

PHP is the component  that will process code to display dynamic content to the website visitors. In addition to the php package, you’ll need php-mysql, a PHP module that allows PHP to communicate with MySQL-based databases. You’ll also need libapache2-mod-php to enable Apache to handle PHP files. Core PHP packages will automatically be installed as dependencies.

$ sudo apt install php libapache2-mod-php php-mysql


Once the installation is finished, run the following command to confirm your PHP version:

$ php -v

The response should be similar to this:

PHP 7.4.3 (cli) (built: Mar 26 2020 20:24:23) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with Zend OPcache v7.4.3, Copyright (c), by Zend Technologies

At this point, your LAMP stack is fully operational.
the default root directory of the Apache server points to /var/www/html. The index.php file in this directory contains the Apache2 UBUNTU default page.

Testing the PHP processing

Create a PHP test script to confirm that Apache is able to handle and process requests for PHP files.

$ nano /var/www/info.php

Nano is an DOS-style Linux editor. use arrow-keys to position the cursor where to enter or delete text. For more on the use of nano, look here.

<?php
phpinfo();

Enter the text as displayed and save by pressing keys cntrl+x then y then enter

Test the script with a browser using the same address testing Apache.

$ http://<server-ip-addr>/info.php

The result should display PHP overview file

PHP installation successfully completed

Lamp installation completed

Port forwarding on home router

By default ALL ports on a home router are closed. Meaning no connection can be establish originating from the internet to the webserver (or any other device on the home network).
To access the webserver from the internet, ports 80 (HTTP) needs to be forwarded to the PC running the webserver.

The ports forwarding page layout and wording is different for each router brand and even model.
But in general the data to input is the same.

• Application Name: Any descriptive name (example: webserver)
• (External) Port range: (can also be a single port)
  • Start: 80
  • End: 80 
• (Internal) Port range: (can also be a single port)
  • Start: 80
  • End: 80 
• Protocol (Service type):  both  (TCP, UDP or both)
• (internal) IP address:  192.168.100.200  (the IP address of the PC-LAN accessing the webserver)

Domain name

A DOMAIN name is a translation from a readable name into an IP address. 
The webserver can be accessed from the Internet using just IP address. A domain name is not strictly needed.

Most residential Internet subscriptions use a dynamic public IP address, Meaning it can change every time the modem/router restarts or after a power interruption or even after ISP maintenance work. This makes it hard to keep track of you IP address changes and to access the webserver from the Internet using only the public IP of the broadband connection.

To make life easier, a number of companies offer free DDNS (Dynamic Domain Name Service). A list of free DNS here.
The limitation is the suffix (TLD)  of the domain-name, has a fixed choice with sometime weird names.

freemyip.com

One in particular makes it extremely simple to maintain a DOMAIN name: freemyip.com
The service will create a DOMAIN Name linked to a token. So it is important to SAVE that token.

Updating the public IP address is done by sending a request through an internet-address like this: