Installing LAMP (Linux, Apache, MySQL/MariaDB, and PHP/PhpMyAdmin) in Arch Linux

Thursday, December 3rd 2015. | LAMP, tutorial

Installing LAMP (Linux, Apache, MySQL/MariaDB, and PHP/PhpMyAdmin) in Arch Linux –

Arch Linux provides a flexible cutting age system environment and is a powerful best suited solution for developing web applications on small non-critical systems due to the fact that is a complete Open Source and provides the last up to date releases on Kernels and web software for servers and databases.

Install LAMP in Arch Linux

This main scope of this tutorial is to guide you through a complete step by step instructions that in the end will lead on installing one of the most used software combination in Web Development: LAMP (Linux, Apache, MySQL/MariaDB, and PHP/PhpMyAdmin ) and it will present you some nice features (quick and dirty Bash scripts) that are not present in an Arch Linux system, but can ease the job on creating multiple Virtual Hosts, generate SSL Certificates and Keys needed for secure HTTS transactions.


  1. Previous Arch Linux Installation process – skip the last part with DHCP.
  2. Previous LEMP installation on Arch Linux – only the part with configuring Static IP Address and remote SSH access.

Step 1: Install Basic Software LAMP

1. After minimal system installation with static IP address and remote system access using SSH, upgrade your Arch Linux box using pacman utility.

$ sudo pacman -Syu

2. When the upgrade process finishes install LAMP from pieces, first install Apache Web Server and start/verify every server process daemon.

$ sudo pacman -S apache 
$ sudo systemctl start httpd 
$ sudo systemctl status httpd

Install Apache in Arch Linux

3. Install PHP dynamic server-side scripting language and its Apache module.

$ sudo pacman -S php php-apache

4. On the last step install MySQL database, choose 1 (MariaDB) community database fork then start and check daemon status.

$ sudo pacman -S mysql 
$ sudo systemctl start mysqld 
$ sudo systemctl status mysqld

Install MySQL in Arch Linux

Start MySQL Database

Now you have the basic LAMP software installed and started with default configurations so far.

Step 2: Secure MySQL Database

5. The next step is to secure MySQL database by setting a password for root account, remove anonymous users accounts, remove test database and disallow remote login for user root ( press [Enter] key for root account current password and answer with Yes on all security questions).

$ sudo mysql_secure_installation

Secure MySQL Database

Set MySQL root Password

6. Verify MySQL database connectivity by running the following command then leave database shell with quit or exit statement.

$ mysql -u root -p

Connect to MySQL in Arch Linux

Step 3: Modify Apache Main Configuration File

7. The following configurations are most of them related to Apache Web Server to provide a dynamic interface for Virtual Hosting with PHP scripting language, SSL or non-SSL Virtual Hosts and can be done by modifying httpd service file configurations.

First open main Apache file configuration with your favourite text editor.

$ sudo nano /etc/httpd/conf/httpd.conf

At the very bottom of the file, append the following two lines.

IncludeOptional conf/sites-enabled/*.conf
IncludeOptional conf/mods-enabled/*.conf

Include Virtual Host Configuration

The role of Include statements here is to tell Apache that from now on, it should read further configurations from all files that reside in /etc/httpd/conf/sites-enabled/ (for Virtual Hosting) and /etc/httpd/conf/mods-enabled/ ( for enabled server modules) system paths that ends in a .conf extension.

8. After Apache has been instructed with this two directives, create the necessary system directories issuing the following commands.

$ sudo mkdir /etc/httpd/conf/sites-available
$ sudo mkdir /etc/httpd/conf/sites-enabled
$ sudo mkdir /etc/httpd/conf/mods-enabled

The sites-available path holds all Virtual Hosts configurations files that are not activated on Apache but the next Bash script will use this directory to link and enable websites that are located there.

Step 4: Create a2eniste and a2diste Apache Commands

9. Now it’s time to create a2ensite and a2dissite Apache scripts that will serve as commands to enable or disable Virtual Host configuration file. Type the cd command to return to your $HOME user path and create your bash a2eniste and a2dissite scripts using your favourite editor.

$ sudo nano a2ensite

Add the following content on this file.

if test -d /etc/httpd/conf/sites-available && test -d /etc/httpd/conf/sites-enabled  ; then
echo "-------------------------------"
mkdir /etc/httpd/conf/sites-available
mkdir /etc/httpd/conf/sites-enabled

site=`ls /etc/httpd/conf/sites-available/`

if [ "$#" != "1" ]; then
        echo "Use script: n2ensite virtual_site"
        echo -e "nAvailable virtual hosts:n$site"
        exit 0
if test -e $avail; then
sudo ln -s $avail $enabled
echo -e "$avail virtual host does not exist! Please create one!n$site"
exit 0
if test -e $enabled/$1.conf; then
echo "Success!! Now restart Apache server: sudo systemctl restart httpd"
echo  -e "Virtual host $avail does not exist!nPlease see avail virtual hosts:n$site"
exit 0

Create a2eniste Apache Script

Now create a2dissite bash script file.

$ sudo nano a2dissite

Append the following content.

site=`ls /etc/httpd/conf/sites-enabled`

if [ "$#" != "1" ]; then
        echo "Use script: n2dissite virtual_site"
        echo -e "nAvailable virtual hosts: n$site"
        exit 0
if test -e $avail; then
sudo rm  $avail
echo -e "$avail virtual host does not exist! Exiting"
exit 0
if test -e $enabled/$1.conf; then
echo "Error!! Could not remove $avail virtual host!"
echo  -e "Success! $avail has been removed!nsudo systemctl restart httpd"
exit 0

Create a2dissite Apache Script

10. After the files had been created allocate execute permissions and copy them to a $PATH executable directory to make them system wide available.

$ sudo chmod +x a2ensite a2dissite
$ sudo cp a2ensite a2dissite /usr/local/bin/

Set Execute Permissions

Step 5: Create Virtual Hosts in Apache

11. Virtual Host default configuration file for Apache Web server on Arch Linux is provided by httpd-vhosts.conf file located in /etc/httpd/conf/extra/ path but if you have a system that uses a lot of Virtual Hosts can be very difficult to keep track of what website is activated or not and. If you want to disable a website you must comment or delete all of its directives and that can be a difficult mission if you system provides a lot of websites and your website has more configuration directives.

Using sites-available and sites-enabled paths, greatly simplifies the job of enabling or disabling websites and also preserves all your websites configuration files even though they are activated or not.

On the next step we are going to construct the first Virtual Host that points to default localhost with the default DocumentRoot path for serving websites files (/srv/http.

$ sudo nano /etc/httpd/conf/sites-available/localhost.conf

Add the following Apache directives here.

<VirtualHost *:80>
        DocumentRoot "/srv/http"
        ServerName localhost
        ErrorLog "/var/log/httpd/localhost-error_log"
        TransferLog "/var/log/httpd/localhost-access_log"

<Directory />
    Options +Indexes +FollowSymLinks +ExecCGI
    AllowOverride All
    Order deny,allow
    Allow from all
Require all granted


Create Virtual Hosts in Apache

The most important statements here are Port and ServerName directives that instructs Apache to open a network connection on port 80 and redirect all queries with localhost name to serve files located in /srv/http/ path.

12. After localhost file has been created, activate it then restart httpd daemon to view changes.

$ sudo a2ensite localhost
$ sudo systemctl restart httpd

Active a2ensite Script

13. Then point your browser to http://localhost, if you run it from Arch system or http://Arch_IP if you use a remote system.

Browse Apache

Step 6: Enable SSL with Virtual Hosting on LAMP

SSL (Secure Sockets Layer) is a protocol designed to encrypt HTTP connections over networks or Internet, which make data flow to be transmitted over a secure channel using symmetric/asymmetric cryptography keys and is provided in Arch Linux by OpenSSL package.

14. By default SSL module is not enabled on Apache in Arch Linux and can be activated by uncommenting module from main httpd.conf configuration file and Include httpd-ssl.conf file located in extra httpd path.

But to simplify things we are going to create a new module file for SSL in mods-enabled path and leave main Apache configuration file untouched. Create the following file for SSL module and add the below content.

$ sudo nano /etc/httpd/conf/mods-enabled/ssl.conf

Append the following content.

LoadModule ssl_module modules/
LoadModule socache_shmcb_module modules/

Listen 443

SSLPassPhraseDialog  builtin
SSLSessionCache        "shmcb:/run/httpd/ssl_scache(512000)"
SSLSessionCacheTimeout  300

Enable SSL with Virtual Hosting

15. Now create a Virtual Host file that points to the same localhost name but using SSL server configurations this time, and slightly change its name to remind you that it stands for localhost with SSL.

$ sudo nano /etc/httpd/conf/sites-available/localhost-ssl.conf

Add the following content on this file.

<VirtualHost *:443>
        DocumentRoot "/srv/http"
        ServerName localhost
        ErrorLog "/var/log/httpd/localhost-ssl-error_log"
        TransferLog "/var/log/httpd/localhost-ssl-access_log"

SSLEngine on

SSLCertificateFile "/etc/httpd/conf/ssl/localhost.crt"
SSLCertificateKeyFile "/etc/httpd/conf/ssl/localhost.key"

<FilesMatch ".(cgi|shtml|phtml|php)$">
    SSLOptions +StdEnvVars

<Directory "/srv/http/cgi-bin">
    SSLOptions +StdEnvVars

BrowserMatch "MSIE [2-5]" 
         nokeepalive ssl-unclean-shutdown 
         downgrade-1.0 force-response-1.0

CustomLog "/var/log/httpd/ssl_request_log" 
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"

<Directory />

    Options +Indexes +FollowSymLinks +ExecCGI
    AllowOverride All
    Order deny,allow
    Allow from all
Require all granted


Create SSL Virtual Host

Besides Port and ServerName directives, other important directives here are those pointing to SSL Certificate file and SSL Key file which are not yet created so don’t restart Apache Web Server or you will get some errors.

16. To create required SSL Certificate file and Keys install OpenSSL package issuing the command below.

$ sudo pacman -S openssl

17. Then create the following Bash script that automatically creates and stores all your Apache Certificates and Keys in /etc/httpd/conf/ssl/ system path.

$ sudo nano apache_gen_ssl

Add the following file content then save it and make it executable.

mkdir /etc/httpd/conf/ssl
cd /etc/httpd/conf/ssl

echo -e "Enter your virtual host FQDN: nThis will generate the default name for Nginx  SSL certificate!"
read cert

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out $cert.key
chmod 600 $cert.key
openssl req -new -key $cert.key -out $cert.csr
openssl x509 -req -days 365 -in $cert.csr -signkey $cert.key -out $cert.crt

echo -e " The certificate "$cert" has been generated!nPlease link it to Apache SSL available website!"

ls -all /etc/httpd/conf/ssl
exit 0

Store Apache Certificates and Keys

$ sudo chmod +x apache_gen_ssl

If you want the script to be available system wide copy it to an executable $PATH.

$ sudo cp /apache_gen_ssl  /usr/local/bin/

18. Now generate your Certificate and Keys by running the script. Provide your SSL options and don’t forget the certificate name and Common Name to match your official domain (FQDN).

$ sudo ./apache_gen_ssl

Create Apache Certificates and Keys

Enter Certificates Details

After certificate and keys had been created don’t forget to modify your SSL Virtual Host certificate and keys configurations to match the name of this certificate.

19. The last step is to activate newly SSL Virtual Host and restart your server to apply configurations.

$ sudo a2ensite localhost-ssl
$ sudo systemctl restart httpd

Activate SSL Virtual Host

That’s it! To verify it open browser and add Arch IP on URL using HTTPS protocol: https://localhost or https://system_IP.

Browse Apache over SSL

Step 7: Enable PHP on Apache

20. By default Apache only serves HTML static files content in Arch Linux with no dynamic scripting languages support. To activate PHP first open Apache main configuration file then search and uncomment the following LoadModule statement (php-apache does not work with mod_mpm_event in Arch Linux).

$ sudo nano /etc/httpd/conf/httpd.conf

Using [Ctrl]+[w] search and comment the following line to look like this.

#LoadModule mpm_event_module modules/

Enable PHP Module

21. Then create a new file for PHP module in mods-enabled path with the following content.

$ sudo nano /etc/httpd/conf/mods-enabled/php.conf

Add the exactly following content (you must use mod_mpm_prefork).

LoadModule mpm_prefork_module modules/
LoadModule php5_module modules/

Include conf/extra/php5_module.conf

Enable mod_mpm_prefork Module

22. To verify setting create PHP a file named info.php in your DocumnetRoot (/srv/http/), then restart Apache and point your browser to info.php file: https://localhost/info.php.



$ sudo systemctl restart httpd

Verify PHP Information

That’s it! If everything looks like image above, you now have PHP dynamic server-side scripting language enabled on Apache and you can now develop websites using Open Source CMS like WordPress for example.

If you want to verify Apache syntax configurations and see a list of loaded modules without restarting httpd daemon run the following commands.

$ sudo apachectl configtest
$ sudo apachectl -M

Step 8: Install and Configuring PhpMyAdmin

23. If you don’t master MySQL command line and want a simple remote access to MySQL database provided through web interface then you need PhpMyAdmin package installed on your Arch box.

$ sudo pacman -S phpmyadmin php-mcrypt

24. After the packages had been installed you need to enable some PHP extensions (, – for internal authentication) and you can, also, enable other modules for needed for future CMS platforms like, or etc.

$ sudo nano /etc/php/php.ini

Locate and uncomment the above extensions.

Install and Configuring PhpMyAdmin

Also, on same file, search and locate open_basedir statement and add PhpMyAdmin system path (/etc/webapps/ and /usr/share/webapps/) to make sure PHP can access and read files under those directories (If you, also, change Virtual Hosts DocumentRoot path from /srv/http/ to another location you need to append the new path here too).

Enable open_basedir

25. The last thing you need to do in order to access PhpMyAdmin Web Interface is to add PhpMyAdmin Apache statements on Virtual Hosts. As a security measure will make sure that PhpMyAdmin Web Interface can be accessible only from localhost ( or system IP address) using HTTPS protocol and not from other different Virtual Hosts. So, open your localhost-ssl.conf Apache file and at the bottom, before last statement add the following content.

$ sudo nano /etc/httpd/conf/sites-enabled/localhost-ssl.conf
Alias /phpmyadmin "/usr/share/webapps/phpMyAdmin"

<Directory "/usr/share/webapps/phpMyAdmin">
    DirectoryIndex index.html index.php
    AllowOverride All
    Options FollowSymlinks
    Require all granted

Create PhpMyAdmin Virtual Host Configuration

26. Afterwards restart Apache daemon and point your browser to the following address and you should be able to access your PhpMyAdmin Web Interface: https://localhost/phpmyadmin or https://system_IP/phpmyadmin.

Access PhpMyAdmin Web Interface

27. If, after you login to PhpMyAdmin, you see a bottom error concerning a blowfish_secret, open and edit /etc/webapps/phpmyadmin/ file and insert a random string like the one in the following statement, then refresh page.

$cfg['blowfish_secret'] = ‘{^QP+-(3mlHy+Gd~FE3mN{gIATs^1lX+T=KVYv{ubK*U0V’ ;

Fix blowfish_secret Error

Step 9: Enable LAMP System Wide

28. If you want LAMP stack to be automatically started after system reboot run the following commands.

$ sudo systemctl enable httpd mysqld

Enable LAMP System Wide

This are some of main configuration settings on LAMP needed to transform an Arch Linux system into a simple but powerful, fast and robust web platform with cutting-age server software for small non-critical environments, but if you get stubborn and still want to use it in a large production environment you should arm yourself with plenty of patience and pay an extra attention on packages updates and make regular system backup images for a fast system restoring in case of system failures.

Source link