My first experience with the LAMP stack

Marko — Mon, 17 Jun 2024 21:59:47 +0000

I carried out this work as part of a university internship. It main task was to set up a web server with own resume, a login window and a connected mysql database.
I want to share my first experience with the LAMP stack and perhaps help someone with this topic.

Brief theory

A software stack is a set of layered tools, libraries, programming languages, and technologies used to create, manage and run an application. The stack consists of software components that support the application in various ways, such as visualization, database, networking, and security.

LAMP stack architecture:

Linux is an open source operating system. Resides at the first level of the LAMP stack and supports other components at higher levels.
Apache is an open source web server that forms the second layer of the LAMP stack. The Apache module stores website files and communicates with the browser using HTTP, an Internet protocol for transmitting website information in plain text.
MySQL is an open source relational database management system and the third layer of the LAMP stack. The LAMP model uses MySQL to store, query, and manage information in relational databases.
PHP Last in the stack is a scripting language that allows websites to run dynamic processes. A dynamic process involves information in software that is constantly changing. It is used to allow the web server, database, and operating system to process requests from browsers in a consistent manner.

Preparation

Installing Apache on Ubuntu.

Happens using the commands:
sudo apt-get update – used to download package information from all configured sources
sudo apt-get install apache2 – used to install Apache itself

Installing MySQL

sudo apt-get install mysql-server – used to install mysql

Installing PHP

sudo apt install php – used to install PHP

To check the results of installing the LAMP stack, let's create a test file:

nano /var/www/html/info.php

nano - text editor (you can use any one of your choice)
Add

<! ?php phpinfo();? >

After this, restart apache2 with the command - service apache2 restart

Enter http://my-ip-address/info.php into our web browser

This should appear:

Creating a Web Server
By default, Apache comes with a built-in base site. You can change its contents in /var/www/html or edit the settings.

Virtual Host file located in Virtual Host which is located in /etc/apache2/sites-enabled/000-default.conf

You can change the algorithm for processing incoming requests or support several web resources on one web server using virtual host support.

Let's create an example.html file for example.

sudo mkdir /var/www/test/ - create a folder for your web server

nano /var/www/test/ example.html – create a file example.html

Let's write simple code in it:

<html>
<head>
<title> LAMP on Ubuntu! </title>
</head>
<body>
<p> I'm running this website on an Ubuntu Server!
</body>
</html>

VirtualHost configuration

VirtualHost is a directive in the Apache web server configuration file, designed to map IP addresses, domains and directories available on the server, as well as manage the sites available on the server. The tag specifies the IP addresses and ports that are used on the server.

We will use the default configuration:

cd /etc/apache2/sites-available/
sudo cp 000-default.conf test.conf
sudo nano test.conf

Edit for yourself:

8090 is the port on which my web server will listen.
As part of the practical assignment, we had to create our resume on a web server.

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>CV</title>
    <style>
        body {
            font-family: Arial, sans-serif;
        }
        .resume {
            max-width: 600px;
            margin: 0 auto;
            padding: 20px;
            border: 1px solid #ccc;
            border-radius: 5px;
        }
        h1, h2, h3 {
            color: #333;
        }
p {
            margin-bottom: 10px;
        }
        ul {
            list-style-type: none;
            padding-left: 0;
        }
        ul li::before {
            content: '\2022';
            color: #007bff;
            font-weight: bold;
            display: inline-block;
            width: 1em;
            margin-left: -1em;
        }
    </style>
</head>
<body>
<div class="resume">
    <h1>Name and surname</h1>
    <p>City, Country</p>
    <p>Email: .....@gmail.com</p>
    <p>Mobile phone: </p>

    <h2>Education</h2>
    <ul>
            <h3> School</h3>
            <p>Primary, middle and high school</p>
            <p>Semptember - June </p>

            <h3>University </h3>
            <p>Speciality: </p>
            <p>Semptember - June </p>

    </ul>
<h2>Skills</h2>
    <ul>
        <li>Programming on  HTML, C++, Python, PHP</li>
        <li>Use of database MySQL</li>
        <li>Knowledge of English at Intermediate level</li>
        <li>Knowledge of Windows and Linux Ubuntu at the administration level</>
</li>
    </ul>
            </ul>

    <h2>Personal qualities</h2>
    <ul>
        <li>Stress resistance</li>
        <li>Teamwork</li>
        <li>Punctuality</li>
    </ul>

</div>

</body>
</html>

Web server activation
sudo a2ensite test.conf

Database creation

CREATE DATABASE my_database;
USE my_database;
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(50),
email VARCHAR(100)
);

Adding users using the command

INSERTT INTO ysers (name, email) values ('Elena', 'ElenaCon@gmail.com');

Exit the editor using the command – exit.

We give all privileges to our host using the commands:

GRANT ALL PRIVILEGES ON my_database. * TO 'Your@localhost';
FLUSH PRIVILEGES;

Creating a login window
We create two files: one is the site itself for authorization (site.php)
The second one is for connecting the authorization site to the database (connect.php)
nano /var/www/html site.php
nano /var/www/html connect.php

Site.php code:

!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Authorization</title>
</head>
<body>

<h2>Authorization form</h2>

<form action="connect.php" method="post">
    <div>
        <label for="name">User name:</label>
        <input type="text" id="name" name="name" required>
    </div>
    <div>
        <label for="email">Email:</label>
        <input type="email" id="email" name="email" required>
    </div>
<button type="submit">Login</button>
</form>

</body>
</html>

Code for connect.php:

<?php

$host = "localhost";
$username = ".....";
$password = ".....";
$database = "my_....";

$conn = new mysqli($host, $username, $password, $database);

if ($conn->connect_error) {
    die("Error " . $conn->connect_error);
}

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $name = $_POST["name"];
    $email = $_POST["email"];

    $sql = "SELECT * FROM users WHERE name='$name' AND email='$email'";
    $result = $conn->query($sql);

if ($result->num_rows > 0) {

        header("Location: http://you_ip_address:(port)");
}       else {
        echo "Error";
}

}


$conn->close();
?>

Install the PHP extension to create a web server with a database using the command:

php –m | grep mysqli
apt-get install php-mysql

After calling these commands, PHP will act as a web server that can accept HTTP requests and process them.

We start the web server using the command:
http://you_ip_address:(any port)

Result:
Authorization page:

CV page:

I didn’t have any major difficulties creating my first web server. There were only moments that really slowed me down because they didn’t work out the first and second times, such as the correct operation of the database or the correctly written codes for the site.php and connect.php files. Overall, I really enjoyed studying this topic and now, as a result, I have my own web server, which can be used for new experiments, such as in my first article

Why is it dangerous to use the HTTP protocol on public Wi-Fi.

Marko — Mon, 17 Jun 2024 14:12:45 +0000

What is HTTP

HTTP is a hypertext transfer protocol that underlies the Internet. It`s located at the last layer of the OSI and TCP/IP model (application layer). HTTP is implemented in two programs: a client program and a server program. Client and server programs running on different end systems. They communicate with each other by exchanging HTTP messages.
HTTP defines the structure of these messages and how the client and server exchange messages. The problem with this protocol is that the data is transmitted in clear text and anyone can intercept your traffic.

What is HTTPS
The problem with HTTP protocol is solved by its extended version HTTPS. HTTPs - HyperText Transfer Protocol Secure. This protocol adds to the regular version the ability to encrypt data using the TLS cryptographic protocol. The HTTPs protocol provides that when a connection is established, the client and server agree to use a temporary key with which they will encrypt and decrypt messages. This key is called a “session” key and is valid only for the current session. Each new session will generate a new key.
To transfer a website to HTTPS, the owner must obtain a special certificate information from which is used to verify the authenticity of the web resource. Accordingly, the organization that issued such a certificate becomes a third party whose participation allows the users not to fear that their data will be stolen.

The main danger of HTTP

What's so scary about the fact that traffic with the HTTP protocol is quite easy to intercept? By using sites with the HTTP protocol on the open network you are open to a person with bad intentions. He or she can easily intercept your traffic and be able to access your cookies, server software versions and see everything that you enter into various forms including bank cards , logins, passwords and other metadata that can be used to test the system or identify potential vulnerabilities.

Capturing an HTTP packet using WireShark
As I wrote earlier, the danger of the HTTP protocol is that its packets are quite easy to intercept, and now I will clearly demonstrate this.

I created my own simple web server on Apache HTTP Server with an authorization window. How I created it will be described in the next article. Thanks to it, I can show how unprotected you will be with the HTTP protocol on an open network.

You see a typical authorization window with the ability to enter a login and password (in my case it’s email, but this doesn’t change the essence).
I enter hypothetical data.
My web server has a database with existing users and if the data entered in the form does not correspond to the basic data, the tab with the basic information will not be displayed. Unfortunately, even without gaining access to the My web server has a database with existing users and if the data entered in the form does not correspond to the basic data, the tab with the basic information will not be displayed. Unfortunately, even without gaining access to the treasured information, your data can be stolen.

WireShark has a convenient filtering feature. I will use it to quickly find the necessary http packages.
We need the POST method because it could cause our data to end up in the hands of an attacker. POST is a method of sending data to the server, for example, after filling out a registration form or authorization on a website.

Click “Follow TCP Stream” and get a window in which the entire exchange between two nodes will be clearly demonstrated.

And look! Without any encryption we are presented with a login and email (there could be a password).

I hope my article clearly showed why you CANNOT use sites with an unsecured HTTP protocol especially on open unsecured networks where all your network traffic is in full view. I also advise you not to enter confidential information through an unsecured network. Again, your traffic can be intercepted. If you want to protect yourself, use a VPN.

DEV Community: Marko

My first experience with the LAMP stack

Why is it dangerous to use the HTTP protocol on public Wi-Fi.