Grafana is an open-source monitoring and data visualization software. It provides analytics and interactive visualization on the web for your servers, with features offering charts, graphs, and alerts. It supports integration with complex data sources such as Prometheus, Graphite, and ElasticSearch.

This tutorial will guide you through installing and configuring Grafana on your Ubuntu server.

Installing Grafana on Ubuntu 24.04

To install Grafana on Ubuntu 24.04, you'll first update the package index, add Grafana's APT repository, install it, then enable it to start automatically after system startup. Finally, you'll secure your installation by disabling signups and anonymous access.

Note

If you want to skip all the technical steps of setting up Grafana on your server and have it installed in minutes, then I have some great news for you! Our team of engineers has prepared a ready-to-use 1-click Grafana application for your convenience. Just choose a server, and while prompted to choose the operating system, choose Grafana from the dropdown menu. This will set up Grafana in minutes! However, if you want to get your hands dirty, then you can continue reading.

Prerequisites

To follow this tutorial you need:

• Basic knowledge of the Linux command line.
• An Ubuntu 24.04 server with a non-root user with sudo privileges.  If you haven't noticed, we offer extremely powerful Ubuntu servers at the globe's absolute lowest price. Take a look at our offerings and prepare for your mind to be blown .
• The LEMP stack (Nginx, MariaDB, and PHP) installed on your server. Use our Installing LEMP on Ubuntu 24.04 LTS guide to set it up, or you can simply use our LEMP 1-Click App to set up LEMP automatically when creating a server with SSD Nodes.
• A TLS/SSL certificate, because Grafana can access sensitive information about your infrastructure. Fun fact: All our 1-click applications (including LEMP and Grafana) come preinstalled with an SSL certificate

Check out our How to access your server using SSH guide to learn how to access your server and create a sudo user.

Step 1: Updating the Ubuntu Package List

Start by updating the packages in the package manager cache to the latest available versions using the following command:

sudo apt update

Step 2: Install Grafana on Ubuntu Server

To install Grafana, you will need to first add its APT repository. First get the official GPG key from the Grafana website using the following command:

wget -q -O - https://packages.grafana.com/gpg.key | gpg --dearmor | sudo tee /usr/share/keyrings/grafana.gpg > /dev/null

This downloads and stores the key in /usr/share/keyrings/grafana.gpg.

With the GPG key downloaded, add the Grafana repository to your APT sources using the following command:

echo "deb [signed-by=/usr/share/keyrings/grafana.gpg] https://packages.grafana.com/oss/deb stable main" | sudo tee -a /etc/apt/sources.list.d/grafana.list

To use the repository, update the package index of your Ubuntu server:

sudo apt update

Once the update is done, install Grafana with the following command:

sudo apt install grafana

Once the installation finishes, start the Grafana server:

sudo systemctl start grafana-server

Once started, check the Grafana server status with the systemctl status command:

sudo systemctl status grafana-server

You will receive the following output:

Next, enable the Grafana server to start at boot:

sudo systemctl enable grafana-server

You should receive the following output:

Synchronizing state of grafana-server.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable grafana-server
Created symlink /etc/systemd/system/multi-user.target.wants/grafana-server.service → /lib/systemd/system/grafana-server.service.

With this, Grafana is now successfully installed on your server.

Step 3: Logging in to Grafana

Now that you have Grafana installed on your server, you can visit the following URL to access the Grafana web interface:

http://your_server_IP_or_domain:3000

Remember to change your_server_IP_or_domain with your server's IP address or domain name.

Once the page loads, you will see a login screen as follows:

The default Grafana credentials are admin for the username and admin for the password. Once you enter these credentials and submit the form, you will be moved to a screen with a form for entering a new password for your admin account. Enter a strong password, re-enter it, and submit the form.

Once you secure your account, you'll be redirected to the Grafana dashboard.

Step 4: Disabling Grafana Signups and Anonymous Access

To further secure your Grafana set up, you need to disable an option that allows visitors to create user accounts and access the Grafana dashboard.

First, open Grafana's main configuration file:

sudo nano /etc/grafana/grafana.ini

Change the allow_sign_up directive from this:

# disable user signup / registration
;allow_sign_up = true

To the following:

# disable user signup / registration
allow_sign_up = false

Next, disable anonymous access. First, look for the following:

# enable anonymous access
;enabled = false

And change it to the following:

# enable anonymous access
enabled = false

This limits dashboard access to registered users only.

Save and close the file.

Restart Grafana:

sudo systemctl restart grafana-server

Check the status of the Grafana server:

sudo systemctl status grafana-server

The output should be as follows:

To verify that registrations have been disabled, visit your Grafana web interface like before:

http://your_server_IP_or_domain:3000

Move your cursor to the admin avatar on the lower-left of the screen directly above the question mark, then click Sign out.

Once your signed out, check that there is no Sign Up button on the page.

With this, the Grafana dashboard is now only accessible via accounts you register.

You've successfully installed Grafana on your Ubuntu 24.04 server, and you can now monitor your server. For more information on Grafana, check out their official website.

Note: What we’ve done in this article is suitable for testing purposes and personal use, whereas if you want to publish your site to production, and securely process your online transactions, we do suggest you check our How To Install Let’s Encrypt on Ubuntu 24.04 article, that explains in detail how to secure your site with SSL certificates

Reader Alert!

If you feel that the technical instructions in this tutorial are time-consuming, or beyond your expertise, you can choose a very convenient and practical solution, ready-made, fully and professionally tested, and developed by SSD Nodes (That is us ). Just visit our website, choose the server’s specifications that fit your needs, and while prompted to choose among the operating systems and the 1-Click Applications we have, choose Grafana from the Apps menu, complete your checkout, and in a couple of minutes our algorithms will take care of all the technical aspects smoothly and effortlessly, just for you!

FAQ: Frequently Asked Questions on Grafana

What is Grafana Playground?

Grafana Playground is a free, interactive environment for exploring Grafana features and capabilities without installation. It allows users to experiment with dashboards, data sources, and visualization options in real-time. This is ideal for learning and testing. Grafana Playground helps users understand how to leverage Grafana for monitoring and data analytics effectively. Try it today to enhance your skills!

How to Use HTTPS with Grafana?

Using HTTPS with Grafana enhances security by encrypting data transmission. Learn to set it up using Let's Encrypt and Certbot with our How To Install Let’s Encrypt on Ubuntu 24.04 tutorial.

What is the Difference Between Grafana vs Superset?

While both Grafana and Apache Superset are powerful data visualization tools, they cater to different needs. Grafana is ideal for real-time monitoring and observability, excelling with time-series data and providing robust alerting features. It's commonly used for tracking system health and application performance. In contrast, Apache Superset is geared towards business intelligence and data exploration, offering powerful tools for creating interactive dashboards and conducting SQL-based analytics.

In this article, you'll learn how to install Certbot on Ubuntu 24.04, and use it to install Let's Encrypt certificates and configure them for both Apache and Nginx to use HTTPS instead of HTTP.

Quick-Start Guide: Install Certbot on Ubuntu 24.04

If you're looking for the fastest way to install Certbot and set up Let's Encrypt on Ubuntu 24.04, here are the essential commands:

# Update packages and install Certbot
sudo apt update
sudo apt install -y certbot

# For Apache users
sudo apt install -y python3-certbot-apache
sudo certbot --apache -d example.com

# For Nginx users
sudo apt install -y python3-certbot-nginx
sudo certbot --nginx -d example.com

For detailed instructions, including manual installation and configuration options, continue reading below.

Prerequisites

• To follow this tutorial, you'll need an Ubuntu 24.04 server with sudo privileges. If you haven't noticed, we offer the most affordable and reliable Ubuntu servers in the world. Our NVMe VPS options provide lightning-fast performance for your SSL-secured websites.

Step 1: Install Certbot on Ubuntu 24.04

To install Certbot on Ubuntu 24.04, you'll first need to update your package repositories to ensure you're installing the latest version. Updating your package list refreshes your system's knowledge of available software and their versions, which is an essential first step before installing any new application:

sudo apt update

Next, use the apt command to install certbot:

sudo apt install -y certbot

The Certbot command line tool will automate the process of getting and installing a Let's Encrypt certificate that you can use with Apache and Nginx servers, valid for 90 days, with the possibility of an automated renewal.

Note

Before proceeding with certificate installation, ensure that TCP ports 80 (HTTP) and 443 (HTTPS) are open on your server's firewall. These ports are essential for the Let's Encrypt validation process - port 80 allows the initial domain verification challenge to complete successfully, while port 443 is needed for serving encrypted HTTPS traffic once your certificate is installed.

Step 2: Install a Let’s Encrypt Certificate Using Certbot

To create a Let’s Encrypt certificate with certbot on Ubuntu, you’ll use the following command structure:

sudo certbot certonly --webroot --webroot-path WEB_SERVER_ROOT_PATH -m EMAIL -d DOMAIN --agree-tos -n

Here is what each part of the preceding command means:

• certonly: (certificate only) used to just obtain the certificate without installing it anywhere.
• --webroot: An option that is used here to keep the web server running while Certbot runs, since we’re already running a local web server, and don't want to stop it during the certificate issuance process.
• --webroot-path or -w: Defines the top-level directory (“web root”) containing the files served by your webserver. Note that the web root path must be the path on which files from the domain are served. In our example, it's the web root path from which our http://www.example.com URL serves files.
• --mail or -m : The email which will be used by the certificate authority to alert you when a domain will expire.
• --domain or -d: The domain name you’ll use to access the server by.--agree-tos: Confirms our agreement to the ACME server's subscriber agreement.
• --non-interactive or -n is used to execute the command without ever asking for user input or prompts.

Now that you are familiar with the certbot options and actions, you can form and execute a certbot command to create a certificate. For example, you can use the following command, making sure to set the appropriate values for your case:

sudo certbot certonly --webroot --webroot-path /var/www/html/ -m devops@example.com -d www.example.com --agree-tos -n

Once the command is executed, the following two files will be automatically created under the respective subdirectories as follows:

• The private key: /etc/letsencrypt/live/www.example.com/privkey.pem
• The certificate: /etc/letsencrypt/live/www.example.com/fullchain.pem

Now that you have your Let's Encrypt private key file and your certificate file, you can install your certificate on your web server.

"Only Domain Names Are Supported, Not IP Addresses" Certbot Error

The "Only domain names are supported, not IP addresses" error in Certbot occurs because Let’s Encrypt does not issue SSL certificates for IP addresses. Certificates are only provided for fully qualified domain names (FQDNs). To resolve this, ensure you are using a valid domain name instead of an IP address when requesting a certificate. Register a domain if needed.

Step 3: Configuring Apache with Let's Encrypt Certificates

Now that you’ve created a Let’s Encrypt certificate, you can configure your Apache server to use it and enable HTTPS on your website.

First, you'll need to modify Apache's default configuration file to integrate your newly acquired Let's Encrypt SSL certificate. This configuration file controls how Apache handles incoming requests and determines which virtual hosts use HTTPS encryption:

sudo nano /etc/apache2/sites-enabled/000-default.conf

Make sure you set up a domain, and then replace the key and the certificate paths with the Let’s Encrypt private key file and the certificate file (the changes you have to make are highlighted in yellow in the code below):

<VirtualHost *:80>
        Define servername www.example.com
        ServerName ${SERVERNAME}
        RewriteEngine on
        RewriteRule ^/.*$ https://\${SERVERNAME}%{SCRIPT_FILENAME}?%{QUERY_STRING} [R=301]
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
        SSLEngine On
        SSLCertificateFile /etc/letsencrypt/live/www.example.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
        ServerName ${SERVERNAME}
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Here, you set the SSLCertificateFile directive to the path of the Let’s Encrypt certificate file, and you set the SSLCertificateKeyFile directive to the private key’s path.
Next, test for configuration errors:

sudo apache2ctl configtest

You should receive an output that contains the text Syntax OK, which means you can safely reload Apache, otherwise, you will get a very specific description pointing out the error you have to fix.
Next, restart Apache:

sudo systemctl restart apache2

Now, reload your website in the browser. You will notice a secured padlock with a valid certificate message as you can see in the following example, which was taken from the Google Chrome browser:

With this, you now have HTTPS enabled in your Apache web server, and you can now secure your web traffic, which establishes customer trust and protects both your internal and public data.

Step 3.2: Configuring Nginx with Let's Encrypt Certificates

To configure your Let’s Encrypt certificate with your NGINX server and enable HTTPS on your website. First, edit NGINX’s default configuration file:

sudo nano /etc/nginx/sites-enabled/default

Set up your domain name. Then replace the private key and the certificate paths with the Let’s Encrypt private key file and the certificate file generated by Certbot (the changes you have to make are highlighted in yellow in the code below):

server {
   listen 80;
   listen [::]:80;
   server_name www.example.com;
   access_log off;
   location / {
         rewrite ^ https://$host$request_uri? permanent;
   }
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name www.example.com;
    root /var/www/html;
    index index.php index.html index.htm index.nginx-debian.html;
    autoindex off;
    ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location ~ \.php$ {
         include snippets/fastcgi-php.conf;
         fastcgi_pass unix:/var/run/php/php-fpm.sock;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         include fastcgi_params;
    }
}

Here, you set the ssl_certificate directive to the Let’s Encrypt certificate file path you created earlier, and the ssl_certificate_key directive to the Let’s Encrypt private key file path.
With the configuration file modified, check for syntax errors in it using the following command:

sudo nginx -t

The output should let you know that the configuration file test is successful.

Now, restart NGINX:

sudo systemctl restart nginx

Reload your browser and you will notice a secured padlock with a valid certificate message.

Step 4: Verifying Your Let's Encrypt Certificate Information

In the pop-up that comes up when clicking the padlock or settings icon on the left side of the URL, click on "Certificate is secure" or "Connection is Secure" depending on your browser. This will give you detailed information on the CA certificate:

Congrats!

Your Ubuntu server's Apache or Nginx web server has become CA certified with Let's Encrypt, and you can now securely transfer data through HTTPS, and protect your online transactions, and with best security practices, you can handle paid subscriptions, eCommerce orders, memberships, or charity and online fundraising.

Installing a non-Let's-Encrypt CA Certificates

If you are looking to install a non-Let's-Encrypt CA Certificate you'll generally need to do the following:

1) Creating a Certificate Signing Request (CSR)

The CSR contains information (e.g. common name, organization, country) which the Certificate Authority (CA) will use to create your certificate. You generate it on the server where you want to install the certificate. It includes the public key that will be part of your certificate, and is signed with the corresponding private key.
Check out How to Create a Self-Signed Certificate, which describes CSR creation for self-signed certificates (which also applies to CA certificates).

2) Uploading the CSR to the Certificate Authority (CA)

Please refer to the documentation of the certificate authority of your choice, and follow their instructions to properly upload your certificate signing request, along with any additional information.

Once the CSR is uploaded, the CA replies with your final certificate ready to use.

FAQ

What are the differences between Let's Encrypt Certificates vs Paid TLS/SSL Certificates?

Although Let's Encrypt provides free SSL certificates. Paid TLS/SSL certificates often give you additional features such as extended validation and warranty. These paid TLS/SSL certificates are usually suitable for businesses needing higher trust levels. Both types of certificates encrypt data, but paid SSLs often come with better customer support and additional security features. If you have a business, it is better to use a paid certificate. To get affordable TLS/SSL certificates, check out our website.

Is Let's Encrypt safe?

Yes, Let's Encrypt is safe. It provides the same level of encryption as paid SSL certificates. It is backed by major tech companies and regularly audited for security. Automatic renewals ensure your site stays secure. However, it lacks some advanced features offered by paid certificates. For most websites, Let's Encrypt is a reliable and secure option.

What to do when Let's Encrypt Root Certificate is expiring?

Let's Encrypt's root certificate expiration is a known issue. Ensure your systems are updated to trust the new root certificate. Older devices might face connectivity issues. Regularly check for updates and ensure compatibility with new certificates. This change is a normal part of maintaining secure encryption. Proper updates will keep your site secure and trusted.

How to perform Let's Encrypt renewals with Certbot?

Renewing Let's Encrypt certificates with Certbot is straightforward. Certbot automatically handles renewals for you. By default, it checks for renewal every day and renews certificates that are within 30 days of expiring. Ensure your server is configured to allow automatic renewals. Manual renewal can be done if needed, but automation is recommended for continuous security.

Does Let's Encrypt offer Wildcard Certificates?

Let's Encrypt offers wildcard certificates, securing multiple subdomains under a single domain. This simplifies certificate management. To obtain a wildcard certificate, use DNS-based domain validation. Ensure your DNS provider supports the necessary API calls. Wildcard certificates are beneficial for sites with numerous subdomains, reducing the need for separate certificates for each one.

Webmin is a free and open-source web-based control panel that allows you to manage your Linux server from the browser. The web interface Webmin provides is a flexible modern dashboard with dozens of options to manage the internal configurations of your Linux server, such as user accounts, disk quotas, DNS, package settings, services, web servers, and much more. If you use a LAMP stack on your server, you can use Webmin to configure your Apache web server, MySQL server, PHP applications, as well as other technologies such as PostgreSQL database servers and Python. Webmin can be used to manage your server remotely from any browser.

In this tutorial, we'll install Webmin on an Ubuntu 22.04 server, and use it to perform basic system administration tasks such as monitoring the system, adding new users with different permissions, installing, updating and upgrading packages, as well as running software on your server, in addition to executing commands.

Note: This tutorial is for Ubuntu 22.04, if you are working with Ubuntu 24.04, please check out our How to Install Webmin on Ubuntu 24.04 guide.

Prerequisites for Installing Webmin on Ubuntu

• An Ubuntu 22.04 server with root access or a sudo user. If you haven't noticed, we offer extremely powerful Linux servers at the globe's absolute lowest price. Take a look at our offerings and prepare for your mind to be blown .
• Access your sever via SSH, check out How to access your server using SSH for instructions.

Note: If you want to skip all the technical steps of setting up Webmin and have it installed in minutes, you can use our tried and tested 1-click Webmin application. Just choose a server, click Customize Your Own Server, under Select Server Image go to the Apps tab, then choose Webmin. This will set up Webmin in minutes!

Step 1: Update the Package Cache

Start by updating the packages in the package manager cache to the latest available versions using the following command:

sudo apt update

Step 2: Install Webmin on Ubuntu 22.04

To install the Webmin control panel on Ubuntu 22.04, you'll need to add the Webmin repository that will enable you to install the Webmin packages and update them with apt. To make sure this new repository is trusted and that it is indeed the one Webmin developers provide, you'll download a PGP signature—a digital signature that is used to verify packages that are downloaded from the Internet.

Use the following command to get the PGP key provided by the Webmin developers to verify the package's authenticity, and then use the gpg command line tool to convert it to a file that apt can use:

wget -qO- https://download.webmin.com/jcameron-key.asc | sudo gpg --dearmor -o /usr/share/keyrings/webmin.gpg

Here, you use the wget tool to get Webmin’s PGP key, and then you pass the output to the gpg command line tool to unpack the input and save it to the /usr/share/keyrings/ path.

You can now add the Webmin repository with this key. Open the /etc/apt/sources.list file:

sudo nano /etc/apt/sources.list

Add the Webmin repository at the end of the file:

deb [signed-by=/usr/share/keyrings/webmin.gpg] http://download.webmin.com/download/repository sarge contrib

Exit the file with CTRL+X, then press Y and ENTER to save the changes.

Update your package index with the newly added Webmin repository:

sudo apt update

Once the update finishes, you can install Webmin using the following command:

sudo apt install webmin

Once the installation finishes, check that the webmin service is running properly using the following command:

sudo systemctl status webmin

You should receive an output similar to the following:

● webmin.service - Webmin server daemon
     Loaded: loaded (/lib/systemd/system/webmin.service; enabled; vendor preset: enabled)
     Active: active (running) since Sun 2025-01-28 17:23:29 UTC; 53s ago
    Process: 7432 ExecStart=/usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf (code=ex>
   Main PID: 7433 (miniserv.pl)
      Tasks: 1 (limit: 19072)
     Memory: 28.8M
        CPU: 638ms
     CGroup: /system.slice/webmin.service
             └─7433 /usr/bin/perl /usr/share/webmin/miniserv.pl /etc/webmin/miniserv.conf

Aug 28 17:23:27 lamptest systemd[1]: Starting Webmin server daemon...
Aug 28 17:23:27 lamptest perl[7432]: pam_unix(webmin:auth): authentication failure; logname=>
Aug 28 17:23:29 lamptest webmin[7432]: Webmin starting
Aug 28 17:23:29 lamptest systemd[1]: Started Webmin server daemon.

Note: Webmin is accessible via TCP port 10000. If you have a firewall enabled on your system, you need to allow Webmin's port through the firewall, so that it can be accessed remotely:

sudo ufw allow 10000

Warning: You should be extremely careful with your security practices. It is best to allow only a few trusted IP addresses or IP ranges to access your Webmin control panel. Additionally, make sure to always assign strong passwords for your Unix users, and restrict their permissions. Webmin is a powerful tool, and anyone who gains access to it will have total control over your system.

Step 3: Access Webmin

With the Webmin package installed, use your browser to visit the following URL, replacing your_ip_address_or_domain with your server's IP address or domain name:

https://your_ip_address_or_domain:10000

If you haven't set up an SSL certificate from a Certificate Authority like Let's Encrypt, you will receive a "Not Secure" or "Connection is not private" error depending on your browser. This informs you that the connection to your server is not secure. This error message is normal because Webmin is encrypted and secured with a self-signed certificate, and the browser does not recognize it since your server is not one of its known certificate authorities.

Click the Advanced button or More information depending on the browser, and choose to proceed. The following is an example of the error in the Google Chrome browser:

Once you proceed, you'll receive a login page similar to the following:

Login using the Unix username and password you've set up on the server. Or you can use your server's root account.

You'll be taken to the Webmin dashboard, which looks like so:

In this dashboard, you have system information, such as CPU, memory, and disk usage. Additionally, you have a menu with a list of options on the left side of the screen, which you can use to control your system's functionalities, such as system tools, networking, hardware, etc.

Step 4: Using Webmin to Perform Basic Sysadmin Tasks

Webmin has many modules you can use to control and configure your system. In this step you'll learn about a few of these modules and how to use them. You'll use Webmin to install and update packages, manage system users and groups, and manage Webmin users.

Installing Packages

To install a software package using Webmin, follow these steps:

1. On the left-hand Webmin menu click System then Software Packages.
2. Select the Package from APT radio button.
3. Type in the package name you want to install, for example nginx, then click Install. You'll be taken to a page that asks you to confirm installing the package and it's dependencies, which will be listed in a table.
4. Click Install Now.

Webmin will download the package and install it on your system. You'll get detailed information on the installation process, and below it you'll see an install complete text informing you that the package was successfully installed.

Updating Packages

To update all your packages to the latest version using Webmin, follow these steps:

1. On the left-hand menu click System then Software Package Updates. This page lists all the packages that need to be updated. You can check and uncheck packages to decide which ones you want to be updated.
2. To update all packages, make sure they are all checked, then click Update Selected Packages. You'll be taken to a page with the complete list of the packages that will be updated.
3. Click Install Now.

The update will start, and once it finishes, you may be asked to reboot the system if any of the updated packages requires a system reboot. You can reboot your server with Webmin by clicking Reboot Now.

Managing Unix Users and Groups

A Unix user is your typical user that connects to your server with SSH or FTP, they own files and folders on your system, and they have their own home directory. In this section we will use Webmin to create a user on your server with a dedicated home directory, and we will also add them to the sudo group, so they can have sudo privileges. We'll call our user example_user, but feel free to choose another name.

To create a system user on your server using Webmin, follow these steps:

1. On the left-hand menu, click on System then Users and Groups. You'll be taken to the Users and Groups Webmin module, where you have a table for all the current system users under Local Users and a table for the current system groups under Local Groups.
2. In the Local Users table, click Create a new user. This will take you to the Create User page.
3. Type in example_user in the Username field.
4. Select Automatic for the User ID field.
5. Set the Real Name to the full name of the user or use a descriptive name such as Monitoring User or Updates User.
6. Select Automatic for the Home Directory field.
7. Set Shell to bin/bash.
8. Set Password to Normal password and type in a strong password for your user.
9. In the Group Membership menu, select New group with same name as user for the Primary group.
10. For the Secondary groups, click on sudo in the All groups list. It should be added automatically to the In groups list.
11. Click Create.

With this, you now have a new user called example_user on your system with sudo privileges.

Managing Webmin Users

In addition to creating a Unix user on your system, you can also grant other people access to Webmin by creating a Webmin user account for them. To restrict what the user can do with their account, you can select which Webmin modules the user can use. For example, you can create a user account with access to the Software Package Updates as the only module they can use. Moreover, you can restrict what each user can do within each module. For example, you can create a user that can only see the list of packages that need to be updated, or a user that can see the list of packages and be able to update them.

To create a Webmin account, click Webmin on the left-hand menu, then click Webmin Users. You'll see that root is the only Webmin user in the Webmin Users table. This default root user can use every module and has total control over the system.

Webmin allows you to create two different kinds of users, a safe user, and a privileged user. A safe user can have access to only safe modules, and a privileged user can be granted all privileges on the system.

Before creating a Webmin user, you need to enable a function that prompts users with expired passwords to enter a new one. To do so, open the Webmin lefthand menu, then go to Webmin Configuration, click Authentication. In the Password expiry policy, select Prompt users with expired passwords to enter a new one then click Save.

To create a Webmin account for a privileged user, follow these steps:

1. Go to the Webmin menu on the left, then click on the Webmin Users module, click Create a new privileged user. You'll be taken to a page titled Create Webmin User.
2. Set a username in the Username input field, and set a strong password of your choice for the Webmin user you are creating.
3. Check the Force change at next login box. So that the user changes their password when logging in for the first time.
4. Set the Real Name to the full name of the user or use a descriptive name such as Monitoring User or Updates User.
5. For extra security, open the Security and limits options section, and set Inactivity logout time to 30 minutes to logout users after 30 minutes of inactivity, and set the Minimum password length to 15 letters. It is recommended to also select the Only allow from listed addresses option and enter a list of IP addresses to restrict access and allow only the IP address(es) of your Webmin user. You can also restrict access to certain days of the week and times of the day.
6. In the Available Webmin modules, you can either click select all to allow the user to use all Webmin modules, or select only a few modules that you would like your Webmin user to use.
7. Click Create. You'll be taken to the Webmin Users page where you can find a list of the current Webmin users.

Sign out from Webmin by clicking the red logout icon at the bottom of the left-hand menu, then login using your new Webmin user account. You'll be prompted to change your password, so change it and login again. You'll be redirected to your Webmin dashboard.

If you’ve limited access to your new user, you'll see that the options in the left-hand menu are limited to the modules you've checked when creating your Webmin user.

Creating a Safe Webmin User Based on a Unix User

To create a Webmin account for a safe user, make sure you have a Linux user on your server, such as the example_user we've created earlier. Open the Webmin left-hand menu, then go to the Webmin Users module, and then click on Create a new safe user.

Follow the same steps required for creating a privileged user, with the exception that the username should be the same as a user you already have on your system such as the user example_user. In the Available Webmin modules, you'll notice that the modules you can select are limited.

Select the Webmin modules you'd like your safe Webmin user to have access to, and click Create. This should create a new safe Webmin user.

Warning: You must be very careful when granting access to Webmin users, you may accidentally allow a user to edit an arbitrary configuration file that grants them root privileges.

Step 5: Adding a Valid CA SSL Certificate with Let’s Encrypt

Webmin uses SSL encryption and the HTTPS protocol by default, but the certificate it uses to validate the server's identity is self-signed and untrusted by browsers. To solve this issue using Webmin, you can install a valid SSL certificate issued by Let’s Encrypt, a nonprofit Certificate Authority that provides free of charge, valid SSL certificates that are trusted by browsers.

Note: Let's Encrypt does not issue certificates for IP addresses, so you need to have a Fully-Qualified Domain Name (FQDN), with a DNS A record pointing to your server's IP address. In this section, we will use example.com as an example domain name, but you must use your own domain name.

To install a Let's Encrypt certificate with Webmin you first need to set up your domain name using the following steps:

1. On the left-hand menu, click Networking, then Network Configuration.
2. Click on Hostname and DNS Client.
3. Fill in the Hostname field with your domain, such as example.com or www.example.com.
4. Click Save

After setting up your domain name, install a Let's Encrypt certificate by following these steps:

1. Click Webmin in the left-hand menu, then Webmin Configuration.
2. Click on SSL Encryption.
3. Go to the Let’s Encrypt tab.
4. Type in your domain name in the Hostnames for certificate field.
5. In the Website root directory for validation file field, select Apache virtual host matching hostname if you are using Apache, or select Other directory and type in your web root directory. This root directory is typically located at /var/www/example.com. With example.com representing your domain name. It can also be located at /var/www/html, which is a typical default path for web root directories.
6. To automate the Let's Encrypt certificate renewal process, deselect the Only renew manually and select the radio button next to it, then type in 1 in the field to its right. This automatically attempts to renew the Let's Encrypt certificate each month.
7. Click Request Certificate. You'll be moved to a page that displays information on the certificate request and configuration process.

Once the certificate request and configuration process finishes, click Return to Webmin configuration. You'll be redirected back to the Webmin Configuration module. Scroll down to the bottom of the page, then click on the Restart Webmin button and wait for a few seconds while Webmin reboots, then refresh the page, and you'll see that the Let's Encrypt certificate is enabled, and the URL bar of the browser now has a secured padlock on its left. If you click on the padlock icon, you'll receive a Connection is secure pop-up.

With this you now have a valid SSL certificate issued by Let's Encrypt.

(Optional) Step 6: Setting up Your SSL Certificate and Using it With Nginx and Apache

Note: This section will be a brief description of how to use your SSL certificate with Nginx and Apache, and it assumes you have a basic understanding of how SSL certificates work and that you know how to modify your web server's configuration.

To configure your web server to use your Let's Encrypt certificate. You first need to locate the private key file for your SSL certificate and the certificate file. These two files were configured by Webmin. To do so, follow these steps:

1. Click Webmin in the left-hand menu, then Webmin Configuration.
2. Click on SSL Encryption.

You should see information on your SSL certificate, including the path of your private key file and the path of your certificate file, as highlighted in the following image:

Here, you have the following paths:

• The private key file's path: Under Private key file, in this case, the path is /etc/webmin/letsencrypt-key.pem.
• The certificate file's path: Under Certificate file, in this case, the path is /etc/webmin/letsencrypt-cert.pem.

Note: In the following instructions, make sure to set your paths properly in your web server's configuration.

Configuring Nginx to Use the Let's Encrypt Certificate

First, open your Nginx configuration file in your /etc/nginx/sites-enabled directory, this could be the default configuration file, in which case you can open it using the following command:

sudo nano /etc/nginx/sites-available/default

Otherwise, if you have disabled the default configuration and configured Nginx for your domain, the following command should be used instead. Remember to replace your_domain with your domain name:

sudo nano /etc/nginx/sites-available/your_domain

Change the values of the ssl_certificate and ssl_certificate_key directives, by setting ssl_certificate to the path of your certificate file, and ssl_certificate_key to the path of your private key file, like so:

server {
   listen 80;
   listen [::]:80;
   server_name your_domain;
   access_log off;
   location / {
         rewrite ^ https://$host$request_uri? permanent;
   }
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name your_domain;
    root /var/www/your_domain;
    index index.php index.html index.htm index.nginx-debian.html;
    autoindex off;
    ssl_certificate /etc/webmin/letsencrypt-cert.pem;
    ssl_certificate_key /etc/webmin/letsencrypt-key.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location ~ \.php$ {
         include snippets/fastcgi-php.conf;
         fastcgi_pass unix:/var/run/php/php-fpm.sock;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         include fastcgi_params;
    }
}

Save and close the file.

In addition to setting the ssl_certificate and ssl_certificate_key directives. Remember to also change your_domain in the preceding configuration with your domain name, and make sure to set the value of the root directive to your web root directory.

If you are using a custom configuration file, link it to the configuration file from NGINX’s sites-enabled directory, if you haven't already:

sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled

To check that your configuration file has been properly linked to NGINX’s sites-enabled directory, run the following command:

sudo ls -l /etc/nginx/sites-enabled

You should have a line similar to the following as part of the output:

lrwxrwxrwx 1 root root 33 Aug  4 10:07 your_domain -> /etc/nginx/sites-available/your_domain

Next, check for syntax errors in your configuration files using the following command:

sudo nginx -t

The output should let you know that the configuration file test is successful.
Now, restart NGINX:

sudo systemctl restart nginx

Now visit your website’s domain name or IP address using https:// at the beginning:

https://your_domain_name

Reload your browser and you will notice a secured padlock with a valid certificate.

Configuring Apache to Use the Let's Encrypt Certificate

To configure Apache to use the Let's Encrypt certificate you obtained using Webmin, first open your Apache configuration file, which is located by default at /etc/apache2/sites-enabled/000-default.conf:

sudo nano /etc/apache2/sites-available/000-default.conf

Otherwise, you might have set up an Apache configuration file for your site at /etc/apache2/sites-available/your_domain.conf, with your_domain representing your domain name as usual, in which case you may use the following command:

sudo nano /etc/apache2/sites-available/your_domain.conf

Change the values of the SSLCertificateFile and SSLCertificateKeyFile directives, by setting SSLCertificateFile to the path of your certificate file, and SSLCertificateKeyFile to the path of your private key file, like so:

<VirtualHost *:80>
        Define servername your_domain
        ServerName ${SERVERNAME}
        RewriteEngine on
        RewriteRule ^/.*$ https://\${SERVERNAME}%{SCRIPT_FILENAME}?%{QUERY_STRING} [R=301]
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
        SSLEngine On
        SSLCertificateFile /etc/webmin/letsencrypt-cert.pem
        SSLCertificateKeyFile /etc/webmin/letsencrypt-key.pem
        ServerName ${SERVERNAME}
        DocumentRoot /var/www/your_domain
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Again, make sure to replace your_domain with your domain name.

Save and close the file.

If you haven't already, you should enable your your_domain.conf file using the a2ensite command:

sudo a2ensite your_domain.conf

You might also want to disable the default site in 000-default.conf:

sudo a2dissite 000-default.conf

Next, test for configuration errors:

sudo apache2ctl configtest

You should receive an output that contains the text Syntax OK, which means you can safely reload Apache, otherwise, you will get a very specific description pointing out the error you have to fix.

Next, restart Apache:

sudo systemctl restart apache2

Now, reload your website in the browser. You will notice a secured padlock with a message that informs you that your SSL certificate is valid.

With this, you now have HTTPS enabled in your Apache web server using the Let's Encrypt certificate you obtained using Webmin.

Congrats!

At this point in the article, you should be proud of yourself! You have learned how to install Webmin on Ubuntu 22.04, and used it to perform many sysadmin tasks, such as installing and updating packages, managing Unix users and groups, and managing Webmin users. You've also used Webmin to add a Valid SSL Certificate with Let’s Encrypt, and learned how to use it with Nginx and Apache.

Webmin allows you to have total control over your system and give others the ability to manage your server. Check out Official Webmin wiki for more on how to use Webmin to perform your sysadmin tasks.

Introduction

Zabbix is an open-source Linux management software that monitors the availability and performance of IT infrastructure components.

Zabbix provides real-time monitoring of thousands of metric data from servers, virtual machines, network devices, and web applications. Analyzing the data Zabbix gathers will give you a general idea of the health of your servers and web applications, in addition to helping you detect potential problems before your users report them.

To monitor a server and collect data from it, Zabbix uses an agent that gathers data from different services and sends it to the Zabbix monitoring server. Zabbix supports encrypted communication between the monitoring server and its monitored clients. This ensures that your data is transferred securely over the network.

Zabbix provides a web interface that allows you to monitor your servers (also known as Zabbix clients) and their internal services and manage system settings.

Installing Zabbix on Ubuntu 24.04

To install Zabbix 7 on Ubuntu 24.04, you'll first download the Zabbix repository configuration package, install the Zabbix web frontend with MariaDB database support, Zabbix server, and Zabbix Nginx configuration packages. Next, you'll configure MariaDB for Zabbix, set up Nginx and PHP, then finish up your Zabbix installation through the Zabbix web interface.

Note

If you want to skip all the technical steps of setting up Zabbix on your server and have it installed in minutes, then I have some great news for you! Our team of engineers has prepared a ready-to-use 1-click Zabbix application for your convenience. Just choose one of our servers, and while prompted to choose the operating system, choose Zabbix from the dropdown menu.

Prerequisites

To follow this tutorial you need:

• An Ubuntu 24.04 server with a non-root user with sudo privileges.  If you haven't noticed, we offer extremely powerful Ubuntu 24.04 VPS servers at a bargain. Take a look at our offerings and prepare for your mind to be blown .
• The LEMP stack (Linux, Nginx, MariaDB, and PHP) installed on your server. Use our Installing LEMP on Ubuntu 24.04 LTS guide to set it up. Or you can use our LEMP 1-Click App to set up LEMP automatically when creating a server.
• A TLS/SSL certificate, because Zabbix can access sensitive information about your infrastructure. Fun fact: All our 1-click applications (including LEMP and Zabbix) come preinstalled with an SSL certificate

Check out our How to access your server using SSH guide to learn how to access your server and create a sudo user.

Step 1: Installing the Zabbix Server

You first need to install Zabbix onto the server where MariaDB and Nginx should be already be installed. Zabbix offers installation packages for different Linux distributions. Zabbix can be found in Ubuntu's package manager, but it is outdated. To install the most recent stable version, use the official Zabbix repository.

To download and install the latest Zabbix server, first get the Zabbix repository configuration package. This can be done by downloading the Zabbix.deb file using the wget command. This .deb file will be used to add the repository.

Run the following command:

wget https://repo.zabbix.com/zabbix/7.0/ubuntu/pool/main/z/zabbix-release/zabbix-release_7.0-2+ubuntu24.04_all.deb

Once the download finishes, you can install it with the dpkg command:

sudo dpkg -i zabbix-release_7.0-2+ubuntu24.04_all.deb

After you run the command above, you will see an output like this:

Next, refresh the package index to use this new repository:

sudo apt update

You should see the following as part of the output:

We are now able to install Zabbix after our server has been updated.

Next, we will install the Zabbix web frontend with MySQL database support and the Zabbix server. Note that we will be using MariaDB, but because its compatible with MySQL, you can just install the MySQL packages and they will work as expected:

sudo apt install zabbix-server-mysql zabbix-frontend-php zabbix-sql-scripts

Here you install the following packages:

• zabbix-server-mysql: Adds MySQL/MariaDB support to zabbix.
• zabbix-frontend-php: The PHP Zabbix web interface.
• zabbix-sql-scripts: Zabbix SQL scripts that will create the Zabbix database and its tables.

This command's will take some time to run. Below are the last few lines of the output:

Finally, install the Zabbix Agent, which allows you to collect data about the Zabbix server status.

sudo apt install zabbix-agent

An output similar to the following will signify a successful installation:

To use Zabbix, you must first set up a database that stores the data the Zabbix server will gather from its agents (also known as Zabbix clients). This is the next step.

Step 2: Configuring MariaDB

To configure Zabbix with a functional database, you will need to create a MariaDB database and fill it with basic information. To ensure that Zabbix doesn't log in to your MariaDB database using the root account, you will also create a unique user for this database.

To create a MySQL/MariaDB database, use the mysql client to connect to MariaDB and access its command line interface with the following command:

sudo mysql

If you get an error that contains Access denied for user 'root', this means that the default authentication method has changed, and connecting to MariaDB requires a password for the root account. To solve this issue, use the following command to connect to MariaDB using the root user and a password:

mysql -u root -p

You'll be asked for your MySQL root password, enter it and then press Enter.

Note: If you've installed the LEMP stack using our 1-Click App, you'll find your MySQL root password in the App Details widget on your SSDNodes Dashboard. As demonstrated in the following image:

You should get a prompt similar to the following:

Now you can create a database for Zabbix, We'll name the database zabbix, and add UTF-8 characters support to it:

create database zabbix character set utf8mb4 collate utf8mb4_bin;

If you receive an error upon entering the preceding command, make sure you've typed it in correctly, and that you end it with a semicolon (;).

To create a new MariaDB user account for Zabbix, use the following statement in the MariaDB command line interface. Remember to replace password with a strong password for your user account:

create user zabbix@localhost identified by 'password';

Here, zabbix is your database user for Zabbix, and password is its password.

Next, you'll need to give all access permissions to the user account that will manage your Zabbix database:

grant all privileges on zabbix.* to zabbix@localhost;

Refresh the privileges for the preceding command to take effect and apply the permission changes to the database server:

FLUSH PRIVILEGES;

This will take care of both the user and the database. You can exit the database console with the following command:

EXIT;

Next, you need to import the initial Zabbix SQL schema and data that Zabbix needs. To do this, run the following command to set up the schema and import data into the Zabbix database. Because the data is compressed, use zcat:

sudo zcat /usr/share/zabbix-sql-scripts/mysql/server.sql.gz | mysql --default-character-set=utf8mb4 -uzabbix -p zabbix

When prompted, enter the password for your zabbix MariaDB user.

The command will take a while. If you get an error that says ERROR 1045 (28000): Access denied for user zabbix@'localhost' (using password: YES) or something similar, make sure you used the right password for your zabbix user that you've set up earlier in the MariaDB command line.

You must set the database password in the Zabbix configuration file to allow the Zabbix client to access this database. Use your preferable text editor to open the configuration file. In this tutorial, we will be using nano:

sudo nano /etc/zabbix/zabbix_server.conf

Look for the following section of the file:

### Option: DBPassword                           
#       Database password. Ignored for SQLite.   
#       Comment this line if no password is used.
#                                                
# Mandatory: no                                  
# Default:                                       
# DBPassword=

The file must be modified to change the DBPassword value to the password of the database user. To configure the database, add this line to the end of these comments:

DBPassword=your_zabbix_db_password

Make sure to replace your_zabbix_db_password with your database password.

Save and close the file, press CTRL+X, followed by Y and then ENTER.

Now you have configured the Zabbix server for connection to the database. Next, configure Nginx to serve the Zabbix frontend.

Step 3: Setting up Nginx

Install the automatic configuration package to configure Nginx automatically:

sudo apt install zabbix-nginx-conf

As an output of the above command, you should get the configuration file /etc/zabbix/nginx.conf, and also a link to it in the Nginx configuration directory /etc/nginx/conf.d/zabbix.conf.

Next, you need to make some necessary changes to the /etc/zabbix/nginx.conf file. Open it with nano with the following command:

sudo nano /etc/zabbix/nginx.conf

This file contains an Nginx server configuration automatically generated by Nginx. It includes two lines which determine the server’s name as well as what port it listens on:

server {
#        listen          8080;
#        server_name     example.com;

Uncomment these lines and replace example.com by your domain name, and replace port 8080 with port 80:

server {
        listen          80;
        server_name     your_domain;

Set up a Let's Encrypt Certificate

To set up a Let's Encrypt SSL certificate for Zabbix, first install the Certbot client for Nginx:

sudo apt install certbot python3-certbot-nginx -y

Next, generate a certificate using the following command, replacing zabbix.example.com with your domain name:

sudo certbot --nginx -d zabbix.example.com

Enter your email address and type Y to agree on the terms of service. You'll also be asked whether you want to subscribe to receive emails from the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project. Type N if you don't want to subscribe to this emailing list.

Next, unlink the default Nginx configuration from the /sites-enabled/ directory. This forces Nginx to use your Zabbix configuration instead of the default configuration:

sudo unlink /etc/nginx/sites-enabled/default

Next, test your configuration’s syntax using the following command:

sudo nginx -t

You should receive an output that’s similar to the following:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

This output shows that there are no errors in the configuration file.

If you receive any errors, review your configuration file and make sure you’ve set your directives and values properly.

Next, reload Nginx for the changes you’ve made to take effect by running the following command:

sudo systemctl reload nginx

Next, you will need to modify your PHP configuration to ensure that Nginx can be used to serve Zabbix's frontend.

Step 4: Configuring PHP

The Zabbix web interface uses PHP and requires special PHP server settings. These settings were created by Zabbix during installation, and can be found in the directory /etc/zabbix and are automatically loaded by PHP-FPM. This file should be modified to set your specific time zone. Open the php-fpm configuration of Zabbix:

sudo nano /etc/zabbix/php-fpm.conf

This file contains PHP settings that satisfy the requirements of the Zabbix web interface. The default timezone setting is not commented out. You must set the appropriate timezone to ensure Zabbix displays the correct time for you, make sure to replace Africa/Casablanca with your specific time zone:

php_value[max_execution_time] = 300
php_value[memory_limit] = 128M
php_value[post_max_size] = 16M
php_value[upload_max_filesize] = 2M
php_value[max_input_time] = 300
php_value[max_input_vars] = 10000
php_value[date.timezone] = Africa/Casablanca

Save the file and close it.

You may have to uncomment the highlighted timezone line in the code block before you change it to your timezone. This list contains all supported time zones.

Setting up System Locale

In some Ubuntu servers, the default system locale is C.UTF-8, which provides a basic UTF-8 locale for computer usage, while Zabbix need a more comprehensive locale tailored for your language. For example, for English speakers in the United States the full en_US.UTF-8 locale is required by Zabbix.

To see which system locale your server is currently using, use the following command:

locale

If your output is similar to the following:

LANG=C.UTF-8
LANGUAGE=
LC_CTYPE="C.UTF-8"
LC_NUMERIC="C.UTF-8"
LC_TIME="C.UTF-8"
LC_COLLATE="C.UTF-8"
LC_MONETARY="C.UTF-8"
LC_MESSAGES="C.UTF-8"
LC_PAPER="C.UTF-8"
LC_NAME="C.UTF-8"
LC_ADDRESS="C.UTF-8"
LC_TELEPHONE="C.UTF-8"
LC_MEASUREMENT="C.UTF-8"
LC_IDENTIFICATION="C.UTF-8"
LC_ALL=

Then you should set up a more appropriate locale in order for Zabbix to function correctly.

To set up a comprehensive locale and use it instead of the default C.UTF-8 on Ubuntu 24.04, first install the locales package:

sudo apt install locales

‌Next, edit the system locale file:

sudo nano /etc/locale.gen

Search your locale, and uncomment it. In this example, we’ll uncomment en_US.UTF-8:

# en_US.UTF-8 UTF-8

Save and exit the file.

Generate the locales you just configured:

sudo locale-gen

The output should indicate that the locale is correctly configured:

Generating locales (this might take a while)...
  en_US.UTF-8... done
Generation complete.

Set up your locale using the update-locale and export commands:

sudo update-locale LANG=en_US.UTF-8
export LANG=en_US.UTF-8

Now, check your current locale:

locale

You should see your chosen locale set up correctly:

LANG=en_US.UTF-8
LANGUAGE=
LC_CTYPE="en_US.UTF-8"
LC_NUMERIC="en_US.UTF-8"
LC_TIME="en_US.UTF-8"
LC_COLLATE="en_US.UTF-8"
LC_MONETARY="en_US.UTF-8"
LC_MESSAGES="en_US.UTF-8"
LC_PAPER="en_US.UTF-8"
LC_NAME="en_US.UTF-8"
LC_ADDRESS="en_US.UTF-8"
LC_TELEPHONE="en_US.UTF-8"
LC_MEASUREMENT="en_US.UTF-8"
LC_IDENTIFICATION="en_US.UTF-8"
LC_ALL=

Restart PHP

Now restart PHP-FPM to apply these new settings:

sudo systemctl restart php8.3-fpm.service

Note: You may have another version of php-fpm installed on your system, so you might have to change 8.3 in the preceding command with your version of PHP. To check your php-fpm version, use the following command:

sudo systemctl status php* | grep fpm.service

You should receive the full name and version of your php-fpm service:

After configuring your time zone, you can now start and enable the Zabbix server, Zabbix Agent, Nginx server, and PHP:

sudo systemctl restart zabbix-server zabbix-agent nginx php8.3-fpm

Then check whether the Zabbix server is running properly, run the following command:

sudo systemctl status zabbix-server

You should see the following output:

Next, enable all the components to start at boot time:

systemctl enable zabbix-server zabbix-agent nginx php8.3-fpm

You now need to configure the Zabbix Web Interface. You will do this in the next step.

Step 5: Configuring Settings for the Zabbix Web Interface

To set up your Zabbix web interface.

Launch your browser and go to the domain name or IP address associated with your Zabbix server:

http://your_zabbix_server_domain_or_ip

You will see the following screen:

Click Next step.

The next screen will show a table listing all the prerequisites for Zabbix. All items should have an OK tag on the right.

Scroll down to see all the prerequisites. After you have verified that everything is OK, click Next step to continue.

The next screen will ask you for your database connection information.

Your Zabbix server has been informed about your database earlier, but Zabbix's web interface also needs to have access to it.

Enter your MariaDB credentials that you created earlier in step 2, then click Next step.

You'll be moved to a Settings screen, just click Next step and leave the default values.

The Zabbix server name is an optional parameter used in the web interface to identify each server in case you are monitoring a lot of servers at once.

The next screen shows a Pre-installation summary so you can confirm everything is correct:

Click Next step.

You will be shown a screen that confirms that the installation has been successfully completed. This screen also informs you that a configuration file was created at /usr/share/zabbix/conf/zabbix.conf.php. You can back up this file to preserve your Zabbix setup.

Finally, Click Finish.

You will be redirected to a login screen. The default username is Admin and the default password is zabbix.

You'll be taken to the Zabbix dashboard:

You now have Zabbix installed and you can use it to monitor your servers remotely. Check out the official documentation to learn more about the capabilities of Zabbix.

Reader Alert

If you feel that the technical instructions in this tutorial are time-consuming, or beyond your expertise, you can choose a very convenient and practical solution, ready-made, fully and professionally tested, and developed by SSD Nodes (That is us ). Just visit our website, choose the server’s specifications that fit your needs, and while prompted to choose among the operating systems and the 1-Click Applications we have, choose Zabbix from the dropdown menu, complete your checkout, and in a couple of minutes our algorithms will take care of all the technical aspects smoothly and effortlessly, just for you!

FAQ: Frequently Asked Questions on Zabbix

Zabbix vs Checkmk

Zabbix and Checkmk are both powerful monitoring tools. Zabbix excels in scalability and a rich set of features for diverse environments, while Checkmk offers a more user-friendly interface and simpler configuration. The choice depends on your specific needs and technical expertise.

How to Deploy Zabbix with Docker Compose?

To deploy Zabbix with Docker Compose, use the official Zabbix Docker images and create a docker-compose.yml file. This file should define the services required for a Zabbix instance, such as Zabbix Server, Web Interface, and Database.

What is Zabbix's Default Username and Password?

The default username for Zabbix is "Admin" with a capital "A," and the default password is "zabbix." It's recommended to change these credentials after the initial login for security purposes.

Zabbix vs Icinga

Zabbix and Icinga are both open-source monitoring tools. Zabbix is known for its robust and scalable architecture, while Icinga offers better integration with other tools and a flexible configuration. Your choice should be based on your specific monitoring needs and environment.

What is LEMP in Linux?

The LEMP (Linux, Nginx, MySQL, PHP) stack in Linux refers to a toolkit comprising of Linux as the operating system, Nginx (pronounced Engine-x) as the web server, MySQL (or MariaDB) as the database system, and PHP (or Perl/Python) as the scripting language. These components are commonly used for creating web applications.

What is a LEMP Stack Used for?

A LEMP stack is used for building and deploying dynamic PHP-based web applications. It combines Linux as the operating system, Nginx as the web server, MySQL for database management, and PHP (or Perl/Python) for server-side scripting. This stack offers a robust and efficient environment for developing scalable and high-performance web applications.

What Does LEMP Stack Stand for?

LEMP stands for "Linux, Nginx, MySQL, and PHP." Together, these software technologies can be used to create a fully-functional web application

• Linux is the most popular, secure and open source operating system used in web servers.
• Apache HTTP Server is a free and open-source web server that delivers web content through the internet.
• MySQL is a relational database engine that allows you to store data and manage it.
• PHP is a widely used open source and general purpose server side scripting language used mainly in web development to create dynamic websites and applications.

NOTE: In this tutorial, we’ll be using MariaDB— a backward compatible, drop-in replacement of the MySQL® Database Server. MariaDB was designed to maintain the same functionality while introducing new features and improvements.

Installing LEMP on Ubuntu 24.04

To install LEMP on Ubuntu 24.04, you'll first update the Ubuntu package index, then install the MariaDB database server and secure it, install Nginx, then install PHP and configure the Nginx web server to handle PHP processing.

Prerequisites for Installing LEMP on Ubuntu 24.04

• Familiarity with the Linux command line.
• An Ubuntu 24.04 server with a non-root user with sudo privileges. If you haven't noticed, we offer top-tier Ubuntu servers at the globe's best prices. Check out our offerings and get ready to be amazed .

Check out our How to access your server using SSH guide to learn how to access your server and create a sudo user.

Note

Want to skip these time-consuming technical steps? Our engineers have created a ready-to-use 1-click LEMP application. Just select one of our servers, choose LAMP from the App menu during checkout, and LEMP will be set up in minutes. However, if you prefer to learn how to do it yourself, keep reading.

Step 1: Update The Package Cache

Start by updating the packages in the package manager cache to the latest available versions using the following command:

sudo apt update

Step 2: Install the MariaDB Database Server

After updating our package cache, we will now install the MariaDB database server. We'll use MariaDB instead of MySQL because it includes more features and supports new storage engines, in addition to its high performance.

To install MariaDB, execute the following command:

sudo apt install mariadb-server mariadb-client

Tap the y key then Enter to continue the installation.

In the preceding command, you install two packages:

• mariadb-server: The MariaDB database server which actually stores data.
• mariadb-client: The MariaDB database client which allows you to interact with and manage the database server via the command line.

Once the installation is finished, verify that the MariaDB database server is running properly by executing the following command to check out the MariaDB service status:

sudo service mariadb status

The output should show that the service is enabled and running:

Here, you can see that the service is active and running in the line "Active: active (running) ...".

Ensure That MariaDB Starts at Boot

To make sure that the MariaDB database server starts with the system at boot, use the enable subcommand of the systemctl command. To do so, execute the following command:

sudo systemctl enable mariadb.service

You should receive the following output:

Synchronizing state of mariadb.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable mariadb

Securing The MariaDB Database Server

MariaDB comes with some unsafe default settings which may expose your database server to dangerous security vulnerabilities. It's recommended that you run a security script that comes with MariaDB to strengthen your database server and minimize the risk of database intrusions or breaches.

To secure your MariaDB database server, execute the following command, where you will be presented with seven prompts:

First, run the script:

sudo mysql_secure_installation

You’ll be asked for your current root password:

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none): 

Tap Enter.

Next, you'll be asked whether you want to use the unix_socket authentication method:

OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

Switch to unix_socket authentication [Y/n] 

Tap Y to enable unix_socket authentication for better security.

The unix_socket authentication method uses the Unix user's credentials instead of a password to connect to the MariaDB account with the same username, which makes it a passwordless security mechanism, and because it depends on the user's credentials, it cannot be used to grant multiple Unix users access to a single MariaDB user account. With this, access to your MariaDB database server is limited to the Unix user, adding a security layer for your MariaDB account and preventing attackers from brute forcing or taking advantage of an accidental password leak.

The unix_socket authentication method is particularly strong due to the default sturdiness of Unix user security in preventing remote access. However, unskilled administration of your Unix user system may expose dangerous vulnerabilities. So, keep a wide and open eye on potential Unix user security issues such as weak passwords or accidental password exposure, excessive sudo permissions that allow users to execute commands of a different Unix user, scripts of other users executed by your MariaDB Unix user, running unsafe scripts, or weak remote access security.

Next, you'll be asked to change the root password:

Enabled successfully!
Reloading privilege tables..
 ... Success!

Change the root password? [Y/n] 

Tap Y to set a new password for root, and re-enter it for validation.

Next, you'll be asked to remove anonymous users:

Change the root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] 

Tap Y to remove the anonymous users that come with your MariaDB installation.

Next, you’ll be asked whether you want to disallow remote root logins:

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] 

Tap Y to disable remote root login.

Next, you’ll be asked whether you want to remove the test database that comes with your MariaDB installation:

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] 

Tap Y to remove your MariaDB test database and disable access to it.

In order for the changes you've made to take effect, you’ll be asked to reload your MariaDB privilege tables:

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] 

Tap Y to reload your MariaDB privilege tables. This will ensure that your changes will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

With this, your MariaDB installation is more secure than before, provided that you follow security best practices.

You now have the MariaDB database server installed, and you’re ready to store and manage your data. Next, you’ll need to serve the data you store using an HTTP server, which is the NGINX web server in the LEMP stack.

Step 3: Install NGINX

After installing and securing the MariaDB database server, the next step in our LEMP stack installation is installing the NGINX HTTP server, which serves web content.

Use apt to install the NGINX web server using the following command:

sudo apt install nginx

You’ll be asked to confirm the installation. Tap the y key then Enter to continue.

Once the installation is finished, check NGINX’s version to confirm that it was properly installed using the following command:

sudo nginx -v

You should receive an output that looks as follows:

Check NGINX’s status with the following command:

sudo systemctl status nginx

The output should show that the Nginx service is enabled and running:

Ensure That NGINX Starts at Boot

To make sure that the NGINX web server starts with the system at boot, use the enable subcommand of the systemctl command. To do so, execute the following command:

sudo systemctl enable nginx.service

You should receive the following output:

Synchronizing state of nginx.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable nginx

You now have NGINX installed. Next, you’ll install the PHP language.

Step 4: Install PHP

With MariaDB you can store and manage data, and the NGINX HTTP server allows you to serve it. You now need to install PHP to dynamically display data, and allow users to interact with your web service via easy-to-use web forms or API calls.

Use the following command to install the main PHP package, along with basic PHP packages that allow you to interact with your database and HTTP server:

sudo apt install php-fpm php-mysql php-xml php-mbstring

When prompted, tap the y key then Enter to continue the installation.

In the preceding command, you install the following packages:

• php-fpm: A package that allows NGINX to handle PHP processes and serve websites written in PHP.
• php-mysql: A package that allows PHP to communicate with MySQL-based databases such as MariaDB.
• php-xml: A package that provides a DOM, SimpleXML, WDDX, XML, and XSL module for PHP.
• php-mbstring: A package that provides the MBSTRING module for PHP, which is used to manage non-ASCII strings.

The main PHP language package will be installed automatically as part of the installation process as a dependency.

To ensure PHP was successfully installed, check its version using the following command:

php -v

You should receive an output similar to the following:

This means that you’ve successfully installed PHP.

Step 5: Configure NGINX to Handle PHP Processing

After we've finished installing all the components of the LEMP stack, we will now configure NGINX so it can serve PHP-based websites.

By default, NGINX is configured to serve files out of a root web directory located at /var/www/html. This default configuration is suitable for small single-site web servers, but hosting multiple sites using this method will quickly become unmanageable and cumbersome. Instead, it is best to create a root web directory for each site you’d like to host on your web server, while leaving the default /var/www/html root web directory to be served when a user requests a site that doesn’t exist.
Create the root web directory for your site as follows, replacing mysite with your site’s name:

sudo mkdir /var/www/mysite

Next, open a new configuration file in NGINX’s sites-available directory, which is a directory that contains configuration for each of your sites. Again, make sure to replace mysite with your site’s name:

sudo nano /etc/nginx/sites-available/mysite

Paste into it the following:

server {
    listen 80;
    server_name mysite www.mysite;
    root /var/www/mysite;

    index index.html index.htm index.php;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ .php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.3-fpm.sock;
     }
}

Note: The preceding NGINX configuration is called a server block.

Remember to replace mysite with your site’s name.

If you don’t have a domain name, you can replace the line server_name mysite www.mysite; with just server_name your_IP_address;, where your_IP_address is your server’s IP address.

Save the file by pressing CTRL+x and then y and Enter to confirm.

In the preceding configuration file, you set up the following:

• listen:The port number NGINX will listen on. Here, you set its value to 80, which is the port number assigned to HTTP.
• server_name: The domain names or IP addresses this server block configuration should respond for. Remember to replace mysite with your site’s name. If you don’t have a domain name, you can replace the line server_name mysite www.mysite; with just server_name your_IP_adress;, where your_IP_adress is your server’s IP address.
• root: The root web directory, also known as the document root, that stores the files served by your website. Here, you set its value to /var/www/mysite, which is the root web directory we created earlier, so make sure to set the proper value in your case.
• index: The order in which NGINX will prioritize index files for your website. Here, you set the order as follows: index.html index.htm index.php, which means that when requesting the index page, NGINX will initially look for a file called index.html in your root web directory and serve it, if no file matches that filename, it will look for a file called index.htm and serve it instead. Otherwise, it will look for a PHP file called index.php.
• location /: The main location block, which includes a try_files directive, and it allows NGINX to route HTTP requests to the correct location within the file system. It looks for files or directories matching a URL request. If no resource matches the HTTP request, NGINX will return a 404 Not Found HTTP error.
• location ~ .php$: A location block that handles PHP processing. It tells NGINX to handle any HTTP request with a URL that ends with .php with the directives included in this location block. This effectively points NGINX to the fastcgi-php.conf configuration file and the php8.3-fpm.sock file, which declares the socket that is associated with php-fpm.

Activate NGINX Configuration

Now that you’ve set up an NGINX server block configuration for your site, you need to activate it. You can do this by linking your mysite configuration file to the configuration file from NGINX’s sites-enabled directory:

sudo ln -s /etc/nginx/sites-available/mysite /etc/nginx/sites-enabled

To check that your configuration file has been properly linked to NGINX’s sites-enabled directory, run the following command:

sudo ls -l /etc/nginx/sites-enabled

You should receive an output that’s similar to the following:

total 0
lrwxrwxrwx 1 root root 34 Aug  4 09:43 default -> /etc/nginx/sites-available/default
lrwxrwxrwx 1 root root 33 Aug  4 10:07 mysite -> /etc/nginx/sites-available/mysite

Here, you can see that your sites-available/mysite configuration file has been successfully linked.
Next, unlink the default NGINX configuration from the /sites-enabled/ directory. This forces NGINX to use your mysite configuration instead of the default configuration:

sudo unlink /etc/nginx/sites-enabled/default

To check that the default NGINX configuration has been properly unlinked from the sites-enabled directory, run the following command:

sudo ls -l /etc/nginx/sites-enabled

You should receive an output that’s similar to the following:

total 0
lrwxrwxrwx 1 root root 33 Aug  4 10:07 mysite -> /etc/nginx/sites-available/mysite

Here, you can see that the default configuration symlink is no longer in the sites-enabled directory, which means that it has been successfully unlinked.
Next, test your configuration’s syntax using the following command:

sudo nginx -t

You should receive an output that’s similar to the following:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

This output shows that there are no errors in the configuration file.

If you receive any errors, review your configuration file and make sure you’ve set your directives and values properly.

Next, reload NGINX for the changes you’ve made to take effect by running the following command:

sudo systemctl reload nginx

With this, you can now create an HTML test file to test your setup.

In your /var/www/mysite root web directory, create a new index.html file:

sudo nano /var/www/mysite/index.html

Paste The following HTML code into it:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>My website</title>
</head>
<body>
    <h1>Hello World!</h1>
    <p>This is the landing page of <strong>My Site</strong></p>
</body>
</html>

As you can see, this is straightforward HTML code.

Save the file by pressing CTRL+x and then y and Enter to confirm.

Now, open your browser and navigate to your server’s domain name or IP address:

http://your_server_domain_or_IP_address

You should see that the index.html file you created earlier is properly served.

Note: What we’ve done in this article is suitable for testing purposes and personal use, whereas if you want to publish your site to production, and securely process your online transactions, we do suggest you check our How To Install Let’s Encrypt on Ubuntu 24.04 article, that explains in detail how to secure your site with SSL certificates.

Reader Alert!

If you feel that the technical instructions in this tutorial are time-consuming, or beyond your expertise, you can choose a very convenient and practical solution, ready-made, fully and professionally tested, and developed by SSD Nodes (That is us ). Just visit our website, choose the server’s specifications that fit your needs, and while prompted to choose among the operating systems and the 1-Click Applications we have, choose LEMP from the Apps dropdown menu, complete your checkout, and in a couple of minutes our algorithms will take care of all the technical aspects smoothly and effortlessly, just for you!

Bonus: All our 1-Click applications are now installed with an active HTTPS self-signed certificate!

Conclusion

For the next steps to go live, it is important to secure your web server connections by serving requests with HTTPS instead of HTTP. You can accomplish this using a CA certificate, which is the more convenient solution when going public; check out our How To Install Let’s Encrypt on Ubuntu guide.

Nextcloud is an open source platform that offers a modern content collaboration platform for managing your files, with capabilities such as real-time document editing, video chat & groupware on mobile, desktop and web. Nextcloud is similar to Dropbox and Google Drive, and was forked from the ownCloud open source software by some of the original ownCloud developers.

Installing Nextcloud on Ubuntu 24.04 with Let's Encrypt

To install Nextcloud on Ubuntu 24.04 with a Let's Encrypt certificate, you'll first update the package index, use the Snap package manager to install Nextcloud, then configure a Nextcloud administrative account using the command line. Finally you'll set up Let's Encrypt using the nextcloud.enable-https command.

Note

If you want to skip all the technical steps of setting up Nextcloud on your server and have it installed in minutes, you can use our tried and tested 1-click Nextcloud application. Just choose a server, and while prompted to choose the operating system, choose Nextcloud from the dropdown menu. This will set up Nextcloud in minutes! However, if you prefer to get your hands dirty, keep reading.

Prerequisites

To follow this tutorial, you'll need:

• An Ubuntu 24.04 server with a non-root user with sudo privileges.  If you haven't noticed, we offer extremely powerful Ubuntu servers at the globe's absolute lowest price. Take a look at our offerings and prepare for your mind to be blown .

Check out our How to access your server using SSH guide to learn how to access your server and create a sudo user.

Step 1: Updating the Package Cache

Start by updating the packages in the package manager cache to the latest available versions using the following command:

sudo apt update

Step 2: Installing Nextcloud on Ubuntu Using Snap

To install Nextcloud, we can take advantage of the Snap packaging tool for Ubuntu, which allows software organizations to publish software in a single package with all dependencies, configurations, and auto-updating features.

Run the following command to install the Nextcloud snap package:

sudo snap install nextcloud

This will download and install Nextcloud on your system, and you will receive an output similar to the following:

To confirm that the installation was successful, run the following command:

snap changes nextcloud

You should receive the following output:

For more information on the Nextcloud package, you can use the following command:

snap info nextcloud

This will give you information such as the publisher, contact information, commands, services, and other metrics.

Step 3: Configuring your Nextcloud Administrative Account

Although you can configure your Nextcloud admin account on the web interface, it is best to avoid making your unsecured Nextcloud configuration accessible on the Internet.

You can use the nextcloud.manual-install command to configure a Nextcloud admin account directly from the command line by passing it a username and a password like so:

sudo nextcloud.manual-install your_user your_password

Make sure to replace your_user and your_password with your preferred username and password.

As a result, you should see the following output:

Nextcloud was successfully installed

With this, you now need to add your server's domain name and IP address to your trusted domains.

Step 4: Configuring Trusted Domains

By default, Nextcloud only responds to web requests that are sent to the localhost hostname. This makes us unable to access Nextcloud via our server's IP address or our domain name. To solve this and make Nextcloud accessible to the outside world, we’ll need to change the trusted domains setting.

To add an additional trusted domain to Nextcloud, run the following command:

sudo nextcloud.occ config:system:set trusted_domains 1 --value=example.com

Repeat this command for each domain name of yours with an incremented number, and make sure to replace example.com with your domain names or IP address. For example to add another domain:

sudo nextcloud.occ config:system:set trusted_domains 2 --value=cloud.example.com

And to add your IP address:

sudo nextcloud.occ config:system:set trusted_domains 3 --value=your_ip_address

Note the increments in the trusted_domains parameter.

To see all your trusted domains, use the following command:

sudo nextcloud.occ config:system:get trusted_domains

With this, you can now install a Let's Encrypt SSL certificate.

Step 5: Nextcloud Let's Encrypt Setup for Ubuntu Servers

It is important to secure your Nextcloud server with HTTPS. To do so, add a Let's Encrypt SSL certificate to your Nextcloud installation using the following command:

sudo nextcloud.enable-https lets-encrypt

You'll be presented with a few requirements:

Make sure your server meets these requirements and hit Y. Next, type in your email and domain name.

Restart Nextcloud:

sudo snap restart nextcloud

With this, you can now access your Nextcloud server throughout the Web via a secure HTTPS protocol.

Step 6: Using the Nextcloud Web Interface

With Nextcloud configured, navigate to your domain name or IP with your web browser:

https://your_domain_or_IP

Note: You may temporarily see a message informing you that Nextcloud is in Maintenance Mode, wait for a few minutes while Nextcloud sets things up, and refresh the page.

You should be moved to a login screen. Use the username and password you configured earlier.

You will be greeted with a message that suggests you take advantage of different Nextcloud features with different recommended file templates.

In the Nextcloud web dashboard, you can manage your files, set your location for weather data and customize your Nextcloud experience. You can explore different features and pages in the user interface to learn more about what you can accomplish with Nextcloud.

Congrats

You've successfully installed Nextcloud on your Ubuntu 24.04 server with a Let's Encrypt SSL certificate, and you can now manage your files and collaborate with others on the cloud, using your own private server. For more on information on Nextcloud, check out their official website.

Reader Alert!

If you feel that the technical instructions in this tutorial are time-consuming, or beyond your expertise, you can choose a very convenient and practical solution, ready-made, fully and professionally tested, and developed by SSD Nodes (That is us ). Just visit our website, choose the server’s specifications that fit your needs, and while prompted to choose among the operating systems and the 1-Click Applications we have, choose Nextcloud from the dropdown menu, complete your checkout, and in a couple of minutes our algorithms will take care of all the technical aspects smoothly and effortlessly, just for you!

Installing Nextcloud on Debian

To install Nextcloud on Debian, check out our How To Install and Configure Nextcloud on Debian article.

FAQ

How can Nextcloud be deployed using Kubernetes?

Nextcloud can be deployed on Kubernetes by using Helm charts or custom manifests. This allows for scalable and manageable installations across various environments, leveraging Kubernetes' orchestration capabilities.

What are the system requirements for installing Nextcloud on Ubuntu 24.04?

Nextcloud requires a server running Ubuntu 24.04, with at least 2 GB of RAM and 500 MB of storage for the base installation.

How do I set up a reverse proxy for Nextcloud?

A reverse proxy for Nextcloud can be set up using Nginx or Apache. Configure the proxy to forward requests to the Nextcloud server, enhancing security and load balancing. Ensure SSL is configured for secure connections.

Securing your web traffic with SSL/TLS encryption to handle HTTPS communications is an essential part of building any public or private web service, because without it, your web service will have weak privacy and insecure data transfer, and users won’t trust your services.

Why Create a Self-Signed Certificate on Ubuntu?

Once you create a self-signed certificate on Ubuntu, SSL/TLS encryption will protect your data transfer and prevent sensitive data exposure, in addition to ensuring that the connection is between the correct entities by cryptographically verifying that you’re connecting with an authentic server, and that the messages have not been interfered with while being transferred.

Note: From now on we will refer to SSL/TLS certificates as simply "SSL certificates" for brevity.

How to Create a Self-Signed Certificate on Ubuntu

To create a self-signed certificate on Ubuntu, you'll need to use OpenSSL to generate a private key and a self-signed certificate, specifying the required details like the certificate's validity period and your organization's information. Next, you'll save the key and certificate files in a secure location, and then use it in your Apache or Nginx server configuration.

(Special Offer) - Simplify Your SSL Setup with Our 1-Click VPS Applications

If generating a self-signed SSL certificate sounds daunting, we've got you covered. Our 1-Click VPS applications (WordPress, phpMyAdmin, LAMP, and LEMP, and many others) come with a pre-installed self-signed SSL certificate. Just a few clicks and you're ready to go! Visit our website to get started with the lowest-cost VPS offerings in the world (self-signed certificates included)!

Step 1 - Using OpenSSL to Generate a Self-Signed Certificate

To create a self-signed certificate on Ubuntu, you will use OpenSSL to generate a certificate file that will store some basic information about your site, accompanied by an SSL private key file that will be kept secret in the server, and the server then will use it to securely handle encrypted data.

OpenSSL is a software library that provides tools for general-purpose cryptography and secure communications.

The private SSL key is used by the server to encrypt the content it sends to clients (e.g., web browser) The public SSL certificate is shared publicly with clients requesting the content. So when you request a page, the browser gets the SSL certificate from the server, and uses it to decrypt and access the content signed by the associated private SSL key.

The first step to obtaining an SSL certificate is using OpenSSL to create a certificate signing request (CSR). In normal cases, the CSR will be sent to the Certificate Authority (CA) which in turn will create a certificate based on it. In our case (self-signed certificate), we will create the certificate ourselves based on this CSR we generate using OpenSSL. The CSR contains the common name(s) you want your certificate to secure, information about your company, and your public key.

Note: In order for a CSR to be created, it needs to have a private key from which the public key is extracted. This can be done by using an existing private key or generating a new private key. It is strongly recommended to generate a new private key when creating a CSR instead of using an existing one.

To create a certificate signing request (CSR) and a private key with the openssl library, you will use the openssl req command with the following command structure:

openssl req -x509 -newkey rsa:<rsa_value> -nodes -out <public certificate path> -keyout <private key path> -days <certificate duration in days> -subj "C=<country code>/O=<organization name>/OU=<organizational unit>/CN=<common name>"

Here is what each part of the preceding command means:

• -x509: A multi-purpose certificate utility. It can be used to display certificate information, convert certificates to various forms, sign certificate requests like a "mini CA" or edit certificate trust settings.
• -newkey: Specifies that a new private key should be created with the certificate request.
• -rsa:: The encryption algorithm you’ll use to generate your key. While you can use other encryption algorithms if you want, RSA is one of the best encryption systems that you can use to protect your data in transmission, especially because it comes with great compatibility. <rsa_value> represents the key size in bits.
• -nodes: is not the English word "nodes", it refers, instead, to "no DES". When given as an argument, it means OpenSSL will not encrypt the private key in a PKCS#12 file, and the private key will not have a passphrase. This is important for the web server to have access to the certificate file without needing a passphrase. Otherwise the server would wait for the user to manually enter the passphrase every time the server restarts, which is not convenient.
• -out: defines the path the public key will be generated to, including the filename.
• -keyout: defines the path the private key will be generated to, including the filename.
• -days: The certificate’s lifetime in days.
• -subj: is used to provide all the necessary information within the command itself, instead of having to provide each required piece of information via command line prompts.
  • C defines the two-letter country code where your company is legally located.
  • O defines the organization’s name.
  • OU defines the organizational unit name, which can be the name of your department within the organization.
  • CN is the common name, where you either enter the fully-qualified domain name (FQDN) you’ll use to access the server by (e.g., www.example.com), or the public IP of the server.

Now that you are familiar with the openssl command options and actions, you can form and execute an openssl command to generate a certificate signing request (CSR) as follows:

sudo openssl req -x509 -newkey rsa:4096 -nodes -out /etc/ssl/certs/ssl-selfsigned.pem -keyout /etc/ssl/private/ssl-selfsigned.key -days 365 -subj "/C=US/O=MyCompany/OU=Technical Department/CN=www.example.com"

This command will generate two files automatically created under the respective subdirectories you’ve declared:

• /etc/ssl/private/: will be the location of the SSL private key file.
• /etc/ssl/certs/: will be the location of your CSR file.

In our example, this means that the following files will be generated:

• /etc/ssl/private/ssl-selfsigned.key: your SSL private key file.
• /etc/ssl/certs/ssl-selfsigned.pem: your CSR file, which you can use as a self-signed certificate.

Step 2 - Configuring Apache and Nginx to Use a Self-Signed Certificate

Now that you have your very own self-signed SSL certificate in the form of a CSR file, you can use it to encrypt your data and serve HTTPS requests. To do so, you need to configure your web server to use it. In this step, you’ll learn how to configure and use your self-signed SSL certificate on the two most popular HTTP web servers: Apache, and Nginx.

Creating a Self-Signed SSL Certificate For Apache on Ubuntu

In this section, you’ll learn how to configure the Apache web server to use your self-signed SSL certificate.

First, open Apache’s default configuration file:

sudo nano /etc/apache2/sites-enabled/000-default.conf

By default, your Apache welcome page loads on port 80 without an SSL certificate.

Your Apache’s default configuration will be similar to the following:

<VirtualHost *:80>
        Define servername www.example.com
        ServerName ${SERVERNAME}
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
</VirtualHost>

Replace the existing content with the following configuration, and make sure to set the correct values where needed (highlighted in yellow below):

<VirtualHost *:80>
        Define servername www.example.com
        ServerName ${SERVERNAME}
        RewriteEngine on
        RewriteRule ^/.*$ https://\${SERVERNAME}%{SCRIPT_FILENAME}?%{QUERY_STRING} [R=301]
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
        SSLEngine On
        SSLCertificateFile /etc/ssl/certs/ssl-selfsigned.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-selfsigned.key
        ServerName ${SERVERNAME}
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Here you add two configurations, one for HTTP connections on port 80, and one for HTTPS on port 443.

In the HTTP configuration, you use the RewriteEngine and RewriteRule to redirect HTTP requests to HTTPS. And you also set locations for log files.

In the Apache SSL virtual host example configuration above, you set the SSLEngine directive to On to enable the SSL/TLS Protocol Engine. You set the paths of the self-signed SSL certificate and the SSL private key files you generated earlier. You declare the server name, and the document root directory that holds the files Apache serves. And you also set locations for log files.

Next, use the a2enmod tool to enable the SSL and the RewriteEngine Apache modules. This allows Apache to use SSL/TLS encryption, and the RewriteEngine feature to rewrite requested URLs and redirect users from HTTP to HTTPS:

sudo a2enmod ssl rewrite

Next, test for configuration errors:

sudo apache2ctl configtest

You should receive an output that contains the text Syntax OK, which means you can safely reload Apache, otherwise, you will get a very specific description pointing out the error you have to fix.

Next, restart Apache:

sudo systemctl restart apache2

Now visit your website’s domain name or IP address using https:// at the beginning:

https://domain_name_or_IP

You should see an error telling you that the website is not secure. This means that the self-signed certificate is properly installed, but because the browser does not recognize your certificate as valid, you’ll receive this error. As we’ve mentioned earlier, this self-signed certificate is only for testing purposes and internal use, and not to secure your website for production, because your certificate is not signed by any of the browser’s known certificate authorities. To install a certificate that browsers trust check out this article.

Now that you’ve learned how to configure Apache to use a self-signed certificate, you’ll see how to do the same with an Nginx server.

Creating a Self-Signed SSL Certificate For Nginx on Ubuntu

In this section, you’ll learn how to configure the Nginx web server to use your self-signed SSL certificate.

First, open Nginx's default configuration file:

sudo nano /etc/nginx/sites-enabled/default

By default, your Nginx welcome page loads on port 80 without an SSL certificate. So, you would see something similar to the following configuration:

server {
        listen 80;
        listen [::]:80;
        root /var/www/html;

        index index.html index.htm index.nginx-debian.html;

        server_name www.example.com;
        location / {
                    try_files $uri $uri/ =404;
        }
}

Replace the existing content with the following configuration, and make sure to set the correct values where needed (highlighted in yellow below):

server {
    listen 80;
    listen [::]:80;
    server_name www.example.com;
    access_log off;
    location / {
        rewrite ^ https://$host$request_uri? permanent;
    }
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name www.example.com;
    root /var/www/html;
    index index.php index.html index.htm index.nginx-debian.html;
    autoindex off;
    ssl_certificate /etc/ssl/certs/ssl-selfsigned.pem;
    ssl_certificate_key /etc/ssl/private/ssl-selfsigned.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location ~ \.php$ {
         include snippets/fastcgi-php.conf;
         fastcgi_pass unix:/var/run/php/php-fpm.sock;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         include fastcgi_params;
    }
}

Here, you have two server blocks representing configuration for two ports: port 80 which serves HTTP requests, and port 443 that serves HTTPS requests.

Notice that, in the HTTP configuration, you use the rewrite directive in the location block to redirect HTTP requests to HTTPS.

In the HTTPS configuration, you set up Nginx to use SSL and set the path of the self-signed SSL certificate file and the SSL private key file you generated earlier. In the location ~ \.php$, you set up Nginx to process PHP files with the php-fpm package.

With the configuration file modified, check for syntax errors in it using the following command:

sudo nginx -t

The output should let you know that the configuration file test is successful.
Now, restart Nginx:

sudo systemctl restart nginx

Now visit your website’s domain name or IP address using https:// at the beginning:

https://domain_name_or_IP

Again, you should see an error telling you that the website is not secure, as this self-signed certificate is only for testing purposes and internal use, and not to secure your website for production, because your certificate is not signed by any of the browser’s known certificate authorities. Again, to install a certificate that browsers trust check out this article.

Step 3 - Verify That Your Self-Signed SSL Certificate Works

Before you verify that your self-signed SSL certificate works, please check the following:

• In the configuration files of both Apache and Nginx, remember to set the server name value to whatever you intend to address your server with. This can be a hostname, full domain name, or an IP address, and make sure it matches the Common Name you chose when creating the certificate. In Apache, the server name is configured using the ServerName directive, and in Nginx, it’s the server_name directive.
• The document root is the root directory you serve your web files from. It is configured using the DocumentRoot directive in Apache, and the root directive in Nginx.
• The redirection configurations we’ve added introduce the good practice of responding on port 80, even if you want to force all traffic to be encrypted. Whenever a user requests a page using an HTTP request, they will be automatically redirected to the HTTPS equivalent of the URL they’ve requested. You can test this new redirect functionality by visiting your site with plain http://and you’ll notice that you will be automatically redirected to a URL beginning with https://.
• If you visit your site in a browser, prefixing https:// to the URL, you would get an error, explaining that your website is not secure as mentioned above. This means that the browser can’t verify the identity of the server, since the certificate is not signed by any of its known certificate authorities. However, this is completely normal for a self-signed certificate and actually means that your SSL configuration is successful.

On receiving the browser error that tells you that the connection is not secure, click the Advanced button or More information depending on the browser, and choose to proceed. The following is an example of the error in the Google Chrome browser:

Once you proceed, your browser will load the Apache or Nginx welcome page, but with a noticeable danger icon and a Not Secure label at the beginning of your URL.

If you click the danger icon, the browser will inform you that the certificate is not valid:

A Self-Signed SSL Certificate with Apache (Example)

Here is the Apache welcome page with a self-signed SSL certificate:

A Self-Signed SSL Certificate with Nginx (Example)

In the pop-ups above, click on “Certificate is not valid” for more details on the self-signed certificate. (Note the 1-year duration, we’ve declared using the days value on the certificate’s creation).

Although this sounds like something has gone wrong, don't worry! This is how you verify that the self-signed certificate is successfully installed!

To avoid this error and install a trusted certificate check out this article.

Congrats!

Your website has become certified with a self-signed certificate, and you can now securely transfer data through HTTPS, and protect your internal traffic.

Facing Difficulties? - Simplify Your SSL Setup with Our 1-Click VPS Applications

If generating a self-signed SSL certificate sounds too complex, we've got you covered. Our 1-Click VPS applications (WordPress, phpMyAdmin, LAMP, and LEMP, and many others) come with a pre-installed self-signed SSL certificate. Just a few clicks and you're ready to go! Visit our website to get started with the lowest-cost VPS offerings in the world (self-signed certificates included)!

FAQ: Creating a Self-Signed Certificate on Ubuntu for Apache and Nginx

How to Renew a Self-Signed Certificate?

To renew a self-signed certificate, generate a new certificate with updated validity. For Apache or Nginx on Ubuntu, use OpenSSL to create a new key and certificate.

Update the configuration files of your web server to use the new certificate and restart the server to apply the changes.

How to Remove a Self-Signed Certificate?

To remove a self-signed certificate, delete the certificate and key files from your server, then update your web server's configuration files to remove references to the deleted certificate and restart the server.

Firefox: The Certificate is Not Trusted Because it is Self-Signed

Firefox does not trust self-signed certificates by default because they are not issued by a recognized Certificate Authority (CA). To bypass this, you can manually add the self-signed certificate to Firefox's trusted certificates:

1. Visit the site with the self-signed certificate in Firefox.
2. Click on the warning icon in the address bar.
3. Click "Advanced" and then "Accept the Risk and Continue."

What is a LAMP Stack in Linux?

A LAMP stack in Linux refers to a software bundle comprising Linux as the operating system, Apache as the web server, MySQL (or MariaDB) as the database system, and PHP (or Perl/Python) as the scripting language, commonly used for web development.

What is a LAMP Stack Used for?

A LAMP stack is used for building and deploying dynamic websites and web applications, combining Linux, Apache, MySQL, and PHP (or Python/Perl) components.

What Does LAMP Stack Stand for?

LAMP Stands for "Linux, Apache, MySQL, and PHP." Together, these software technologies can be used to create a fully-functional web server.

Linux is the most popular, secure and open source operating system used in web servers.

Apache HTTP Server is a free and open-source web server that delivers web content through the internet.

MySQL is a relational database engine that allows you to store data and manage it.

PHP is a widely used open source and general purpose server side scripting language used mainly in web development to create dynamic websites and applications.

NOTE: In this tutorial, we’ll be using MariaDB— a backward compatible, drop-in replacement of the MySQL® Database Server, which includes all major open source storage engines, and allows you to manage relational databases for storing and organizing data.

Note

If you want to skip all the technical steps of setting up LAMP on your server and have it installed in minutes, then I have some great news for you! Our team of engineers has prepared a ready-to-use 1-click LAMP application for your convenience. Just choose a server, and while prompted to choose the operating system, choose LAMP from the dropdown menu. This will set up LAMP in minutes. However, if you want to learn how to do it yourself, then keep reading.

Installing LAMP on Ubuntu 22.04 - Prerequisites

Before you proceed you'll need the following:

• Root access to your server or a sudo user.
• An Ubuntu 22.04 server with a non-root user with sudo privileges. If you haven't noticed, we offer extremely powerful Ubuntu servers at the globe's most affordable prices. Take a look at our offerings and prepare for your mind to be blown .

Check out our How to access your server using SSH guide to learn how to access your server and create a sudo user.

How to Install LAMP on Ubuntu 22.04

To install LAMP on Ubuntu 22.04, you will use the apt package manager to install Apache, MySQL, and PHP, and then ensure they are properly configured and integrated for web development. Apply the following steps to accomplish this.

Step 1: Update The Package Cache

Before you install LAMP, start by updating the Ubuntu packages in the package manager cache to the latest available versions using the following command:

sudo apt update

Step 2: Install the MariaDB Database Server

After updating our Ubuntu package cache, we will now install the MariaDB database server, the M in the LAMP acronym. We'll use MariaDB instead of MySQL because it includes more features and supports new storage engines, in addition to its high performance.

To install MariaDB, execute the following command:

sudo apt install mariadb-server mariadb-client

Tap the y key then Enter to continue the installation.

In the preceding command, you install two packages:

• mariadb-server: The MariaDB database server which actually stores data.
• mariadb-client: The MariaDB database client which allows you to interact with and manage the database server via the command line.

Once the installation is finished, verify that the MariaDB database server is running properly by executing the following command to check out the MariaDB service status:

sudo service mariadb status

The output should show that the service is enabled and running:

Here, you can see that the service is active and running in the line "Active: active (running) ...".

Ensure That MariaDB Starts at Boot

To make sure that the MariaDB database server starts with the system at boot, use the enable subcommand of the systemctl command. To do so, execute the following command:

sudo systemctl enable mariadb.service

You should receive the following output:

Synchronizing state of mariadb.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable mariadb

Securing The MariaDB Database Server

MariaDB comes with some unsafe default settings which may expose your database server to dangerous security vulnerabilities. It's recommended that you run a security script that comes with MariaDB to strengthen your database server and minimize the risk of database intrusions or breaches.

To secure your MariaDB database server, execute the following command, where you will be presented with seven prompts:

First, run the script:

sudo mysql_secure_installation

You’ll be asked for your current root password:

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none): 

Tap Enter.

Next, you'll be asked whether you want to use the unix_socket authentication method:

OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

Switch to unix_socket authentication [Y/n] 

Tap Y to enable unix_socket authentication for better security.

The unix_socket authentication method uses the Unix user's credentials instead of a password to connect to the MariaDB account with the same username, which makes it a passwordless security mechanism, and because it depends on the user's credentials, it cannot be used to grant multiple Unix users access to a single MariaDB user account. With this, access to your MariaDB database server is limited to the Unix user, adding a security layer for your MariaDB account and preventing attackers from brute forcing or taking advantage of an accidental password leak.

The unix_socket authentication method is particularly strong due to the default sturdiness of Unix user security in preventing remote access. However, unskilled administration of your Unix user system may expose dangerous vulnerabilities. So, keep a wide and open eye on potential Unix user security issues such as weak passwords or accidental password exposure, excessive sudo permissions that allow users to execute commands of a different Unix user, scripts of other users executed by your MariaDB Unix user, running unsafe scripts, or weak remote access security.

Next, you'll be asked to change the root password:

Enabled successfully!
Reloading privilege tables..
 ... Success!

Change the root password? [Y/n] 

Tap Y to set a new password for root, and re-enter it for validation.

Next, you'll be asked to remove anonymous users:

Change the root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] 

Tap Y to remove the anonymous users that come with your MariaDB installation.

Next, you’ll be asked whether you want to disallow remote root logins:

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] 

Tap Y to disable remote root login.

Next, you’ll be asked whether you want to remove the test database that comes with your MariaDB installation:

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] 

Tap Y to remove your MariaDB test database and disable access to it.

In order for the changes you've made to take effect, you’ll be asked to reload your MariaDB privilege tables:

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] 

Tap Y to reload your MariaDB privilege tables. This will ensure that your changes will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

With this, your MariaDB installation is more secure than before, provided that you follow security best practices.

You now have the MariaDB database server installed, and you’re ready to store and manage your data. Next, you’ll need to serve the data you store using an HTTP server, which is the Apache HTTP server in the LAMP stack.

Step 3: Install the Apache HTTP Server

After installing and securing the MariaDB database server, the next step in our LAMP stack installation is installing the Apache HTTP server, which serves web content.

Use apt to install Apache using the following command:

sudo apt install apache2

You’ll be asked to confirm the installation. Tap the y key then Enter to continue.

Once the installation is finished, check Apache’s version to confirm that it was properly installed using the following command:

sudo apachectl -v

You should receive an output that looks as follows:

Server version: Apache/2.4.52 (Ubuntu)
Server built:   2022-06-14T12:30:21

Then check Apache’s status:

sudo systemctl status apache2

The output should show that the Apache service is enabled and running:

● apache2.service - The Apache HTTP Server
     Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
     Active: active (running) since Tue 2022-08-02 19:00:13 UTC; 2min 31s ago
       Docs: https://httpd.apache.org/docs/2.4/
   Main PID: 52442 (apache2)
      Tasks: 55 (limit: 19072)
     Memory: 5.2M
        CPU: 44ms
     CGroup: /system.slice/apache2.service
             ├─52442 /usr/sbin/apache2 -k start
             ├─52444 /usr/sbin/apache2 -k start
             └─52445 /usr/sbin/apache2 -k start

You now have Apache installed. Next, you’ll install the PHP language.

Step 4: Install PHP

With MariaDB you can store and manage data, and the Apache HTTP server allows you to serve it. You now need to install PHP to dynamically display data, and allow the final user to interact with your web service via easy-to-use web forms or API calls.

Use the following command to install the main PHP package, along with basic PHP packages that allow you to interact with your database and HTTP server:

sudo apt install php php-mysql php-xml php-mbstring libapache2-mod-php

When prompted, tap the y key then Enter to continue the installation.

In the preceding command, you install the following packages:

• php: The main PHP language package.
• php-mysql: A package that allows PHP to communicate with MySQL-based databases such as MariaDB.
• php-xml: A package that provides a DOM, SimpleXML, WDDX, XML, and XSL module for PHP.
• php-mbstring: A package that provides the MBSTRING module for PHP, which is used to manage non-ASCII strings.
• libapache2-mod-php: A package that allows Apache to handle PHP files.

To ensure PHP was successfully installed, check its version using the following command:

php -v

You should receive an output similar to the following:

PHP 8.1.2 (cli) (built: Jul 21 2022 12:10:37) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.2, Copyright (c) Zend Technologies
    with Zend OPcache v8.1.2, Copyright (c), by Zend Technologies

This means that you've successfully installed PHP.

Step 5: Testing with a Custom-Made Web Page

After we've finished installing all the components of the LAMP stack, we will now test our Apache server by creating a small HTML file in an Apache Document Root folder –a folder that contains your website files.

To create a document root folder to serve our test file, create a new directory called mysite inside the /var/www directory, which is the default document root for Apache. Note that you can use your site's name instead of mysite:

sudo mkdir /var/www/mysite

Next, create a file called index.html inside your mysite directory:

sudo nano /var/www/mysite/index.html

Paste the following into the file:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>My website</title>
</head>
<body>
    <h1>Hello World!</h1>
    <p>This is the landing page of <strong>My Site</strong></p>
</body>
</html>

As you can see, this is straightforward HTML code.

Save and close the file.

For Apache to know about your mysite document root directory and serve its index.html on your server's IP address or domain, you will need to modify the default Apache configuration file. To do this, first open it using the following command:

sudo nano /etc/apache2/sites-enabled/000-default.conf

Then make sure to set the correct server name and document root path:

ServerName your_server_domain_or_IP
DocumentRoot /var/www/mysite

Run the following command to ensure that your new configuration file does not contain any errors:

sudo apache2ctl configtest

You might receive a AH00558: apache2: Could not reliably determine the server's fully qualified domain name message. You can ignore this message because it’s just an informational note that does not affect the purposes of this tutorial, and Apache will run as expected.

You should receive an output that ends with the following:

Syntax OK

This means you can safely reload Apache. Otherwise, you will get a specific description pointing out the error you have to fix.
Restart Apache for these modifications to take effect:

sudo systemctl restart apache2

After you do so, use your browser and navigate to your server’s domain name or IP address:

http://your_server_domain_or_IP

You should see that the index.html file you created earlier is properly served.

Important Note:

What we’ve done in this article, is suitable for testing purposes and personal use, whereas if you want to publish your site to production, and securely process your customers’ online transactions, we do suggest you check our How To Install Let’s Encrypt on Ubuntu 24.04 blog article, that explains in detail how to secure your site with Let's Encrypt TLS/SSL certificates.

Reader Alert!

If you feel that the technical instructions in this tutorial are time-consuming, or beyond your expertise, you can choose a very convenient and practical solution, ready-made, fully and professionally tested, and developed by SSD Nodes (That is us ). Just visit our website, choose the server’s specifications that fit your needs, and while prompted to choose among the operating systems and the 1-Click Applications we have, choose LAMP from the dropdown menu, complete your checkout, and in a couple of minutes our algorithms will take care of all the technical aspects smoothly and effortlessly, just for you!

Bonus: All our 1-Click applications are now installed with an active HTTPS self-signed certificate!

Way more practical, smooth, and headacheless, isn’t it?

Conclusion

For the next steps to go live, it is important to secure your web server connections by serving requests with HTTPS instead of HTTP. You can accomplish this using a CA certificate, which is the more convenient solution when going public; you can check our article explaining the difference between self-signed and CA certificates. You should also register a domain name with a registrar, so your customers can find you easily by using your site URL (such as www.example.com) instead of the server’s IP address (as seen in our testing example).

Docker is an open-source platform for developing, shipping, and running applications. It is designed to make it easier to create, deploy, and run applications by using containers. With Docker, developers can package their applications into standardized units called containers, which can then be run on any computer, regardless of the operating system or hardware.

Docker allows developers to quickly and easily deploy their applications in a consistent environment, without having to worry about the underlying infrastructure. Docker also provides a rich set of tools and services for managing and monitoring applications, as well as for building and sharing images with other developers. Docker is an essential tool for modern software development, and it is used by many of the world's leading companies.

In this tutorial, you’ll install and use Docker Community Edition (CE) on Ubuntu 22.04.

Prerequisites

• Basic knowledge of the Linux command line.
• An Ubuntu 22.04 server with a non-root user with sudo privileges. You can get affordable, and powerful Ubuntu servers from our website, and you can check out our How to access your server using SSH guide to learn how to access your server and create a sudo user.

Updating the Package Cache and Required Packages

Start by updating the packages in the package manager cache to the latest available versions using the following command:

sudo apt update

Next install a few packages that will allow us to use apt with HTTPS in order to add the official docker repository and get the latest version of Docker. To do this, run the following command:

sudo apt -y install apt-transport-https ca-certificates curl software-properties-common

Installing Docker

We will use the official Docker repository to install the latest version of Docker.

First, add the GPG key for the official Docker repository to your system:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

Next add the official Docker repository to your APT sources:

echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

Update your package index:

sudo apt update

Now, with the repository added, install the docker-ce package, which is the Docker Community Edition package:

sudo apt install docker-ce

Once the installation finishes, check that Docker is running:

sudo systemctl status docker

You should receive output indicating that Docker is active and running, similar to the following:

● docker.service - Docker Application Container Engine
     Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled)
     Active: active (running) since Sun 2022-12-18 13:50:49 UTC; 32s ago
TriggeredBy: ● docker.socket
       Docs: https://docs.docker.com
   Main PID: 323716 (dockerd)
      Tasks: 9
     Memory: 24.4M
        CPU: 429ms
     CGroup: /system.slice/docker.service
             └─323716 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

Using Docker

With docker installed, you can now use it to manage Docker images.

To see all available docker subcommands, run the following command:

docker

You should receive a list of docker subcommands and a brief description for each one.

You can use the syntax docker COMMAND --help to get more information on a specific subcommand. For example, to get more information on the docker rm command, you can use the --help flag as follows:

docker rm --help

You should receive output similar to the following:

Usage:  docker rm [OPTIONS] CONTAINER [CONTAINER...]

Remove one or more containers

Options:
  -f, --force     Force the removal of a running container (uses SIGKILL)
  -l, --link      Remove the specified link
  -v, --volumes   Remove anonymous volumes associated with the container

To view general information on your Docker installation, use docker info like so:

sudo docker info

This will show you information on your Docker configuration and server properties.

Downloading a Docker Image from Docker Hub

Docker Hub is a cloud-based service that provides a centralized repository for Docker images. It allows users to store, manage, and share Docker images with other users. It provides a secure and reliable way to share and store Docker images, which can be used to create and deploy applications. Docker Hub also provides a wide range of services, such as private repositories, automated builds, and integration with other services.

To test whether you can access Docker Hub, run the hello-world image:

sudo docker run hello-world

You should receive an output that shows that your installation is working correctly:

Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Pull complete 
Digest: sha256:c77be1d3a47d0caf71a82dd893ee61ce01f32fc758031a6ec4cf1389248bb833
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

You can use the docker search command to search for images hosted on Docker Hub like so:

sudo docker search ubuntu

Here, you search for the Ubuntu image. You should see a list of results like so:

NAME                             DESCRIPTION                                     STARS     OFFICIAL   AUTOMATED
ubuntu                           Ubuntu is a Debian-based Linux operating sys…   15357     [OK]       
websphere-liberty                WebSphere Liberty multi-architecture images …   290       [OK]       
ubuntu-upstart                   DEPRECATED, as is Upstart (find other proces…   112       [OK]       
neurodebian                      NeuroDebian provides neuroscience research s…   97        [OK]       
ubuntu/nginx                     Nginx, a high-performance reverse proxy & we…   71                   

...

Images that are officially maintained and supported are labeled as [OK] under the OFFICIAL column.

In the results above, you see that ubuntu is the name of the official Ubuntu image. You can download it using the docker pull command like so:

sudo docker pull ubuntu

You should receive the following output:

Using default tag: latest
latest: Pulling from library/ubuntu
6e3729cf69e0: Pull complete 
Digest: sha256:27cb6e6ccef575a4698b66f5de06c7ecd61589132d5a91d098f7f3f9285415a9
Status: Downloaded newer image for ubuntu:latest
docker.io/library/ubuntu:latest

You can list the images you've downloaded so far using the following command:

sudo docker images

You should see ubuntu and hello-world like so:

REPOSITORY    TAG       IMAGE ID       CREATED         SIZE
ubuntu        latest    6b7dfa7e8fdb   9 days ago      77.8MB
hello-world   latest    feb5d9fea6a5   15 months ago   13.3kB

The reason the image hello-world was downloaded, is that the docker run command either runs a container using an image if it has been downloaded, or downloads the image and then runs a container using it.

Running a Docker Container

Docker containers can be run to perform a task in an isolated environment, just like running the hello-world container performs the task of printing a message. However, containers can also be interactive.

For example, you can run a container using the Ubuntu image you've downloaded previously with an interactive shell using the docker run and the -it switches:

sudo docker run -it ubuntu

Your prompt should now be a root shell like so:

root@242d22e1d9da:/#

This is the root user of your Ubuntu container, and you can now manage it just like a virtual machine.

With this shell prompt, you can run any command inside your Ubuntu container. For example, you can update the package index inside the container using apt update like so:

root@242d22e1d9da:/# apt update

And you can also install any application or package using apt install. For example, you can install Python 3 like so:

root@242d22e1d9da:/# apt install python3

Once the installation finishes, you can run python like so:

root@242d22e1d9da:/# python3

This should allow you to access the Python REPL inside your Ubuntu container:

Python 3.10.6 (main, Nov 14 2022, 16:10:14) [GCC 11.3.0] on linux
Type "help", "copyright", "credits" or "license" for more information.
>>>

With this, you can run programs and modify your container in an environment that is isolated from the rest of your server.

Congrats

You now have Docker installed on your system, and you've learned how to search for Docker images in the official Docker Hub, how to download an image, and how to use it for a container. You then learned how to run the container's shell and how to manage its packages and how to install programs on it.

Check out the Docker guides for more information on Docker.

In this tutorial, you will learn how to install the Java Runtime Environment (JRE) and the Java Developer Kit (JDK) using apt. The JDK provides software tools to develop Java programs. The JRE executes the programs you write in Java. In this tutorial, you will install OpenJDK, which is an open-source implementation of Java. However, you can also install the Oracle JDK, which is the original version. Both OpenJDK and OracleJDK are developed and maintained by Oracle, the developers of Java, and both are functionally identical since Java 11.

Prerequisites

• Basic knowledge of the Linux command line.
• An Ubuntu 22.04 server with a non-root user with sudo privileges. You can get affordable, and powerful Ubuntu servers from our website, and you can check out our How to access your server using SSH guide to learn how to access your server and create a sudo user.

Updating the Package Cache

Start by updating the packages in the package manager cache to the latest available versions using the following command:

sudo apt update

Installing the JRE/JDK using Apt

To install the JRE from the OpenJDK version of Java, use the following command:

sudo apt install default-jre

This will install the default JRE in the Ubuntu repositories, and will allow you to execute Java programs.

Once the installation is finished, check your Java version to ensure that the JRE was successfully installed:

java -version

You should receive an output similar to the following:

openjdk version "11.0.17" 2022-10-18
OpenJDK Runtime Environment (build 11.0.17+8-post-Ubuntu-1ubuntu222.04)
OpenJDK 64-Bit Server VM (build 11.0.17+8-post-Ubuntu-1ubuntu222.04, mixed mode, sharing)

Next, install the JDK to compile and run some Java software that requires it. To do so, use the following command:

sudo apt install default-jdk

To ensure that the JDK is successfully installed, check the version of the Java compiler javac:

javac -version

You should receive an output similar to the following:

javac 11.0.17

With this, you now have Java installed on your system with OpenJDK. If you are looking to install the Official Oracle JDK, follow the next option.

(Alternative Option) Installing Oracle JDK 11

If you want to install and use OracleJDK, and not OpenJDK, or switch between the two depending on your requirements, use the following instructions.

First, install some required packages:

sudo apt install -y libc6-x32 libc6-i386

Go to the Oracle downloads page and download the x64 Debian Package version using wget:

wget https://download.oracle.com/java/19/latest/jdk-19_linux-x64_bin.deb

Once your .deb package is downloaded, install it using apt:

sudo apt install ./jdk-19_linux-x64_bin.deb

Once installed, use the following commands to set these new packages for update-alternatives:

sudo update-alternatives --install /usr/bin/java java /usr/lib/jvm/jdk-19/bin/java 100
sudo update-alternatives --install /usr/bin/javac javac /usr/lib/jvm/jdk-19/bin/javac 100

Managing Java Alternatives

If you've installed one or more Java versions, then you can use the update-alternatives command to set the default version for your system.

To select your default Java installation, run the following command:

sudo update-alternatives --config java

You'll receive a list of the Java versions you currently have installed on your system:

There are 2 choices for the alternative java (providing /usr/bin/java).

  Selection    Path                                         Priority   Status
------------------------------------------------------------
* 0            /usr/lib/jvm/java-11-openjdk-amd64/bin/java   1111      auto mode
  1            /usr/lib/jvm/java-11-openjdk-amd64/bin/java   1111      manual mode
  2            /usr/lib/jvm/jdk-19/bin/java                  100       manual mode

Press <enter> to keep the current choice[*], or type selection number: 

Press Enter to leave the current option, or type the number of the Java version you want to set.

For example, type in 2 and press Enter to set the OracleJDK version.

You can also use update-alternatives to configure the default version of your Java compiler:

sudo update-alternatives --config javac

You should receive an output similar to the following:

There are 2 choices for the alternative javac (providing /usr/bin/javac).

  Selection    Path                                          Priority   Status
------------------------------------------------------------
* 0            /usr/lib/jvm/java-11-openjdk-amd64/bin/javac   1111      auto mode
  1            /usr/lib/jvm/java-11-openjdk-amd64/bin/javac   1111      manual mode
  2            /usr/lib/jvm/jdk-19/bin/javac                  100       manual mode

Again, choose 2 to use the OracleJDK compiler as your default compiler and press Enter.

To verify that Java was installed, check out its version:

java -version

You should receive an output similar to the following:

java version "19.0.1" 2022-10-18
Java(TM) SE Runtime Environment (build 19.0.1+10-21)
Java HotSpot(TM) 64-Bit Server VM (build 19.0.1+10-21, mixed mode, sharing)

To verify that the Java compiler was installed, check out its version:

javac -version

You should receive an output similar to the following:

javac 19.0.1

Configuring the Java Home Directory Environment Variable

Now that you've installed Java on your Ubuntu server, you need to to set up the $JAVA_HOME environment variable, which is a variable used by many Java packages and software programs written in Java to determine where Java is installed.

First run the update-alternatives to get the path of your current Java installation:

sudo update-alternatives --config java

This will list paths of your different Java installations, which will be similar to the following:

  0            /usr/lib/jvm/java-11-openjdk-amd64/bin/java   1111      auto mode
  1            /usr/lib/jvm/java-11-openjdk-amd64/bin/java   1111      manual mode
  2            /usr/lib/jvm/jdk-19/bin/java                  100       manual mode

Here, OpenJDK is located at /usr/lib/jvm/java-11-openjdk-amd64/bin/java and OracleJDK is located at /usr/lib/jvm/jdk-19/bin/java.

Choose and copy a path depending on your requirements, then open the /etc/environment file:

sudo nano /etc/environment

Add your path at the end of this file and assign it to a variable called JAVA_HOME, excluding the /bin/java portion, like so:

JAVA_HOME="/usr/lib/jvm/java-11-openjdk-amd64"

Save and close /etc/environment.

Reload /ect/environment:

source /etc/environment

Now check out the value of your Java Home variable:

echo $JAVA_HOME

This should print the path you've set:

/usr/lib/jvm/java-11-openjdk-amd64

Congrats

You have now learned how to install Java on your Ubuntu system using two methods, one where you install the OpenJDK version available in your Ubuntu repositories, and one where you install the official OracleJDK. You've also learned how to install both versions and alternate between them as your requirements change.