This chapter is geared towards advanced users. Solid tech skills are required.
In this chapter, we're going to explain how to set up a LAMP server on an unused computer or cheap hardware at home. The "LAMP" acronym stands for:
- Linux: the operating system, in our case Ubuntu
- Apache: the server software
- MySQL: the database management system
- PHP/Perl/Python: programming languages
Should I host my server at home or rent a VPS?
Both options have pros and cons. It's a tradeoff between privacy, security and convenience. Although this chapter explains how to host your server at home, you can also rent a virtual private server (VPS) from providers such as Hetzner, Digital Ocean, OVH, Contabo, Scaleway and others.
|Lower upfront costs||✔|
|Lower recurring costs||✔|
|Easier to setup||✔|
|Easier to maintain||✔|
|Lower security risks||✔|
|Lower risk of data loss||✔|
|Lower downtime risk||✔|
|Fewer latency issues||✔|
|Fewer bandwidth limitations||✔|
What are the minimum hardware requirements?
It will depend on the planned usage. How many users or visits do you expect per day? Do you plan on streaming video or storing large amounts of data? The following minimum specs should be enough for a handful of services/users:
- One or more 2 GHz processors
- 2 to 4 GB RAM
- 10 to 25 GB storage (or more for large file collections)
- Fast Internet connection
Here a list of mini PCs, which are well suited as servers due to their small form factor and low price range.
Perform some preliminary checks and follow the installation instructions below.
Show me the list of preliminary checks
|Is my hardware compatible with Linux?||• Test it with a Live USB or VirtualBox |
• Check the compatibility database
• Ask the Internet
• Buy Linux compatible hardware
|Does my hardware fulfill the minimum requirements?||• 2 GHz dual core processor |
• 4 GB system memory (RAM)
• 25 GB of free storage space
|Is my hardware plugged in?||If you install Ubuntu Server on a laptop, make sure it is plugged in.|
|Is the installation medium accessible?||Check if your hardware has either a DVD drive or a free USB port.|
|Is my hardware connected to the internet?||Check if the Internet connection is up and running.|
|Have I backed up my data?||Back up your data, since everything stored on the hardware will be erased during the installation process!|
|Have I downloaded the latest Ubuntu Server version?||Download the latest long-term support (LTS) version of Ubuntu Server, which is supported for 5 years, including security and maintenance updates. At the time of writing, the latest LTS was Ubuntu Server 20.04. Check out the most recent release cycle for more information.|
|Have I prepared a bootable device?||Use a Windows, macOS or Ubuntu Linux machine to burn the downloaded |
Show me the step-by-step installation guide
|Boot||Insert the bootable DVD or USB drive and power on the hardware. Most machines will boot automatically from the DVD or USB drive. If that's not the case, try repeatedly hitting |
|GRUB||Select the menu entry Install Ubuntu Server.|
|Welcome||Select a language.|
|Installer update||This screen appears if you're connected to the Internet. Select the menu entry Continue without updating.|
|Keyboard layout||Select a keyboard layout.|
|Network connections||Configure the Internet access. Default options should work fine. You can also select Info to find out more about the network.|
|Proxy||These settings are optional. Provide the required information if you need to set up network proxies, else just skip this step.|
|Ubuntu archive||Choose the Ubuntu repository. Default options should work fine.|
|Filesystem setup||Choose how to partition your disk: |
In this tutorial, we will use the entire disk
• Select Set up this disk as an LVM group
• Select Encrypt the LVM group with LUKS to encrypt your server
• Provide a strong, unique password and confirm
Caution! This step will erase all data and format the hard drive! Carefully review all settings! Make sure you backed up your data!
|Profile setup||Setup the user and server profile. For the purpose of this tutorial, we'll choose the following configuration (adapt accordingly): |
• Your name (this is the name of the system root user): gofossroot
• Your server's name (this is the name of your server): gofossserver
• Pick a username (same name as the system root user): gofossroot
• Password: provide a strong, unique password and confirm
|SSH setup||These settings are optional. Just leave this section blank and continue.|
|Wrap up||Wait for the installation to finish. Once Ubuntu Server is installed, remove the installation medium and press ENTER when prompted.|
Show me a summary video
After the reboot, log into the Ubuntu Server. Provide the security key to decrypt the server partition, then enter the root username and password. Then follow the instructions below to install the LAMP stack.
Show me the step-by-step installation guide
Update system packages and install the LAMP stack:
sudo apt update sudo apt upgrade sudo apt install lamp-server^
Mind the trailing caret
Mind the trailing caret in the command
sudo apt install lamp-server^. It indicates that
lamp-server is a meta package, which installs Apache, MySQL, and PHP along with other packages and dependencies.
Verify that Apache has been successfully installed (the latest version number should appear), automatically start Apache after each reboot, and check Apache's current status (which should be "Active"):
apachectl -V sudo systemctl enable apache2 sudo systemctl status apache2
Same procedure for MySQL:
mysql -V sudo systemctl enable mysql sudo systemctl status mysql
Make sure PHP has been successfully installed (the latest version number should appear):
Finally, some clean up:
sudo apt autoremove && sudo apt clean
Show me a summary video
It's recommended to assign a static IP address to the server. For the purpose of this tutorial, we are going to assign the static IP adress 192.168.1.100. Of course, any other suitable address will do. Just make sure to adapt the relevant commands accordingly in the instructions provided below.
Show me the step-by-step guide
First, let's find out the name of the server's Ethernet interface:
ip link show
A list of all network interfaces should be displayed. The first entry is most likely labelled
lo, the loopback interface. The Ethernet interface should be labelled something like
enp0sXYZ. For the purpose of this tutorial, let's assume that it's labelled enp0s3 (adjust accordingly).
Time to find out the name of the default gateway
ip route show
The terminal should display a line containing the IP address of the default gateway, something similar to
default via 192.168.1.1 dev enp0s3 proto dhcp. For the purpose of this tutorial, let's assume that the address is 192.168.1.1 (adjust accordingly).
Back up the current network configuration file. In case something goes wrong, you can always restore the default configuration:
sudo cp --archive /etc/netplan/00-installer-config.yaml /etc/netplan/00-installer-config.yaml-COPY-$(date +"%Y%m%d%H%M%S")
Open the network configuration file:
sudo vi /etc/netplan/00-installer-config.yaml
The file's content should look something like:
network: ethernets: enp0s3: dhcp4: true version: 2
dhcp4: yes tells us that the server is assigned a dynamic IP address. Modify the file's content to attribute a static IP address to the server (in this case 192.168.1.100), specify the default gateway (in this case 192.168.1.1) and select a DNS provider (in this case UncensoredDNS).
Pay attention to the correct indentation of each line in the network configuration file. And make sure to adjust all settings according to your own setup: for example, your Ethernet interface might be called
enp0s1 instead of
enp0s3, your default gateway might be labelled
192.168.0.1 instead of
192.168.1.1. You might also want to choose another static IP address or DNS provider.
network: ethernets: enp0s3: dhcp4: false addresses: [192.168.1.100/24] gateway4: 192.168.1.1 nameservers: addresses: [22.214.171.124, 126.96.36.199] version: 2
Save and close the file by hitting
ESC and typing
:wq. Finally, apply and verify all changes:
sudo netplan apply ip add
Show me a summary video
Why does the server need a static IP address?
By default, the so-called DHCP protocol assigns a unique IP address to each device in your home network, including your server. After each reboot or network connection loss, there is a chance that your server is attributed with a new IP address. Which in turn would require reconfiguring various settings. This can be avoided by assigning a static IP address to your server.
Which static IP address you can assign to the server depends on the network configuration. Verify the settings of your other devices or router to find out which IP addresses are used throughout your home network. Commonly used IP ranges are
There are two ways to assign a static IP address to the server:
Network configuration: directly change the network configuration on the server, as shown above.
DHCP reservation: alternatively, configure a so-called DHCP reservation on the router, which will always assign the same IP address to the server. Refer to the router's manual for more information.
Are there other privacy respecting DNS providers?
|DNS provider||Country||DNS #1||DNS #2|
Help! I've trouble editing files within the terminal
Interacting with the server requires quite heavy usage of the terminal. Configuration files and settings often need to be modified with a text editor. The vi editor is commonly used and has three modes:
Normal mode: vi starts in normal mode, which allows to navigate through documents
Insert mode: by hitting the
ikey, vi switches to insert mode, which allows to edit and modify documents
Command mode: by hitting the colon key
:, vi switches to command mode, which allows for example to save changes or find text within the document
The following commands should be sufficient to follow all instructions provided on this website:
| ||Open the document "file.txt" with the vi text editor.|
| ||Switch to "Insert mode" and start modifying the file.|
| ||Exit the "Insert mode" once modifications are done.|
| ||Save all changes made to the file, while keeping it open.|
| ||Save all changes made to the file, and exit vi.|
| ||Exit vi, without saving any changes made to the file.|
| ||Search for the word "findword" (replace with the actual word you're looking for).|
| ||After starting the search for "findword", find the next occurrence of "findword" in the file.|
Numerous tutorials exist to dive deeper in the world of vi:
It's possible to remotely connect to the server from another computer, called the client. This way, the server can remain headless — no need to hook it up to a screen, keyboard, mouse or any other peripheral. The remote connection is protected by Secure Shell (SSH), which provides strong authentication and encryption. Here is how it works in a nutshell, more detailed instructions below:
- The client initiates the connection to the server
- The server sends its public key to the client
- The server's public key is saved in the client’s known hosts file
- The client and the server agree upon the encryption to be used for their communication and establish the connection
Show me the step-by-step guide
Let's start with the server. Run the following commands to install OpenSSH, to automatically start it after each boot, and to verify its current status (which should be "Active"):
sudo apt install openssh-server sudo systemctl enable ssh sudo systemctl status ssh
Create an administrator user with privileges to remotely connect to the server. For the purpose of this tutorial, we'll call this user gofossadmin. Any other name will do, just make sure to adjust the relevant commands accordingly.When prompted, provide a strong, unique password:
sudo adduser gofossadmin sudo usermod -a -G sudo gofossadmin
Switch to the new account and test its
sudo powers by updating the system:
su - gofossadmin sudo apt update
Now, let's set up the client. For the purpose of this tutorial, we assume the client machine runs a GNU/Linux distribution, for example Ubuntu. If your client runs Windows or macOS, use available system tools or install a SSH client such as PuTTY.
Open a terminal on the Linux client machine with the
CTRL + ALT + T shortcut, or click on the Applications button on the top left and search for Terminal. Now create the same user gofossadmin as on the server (adjust the name according to your own setup). Provide a strong, unique password when prompted:
sudo adduser gofossadmin
Log into the new user account, create a hidden directory where SSL keys will be stored and provide this directory with the right permissions:
su - gofossadmin mkdir /home/gofossadmin/.ssh chmod 755 /home/gofossadmin/.ssh
Generate a public/private keypair which secures the remote login to the server. Run below commands, follow the on-screen instructions and, when prompted, provide a strong, unique passphrase:
cd /home/gofossadmin/.ssh ssh-keygen -t RSA -b 4096
The output should look something like this:
Generating public/private RSA key pair. Enter file in which to save the key (/home/gofossadmin/.ssh/id_rsa): Enter passphrase (empty for no passphrase): ******* Enter same passphrase again: ******** Your identification has been saved in /home/gofossadmin/.ssh/id_rsa. Your public key has been saved in /home/gofossadmin/.ssh/id_rsa.pub. The key fingerprint is: SHA256:erdBxn9i/ORLIJ4596DvfUIIPOyfFnSMQ4SieLIbSuxI gofossadmin@gofossclient The key's randomart image is: +---[RSA 4096]----+ | .+.+= o | | ..oo.+ o | | .S+.. %.. | | o+o. o | | So*o o = | | ..oo.+ A +| | ..+ooo .oo| | .o...+ .E.. | | .. o==.%| +----[SHA256]-----+
Transfer the public key from the client to the server. Make sure to replace the username and IP address according to your own setup:
ssh-copy-id -i firstname.lastname@example.org
That's it! From now on you can remotely log into the server from the client machine. Just open a terminal, switch to the administrator account and connect to the server using your passphrase. Don't forget to adjust the username, IP address and SSH port as required:
su - gofossadmin ssh email@example.com