Install Apache, PHP, and MySQL

apt update

apt upgrade

apt-get install dnsutils

apt-get install net-tools

hostnamectl set-hostname www.myblog.com

hostnamectl

cat /etc/hostname

hostname –s

hostname –f

In order to apply the kernel updates and apply the hostname changes, issue the below command
to reboot the machine.

systemctl reboot

apt install mariadb-server mariadb-client

netstat –tlpn | grep mysql

mysql -h localhost

Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MariaDB connection id is 2

Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.

MariaDB [(none)]> use mysql;

Reading table information for completion of table and column names

You can turn off this feature to get a quicker startup with -A

Database changed

MariaDB [mysql]> update user set plugin='' where user='root';

Query OK, 1 row affected (0.00 sec)

Rows matched: 1 Changed: 1 Warnings: 0

MariaDB [mysql]> flush privileges;

Query OK, 0 rows affected (0.00 sec)

MariaDB [mysql]> exit

Bye

After you’ve properly enforced the database root account, execute the
mysql_secure_installation script, provided by Debian stretch repositories while installing the
database, in order to further secure MySQL database.The script will ask you a series of
questions designed to secure MariaDB database: if you want to change MySQL root password,
to remove anonymous users, to disable remote root logins and delete the test database. Execute
the script by issuing the below command and assure you type yes to all questions, as shown in
the below script output excerpt:

mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current

password for the root user. If you've just installed MariaDB, and

you haven't set the root password yet, the password will be blank,

so you should just press enter here.

Enter current password for root (enter for none):

OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB

root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] y

New password:

Re-enter new password:

Password updated successfully!

Reloading privilege tables..

... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation

go a bit smoother. You should remove them before moving into a

production environment.

Remove anonymous users? [Y/n] y

... Success!

Normally, root should only be allowed to connect from 'localhost'. This

ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y

... Success!

By default, MariaDB comes with a database named 'test' that anyone can

access. This is also intended only for testing, and should be removed

before moving into a production environment.

Remove test database and access to it? [Y/n] y

- Dropping test database...

... Success!

- Removing privileges on test database...

... Success!

Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.

Reload privilege tables now? [Y/n] y

... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB

installation should now be secure.

Thanks for using MariaDB!

Finally, after you’ve secured MySQL daemon, log in to the database console and provide no

ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using

password: NO)

Logging in to MySQL database console should be granted if you provide the root password, as
shown in the command sample:
mysql -h localhost -u root -p

Enter password:

Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MariaDB connection id is 15

Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.

MariaDB [(none)]> exit

Bye

apt install apache2 libapache2-mod-php7.0 php7.0 php7.0-mysql php7.0-gd php7.0-opcache

php7.0-json php7.0-mbstring php7.0-xml php7.0-ldap php7.0-cli php7.0-curl php7.0-ldap
php7.0-zip php7.0-bcmath php-imagick php7.0-xmlrpc php7.0-soap php7.0-intl

php7.0 –m

netstat –tlpn

ss -tulpn

In case the UFW firewall application is installed and enabled in Debian server, you should add a
new rule to allow HTTP traffic to pass through the firewall by issuing the following command.

ufw allow WWW

or

ufw allow 80/tcp

In case iptables raw rules are used by the system administrator to manage Firewall rules in
Debian server, add the following rules to allow port 80 inbound traffic on the firewall so that
visitors can browse the online application.

apt-get install -y iptables-persistent

iptables -I INPUT -p tcp --destination-port 80 -j ACCEPT

netfilter-persistent save

systemctl restart netfilter-persistent

systemctl status netfilter-persistent

systemctl enable netfilter-persistent.service

In case you are remotely managing your Debian server via SSH, make sure you add the below
rule to allow incoming SSH connections to your machine.
iptables -I INPUT -p tcp --destination-port 22 -j ACCEPT

netfilter-persistent save

systemctl restart netfilter-persistent

You might also need to enable and activate the following Apache modules required by the
Moodle application to run properly, by issuing the below commands.

a2enmod rewrite

systemctl restart apache2

Finally, test if Apache web server default web page can be displayed in your client's browser by
visiting your Debian machine IP address or your domain name or server FQDN via HTTP
protocol, as shown in the below image. If you don’t know your machine IP address, execute
ifconfig or ip a command to reveal the IP address of your server.

http://your_domain.tld

On the next step edit PHP default configuration file in order to assure that the following PHP
variables are enabled and the PHP timezone setting is correctly configured and matches your
system geographical location. Open /etc/php/7.0/apache2/php.ini file for editing and assure
that the following lines are set up as follows. Also, initially, make a backup of PHP
configuration file.

cp /etc/php/7.0/apache2/php.ini{,.backup}

nano /etc/php/7.0/apache2/php.ini

Search, edit and change the following variables in php.ini configuration file:

file_uploads = On
memory_limit = 128M
post_max_size = 80M
upload_max_filesize = 80M
default_charset = UTF-8
date.timezone = Europe/London
Increase upload_max_file_size variable as suitable to support large file attachments if that’s the
case and replace the date.timezone variable accordingly to your geographical time by consulting
the list of time zones provided by PHP docs at the following link
http://php.net/manual/en/timezones.php

If you want to increase the load speed of your website pages via OPCache plugin available for
PHP7, append the following OPCache settings at the bottom of the PHP interpreter
configuration file, below the [opcache] statement, as detailed below:

nano /etc/php/7.0/apache2/conf.d/10-opcache.ini

[opcache]
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

Close the php.ini configuration file and check if the verify the end of PHP configuration file to
check if the OPCache variables had been correctly added by issuing the below command.

grep opcache /etc/php/7.0/apache2/conf.d/10-opcache.ini

After you’ve made all changes explained above, restart Apache daemon to apply the new
changes by issuing the following command.

systemctl restart apache2

4. Hostname
Hostname atau nama mesin merupakan tanda milik dan juga sebagai tanda pengenal
dalam jaringan agar bisa diketahui
Cek hostname dengan perintah : #hostname && hostname –f
Pada gambar diatas hostname masih berbeda yaitu smk dan smk.smk.net maka hostname
harus disamakan dengan langkah-langkah sebagai berikut
Edit file hosts dengan perintah : #nano /etc/hosts
Setelah itu edit file hostname di /etc/hostname dengan perintah
#echo smk.net > /etc/hostname
#apt-get install openssh-server
#nano /etc/ssh/sshd_config
#service ssh restart
#apt-get install phpmyadmin
#apt-get install bind9
#cd /etc/bind/
#nano named.conf.local
//include "/etc/bind/zones.rfc1918";
zone "smk.net" {
type master ;
file "/etc/bind/db.yovi";
};
zone "137.168.192.in-addr.arpa" {
type master ;
file "/etc/bind/db.192" ;
};

#cp db.local db.yovi

#cp db.127 db.192
#nano db.yovi
BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA smk.net. root.smk.net. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.smk.net.
@ IN A 192.168.137.2
@ IN MX 2 mail.smk.net
ns IN A 192.168.137.2
www IN A 192.168.137.2
ftp IN A 192.168.137.2
mail IN A 192.168.137.2
portal IN A 192.168.137.2

Lalu edit menjadi seperti berikut ini :

#nano db.192
BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA smk.net. root.smk.net. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.smk.net.
2 IN PTR ns.smk.net.
2 IN PTR smk.net
2 IN PTR www.smk.net
2 IN PTR ftp.smk.net
2 IN PTR mail.smk.net
2 IN PTR portal.smk.net

#service bind9 restart

bind# cat /etc/resolv.conf
#nslookup smk.net
#apt-get install isc-dhcp-server

#nano /etc/dhcp/dhcpd.conf

#nano /etc/default/isc-dhcp-server

#service isc-dhcp-server start

In order to access Moodle web interface via HTTPS protocol that will secure the traffic for your
clients, issue the following command to enable Apache web server SSL module and SSL site
configuration file.

a2enmod ssl

a2ensite default-ssl.conf

Next, open Apache default SSL site configuration file with a text editor and enable URL rewrite
rules by adding the following lines of code after DocumentRoot directive, as shown in the
below sample:

nano /etc/apache2/sites-enabled/default-ssl.conf

SSL site configuration file excerpt:

<Directory /var/www/html>
Options +FollowSymlinks
AllowOverride All
Require all granted
</Directory>

Also, make the following change to VirtualHost line to look like shown in the below excerpt:

<VirtualHost *:443>

Close the SSL Apache file and open /etc/apache2/sites-enabled/000-default.conf file for
editing and add the same URL rewrite rules as for SSL configuration file. Insert the lines of code
after DocumentRoot statement as shown in the below example.

<Directory /var/www/html>
Options +FollowSymlinks
AllowOverride All
 Require all granted
</Directory>

Finally, restart Apache daemon to apply all rules configured so far and visit your domain via
HTTP protocol. Because you’re using the automatically Self-Signed certificate pairs issued by
Apache at installation time, the certificate is untrusted by the browser, an error warning should
be displayed in the browser.

systemctl restart apache2

https://yourdomain.tld

Accept the warning in order to accept the untrusted certificate and continue to be redirected to
Apache default web page.

In case the UFW firewall application blocks incoming network connections to HTTPS port, you
should add a new rule to allow HTTPS traffic to pass through the firewall by issuing the
following command.

ufw allow ‘WWW Full’

or

ufw allow 443/tcp

If iptables is the default firewall application installed to protect your Debian system at the
network level, add the following rule to allow port 443 inbound traffic in the firewall so that
visitors can browse your domain name.

iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT

netfilter-persistent save

systemctl restart netfilter-persistent

systemctl status netfilter-persistent

Finally, to display all server PHP variables, create a PHP info file by executing the following
command and check if the PHP time zone has been correctly configured by visiting the PHP
info script file from a browser at the following URL, as illustrated in the below image. Scroll
down to the date setting to check PHP time zone configuration.

echo '<?php phpinfo(); ?>'| tee /var/www/html/info.php

https://domain.tld/info.php

Next, before creating the database required by Moodle to store information, first we need to
make some changes to MariaDB server and set up the proper character set. Open MariaDB
client configuration file and add the following line after [client] directive, as illustrated in the
below sample:

nano /etc/mysql/mariadb.conf.d/50-client.cnf

[client]
# Default is Latin1, if you need UTF-8 set this (also in server section)
default-character-set = utf8mb4
Next, open mysql.cnf file and add the same line as above after [mysql] statement:

nano /etc/mysql/conf.d/mysql.cnf

mysql.cnf file excerpt:

default-character-set = utf8mb4

Open for editing MariaDB server configuration file and add the below lines after [mysqld]
statement to ensure that MySQL engine innodb uses Barracuda file format and utf8mb4
character set.

nano /etc/mysql/mariadb.conf.d/50-server.cnf

50-server.cnf file excerpt:

[mysqld]
innodb_file_format = Barracuda
innodb_file_per_table = 1
innodb_large_prefix

character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
skip-character-set-client-handshake

In order to apply all changes made so far to the database, restart the MySQL daemon and verify
if the service is running by issuing the following commands.

systemctl restart mysql

systemctl status mysql

Finally, log in to the MariaDB database console and create a database for application with a user
and a password that will be used to manage the application database, by issuing the following
commands. Make sure you replace the database name, user and password accordingly.

mysql –u root -p

Welcome to the MariaDB monitor. Commands end with ; or \g.

Your MariaDB connection id is 2

Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.

MariaDB [(none)]> CREATE DATABASE moodle_db;

Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on moodle_db.* to 'moodle_user'@'localhost' identified

by 'password1234';

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit

Bye

Finally, return to Debian server console and create a .htaccess file that will be located in your
website document root path, by issuing the below command.

nano /var/www/html/.htaccess

In .htaccess file, add the below lines so that you can manipulate the native PHP server settings to
match your own server resources and configurations.

.htaccess file excerpt:

# Modify PHP settings

php_value register_globals 1
php_value upload_max_filesize 100M
php_value post_max_size 100M
Options -Indexes

Install cron

In order to periodically run the Moodle maintenance script that sends out emails, cleans up the
database, updates feeds or other tasks, add the below cron job to run every 10 minutes, by
issuing the below command.

crontab -u www-data -e

Add the following line and save the cronjob.

*/10 * * * * /usr/bin/php7.0 /var/www/html/admin/cli/cron.php >/dev/null