Server Preparation for Ubuntu 18.04

The target audience for this document is more sophisticated admins with additional needs and setup scenarios.

Apache Web Server and PHP

The following command installs the Apache web server and PHP.

sudo apt install php libapache2-mod-php apache2

Common Prerequisites

# Applications suggested for the use with ownCloud
sudo apt install smbclient
sudo apt install redis-server

# Applications needed for the use with ownCloud
sudo apt install unzip
sudo apt install openssl

# PHP extensions needed to use ownCloud
sudo apt install php-mysql php-mbstring php-gettext php-intl php-redis \
     php-imagick php-igbinary php-gmp php-curl php-gd php-zip php-imap \
     php-ldap php-bz2 php-phpseclib

If you want to retrieve a list of enabled PHP extensions run following command:

ls `php -i | grep "^extension_dir" | sed -e 's/.*=> //'`

HASH Message-Digest Framework

This framework does not need manual intervention anymore because:

  • as of PHP 5.1.2, the Hash extension is bundled and compiled into PHP by default.

  • as of PHP 7.4.0, the Hash extension is a core PHP extension, so it is always enabled.

For more information refer to PHP’s Hash Installation documentation.

Exif Library

This library should be already as part of PHP 7.2. However, you can check if it is by running the following command.

grep -q -P 'EXIF Support => enabled' <(php -i) && echo "Exif is installed and enabled"

PHP 7.2 Cryptography Library

The sodium and OpenSSL PHP libraries are cryptographic libraries which are part of the PHP 7.2 core. Consequently, there is no need to install additional cryptographic libraries, such as php-libsodium or mcrypt.

The mcrypt library is deprecated and removed from the PHP 7.2 core. However, it is available via PECL.

php-libsodium

If you see the message PHP Fatal error: sodium_init() in Unknown on line 0 when invoking the command php -v or when running PHP programs, php-libsodium might be installed. This error does not do any harm, but it can be annoying and fills up your logs.

From PHP 7.2 onwards, libsodium is part of PHP, loading the library is no longer necessary.

To prevent it, you have to uninstall php-libsodium. You can do this by running the following command:

sudo apt remove php-libsodium

You can check success by invoking the command php -v which should not return this error message anymore. You can also check the existence of sodium with following command:

grep -P "sodium support => enabled" <( php -i )

Mcrypt PHP Library

Here are the steps for installing Mcrypt — when it is explicitly necessary.

Some of the steps were borrowed from the website for Student’s guide to installing the PHP 7.2-Mcrypt module.

First, determine the Mcrypt version you want to use in PECL’s Mcrypt documentation. Then, run the following commands to install it.

sudo apt install php-dev libmcrypt-dev php-pear
sudo pecl channel-update pecl.php.net
sudo pecl install mcrypt-<desired mcrypt version>

When the commands complete, you then have to:

  • Create /etc/php/7.2/mods-available/mcrypt.ini with the following content: extension=mcrypt.so.

  • Enable the module by running phpenmod mcrypt.

  • Restart php-fpm and your web server, by running the following commands:

    sudo service php7.2-fpm restart
    sudo service apache2 restart

libsmbclient-php Library

libsmbclient-php is a PHP extension that uses Samba’s libsmbclient library to provide Samba-related functions to PHP programs. You only need to install it if you have installed smbclient as described above. To install it, run the following commands.

sudo apt install php-dev libsmbclient-dev php-pear
sudo pecl channel-update pecl.php.net
sudo pecl install smbclient

When the commands complete, you then have to:

  • Create /etc/php/7.2/mods-available/smbclient.ini with following content extension=smbclient.so.

  • Enable the module by running phpenmod smbclient.

  • Restart PHP and your web server by running the following command:

    sudo service php7.2-fpm restart
    sudo service apache2 restart

Due to a change in the minimum protocol version used in the Samba client in Ubuntu 18.04, you may not get a valid connection in ownCloud This error is identified by a red box at the mount definition or being unable to list directory content. In this case, you have to add the following to /etc/samba/smb.cnf, below the workgroup = statement:

client max protocol = NT1

For more information see: Bionic Beaver can not discover Samba hosts

MariaDB Database

For how to install the latest stable release of MariaDB, please refer to the MariaDB installation documentation.

For MariaDB server releases lower than 10.4.3, you will be prompted during the installation to create a root password. Be sure to remember your password, as you will need it during the ownCloud database setup.

From MariaDB 10.4.3 onwards, the authentication method has changed to UNIX socket. For details, please refer to: MariaDB: Authentication Plugin - Unix Socket. The unix_socket authentication plugin allows the user to use operating system credentials when connecting to MariaDB via a local UNIX socket. Follow the procedure below to create a user, giving ownCloud access to create it’s database respectively for phpMyAdmin. Don’t forget to change the username and password according to your needs.

sudo mysql
MariaDB [(none)]>
 CREATE USER IF NOT EXISTS 'newuser'@'localhost' IDENTIFIED BY 'changeme';
 GRANT ALL PRIVILEGES ON *.* TO 'newuser'@'localhost' WITH GRANT OPTION;
 SHOW GRANTS FOR 'newuser'@'localhost' ;

If you have an existing installation of MariaDB and upgrade to a higher version, do not forget to run the following command beforehand, which creates the users above — especially when upgrading to MariaDB 10.4.3:

sudo mysql_upgrade
Follow this procedure if you want to disable Transparent Huge Pages

If you want to install phpMyAdmin as a graphical interface for administering the database, run the following command:

sudo apt install phpmyadmin

Useful Tips

Start a Service After a Resource is Mounted

If you have network resources, such as NFS or iSCSI based mounts and you want to make sure that the database or web server only starts after the resource is mounted. Consider the following example setup when configuring your system.

The example below is based on an NFS mount which you want to be available before the service with <name.service> starts. The same procedure can be used for iSCSI. For details setting up an iSCSI mount see the Ubuntu 18.04 iSCSI Initiator guide.

The name in <name.service> could be any valid service, including apache2, mysql or mariadb.

  • Add _netdev to the list of NFS mount point options in /etc/fstab.

    This option ensures that the mount happens after the network is up:

    resource:foreign_path local_path nfs (<your options>),_netdev
  • Make sure that all mounts in /etc/fstab are mounted by running:

    sudo mount -a
  • Run the following command to list mounts which must be up first:

    systemctl list-units | grep -nP "\.mount"

    You should see lines printed to the console. Look for the mount you want to be up in the command’s output.

    <folder.mount>
      loaded active mounted <local_path>

    where <folder.mount> and <local_path> are examples!

  • Edit the service you want to change:

    sudo systemctl edit <name>.service

    Add the following directive in the editor opened using your chosen folder.mount from above:

    [Unit]
    After=folder.mount

    You can add more than one dependency if needed by separating them with spaces. This procedure keeps <name>.service in its original state but makes it possible to override the current setup with new parameters. It automatically creates a directory in /etc/systemd/system, named <name>.service.d, and a file in that directory called override.conf. In the example above, the parameter is added to the existing list of parameters of the After directive.

    For more details please read section Example 2. Overriding vendor settings

    Please keep the following points in mind, regarding if <name>.service is linked or not:

    • If the file is linked from /lib/systemd/system, it is for packaged unit files. They are overwritten when Systemd (or whatever package provides them) is upgraded.

    • If the file originates in /etc/systemd/system, it is for your own and customised unit files. Unit files you place in here override the package-provided file and will not be replaced on upgrade.

    It is recommended to keep things simple and future proof by creating an override file via systemctl edit.

  • Run the following command to apply your changes:

    sudo systemctl daemon-reload
  • Check if <name>.service has been properly added:

    sudo systemctl show <name>.service | grep "After="

    folder.mount should be part of the parameter list.

  • Restart your service by invoking:

    sudo system <name> restart

Disable Transparent Huge Pages (THP)

Transparent Huge Pages should be disabled when using databases. This is applicable when using Redis, as well as MariaDB. For more information read: Why THP (Transparent Huge Pages) are not recommended for Databases.

To disable Transparent Huge Pages, follow these steps:

  • Create in /etc/systemd/system a file like disable-thp.service add the following content:

    [Unit]
    Description=Disable Transparent Huge Pages
    DefaultDependencies=no
    After=sysinit.target local-fs.target
    Before=basic.target
    
    [Service]
    Type=oneshot
    ExecStart=/bin/sh -c '/bin/echo never > /sys/kernel/mm/transparent_hugepage/enabled'
    ExecStart=/bin/sh -c '/bin/echo never > /sys/kernel/mm/transparent_hugepage/defrag'
    
    [Install]
    WantedBy=basic.target
  • Run following command to apply and activate your changes and start it automatically at boot time:

    sudo systemctl daemon-reload
    sudo systemctl enable disable-thp
    sudo service disable-thp start