LAMP Stack User Guide
Overview
The LAMP Stack AMI by cloudimg provides a fully preconfigured Linux, Apache, MySQL, and PHP environment ready to run on Amazon EC2. This image is built on AlmaLinux and includes all four core components of the classic LAMP web application stack, enabling you to deploy dynamic websites and web applications within minutes of launch.
This guide walks you through every step from launching the instance to verifying each component, managing services, working with the filesystem layout, and applying security best practices. Whether you are hosting a WordPress site, a custom PHP application, or a database driven web service, this AMI gives you a production ready starting point backed by cloudimg's 24/7 support.
Visit www.cloudimg.co.uk to explore the full catalogue of preconfigured AMIs available on the AWS Marketplace.
Prerequisites
Before launching the LAMP Stack AMI, ensure you have the following in place.
AWS Account You need an active AWS account with permissions to launch EC2 instances and manage security groups.
EC2 Key Pair Create or select an existing EC2 key pair in the region where you plan to launch the instance. This key pair is required for SSH authentication.
Security Group Configuration Your security group must allow inbound traffic on the following ports:
| Protocol | Type | Port | Description |
|---|---|---|---|
| SSH | TCP | 22 | SSH connectivity for remote administration |
| Custom TCP | TCP | 80 | Apache HTTP web server |
| Custom TCP | TCP | 3306 | MySQL database listener for remote access |
Restrict SSH access to your own IP address or a trusted CIDR range. Only open port 3306 if you specifically require remote database connections; for most deployments, local access from the server itself is sufficient.
Minimum System Requirements
| Minimum CPU | Minimum RAM | Required Disk Space |
|---|---|---|
| 1 vCPU | 1 GB | 20 GB |
Any EC2 instance type meeting these minimums will work. For production workloads, consider a t3.medium or larger to ensure consistent performance under load.
Step by Step Setup
Step 1: Launch the Instance
- Open the AWS Marketplace listing for LAMP Stack by cloudimg.
- Click Continue to Subscribe, then Continue to Configuration.
- Select your preferred AWS Region and instance type.
- On the launch page, choose your VPC, subnet, and assign the security group you prepared above.
- Select your EC2 key pair and launch the instance.
Step 2: Wait for Status Checks
Allow the EC2 instance to reach 2/2 status checks passed before attempting to connect. The instance runs an initial boot update script that applies the latest operating system patches, so the first boot may take a few minutes longer than usual.
If you attempt to connect before both status checks have passed, you may see errors such as:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic).
ec2-user@your-instance-ip's password:
This is expected behaviour during early boot. Wait for the status checks to complete and try again.
Step 3: Connect via SSH
Connect to the instance using your private key:
ssh -i /path/to/your-key.pem ec2-user@<PUBLIC_IP>
Replace <PUBLIC_IP> with the public IP address or public DNS name shown in the EC2 console.
Step 4: Switch to the Root User
Once connected as ec2-user, switch to the root user:
sudo su -
All administrative tasks described in this guide should be performed as root.
Step 5: Retrieve the MySQL Root Password
The MySQL root password is randomly generated at build time and stored in a log file on the server:
cat /stage/scripts/mysql_root_password.log
Make a note of this password. You will need it to log in to the MySQL command line client.
Step 6: Verify Apache Is Running
Open a web browser and navigate to:
http://<PUBLIC_IP>:80
You should see the AlmaLinux Test Page confirming that the Apache HTTP Server is operational.
Step 7: Verify PHP Is Running
Navigate to the PHP info page:
http://<PUBLIC_IP>/info.php
You should see the PHP information page showing the installed version and loaded modules. For security, remove or restrict access to this file before going into production.
Step 8: Connect to MySQL
From the root shell on the instance, connect to MySQL:
mysql -u root -p
Enter the password you retrieved from /stage/scripts/mysql_root_password.log when prompted. The root database user is configured for local login only, which is best practice for production environments.
Server Components
The LAMP Stack AMI includes the following preconfigured components. Versions may be updated on first boot when the initial update script runs.
| Component | Configuration File | Description |
|---|---|---|
| MySQL | /etc/my.cnf | Relational database server for dynamic data storage |
| Apache HTTP | /etc/httpd or /etc/apache2 | Web server handling HTTP requests on port 80 |
| PHP | /etc/php.ini | Server side scripting language for dynamic content |
MySQL serves as the database backend. It is configured to start automatically on boot and listens on port 3306. The root user is restricted to local connections only for security.
Apache HTTP Server handles all incoming web requests. The document root is located at /var/www/html where you place your website files, virtual host configurations, and static assets.
PHP is integrated with Apache through the PHP module. Configuration is managed via /etc/php.ini and additional module configuration files are located in /etc/php.d/.
Filesystem Layout
The AMI uses dedicated mount points to separate system files, database data, and web content for improved performance and manageability.
| Mount Point | Description |
|---|---|
| / | Root filesystem containing the operating system |
| /boot | Operating system kernel files |
| /var/lib/mysql | MySQL data directory on a dedicated volume |
| /var/www/html | Apache document root on a dedicated volume |
Key directories and their purposes:
| Path | Purpose |
|---|---|
| /var/www/html | Place your website files, PHP scripts, and static assets here |
| /var/lib/mysql | All MySQL databases and table data are stored here |
| /etc/httpd | Apache configuration files including virtual hosts |
| /etc/php.ini | Main PHP configuration file |
| /etc/php.d/ | Additional PHP module configuration files |
| /stage/scripts | cloudimg provisioning scripts and log files |
The separation of /var/lib/mysql and /var/www/html onto their own volumes means you can independently resize storage for the database or web content without affecting the root filesystem.
Managing Services
All services on the LAMP Stack AMI are managed using standard Linux service commands. Each service is configured to start automatically on boot.
MySQL Service
# Check the MySQL service status
service mysqld status
# Stop the MySQL service
service mysqld stop
# Start the MySQL service
service mysqld start
# Restart the MySQL service
service mysqld restart
Apache HTTP Service
On RedHat based systems (including this AlmaLinux AMI), the service is named httpd:
# Check the Apache service status
systemctl status httpd
# Stop the Apache service
systemctl stop httpd
# Start the Apache service
systemctl start httpd
# Restart the Apache service
systemctl restart httpd
PHP
PHP runs as a module within Apache, so there is no separate PHP service to manage. Restarting Apache will reload any changes to PHP configuration.
# Check the installed PHP version
php -v
# Test PHP configuration for syntax errors
php -i
After making changes to /etc/php.ini, restart Apache to apply them:
systemctl restart httpd
Scripts and Log Files
The AMI includes several scripts and log files created by cloudimg to streamline first boot provisioning and administration.
| Script or Log | Path | Description |
|---|---|---|
| initial_boot_update.sh | /stage/scripts | Updates the operating system with the latest available patches on first boot |
| initial_boot_update.log | /stage/scripts | Output log from the initial boot update script |
| mysql_root_password.log | /stage/scripts | Contains the randomly generated MySQL root password |
Disabling the Initial Boot Update Script
The OS update script runs automatically on every reboot via crontab. If you prefer to manage updates manually, you can disable it:
rm -f /stage/scripts/initial_boot_update.sh
crontab -e
# DELETE THE BELOW LINE, SAVE AND EXIT THE FILE:
@reboot /stage/scripts/initial_boot_update.sh
This prevents the automatic update from running on subsequent reboots while preserving the log files for reference.
Deploying Your Application
Uploading Website Files
Place your PHP application files in the Apache document root:
# Copy files from your local machine
scp -i /path/to/your-key.pem -r ./my-app/* ec2-user@<PUBLIC_IP>:/tmp/
# Then on the server, move them into place
sudo cp -r /tmp/my-app/* /var/www/html/
sudo chown -R apache:apache /var/www/html/
Creating a MySQL Database
Connect to MySQL as root and create a database for your application:
mysql -u root -p
CREATE DATABASE myapp;
CREATE USER 'myappuser'@'localhost' IDENTIFIED BY 'your_secure_password';
GRANT ALL PRIVILEGES ON myapp.* TO 'myappuser'@'localhost';
FLUSH PRIVILEGES;
EXIT;
Configuring Virtual Hosts
To host multiple websites, create virtual host configuration files:
vi /etc/httpd/conf.d/mysite.conf
Add a configuration block similar to the following:
<VirtualHost *:80>
ServerName www.example.com
DocumentRoot /var/www/html/mysite
<Directory /var/www/html/mysite>
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/httpd/mysite-error.log
CustomLog /var/log/httpd/mysite-access.log combined
</VirtualHost>
Restart Apache to apply the new virtual host:
systemctl restart httpd
Troubleshooting
Cannot connect via SSH
- Confirm the instance has reached 2/2 status checks in the EC2 console.
- Verify your security group allows inbound TCP traffic on port 22 from your IP address.
- Ensure you are using the correct key pair and connecting as
ec2-user. - Check that the key file permissions are set correctly:
chmod 400 /path/to/your-key.pem.
Apache is not serving pages
- Check the Apache service status:
systemctl status httpd. - Review the error log:
cat /var/log/httpd/error_log. - Confirm your security group allows inbound traffic on port 80.
- Verify that files exist in
/var/www/htmland have correct ownership (apache:apache).
Cannot connect to MySQL
- Check the MySQL service status:
service mysqld status. - Verify you are using the correct password from
/stage/scripts/mysql_root_password.log. - If connecting remotely, ensure port 3306 is open in your security group and MySQL is configured to accept remote connections in
/etc/my.cnf.
PHP pages display as plain text
- Ensure the PHP module is loaded in Apache:
httpd -M | grep php. - Verify the file has a
.phpextension. - Restart Apache after any configuration changes:
systemctl restart httpd.
Initial boot update is taking a long time
- The first boot runs a full OS update which can take several minutes depending on the instance type and available bandwidth.
- Monitor progress by tailing the update log:
tail -f /stage/scripts/initial_boot_update.log.
Security Recommendations
Remove the PHP Info Page
The info.php file exposes detailed server configuration. Remove it after verifying PHP is working:
rm -f /var/www/html/info.php
Restrict MySQL Remote Access
By default, the MySQL root user is configured for local access only. Keep it this way for production. If your application connects from the same server, use localhost as the database host.
Enable HTTPS with TLS
For production deployments, configure Apache with a TLS certificate. You can use Let's Encrypt with Certbot:
yum install -y certbot python3-certbot-apache
certbot --apache -d yourdomain.com
Apply Security Updates Regularly
Keep the operating system and all packages up to date:
yum update -y
Restrict Security Group Rules
- Limit SSH (port 22) to specific trusted IP addresses.
- Only open port 3306 if remote database access is genuinely required.
- Consider using a bastion host or AWS Systems Manager Session Manager for SSH access instead of exposing port 22 to the internet.
Configure a Firewall
In addition to AWS security groups, consider enabling the local firewall:
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=ssh
firewall-cmd --reload
Backup Your Data
Regularly back up the MySQL data directory and web content. Use AWS EBS snapshots for volume level backups or mysqldump for logical database backups:
mysqldump -u root -p --all-databases > /tmp/all-databases-backup.sql
Support
If you encounter any issues not covered in this guide or need further assistance, the cloudimg support team is available 24/7.
Email: support@cloudimg.co.uk Phone: (+44) 02045382725 Website: www.cloudimg.co.uk Address: 3rd Floor, 86 90 Paul Street, London, EC2A 4NE
When contacting support, please include your EC2 instance ID, the AWS region, and a description of the issue along with any relevant log output.