Skip to content
Learni
View all tutorials
DevOps

How to Install AlmaLinux and Set Up a LAMP Server in 2026

12 minBEGINNER
DevOpsLinuxAlmaLinuxLAMPServeur Web
Lire en français

Introduction

AlmaLinux is a free enterprise-grade Linux distribution, a 1:1 fork of Red Hat Enterprise Linux (RHEL), ideal for production servers. Launched in 2021 as a stable alternative to CentOS, it guarantees 10 years of LTS support without licensing costs. Why choose AlmaLinux in 2026? Its binary compatibility with RHEL lets you use the same tools (dnf, systemd) and RPM packages, while steering clear of unstable distros like Ubuntu in critical environments.

This beginner tutorial walks you through it step by step: installing in a virtual machine, secure updates, and setting up a functional LAMP stack (Linux, Apache, MariaDB, PHP). By the end, you'll have a web server ready for a PHP app, complete with an active firewall and security best practices. Think of it like assembling a puzzle: start with the basics (clean OS), add the pieces (services), and lock it down. Estimated time: 45 minutes. Perfect for developers seeking a reliable server without a steep learning curve.

Prerequisites

  • Virtual machine: VirtualBox or VMware Workstation (free), with 2 GB RAM, 20 GB disk, 2 CPUs.
  • AlmaLinux ISO: Download version 9.4 Minimal from get.almalinux.org (verify SHA256 for security).
  • Host tools: Rufus (Windows) or dd (Linux/Mac) to create a bootable USB drive.
  • Basic command-line knowledge (sudo, editors like nano).
  • Internet access on the VM.

Installation and First Login

post-install.sh
#!/bin/bash
# Log in as root or use sudo
sudo dnf clean all
sudo dnf update -y
sudo dnf upgrade -y
sudo reboot

After booting from the AlmaLinux ISO in your VM (follow the Anaconda installer: English language, automatic partitioning, strong root password), run this script to clean the cache, update all packages, and reboot. This applies the latest security patches and kernel updates, avoiding zero-day vulnerabilities. Common pitfall: forgetting the '-y' flag to automate confirmations.

Enable the Basic Firewall

AlmaLinux uses firewalld by default, which is more flexible than iptables. We'll enable it and open essential ports (SSH:22, HTTP:80, HTTPS:443) for an accessible web server. This blocks all unauthorized traffic right from startup, like a locked door with a whitelist.

firewalld Configuration

firewall-setup.sh
#!/bin/bash
sudo systemctl enable firewalld
sudo systemctl start firewalld
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
sudo firewall-cmd --list-all

This script enables firewalld on boot, starts the service, adds standard services (no manual ports to avoid errors), reloads, and lists the rules. Verify with 'sudo firewall-cmd --list-all': you'll see ssh, http, and https open. Pitfall: forgetting --permanent makes rules disappear on reboot.

Install Apache HTTP Server

Apache (httpd) is the default web server on AlmaLinux—modular and performant for PHP. We'll install it from the official repos, set up a VirtualHost, and test it. Analogy: like laying the foundation of a house before adding the walls.

Apache Installation and Configuration

apache-install.sh
#!/bin/bash
sudo dnf install httpd -y
sudo systemctl enable httpd
sudo systemctl start httpd
sudo firewall-cmd --permanent --add-service=http --add-service=https
sudo firewall-cmd --reload

Installs httpd, enables it on boot, starts it, and reopens the firewall ports. Visit http://VM_IP to see the 'Apache HTTP Server Test Page'. Pitfall: SELinux can block access; check with 'sudo ausearch -m avc -ts recent' and allow via semanage if needed.

Custom VirtualHost

/etc/httpd/conf.d/monapp.conf
<VirtualHost *:80>
    ServerName monapp.example.com
    DocumentRoot /var/www/monapp
    <Directory /var/www/monapp>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
    ErrorLog /var/log/httpd/monapp_error.log
    CustomLog /var/log/httpd/monapp_access.log combined
</VirtualHost>

# Create the directory and test
sudo mkdir -p /var/www/monapp
sudo chown -R apache:apache /var/www/monapp
echo "<?php phpinfo(); ?>" | sudo tee /var/www/monapp/index.php
sudo systemctl restart httpd

This complete config defines an isolated vhost for 'monapp' with dedicated logs and .htaccess enabled. The inline bash creates the directory, sets apache as owner, and adds a test index.php. Restart httpd and access via IP to view phpinfo(). Pitfall: incorrect ownership leads to 403 Forbidden errors.

Install MariaDB and PHP

MariaDB replaces MySQL (drop-in compatible) and is optimized for AlmaLinux. PHP 8.3+ comes via the Remi module for top performance. Secure the database post-install like a vault.

MariaDB Installation

mariadb-install.sh
#!/bin/bash
sudo dnf install mariadb-server -y
sudo systemctl enable mariadb
sudo systemctl start mariadb
sudo mysql_secure_installation

Installs MariaDB, enables and starts it, then runs the interactive secure installer: set a strong root password, remove anonymous/test users, and disable remote root login. Example output: 'All done!'. Pitfall: skipping mysql_secure_installation leaves the DB open to attacks.

PHP 8.3 Installation

php-install.sh
#!/bin/bash
sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-9.rpm -y
sudo dnf module enable php:remi-8.3 -y
sudo dnf install php php-mysqlnd php-fpm php-gd php-xml -y
sudo systemctl enable php-fpm
sudo systemctl start php-fpm
sudo setsebool -P httpd_exec_mod on
sudo systemctl restart httpd

Enables the Remi repo for modern PHP, installs the core plus common extensions (mysqlnd for DB connectivity), enables FPM for better performance, and authorizes SELinux exec. Reloads httpd. Check phpinfo(): version 8.3 confirmed. Pitfall: without Remi, you get outdated PHP 8.0; SELinux blocks without setsebool.

Final LAMP Stack Verification

Create a test DB: mysql -u root -p, then CREATE DATABASE testdb; SHOW DATABASES;. Upload a PHP script that connects to the DB in /var/www/monapp. Your LAMP server is live! Access it at http://VM_IP/monapp/index.php.

Best Practices

  • Strong passwords: Use pwgen or diceware; store in KeePass.
  • Automated updates: sudo dnf install dnf-automatic ; sudo systemctl enable --now dnf-automatic.timer for security patches.
  • SSH keys only: sudo install -m 700 -d /root/.ssh ; ssh-keygen and edit /etc/ssh/sshd_config (PasswordAuthentication no).
  • Log rotation: Check logrotate.conf for httpd and mariadb.
  • Backups: rsync /var/www to an offsite location weekly.

Common Errors to Avoid

  • Forgot sudo: Behind 80% of 'permission denied' errors; always prefix commands.
  • Firewall not reloaded: --permanent rules without --reload stay invisible.
  • SELinux permissive: Never disable it (setenforce 0); use audit2allow instead.
  • PHP without FPM: Mod_php is obsolete; FPM isolates processes better.

Next Steps

  • Official docs: AlmaLinux Wiki.
  • Advanced: Docker/Podman on AlmaLinux, or Nginx instead of Apache.
  • Learni DevOps Training: Master Ansible to automate 10x faster.
  • Community: AlmaLinux Discord forum.