Remember when setting up a web server felt like trying to assemble a motorcycle while blindfolded? Those days don’t have to be behind us, but they can be it if you know what you’re doing. Setting up a LAMP stack (Linux, Apache, MySQL, PHP) is still one of the most fundamental skills every web developer and business owner should master, especially if you’re running your own VPS.<\/p>\n\n\n\n
At Nest Nepal, we’ve helped hundreds of businesses migrate from shared hosting to VPS, and the first thing they need is a solid LAMP stack setup. Whether you’re hosting a simple business website, running an e-commerce store, or managing multiple client sites, getting your LAMP stack right is crucial for performance, security, and peace of mind.<\/p>\n\n\n\n
Today, we’re going to walk through setting up a modern, secure, and optimized LAMP stack on a VPS in 2025. This isn’t your grandfather’s web server setup; we’re talking about current best practices, security hardening, and performance optimization that will make your sites fly.<\/p>\n\n\n\n
Before we dive into the technical details, let’s ensure we’re all on the same page. LAMP is an acronym that stands for:<\/p>\n\n\n\n
Think of LAMP as the foundation of your digital house. Linux is the foundation you build on, Apache is the structure that holds everything together, MySQL is where you store all your valuable data, and PHP is the electricity that makes everything work.<\/p>\n\n\n\n
You might wonder, “Isn’t LAMP old technology?” Well, so is the wheel, but we’re still using it because it works brilliantly. Here’s why LAMP remains the go-to choice:<\/p>\n\n\n\n
1. Proven Reliability:<\/strong> LAMP has been battle-tested by millions of websites over decades. It’s stable, predictable, and just works.<\/p>\n\n\n\n 2. Universal Compatibility:<\/strong> Almost every web application, CMS, or framework supports LAMP. WordPress, Joomla, Drupal, custom PHP applications, they all love LAMP.<\/p>\n\n\n\n 3. Cost-Effective:<\/strong> Everything in the LAMP stack is open-source and free. No licensing fees, no vendor lock-in.<\/p>\n\n\n\n 4. Massive Community Support:<\/strong> Stuck with a problem? There’s probably a solution already documented somewhere, or thousands of developers ready to help.<\/p>\n\n\n\n 5. Performance When Properly Configured:<\/strong> A well-tuned LAMP stack can handle massive traffic loads. Facebook started on LAMP, and many high-traffic sites still use it.<\/p>\n\n\n\n Before we start installing anything, let’s talk about choosing the right VPS. Not all VPS providers are created equal, and your choice will affect everything we do next.<\/p>\n\n\n\n For this guide, we’ll use Ubuntu 22.04 LTS<\/strong> (Long Term Support). Here’s why:<\/p>\n\n\n\n Choices that work great:<\/p>\n\n\n\n This is crucial; never skip server hardening. I’ve seen too many businesses get hacked because they skipped these basic security steps.<\/p>\n\n\n\n Step 1: Initial Connection and Updates<\/strong><\/p>\n\n\n\n Never run services as root. Create a regular user with sudo privileges:<\/p>\n\n\n\n Step 3: Configure SSH Security<\/strong><\/p>\n\n\n\n Step 4: Configure Firewall<\/strong><\/p>\n\n\n\n Your VPS likely came with Linux already installed, but let’s make sure we have everything optimized.<\/p>\n\n\n\n Memory and Swap Configuration<\/strong><\/p>\n\n\n\n Apache remains the most popular web server globally, and for good reason. It’s flexible, well-documented, and handles almost any scenario you can throw at it.<\/p>\n\n\n\n You should see the Apache default page HTML.<\/p>\n\n\n\n Step 3: Enable Essential Apache Modules<\/strong><\/p>\n\n\n\nChoosing Your VPS: The Foundation Matters<\/strong><\/h2>\n\n\n\n
Minimum Recommendations for LAMP in 2025<\/strong><\/h3>\n\n\n\n
Resource<\/strong><\/td> Minimum<\/strong><\/td> Recommended<\/strong><\/td> High-Traffic<\/strong><\/td><\/tr> RAM<\/strong><\/td> 1GB<\/td> 2GB<\/td> 4GB+<\/td><\/tr> CPU<\/strong><\/td> 1 vCPU<\/td> 2 vCPU<\/td> 4+ vCPU<\/td><\/tr> Storage<\/strong><\/td> 20GB SSD<\/td> 40GB SSD<\/td> 100GB+ SSD<\/td><\/tr> Bandwidth<\/strong><\/td> 1TB<\/td> Unlimited<\/td> Unlimited<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n Operating System Choice<\/strong><\/h3>\n\n\n\n
\n
\n
Initial Server Setup: Security First<\/strong><\/h2>\n\n\n\n
First, connect to your fresh VPS:\n# Connect via SSH (replace with your server IP)\nssh root@your-server-ip\n\n# Update the system completely\napt update && apt upgrade -y\n\n# Install essential packages\napt install -y curl wget vim ufw fail2ban htop<\/code><\/pre>\n\n\n\nStep 2: Create a Non-Root User<\/strong><\/h3>\n\n\n\n
# Create new user (replace 'nepal' with your preferred username)\nadduser nepal\n\n# Add user to sudo group\nusermod -aG sudo nepal\n\n# Test sudo access\nsu - nepal\nsudo whoami # Should return 'root'<\/code><\/pre>\n\n\n\n# Edit SSH configuration\nsudo vim \/etc\/ssh\/sshd_config\n\n# Make these changes:\n# Port 2222 # Change from default port 22\n# PermitRootLogin no # Disable root login\n# PasswordAuthentication no # Use keys only (after setting up keys)\n# MaxAuthTries 3 # Limit login attempts\n\n# Restart SSH service\nsudo systemctl restart ssh\n\nImportant: Set up SSH keys before disabling password authentication!<\/code><\/pre>\n\n\n\n# Configure UFW (Uncomplicated Firewall)\nsudo ufw default deny incoming\nsudo ufw default allow outgoing\n\n# Allow SSH on your custom port\nsudo ufw allow 2222\n\n# Allow HTTP and HTTPS\nsudo ufw allow 80\nsudo ufw allow 443\n\n# Enable firewall\nsudo ufw enable\n\n# Check status\nsudo ufw status<\/code><\/pre>\n\n\n\nInstalling Linux Components<\/strong><\/h2>\n\n\n\n
System Optimization<\/strong><\/h3>\n\n\n\n
# Install additional useful packages\nsudo apt install -y software-properties-common apt-transport-https ca-certificates\n\n# Configure timezone (important for logs and cron jobs)\nsudo timedatectl set-timezone Asia\/Kathmandu\n\n# Verify timezone setting\ntimedatectl\n\n# Configure automatic security updates\nsudo apt install -y unattended-upgrades\nsudo dpkg-reconfigure -plow unattended-upgrades<\/code><\/pre>\n\n\n\n# Check current memory\nfree -h\n\n# Create swap file (recommended: 2x RAM for servers with <2GB RAM)\nsudo fallocate -l 2G \/swapfile\nsudo chmod 600 \/swapfile\nsudo mkswap \/swapfile\nsudo swapon \/swapfile\n\n# Make swap permanent\necho '\/swapfile none swap sw 0 0' | sudo tee -a \/etc\/fstab\n\n# Optimize swap usage (optional)\necho 'vm.swappiness=10' | sudo tee -a \/etc\/sysctl.conf<\/code><\/pre>\n\n\n\nInstalling Apache: Your Web Server Foundation<\/strong><\/h2>\n\n\n\n
Step 1: Install Apache<\/strong><\/h3>\n\n\n\n
# Install Apache\nsudo apt install -y apache2\n\n# Start and enable Apache\nsudo systemctl start apache2\nsudo systemctl enable apache2\n\n# Check status\nsudo systemctl status apache2\n\n# Test installation\ncurl http:\/\/localhost<\/code><\/pre>\n\n\n\nStep 2: Configure Apache Security<\/strong><\/h3>\n\n\n\n
# Edit main Apache configuration\nsudo vim \/etc\/apache2\/conf-enabled\/security.conf\n\n# Add or modify these settings:\nServerTokens Prod\nServerSignature Off\n\n# Edit Apache main config\nsudo vim \/etc\/apache2\/apache2.conf\n\n# Add these security headers (at the end):\n# Hide Apache version\nServerTokens Prod\nServerSignature Off\n\n# Prevent access to .htaccess files\n<FilesMatch \"^\\.ht\">\n Require all denied\n<\/FilesMatch><\/code><\/pre>\n\n\n\n# Enable important modules\nsudo a2enmod rewrite\nsudo a2enmod ssl\nsudo a2enmod headers\nsudo a2enmod deflate\nsudo a2enmod expires\n\n# Restart Apache to load modules\nsudo systemctl restart apache2<\/code><\/pre>\n\n\n\n