Navigation :

Week3

1. Develop PHP Contact Form on LEMP Stack

🎯 Goal

Learn to manually install and configure a LEMP stack (Linux, Nginx, MySQL, PHP) on Ubuntu and create a simple PHP contact form application with database storage.

📋 Prerequisites

Before beginning this tutorial, you should:

  • Have an Ubuntu 24.04 VM running on Azure
  • Have SSH access to your VM
  • Understand basic Linux command line operations
  • Be familiar with basic HTML and PHP concepts

📚 Learning Objectives

By the end of this tutorial, you will:

»

1. Creating a Virtual Network (vNet)

Overview

The objective of this exercise is to create a Virtual Network (vNet) with a default subnet using the Azure Portal, laying the foundation for a secure network architecture. You will also provision three servers having the roles Web Server, Reverse Proxy and Bastion Host respectively. Finally, firewall rules will be created to secure the network using Azure Network Security Groups (NSG)

NetworkOverview

Step 1: Log in to Azure Portal

  1. Open https://portal.azure.com.
  2. Sign in with your Azure account credentials.

Step 2: Create a Virtual Network

  1. In the Azure Portal, use the search bar at the top to search for “Virtual Networks”.
  2. Select Virtual Networks from the search results or from the left menu
  3. Click the + Create button at the top of the Virtual Networks page.
  4. On the Basics tab, fill in the following information:
    • Subscription: Select your subscription.
    • Resource Group: Choose an existing resource group or create a new one (e.g., DemoRG).
    • Name: Enter DemoVNet.
    • Region: Choose a region close to your location (e.g., North Europe).
  5. Click Review + Create and then click Create to deploy the Virtual Network.

💡 Information

»

2. Security Hardening for LEMP Stack Applications

🎯 Goal

Learn essential security practices to harden your LEMP stack application, transforming the basic educational setup into a more production-ready deployment with proper security measures.

📋 Prerequisites

Before beginning this tutorial, you should:

  • Have completed Tutorial 1: Manual LEMP Stack Installation
  • Have a working LEMP stack with the contact form application
  • Understand basic Linux system administration
  • Be familiar with web application security concepts

📚 Learning Objectives

By the end of this tutorial, you will:

»

2. Creating a Virtual Network with Enhanced Security

Overview

The objective of this exercise is to create a Virtual Network (vNet) with a subnet secured by a Network Security Group (NSG) attached to the subnet itself. You will also provision three servers with specific roles: Web Server, Reverse Proxy, and Bastion Host. Application Security Groups (ASGs) will be configured for the Reverse Proxy and Bastion Host, and all server configurations will be automated using cloud-init.

NetworkOverview

Step 1: Log in to Azure Portal

  1. Open https://portal.azure.com.
  2. Sign in with your Azure account credentials.

Step 2: Create a Virtual Network

  1. In the Azure Portal, use the search bar at the top to search for “Virtual Networks”.
  2. Select Virtual Networks from the search results or from the left menu
  3. Click the + Create button at the top of the Virtual Networks page.
  4. On the Basics tab, fill in the following information:
    • Subscription: Select your subscription.
    • Resource Group: Choose an existing resource group or create a new one (e.g., DemoRG).
    • Name: Enter DemoVNet.
    • Region: Choose a region close to your location (e.g., North Europe).
  5. Click Review + Create and then click Create to deploy the Virtual Network.

Step 3: Create Application Security Groups

  1. In the Azure Portal, search for Application Security Groups.

    »

3. Installing and Configuring phpMyAdmin for MySQL Admin

🎯 Goal

Install and configure phpMyAdmin to provide a web-based graphical interface for managing your MySQL database, making it easier to view data, run queries, and perform database administration tasks.

📋 Prerequisites

Before beginning this tutorial, you should:

  • Have completed Tutorial 1: Manual LEMP Stack Installation
  • Have a working MySQL database with the contact form application
  • Understand basic database concepts (tables, records, queries)
  • Have SSH access to your Ubuntu VM

📚 Learning Objectives

By the end of this tutorial, you will:

»

3. Creating a Virtual Network with Enhanced Security using Azure CLI

Overview

This exercise will guide you through provisioning a complete solution on Azure using only Azure CLI. The solution comprises three servers: a web server, a reverse proxy, and a bastion host. These components are connected via a virtual network and secured with a Network Security Group (NSG) and Application Security Groups (ASGs).

By the end of this exercise, you will have a working environment with secure, isolated network communication between components.

»

4. SSL/TLS Configuration for Nginx

🎯 Goal

Configure SSL/TLS encryption for your LEMP stack application using Nginx SSL offloading, providing secure HTTPS connections for your web application and phpMyAdmin interface.

📋 Prerequisites

Before beginning this tutorial, you should:

  • Have completed Tutorial 1: Manual LEMP Stack Installation
  • Have a working Nginx web server serving your application
  • Have SSH access to your Ubuntu VM
  • Understand basic concepts of SSL/TLS encryption
  • Recommended: Configure your VM with a static public IP address (see note below)
  • For Part 2 (Let’s Encrypt): Own a registered domain name pointing to your VM’s public IP

⚠️ Important: Static IP Recommendation

»

5. Setting Up a Free Domain with DuckDNS

🎯 Goal

Set up a free subdomain using DuckDNS that points to your Azure VM, enabling you to use Let’s Encrypt SSL certificates and access your application with a memorable domain name instead of an IP address.

📋 Prerequisites

Before beginning this tutorial, you should:

  • Have an Azure VM running with a static public IP address
  • Know your VM’s public IP address
  • Have an email address for account registration
  • Understand basic DNS concepts (A records, domain resolution)

📚 Learning Objectives

By the end of this tutorial, you will:

»

5. Securely Manage Servers Behind a Bastion Host

In this tutorial, you’ll learn how to copy files from your local laptop to a web server running in Azure.
We’ll cover two scenarios:

  1. Direct access (server has a public IP).
  2. Indirect access via a bastion host (server only has a private IP).

We’ll also use a staging folder (/tmp/app) on the server to keep things clean and make updates easier.

1. Local Project Setup

On your laptop, create a folder named app/ with three files:

»

6. Use A Reverse Proxy In Front of the App

Introduction

This tutorial is designed for developers and system administrators looking to configure Nginx as a reverse proxy in front of an application server on Azure. Both servers will reside within the same virtual network.

Prerequisites

  • An active Azure account. Sign up here if you don’t have one.
  • Familiarity with Azure portal, cloud networking, and SSH.
  • Basic knowledge of Nginx.

In order to “set the table” so that we can verify that the reverse proxy works as expected, let’s create two VMs - one Application Server and one Reverse Proxy. These two servers should be connected to the same subnet in this example.

»