Install Debian 9 with PHP 5.6 and MySQL 8

Due to the fact that php5.6-curl only works with libcurl3 and Debian 10 is shipped with libcurl4 with no option to downgrade lib curl, it appears you can only use Debian 9 when wanting to use the old PHP 5.6 and curl extensions.

Install updates for Debian

apt-get update

followed by

apt-get dist-upgrade

sudo: command not found

After installation of Debian 9.11 and you try to install a package you might get the message: bash: sudo: command not found

To install sudo, run the following:


apt-get install sudo

Give the user the right to run sudo

usermod -aG sudo username

Log out the user to refresh the group permissions of the user


Install the firewall ufw on Debian

Run the package installer:

sudo apt-get install ufw

To configure your server to allow incoming SSH connections, use this command:

sudo ufw allow ssh

Enable the firewall

sudo ufw enable


Install the Apache Web Server

Update the local package index to reflect the latest upstream changes:

sudo apt update

Install the apache2 package

sudo apt install apache2

Configure the firewall for port 80

sudo ufw allow in 'WWW Full'

On your local computer you can check ‘localhost’ in the browser to see if Apache is running.

To test the install from another computer find the IP address of the server with:

ip addr show


Install MYSQL 8.0

MySQL 8.0 packages are available on the official MySQL Dev apt repository

sudo apt -y install wget
sudo dpkg -i mysql-apt-config_0.8.13-1_all.deb

If you get an error message “lsb-release is not installed.” – run the following:

sudo apt-get update
sudo apt-get install lsb-release

sudo apt update
sudo apt -y install mysql-server


Update the my.cnf file

Add the following information (depends based on your own requirements)
Setting innodb_dedicated_server=1 is an important one.

sudo nano /etc/mysql/my.cnf


Install PHP5.6

sudo apt update

sudo apt upgrade

sudo apt install ca-certificates apt-transport-https

wget -q -O- | sudo apt-key add -

echo "deb stretch main" | sudo tee /etc/apt/sources.list.d/php.list

sudo apt update
sudo apt install php5.6

sudo apt install php5.6-cli php5.6-common php5.6-curl php5.6-mbstring php5.6-mysqlnd php5.6-xml

Create a PHP Info page to see if it is all working.

sudo nano /var/www/html/info.php

Type in:

<?php phpinfo(); ?>

Enter ctrl+x, y and enter

In your browser go to your https://webserver/info.php


Install phpMyAdmin

sudo nano /etc/mysql/my.cnf

Add the following lines:


Restart mysql server

sudo service mysql restart

Install phpmyadmin with

sudo apt install phpmyadmin php-mbstring php-gettext

Select apache2 by pressing SPACE, TAB and then enter

Configure database for phpmyadmin with dbconfig-common?

Choose no, as the installer will fail

Login to phpmyadmin with root


Create a new database called phpmyadmin, click on the Operations tab

Click ‘Create the phpMyAdmin configuration storage

Create an user called phpmyadmin

Choose ‘Native MySQL authentication’

For some reason after adding the user an error was generated, click on the phpmyadmin user, reenter the password and flush privileges.

Give user phpmyadmin full privileges to the database phpmyadmin

Setup SFTP

Using this method with the least amount of configuration, we will create a Match User directive in the SSH config and add your SFTP user to the www-data group.

Create user

sudo adduser webdev

Add Match User Directive in SSH Config

Restrict the user webdev to the document root and also disable their SSH access – we only want them to be able to log in over SFTP. We can do this by adding a Match User directive in the SSH config file.

Begin by opening sshd_config.

sudo nano /etc/ssh/sshd_config

Scroll down to the bottom of the SSH config file and add your new Match User directive.

Make sure that ChrootDirectory is the directory above your document root. For example, if your document root is /var/www/html/, then the ChrootDirectory is /var/www/.

If you followed one of our previous guides on hosting multiple domains on Apache or Nginx, your document root may be located in /var/www/, in that case, your ChrootDirectory would be /var/www/

Note you can add multiple users here separated by a comma, e.g. Match User webdev, webdev2, webdev3/etc/ssh/sshd_config

Match User webdev 
        ChrootDirectory /var/www/
        ForceCommand internal-sftp 
        X11Forwarding no 
        AllowTcpForwarding no 
        PasswordAuthentication yes

Save and exit (press CTRL + X, press Y and then press ENTER)

Test SSH config before restarting.

sudo sshd -t

If no errors, restart the sshd service for changes to take affect.

sudo service sshd restart

Setup SFTP

Add SFTP User to www-data

Add your SFTP user webdev to the www-data group.

sudo usermod -a -G www-data webdev

Note: Linux groups do not take affect until the user logs out and in again. If you are already logged in as this user in your FTP client, close the program completely and then log in again.

Set Directory Permissions

SFTP is very strict when it comes to chroot directory permissions and if they are not set correctly, you will not be able to login.

  • The chroot directory and all of its parents must not have group or world write capabilities. In other words, you must make sure /var/www/ is set to 755. (not 775, which gives group write permissions).
  • The chroot directory and all of its parents must be owned by root.

Assuming that your chroot is /var/www/, ensure that the directory is set to 755.

sudo chmod 755 /var/www/

Ensure your chroot directory is owned by root.

sudo chown root:root /var/www/

To check permissions for this directory:

sudo ls -ld /var/www/


drwxr-xr-x 14 root root 4096 Jun  3 14:28 /var/www/

Make sure the document root is set to 775, which will allow groups write to this directory.

sudo chmod 775 /var/www/html

Make sure that your document root and all contents are owned by www-data.

sudo chown -R www-data:www-data /var/www/html*

Change all directories in the document root to 775. This will allow both the owner (www-data) and its group (which SFTP users belong to) to read, write and execute folders.

sudo find /var/www/html/ -type d -exec chmod 775 {} \;

Change all filesin the document root to 664, this will allow both the owner and the group to read, write and execute files.

sudo find /var/www/html/ -type f -exec chmod 664 {} \;

Make sure that any new files or folders created by SFTP users inherit the www-data group.

sudo find /var/www/html -type d -exec chmod g+s {} \;

Now log into SFTP with you preferred FTP client and make sure you can create, edit and delete files and folders.

If you are not able to log in, check the auth log for the last 50 entries.

sudo tail -n 50 /var/log/auth.log

Adding More SFTP Users

If you need to provide other SFTP users write access to the document root, simply add their usernames separated by a comma, e.g. Match User webdev, webdev2, webdev3 in sshd_config (step 4.1) and then add the SFTP user to the www-data group .