- 1 In this guide
- 2 Prerequisites
- 3 Step 1. Installing Nginx and configuring the Firewall
- 4 MySQL (MariaDB) installation
- 5 PHP installation and configuration
- 6 Nginx installation and configuration
LEMP is an acronym for a web service solution stacks, originally consisting of Linux, the Nginx HTTP Server, the MySQL database, and the PHP programming language. As a solution stack, LEMP is suitable for building dynamic web sites and web applications.
LEMP is not the only stack for this purpose, but surely one of the most known one. Stacks you also might have heard of:
- LAMP (Apache is used instead of Nginx);
- LAPP (PostgreSQL is used instead of MySQL);
- LLMP (Lighttpd is used instead of Apache).
In this guide
In this guide, we shall install a LEMP stack on the Pilw.io CentOS 7 server with a non-root sudo-enabled user account and a basic firewall. Also, we will check if everything is working by creating a “Hello world!” template. We will do the following steps:
- Installing Nginx and configuring the Firewall;
- Installing the MySQL;
- Installing PHP;
- Creating a Virtual Host for your Website;
- Testing PHP processing on the Nginx webserver.
Prerequisites
For our very own LAMP stack server, we will need a CentOS 7 server, which you can access as root or an account with sudo privileges.
Step 1. Installing Nginx and configuring the Firewall
Before starting the installation, we need to install the EPEL repository by running this command:
sudo yum install epel-release -y
Then update the server:
sudo yum update -y
After adding the repository, install Nginx itself:
sudo yum install nginx -y
Install the firewall on the server and start it:
sudo yum install firewalld sudo systemctl start firewalld
And add it to the automatic boot when the server restarts:
sudo systemctl enable firewalld
Now we need to open ports 80 and 443, for this, we execute the commands in sequence:
sudo firewall-cmd --permanent --zone=public --add-service=http sudo firewall-cmd --permanent --zone=public --add-service=https sudo firewall-cmd –reload
Start the Nginx:
sudo systemctl start nginx
And we add Nginx to the automatic boot when the server restarts:
sudo systemctl enable nginx
Now we can check the Nginx. To do this, enter the IP-address of the virtual server in the browser. You should see the standard welcome page. If it opens, then Nginx is installed.
MySQL (MariaDB) installation
We will not install MySQL, but an analog of MariaDB, since it represents a number of advantages for administrators. To install it:
sudo yum install mariadb-server mariadb -y
And to run it:
sudo systemctl start mariadb
When the installation is finished, it’s recommended to run a security script that comes pre-installed with MySQL. This script will remove some insecure default settings and lock down access to the database system. To start the interactive script just type:
sudo mysql_secure_installation
During the process, a few questions will be asked. We bolded answers out for you.
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] y New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
At the end let’s add it to the automatic boot:
sudo systemctl enable mariadb.service
PHP installation and configuration
Install the PHP itself and the required components for Nginx and MariaDB. We need to download and install an additional repository that contains the required packages for PHP v7.3 with the wget download manager. For that just run these commands one by one:
sudo yum install wget wget http://rpms.remirepo.net/enterprise/remi-release-7.rpm sudo rpm -Uvh remi-release-7.rpm
After that enable the php73 repository. It is disabled by default
sudo yum install yum-utils -y sudo yum-config-manager --enable remi-php73
And install the PHP package. Were prompted, simply press y
sudo yum --enablerepo=remi,remi-php73 install php-fpm php-common
Finish it by installing additional PHP modules for the service to run properly:
sudo yum --enablerepo=remi,remi-php73 install php-opcache php-pecl-apcu php-cli php-pear php-pdo php-mysqlnd php-pgsql php-pecl-mongodb php-pecl-redis php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml
Now let’s make a bit of configuration of the PHP in the file:
sudo nano /etc/php.ini
By default, there is no Nano redactor on the Pilw.io VM’s. You can install it by typing:
sudo yum install nano
Find the following line and change it, so it looks like this:
cgi.fix_pathinfo=0
Save and exit the file. Now move on to the next file:
sudo nano /etc/php-fpm.d/www.conf
Find the lines and change them with these values:
user = apache to user = nginx group = apache to group = nginx listen.owner = nobody to listen.owner = nginx listen.group = nobody to listen.group = nginx
Locate the line, where the “listen= …” is and change the value to the:
listen = /var/run/php-fpm/php-fpm.sock
Save and exit the file. Now the only thing to do is to start the PHP by running:
sudo systemctl start php-fpm sudo systemctl enable php-fpm
Nginx installation and configuration
We need to configure Nginx to work it with the PHP. Open the file:
sudo nano /etc/nginx/conf.d/default.conf
Fill it with the following code. Just change the server_name option with your own:
server {
listen 80;
server_name YOUR_DOMAIN_OR_IP;
root /usr/share/nginx/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
} error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Restart the Nginx:
sudo systemctl restart nginx
To test the Nginx configuration file syntaxis, just run:
sudo nginx -t
To check the configuration, we need to create a file:
sudo nano /usr/share/nginx/html/info.php
Insert the following code then save and exit:
<?php phpinfo(); ?>
After that just go to your browser and type http://IP_YOUR_SERVER/info.php. If everything is done correctly, we will see the PHP info page:
It is important to delete the file, as it is available to every unauthorized visitor. From it you can find out the server settings:
sudo rm /usr/share/nginx/html/info.php
That’s it! The basic configuration of the LEMP stack on the CentOS 7 server is finished
