How to set up LEMP stack on CentOS 7

LEMP is an acronym for a web service solution stacks, originally consisting of Linux, the Nginx HTTP Server, the MySQL database, and the PHP programming language. As a solution stack, LEMP is suitable for building dynamic web sites and web applications.

LEMP is not the only stack for this purpose, but surely one of the most known one. Stacks you also might have heard of:

  • LAMP (Apache is used instead of Nginx);
  • LAPP (PostgreSQL is used instead of MySQL);
  • LLMP (Lighttpd is used instead of Apache).

In this guide

In this guide, we shall install a LEMP stack on the CentOS 7 server with a non-root sudo-enabled user account and a basic firewall. Also, we will check if everything is working by creating a “Hello world!” template. We will do the following steps:

  1. Installing Nginx and configuring the Firewall;
  2. Installing the MySQL;
  3. Installing PHP;
  4. Creating a Virtual Host for your Website;
  5. Testing PHP processing on the Nginx webserver.


For our very own LAMP stack server, we will need a CentOS 7 server, which you can access as root or an account with sudo privileges.

Step 1. Installing Nginx and configuring the Firewall

Before starting the installation, we need to install the EPEL repository by running this command:

sudo yum install epel-release -y

Then update the server:

sudo yum update -y

After adding the repository, install Nginx itself:

sudo yum install nginx -y

Install the firewall on the server and start it:

sudo yum install firewalld
sudo systemctl start firewalld

And add it to the automatic boot when the server restarts:

sudo systemctl enable firewalld

Now we need to open ports 80 and 443, for this, we execute the commands in sequence:

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd –reload

Start the Nginx:

sudo systemctl start nginx

And we add Nginx to the automatic boot when the server restarts:

sudo systemctl enable nginx

Now we can check the Nginx. To do this, enter the IP-address of the virtual server in the browser. You should see the standard welcome page. If it opens, then Nginx is installed.

MySQL (MariaDB) installation

We will not install MySQL, but an analog of MariaDB, since it represents a number of advantages for administrators. To install it:

sudo yum install mariadb-server mariadb -y

And to run it:

sudo systemctl start mariadb

When the installation is finished, it’s recommended to run a security script that comes pre-installed with MySQL. This script will remove some insecure default settings and lock down access to the database system. To start the interactive script just type:

sudo mysql_secure_installation

During the process, a few questions will be asked. We bolded answers out for you.


In order to log into MariaDB to secure it, we'll need the current password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
 ... Success!
Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
 ... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
 ... Success!
Cleaning up...
All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!

At the end let’s add it to the automatic boot:

sudo systemctl enable mariadb.service

PHP installation and configuration

Install the PHP itself and the required components for Nginx and MariaDB. We need to download and install an additional repository that contains the required packages for PHP v7.3 with the wget download manager. For that just run these commands one by one:

sudo yum install wget
wget sudo rpm -Uvh remi-release-7.rpm

After that enable the php73 repository. It is disabled by default

sudo yum install yum-utils -y
sudo yum-config-manager --enable remi-php73

And install the PHP package. Were prompted, simply press y

sudo yum --enablerepo=remi,remi-php73 install php-fpm php-common

Finish it by installing additional PHP modules for the service to run properly:

sudo yum --enablerepo=remi,remi-php73 install php-opcache php-pecl-apcu php-cli php-pear php-pdo php-mysqlnd php-pgsql php-pecl-mongodb php-pecl-redis php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml

Now let’s make a bit of configuration of the PHP in the file:

sudo nano /etc/php.ini

By default, there is no Nano redactor on the VM’s. You can install it by typing:

sudo yum install nano

Find the following line and change it, so it looks like this:


Save and exit the file. Now move on to the next file:

sudo nano /etc/php-fpm.d/www.conf

Find the lines and change them with these values:

user = apache to user = nginx
group = apache to group = nginx
listen.owner = nobody to listen.owner = nginx = nobody to = nginx

Locate the line, where the “listen= …” is and change the value to the:

listen = /var/run/php-fpm/php-fpm.sock

Save and exit the file. Now the only thing to do is to start the PHP by running:

sudo systemctl start php-fpm
sudo systemctl enable php-fpm

Nginx installation and configuration

We need to configure Nginx to work it with the PHP. Open the file:

sudo nano /etc/nginx/conf.d/default.conf

Fill it with the following code. Just change the server_name option with your own:

server {
listen    80;
server_name  YOUR_DOMAIN_OR_IP;
root   /usr/share/nginx/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
} error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;

Restart the Nginx:

sudo systemctl restart nginx

To test the Nginx configuration file syntaxis, just run:

sudo nginx -t

To check the configuration, we need to create a file:

sudo nano /usr/share/nginx/html/info.php

Insert the following code then save and exit:

<?php phpinfo(); ?>

After that just go to your browser and type http://IP_YOUR_SERVER/info.php. If everything is done correctly, we will see the PHP info page:

It is important to delete the file, as it is available to every unauthorized visitor. From it you can find out the server settings:

sudo rm /usr/share/nginx/html/info.php

That’s it! The basic configuration of the LEMP stack on the CentOS 7 server is finished

Share on facebook
Share on linkedin
Share on twitter
Share on pinterest
Share on email

Related News