Help


Documentation & Tutorials

Installing LEMP-Stack (Linux, Nginx, MySQL, PHP) on Ubuntu Bionic

LEMP-Stack Overview

The LEMP-Stack references a group of software that can be used to serve dynamic web applications and websites. LEMP is an acronym and stands for:

  • A Linux operating system
  • A Nginx (Pronounced as Engine-X) web server
  • A MySQL (or MariaDB, which is a drop-in fork of MySQL) database server
  • PHP for dynamic data processing

Requirements

Installing the Stack

1 . Use the apt packet manager of Ubuntu to install the required packages. Make sure that the system is up to date and has the latest bug-fixes and updates installed by running the following command:

apt update && apt -y upgrade

2 . Now install the required software:

apt install -y ufw nginx mariadb-server php-fpm php-mysql

Configuring the Firewall

1 . Enable HTTP and SSH connections in the firewall configuration of the server by typing the following command:

ufw allow 'Nginx HTTP'
ufw allow 'OpenSSH'

2 . Enable ufw:

ufw enable

You will be asked if you want to proceed, confirm the activation of the firewall by typing Y:

Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

3 . Check the status of ufw:

ufw status

It will return a list of the allowed services:

Status: active

To                         Action      From
--                         ------      ----
Nginx HTTP                 ALLOW       Anywhere
OpenSSH                    ALLOW       Anywhere
Nginx HTTP (v6)            ALLOW       Anywhere (v6)
OpenSSH (v6)               ALLOW       Anywhere (v6)

Configuring MySQL / MariaDB

1 . Launch the configuration assistant for the database server:

mysql_secure_installation

2 . You will be asked to enter the current root password for the MariaDB server. As it not yet set, press Enter.

3 . Press Y to enter a new password for the MariaDB root user:

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n]

4 . Enter the new password and press Enter, then repeat this step.

5 . The installer will ask you some further questions. You can keep the setting proposed by default and validate it by pressing Enter.

Configuring a Nginx Server-Block

Nginx stores the configuration of virtual hosts in server blocks. All available server blocks are located in the directory /etc/nginx/sites-available/.

1 . Create a new server block configuration file and name it example.com as the following example:

server {
        listen 80;
        root /var/www/html;
        index index.php index.html index.htm;
        server_name example.com;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }
}

Following an overview what each of these blocks does:

  • listen — Defines the port Nginx will listen on. Here, it listens on port 80, the default port for HTTP.
  • root — Specifies the document root where all files of the website are stored.
  • index — Gives priority to files named index.php, when an index file is requested.
  • server_name — The domain name relating to this server block.
  • location / — This location block checks the existence of a requested file. It will deliver either the file or return a 404 error.
  • location ~ \.php$ — The second location block handles the PHP processing by pointing Nginx to the fastcgi-php.conf configuration file and the php7.2-fpm.sock file, which declares what socket is associated with php-fpm.
  • location ~ /\.ht — The last location block prevents .htaccess files to be processed by Nginx. Any .htaccess located in the directory root won’t be served to visitors.

2 . Create a symbolic link to enable the server block:

ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

3 . Test the configuration for syntax errors:

nginx -t

4 . Reload the Nginx configuration:

systemctl reload nginx

Testing PHP

1 . To test if your LEMP stack is working, create a test PHP file:

nano /var/www/html/phpinfo.php

2 . Put the following content in it:

<?php
phpinfo();
?>

3 . Save the file and point your web browser to http://YOUR_DOMAIN_NAME.TLD/phpinfo.php. When you see an output like the following, PHP is setup correctly:

PHP Configuration

Configuring SSL with Let's Encrypt

By default the connection between your computer and the server is not encrypted and it is possible to read the communication. To secure the connection you can generate an SSL certificate for free, issued by Let’s Encrypt.

Let’s Encrypt provides a certbot to configure Nginx automatically with Let’s Encrypt.

1 . Prepare the system:

apt update && apt -y install software-properties-common
add-apt-repository ppa:certbot/certbot
apt update

2 . Install certbot:

install python-certbot-nginx

3 . Run certbot:

certbot --nginx

4 . Certbot will ask you some questions and let you choose the domains you want to use, before generating the certificate:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): webmaster@example.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: a

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: n

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for example.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/example.com

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/example.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://example.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

5 . Reload the Nginx configuration:

systemctl reload nginx

6 . Allow HTTPS in the firewall rules:

ufw allow 'Nginx HTTPS'

6 . You can access your site now with https: https://example.com

HTTPS Connection

Discover a New Cloud Experience

Deploy SSD Cloud Servers in seconds.