Official Power Up Hosting Blog

Everything about Linux, Windows, and hosting ;)

Selvakumar
Author

I am an Online Marketer and technology lover. I like to learn new things and share that with people.

Share


Our Newsletter


Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

Tags


Twitter


Official Power Up Hosting Blog

(Learn) How to Install LEMP stack on Ubuntu 16.04

SelvakumarSelvakumar

Lemp Definition:

LEMP stack is the abbreviation of Linux, Nginx, MySQL and PHP.

LEMP is one of the preferred configuration for servers which host large websites.There is a lot of confusion among people about configuring Nginx.

This guide will show you How to install LEMP stack on Ubuntu. Here, we are using the Ubuntu one of the Linux distributions.

So, we have to install and configure the rest of the things.

In this article, you are going to see

  • How to install Nginx
  • How to install MySQL
  • How to install PHP

Functions of LEMP

  • The MySQL will take care of Database Operations.

  • The PHP will take care of the dynamic web content processing.

  • And the Powerful Nginx will serve the users requests.

Prerequisites

  • You should have the 'sudo non-root user' on Ubuntu 16.04 machine. Refer this article for creating sudo users.

Installing the Nginx

Our first step towards Installing the LEMP stack is installing the Nginx.

This is always the case. Whenever we configure a server for hosting website, we first have to install the web server software.

This is because we can check whether the server can connect to the web.

Here, the web server software is Nginx. So, we are going to install the Nginx first in the order.

The MySQL, Nginx and PHP, All of them come in the Ubuntu's Default Repository.

We are going to install the Nginx from the Ubuntu Repository. Before that, we have to update the package index.

Execute the below command to update the Package Index.

$ sudo apt-get update

After that, install the Nginx server by executing the below command.

$ sudo apt-get install nginx

When you install the Web server, you have to make the UFW allow the traffic to the web server.

The Nginx starts itself automatically in Ubuntu 16.04.

So, your next step is to configure the firewall to allow the HTTP traffic on port 80.

This ensures that you are only allowing specific traffic to the Nginx.

You can do that by executing the command.

$ sudo ufw allow 'Nginx HTTP'

Now:

Let us check the status whether the changes have been made or not.

$ sudo nano ufw status

The status will look like the below one.

Output
Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  

Nginx HTTP                 ALLOW       Anywhere                  

OpenSSH (v6)               ALLOW       Anywhere (v6)             

Nginx HTTP (v6)            ALLOW       Anywhere (v6)

The status shows that the HTTP traffic is allowed to the Nginx server.

As I mentioned previously, you have to check whether the Nginx is configured.

For this, you have to access your domain through the web browser using your Server's Public IP address or Domain Name.

If you have the domain name, then you can use that on the browser to see the result. If you don't have the domain name, you can use the IP directly.

The Two method to identify the Server IP Address

In case if you don't know your server IP, you can find it in two ways.

  • Through command in the terminal
  • Pinging to third party website and ask for the IP.

1) Command Line

Use the below command on the server command line interface and it will return the Multiple IP addresses.

Any one of the IP address will work and that working IP is your server's Public IP address.

$ ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'

Check the IP address through the browser.

You will get the IPv4 address as well as IPv6 address(If you have) of your server for this command.

2) Pinging Method

We will ping a third party website and see in which IP our server has been connected from.

$ curl -4 icanhazip.com

The above command will return the IP Address of the server.

Put the IP address in your browser and it will show the Nginx page.

If you got the Nginx pages, then you have successfully installed the web page.

Install MySQL

This is the second step of LEMP stack installation process.

Here, we will install the MySQL from the default Ubuntu Repository. We need the MySQL for Managing the Database and Data.

Install MySQL using the below command.

$ sudo apt-get install mysql-server

The prompt will ask you for a root password. Set tough root password and make sure to remember it.

After that, we will run the MySQL secure installation command to secure the MySQL by Removing the Test Database and Demo users.

Also, we will disable the remote root login for the MySQL. You can do this if you want.

But:

In case if you decided to install MySQL on another server, you will have to enable the root login option.

$ sudo mysql_secure_installation

It is your choice of Setup. If you want to make changes press y for that or else skip it by pressing the enter.

It will ask you for using the Password Plugin.

VALIDATE PASSWORD PLUGIN can be used to test passwords and improve security. It checks the strength of 
password
and allows the users to set only those passwords which 
are
secure enough. Would you like to setup VALIDATE 
PASSWORD plugin?

Press y|Y for Yes, any other key for No:

If you set the password validation to 2, you have to provide the strong password.

The password which does not contain the Uppercase Letter, Lowercase Letter, Number and a symbol will not be accepted.

Also, they should not be a common word from the dictionary, otherwise it will be rejected.

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special 
characters
STRONG Length >= 8, numeric, mixed case, special 
characters and dictionary                  file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1

Once you enable the password validation, the prompt will show you the existing root password strength and will ask you whether you want to change it.

You can either go for a new password or simply keep the existing one.

To skip it enter n

Using existing password for root.

Estimated strength of the password: 100
Change the password for root ? ((Press y|Y for Yes, 
any other key for No) : n

After that, Press enter for each prompt so that the test database will be removed and the remote root login to the MySQL server will also be disabled.

The anonymous users will be removed from the Database.

Also once done, restart the MySQL to make the changes to take effect.

$ sudo service MySQL restart

Now, the MySQL is installed and our next step is to install the PHP on the server.

Installing PHP

We have installed the MySQL and it will handle the database. Also, we have installed Nginx which will take care of serving our web content.

But:

Nginx won't process the PHP requests directly. Instead, we have to install php-fpm ubuntu processor.

FPM stands for "FastCGI process manager".

Nginx will transfer the PHP content request to php-fpm to handle it.

Here, we are going to install PHP with FPM and MySQL modules.

$ sudo apt-get install php-fpm php-mysql

After the command execution, the modules will be installed

Securing the PHP processor

The next step is to secure the PHP processor by making a small modification in the php-fpm configuration file.

First, open the php-fpm configuration file using the nano editor with root privileges.

$ sudo nano /etc/php/7.0/fpm/php.ini

Once you open the nginx php config file, just search for cgi.fix_pathinfo. It would be commented with ';' and set to 1.

This is very dangerous. This setting allows the php-fpm to execute the nearby PHP file if it cannot find the specified php file.

It gives way to attacker to execute any of the PHP file. We have to set it to zero.

This will stop the php-fpm from executing the unspecified php file.

                 /etc/php/7.0/fpm/php.ini
cgi.fix_pathinfo=0

Once you made the changes, just save and close the file.

After that, you have to restart the Nginx PHP7 processor.

$ sudo systemctl restart php7.0-fpm

Restarting the PHP processor will make the changes you have made to take place.

Configure Nginx

You have setup everything and now the task would be to configure the Nginx server to use the PHP processor.

We have to instruct the Nginx to use the PHP processor.

For that, you have to make changes in the server block configuration.

Open the default server block configuration using nano editor.

$ sudo nano /etc/nginx/sites-available/default

The Nginx Server configuration file will look like this.

    /etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;

root /var/www/html;
index index.html index.htm index.nginx-debian.html;

server_name _;

location / {
    try_files $uri $uri/ =404;
}
}

Here are the changes that we are going to make.

Add index.php

The first thing should be adding the index.php file.

This for the web server to serve the web file when a request is made.

The next thing is you have to modify the server name directive with the domain name or Public IP address of the server.

So, when the domain is requested, the Nginx will serve the correct web server.

We have to add a segment for the PHP processing where you will include the php-fpm and fastcgi-php.conf.

The location for the PHP block will be ~.php$.

You have to uncomment the location block which deals with the .htaccess file.

The Nginx server won't handle the .htaccess file. So, Better we can uncomment all of them to avoid those files to be served when they get into the document root.

After the change, the Nginx server configuration will look like below.

/etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;

root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;

server_name server_domain_or_IP;

location / {
    try_files $uri $uri/ =404;
}

location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}

location ~ /\.ht {
    deny all;
}

After the changes, you have to save and close the file.

Before restarting the Nginx, just check for the syntax error.

$ sudo nginx -t

Now, reload the Nginx to use the new configuration.

$ sudo systemctl reload nginx

Testing the LEMP Stack

Now, we have set up the LEMP stack. Here we can check the whether the Nginx handover the PHP file to the PHP processor.

To do this, we are going to create the info.php file in the document root in using nano editor.

$ sudo nano /var/www/html/info.php

Add the following code in the PHP file. The code displays the PHP version information of the server.

           /var/www/html/info.php
<?php
phpinfo();

After that, save and close files.

Now, you can check the configuration by accessing the info.php file through the server.

http://IP_address_or_Domain_name/info.php

Now, your web server should display the following page.

If the page is displayed, then it means that the configuration is working well.

You have to remove the file, once you have checked the configuration. It is because it can give some clue about the server configuration for other people.

They may try to breach the server using the vulnerability in the configuration.

To delete the file execute the following command.

$ sudo rm /var/www/html/info.php

Conclusion

Here in this article, you have seen the lemp stack Ubuntu setup.

Nginx is the most powerful one and can serve the dynamic content to the 2x users when compared to Apache web server.

If you go for LEMP vs LAMP, I would recommend you to install LEMP.

So, it is better to install the Nginx for the website which serves the dynamic content.

If you have any doubt in the installation process, Please let us know that in the comment.

We will help you to solve the issue.

Selvakumar
Author

Selvakumar

I am an Online Marketer and technology lover. I like to learn new things and share that with people.

Comments