A LEMP Server includes NGINX, MariaDB and PHP. For easier administration, we are also going to add PHPmyadmin. As we also need to make sure our sites are secure, we will also be adding Certbot
For this you will need a vanilla Ubuntu Server installation, please find it here
You will need to open up either an ssh client or Putty if on a Windows machine.
sudo apt update sudo apt upgrade sudo apt install nginx sudo ufw allow http https
sudo mkdir /media/webdisk/web-data
sudo chown www-data:www-data /media/webdisk/web-data -R
sudo apt install mariadb-server mariadb-client sudo systemctl start mariadb sudo systemctl enable mariadb
sudo mysql_secure_installation
It will first prompt you for the root password you set up during installation. Immediately following, you will be asked a series of questions, beginning with if you'd like to change the root password.
This is another opportunity to change your password to something secure if you have not done so already.
You should answer “Y” (for yes) to all of the remaining questions.
This will remove the ability for anyone to log into MySQL by default, disable logging in remotely with the administrator account, remove some test databases that are insecure, and update the running MySQL instance to reflect these changes. (taken from Digital Ocean)
sudo apt install php7.4 php7.4-fpm php7.4-mysql php-common php7.4-cli php7.4-common php7.4-json php7.4-opcache php7.4-readline php7.4-mbstring php7.4-xml php7.4-gd php7.4-curl sudo systemctl start php7.4-fpm sudo systemctl enable php7.4-fpm
sudo rm /etc/nginx/sites-enabled/default
sudo nano /etc/nginx/conf.d/default.conf
server { listen 80; listen [::]:80; server_name _; root /usr/share/nginx/html/; index index.php index.html index.htm index.nginx-debian.html; location / { try_files $uri $uri/ /index.php; } location ~ \.php$ { fastcgi_pass unix:/run/php/php7.4-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; include snippets/fastcgi-php.conf; } # A long browser cache lifetime can speed up repeat visits to your page location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ { access_log off; log_not_found off; expires 360d; } # disable access to hidden files location ~ /\.ht { access_log off; log_not_found off; deny all; } }
sudo nginx -t sudo systemctl reload nginx
sudo nano /usr/share/nginx/html/info.php
<?php phpinfo(); ?>
sudo rm /usr/share/nginx/html/info.php
Congratulations! You now have a working Web Server!
sudo apt update sudo apt install phpmyadmin
sudo nano /etc/nginx/conf.d/phpmyadmin.conf
server { listen 80; listen [::]:80; server_name pma.example.com; #change this to your domain root /usr/share/phpmyadmin/; index index.php index.html index.htm index.nginx-debian.html; access_log /var/log/nginx/phpmyadmin_access.log; error_log /var/log/nginx/phpmyadmin_error.log; location / { try_files $uri $uri/ /index.php; } location ~ ^/(doc|sql|setup)/ { deny all; } location ~ \.php$ { fastcgi_pass unix:/run/php/php7.4-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; include snippets/fastcgi-php.conf; } location ~ /\.ht { deny all; } }
sudo nginx -t sudo systemctl reload nginx
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx
certbot
to configure your HTTPS settings, which involves entering your email address and agreeing to the Let’s Encrypt terms of service.As we have secured MariaDB we need to add a user for PHPmyadmin for you to log in.
sudo mariadb -u root create user 'phpadmin'@'localhost' identified by 'yourpassword'; grant all privileges on *.* to 'phpadmin'@'localhost' with grant option; flush privileges; exit;
Login to PHPmyadmin via your domain name, and now you have a secure web server with a secure database server!