A LEMP Server includes NGINX, MariaDB and PHP. For easier administration, we are also going to add PHPmyadmin. As we also need to make sure our sites are secure, we will also be adding Certbot

For this you will need a vanilla Ubuntu Server installation, please find it here
You will need to open up either an ssh client or Putty if on a Windows machine.

• Type these into your terminal - and open up the ports 80/443 by using the ufw command shown

sudo apt update
sudo apt upgrade
sudo apt install nginx
 
sudo ufw allow http https

• Create a directory for your webserver files etc - but change this to your own preferences

sudo mkdir /media/webdisk/web-data

• Change the permission so Nginx can use this folder:

sudo chown www-data:www-data /media/webdisk/web-data -R

• Type in these commands

sudo apt install mariadb-server mariadb-client
sudo systemctl start mariadb
sudo systemctl enable mariadb

• Now secure MariaDB by typing this:

sudo mysql_secure_installation

It will first prompt you for the root password you set up during installation. Immediately following, you will be asked a series of questions, beginning with if you'd like to change the root password.

This is another opportunity to change your password to something secure if you have not done so already.

You should answer “Y” (for yes) to all of the remaining questions.

This will remove the ability for anyone to log into MySQL by default, disable logging in remotely with the administrator account, remove some test databases that are insecure, and update the running MySQL instance to reflect these changes. (taken from Digital Ocean)

• Type in these commands:

sudo apt install php7.4 php7.4-fpm php7.4-mysql php-common php7.4-cli php7.4-common php7.4-json php7.4-opcache php7.4-readline php7.4-mbstring php7.4-xml php7.4-gd php7.4-curl
 
sudo systemctl start php7.4-fpm
 
sudo systemctl enable php7.4-fpm

• But first, remove the symlink in sites-enabled first

sudo rm /etc/nginx/sites-enabled/default

• Now create the server block,

sudo nano /etc/nginx/conf.d/default.conf

• Copy/Paste all this into the new config file

server {
  listen 80;
  listen [::]:80;
  server_name _;
  root /usr/share/nginx/html/;
  index index.php index.html index.htm index.nginx-debian.html;
 
  location / {
    try_files $uri $uri/ /index.php;
  }
 
  location ~ \.php$ {
    fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
    include snippets/fastcgi-php.conf;
  }
 
 # A long browser cache lifetime can speed up repeat visits to your page
  location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ {
       access_log        off;
       log_not_found     off;
       expires           360d;
  }
 
  # disable access to hidden files
  location ~ /\.ht {
      access_log off;
      log_not_found off;
      deny all;
  }
}

• Reload Nginx

sudo nginx -t
 
sudo systemctl reload nginx

• Test Nginx and PHP are working by creeating an info.php in the webroot directory

sudo nano /usr/share/nginx/html/info.php

• Paste the following into the file

<?php phpinfo(); ?>

• To check it's working either go to http://127.0.0.1/info.php or http://yourserveripaddress/info.php. If it works remove this file for secuirty.

sudo rm /usr/share/nginx/html/info.php

Congratulations! You now have a working Web Server!

• Open terminal and run these:

sudo apt update
 
sudo apt install phpmyadmin

• Create a new server block, for best results, have PHPmyadmin run in a subdomain.

sudo nano /etc/nginx/conf.d/phpmyadmin.conf

• Copy/Paste all this into the new config file.

server {
  listen 80;
  listen [::]:80;
  server_name pma.example.com; #change this to your domain
  root /usr/share/phpmyadmin/;
  index index.php index.html index.htm index.nginx-debian.html;
 
  access_log /var/log/nginx/phpmyadmin_access.log;
  error_log /var/log/nginx/phpmyadmin_error.log;
 
  location / {
    try_files $uri $uri/ /index.php;
  }
 
  location ~ ^/(doc|sql|setup)/ {
    deny all;
  }
 
  location ~ \.php$ {
    fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
    include snippets/fastcgi-php.conf;
  }
 
  location ~ /\.ht {
    deny all;
  }
}

• Reload Nginx

sudo nginx -t
 
sudo systemctl reload nginx

• Run this command

sudo apt install certbot python3-certbot-nginx

• Run certbot

sudo certbot --nginx

• Respond to prompts from certbot to configure your HTTPS settings, which involves entering your email address and agreeing to the Let’s Encrypt terms of service.

As we have secured MariaDB we need to add a user for PHPmyadmin for you to log in.

• Run these commands:

sudo mariadb -u root
 
create user 'phpadmin'@'localhost' identified by 'yourpassword';
 
grant all privileges on *.* to 'phpadmin'@'localhost' with grant option;
 
flush privileges;
 
exit;

Login to PHPmyadmin via your domain name, and now you have a secure web server with a secure database server!