User Tools

Site Tools


lemp-install

How to install a LEMP Webserver

A LEMP Server includes NGINX, MariaDB and PHP. For easier administration, we are also going to add PHPmyadmin. As we also need to make sure our sites are secure, we will also be adding Certbot

For this you will need a vanilla Ubuntu Server installation, please find it here
You will need to open up either an ssh client or Putty if on a Windows machine.

Install Nginx

  • Type these into your terminal - and open up the ports 80/443 by using the ufw command shown
sudo apt update
sudo apt upgrade
sudo apt install nginx
 
sudo ufw allow http https
  • Create a directory for your webserver files etc - but change this to your own preferences
sudo mkdir /media/webdisk/web-data
  • Change the permission so Nginx can use this folder:
sudo chown www-data:www-data /media/webdisk/web-data -R

Install MariaDB

  • Type in these commands
sudo apt install mariadb-server mariadb-client
sudo systemctl start mariadb
sudo systemctl enable mariadb
  • Now secure MariaDB by typing this:
sudo mysql_secure_installation

It will first prompt you for the root password you set up during installation. Immediately following, you will be asked a series of questions, beginning with if you'd like to change the root password.

This is another opportunity to change your password to something secure if you have not done so already.

You should answer “Y” (for yes) to all of the remaining questions.

This will remove the ability for anyone to log into MySQL by default, disable logging in remotely with the administrator account, remove some test databases that are insecure, and update the running MySQL instance to reflect these changes. (taken from Digital Ocean)

Install PHP 7.4

  • Type in these commands:
sudo apt install php7.4 php7.4-fpm php7.4-mysql php-common php7.4-cli php7.4-common php7.4-json php7.4-opcache php7.4-readline php7.4-mbstring php7.4-xml php7.4-gd php7.4-curl
 
sudo systemctl start php7.4-fpm
 
sudo systemctl enable php7.4-fpm

Create your default server block

  • But first, remove the symlink in sites-enabled first
sudo rm /etc/nginx/sites-enabled/default
  • Now create the server block,
sudo nano /etc/nginx/conf.d/default.conf
  • Copy/Paste all this into the new config file
server {
  listen 80;
  listen [::]:80;
  server_name _;
  root /usr/share/nginx/html/;
  index index.php index.html index.htm index.nginx-debian.html;
 
  location / {
    try_files $uri $uri/ /index.php;
  }
 
  location ~ \.php$ {
    fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
    include snippets/fastcgi-php.conf;
  }
 
 # A long browser cache lifetime can speed up repeat visits to your page
  location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ {
       access_log        off;
       log_not_found     off;
       expires           360d;
  }
 
  # disable access to hidden files
  location ~ /\.ht {
      access_log off;
      log_not_found off;
      deny all;
  }
}
  • Reload Nginx
sudo nginx -t
 
sudo systemctl reload nginx
  • Test Nginx and PHP are working by creeating an info.php in the webroot directory
sudo nano /usr/share/nginx/html/info.php
  • Paste the following into the file
<?php phpinfo(); ?>
sudo rm /usr/share/nginx/html/info.php

Congratulations! You now have a working Web Server!

Install PHPmyadmin

  • Open terminal and run these:
sudo apt update
 
sudo apt install phpmyadmin
  • Create a new server block, for best results, have PHPmyadmin run in a subdomain.
sudo nano /etc/nginx/conf.d/phpmyadmin.conf
  • Copy/Paste all this into the new config file.
server {
  listen 80;
  listen [::]:80;
  server_name pma.example.com; #change this to your domain
  root /usr/share/phpmyadmin/;
  index index.php index.html index.htm index.nginx-debian.html;
 
  access_log /var/log/nginx/phpmyadmin_access.log;
  error_log /var/log/nginx/phpmyadmin_error.log;
 
  location / {
    try_files $uri $uri/ /index.php;
  }
 
  location ~ ^/(doc|sql|setup)/ {
    deny all;
  }
 
  location ~ \.php$ {
    fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
    include snippets/fastcgi-php.conf;
  }
 
  location ~ /\.ht {
    deny all;
  }
}
  • Reload Nginx
sudo nginx -t
 
sudo systemctl reload nginx

Install Certbot

  • Run this command
sudo apt install certbot python3-certbot-nginx
  • Run certbot
sudo certbot --nginx
  • Respond to prompts from certbot to configure your HTTPS settings, which involves entering your email address and agreeing to the Let’s Encrypt terms of service.

Add new SQL user

As we have secured MariaDB we need to add a user for PHPmyadmin for you to log in.

  • Run these commands:
sudo mariadb -u root
 
create user 'phpadmin'@'localhost' identified by 'yourpassword';
 
grant all privileges on *.* to 'phpadmin'@'localhost' with grant option;
 
flush privileges;
 
exit;

Login to PHPmyadmin via your domain name, and now you have a secure web server with a secure database server!

lemp-install.txt · Last modified: 2023/05/17 22:52 by 127.0.0.1