User Tools

Site Tools

Trace:
lemp-install

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
lemp-install [2020/10/22 09:54] gwsadminlemp-install [2023/05/17 22:52] (current) – external edit 127.0.0.1
Line 5: Line 5:
 //**For this you will need a vanilla Ubuntu Server installation, please find it [[:ubuntu-install|here]]** // \\ //**For this you will need a vanilla Ubuntu Server installation, please find it [[:ubuntu-install|here]]** // \\
 **//You will need to open up either an ssh client or Putty if on a Windows machine.// ** **//You will need to open up either an ssh client or Putty if on a Windows machine.// **
-====== Install Nginx ======+==== Install Nginx ====
  
-bbdbdbdd+  * Type these into your terminal - and open up the ports 80/443 by using the ufw command shown
  
-====== Install ======+<code bash> 
 +sudo apt update 
 +sudo apt upgrade 
 +sudo apt install nginx 
 + 
 +sudo ufw allow http https 
 + 
 + 
 +</code> 
 + 
 +  * Create a directory for your webserver files etc - but change this to your own preferences 
 + 
 +<code bash> 
 +sudo mkdir /media/webdisk/web-data 
 + 
 + 
 +</code> 
 + 
 +  * Change the permission so Nginx can use this folder: 
 + 
 +<code bash> 
 +sudo chown www-data:www-data /media/webdisk/web-data -R 
 + 
 + 
 +</code> 
 + 
 +==== Install MariaDB ==== 
 + 
 +  * Type in these commands 
 + 
 +<code bash> 
 +sudo apt install mariadb-server mariadb-client 
 +sudo systemctl start mariadb 
 +sudo systemctl enable mariadb 
 + 
 + 
 +</code> 
 + 
 +  * Now secure MariaDB by typing this: 
 + 
 +<code bash> 
 +sudo mysql_secure_installation 
 + 
 + 
 +</code> 
 + 
 +It will first prompt you for the root password you set up during installation. Immediately following, you will be asked a series of questions, beginning with if you'd like to change the root password. 
 + 
 +This is another opportunity to change your password to something secure if you have not done so already. 
 + 
 +You should answer "Y" (for yes) to all of the remaining questions. 
 + 
 +This will remove the ability for anyone to log into MySQL by default, disable logging in remotely with the administrator account, remove some test databases that are insecure, and update the running MySQL instance to reflect these changes. (t[[https://www.digitalocean.com/community/tutorials/how-to-secure-mysql-and-mariadb-databases-in-a-linux-vps|aken from Digital Ocean]]) 
 + 
 +==== Install PHP 7.4 ==== 
 + 
 +  * Type in these commands: 
 + 
 +<code bash> 
 +sudo apt install php7.4 php7.4-fpm php7.4-mysql php-common php7.4-cli php7.4-common php7.4-json php7.4-opcache php7.4-readline php7.4-mbstring php7.4-xml php7.4-gd php7.4-curl 
 + 
 +sudo systemctl start php7.4-fpm 
 + 
 +sudo systemctl enable php7.4-fpm 
 + 
 + 
 +</code> 
 + 
 +==== Create your default server block ==== 
 + 
 +  * But first, remove the symlink in sites-enabled first 
 + 
 +<code bash> 
 +sudo rm /etc/nginx/sites-enabled/default 
 + 
 + 
 +</code> 
 + 
 +  * Now create the server block, 
 + 
 +<code bash> 
 +sudo nano /etc/nginx/conf.d/default.conf 
 + 
 + 
 +</code> 
 + 
 +  * Copy/Paste all this into the new config file 
 + 
 +<code bash> 
 +server { 
 +  listen 80; 
 +  listen [::]:80; 
 +  server_name _; 
 +  root /usr/share/nginx/html/; 
 +  index index.php index.html index.htm index.nginx-debian.html; 
 + 
 +  location / { 
 +    try_files $uri $uri/ /index.php; 
 +  } 
 + 
 +  location ~ \.php$ { 
 +    fastcgi_pass unix:/run/php/php7.4-fpm.sock; 
 +    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 
 +    include fastcgi_params; 
 +    include snippets/fastcgi-php.conf; 
 +  } 
 + 
 + # A long browser cache lifetime can speed up repeat visits to your page 
 +  location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ { 
 +       access_log        off; 
 +       log_not_found     off; 
 +       expires           360d; 
 +  } 
 + 
 +  # disable access to hidden files 
 +  location ~ /\.ht { 
 +      access_log off; 
 +      log_not_found off; 
 +      deny all; 
 +  } 
 +
 + 
 + 
 +</code> 
 + 
 +  * Reload Nginx 
 + 
 +<code bash> 
 +sudo nginx -t 
 + 
 +sudo systemctl reload nginx 
 + 
 + 
 +</code> 
 + 
 +  * Test Nginx and PHP are working by creeating an info.php in the webroot directory 
 + 
 +<code bash> 
 +sudo nano /usr/share/nginx/html/info.php 
 + 
 + 
 +</code> 
 + 
 +  * Paste the following into the file 
 + 
 +<code php> 
 +<?php phpinfo(); ?> 
 + 
 + 
 +</code> 
 + 
 +  * To check it's working either go to [[http://127.0.0.1/info.php|http://127.0.0.1/info.php]] or [[http://yourserveripaddress/info.php|http://yourserveripaddress/info.php]]. If it works remove this file for secuirty. 
 + 
 +<code bash> 
 +sudo rm /usr/share/nginx/html/info.php 
 + 
 + 
 +</code> 
 + 
 +**Congratulations! You now have a working Web Server!** 
 + 
 +==== Install PHPmyadmin ==== 
 + 
 +  * Open terminal and run these: 
 + 
 +<code bash> 
 +sudo apt update 
 + 
 +sudo apt install phpmyadmin 
 + 
 + 
 +</code> 
 + 
 +  * Create a new server block, for best results, have PHPmyadmin run in a subdomain. 
 + 
 +<code bash> 
 +sudo nano /etc/nginx/conf.d/phpmyadmin.conf 
 + 
 + 
 +</code> 
 + 
 +  * Copy/Paste all this into the new config file. 
 + 
 +<code bash> 
 +server { 
 +  listen 80; 
 +  listen [::]:80; 
 +  server_name pma.example.com; #change this to your domain 
 +  root /usr/share/phpmyadmin/; 
 +  index index.php index.html index.htm index.nginx-debian.html; 
 + 
 +  access_log /var/log/nginx/phpmyadmin_access.log; 
 +  error_log /var/log/nginx/phpmyadmin_error.log; 
 + 
 +  location / { 
 +    try_files $uri $uri/ /index.php; 
 +  } 
 + 
 +  location ~ ^/(doc|sql|setup)/
 +    deny all; 
 +  } 
 + 
 +  location ~ \.php$ { 
 +    fastcgi_pass unix:/run/php/php7.4-fpm.sock; 
 +    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 
 +    include fastcgi_params; 
 +    include snippets/fastcgi-php.conf; 
 +  } 
 + 
 +  location ~ /\.ht { 
 +    deny all; 
 +  } 
 +
 + 
 + 
 +</code> 
 + 
 +  * Reload Nginx 
 + 
 +<code bash> 
 +sudo nginx -t 
 + 
 +sudo systemctl reload nginx 
 + 
 + 
 +</code> 
 + 
 +==== Install Certbot ==== 
 + 
 +  * Run this command 
 + 
 +<code bash> 
 +sudo apt install certbot python3-certbot-nginx 
 + 
 + 
 +</code> 
 + 
 +  * Run certbot 
 + 
 +<code bash> 
 +sudo certbot --nginx 
 + 
 + 
 +</code> 
 + 
 +  * Respond to prompts from ''certbot''  to configure your HTTPS settings, which involves entering your email address and agreeing to the Let’s Encrypt terms of service. 
 + 
 +==== Add new SQL user ==== 
 + 
 +As we have secured MariaDB we need to add a user for PHPmyadmin for you to log in. 
 + 
 +  * Run these commands: 
 + 
 +<code mysql> 
 +sudo mariadb -u root 
 + 
 +create user 'phpadmin'@'localhost' identified by 'yourpassword'; 
 + 
 +grant all privileges on *.* to 'phpadmin'@'localhost' with grant option; 
 + 
 +flush privileges; 
 + 
 +exit; 
 + 
 + 
 +</code> 
 + 
 +**Login to PHPmyadmin via your domain name, and now you have a secure web server with a secure database server!**
  
  
lemp-install.1603360499.txt.gz · Last modified: 2023/05/17 22:52 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
GNU Free Documentation License 1.3 Valid HTML5 Valid CSS Driven by DokuWiki