Monday, January 23, 2017

Installing LEMP - Ubuntu 16.04, Nginx, MariaDB & PHP 7

LEMP Ubuntu Nginx MariaDB PHP
Make sure you have Ubuntu 16.04 64 bit. In this tutorial, I'm assuming you are logged in as root and issuing the commands as root (Not recommended in live environment). If you're not a root user, use sudo before every command.

Let's start with updating everything

apt-get update && apt-get upgrade 

If you're on a fresh Ubuntu setup and get the following error:
perl: warning: Setting locale failed.  
perl: warning: Please check that your locale settings:  
        LANGUAGE = "en_US:en",  
        LC_ALL = (unset),  
        LC_MESSAGES = "en_US.UTF-8",  
        LANG = "en_US.UTF-8"  
    are supported and installed on your system. 


perl: warning: Falling back to the standard locale ("C").  
locale: Cannot set LC_CTYPE to default locale: No such file or directory  
locale: Cannot set LC_MESSAGES to default locale: No such file or directory  
locale: Cannot set LC_ALL to default locale: No such file or directory
you can check how to fix it in here.

Make sure Apache is not running, and remove it if it's installed

systemctl stop apache2
apt-get remove apache2

(Optional) If Apache was installed, remove its default index.php

rm /var/www/html/index.html

Install Nginx

apt-get install nginx

Nginx should be installed and running, you can check it by going to your domain name (If you already pointed it to the IP) or server's IP (If the IP is dedicated)


If you can't access the page, you probably have the Ubuntu firewall installed, simply add the following rule:
ufw allow 'Nginx HTTP'

And add the rules for https too:
ufw allow 'Nginx HTTPS'

Or you can add both at the same time
ufw allow 'Nginx Full'

You can check the current allowed rules by issuing the below command:
ufw status verbose

And you will see the output similar to this:

Install Maria DB

apt-get install mysql-server

You will be asked to enter a root password. I suggest you enter a hard to guess one. Don't lose it, you will need it for the next step.

Secure your MariaDB installation by running the following command:
mysql_secure_installation

You will be asked several questions, most importantly remove access of the anonymous user and set hard passwords.

Install PHP-FPM

Php-fpm (php fastcgi process manager) is responsible for processing the php code and arguably the fastest process manager nowadays. By default PHP 7 will be installed
apt-get install php-fpm

Installing PHP for Mysql, to allow php to connect to the mysql (MariaDB) server
apt-get install php-mysql

Configuring Nginx


Processing PHP
We need to modify the Virtual Host configuration to allow Nginx to process PHP, by simply adding index.php to the line
index index.html index.htm index.nginx-debian.html;
so it would become:
index index.php index.html index.htm index.nginx-debian.html;

Uncomment the following to process PHP with FPM:
location ~ \.php$ {

    include snippets/fastcgi-php.conf;

    fastcgi_pass unix:/run/php/php7.0-fpm.sock;

}

Uncomment the following to disallow users from accessing .htaccess files
location ~ /\.ht {

    deny all;

}

Set your server IP or domain name by replacing:
server_name _;
to
server_name xxx.xxx.xxx.xxx;

Where xxx.xxx.xxx.xxx is your server's IP address or you can enter the domain name instead.

:wq to save and quit


Check for Nginx Syntax errors:
nginx -t

You should get a message:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful


Reload Nginx Configurations (Or Restart):
systemctl reload nginx

(restart = stop + start, reload = keep running + reload configuration files)

Configuring PHP

Disable cgi.fix-pathinfo (http://php.net/cgi.fix-pathinfo)
vim /etc/php/7.0/fpm/php.ini

"Setting this to 1 will cause PHP CGI to fix its paths to conform to the spec" - php.net
Which basically means PHP will attempt to run a similar file if the requested one is not available, as a result, an attacker can maliciously use this to their advantage.

Search for cgi.fix-pathinfo inside vim
/cgi.fix-pathinfo

Enter editing mode by pressing 'i',
Uncomment it by removing the semicolon and set it to 0
cgi.fix_pathinfo=0

:wq to save and quit

Restart PHP-fpm
systemctl restart php7.0-fpm

Create & Test a PHP script:

Your server should be ready to run PHP, Create a script in /var/www/html called index.php or anything you want,
vim var/www/html/index.php

And insdie it write:
<?php phpinfo(); ?>

:wq to save and quit

Test your Nginx configuration by going to your IP or domain name /index.php, example http://xxx.xxx.xxx.xxx/index.php
Where xxx.xxx.xxx.xxx is your server's IP address or you can enter the domain name instead. And index.php is the filename you chose earlier.




Any comments or questions? Leave them below!