Installing LEMP – Ubuntu 16.04, Nginx, MariaDB & PHP 7
Make sure you have Ubuntu 16.04 64 bit. In this tutorial, I’m assuming you are logged in as root and issuing the commands as root (Not recommended in live environment). If you’re not a root user, use sudo before every command.
Let’s start with updating everything
apt-get update && apt-get upgrade
If you’re on a fresh Ubuntu setup and get the following error:
perl: warning: Setting locale failed.
perl: warning: Please check that your locale settings:
LANGUAGE = “en_US:en”,
LC_ALL = (unset),
LC_MESSAGES = “en_US.UTF-8”,
LANG = “en_US.UTF-8”
are supported and installed on your system.
perl: warning: Falling back to the standard locale (“C”).
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory
you can check how to fix it in here.
Make sure Apache is not running, and remove it if it’s installed
systemctl stop apache2 apt-get remove apache2
(Optional) If Apache was installed, remove its default index.php
rm /var/www/html/index.html
Install Nginx
apt-get install nginx
Nginx should be installed and running, you can check it by going to your domain name (If you already pointed it to the IP) or server’s IP (If the IP is dedicated)
If you can’t access the page, you probably have the Ubuntu firewall installed, simply add the following rule:
ufw allow 'Nginx HTTP'
And add the rules for https too:
ufw allow 'Nginx HTTPS'
Or you can add both at the same time
ufw allow 'Nginx Full'
You can check the current allowed rules by issuing the below command:
ufw status verbose
And you will see the output similar to this:
Install Maria DB
apt-get install mysql-server
You will be asked to enter a root password. I suggest you enter a hard to guess one. Don’t lose it, you will need it for the next step.
Secure your MariaDB installation by running the following command:
mysql_secure_installation
You will be asked several questions, most importantly remove access of the anonymous user and set hard passwords.
Install PHP-FPM
Php-fpm (php fastcgi process manager) is responsible for processing the php code and arguably the fastest process manager nowadays. By default PHP 7 will be installed
apt-get install php-fpm
Installing PHP for Mysql, to allow php to connect to the mysql (MariaDB) server
apt-get install php-mysql
Configuring Nginx
Processing PHP
We need to modify the Virtual Host configuration to allow Nginx to process PHP, by simply adding index.php to the line
index index.html index.htm index.nginx-debian.html;
so it would become:
index index.php index.html index.htm index.nginx-debian.html;
Uncomment the following to process PHP with FPM:
location ~ .php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
Uncomment the following to disallow users from accessing .htaccess files
location ~ /.ht {
deny all;
}
Set your server IP or domain name by replacing:
server_name _;
to
server_name xxx.xxx.xxx.xxx;
Where xxx.xxx.xxx.xxx is your server’s IP address or you can enter the domain name instead.
:wq to save and quit
Check for Nginx Syntax errors:
nginx -t
You should get a message:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Reload Nginx Configurations (Or Restart):
systemctl reload nginx
(restart = stop + start, reload = keep running + reload configuration files)
Configuring PHP
Disable cgi.fix-pathinfo (http://php.net/cgi.fix-pathinfo)
vim /etc/php/7.0/fpm/php.ini
“Setting this to 1 will cause PHP CGI to fix its paths to conform to the spec” – php.net
Which basically means PHP will attempt to run a similar file if the requested one is not available, as a result, an attacker can maliciously use this to their advantage.
Search for cgi.fix-pathinfo inside vim
/cgi.fix-pathinfo
Enter editing mode by pressing ‘i’,
Uncomment it by removing the semicolon and set it to 0
cgi.fix_pathinfo=0
:wq to save and quit
Restart PHP-fpm
systemctl restart php7.0-fpm
Create & Test a PHP script:
Your server should be ready to run PHP, Create a script in /var/www/html called index.php or anything you want,
vim var/www/html/index.php
And insdie it write:
<?php phpinfo(); ?>
:wq to save and quit
Test your Nginx configuration by going to your IP or domain name /index.php, example http://xxx.xxx.xxx.xxx/index.php
Where xxx.xxx.xxx.xxx is your server’s IP address or you can enter the domain name instead. And index.php is the filename you chose earlier.
Any comments or questions? Leave them below!