Install Linux, Nginx, MySQL, PHP (LEMP) stack

July 12, 2020

Install Linux, Nginx, MySQL, PHP (LEMP) stack on Centos8 and Centos7

This is a super simple guide to get you up and running with LEMP on top of Centos OS. LEMP is a combination of NGINX, MySQL and PHP. This is particularly useful if you’re planning to create a Wordpress site and build up your own environment. Since Wordpress is running on PHP and MySQL.

Step 1: Install NGINX

First of all we’ll need a functional webserver.

To start open the terminal, access your server and input the following command:

$sudo yum install epel-release

All of the operations are made with the sudo command. Therefore you may be asked to input your password. If you want to avoid the sudo command at the beginning of each line you can use sudo bash.

Now install Nginx using the following yum command:

$sudo yum install nginx

Your web server is now installed. You can start Nginx on your VPS by running this command:

$sudo systemctl start nginx

You can do a spot check right away to verify that everything’s working by visiting your server’s public IP address in your web browser.

Open in a web browser: http://server_domain_name_or_IP/ You should be seeing the default Nginx webpage:

If you see this page, you can proceed. Before continuing, you will want to do is enable Nginx to start on boot:

$sudo systemctl enable nginx

Step 2: Install MySQL

It is time to install MariaDB, a MySQL drop-in replacement. It’s the main location used for the Wordpress site (or any other MySQL enabled site) to store data.

We can use yum to acquire and install our software.

$sudo yum install mariadb-server mariadb

When mariadb is installed, we need to start it:

$sudo systemctl start mariadb

Now that our MySQL database is running, we want to run a simple security script that will remove some dangerous defaults. Start it by running:

$sudo mysql_secure_installation

You will be asked your MySQL root password which is different from your server root password. Since you just finished installing the software you shouldn’t have one. Just leave it blank and press ENTER. When asked if you want to setup a root password type Y.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

New password: password
Re-enter new password: password
Password updated successfully!
Reloading privilege tables..
mysql_secure_installation prompts:
 ... Success!

For the rest of the questions, you should simply hit the ENTER key through each prompt to accept the default values. Lastly let’s enable MariaDB on boot. Use the following command:

$sudo systemctl enable mariadb

Step 3: Install PHP

Let’s install php-mysql and php-fpm packages now:

yum install -y wget php php-pdo php-pecl-zip php-json php-common php-fpm php-mbstring php-cli php-mysqlnd

Configure the PHP Processor

We now have PHP installed, however it needs to be made secure. Open the main php-fpm configuration file with root privileges:

$sudo nano /etc/php.ini

What we are looking for in this file is the parameter that sets cgi.fix_pathinfo. This will be commented out with a semi-colon (;) and set to “1” by default.

This is an extremely insecure setting, it tells PHP to attempt to execute the closest file it can find if a PHP file does not match exactly.

Users could be allowed to craft PHP requests in a way that will allow them to execute scripts that they shouldn’t be executed.

We will change both of these conditions by uncommenting the line and setting it to “0” like this:


/etc/php.ini
cgi.fix_pathinfo=0

Save and close the file using CTRL+X when you are done. Now, open the php-fpm configuration file www.conf:

$sudo nano /etc/php-fpm.d/www.conf

Find the line that specifies the listen parameter, and change it as indicated below:


/etc/php-php.d/www.conf — 1 of 3
listen = /var/run/php-fpm/php-fpm.sock

Next, find the lines that set the listen.owner and listen.group and uncomment them. They should look like this:


/etc/php-php.d/www.conf — 2 of 3
listen.owner = nobody
listen.group = nobody

Lastly, find the lines that set the user and group and change them to be from “apache” to “nginx”:


/etc/php-php.d/www.conf — 3 of 3
user = nginx
group = nginx

Now save and quit CTRL+X. Now, start our PHP processor by typing:

$sudo systemctl start php-fpm

This will implement the change that we’ve made. And finally enable php-fpm to start on boot:

$sudo systemctl enable php-fpm

Step 4: configure PHP

With all the components installed. We only need to modify the configurations of Nginx to use our PHP for dynamic content. Open the default Nginx server configuration file by typing:

$sudo nano /etc/nginx/conf.d/default.conf

We need to make some changes to this file.

Add an index.php option as the first value of our index directive to allow PHP index files to be served when a directory is requested.
Modify the server_name directive to point to our server’s domain name or public IP address.
We will uncomment some lines that will enable error processing routines.
Add a try_files directive to make sure Nginx doesn’t pass bad requests to our PHP processor. And finally uncomment some extra lines required for PHP.

The changes that you need to make are listed below. If you prefer, you may just copy and paste everything, then replace the value of server_name with the appropriate domain name or IP address. Or you can compare the following code with what you find on your server and modify what’s needed.

server {
    listen       80;
    server_name  server_domain_name_or_IP;

    # note that these lines are originally from the "location /" block
    root   /usr/share/nginx/html;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

When you’ve made the above changes, you can save and close the file. Now restart Nginx to make the necessary changes:

$sudo systemctl restart nginx

Step 5: Test PHP

To test that everything is working as expected we will create a simple PHP script.

We will call this script info.php. In order for NGINX to find the file and serve it correctly, it must be saved to a very specific directory, which is called the “web root”.

In CentOS 8 and 7, this directory is located at /usr/share/nginx/html/. We can create the file at that location by typing:

$sudo vi /usr/share/nginx/html/info.php

The file is of course blank. We want to put the following text, which is valid PHP code, inside the file:

<?php phpinfo(); ?>

When you are finished, save and close the file. To test if PHP and the webserver are functioning we just need to visit the public IP on a browser.

The address you want to visit will be:

http://your_server_IP_address/info.php

The page should look similar to this:

This page basically gives you information about your server from the perspective of PHP. It is useful for debugging and to ensure that your settings are being applied correctly.

If this was successful, then your PHP is working. You will want to delete this file after this test because it could actually give information about your server to unauthorized users. To do this, you can type this:

$sudo rm /usr/share/nginx/html/info.php

You can always recreate this page if you need to access the information again later.