A LEMP stack is the foundation upon which websites are built, leveraging NGINX instead of Apache as its web server. It is made up of four components that grant its name - Linux, NGINX (pronounced Engine X), MySQL, and PHP. Linux is the operating system, NGINX is the web server, MySQL is the database, and PHP-FPM interprets code to produce dynamic content. In this article, we will walk you through installing and configuring a basic LEMP stack.
Prerequisites
- A Server with CentOS 7 Installed
- How to Secure Your SSH Connection in CentOS 7
Topics
Installing NGINX
Note: We will assume that a non-root user has been configured for the purposes of this guide. If it has not, you can run all commands without sudo privileges. However, we recommend only using the root user when there is no other option. To configure a new sudo user, please check out the Creating a New Sudo User section of our How to Secure Your SSH Connection in CentOS 7 article.
Before we install NGINX, we first want to ensure that our operating system is fully up to date. We can do this with the following command:
$ sudo yum update
Now that the OS is up to date, we can proceed with installing NGINX. Do so by entering the following command:
$ sudo yum install nginx
Note: If you have a firewall enabled, you will need to ensure that ports 80 and 443 are not blocked.
Finally, we need to start the NGINX daemon.
$ sudo systemctl start nginx
Now type the IP address of your server into a browser to confirm that NGINX has installed properly. If it has, you will see the following page:
Next, we are going to tell the system daemon to boot NGINX upon startup using the following command:
$ sudo systemctl enable nginx
Now that we have NGINX installed and working, let's get started installing MariaDB.
Installing MariaDB
Note: CentOS 7's default repository will install MariaDB even if you type the command to install MySQL. MariaDB is a MySQL-based database developed as a response to Oracle's acquisition of MySQL. The two databases function very similarly.
The third portion of our LAMP stack is MariaDB. To install MariaDB, enter the following command:
$ sudo yum install mariadb-server mariadb
Next, start MariaDB.
$ sudo systemctl start mariadb
Now enter the MySQL installation module using the following command:
$ sudo mysql_secure_installation
You will be met with the following prompt:
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
Since we have just installed MariaDB, we have yet to set a root password so just press the ENTER
key to proceed.
Next, you will be prompted to create a new password for your MySQL root user. Choose any password you wish and then confirm the password at the following prompt.
Set root password? [Y/n]
Press ENTER
for each of the rest of the prompts. When you are finished you will get the following output:
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
Finally, we will tell the system daemon to start MariaDB at boot using the following command:
$ sudo systemctl enable mariadb
Now that we have MariaDB installed, let's take a look at installing PHP.
Installing PHP
In this section, we will be installing and configuring PHP-FPM. In addition to PHP-FPM, we will install PHP along with its package for MySQL using the following command:
$ sudo yum install php php-mysql php-fpm
Note: If you wish to download other PHP packages, you can append them to the end of this command.
Now, we will make a small change to the PHP configuration file to make our installation more secure. Open the file in a text editor of your choice using the following command:
$ sudo vi /etc/php.ini
Search for the following line:
;cgi.fix_pathinfo=1
Change it to appear as follows:
cgi.fix_pathinfo=0
While we are here, we are also going to set the timezone parameter. This is important because not doing so will generate warnings which will eventually fill up our log files. To do so, search for the following line:
;date.timezone =
Uncomment this line and then add whichever time zone is correct for you from this list. In our example, we will be using New York.
date.timezone = America/New_York
Next, we will edit the PHP-FPM configuration file using the following command:
$ sudo vi /etc/php-fpm.d/www.conf
By default, PHP-FPM is configured to work with Apache so we will make the changes to configure it with NGINX. First, find the following line:
listen = 127.0.0.1:9000
Change that line to appear as follows:
listen = /var/run/php-fpm/php-fpm.sock
Next, find these two lines:
;listen.owner = nobody
;listen.group = nobody
Uncomment them. They will appear as follows:
listen.owner = nobody
listen.group = nobody
We need to make one more change in this file. By default, PHP-FPM assumes it will be assigned to the user and group, "apache." However, we need to assign it to "nginx." Find the following two lines:
user = apache
group = apache
Change them both to "nginx."
user = nginx
group = nginx
Now, we can start and enable PHP-FPM using the following command:
$ sudo systemctl start php-fpm && sudo systemctl enable php-fpm
Unlike Apache, NGINX is not preconfigured to use PHP to process dynamic content so we will need to edit a few more files to finish the installation.
Configuring NGINX with PHP-FPM
First, we are going to create the NGINX server block configuration file for our website. Do so in a text editor of your choice using the following command, replacing example.com with the FQDN of your website:
$ sudo vi /etc/nginx/conf.d/example.com.conf
Put the following content into the new file:
server {
listen 80;
server_name example.com;
root usr/share/nginx/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Now we'll run a quick test to ensure that our PHP-FPM configuration is working. Create a new file in a text editor of your choice using the following command:
$ sudo vi /usr/share/nginx/html/info.php
Put the following text in the file:
<?php
phpinfo();
?>
Now navigate to the following website, replacing example.com with your server's IP address or domain name:
example.com/info.php
You should see the following page.
Note: Make sure you see the "FPM/FastCGI" text next to "Server API" on the above webpage to confirm that you have properly configured PHP-FPM.
If you see the above page, you have correctly deployed PHP and you are done deploying your LEMP stack. Since this page gives information about your server that could be used to exploit your security, delete this file using the following command:
$ sudo rm /usr/share/nginx/html/info.php
Conclusion
A properly deployed LEMP stack is the backbone of many websites. Having read this guide, you should now know how NGINX, MySQL, and PHP-FPM are used as well as how to perform a basic installation of a LEMP stack.