Install Nginx, MariaDB, PHP (LEMP Stack) in Ubuntu 18.04 LTS

Install nginx, MariaDB, PHP In Ubuntu 18.04 LTS

In our previous tutorial, we discussed how to install LAMP stack in Ubuntu 18.04 LTS server. In this tutorial, we will see how to install Nginx, MariaDB, PHP (LEMP stack) in Ubuntu 18.04 LTS minimal server edition. As I mentioned in the previous tutorial, LEMP is the acronym of Linux, Engine-x, MariaDB/MySQL, PHP/Perl/Python. For the purpose of this tutorial, I will be using the following test machine:

  • Operating System : Ubuntu 18.04 LTS Server
  • IP Address : 192.168.225.22/24

Let us get started.

Install Nginx, MariaDB, PHP (LEMP Stack) in Ubuntu 18.04 LTS

1. Install Nginx

Open the Terminal, and run the following command to install Nginx webserver:

$ sudo apt install nginx

After installing Nginx, check if Nginx service is running or not using command:

$ sudo systemctl status nginx

Sample output:

● nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2018-07-07 12:10:05 UTC; 57s ago
Docs: man:nginx(8)
Process: 1846 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 1833 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Main PID: 1849 (nginx)
Tasks: 2 (limit: 2322)
CGroup: /system.slice/nginx.service
├─1849 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
└─1851 nginx: worker process

Jul 07 12:10:05 ubuntuserver systemd[1]: Starting A high performance web server and a reverse proxy server...
Jul 07 12:10:05 ubuntuserver systemd[1]: nginx.service: Failed to parse PID from file /run/nginx.pid: Invalid argument
Jul 07 12:10:05 ubuntuserver systemd[1]: Started A high performance web server and a reverse proxy server.

If you see an output like above, the Nginx service has been started.

In case it is not started yet, you can start it using command:

$ sudo systemctl start nginx

1.1 Adjust firewall to allow Nginx web server

By default, the Nginx web browser can’t be accessed from remote systems if you have enabled the UFW firewall in Ubuntu 18.04 LTS. You must allow the http and https traffic via UFW by following the below steps.

First, let us view which applications have installed a profile using command:

$ sudo ufw app list
Available applications:
Nginx Full
Nginx HTTP
Nginx HTTPS
OpenSSH

As you can see, Nginx and OpenSSH applications have installed UFW profiles.

If you look into the “Nginx Full” profile, you will see that it enables traffic to the ports 80 and 443:

$ sudo ufw app info "Nginx Full"
Profile: Nginx Full
Title: Web Server (Nginx, HTTP + HTTPS)
Description: Small, but very powerful and efficient web server

Ports:
80,443/tcp

Now, run the following command to allow incoming HTTP and HTTPS traffic for this profile:

$ sudo ufw allow in "Nginx Full"
Rules updated
Rules updated (v6)

If you want to allow https traffic, but only http (80) traffic, run:

$ sudo ufw app info "Nginx HTTP"

Let us go ahead and run Nginx test page.

To do so, open up your Web browser and navigate to http://localhost/ or http://IP-Address/.

You will see a page something like below.

If you see an output like above, congratulations! Nginx server is working!

2. Install MariaDB

MariaDB is the drop-in replacement of MySQL database server.

To install it, run:

$ sudo apt install mariadb-server mariadb-client

The version of MariaDB in the Ubuntu official repositories might be outdated. If you want to install a latest MariaDB, add the MariaDB official repository for Ubuntu and install it as shown below.

First, add MariaDB repository and import the key as shown below.

$ sudo apt-get install software-properties-common
$ sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8 
$ sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] http://sgp1.mirrors.digitalocean.com/mariadb/repo/10.3/ubuntu bionic main'

After adding the repository, run the following commands to install MariaDB.

$ sudo apt update
$ sudo apt install mariadb-server

Verify if MariaDB service is running or not using command:

$ sudo systemctl status mysql

Sample output:

● mariadb.service - MariaDB database server
Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2018-07-07 12:15:13 UTC; 2min 57s ago
Main PID: 3428 (mysqld)
Status: "Taking your SQL requests now..."
Tasks: 27 (limit: 2322)
CGroup: /system.slice/mariadb.service
└─3428 /usr/sbin/mysqld

Jul 07 12:15:14 ubuntuserver /etc/mysql/debian-start[3465]: mysql
Jul 07 12:15:14 ubuntuserver /etc/mysql/debian-start[3465]: performance_schema
Jul 07 12:15:14 ubuntuserver /etc/mysql/debian-start[3465]: Phase 6/7: Checking and upgrading tables
Jul 07 12:15:14 ubuntuserver /etc/mysql/debian-start[3465]: Processing databases
Jul 07 12:15:14 ubuntuserver /etc/mysql/debian-start[3465]: information_schema
Jul 07 12:15:14 ubuntuserver /etc/mysql/debian-start[3465]: performance_schema
Jul 07 12:15:14 ubuntuserver /etc/mysql/debian-start[3465]: Phase 7/7: Running 'FLUSH PRIVILEGES'
Jul 07 12:15:14 ubuntuserver /etc/mysql/debian-start[3465]: OK
Jul 07 12:15:14 ubuntuserver /etc/mysql/debian-start[3534]: Checking for insecure root accounts.
Jul 07 12:15:14 ubuntuserver /etc/mysql/debian-start[3538]: Triggering myisam-recover for all MyISAM tables and aria-recover for all Aria tables

Mysql is running!

2.1 Setup database administrative user (root) password

During MariaDB installation, It will set password for the administrative user account (root).

If you try to setup password manually using command:

$ mysql_secure_installation

You can’t login set the password. You will see an error like below.

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
 SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
ERROR 1698 (28000): Access denied for user 'root'@'localhost'
Enter current password for root (enter for none):

To fix this problem, log in as MySQL database administrator using command:

$ sudo mysql -u root

After logging into the MySQL prompt, run the following commands one by one.

use mysql;
update user set plugin='' where User='root';
flush privileges;
\q

Now, you can set database administrative password using command:

$ mysql_secure_installation

Enter password password, and hit ENTER key to accept the default values.

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
 SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): # Press ENTER
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] # Press ENTER
New password: # Enter password
Re-enter new password: # Re-enter password
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] # Press ENTER
 ... Success!

Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] # Press ENTER
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] # Press ENTER
 - Dropping test database...
ERROR 1008 (HY000) at line 1: Can't drop database 'test'; database doesn't exist
 ... Failed! Not critical, keep moving...
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] # Press ENTER
 ... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.

That’s it. Password for the database administrative user account has been set.

3. Install PHP

To install PHP, run:

$ sudo apt-get install php-fpm php-mysql

After installing PHP, we need to secure it by doing a simple change.

To do so, edit php.ini file:

$ sudo vi /etc/php/7.2/fpm/php.ini

Find the following line:

;cgi.fix_pathinfo=1

Uncomment it and change its value from 1 to 0 (zero).

cgi.fix_pathinfo=0

Save and close the file. Then, restart PHP-FPM service to take effect the changes.

$ sudo systemctl restart php7.2-fpm

Check PHP-FPM service is running or not using command:

$ sudo systemctl status php7.2-fpm

Sample output:

● php7.2-fpm.service - The PHP 7.2 FastCGI Process Manager
Loaded: loaded (/lib/systemd/system/php7.2-fpm.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2018-07-07 12:23:46 UTC; 7s ago
Docs: man:php-fpm7.2(8)
Main PID: 11005 (php-fpm7.2)
Status: "Ready to handle connections"
Tasks: 3 (limit: 2322)
CGroup: /system.slice/php7.2-fpm.service
├─11005 php-fpm: master process (/etc/php/7.2/fpm/php-fpm.conf)
├─11018 php-fpm: pool www
└─11019 php-fpm: pool www

Jul 07 12:23:46 ubuntuserver systemd[1]: Starting The PHP 7.2 FastCGI Process Manager...
Jul 07 12:23:46 ubuntuserver systemd[1]: Started The PHP 7.2 FastCGI Process Manager.

3.1 Configure Nginx to use PHP-FPM

We need to configure Nginx to use PHP-FPM.

To do so, edit Nginx’s default vhost (Server block) /etc/nginx/sites-available/default file:

$ sudo vi /etc/nginx/sites-available/default

Find the Server section, and set your Ubuntu server’s FQDN or IP address as shown below. And also, double check if you have added the index.php line. All changes are shown in bold letters.

[...]
server {
 listen 80 default_server;
 listen [::]:80 default_server;

[...]

root /var/www/html;

 # Add index.php to the list if you are using PHP
 index index.php index.html index.htm index.nginx-debian.html;

 server_name 192.168.225.22;
[...]

Let us break down the above lines, and see what each line means.

  • listen 80; –> listen for ipv4
  • listen [::]:80 default_server ; –> listen for ipv6
  • root /var/www/html; –> Nginx document root directory.
  • server_name server.ostechnix.lan; –> Our Ubuntu server’s FQDN.

Then, scroll down little bit and find the section #location ~ \.php$.

Uncomment and modify the following lines as shown below.

location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
 # concurs with nginx's one
 #
 location ~ /\.ht {
 deny all;
 }
}

Save and exit the file.

Pay close attention when modifying fastcgi_pass directive within the location ~ \.php$ block. You must mention the correct name file with what is actually stored in the /run/php directory on your server. To verify it, run:

$ ls /run/php/
php7.2-fpm.pid php7.2-fpm.sock

As you can see, the name of the file is php7.2-fpm.sock, not php7.0-fpm.sock, which is what’s listed in in the location ~ \.php$ directive. Make sure you have mentioned the correct name in this directive.

Check the Nginx configuration file for any syntax errors using command:

$ sudo nginx -t

Sample output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If you don’t see any errors, restart nginx service to take effect the changes.

To do so, run:

$ sudo systemctl restart nginx

Now, let us create a sample PHP file to test the PHP configuration via browser.

To do so, create a file called info.php under Nginx document root folder.

$ sudo vi /var/www/html/info.php

Add the following lines:

<?php
phpinfo();
?>

Save and quit the file. Restart nginx service to take effect the changes.

Then, open your web browser and navigate to http://IP-address/info.php.

You will see the PHP details.

Congratulations! PHP is working!!

3.2 Install PHP modules

To improve the functionality of PHP, you can install some additional PHP modules.

To list the available PHP modules, run:

$ sudo apt-cache search php- | less

Sample output:

Deepin Terminal_009

Search PHP modules

Use and arrows to move up and down between the result. To exit from the result, type q.

To find the details of any particular php module, for example php-gd, run:

$ sudo apt-cache show php-gd

To install a php module run:

$ sudo apt-get install php-gd

To install all modules (not necessary though), run:

$ sudo apt-get install php*

Do not forget to restart Nginx service after installing any php module.

Congratulations! We have successfully setup LEMP stack in Ubuntu 18.04 LTS server. Start deploying websites and web applications in your new LEMP web stack.

Cheers!

Thanks for stopping by!

Help us to help you:

Have a Good day!!

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.