How to Setup LEMP on Ubuntu 16.04

Most PHP installations favor the Apache web server for its standard (LAMP), easy configuration. But if you’re on a constrained host or are looking for something sleeker, NGINX is a great alternative (LEMP). NGINX uses less memory, makes PHP more secure by running it in a separate process, and has a simpler configuration file format than its venerable competitor. Getting PHP running under NGINX is a bit more complicated, however. This tutorial guides you through setting up a secure installation of the Linux, NGINX, MySQL and PHP tech stack.

GETTING STARTED

The following steps will transform this generic installation into a robust LEMP stack. To complete this guide, you will need the following:
• 1 Node (Cloud Server or Dedicated Server) with Ubuntu 16.04 LTS installed.

Installing LEMP on Ubuntu 16.04

To start, let’s update APT repositories and all packages. Doing this will not only patch any current known security issues, but it will also avoid download errors in later steps.

sudo apt-get update
sudo apt-get upgrade -y
sudo reboot

Let’s next install the NGINX package.
sudo apt-get install nginx

The NGINX server must now be started and configured to launch on boot. Perform these steps to enable this functionality.

sudo systemctl start nginx.service
sudo systemctl enable nginx.service

UFW is Ubuntu’s default firewall. To secure your system, enter the following commands to check its status.

sudo ufw status

If it is enabled, you’ll optionally want to allow HTTP traffic through. Do so by typing the following:

sudo ufw allow 'Nginx HTTP'

Installing MySQL for LEMP

We’ll next need to install the MySQL database server. Do so with the following command.

sudo apt-get install mysql-server

You’ll need to set a root password during installation. This should be strong, and different from your server’s root password. Anyone with this password can modify any database content, so keep it safe! Also remember it for later, since you’ll need it to set up databases.

As with NGINX, you must now start the MySQL server and enable it to start on boot.

sudo systemctl start mysql.service
sudo systemctl enable mysql.service


MySQL needs an initial configuration to start. The following sets up the basic necessary configuration.

sudo mysql_secure_installation

As with any tech stack, the database installation should be hardened. Here are some easy steps to secure the database installation from the most common attacks:

It is then recommended to remove anonymous users, disallow remote root login, remove the test database and reload the privileges table.

Installing PHP for LEMP

The web server is accepting connections and the database is available. We must now install PHP so our apps can run. The following sets up the PHP environment.

sudo apt-get install php-fpm php-mysql

With PHP installed, we must now change the PHP-FPM configuration so it works well with NGINX. Edit the configuration using your favorite text editor:

nano /etc/php/7.0/fpm/php.ini

Change this:
;cgi.fix_pathinfo=1


to:
cgi.fix_pathinfo=0


Save and close the configuration file. Now, restart the PHP-FPM daemon so the changes take effect.

sudo systemctl restart php7.0-fpm
sudo systemctl enable php7.0-fpm

The FPM daemon is now accepting connections, but NGINX needs to be told how to connect. It must also know which file extensions to send to the FPM daemon. Edit the NGINX configuration.

nano /etc/nginx/sites-available/default

Modify this line:

index index.html index.htm index.nginx-debian.html;

Change it to read:

index index.html index.htm index.nginx-debian.html index.php;

You’ll also need to change:

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php7.0-fpm:
# fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}

to:

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php7.0-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# With php7.0-fpm:
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}

We’re almost finished. Use the following to test your configuration.

sudo nginx -t

This should report that your configuration syntax is OK. If everything checks out, restart NGINX so it picks up your configuration changes.

sudo systemctl reload nginx

Let’s see if NGINX successfully passes PHP scripts to the FPM daemon. We’ll create a simple script under /var/www/html/index.php.

nano /var/www/html/index.php

Enter the following text into the script and save the file:

 <?php
phpinfo();
?>

Check if the script works by visiting http://ip_address/index.php. If all goes well, you should see lots of information about your server’s PHP installation.

Conclusion

Over the last few minutes, you’ve successfully set up a robust and efficient PHP stack capable of running hundreds of apps or sites. You can now download one of many freely-available PHP applications, or begin writing one of your own. Enjoy your LEMP configuration! If this guide was helpful to you, kindly share it with others who may also be interested.