How to Install LEMP on CentOS Stream EL9 or EL8


LEMP is a software stack that consists of Linux, Nginx, MariaDB, and PHP. It is a popular stack used for web development and hosting. Nginx is a powerful and efficient web server, MariaDB is a robust and reliable SQL database, and PHP is a server-side scripting language used for web development. Together, these technologies provide a powerful and reliable platform for building and hosting web applications.

Features:

  • High-performance web server with Nginx
  • MariaDB is a powerful and reliable SQL database
  • PHP is a popular server-side scripting language

Benefits:

  • Improved performance and scalability
  • Increased security and stability
  • Easy to manage and maintain
  • High flexibility and customization options
  • Support for multiple programming languages and frameworks.

This guide will walk you through installing LEMP on CentOS Stream 9 or 8, including creating an NGINX server block and a PHP test file to verify the installation’s success in a few simple steps.

Step 1: Update CentOS Stream

Before we begin, it is important to update the system to ensure that all packages are up-to-date. You can do this by running the following command.

sudo dnf upgrade --refresh

Step 2: Install Nginx

To install Nginx on CentOS Stream, you can use the following command.

sudo dnf install nginx

Once the installation is complete, you can start the Nginx service by running the following command.

sudo systemctl enable nginx --now

To check the status of the Nginx service, you can use the following command.

systemctl status nginx

Example output:

If no errors have occurred, move on to step 3.

Configure Nginx Firewall Rules

When installing Nginx, firewall rules for the standard port 80 or 443 ports are not automatically added. Before proceeding, you must set the appropriate rules for the ports you plan to use. The following options are provided for reference.

Open port 80 or HTTP:

sudo firewall-cmd --permanent --zone=public --add-service=http

Open port 443 or HTTPS:

sudo firewall-cmd --permanent --zone=public --add-service=https

Apply the changes by reloading the firewall.

sudo firewall-cmd --reload

Step 3: Install MariaDB

To install MariaDB on CentOS Stream, you can use the following command.

sudo dnf install mariadb-server mariadb

Once the installation is complete, you can start the MariaDB service by running the following command.

sudo systemctl enable mariadb --now

To check the status of the MariaDB service, you can use the following command.

systemctl status mariadb

Example output:

MariaDB Security Configuration

When installing a new version of MariaDB, industry standards often consider the default settings weak and may pose a security risk. Running the installation security script during the MariaDB installation process is recommended to mitigate this concern. This script will help to secure the installation and prevent potential intrusions or exploits by hackers.

To begin, use the following command to execute the mysql_secure_installation.

sudo mariadb-secure-installation

The next step is to proceed through the mysql_secure_installation settings and configure the root password, disallow remote access from external sources, remove anonymous user accounts, and delete the test database.

Example:

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] Y <---- Type Y then press the ENTER KEY.
Enabled successfully!
Reloading privilege tables..
 ... Success!


You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] Y <---- Type Y then press the ENTER KEY.
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y <---- Type Y then press the ENTER KEY.
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

If no errors have occurred, move on to step 4.

See also
How to Build NGINX from Source on Ubuntu 22.04 or 20.04

Step 4: Install PHP

To install PHP on CentOS Stream, you can use the following command.

sudo dnf install php php-fpm php-cli php-mysqlnd

Once the installation is complete, you can start the PHP-FPM service by running the following command.

sudo systemctl enable php-fpm --now

To check the status of the PHP-FPM service, you can use the following command.

systemctl status php-fpm

Example output:

If no errors have occurred, move on to step 5.

Step 5: Configure Nginx Server Block

To configure Nginx to work with PHP, you must make changes to the configuration file. The file is located at /etc/nginx/nginx.conf. You will need to add the following lines to the server block.

location ~ \.php$ {
    include fastcgi.conf;
    fastcgi_pass unix:/run/php-fpm/www.sock;
}

Once you have made the changes, test to ensure no errors occur in your syntax.

sudo nginx -t

Now you will need to restart the Nginx service for the changes to take effect.

sudo systemctl restart nginx

Step 6: Configure Nginx & PHP-FPM

When installing PHP-FPM on distributions like Debian/Ubuntu, the “www-data” user is often used. However, this is not the default for installations on the RHEL family. By default, the PHP-FPM service is configured to run under the “Apache” user, which is not suitable for use with Nginx. Therefore, adjustments need to be made.

First, open the configuration file (www.conf) with the following command.

sudo nano /etc/php-fpm.d/www.conf

Then, substitute the (Apache) user and group with the (Nginx) user and group.

Example from:

Example to:

To save, press (CTRL+O), then exit (CTRL+X).

Now, you can restart your PHP-FPM service.

sudo systemctl restart php-fpm

Step 7: Create a Test PHP File

You can create a test PHP file to test that PHP works correctly with Nginx. You can make this file in the Nginx web root directory, typically located at /usr/share/nginx/html/. Create a file called info.php and paste the following code.

<?php
phpinfo();
?>

Step 8: Test the Installation

Now that you have completed the installation, you can test that everything is working correctly by visiting the test PHP file in a web browser. Open a web browser and visit the following URL:

http://your-server-ip/info.php

You should see a page displaying information about your PHP installation.

Conclusion

This guide demonstrated how to install LEMP (Linux, Nginx, MySQL, and PHP) on a CentOS Stream server and covered the steps to install and configure Nginx, MySQL, and PHP, as well as how to test the installation to ensure everything is working correctly. By following this guide, you should now have a fully functional LEMP stack that you can use to build and run web applications. Remember to keep your system updated and to make regular backups of your important data to ensure that your web applications are always running smoothly.

Leave a Comment

Share to...