How to Install LEMP Stack (Nginx, MariaDB, and PHP) on Rocky Linux 8

LEMP is a collection of open-source software that is commonly used together to serve web applications. The term LEMP is an acronym that represents the configuration of a Linux operating system with an Nginx (pronounced engine-x, hence the E in the acronym) web server, with site data stored in a MySQL or MariaDB database and dynamic content processed by PHP that is popularly used for hosting extensive websites due to its performance and scalability.

In the following tutorial, you will learn how to install LEMP (Nginx, MariaDB, PHP 8.0) on Rocky Linux 8.

Prerequisites

  • Recommended OS: Rocky Linux 8.+.
  • User account: A user account with sudo or root access.
  • Required Packages: php, mariadb, nginx

Update Operating System

Update your Rocky Linux operating system to make sure all existing packages are up to date:

sudo dnf upgrade --refresh -y

The tutorial will be using the sudo command and assuming you have sudo status.

To verify sudo status on your account:

sudo whoami

Example output showing sudo status:

[joshua@rockylinux ~]$ sudo whoami
root

To set up an existing or new sudo account, visit our tutorial on How to Add a User to Sudoers on Rocky Linux.

To use the root account, use the following command with the root password to log in.

su

Install EPEL Repository

The first task is to install the (EPEL) repository, which stands for (Extra Packages for Enterprise Linux). For newer users to Rhel and Rocky Linux, EPEL contains the most commonly used software packages for Enterprise Linux.

To install EPEL, use the following (dnf) terminal command:

sudo dnf install epel-release

Example output:

How to Install LEMP Stack on Rocky Linux 8

Type (Y), then press (ENTER KEY) to proceed.

Install Nginx

To kickstart the LEMP stack installation, you will need to install the Nginx web server, which can be done with the following terminal command:

sudo dnf install nginx 

Example output:

how to install lemp stack on rocky linux 8 with nginx, mariadb and PHP

Type (Y), then press (ENTER KEY) to proceed.

Confirm the installation by checking the build version:

nginx -v

Example output:

nginx version: nginx/1.14.1

By default, this is a very old but stable as anything version of Nginx; with the EPEL directory installed, you can install a newer version of either Nginx stable or mainline. To find out what versions are available, use the following command:

sudo dnf module list nginx

Example output:

How to Install LEMP Stack on Rocky Linux 8

As you can see, the EPEL repository has given you a newer stable and mainline version.

If you would like to proceed with having one of the two versions first remove the older version:

sudo dnf autoremove nginx

Next, reset the Nginx module list:

sudo dnf module reset nginx

Example output:

How to Install LEMP Stack on Rocky Linux 8

Type (Y), then press (ENTER KEY) to proceed.

Now enable either stable OR mainline:

Enable Nginx stable example:

sudo dnf module enable nginx:1.20

Enable Nginx mainline example:

sudo dnf module enable nginx:mainline

Example in the terminal of mainline import:

How to Install LEMP Stack on Rocky Linux 8

Type (Y), then press (ENTER KEY) to proceed.

Now install the new Nginx version:

sudo dnf install nginx
How to Install LEMP Stack on Rocky Linux 8

Type (Y), then press (ENTER KEY) to proceed.

Confirm the installation by checking the build version:

nginx -v

Example output:

nginx version: nginx/1.19.10

By default, when installing Nginx on Rocky Linux, it is not enabled. To enable on boot and to start, use the following:

sudo systemctl enable nginx && sudo systemctl start nginx

Example of successfully enabling (symlink):

Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.

Now, check to see the status of your Nginx service with the following terminal command:

systemctl status nginx

Example output saying everything is ok:

How to Install LEMP Stack on Rocky Linux 8

Now, you can confirm that your Nginx webserver is operational by entering (HTTP://server-ip) or (HTTP://domain-name) in your Internet Browser, and you should get the following:

How to Install LEMP Stack on Rocky Linux 8

Configure Firewall Rules

It does not automatically add firewall rules to the standard port 80 or 443 ports when installing Nginx. Before you continue, you should set the following rules, this will depend on what ports you will use, but all options are listed.

Open port 80 or HTTP:

sudo firewall-cmd --permanent --zone=public --add-service=http

Open port 443 or HTTPS:

sudo firewall-cmd --permanent --zone=public --add-service=https

Reload firewall to make changes into effect

sudo firewall-cmd --reload

Install and Configure MariaDB

Installation

MariaDB is a drop-in replacement for MySQL and was developed by former members of the MySQL team concerned that Oracle might turn MySQL into a closed-source and potentially paid product.

MariaDB 10.3 For Rocky Linux 8

Enter the following command to install MariaDB on Rocky Linux 8:

sudo dnf install mariadb-server mariadb

Example output:

how to install lemp stack on rocky linux 8 with nginx, mariadb and PHP

Type (Y), then press (ENTER KEY) to proceed.

To confirm the installation of MariaDB and to check what build is installed, type the following command:

mysql --version

Example output:

mysql  Ver 15.1 Distrib 10.3.28-MariaDB, for Linux (x86_64) using readline 5.1

MariaDB 10.5 For Rocky Linux 8

As above, this is the stable but outdated MariaDB 10.3, if you would like the newer 10.5 version, which is now classified as the old stable with the arrival of MariaDB 10.6.

List the available modules:

sudo dnf module list mariadb

Example output:

How to Install LEMP Stack on Rocky Linux 8

As you can see above, the (d) tag is next to MariaDB 10.3, which you are going to need to reset and change to install MariaDB 10.5 on Rocky Linux. To reset, use the following command:

sudo dnf module list reset mariadb

If you have MariaDB 10.3 installed, you must remove it:

sudo dnf autoremove mariadb -y

Next, enable MariaDB 10.5 with the following command:

sudo dnf module enable mariadb:10.5

Example output:

How to Install LEMP Stack on Rocky Linux 8

Type (Y), then press (ENTER KEY) to proceed.

Install MariaDB 10.5 using the following command:

sudo dnf install mariadb-server mariadb

Example output:

How to Install LEMP Stack on Rocky Linux 8

Type (Y), then press (ENTER KEY) to proceed.

To confirm the installation of MariaDB and to check what build is installed, type the following command:

mysql --version

Example output:

mysql  Ver 15.1 Distrib 10.5.9-MariaDB, for Linux (x86_64) using  EditLine wrapper

By default, MariaDB does not come enabled just the same as Nginx before it did not. To start and enable MariaDB on system boot, use the following (systemctl) terminal command:

sudo systemctl enable mariadb && sudo systemctl start mariadb

Example of successfully enabling (symlink):

Created symlink /etc/systemd/system/mysql.service → /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/mysqld.service → /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service → /usr/lib/systemd/system/mariadb.service.

Now, make sure everything is operational with the following command:

systemctl status mariadb

Example output saying everything is ok:

How to Install LEMP Stack on Rocky Linux 8

Configuration

Now that MariaDB is up and running on your Rocky Linux 8 system, you need to run the post-installation security script as the default settings need to be reviewed as often they are not secure. This is highly recommended not to skip.

First, run the MariaDB secure installation command as follows:

sudo mysql_secure_installation

Next, you will be given a prompt asking you to enter your (MariaDB root password). For now, press the (ENTER) key as the root password isn’t set yet as below:

how to install lemp stack on rocky linux 8 with nginx, mariadb and PHP

Next, type (Y) and press enter to set up the (root) password as below:

how to install lemp stack on rocky linux 8 with nginx, mariadb and PHP

The next series of questions you can safely hit (ENTER), which will answer (Y) to all the following questions which ask you to (remove anonymous users, disable remote root login, and remove the test database). Note the (Y) is capitalized, meaning it is the default answer when you press the (ENTER) key.

This step is essential for MariaDB database security and should not be altered or skipped unless you know what you are doing. Example below:

how to install lemp stack on rocky linux 8 with nginx, mariadb and PHP

Overview of what should have been done above:

  • Setting the password for root accounts.
  • Removing root accounts that are accessible from outside the local host.
  • Removing anonymous-user accounts.
  • Removing the test database, which by default can be accessed by anonymous users.

This step is essential for MariaDB database security and should not be altered or skipped unless you know what you are doing.

Now, login to the MariaDB database terminal with the following command:

sudo mysql -u root -p

To exit the MariaDB database terminal, type (exit;) as follows:

EXIT;

Install PHP (PHP-FPM)

The last part to install in your LEMP installation is PHP. You will need to install (PHP-FPM) which is short for (FastCGI Process Manager). It is highly recommended the PHP install (Remi) repository. For those unaware, Remi is the maintainer for PHP releases on the Rhel family. For the guide, we will install the newest PHP 8.0.

Firstly, To enable the Remi repository, use the following command:

sudo dnf install dnf-utils http://rpms.remirepo.net/enterprise/remi-release-8.rpm
how to install lemp stack on rocky linux 8 with nginx, mariadb and PHP

Next, with the Remi repository is enabled, you can see the PHP modules that are available from all repositories on your Rocky Linux system by using the following terminal command:

sudo dnf module list php
how to install lemp stack on rocky linux 8 with nginx, mariadb and PHP

As you can see above, the (d) tag is next to PHP 7.2, which you are going to need to reset and change to install PHP 8.0 on Rocky Linux. To reset the PHP list is easy with the following command:

sudo dnf module reset php

Next, enable PHP 8.0 with the following command:

sudo dnf module enable php:remi-8.0 -y

Example output once complete:

how to install lemp stack on rocky linux 8 with nginx, mariadb and PHP

Now update your repository list and install PHP and PHP-FPM:

sudo dnf install php php-fpm
how to install lemp stack on rocky linux 8 with nginx, mariadb and PHP

Optionally, you can then install any extensions of your choice. Below are some of the most commonly used:

sudo dnf install php-cli php-curl php-mysqlnd php-gd php-opcache php-zip php-intl php-common php-bcmath php-imap php-imagick php-xmlrpc php-json php-readline php-memcached php-redis php-mbstring php-apcu php-xml

Note, remove anything you do not want. This is optional, remember!

how to install lemp stack on rocky linux 8 with nginx, mariadb and PHP

Next, you should check out the build of PHP 8.0 installed:

php -v

Example output:

how to install lemp stack on rocky linux 8 with nginx, mariadb and PHP

Lastly, PHP-FPM like Nginx and MariaDB before it is not enabled by default, to enable PHP-FPM on system boot and to kick start it off, use the following (systemctl) command:

sudo systemctl enable php-fpm && sudo systemctl start php-fpm

Example of successfully enabling (symlink):

how to install lemp stack on rocky linux 8 with nginx, mariadb and PHP

Now, as before with checking the status of the other requirements in your LEMP installation, use the following (systemctl) terminal command to check the status to make sure everything is working:

sudo systemctl status php-fpm

If no errors are present, you should get the following output:

how to install lemp stack on rocky linux 8 with nginx, mariadb and PHP

Unlike LEMP installations on Debian/Ubuntu that use the (www-data) user, this isn’t the case with Rhel/Rocky Linux installations. By default on Rocky Linux, the PHP-FPM service is designed to be run (Apache) user, which is incorrect since we are using Nginx, and this needed to be corrected.

Firstly, open following (www.conf) configuration file:

sudo nano /etc/php-fpm.d/www.conf

Next, replace the (Apache) user and group with the (Nginx) user and group:

how to install lemp stack on rocky linux 8 with nginx, mariadb and PHP

To save, press (CTRL+O) then exit (CTRL+X).

Now you will too reload or restart your PHP-FPM service:

sudo systemctl restart php-fpm

Test PHP

To test PHP-FPM with the Nginx Web server, you must create a file in the webroot directory.

For the guide, you will name the file (info.php) as follows:

sudo nano /usr/share/nginx/html/info.php

Paste the following the (info.php) file:

<?php

phpinfo();

?>

Save the file (CTRL+O), then exit (CTRL+X).

Now in your Internet Browser address bar, enter (server-ip-address/info.php). If you have installed Nginx on your local computer, use the default (127.0.0.1/info.php) or (localhost/info.php).

You should see your server’s PHP information:

how to install lemp stack on rocky linux 8 with nginx, mariadb and PHP

This information shows PHP scripts can run properly with the Nginx web server.

For security purposes, you should remove the file. To do this, use the following command:

sudo rm -f /var/www/html/info.php

If you would prefer to keep the file for future purposes, add the following to your Nginx server block file in the server {} section:

    location ^~ /info.php {
     allow <YOUR IP ADDRESS>; 
     deny all;
    }

This will only allow the IP address specified from accessing the file. It is advised to hide as much system info from potential hackers and malicious actors.

Create an Nginx Server Block

An Nginx server block is the equivalent of a virtual host in Apache, which contains a configuration for your Nginx web server that responds to the public visitors. Below is a complete example of how to achieve this with PHP-FPM in mind.

Create Server Block Directories

The (.conf) files are normally located in (sites-available) and (sites-enabled). Users coming from different distributions would notice this would be already installed; however, for Rocky Linux, you will need to create them.

Create the two required (sites) directory with the following command:

sudo mkdir /etc/nginx/sites-available && sudo mkdir /etc/nginx/sites-enabled

Edit the Nginx Configuration File

After creating the needed directories, edit Nginx’s main configuration file (nginx.conf) as follows:

sudo nano /etc/nginx/nginx.conf

Then paste the next few lines in the (HTTP) section of the (nginx.conf) configuration file:

include /etc/nginx/sites-enabled/*.conf;
server_names_hash_bucket_size 64;

Note, (server_names_hash_bucket_size) increases the memory allocated to parsing domain names.

Example:

How to Install LEMP Stack on Rocky Linux 8

Note, (server_names_hash_bucket_size) increases the memory allocated to parsing domain names.

Save the configuration with (CLTR+O) and then (CTRL+X) to exit.

Create Server Block Configuration File

Now create a server block file using any text editor, the guide will use (nano):

sudo nano /etc/nginx/sites-available/example.com.conf

Next, you need to set up the configuration file with a working example with PHP-FPM enabled.

An example is provided below for you to copy and paste. Note to replace (server_name) with your domain name or IP:

server {
  listen 80;
  listen [::]:80;
  server_name example.com www.example.com;
  root /var/www/html/example.com/;
  index index.php index.html index.htm;

  location / {
    try_files $uri $uri/ /index.php;
  }

  location ~ \.php$ {
    fastcgi_pass unix:/run/php-fpm/www.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;

  }

 # A long browser cache lifetime can speed up repeat visits to your page
  location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ {
       access_log        off;
       log_not_found     off;
       expires           360d;
  }

  # disable access to hidden files
  location ~ /\.ht {
      access_log off;
      log_not_found off;
      deny all;
  }
}

Now save the server block with (CTRL+O), then exit with (CTRL+X).

Create Test Landing Page

A good idea is to create a sample test site. Below is a standard test index.html set up:

If you haven’t already created your permanent or test web directory:

sudo mkdir -p /var/www/html/example.com/

You will need to configure the permissions, and you can set as the user currently logged in with the $USER variable:

sudo chown -R $USER:$USER /var/www/html/example.com/

The last permission setting is to allow the public to read the web directory (access your site) using permission chmod 755:

sudo chmod -R 755 /var/www

Next, create the index.html file:

sudo nano /var/www/html/example.com/index.html

Paste the content below. As you can see, it’s pretty basic as we are only using it for testing purposes.

<html>
  <head>
    <title>You have reached Example.com!</title>
  </head>
  <body>
    <h1>Congratulations! The server block is active!</h1>
  </body>
</html>

Save the configuration with (CLTR+O) and then (CTRL+X) to exit.

Enable Nginx Server Block

You are now in the final stages, and now it is time to enable the server block configuration file. To do so, you need to create a symbolic link (symlink) for the server block configuration file in the (sites-available) directory to the (sites-enabled) directory using the following command:

sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/example.com.conf

Test Nginx Server Block

To finish up, you should always do a dry run before restarting or reloading your Nginx service, which is critical if working in a live environment. Type the following command to test your server block configuration file:

sudo nginx -t

If there are no errors, you will get the following output:

how to install lemp stack on rocky linux 8 with nginx, mariadb and PHP

Next, open your Internet Browser and enter your domain address (example.com) to test if your server is reachable.

Congratulations, you have successfully created an Nginx server block that is PHP-FPM ready.

How to Install LEMP Stack on Rocky Linux 8

Optional. Secure Nginx with Let’s Encrypt SSL Free Certificate

Ideally, you would want to run your Nginx on HTTPS using an SSL certificate. The best way to do this is to use Let’s Encrypt, a free, automated, and open certificate authority run by the nonprofit Internet Security Research Group (ISRG).

First, install the EPEL repository and the mod_ssl package for better-updated packages and security.

sudo dnf install epel-release mod_ssl -y

Next, install the certbot package as follows:

sudo dnf install python3-certbot-nginx -y

Once installed, run the following command to start the creation of your certificate:

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d www.example.com

This is the ideal setup that includes force HTTPS 301 redirects, Strict-Transport-Security header, and OCSP Stapling. Just make sure to adjust the e-mail and domain name to your requirements.

Now your URL will be HTTPS://www.example.com instead of HTTP://www.example.com.

Note, if you use the old HTTP URL, it will automatically redirect to HTTPS.

Optionally, you can set a cron job to renew the certificates automatically. Certbot offers a script that does this automatically, and you can first test to make sure everything is working by performing a dry run.

sudo certbot renew --dry-run

If everything is working, open your crontab window by using the following terminal command.

sudo crontab -e

Next, please specify the time when it should auto-renew. This should be checked daily at a minimum, and if the certificate needs to be renewed, the script will not update the certificate. If you need help with finding a good time to set, use the crontab.guru free tool.

00 00 */1 * * /usr/sbin/certbot-auto renew

Save (CTRL+O) then exit (CTRL+X), and the cronjob will be automatically enabled.

Comments and Conclusion

In the tutorial, you have learned how to install the LEMP stack to secure MariaDB, test PHP, and create an Nginx server block. Overall, LEMP is a trendy option. Now, Nginx has surpassed Apache as the most used HTTP webserver software adequately configured and performance managed can give your webserver a decisive advantage over other setups.



Follow LinuxCapable.com!

Like to get automatic updates? Follow us on one of our social media accounts!