Install LEMP Stack on Fedora Linux 35

LEMP is a collection of open-source software commonly used to serve web applications. The term LEMP is an acronym that represents the configuration of a Linux operating system with an Nginx (pronounced engine-x, hence the E in the acronym) web server, with site data stored in a MySQL or MariaDB database and dynamic content processed by PHP that is popularly used for hosting extensive websites due to its performance and scalability.

In the following tutorial, you will learn how to install LEMP (Nginx, MariaDB, PHP) on Fedora 35 Server or Workstation. The tutorial will install various version choices with Nginx, MariaDB, and PHP.

Prerequisites

  • Recommended OS: Fedora Linux 35.
  • User account: A user account with sudo or root access.

Update Operating System

Update your Fedora operating system to make sure all existing packages are up to date:

sudo dnf upgrade --refresh -y

The tutorial will be using the sudo command and assuming you have sudo status.

To verify sudo status on your account:

sudo whoami

Example output showing sudo status:

[joshua@fedora ~]$ sudo whoami
root

To set up an existing or new sudo account, visit our tutorial on Adding a User to Sudoers on Fedora.

To use the root account, use the following command with the root password to log in.

su

Install Nginx

The first step with installing the LEMP stack, you will need to install the Nginx, which can be done with the following terminal command:

sudo dnf install nginx

Example output:

How to Install LEMP Stack on Fedora 35

Type Y, then press ENTER KEY to proceed.

Confirm the installation by checking the build version:

nginx -v

Example output:

nginx version: nginx/1.20.2

The standard installation of Nginx with Fedora will always install the stable version first. For users that want to install Nginx mainline instead, follow on to learn how to switch the versions around.

dnf module list nginx

Example output:

How to Install LEMP Stack on Fedora 35

As you can see, the Fedora repository contains both stable and mainline.

If you would like to proceed with having one of the two versions first remove the stable version.

Back up configuration files before removing Nginx if it was an existing installation.

sudo dnf autoremove nginx

Now enable Nginx mainline.

sudo dnf module enable nginx:mainline

Example in the terminal of mainline import:

How to Install LEMP Stack on Fedora 35

Type Y, then press ENTER KEY to proceed.

Now install the Nginx mainline:

sudo dnf install nginx -y

Confirm the installation by checking the build version:

nginx -v

Example output:

nginx version: nginx/1.21.5

At the time of this tutorial, you can see the difference between Nginx mainline being at 1.25.5 and the stable version at 1.20.2.

Next, you must start and enable Nginx by using the following command.

sudo systemctl enable nginx --now

Example of successfully enabling (symlink):

Created symlink /etc/systemd/system/multi-user.target.wants/nginx.service → /usr/lib/systemd/system/nginx.service.

Now, check to see the status of your Nginx service with the following terminal command:

systemctl status nginx

Example output saying everything is ok:

How to Install LEMP Stack on Fedora 35

Now, you can confirm that your Nginx webserver is operational by entering (HTTP://server-ip) or (HTTP://domain-name if setup) in your Internet Browser, and you should get the following:

How to Install LEMP Stack on Fedora 35

Configure Nginx Firewall Rules

When installing Nginx, it does not automatically add firewall rules to the standard port 80 or 443 ports. Before you continue, you should set the following rules, this will depend on what ports you will use, but all options are listed.

Open port 80 or HTTP:

sudo firewall-cmd --permanent --zone=public --add-service=http

Open port 443 or HTTPS:

sudo firewall-cmd --permanent --zone=public --add-service=https

Reload firewall to make changes into effect

sudo firewall-cmd --reload

Install and Configure MariaDB

MariaDB is a drop-in replacement for MySQL and was developed by former members of the MySQL team concerned that Oracle might turn MySQL into a closed-source and potentially paid product.

Option 1. Install MariaDB 10.5 (Default)

Enter the following command to install MariaDB on Fedora.

sudo dnf install mariadb-server mariadb

Example output:

How to Install LEMP Stack on Fedora 35

Type Y, then press ENTER KEY to proceed.

To confirm the installation of MariaDB and to check what build is installed, type the following command:

mariadb --version

Example output:

mariadb  Ver 15.1 Distrib 10.5.13-MariaDB, for Linux (x86_64) using  EditLine wrapper

Option 2. Install MariaDB 10.6 (Latest Stable)

As above, this is the stable but outdated MariaDB 10.5. If you would like the newer stable 10.6 version, proceed with the following instructions or skip to installing PHP.

List the available modules:

sudo dnf module list mariadb

Example output:

How to Install LEMP Stack on Fedora 35

As you can see above, the (d) tag is next to MariaDB 10.5, which you are going to need to reset and change to install MariaDB 10.6.

First, make sure to remove the installation if you have installed MariaDB already.

sudo dnf autoremove mariadb mariadb-server -y

Next, enable MariaDB 10.6 with the following command:

sudo dnf module enable mariadb:10.6

Example output:

How to Install LEMP Stack on Fedora 35

Type Y, then press ENTER KEY to proceed.

Now install MariaDB 10.6 using the following command:

sudo dnf install mariadb-server mariadb -y

To confirm the installation of MariaDB and to check what build is installed, type the following command:

mariadb --version

Example output:

mariadb  Ver 15.1 Distrib 10.6.5-MariaDB, for Linux (x86_64) using  EditLine wrapper

By default, MariaDB does not come enabled just the same as Nginx. To start and enable MariaDB on system boot, use the following (systemctl) terminal command:

sudo systemctl enable mariadb --now

Example of successfully enabling (symlink):

Created symlink /etc/systemd/system/mysql.service → /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/mysqld.service → /usr/lib/systemd/system/mariadb.service.
Created symlink /etc/systemd/system/multi-user.target.wants/mariadb.service → /usr/lib/systemd/system/mariadb.service.

Now, make sure everything is operational with the following command:

systemctl status mariadb

Example output saying everything is ok:

How to Install LEMP Stack on Fedora 35

Security Configuration

When installing MariaDB fresh, default settings are considered weak by most standards and cause concern for potentially allowing intrusion or exploiting hackers. A solution is to run the installation security script with the MariaDB installation.

First, use the following command to launch the (mysql_secure_installation):

sudo mariadb-secure-installation

Next, follow below:

  • Setting the password for root accounts.
  • Removing root accounts that are accessible from outside the local host.
  • Removing anonymous-user accounts.
  • Removing the test database, which by default can be accessed by anonymous users.

Note, you use (Y) to remove everything.

Example:

[joshua@fedora ~]$ sudo mariadb-secure-installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] Y <---- Type Y then press the ENTER KEY.
Enabled successfully!
Reloading privilege tables..
 ... Success!


You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] Y <---- Type Y then press the ENTER KEY.
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y <---- Type Y then press the ENTER KEY.
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Install PHP (PHP-FPM)

Import Remi PHP Repository

The last part to install in your LEMP installation is PHP. You will need to install (PHP-FPM) which is short for (FastCGI Process Manager). It is highly recommended the PHP install (Remi) repository. Remi is the maintainer for PHP releases on the RHEL family for those unaware.

Firstly, To enable the Remi repository, use the following command:

sudo dnf install http://rpms.remirepo.net/fedora/remi-release-35.rpm

Example output:

How to Install LEMP Stack on Fedora 35

Type Y, then press ENTER KEY to proceed.

Next, verify the installation.

dnf repolist | grep remi

Example output:

remi-modular                  Remi's Modular repository - Fedora 35 - x86_64

Situational – Remove Existing PHP Installation

Remove the previous version for users wanting to install PHP 8.1 but have already installed PHP or PHP-FPM. For example, remove PHP 8.0 for PHP 8.1.

Make sure to back up any configuration files.

sudo dnf remove php php-fpm -y

Then remove the rest of the package extensions.

sudo dnf remove php* -y

To reset the PHP module list is easy with the following command:

sudo dnf module list reset php -y

Now you can proceed to the next part of the tutorial.

Enable PHP 8.1 (Remi) Repository

PHP 8.0 is the default PHP choice for standard Fedora 35 installations.

A quick tip is to use the (list php) command to see the options available and the default.

The following dnf module list command can do this:

sudo dnf module list php

Example output:

How to Install LEMP Stack on Fedora 35

Note, you will be prompted to import the GPG key for Remi’s repository. Type (Y) to proceed if you encounter it.

Next, enable the PHP version you prefer to use. The recommendation is to use PHP 8.0 as PHP 8.1 has just been released and is not as stable at the time of the tutorial.

Option 1 – Enable PHP 8.0:

sudo dnf module enable php:remi-8.0

Option 2 – Enable PHP 8.1:

sudo dnf module enable php:remi-8.1

Example output (With PHP 8.0):

How to Install LEMP Stack on Fedora 35

Install PHP on Fedora

Now that you have added the Remi PHP repository and the version of PHP you wish to use with your LEMP set up proceed to install PHP with the following command.

sudo dnf install php-fpm php-cli php-opcache php-curl php-zip php-mysqlnd

Example output:

How to Install LEMP Stack on Fedora 35

Type Y, then press the ENTER KEY to proceed with the installation.

Note, you will be prompted for more GPG key imports.

Example:

How to Install LEMP Stack on Fedora 35

Type Y, then press the ENTER KEY to proceed with the installation.

Optionally, if you would like to install the most commonly used extensions for PHP 8.0, use the following command:

sudo dnf install php-gd php-intl php-common php-bcmath php-imap php-imagick php-xmlrpc php-json php-readline php-memcached php-redis php-mbstring php-apcu php-xml php-dom php-redis php-memcached php-memcache

Note, remove the options you do not want this is optional. It is highly recommended to only install and keep what modules you require from a performance and security standard.

Lastly, use the following command for anyone interested in installing the development branch.

sudo dnf install php-devel -y

Now that you have installed PHP 8.1 and the extensions check the version with the following command:

php -v

Example output (PHP 8.0):

How to Install LEMP Stack on Fedora 35

Configure PHP-FPM & Nginx Access

Unlike PHP-FPM installations on Debian/Ubuntu that use the (www-data) user, this isn’t the case with RHEL family installations. By default on Fedora, the PHP-FPM service is designed to be run (Apache) user, which is incorrect since we are using Nginx, and this needed to be corrected.

Firstly, open following (www.conf) configuration file:

sudo nano /etc/php-fpm.d/www.conf

Next, replace the (Apache) user and group with the (Nginx) user and group:

How to Install LEMP Stack on Fedora 35

To save, press (CTRL+O) then exit (CTRL+X).

Now you will too reload or restart your PHP-FPM service:

sudo systemctl restart php-fpm

Create Test PHP Page

To test PHP-FPM with the Nginx Web server, you must create a file in the webroot directory.

For the guide, you will name the file (info.php) as follows:

sudo nano /usr/share/nginx/html/info.php

Paste the following the (info.php) file:

<?php

phpinfo();

?>

Save the file (CTRL+O), then exit (CTRL+X).

Now in your Internet Browser address bar, enter (server-ip-address/info.php). If you have installed Nginx on your local computer, use the default (127.0.0.1/info.php) or (localhost/info.php).

You should see your server’s PHP information:

How to Install LEMP Stack on Fedora 35

This information shows PHP scripts can run properly with the Nginx web server.

For security purposes, you should remove the file. To do this, use the following command:

sudo rm -f /usr/share/nginx/html/info.php

If you would prefer to keep the file for future purposes, add the following to your Nginx server block file in the server {} section:

    location ^~ /info.php {
     allow <YOUR IP ADDRESS>; 
     deny all;
    }

This will only allow the IP address specified from accessing the file. It is advised to hide as much system info from potential hackers and malicious actors.

Create an Nginx Server Block

An Nginx server block is the equivalent of a virtual host in Apache, which contains a configuration for your Nginx web server that responds to the public visitors. Below is a complete example of achieving this with PHP-FPM in mind.

Create Server Block Directories

The (.conf) files are normally located in (sites-available) and (sites-enabled). Users coming from different distributions would notice this would be already installed by default. However, for Fedora, you will need to create the directories.

Create the two required (sites) directory with the following command:

sudo mkdir /etc/nginx/sites-available && sudo mkdir /etc/nginx/sites-enabled

Edit the Nginx Configuration File

After creating the needed directories, edit Nginx’s main configuration file (nginx.conf) as follows:

sudo nano /etc/nginx/nginx.conf

Then paste the next few lines in the (HTTP) section of the (nginx.conf) configuration file:

include /etc/nginx/sites-enabled/*.conf;
server_names_hash_bucket_size 64;

Note, (server_names_hash_bucket_size) increases the memory allocated to parsing domain names.

Example:

How to Install LEMP Stack on Fedora 35

Note, (server_names_hash_bucket_size) increases the memory allocated to parsing domain names.

Optionally, either remove or comment the {server} blocks in nginx.conf.

Save the configuration with (CLTR+O) and then (CTRL+X) to exit.

Create Server Block Configuration File

Now create a server block file using any text editor, the guide will use (nano):

sudo nano /etc/nginx/sites-available/example.com.conf

Next, you need to set up the configuration file with a working example with PHP-FPM enabled.

An example is provided below for you to copy and paste. Note to replace (server_name) with your domain name or IP:

server {
  listen 80;
  listen [::]:80;
  server_name example.com www.example.com;
  root /var/www/html/example.com/;
  index index.php index.html index.htm;

  location / {
    try_files $uri $uri/ /index.php;
  }

  location ~ \.php$ {
    fastcgi_pass unix:/run/php-fpm/www.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
  }

 # A long browser cache lifetime can speed up repeat visits to your page
  location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ {
       access_log        off;
       log_not_found     off;
       expires           360d;
  }

  # disable access to hidden files
  location ~ /\.ht {
      access_log off;
      log_not_found off;
      deny all;
  }
}

Now save the server block with (CTRL+O), then exit with (CTRL+X).

Create Test Landing Page

The good idea is to create a sample test site. Below is a standard test index.html set up:

If you haven’t already created your permanent or test web directory:

sudo mkdir -p /var/www/html/example.com/

You will need to configure the permissions, and you can set as the user currently logged in with the $USER variable:

sudo chown -R $USER:$USER /var/www/html/example.com/

The last permission setting is to allow the public to read the web directory (access your site) using permission chmod 755:

sudo chmod -R 755 /var/www

Next, create the index.html file:

sudo nano /var/www/html/example.com/index.php

Paste the content below. As you can see, it’s pretty basic as we are only using it for testing purposes.

<html>
  <head>
    <title>You have reached Example.com!</title>
  </head>
  <body>
    <h1>Congratulations! The server block is active!</h1>
  </body>
</html>

Save the configuration with (CLTR+O) and then (CTRL+X) to exit.

Enable Nginx Server Block

You are now in the final stages, and now it is time to enable the server block configuration file. To do so, you need to create a symbolic link (symlink) for the server block configuration file in the (sites-available) directory to the (sites-enabled) directory using the following command:

sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/example.com.conf

Test Nginx Server Block

To finish up, you should always do a dry run before restarting or reloading your Nginx service, which is critical if working in a live environment. Type the following command to test your server block configuration file:

sudo nginx -t

If there are no errors, you will get the following output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Next, open your Internet Browser and enter your domain address (example.com) to test if your server is reachable.

Congratulations, you have successfully created an Nginx server block that is PHP-FPM ready.

How to Install LEMP Stack on Fedora 35

Optional. Secure Nginx with Let’s Encrypt SSL Free Certificate

Ideally, you would want to run your Nginx on HTTPS using an SSL certificate. The best way to do this is to use Let’s Encrypt, a free, automated, and open certificate authority run by the nonprofit Internet Security Research Group (ISRG).

Install the certbot package as follows:

sudo dnf install python3-certbot-nginx -y

Once installed, run the following command to start the creation of your certificate:

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email you@example.com -d www.example.com

This ideal setup includes force HTTPS 301 redirects, a Strict-Transport-Security header, and OCSP Stapling. Just make sure to adjust the e-mail and domain name to your requirements.

Now your URL will be HTTPS://www.example.com instead of HTTP://www.example.com.

If you use the old HTTP URL, it will automatically redirect to HTTPS.

Optionally, you can set a cron job to renew the certificates automatically. Certbot offers a script that does this automatically, and you can first test to make sure everything is working by performing a dry run.

sudo certbot renew --dry-run

If everything is working, open your crontab window using the following terminal command.

sudo crontab -e

By default, most Fedora systems do not come with Cron installed. To install it, use the following command.

sudo dnf install cronie -y

Open the crontab with the following command.

sudo crontab -e

Next, specify the time when it should auto-renew. This should be checked daily at a minimum, and if the certificate needs to be renewed, the script will not update the certificate. If you need help finding a good time to set, use the crontab.guru free tool.

00 00 */1 * * /usr/sbin/certbot-auto renew

Now save the file by pressing (SHIFT) and (:) then typing (wa), which saves the file, then exit with the same method using (qa).

You should see the following output in the terminal to see if adding the new task was successful.

crontab: installing new crontab

Comments and Conclusion

In the tutorial, you have learned how to install the LEMP stack to secure MariaDB, test PHP, and create an Nginx server block. Overall, LEMP is a smart option. Now, Nginx has surpassed Apache as the most used HTTP webserver software adequately configured and performance managed can give your webserver a decisive advantage over other setups.



Follow LinuxCapable.com!

Like to get automatic updates? Follow us on one of our social media accounts!