How to Install LEMP Stack on Fedora 36 Linux

LEMP is a collection of open-source software commonly used to serve web applications. The term LEMP is an acronym that represents the configuration of a Linux operating system with an Nginx (pronounced engine-x, hence the E in the acronym) web server, with site data stored in a MySQL or MariaDB database and dynamic content processed by PHP that is popularly used for hosting extensive websites due to its performance and scalability.

In the following tutorial, you will learn how to install LEMP (Nginx, MariaDB, PHP) on Fedora 36 Server or Workstation. The tutorial will install various version choices with Nginx, MariaDB, and PHP using the command line terminal.

Update Fedora

First, before you begin the installation, you should update your system to make sure all existing packages are up to date to avoid any conflicts.

sudo dnf upgrade --refresh -y

Install Nginx

In the first step in installing the LEMP stack, you will need to install the Nginx, which can be done with the following terminal command.

sudo dnf install nginx -y

Confirm the installation by checking the build version:

nginx -v

Example output:

nginx version: nginx/1.20.2

The standard installation of Nginx with Fedora will always install the stable version first. For users that want to install Nginx mainline instead, follow on to learn how to switch the versions around.

dnf module list nginx

Example output:

How to Install LEMP Stack on Fedora 36 Linux

As you can see, the Fedora repository contains both stable and mainline.

If you would like to proceed with having one of the two versions, first remove the stable version.

Back up configuration files before removing Nginx if it was an existing installation.

sudo dnf autoremove nginx

Now enable Nginx mainline.

sudo dnf module enable nginx:mainline -y

Now install the Nginx mainline using the following command.

sudo dnf install nginx -y

Confirm the installation by checking the build version:

nginx -v

Example output:

nginx version: nginx/1.21.6

At the time of this tutorial, you can see the difference between Nginx mainline being at 1.21.6 and the stable version at 1.20.2.

Next, you must start and enable Nginx by using the following command.

sudo systemctl enable nginx --now

Now, check to see the status of your Nginx service with the following terminal command:

systemctl status nginx

Example output saying everything is ok:

How to Install LEMP Stack on Fedora 36 Linux

Now, you can confirm that your Nginx webserver is operational by entering (HTTP://server-ip) or (HTTP://localhost) in your favorite Internet Browser.

How to Install LEMP Stack on Fedora 36 Linux

Configure Nginx Firewall Rules

It does not automatically add firewall rules to the standard port 80 or 443 ports when installing Nginx. Before you continue, you should set the following rules, this will depend on what ports you will use, but all options are listed.

Open port 80 or HTTP:

sudo firewall-cmd --permanent --zone=public --add-service=http

Open port 443 or HTTPS:

sudo firewall-cmd --permanent --zone=public --add-service=https

Reload firewall to make changes into effect

sudo firewall-cmd --reload

Install and Configure MariaDB

MariaDB is a drop-in replacement for MySQL and was developed by former members of the MySQL team concerned that Oracle might turn MySQL into a closed-source and potentially paid product.

Option 1. Install MariaDB 10.5 (Default LTS)

Enter the following command to install MariaDB on Fedora.

sudo dnf install mariadb-server mariadb -y

To confirm the installation of MariaDB and to check what build is installed, type the following command:

mariadb --version

Example output:

How to Install LEMP Stack on Fedora 36 Linux

Option 2. Install MariaDB 10.6 (Latest LTS)

As above, this is the stable but outdated MariaDB 10.5. If you would like the newer stable 10.6 version, proceed with the following instructions or skip to installing PHP.

List the available modules:

dnf module list mariadb

Example output:

How to Install LEMP Stack on Fedora 36 Linux

Newer versions exist, but I would only install MariaDB 10.5 or 10.6 LTS from the Fedora repository since the maintainers are slow on releasing updates for these short-term releases, and you may be stuck with an outdated version. For bleeding-edge 10.7, 10.8, and soon to be in RC status 10.9, I would install directly from, which will not be covered in this tutorial.

First, remove the installation if you have installed MariaDB already.

sudo dnf autoremove mariadb mariadb-server -y

Next, enable MariaDB 10.6 with the following command:

sudo dnf module enable mariadb:10.6 -y

Now install MariaDB 10.6 using the following command:

sudo dnf install mariadb-server mariadb -y

To confirm the installation of MariaDB and to check what build is installed, type the following command:

mariadb --version

Example output:

How to Install LEMP Stack on Fedora 36 Linux

By default, MariaDB does not come enabled just the same as Nginx, so to start and enable MariaDB on system boot, use the following terminal command.

sudo systemctl enable mariadb --now

Now, make sure everything is operational with the following command:

systemctl status mariadb

Example output saying everything is ok:

How to Install LEMP Stack on Fedora 36 Linux

Security Configuration

When installing MariaDB fresh, default settings are considered weak by most standards and cause concern for potentially allowing intrusion or exploiting hackers. A solution is to run the installation security script with the MariaDB installation.

First, use the following command to launch the (mysql_secure_installation):

sudo mariadb-secure-installation

Next, follow below:

  • Setting the password for root accounts.
  • Removing root accounts that are accessible from outside the localhost.
  • Removing anonymous-user accounts.
  • Removing the test database, which anonymous users can access by default.

Note that you use (Y) to remove everything.


[joshua@fedora-36 ~]$ sudo mariadb-secure-installation


In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] Y <---- Type Y then press the ENTER KEY.
Enabled successfully!
Reloading privilege tables..
 ... Success!

You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] Y <---- Type Y then press the ENTER KEY.
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y <---- Type Y then press the ENTER KEY.
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y <---- Type Y then press the ENTER KEY.
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Install PHP (PHP-FPM)

Import Remi PHP Repository

The last part to install in your LEMP installation is PHP. You will need to install (PHP-FPM) which is short for (FastCGI Process Manager). It is highly recommended that the PHP install (Remi) repository. Remi is the maintainer for PHP releases on the RHEL family, for those unaware.

Firstly, To enable the Remi repository, use the following command:

sudo dnf install -y

Next, verify the installation.

dnf repolist | grep remi

Example output:

How to Install LEMP Stack on Fedora 36 Linux

Situational – Remove Existing PHP Installation

Remove the previous version for users wanting to install PHP 8.1 but have already installed PHP or PHP-FPM. For example, remove PHP 8.0 for PHP 8.1.

Make sure to back up any configuration files.

sudo dnf remove php php-fpm -y

Then remove the rest of the package extensions.

sudo dnf remove php* -y

To reset the PHP module list is easy with the following command:

sudo dnf module list reset php -y

Now you can proceed to the next part of the tutorial.

Enable PHP 8.1 (Remi) Repository

A quick tip is to use the (list php) command to see the options available and the default.

The following dnf module list command can do this.

dnf module list php

Example output:

Next, enable the PHP version you prefer to use. The recommendation is to use PHP 8.1, but 8.0 is just as good now.

Option 1 – Enable PHP 8.0:

sudo dnf module enable php:remi-8.0 -y

Option 2 – Enable PHP 8.1:

sudo dnf module enable php:remi-8.1 -y

Install PHP on Fedora

Now that you have added the Remi PHP repository and the version of PHP you wish to use with your LEMP set up, proceed to install PHP with the following command.

sudo dnf install php-fpm php-cli php-opcache php-curl php-zip php-mysqlnd -y

Optionally, if you would like to install the most commonly used extensions for PHP 8.1, use the following command:

sudo dnf install php-gd php-intl php-common php-bcmath php-imagick php-xmlrpc php-json php-readline php-memcached php-redis php-mbstring php-apcu php-xml php-dom php-redis php-memcached php-memcache

Note, remove the options you do not want this is optional. It is highly recommended to only install and keep what modules you require from a performance and security standard.

Lastly, use the following command for anyone interested in installing the development branch.

sudo dnf install php-devel -y

Now that you have installed PHP 8.1 and the extensions, check the version with the following command:

php -v

Example output (PHP 8.0):

Configure PHP-FPM & Nginx Access

By default on Fedora, the PHP-FPM service is designed to be run (Apache) user, which is incorrect since we are using Nginx, and this needed to be corrected.

Firstly, open following (www.conf) configuration file:

sudo nano /etc/php-fpm.d/www.conf

Next, replace the (Apache) user and group with the (Nginx) user and group:

How to Install LEMP Stack on Fedora 36 Linux

To save, press (CTRL+O) and then exit (CTRL+X).

Now you will too reload or restart your PHP-FPM service.

sudo systemctl restart php-fpm

Create an Nginx Server Block

An Nginx server block is the equivalent of a virtual host in Apache, which contains a configuration for your Nginx web server that responds to public visitors. Below is a complete example of achieving this with PHP-FPM in mind.

Create Server Block Directories

The (.conf) files are normally located in (sites-available) and (sites-enabled)Users coming from different distributions would notice this would be already installed by default. However, for Fedora, you will need to create the directories.

Create the two required (sites) directories with the following command:

sudo mkdir /etc/nginx/sites-available && sudo mkdir /etc/nginx/sites-enabled

Edit the Nginx Configuration File

After creating the needed directories, edit Nginx’s main configuration file (nginx.conf) as follows:

sudo nano /etc/nginx/nginx.conf

Then paste the next few lines in the (HTTP) section of the (nginx.conf) configuration file:

include /etc/nginx/sites-enabled/*.conf;
server_names_hash_bucket_size 64;


How to Install LEMP Stack on Fedora 36 Linux

The (server_names_hash_bucket_size) increases the memory allocated to parsing domain names.

Optionally, either remove or comment the {server} blocks in nginx.conf.

Save the configuration with (CLTR+O) and then (CTRL+X) to exit.

Create Server Block Configuration File

Now create a server block file using any text editor.

sudo nano /etc/nginx/sites-available/

Next, you need to set up the configuration file with a working example with PHP-FPM enabled.

An example is provided below for you to copy and paste. Note to replace (server_name) with your domain name or IP:

server {
  listen 80;
  listen [::]:80;
  root /var/www/html/;
  index index.php index.html index.htm;

  location / {
    try_files $uri $uri/ /index.php;

  location ~ \.php$ {
    fastcgi_pass unix:/run/php-fpm/www.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;

 # A long browser cache lifetime can speed up repeat visits to your page
  location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ {
       access_log        off;
       log_not_found     off;
       expires           360d;

  # disable access to hidden files
  location ~ /\.ht {
      access_log off;
      log_not_found off;
      deny all;

Now save the server block with (CTRL+O), then exit with (CTRL+X).

Create Test PHP Page

Sometimes, you may want to view your PHP information using a browser with the Nginx Web server. To do this, you must create a file in the webroot directory.

For the tutorial, you can create one with the file’s name (info.php) as follows.

sudo nano /usr/share/nginx/html/info.php

Paste the following the (info.php) file




Save the file (CTRL+O), then exit (CTRL+X).

Now in your Internet Browser address bar, enter (server-ip-address/info.php). If you have installed Nginx on your local computer, use the default ( or (localhost/info.php).

You should see your server’s PHP information:

How to Install LEMP Stack on Fedora 36 Linux

This information shows that PHP scripts can run properly with the Nginx web server.

For security purposes, you should remove the file. To do this, use the following command:

sudo rm -f /usr/share/nginx/html/info.php

If you would prefer to keep the file for future purposes, add the following to your Nginx server block file in the server {} section.

Example snippet:

    location ^~ /info.php {
     allow <YOUR IP ADDRESS>; 
     deny all;

This will only allow the IP address specified from accessing the file. It is advised to hide as much system info from potential hackers and malicious actors.

Create Test Landing Page

The good idea is to create a sample test site. Below is a standard test index.html set up:

If you haven’t already created your permanent or test web directory:

sudo mkdir -p /var/www/html/

Next, create the index.html file.

sudo nano /var/www/html/

Paste the content below. As you can see, it’s pretty basic as we are only using it for testing purposes.

    <title>You have reached!</title>
    <h1>Congratulations! The server block is active!</h1>

Save the configuration with (CLTR+O) and then (CTRL+X) to exit.

Enable Nginx Server Block

You are now in the final stages, and now it is time to enable the server block configuration file. To do so, you need to create a symbolic link (symlink) for the server block configuration file in the (sites-available) directory to the (sites-enabled) directory using the following command:

sudo ln -s /etc/nginx/sites-available/ /etc/nginx/sites-enabled/

Set File Permissions

Next, you must set the directory owner permissions to nginx user for compatibility and security with CHMOD settings giving you the basic starting point of file security.

Set chown permission (important):

sudo chown -R nginx:nginx /var/www/

Set chmod permission (important):

sudo find /var/www/phpmyadmin/ -type d -exec chmod 755 {} \;
sudo find /var/www/phpmyadmin/ -type f -exec chmod 644 {} \;

The chmod settings should be run after installations of CMS systems. Many CMS users often somehow leave files set on incorrect permissions, such as 777, which is a big no. Be aware that some will require more open file permissions, but this should be stated in their wiki.

Test Nginx Server Block

You should always do a dry run before restarting or reloading your Nginx service, which is critical if working in a live environment. Type the following command to test your server block configuration file:

sudo nginx -t

If there are no errors, you will get the following output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Now restart Nginx.

sudo systemctl restart nginx

Next, open your Internet Browser and enter your domain address ( to test if your server is reachable.

Congratulations, you have successfully created an Nginx server block that is PHP-FPM ready.

How to Install LEMP Stack on Fedora 36 Linux

Secure Nginx with Let’s Encrypt SSL Free Certificate

Ideally, you would want to run your Nginx on HTTPS using an SSL certificate. The best way to do this is to use Let’s Encrypt, a free, automated, and open certificate authority run by the nonprofit Internet Security Research Group (ISRG).

Install the certbot package with the following terminal command.

sudo dnf install python3-certbot-nginx -y

Once installed, run the following command to start the creation of your certificate:

sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email -d

This ideal setup includes force HTTPS 301 redirects, a Strict-Transport-Security header, and OCSP Stapling. Just make sure to adjust the e-mail and domain name to your requirements.

Now your URL will be HTTPS:// instead of HTTP://

If you use the old HTTP URL, it will automatically redirect to HTTPS.

Optionally, you can set a cron job to renew the certificates automatically. Certbot offers a script that does this automatically, and you can first test to make sure everything is working by performing a dry run.

sudo certbot renew --dry-run

If everything is working, open your crontab window using the following terminal command.

sudo crontab -e

By default, most Fedora systems do not come with Cron installed. To install it, use the following command.

sudo dnf install cronie -y

Open the crontab with the following command.

sudo crontab -e

Next, specify the time when it should auto-renew. This should be checked daily at a minimum, and if the certificate needs to be renewed, the script will not update the certificate. If you need help finding a good time to set, use the free tool.

00 00 */1 * * /usr/sbin/certbot-auto renew

Now save the file by pressing SHIFT and : then typing wa, which saves the file, then exit with the same method using qa.

You should see the following output in the terminal to see if adding the new task was successful.

crontab: installing new crontab

Comments and Conclusion

In the tutorial, you have learned how to install the LEMP stack to secure MariaDB, test PHP, and create an Nginx server block. Overall, LEMP is a smart option. Now, Nginx has surpassed Apache as the most used HTTP webserver software; adequately configured and performance managed can give your webserver a decisive advantage over other setups.


Like to get automatic updates? Follow us on one of our social media accounts!