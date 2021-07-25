LEMP is a collection of open-source software that is commonly used together to serve web applications. The term LEMP is an acronym that represents the configuration of a Linux operating system with an Nginx (pronounced engine-x, hence the E in the acronym) web server, with site data stored in a MySQL or MariaDB database and dynamic content processed by PHP that is popularly used for hosting extensive websites due to its performance and scalability.

In the following tutorial, you will learn how to install LEMP (Nginx, MariaDB, PHP 8.0) on Rocky Linux 8.

Prerequisites

Recommended OS: Rocky Linux 8.+

Rocky Linux 8.+ User account: A user account with sudo or root access.

A user account with sudo or root access. Required: Nginx, MariaDB, PHP

Firstly, check and update your Rocky Linux 8 operating system firstly with the following command:

sudo dnf update && sudo dnf upgrade -y

Installing Nginx

To kickstart the LEMP stack installation, you will need to install the Nginx web server, which can be done with the following terminal command:

sudo dnf install nginx

Example output of installation below, type (Y) to proceed:

By default, when installing Nginx on Rocky Linux, it is not enabled. To enable on boot and to start, use the following:

sudo systemctl enable nginx && sudo systemctl start nginx

Now, check to see the status of your Nginx service with the following terminal command:

sudo systemctl status nginx

Example output saying everything is ok:

Given Rocky Linux AppStream is not as up to date with applications with more cutting edge distributions like Fedora. To find out what Nginx version you are using with the following command:

nginx -v

As you can see below, we are using Nginx version 1.14.1.

It is a good idea to allow HTTP traffic through your firewall with the following command:

sudo firewall-cmd --zone=public --add-service=http --permanent

Reload the firewall with the following command:

sudo firewall-cmd --reload

Now, you can confirm that your Nginx webserver is operational by entering (HTTP://server-ip) or (HTTP://domain-name) in your Internet Browser, and you should get the following:

Installing and Configuring MariaDB

Installation

MariaDB is a drop-in replacement for MySQL and is developed by former members of the MySQL team concerned that Oracle might turn MySQL into a closed-source and potentially paid product.

Enter the following command to install MariaDB on Rocky Linux 8:

sudo dnf install mariadb-server mariadb

Example output below, type (Y) and (ENTER) to proceed with the installation:

As with Nginx, by default, MariaDB does not come enabled. To start and enable MariaDB on system boot, use the following (systemctl) terminal command:

sudo systemctl enable mariadb && sudo systemctl start mariadb

Example of successfully enabling (symlink):

Now, make sure everything is operational with the following command:

sudo systemctl status mariadb

Example output saying everything is ok:

Configuration

Now that MariaDB is up and running on your Rocky Linux 8 system, you need to run the post-installation security script as the default settings need to be reviewed as often they are not secure. This is highly recommended not to skip.

First, run the MariaDB secure installation command as follows:

sudo mysql_secure_installation

Next, you will be given a prompt asking you to enter your (MariaDB root password). For now, press the (ENTER) key as the root password isn’t set yet as below:

Next, type (Y) and press enter to set up the (root) password as below:

The next series of questions you can safely hit (ENTER), which will answer (Y) to all the next questions which ask you to (remove anonymous users, disable remote root login, and remove the test database). Note the (Y) is capitalized, meaning it is the default answer when you press the (ENTER) key.



This step is a basic requirement for MariaDB database security and should not be altered or skipped unless you know what you are doing. Example below:

Now, login to the MariaDB database terminal with the following command:

sudo mysql -u root -p

To exit the MariaDB database terminal, type (exit;) as follows:

exit;

To check what version of MariaDB is installed on your Rocky Linux system, type the following command:

mysql --version

Note the versions will change in time, example output:

Installing PHP (PHP-FPM)

The last part to install in your LEMP installation is PHP. You will need to install (PHP-FPM) which is short for (FastCGI Process Manager). It is highly recommended the PHP install (Remi) repository. For those unaware, Remi is the maintainer for PHP releases on the Rhel family. For the guide, we will install the newest PHP 8.0:

Firstly, To enable the Remi repository, use the following command:

sudo dnf install dnf-utils http://rpms.remirepo.net/enterprise/remi-release-8.rpm

Next, with the Remi repository is enabled, you can see the PHP modules that are available from all repositories on your Rocky Linux system by using the following terminal command:

sudo dnf module list php

As you can see above, the (d) tag is next to PHP 7.2, which you are going to need to reset and change to install PHP 8.0 on Rocky Linux. To reset the PHP list is easy with the following command:

sudo dnf module list reset php

Next, enable PHP 8.0 with the following command:

sudo dnf module enable php:remi-8.0 -y

Example output once complete:

Now update your repository list and install PHP and PHP-FPM:

sudo dnf install php php-fpm

Optionally, you can then install any extensions of your choice. Below are some of the most commonly used:

sudo dnf install php-cli php-curl php-mysqlnd php-gd php-opcache php-zip php-intl php-common php-bcmath php-imap php-imagick php-xmlrpc php-json php-readline php-memcached php-redis php-mbstring php-apcu php-xml

Note, remove anything you do not want. This is optional, remember!

Next, you should check out the build of PHP 8.0 installed:

php -v

Example output:

Lastly, PHP-FPM like Nginx and MariaDB before it is not enabled by default, to enable PHP-FPM on system boot and to kick start it off, use the following (systemctl) command:

sudo systemctl enable php-fpm && sudo systemctl start php-fpm

Example of successfully enabling (symlink):

Now, as before with checking the status of the other requirements in your LEMP installation, use the following (systemctl) terminal command to check the status to make sure everything is working:

sudo systemctl status php-fpm

If no errors are present, you should get the following output:

Unlike LEMP installations on Debian/Ubuntu that use the (www-data) user, with Rhel/Rocky Linux installations this isn’t the case. By default on Rocky Linux, the PHP-FPM service is designed to be run (Apache) user, which is incorrect since we are using Nginx, and this needed to be corrected.

Firstly, open following (www.conf) configuration file:

sudo nano /etc/php-fpm.d/www.conf

Next, replace the (Apache) user and group with the (Nginx) user and group:

To save, press (CTRL+O) then exit (CTRL+X).

Now you will too reload or restart your PHP-FPM service:

sudo systemctl restart php-fpm

Test PHP

To test PHP-FPM with the Nginx Web server, you need to create a file in the webroot directory.

For the guide, you will name the file (info.php) as follows:

sudo nano /usr/share/nginx/html/info.php

Paste the following the (info.php) file:

<?php phpinfo(); ?>

Save the file (CTRL+O), then exit (CTRL+X).

Now in your Internet Browser address bar, enter (server-ip-address/info.php). If you have installed Nginx on your local computer, use the default (127.0.0.1/info.php) or (localhost/info.php).

You should see your server’s PHP information:

This information shows PHP scripts can run properly with the Nginx web server.

Create an Nginx Server Block

An Nginx server block is the equivalent of a virtual host in Apache, which contains a configuration for your Nginx web server that responds to the public visitors. Below is a full example of how to achieve this with PHP-FPM in mind.

Create Server Block Directories

The (.conf) files are normally located in (sites-available) and (sites-enabled). Users coming from different distributions would notice this would be already installed; however, for Rocky Linux, you will need to create them.

Create the two required (sites) directory with the following command:

sudo mkdir /etc/nginx/sites-available && sudo mkdir /etc/nginx/sites-enabled

Edit the Nginx Configuration File

After creating the required directories, edit Nginx’s main configuration file (nginx.conf) as follows:

sudo mkdir /etc/nginx/nginx.conf

Then paste the next few lines in the (HTTP) section of the (nginx.conf) configuration file:

include /etc/nginx/sites-enabled/*.conf; server_names_hash_bucket_size 64;

Note, (server_names_hash_bucket_size) increases the memory allocated to parsing domain names.

Save the configuration with (CLTR+O) and then (CTRL+X) to exit.

Create Server Block Configuration File

Now create a server block file using any text editor, the guide will use (nano):

sudo nano /etc/nginx/sites-available/example.com.conf

Next, you need to set up the configuration file with a working example with PHP-FPM enabled.

An example is provided below for you to copy and paste. Note to replace (server_name) with your domain name or IP:

server { listen 80; listen [::]:80; server_name example.com www.example.com; root /usr/share/nginx/html/; index index.php index.html index.htm index.nginx-debian.html; location / { try_files $uri $uri/ /index.php; } location ~ \.php$ { fastcgi_pass unix:/run/php-fpm/www.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } # A long browser cache lifetime can speed up repeat visits to your page location ~* \.(jpg|jpeg|gif|png|webp|svg|woff|woff2|ttf|css|js|ico|xml)$ { access_log off; log_not_found off; expires 360d; } # disable access to hidden files location ~ /\.ht { access_log off; log_not_found off; deny all; } }

Now save the server block with (CTRL+O), then exit with (CTRL+X).

Enable Nginx Server Block

You are now in the final stages, and now it is time to enable the server block configuration file. To do so, you need to create a symbolic link (symlink) for the server block configuration file in the (sites-available) directory to the (sites-enabled) directory using the following command:

sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/example.com.conf

Test Nginx Server Block

To finish up, you should always do a dry run before restarting or reloading your Nginx service, and this is critical if working in a live environment. Type the following command to test your server block configuration file:

sudo nginx -t

If there are no errors, you will get the following output:

Next, open your Internet Browser and enter your domain address (example.com) to test if your server is reachable. Congratulations, you have successfully created an Nginx server block that is PHP-FPM ready.

In the tutorial, you have learned how to install the LEMP stack to secure MariaDB and test PHP and create an Nginx server block. Overall, LEMP is a trendy option. Now, Nginx has surpassed Apache as the most used HTTP webserver software properly configured and performance managed can give your webserver a powerful advantage over other setups.