How to setup LEMP on Redhat/CentOS 7

How to setup LEMP on Redhat

LEMP is a variation of the ubiquitous LAMP stack used for developing and deploying web applications. Traditionally, LAMP consists of Linux, Apache, MySQL, and PHP. Due to its modular nature, the components can easily be swapped out. With LEMP, Apache is replaced with the lightweight yet powerful Nginx. For More

Install nginx:

To install nginx on Redhat/CentOS, first we need to separate yum or epel package, for that first install epel page, then install nginx. For More:

# yum install epel-release

# yum install nginx –y

Once its finished start the nginx service and enable it to start at boot,

# systemctl start nginx

# systemctl enable nginx

If in your environment, firewall enabled use following command to use allow defauil ports 80 (http) and 443 (https) using firewalld command.

# firewall-cmd –permanent –add-port=80/tcp

# firewall-cmd –permanent –add-port=443/tcp

Reload the firewall service for the changes to take effect.

# firewall-cmd –reload

You can test the nginx service using your browser through http://server-ip-address You will see the default redhat nginx web page like below

nginx test page

Install MariaDB

MariaDB is a drop-in replacement for MySQL. It is easy to install, offers many speed and performance improvements, and is easy to integrate into most MySQL deployments. MariaDB offers more storage engines than MySQL, including Cassandra, XtraDB and OQGRAPH

Install mariaDB using following command # yum install mariadb-server mariadb Once installed start the mariaDB service and enable it in boot using  # systemctl start mariadb# systemctl enable mariadb

Now, to secure the MariaDB installation. You can do this by running:

# mysql_secure_installation

Enter following details as per your environment standard.

  • Enter current password for root (enter for none): currentrootpasswd
  • Set root password? [Y/n]: Press Enter
  • New password: rootsqlpasswd
  • Re-enter new password: rootsqlpasswd
  • Remove anonymous users? [Y/n]: Press Enter
  • Disallow root login remotely? [Y/n]: Press Enter
  • Remove test database and access to it? [Y/n] : Press Enter
  • Reload privilege tables now? [Y/n] : Press Enter

Your MySQL installation should now be secure.

Install PHP

PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely used open-source general purpose scripting language that is especially suited for web development and can be embedded into HTML.

To Install PHP and its modules use following commands,

# yum install php php-mysql php-fpm –y 

Configure the PHP Processor

Now we install all required PHP components, there is some more changes have to make to make our setup more secure.

For the edit the main php-fpm configuration file with root privileges:

# vi /etc/php.ini

this file is the parameter that sets cgi.fix_pathinfo. This will be commented out with a semi-colon (;) and set to “1” by default. This is a completely insecure setting because it tells PHP to attempt to execute the closest file it can find if a PHP file does not match exactly. This basically would allow users to craft PHP requests in a way that would allow them to execute scripts that they shouldn’t be allowed to execute.

We will change both of these conditions by uncomment the line and setting it to “0” like this:

# vi /etc/php.ini


Next, open the php-fpm configuration file www.conf:

# vi /etc/php-fpm.d/www.conf

Find the line that specifies the listen parameter, and change it so it looks like the following:

listen = /var/run/php-fpm/php-fpm.sock

Next, find the lines that set the listen.owner and and uncomment them. They should look like this:

listen.owner = nobody = nobody

Lastly, find the lines that set the user and group and change their values from “apache” to “nginx”:

user = nginx
group = nginx

Then save and quit.

Now, we just need to start our PHP processor by typing:

# systemctl start php-fpm

Next, enable php-fpm to start on boot:

# systemctl enable php-fpm

Nginx with PHP

Now, we have all of the required components installed. The only configuration change we still need to do is tell Nginx to use our PHP processor for dynamic content.

We do this on the server block level (server blocks are similar to Apache’s virtual hosts). Open the default Nginx server block configuration file by typing:

# /etc/nginx/conf.d/default.conf

server {   
  listen      80;  
  server_name <<You server IP/Domain>>;    

  # note that these lines are originally from the "location /" block   
  root   /usr/share/nginx/html;   
  index index.php index.html index.htm;    

  location / {       
     try_files $uri $uri/ =404;   
  error_page 404 /404.html;   
  error_page 500 502 503 504 /50x.html;   
  location = /50x.html {       
      root /usr/share/nginx/html;   

  location ~ \.php$ {       
     try_files $uri =404;       
     fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;      
     fastcgi_index index.php;       
     fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;       
     include fastcgi_params;   

When you’ve made the above changes, you can save and close the file.

Restart Nginx to make the necessary changes:

# systemctl restart nginx

Test PHP:

Create a sample “test.php” file in Apache document root folder and append the lines as shown below:

# vi /usr/share/nginx/html/test.php

Add the following lines.


Restart httpd service:

# systemctl restart httpd

You can see the test page in http://<<your-server-ip/test.php