LEMP is a variation of the ubiquitous LAMP stack used for developing and deploying web applications. Traditionally, LAMP consists of Linux, Apache, MySQL, and PHP. Due to its modular nature, the components can easily be swapped out. With LEMP, Apache is replaced with the lightweight yet powerful Nginx. For More
Install nginx:
To install nginx on Redhat/CentOS, first we need to separate yum or epel package, for that first install epel page, then install nginx. For More:
# yum install epel-release
# yum install nginx –y
Once its finished start the nginx service and enable it to start at boot,
# systemctl start nginx
# systemctl enable nginx
If in your environment, firewall enabled use following command to use allow defauil ports 80 (http) and 443 (https) using firewalld command.
# firewall-cmd –permanent –add-port=80/tcp
# firewall-cmd –permanent –add-port=443/tcp
Reload the firewall service for the changes to take effect.
# firewall-cmd –reload
You can test the nginx service using your browser through http://server-ip-address You will see the default redhat nginx web page like below
Install MariaDB
MariaDB is a drop-in replacement for MySQL. It is easy to install, offers many speed and performance improvements, and is easy to integrate into most MySQL deployments. MariaDB offers more storage engines than MySQL, including Cassandra, XtraDB and OQGRAPH
Install mariaDB using following command # yum install mariadb-server mariadb Once installed start the mariaDB service and enable it in boot using # systemctl start mariadb# systemctl enable mariadb
Now, to secure the MariaDB installation. You can do this by running:
# mysql_secure_installation
Enter following details as per your environment standard.
- Enter current password for root (enter for none): currentrootpasswd
- Set root password? [Y/n]: Press Enter
- New password: rootsqlpasswd
- Re-enter new password: rootsqlpasswd
- Remove anonymous users? [Y/n]: Press Enter
- Disallow root login remotely? [Y/n]: Press Enter
- Remove test database and access to it? [Y/n] : Press Enter
- Reload privilege tables now? [Y/n] : Press Enter
Your MySQL installation should now be secure.
Install PHP
PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely used open-source general purpose scripting language that is especially suited for web development and can be embedded into HTML.
To Install PHP and its modules use following commands,
# yum install php php-mysql php-fpm –y
Configure the PHP Processor
Now we install all required PHP components, there is some more changes have to make to make our setup more secure.
For the edit the main php-fpm configuration file with root privileges:
# vi /etc/php.ini
this file is the parameter that sets cgi.fix_pathinfo. This will be commented out with a semi-colon (;) and set to “1” by default. This is a completely insecure setting because it tells PHP to attempt to execute the closest file it can find if a PHP file does not match exactly. This basically would allow users to craft PHP requests in a way that would allow them to execute scripts that they shouldn’t be allowed to execute.
We will change both of these conditions by uncomment the line and setting it to “0” like this:
# vi /etc/php.ini
cgi.fix_pathinfo=0
Next, open the php-fpm configuration file www.conf:
# vi /etc/php-fpm.d/www.conf
Find the line that specifies the listen parameter, and change it so it looks like the following:
listen = /var/run/php-fpm/php-fpm.sock
Next, find the lines that set the listen.owner and listen.group and uncomment them. They should look like this:
listen.owner = nobody listen.group = nobody
Lastly, find the lines that set the user and group and change their values from “apache” to “nginx”:
user = nginx group = nginx
Then save and quit.
Now, we just need to start our PHP processor by typing:
# systemctl start php-fpm
Next, enable php-fpm to start on boot:
# systemctl enable php-fpm
Nginx with PHP
Now, we have all of the required components installed. The only configuration change we still need to do is tell Nginx to use our PHP processor for dynamic content.
We do this on the server block level (server blocks are similar to Apache’s virtual hosts). Open the default Nginx server block configuration file by typing:
# /etc/nginx/conf.d/default.conf
server {
listen 80;
server_name <<You server IP/Domain>>;
# note that these lines are originally from the "location /" block
root /usr/share/nginx/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
When you’ve made the above changes, you can save and close the file.
Restart Nginx to make the necessary changes:
# systemctl restart nginx
Test PHP:
Create a sample “test.php” file in Apache document root folder and append the lines as shown below:
# vi /usr/share/nginx/html/test.php
Add the following lines.
<?php phpinfo(); ?>
Restart httpd service:
# systemctl restart httpd
You can see the test page in http://<<your-server-ip/test.php
