LEMP Stack (Linux, Nginx, MySQL and PHP ) is a popular web hosting environment for websites developed in PHP programming language. Linux is the operating system, Nginx is the popular web server and MySQL is a relational database management system used for storing data.
In this tutorial, we will learn how to install and configure LEMP (Nginx, MySQL, PHP) on Ubuntu 22.04 serve with let’s encrypt ssl certificat.
How to Install Linux Nginx MySQL PHP (LEMP Stack) on ubuntu 22.04
Here are steps to install and configure LEMP Linux, Nginx, PHP, MySQL in ubuntu 22.04 with let’s encrypt ssl certificate:
Step 1 – Update System Dependencies
Open terminal and execute following command on command prompt to update the packages to the latest version available:
sudo apt update sudo apt upgrade
Once we have updated the setup we can start the setup.
Step 2 – Install Nginx
Install nginx on ubuntu 22.04 system, so execute the following command on command prompt to install nginx on ubuntu 22.04 system:
sudo apt install nginx
Step 3 – Setup Firewall
Once the nginx installation has been finished, we need to set up Uncomplicated Firewall (UFW) with Nginx to allow public access on default web ports for HTTP
and HTTPS
sudo ufw app list
We will see all listed applications.
Available applications: Nginx Full Nignx HTTP Nginx HTTPS OpenSSH
- Nginx HTTP: This profile opens port
80
(normal, unencrypted web traffic) - Nginx Full: This profile opens both port
80
(normal, unencrypted web traffic) and port443
(TLS/SSL encrypted traffic) - Nginx HTTPS: This profile opens only port
443
(TLS/SSL encrypted traffic) - OpenSSH: This profile opens port
22
for SSH access.
If we are not going to use SSL we need to enable only the Nginx profile.
Then enable Nginx full by using the following command; is as follows:
sudo ufw allow OpenSSH sudo ufw allow 'Nginx Full' sudo ufw enable
With this command we can view the status of UFW.
sudo ufw status
We will see the output as follows.
Output Status: active To Action From -- ------ ---- Nginx Full ALLOW Anywhere OpenSSH ALLOW Anywhere Nginx Full (v6) ALLOW Anywhere (v6) OpenSSH (v6) ALLOW Anywhere (v6)
Step: 4 Check Nginx Installation
Once nginx is installed and firewall configuration has been finished, we can check nginx version using the following command: is as follows:
sudo systemctl status nginx
Output as follows:
nginx.service - A high performance web server and a reverse proxy server Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2022-05-04 05:36:49 UTC; 44s ago Docs: man:nginx(8) Process: 10272 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCC> Process: 10273 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS) Main PID: 10274 (nginx) Tasks: 3 (limit: 1151) Memory: 5.3M CPU: 35ms CGroup: /system.slice/nginx.service
Step 5 – Install MySQL
Install and configure mysql on ubuntu 22.04 by using the following commands: is as follows:
sudo apt install mysql-server
Once the installation is completed. We can verify that the MySQL server status is running, type:
sudo service mysql status
The output should show that the service is enabled and running:
● mysql.service - MySQL Community Server Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled) Active: active (running) since Fri 2022-04-29 00:38:45 UTC; 11s ago Process: 13836 ExecStartPre=/usr/share/mysql/mysql-systemd-start pre (code=exited, statu> Main PID: 13844 (mysqld) Status: "Server is operational" Tasks: 38 (limit: 1151) Memory: 351.4M CPU: 1.043s CGroup: /system.slice/mysql.service └─13844 /usr/sbin/mysqld
To check mysql version using the following command:
sudo mysql -V
Output mysql Ver 8.0.28-0ubuntu4 for Linux on x86_64 ((Ubuntu))
Step 6 – Secure MySQL
MySQL installation comes with a script named mysql_secure_installation
that allows we to easily improve the MySQL server security.
sudo mysql_secure_installation
Will be asked to configure the VALIDATE PASSWORD PLUGIN
which is used to test the strength of the MySQL users passwords and improve the security.
Press y
if we want to set up the validate password plugin or any other key to move to the next step.
There are three levels of password validation policy, low, medium, and strong. Enter 2 for strong password validation.
On the next prompt, will be asked to set a password for the MySQL root user.
If we set up the validate password plugin, the script will show we the strength of we new password. Type y
to confirm the password.
Next, will be asked to remove the anonymous user, restrict root user access to the local machine, remove the test database, and reload privilege tables. we should answer y
to all questions.
Step 7 – Install PHP
Install PHP using the following command; is as follow:
sudo apt install php8.1-fpm php8.1 php8.1-common php8.1-mysql php8.1-xml php8.1-xmlrpc php8.1-curl php8.1-gd php8.1-imagick php8.1-cli php8.1-imap php8.1-mbstring php8.1-opcache php8.1-soap php8.1-zip php8.1-intl php8.1-bcmath unzip -y
Once the PHP installed has been complete, we can use the following command to check the version of installed php:
php -v
Output PHP 8.1.5 (cli) (built: Apr 7 2022 17:46:26) (NTS) Copyright (c) The PHP Group Zend Engine v4.1.5, Copyright (c) Zend Technologies with Zend OPcache v8.1.5, Copyright (c), by Zend Technologies
Step 8 – Configure PHP
To configure PHP by changing some values in php.ini
file.
So, open php.ini file by using execute the following command on command prompt:
sudo nano /etc/php/8.1/fpm/php.ini
Hit F6
for search inside the editor and update the following values for better performance.
upload_max_filesize = 32M post_max_size = 48M memory_limit = 256M max_execution_time = 600 max_input_vars = 3000 max_input_time = 1000
Once we have modified PHP settings, we need to restart PHP-FPM for the changes to take effect.
sudo service php8.1-fpm restart
Step 9 – Configure Nginx
Disable default Nginx configuration.
sudo rm -rf /etc/nginx/sites-enabled/default sudo rm -rf /etc/nginx/sites-available/default
Create website directories.
sudo mkdir -p /var/www/html/domainname/public
Setup correct permissions.
sudo chmod -R 755 /var/www/html/domainname sudo chown -R www-data:www-data /var/www/html/domainname
Create a new virtual host configuration.
sudo nano /etc/nginx/sites-available/domainname.conf
Paste the following configurations in the new file:
server { listen 80; listen [::]:80; server_name yourdomainname.com www.yourdomainname.com; root /var/www/html/domainname/public; index index.html index.php; location / { try_files $uri $uri/ /index.php?$args; } location ~ .php$ { try_files $uri =404; fastcgi_split_path_info ^(.+.php)(/.+)$; fastcgi_pass unix:/run/php/php8.1-fpm.sock; fastcgi_index index.php; include fastcgi_params; } }
Enable the new configuration.
sudo ln -s /etc/nginx/sites-available/domainname.conf /etc/nginx/sites-enabled/domainname.conf
Step 10 – Install Let’s Encrypt SSL
HTTPS is a protocol for secure communication between a server (instance) and a client (web browser). Due to the introduction of Let’s Encrypt, which provides free SSL certificates, HTTPS are adopted by everyone and also provides trust to our audiences.
sudo apt install python3-certbot-nginx
Now we have installed Certbot by Let’s Encrypt for Ubuntu 22.04, run this command to receive our certificates.
sudo certbot --nginx --agree-tos --redirect -m [email protected] -d domainname.com -d www.domainname.com
Certificates provided by Let’s Encrypt are valid for 90 days only, so we need to renew them often. So, let’s test the renewal feature using the following command.
sudo certbot renew --dry-run
This command will test the certificate expiry and configures the auto-renewable feature.
Conclusion
Through this tutorial, we have learned how to install LEMP stack Ubuntu 22.04 with Let’sEncrypt SSL.
Thanks for the guide.