How to install a LEMP stack on GNU+Linux
A LEMP stack (Linux, Nginx, MySQL/MariaDB, PHP) is a popular software bundle used for hosting dynamic websites and web applications. This guide provides step-by-step instructions for installing the LEMP stack on various GNU/Linux distributions, including Debian/Ubuntu, Arch, Fedora, and Rocky Linux. Where commands differ between distributions, each step will specify the appropriate instructions.
Prerequisites
Before starting, ensure you have:
- A fresh GNU/Linux installation with root or sudo access.
- A stable internet connection.
Step 1: Update the System
Update your system’s package list and installed packages.
Debian/Ubuntu:
sudo apt update && sudo apt upgrade -yArch:
sudo pacman -SyuFedora:
sudo dnf upgrade --refresh -yRocky Linux:
sudo dnf update -yStep 2: Install Nginx
Nginx is a lightweight and efficient web server.
Debian/Ubuntu:
sudo apt install nginx -yArch:
sudo pacman -S nginxFedora/Rocky Linux:
sudo dnf install nginx -yStart and Enable Nginx:
For all distributions, start and enable Nginx to run on boot:
sudo systemctl start nginx
sudo systemctl enable nginxVerify installation by accessing http://your_server_ip in a browser. You should see the default Nginx welcome page.
Step 3: Install MySQL or MariaDB
The database server stores and manages data for your applications. Choose between MySQL and MariaDB based on your requirements.
Debian/Ubuntu:
sudo apt install mariadb-server mariadb-client -yArch:
sudo pacman -S mariadbFedora/Rocky Linux:
sudo dnf install mariadb-server mariadb -yInitialize the Database:
Run the secure installation script to set up the database server:
sudo mysql_secure_installationFollow the prompts to set a root password and secure the installation.
Start and Enable MariaDB:
sudo systemctl start mariadb
sudo systemctl enable mariadbStep 4: Install PHP
PHP processes dynamic content and integrates with the web and database servers.
Debian/Ubuntu:
sudo apt install php-fpm php-mysql -yArch:
sudo pacman -S php php-fpmFedora/Rocky Linux:
sudo dnf install php php-fpm php-mysqlnd -yConfigure PHP Processor:
Edit the Nginx configuration to enable PHP processing. Open the default server block configuration file:
sudo nano /etc/nginx/sites-available/defaultReplace the location ~ \.php$ block with:
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; # Adjust version as needed
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}Save and close the file, then test and reload Nginx:
sudo nginx -t
sudo systemctl reload nginxStep 5: Verify the LEMP Stack
Create a test PHP file to verify the stack is working:
echo "<?php phpinfo(); ?>" | sudo tee /var/www/html/info.phpAccess it via http://your_server_ip/info.php in a browser. You should see the PHP information page.
Additional configuration
Firewall Settings
Ensure your firewall allows HTTP and HTTPS traffic:
Debian/Ubuntu:
sudo ufw allow 'Nginx Full'Fedora/Rocky Linux:
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reloadEnable HTTPS
Install and configure SSL/TLS using Let’s Encrypt:
Install Certbot:
- Debian/Ubuntu:
sudo apt install certbot python3-certbot-nginx -y - Arch:
sudo pacman -S certbot python-certbot-nginx - Fedora/Rocky Linux:
sudo dnf install certbot python3-certbot-nginx -y
Obtain and Apply SSL Certificate:
sudo certbot --nginxFollow the prompts to secure your site.
Schedule Certificate Renewal:
Certbot automatically installs a renewal script. Verify with:
sudo systemctl list-timers | grep certbotTroubleshooting
- Check logs for errors:
- Nginx:
/var/log/nginx/error.log - PHP:
/var/log/php7.4-fpm.log(adjust version as necessary) - MariaDB:
/var/log/mysql/error.log
- Nginx:
- Test configuration:
sudo nginx -t sudo systemctl status nginx mariadb php-fpm
Conclusion
You now have a fully functional LEMP stack installed on your GNU/Linux system. This setup can host dynamic websites and applications efficiently. Customize your stack as needed, and ensure to keep the software updated for security and performance improvements.