How to Innstall Linux , Nginx , MySQL, PHP(LEMP stack) Ubntu 18.04

We can identify  The LEMP  software stack as a bunch of software.  Mostly it uses to serve dynamic web pages and web applications. This LEMP stated for Linux operating system, comes up with the Nginx web server. Normally pronounce the Ngine as the engine, that’s why it uses as an E. Here’s the Backend use to create a database in MySQL, and PHP handled its dynamic processing.

Here we willing to demonstrate the way of installing LEMP stack on an Ubuntu 18.04 server. Ubuntu operating system totally responsible for the first requirement therefore we going to discuss about the way of getting the rest of the components up and running. Before you are going through the article make sure you have your user availability.

The Linux Operating System Market was worth USD 3.89 billion in 2019 and will exhibit a CAGR of 19.2% during the forecast period, 2020-2027

HERE WE START THE JOURNEY….

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)

Nginx is a modern, efficient web server. Using this you may able to display your inner created web pages to site visitors. We need to do some necessary installation using “apt” Package management. Those Softwares may available as default repositories in the Ubuntu operating system.  Now we going to use “apt” in the first time in this procedure. To stay with this, follow this and install the server.

$ sudo apt update

$ sudo apt install nginx

Then Nginx is configured to begin running after installation on Ubuntu 18.04.

But you initially have the ufw firewall running you already outlined in the initial set up guide, just because of Nginx registers default engaged with ufw upon installation. So if you have the ufw firewall running the procedure will more straightforward than before.

It worth recommending here you want to still allow the traffic you  In the future, it needs to enable the most restrictive profile. You should need to only let the traffic on port 80 since you haven’t configured SSL for your server.

You can use this for enable process:

$ sudo ufw allow 'Nginx HTTP'

Then you can run this and it will certify the change:

$ sudo ufw status

If it is allowed to HTTP traffic, you will see this command’s output :

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
Nginx HTTP                 ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
Nginx HTTP (v6)            ALLOW       Anywhere (v6)

Now you may able to test if the server is running and up by accessing your server’s domain name or public IP address in your web browser, with the new firewall rule added.

Sometimes you may not have point outed domain name at your server, And even the server’s public IP address also. You can get it by executing the below command.

$ ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'

Here you can get several LP addresses and then you able to try each of them in your web browser.

Another way of check the IP address which is on accessible mode,  is viewed as the location on internet. For getting it run as follow.

$ curl -4 icanhazip.com

Then type the web address hat yu receive browser . It will direct you to the Nginx default landing page as below.

http://server_domain_or_IP

If you need to confirm you are successfully done with installing Nginx you will see the page like this.

If you done with before steps that mentioned us, now you have a web server. So then you need a database management system to store and manage the data for your site. That’s why we going to install MySQL.

You can start to install MySQL using this.

$ sudo apt install mysql-server

If you correctly follow the above things now you are ok with installing MySQL also, but it needs to configuration because it not configured up to now.

When install MySQL it comes with a script, which is it may ask from us for trying permission to modify some insecure defaults. Those are direct us secure installation. You can initiate the script by typing the following command line.

$ sudo mysql_secure_installation

It will ask from you want to configure the VALIDATE password PLUGIN.

Here you will see message then you need to give your answer as Y for yes.

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No:

After you have enabled the validation, the script again asks you to select the level for password validation. Be careful about the thing that you will enter the 2 for the most strong level of validation, you will about to face error when going to set the password which is not included upper and lowercase letters, numbers, special characters, or the things based on a common dictionary word.

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1

After that, you need to submit and confirm a root password.

Please set the password for root here.

New password:

Re-enter new password:

You will ask another res questions, for that you will answer as Y and press enter key to confirm it. It occurred to prevent the test database, disable remote rooting logging and, load these new rules from anonymous users. So the MySQL immediately respects the changes we have made.

Rather than the password, MySQL users in the Ubuntu system with MySQL 5.7 and later versions, by default set to authenticate using the auth_socket plugin. Though it allowed for greater security in many of the times, in some cases like when you need to allow an external program to access the user, it will about to be complicated things.

You may able to jump to step 3 if you are using auth_socket plugging to access MySQL to fits your workflow. But your preference is to use a password to connect to MySQL as a root user, then you need to engage as an authentication method to mysql_native_password instead of auth_socket.

To do those stuff open the MySQL prompt from the terminal :

$ sudo mysql

Using the following command, check which authentication method each of MySQL user accounts uses:

mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;

Output
+------------------+-------------------------------------------+-----------------------+-----------+
| user             | authentication_string                     | plugin                | host      |
+------------------+-------------------------------------------+-----------------------+-----------+
| root             |                                           | auth_socket           | localhost |
| mysql.session    | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| mysql.sys        | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| debian-sys-maint | *CC744277A401A7D25BE1CA89AFF17BF607F876FF | mysql_native_password | localhost |
+------------------+-------------------------------------------+-----------------------+-----------+
4 rows in set (0.00 sec)

here you can see this user does he authenticate using auth_socket plugging as a root user, but here your preference going to authenticate with the password you may need to run ALTER USER command, make sure that the password you are going to use is very strong and standard. 

mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password' ;

After that, you need to to the server to reload the grant tables and put your new changes and updated data into effect, so for that purpose run the FLUSH PRIVILEGES command. It will tell it the server.

mysql> FLUSH PRIVILEGES;

Now check for authentication method that users use before and confirm it that no longer any root user authenticates using the auth_socket instead of a password.

mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;

Output
+------------------+-------------------------------------------+-----------------------+-----------+
| user             | authentication_string                     | plugin                | host      |
+------------------+-------------------------------------------+-----------------------+-----------+
| root             | *3636DACC8616D997782ADD0839F92C1571D6D78F | mysql_native_password | localhost |
| mysql.session    | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| mysql.sys        | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| debian-sys-maint | *CC744277A401A7D25BE1CA89AFF17BF607F876FF | mysql_native_password | localhost |
+------------------+-------------------------------------------+-----------------------+-----------+
4 rows in set (0.00 sec)

After confirmation that we mentioned above, you will able to see the output like the above example. It will show you no more authenticates with the auth_socket Then you can exit fro MySQL shell.

mysql> exit

NOTE: After this process, you become a user with a authenticate password. So with that feature, you will no longer able to access MySQL with the sudo mysql command which is you previously used. So now you need to run the following command line.

$ mysql -u root -p

You will the MySQL prompt when entering this. 

If you are done with the process that we discuss until now, you can engage with installing PHP. Let’s begin it.

Let’s see our journey. Now you are with Nginx to serve your pages and Also with MySQL to store and manage the data that you want. But you still can’t do anything that can generate dynamic things. That’s why now we going to Install PHP and get the ability to do dynamic stuff. 

Not like some other web pages, Nginx does not contain native PHP processing. Then you need to install the “fastCGI process manager”, it also can present as php-fpm.  Here we going to request Nginx to pass PHP request to this software for relevant processing matters.

NOTE: Before you go to installing the php-fpm, you may need to consider another matter, which is you may need to add Ubuntu’s universe repository. It depends on your cloud provider. This repository contains free and open-source software maintained by the Ubuntu community. To do that you need to type the following line.

$ sudo add-apt-repository universe

When you install the php-fpm module also you can install an additional helper package which is php-mysql along with that. It will let the PHP to communicate with the database that stands in the backend. By following the command line you can do it.

$ sudo apt install php-fpm php-mysql

If you are done with all stuff, at now you have installed all of the required LEMP stack components. But before tell Nginx to use the PHP processor for dynamic content, still it may have neediness of some few configurations.

To do these things you may need to open up a new server block configuration file within the /etc/nginx/sites-available/ directory.  If you are not aware of the server block, it similar to Apache’s virtual host. Here the name of the new server block configuration is if you can give it name whatever you like.

$ sudo nano /etc/nginx/sites-available/example.com

There is you can gain an easy way to restore the default configuration if you need, here it need to editing a new server block configuration file, rather than editing the default one.

You can slightly be modified from the default server block configuration file to your new server block configuration file, by adding following content. 

server {
        listen 80;
        root /var/www/html;
        index index.php index.html index.htm index.nginx-debian.html;
        server_name example.com;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        }

        location ~ /\.ht {
                deny all;
        }
}

You can see what the purpose of these directives and location.

• listen – In our case, you can see it as a port 80, the default port for HTTP. It defines what port Nginx will listen to.
• root – It defines the document root where the files served by the web site.
• index – Depend on the availability when an index file is requested, index configures Nginx to prioritize serving file named index.php
• server_name – It going to define which server block should be used for a given request to your server. This will directive to your server’s domain name or public IP address.
• location / – Here you may face among two situations mentioned below. If Nginx cannot find the appropriate file it mostly returns the 404 error. Otherwise, the first location block includes a try_files directive , which checks for the existence of files matching a URI request.
• location ~ \.php$ – This will handle the actual PHP processing. It does by pointing Nginx to the fastcgi-php.conf configuration file and the php7.2-fpm.sock file. This file declares that which socket is associated php-fpm.
• location ~ /\.ht – It inform us that the last location block deals with .htaccess files. Nginx will do not process these files. Here able to if any .htaccess files happen to find their way into the document root by adding deny all directive.

You may need to add this content, saving and close the file.

Then you may need to enable new server block  by creating a link from new server block configuration file, that early configured in /etc/nginx/sites-available/ directory,  to the /etc/nginx/sites-enabled/ directory.

$ sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

After that unlink the default configuration file from the /sites-enabled/ directory.

NOTE: If there is any neediness to restore the default configuration, you may need to recreate the symbolic link as follow:

$ sudo ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/

For syntax error testing type :

$ sudo nginx -t

It found any errors you can go back and recheck files before continuing.

When you are free with errors, then reload Nginx to make the necessary changes:

$ sudo systemctl reload nginx

Now you are with completed LEMP stack. It can about to test to validate that Nginx can correctly get the .PHP files off to the PHP processor. 

To do those stuff you may need to use your editor and create a test PHP file that called as info.php in the document root:

$ sudo nano /var/www/html/info.php

Then you need to enter the lines mentioned below, into the new file, and this is a valid PHP code to return information about the server.

/var/www/html/info.php


<?php
phpinfo();

When you are done with that save and close it.

Now you can visit the below the page in your web browser, by visiting server’s domain name or public IP address. Your server domain or IP address includes this link as follows.

http://your_server_domain_or_IP/info.php

That web page contains information about your server.

You can visit this page without any of the error you are set used PHP processing with Nginx successfully….

You need to remove the fie that can actually give unauthorized users some hints about your configuration that may help them try o break. It will best to collaborate with that stuff.

You can remove that file by typing this line:

$ sudo rm /var/www/html/info.php

By now you have fully-configured and functioning LEMP stack on your Ubuntu 18.04 server.

If you need to set up and serve nearly any website or application from your server, the LEMP stack is a powerful platform that done.

You can secure your Nginx installation with Let’s Encrypt, It needs to follow this article.  Then you will able to grab a free TLS/SSL certificate for your server, by consenting it to serve over HTTPS content.

Read more:

How To Install And Use PHP Composer On Ubuntu 18.04

Install Apache, MySQL, PHP(LAMP) Stack On Ubuntu 18.04 LTS

Installing the LEMP stack (Linux, Nginx, MySQL, PHP) on Ubuntu 20.04