Maximum performance at minimal cost. Start your server in seconds now!

Content

1 Prerequisites
2 Step 1: Install Nginx
3 Step 2: Install MySQL/MariaDB
4 Step 3: Install PHP
5 Step 4: Configure MariaDB
6 Step 5: Configure Nginx
7 Hello World!! Your WebServer Works!
8 Step 6: Enhance Server Security
9 Step 7: Configure SSL Certificates
10 Step 8: Testing the Setup
11 Conclusion

Vijona

7 May at 12:14

How to Set Up a LEMP Stack on Rocky Linux 8

The LEMP stack, which includes Linux, Nginx (commonly pronounced as Engine X), MySQL, and PHP, is a group of applications installed to power dynamic websites on a server. In this setup, Nginx acts as the web server, MySQL functions as the database server, and PHP is used as the dynamic scripting language, supporting a variety of frameworks for web development. This guide explains how to install LEMP on Rocky Linux 8.

Prerequisites

Deploy a fresh Rocky Linux 8 server
Log into the server as a non-root user with sudo permissions
Ensure the server system is updated
Configure a domain name and link it to your server

Step 1: Install Nginx

Begin by installing the Nginx web server.

$ sudo dnf install nginx

Enable Nginx to automatically launch at system startup.

$ sudo systemctl enable nginx

Start the Nginx service.

$ sudo systemctl start nginx

Open HTTP traffic through the firewall.


$ sudo firewall-cmd --zone=public --permanent --add-service=http

Apply the new firewall rules by reloading them.

$ sudo firewall-cmd --reload

To verify that Nginx is functioning, open your browser and navigate to your server’s IP address:

http://1.2.3.4

Step 2: Install MySQL/MariaDB

Next, install the MariaDB database server.

$ sudo dnf install mariadb-server

Enable MariaDB to start automatically during system boot.

$ sudo systemctl enable mariadb

Launch the MariaDB service.

$ sudo systemctl start mariadb

Step 3: Install PHP

Proceed by installing PHP along with PHP-FPM (FastCGI Process Manager).

$ sudo dnf install php php-fpm

Install the commonly used PHP extensions needed for a majority of web applications.

$ sudo dnf install php-mysqlnd php-cgi php-bcmath php-json php-xml php-gd php-zip php-intl php-mbstring

Enable the PHP-FPM service to automatically launch at boot.

$ sudo systemctl enable php-fpm

Finally, start the PHP-FPM service.

$ sudo systemctl start php-fpm

Step 4: Configure MariaDB

Initialize the MariaDB setup and define a root password.

$ sudo mysql_secure_installation

When prompted for the root password, press Enter. Confirm with y to set a new root password, remove anonymous accounts, disallow root login remotely, and delete the test database.

Access the MySQL shell as the root user.

$ sudo mysql -u root -p

Create a test database within the console.


CREATE DATABASE sampledb;

Generate a database user and assign a secure password.

CREATE USER 'example-user'@'localhost' IDENTIFIED BY 'ultra-strong-password';

Grant complete access rights to the sample database for the new user.

GRANT ALL PRIVILEGES ON sampledb.* TO 'example-user'@'localhost';

Reload the privileges to apply the changes.


FLUSH PRIVILEGES;

Exit the MySQL console.

EXIT

Now, test logging in as the newly created database user.

mysql -u example-user -p

List all available databases.


SHOW DATABASES;

Exit the console once more.

EXIT

Step 5: Configure Nginx

Create a dedicated directory to store your web application files.

$ sudo mkdir /usr/share/nginx/example.com

Use a text editor to create a basic HTML file inside this directory.

$ sudo nano /usr/share/nginx/example.com/index.html

Insert the following content into the HTML file:

Hello World!! Your WebServer Works!

Save your changes and close the editor.

Assign ownership of the new directory to the Nginx user and group.

$ sudo chown -R nginx.nginx /usr/share/nginx/example.com

Create a new Nginx configuration file for your domain.

$ sudo nano /etc/nginx/conf.d/example.com.conf

Paste the following configuration settings into the file:


server {
    listen 80;
    listen [::]:80;
    server_name _;
    root /usr/share/nginx/example.com;
    index index.php index.html index.htm;
    error_log /var/log/nginx/example.com.error;
    access_log /var/log/nginx/example.com.access;
    
    location ~ \.php$ {
        fastcgi_pass unix:/run/php/php-fpm.sock;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
    
    location ~ /\. {
        deny all;
        access_log off;
    }
}

Save and exit the configuration file.

Verify the Nginx configuration for syntax errors.

$ sudo nginx -t

Finally, restart Nginx to apply the new settings.

$ sudo systemctl restart nginx

Step 6: Enhance Server Security

Nginx uses HTTP and HTTPS ports to deliver web applications. Allow these ports through the firewall.

Permit HTTP traffic through the firewall.


$ sudo firewall-cmd --zone=public --permanent --add-service=http

Permit HTTPS traffic as well.


$ sudo firewall-cmd --zone=public --permanent --add-service=http

Reload the firewall to apply the modifications.

$ sudo firewall-cmd --reload

Step 7: Configure SSL Certificates

Install the Extra Packages for Enterprise Linux (EPEL) repository to prepare for SSL setup.

$ sudo dnf install epel-release

Activate the PowerTools repository.

$ sudo dnf config-manager --set-enabled powertools

Install the Snap package manager.

$ sudo dnf install snapd -y

Enable Snap’s socket service and create a symbolic link to enable classic Snap support.

$ sudo systemctl enable --now snapd.socket && sudo ln -s /var/lib/snapd/snap /snap

Log out of your SSH session and reconnect to complete Snap integration.

Next, install the Certbot utility to handle SSL certificates.

$ sudo snap install --classic certbot

Request a free SSL certificate for your domain using Certbot.

$ sudo certbot --nginx -d example.com

Make sure to substitute example.com with your actual domain name.

Restart the Nginx service to activate the SSL configuration.

$ sudo systemctl restart nginx

Step 8: Testing the Setup

Use a web browser to visit your configured domain and verify that the website loads properly.

https://example.com

Your basic HTML application should display a “Hello World” message.

To verify database connectivity, create a new file named dbtest.php in your web server’s root directory.

$ sudo nano /usr/share/nginx/example.com/dbtest.php

Add the following PHP code into the file, inserting the correct database details you set earlier:


<?php
$server = "localhost";
$user = "example-user";
$password = "ultra-strong-password";
$connect = new mysqli($server, $user, $password);

if ($connect->connect_error) {
    die("<h2>Connection failed: </h2>" . $connect->connect_error);
}

echo "<h2>Database Connected successfully</h2>";
echo "<h2><br>Below is your Server PHP Information</h2><br>";
phpinfo();
?>

Save your changes and close the editor.

Now, navigate to the following address in your browser to test:

https://example.com/dbtest.php

If everything is configured correctly, a success message will appear along with detailed PHP server information.

Conclusion

Congratulations! You have successfully deployed the LEMP stack on your Rocky Linux 8 server and confirmed communication between all major components. From here, you can proceed with deploying secure and functional web applications on your server.