Installing Nginx, PHP, MySQL (LEMP) Stack on Ubuntu 18.04 – Part -1

by admin admin LEMP Linux Nginx PHP Ubuntu Comments (0)

First update the package lists and install Nginx

$ sudo apt-get update
$ sudo apt-get upgrade

Now Install Nginx

$ sudo apt install nginx

After installing Nginx, check if Nginx service is running or not using command:

$sudo service nginx start

or

$ sudo systemctl start nginx

If you see an output like above, the Nginx service has been started.

In case it is not started yet, you can start it using command:

$ sudo service nginx status

If Nginx is running correctly, you should see a green Active state below.

 nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2018-05-09 20:42:29 UTC; 2min 39s ago
     Docs: man:nginx(8)
  Process: 27688 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 27681 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
 Main PID: 27693 (nginx)
    Tasks: 2 (limit: 1153)
   CGroup: /system.slice/nginx.service
           ├─27693 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           └─27695 nginx: worker process

 

Adjust firewall to allow Nginx web server

By default, the Nginx web browser can’t be accessed from remote systems if you have enabled the UFW firewall in Ubuntu 18.04 LTS. You must allow the http and https traffic via UFW by following the below steps.

First, let us view which applications have installed a profile using command:

$ sudo ufw app list
Available applications:
Nginx Full
Nginx HTTP
Nginx HTTPS
OpenSSH
As you can see, Nginx and OpenSSH applications have installed UFW profiles.

If you look into the “Nginx Full” profile, you will see that it enables traffic to the ports 80 and 443:

$ sudo ufw app info "Nginx Full"
Profile: Nginx Full
Title: Web Server (Nginx, HTTP + HTTPS)
Description: Small, but very powerful and efficient web server

Ports:
80,443/tcp

Now, run the following command to allow incoming HTTP and HTTPS traffic for this profile:

$ sudo ufw allow in "Nginx Full"
Rules updated
Rules updated (v6)
If you want to allow https traffic, but only http (80) traffic, run:
$ sudo ufw app info "Nginx HTTP"

 

Install php

For Apache Web Server
$ sudo apt install php5.6 [PHP 5.6]
$ sudo apt install php7.0 [PHP 7.0]
$ sudo apt install php7.1 [PHP 7.1]
$ sudo apt install php7.2 [PHP 7.2]
$ sudo apt install php7.3 [PHP 7.3]
or Nginx Web Server
$ sudo apt install php5.6-fpm [PHP 5.6]
$ sudo apt install php7.0-fpm [PHP 7.0]
$ sudo apt install php7.1-fpm [PHP 7.1]
$ sudo apt install php7.2-fpm [PHP 7.2]
$ sudo apt install php7.3-fpm [PHP 7.3]

Install PHP-FPM with php additional extensions.

PHP-FPM or FastCGI Process Manager is an alternative for the older PHP FastCGI which provides additional features and speed improvements. It suits well for small to large sites based on the PHP programming language.

In this step, we will install PHP7.2-FPM with some additional extensions required by phpmyadmin.

Install PHP-FPM using the command below.

$ sudo apt-get install php7.2 php7.2-fpm php7.2-cli php7.2-curl php7.2-mysql php7.2-curl php7.2-gd php7.2-mbstring php-pear php7.2-zip -y

Now start the PHP-FPM service and enable it to launch every time at system boot after all installation is complete.

$ sudo systemctl start php7.2-fpm
$ sudo systemctl enable php7.2-fpm

PHP7.2-FPM is up and running on Ubuntu 18.04 under the sock file, check it using the netstat command.

$ netstat -pl | grep php

Once installed, check the PHP version.

$ php --version

List the contents for the directory /var/run/php/

$ ls /var/run/php/

You should see a few entries here.

php7.2-fpm.pid php7.2-fpm.sock
Above we can see the socket is called php7.2-fpm.sock. Remember this as you may need it for the nginx add php step.

Configure Nginx to Use the PHP Processor

Enable Nginx PHP support. Run the commands below to open Nginx default site configuration file

sudo nano /etc/nginx/sites-available/default

Then make uncomment the highlighted lines below to enable Nginx PHP support.

server {
    listen 80;
    listen [::]:80;
    root /var/www/html;
    index  index.php index.html index.htm;
    server_name  server_domain_or_IP;

    location / {
        try_files $uri $uri/ =404;       
    }

  
     # pass PHP scripts to FastCGI server
        #
        location ~ \.php$ {
               include snippets/fastcgi-php.conf;
        #
        #       # With php-fpm (or other unix sockets):
               fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
        #       # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        }

        location ~ /\.ht {
          deny all;
        }
}

 

Replace line
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?$query_string;

Test your configuration file for syntax errors by typing:

$ sudo nginx -t

Restart Nginx and PHP-FPM services

sudo systemctl restart nginx.service
systemctl restart php7.1-fpm.service

 

Find Nginx Owner group

The listen.owner and listen.group variables are set to www-data by default, but they need to match the user and group NGINX is running as. If you installed NGINX using our Getting Started with NGINX series, then your setup will be using the nginx user and group. You can verify with:

ps -aux | grep nginx

The output should be similar to:

root@localhost:~# ps -aux | grep nginx
root      3448  0.0  0.0  32500  3516 ?        Ss   18:21   0:00 nginx: master process /        usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx     3603  0.0  0.0  32912  2560 ?        S    18:24   0:00 nginx: worker process
nginx     3604  0.0  0.0  32912  3212 ?        S    18:24   0:00 nginx: worker process

This shows the NGINX master process is running as root, and the worker processes are running as the nginx user and group. Change the listen variables to that:

sed -i 's/listen.owner = www-data/listen.owner = nginx/g' /etc/php/7.0/fpm/pool.d/www.conf
sed -i 's/listen.group = www-data/listen.group = nginx/g' /etc/php/7.0/fpm/pool.d/www.conf

 

Install PHP Extensions (Optional)

Let’s say you need to install php modules, you can find them using.

$ sudo apt-cache search php

That will list all packages related to php, to refine the search a little bit, use grep

You can check already installed php modules in the system

$ sudo dpkg -l | grep -i php7.1

Now you can install most required PHP modules from the list.

------------ Install PHP Modules ------------
$ sudo apt install php5.6-cli php5.6-xml php5.6-mysql 
$ sudo apt install php7.0-cli php7.0-xml php7.0-mysql 
$ sudo apt install php7.1-cli php7.1-xml php7.1-mysql
$ sudo apt install php7.2-cli php7.2-xml php7.2-mysql 
$ sudo apt install php7.3-cli php7.3-xml php7.3-mysql

 

Edit php ini file for php

$ sudo nano /etc/php/7.2/fpm/php.ini

Open the main php-fpm configuration file with root privileges:

sudo nano /etc/php/7.0/fpm/php.ini

What we are looking for in this file is the parameter that sets cgi.fix_pathinfo. This will be commented out with a semi-colon (;) and set to “1” by default.

This is an extremely insecure setting because it tells PHP to attempt to execute the closest file it can find if the requested PHP file cannot be found. This basically would allow users to craft PHP requests in a way that would allow them to execute scripts that they shouldn’t be allowed to execute.

We will change both of these conditions by uncommenting the line and setting it to “0” like this:

/etc/php/7.0/fpm/php.ini

cgi.fix_pathinfo=0

Save and close the file when you are finished.

Now, we just need to restart our PHP processor by typing:

sudo systemctl restart php7.0-fpm

This will implement the change that we made.

file_uploads = On
allow_url_fopen = On
memory_limit = 256M
upload_max_filesize = 64M

 

Depending on your distribution and PHP version, the PHP configuration files will be stored in different locations. This guide is using PHP 7.0 from Ubuntu’s repositories on Ubuntu 16.04 as an example, and the /etc/php/7.0/fpm/pool.d/www.conf and /etc/php/7.0/fpm/php.ini files are what we’ll be modifying.

Find those full file paths using a find command:

find / \( -iname "php.ini" -o -name "www.conf" \)

The output should look similar to:

root@localhost:~# find / \( -iname "php.ini" -o -name "www.conf" \)
/etc/php/7.0/fpm/php.ini
/etc/php/7.0/fpm/pool.d/www.conf
/etc/php/7.0/cli/php.ini

Set Default PHP Version in Ubuntu

You can set the default PHP version to be used on the system with the update-alternatives command, after setting it, check the PHP version to confirm as follows.

------------ Set Default PHP Version 5.6 ------------
$ sudo update-alternatives --set php /usr/bin/php5.6

Set Default PHP Version in Ubuntu
7. You can set the default PHP version to be used on the system with the update-alternatives command, after setting it, check the PHP version to confirm as follows.

------------ Set Default PHP Version 7.0 ------------
$ sudo update-alternatives --set php /usr/bin/php7.0

After switching from one version to another, you can find your PHP configuration file, by running the command below.

------------ For PHP 5.6 ------------
$ sudo update-alternatives --set php /usr/bin/php5.6
$ php -i | grep "Loaded Configuration File"

 

 

Leave a Reply

Your email address will not be published.