Close Menu
    Facebook X (Twitter) Instagram
    • Download Cisco Packet Tracer
    Facebook X (Twitter) Instagram Pinterest Vimeo
    IT Beginner
    • Home
    • Server
    • WordPress
    IT Beginner
    Home»CentOS»How to install LEMP web server with Nginx, PHP-FPM 5.6, MySQL 5.5 on Centos 7
    CentOS

    How to install LEMP web server with Nginx, PHP-FPM 5.6, MySQL 5.5 on Centos 7

    28/07/2017No Comments9 Mins Read

    Nginx is one of the most popular web server widely used by many popular websites like facebook, intel, cloudflare, hulu, netflix, dropbox, and more. Unlike Apache web server, nginx is a very light weight web server and proxy server yet comes with the same or even better features. Nginx does not create new process for each http request like Apache does. The more processes are created on a web server, the more Apache takes up memory on the server, and as the result Apache can cause the server to swap memory to disk (degrading performance). Nginx will limit the worker processes, each Nginx’s process is single threaded, and each worker can handle thousands of concurrent connections.

    nginx nam huy linux blogNewer Centos version has been released (Centos 7), and the current stable PHP version is 5.6.x. If you like me, always want everything is up to date, why not use all the new/current technology for our web server. In this article I will show you how to install LEMP server with Nginx 1.6.2, PHP 5.6 and mariadb

    Installing EPEL and REMI Repository for Centos 7 64 bit

    You can always can install nginx via official nginx repo, but you can also install nginx via EPEL repo which I’m going to install nginx and other packages via EPEL.

    # rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm
    # rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

    Install Nginx

    You have installed EPEL repo, you can now install nginx package via EPEL

    # yum install nginx -y

    To start Nginx on Centos 7

    # systemctl start nginx

    To start Nginx on Centos 7 automatically at boot

    # systemctl enable nginx

    Enable firewall rules

    Centos 7 comes with firewalld as default firewall system instead of iptables. You can always go back to use iptables on Centos 7 but for this article purpose, we will just stick with the default firewalld on Centos 7. To allow http and https traffic in/out your web server, you can use firewall-cmd commands below. (If you don’t use https, you can skip the https line)

    # firewall-cmd –permanent –zone=public –add-service=http
    # firewall-cmd --permanent --zone=public --add-service=https
    # firewall-cmd –reload
    By now you should be able to see default nginx web page via a web browser
    namhuy_nginx_epel

    To view the nginx default page above, you can either use your public IP address, or your domain which you already have pointed to your public IP address. It’s a little bit different to view IP address on Centos 7 than Centos 6. ifconfig which we always use is not installed on Centos 7 by default.

    To view your server ip addresses

    # ip addr

    If you want the old school ifconfig command back, you can install the net-tools package

    # yum install net-tools

    Install MariaDB 5.5

    Why MariaDB and not MySQL? Simply MariaDB is faster, there are a lot of speed improvement in MariaDB like Innodb asynchronous IO, Indexes for Memory engine, segmentd key cahce for MyISAM, faster CHECKSUM TABLE… MariaDB comes with more extensions like Microseconds, table elimination, pluggable Authentication, GIS functionality, many more new features and less bug. The most thing I like about MariaDB is truly open source, all MariaDB’s code is released under GPL, LGPL or BSD

    To install MariaDB on CentOS 7

    # yum --enablerepo=remi,remi-php56 install mariadb-server mariadb -y

    To start MariaDB on Centos 7

    # systemctl start mariadb

    To start MariaDB on Centos 7 automatically at boot

    # systemctl enable mariadb

    secure mariadb
    After you have mariadb installed, the next important step is to secure the database server. Similar to MySQL, Mariadb comes with a script to harden your Mariadb databse server. You should always run the script before using the databases.

    # /usr/bin/mysql_secure_installation

    You will have to answer some question, all you have to do is to say Y to most of them.

    /usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found
     
    NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
          SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
     
    In order to log into MariaDB to secure it, we'll need the current
    password for the root user.  If you've just installed MariaDB, and
    you haven't set the root password yet, the password will be blank,
    so you should just press enter here.
     
    Enter current password for root (enter for none):
    OK, successfully used password, moving on...
     
    Setting the root password ensures that nobody can log into the MariaDB
    root user without the proper authorisation.
     
    Set root password? [Y/n] y
    New password:
    Re-enter new password:
    Password updated successfully!
    Reloading privilege tables..
     ... Success!
     
     
    By default, a MariaDB installation has an anonymous user, allowing anyone
    to log into MariaDB without having to have a user account created for
    them.  This is intended only for testing, and to make the installation
    go a bit smoother.  You should remove them before moving into a
    production environment.
     
    Remove anonymous users? [Y/n] y
     ... Success!
     
    Normally, root should only be allowed to connect from 'localhost'.  This
    ensures that someone cannot guess at the root password from the network.
     
    Disallow root login remotely? [Y/n] y
     ... Success!
     
    By default, MariaDB comes with a database named 'test' that anyone can
    access.  This is also intended only for testing, and should be removed
    before moving into a production environment.
     
    Remove test database and access to it? [Y/n] y
     - Dropping test database...
     ... Success!
     - Removing privileges on test database...
     ... Success!
     
    Reloading the privilege tables will ensure that all changes made so far
    will take effect immediately.
     
    Reload privilege tables now? [Y/n] y
     ... Success!
     
    Cleaning up...
     
    All done!  If you've completed all of the above steps, your MariaDB
    installation should now be secure.
     
    Thanks for using MariaDB!

    Install PHP-fpm 5.6

    I’m going to use remi repo for php-fpm and other php* modules. Make sure you use the correct –enablerepo option with yum command. These are common php modules for today php scripts, you can add/remove modules to your needs.

    # yum --enablerepo=remi,remi-php56 install php-fpm php-common php-mysql php-opcache php-pear php-gd php-devel php-mbstring php-mcrypt php-cli php-pdo php-xml -y

    To search for more available PHP modules, you can use this command to list more PHP modules

    # yum search php

    To get more detail about each php module does, you can of course google the package name, or use “yum info” command to look at the long description of the package.

    # yum info package_name

    To start PHP-FPM on Centos 7

    # service php-fpm start

    To start PHP-FPM on Centos 7 automatically at boot

    # chkconfig php-fpm on

    Configure Nginx

    By now you should have nginx, mariadb, and php-fpm installed on your LEMP web server. Now let’s configure nginx to make everything work well together.

    Nginx Global Configuration
    Default nginx global configuration file is located at /etc/nginx/nginx.conf You can nginx user, worker_processes, server name, listening port and other things in this file.

    To edit nginx global configuration file

    # nano /etc/nginx/nginx.conf

    There are few important things you should look at.

    user  nginx;
    
    worker_processes  1;

    user: If you are the only one who use the web server, you should keep the default nginx user which is nginx.
    worker_processes: this value should be equal of the number of cpu or vcpu you have on the server.

    To check the number of cpu/vcpu of the server

    # grep ^processor /proc/cpuinfo | wc -l

    Then set nginx_processes accordingly

    Next enable sendfile, tcp_nopush, gzip, and add index.php

        sendfile        on;
        #tcp_nopush     on;
     
        #keepalive_timeout  0;
        keepalive_timeout  65;
     
        #gzip  on;
     
        index   index.html index.htm;
    Uncomment tcp_nopush and gzip, add “index.php” to index line, you should have something like this on your configure file
        sendfile        on;
        tcp_nopush     on;
     
        #keepalive_timeout  0;
        keepalive_timeout  65;
     
        gzip  on;
     
        index   index.php index.html index.htm;
    Next is to adjust server name and default server root directory. I suggest you keep this part as it unless you only have one website per server. If you host multiple websites on the same server, it’s easier to leave “server directive” in /etc/nginx/nginx.conf file as it and create separate additional server blocks (Virtual Hosts in Apache) in /etc/nginx/conf.d/ directory. Each additional server block file should end with .conf file extension.
        server {
            listen       80 default_server;
            server_name  localhost;
            root         /usr/share/nginx/html;

    default_server: is usually your domain name
    80: is the port nginx listen to, almost all webserver listen to port 80, if you want to change your nginx listen port, you can change it here.
    root: is the default server root directory, all of your website pages, files, images, javascripts and such will go here.

    Create New Nginx Server Block Files
    All nginx server block files should be located in /etc/nginx/conf.d/ with .conf file extension. Says we are going to create a server block file for namhuy.net website (replace namhuy.net with your domain names).

    # nano /etc/nginx/conf.d/namhuy_net.conf

    With the content (adjust the values to your own configuration), this is just an example server block file

    server {
        listen your_public_ip_address:80;
        server_name  www.namhuy.net;
        root /var/www/www.namhuy.net;
        index index.php index.html index.htm;
     
        charset utf-8;
     
            location / {
            }
     
            location = /robots.txt { allow all; access_log off; log_not_found off; }
            location = /favicon.ico { allow all; access_log off; log_not_found off; }
     
        error_page 401 /401.html;
        error_page 403 /403.html;
        error_page 404 /404.html;
        error_page 500 502 503 504 /50x.html;
     
        location ~ \.php$ {
            root           /var/www/www.namhuy.net;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            fastcgi_intercept_errors on;
            fastcgi_buffer_size 4K;
            fastcgi_buffers 128 4k;
            fastcgi_connect_timeout 50;
            fastcgi_send_timeout 40;
            fastcgi_read_timeout 40;
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            include        fastcgi_params;
        }
     
        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        # location ~ /\.ht {
        #     deny  all;
        # }
    }
    As you can see I store my website files in /var/www/www.namhuy.org/ directory, because I didn’t create one on my server, I’m going create one and give it right permission before I restart nginx.
    # mkdir /var/www/www.namhuy.net
    # chmod 777 /var/www/www.namhuy.net
    Restart nginx for all the changes to take effect
    # systemctl restart nginx

    For whatever reason nginx won’t restart, you can use these commands to see what’s wrong with your current nginx configuration

    # systemctl status nginx.service
    and
    # nginx -t
    To confirm your LEMP web sever is working, let’s create some sample pages. First create index.html file
    # nano /var/www/www.namhuy.net/index.html

    with the content

    <!DOCTYPE html>
    <html>
    <body>
    <p>hello world!</p>
    </body>
    </html>
    and info.php file
    # nano /var/www/www.namhuy.net/info.php
    with the content
    <?php
    phpinfo();
    ?>
    In your web browser, you should see your “hello world!” page and info.php file displayed correctly.
    LEMP server hello_world
    lemp server MariaDB nginx php-fpm web server
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleHow to install Webmin on CentOS 7
    Next Article How to install fail2ban on CentOS 6 and 7

    Related Posts

    CentOS

    How to install vsftpd on centos 6

    03/08/2017
    CentOS

    How To Install WordPress with nginx on Centos 6

    02/08/2017
    Security

    How to secure Nginx web server

    02/08/2017
    Subscribe
    Notify of
    guest

    guest

    This site uses Akismet to reduce spam. Learn how your comment data is processed.

    0 Comments
    Oldest
    Newest Most Voted
    Inline Feedbacks
    View all comments
    Tags
    apache centos Centos 6 cuda Desktop Environment dual boot environment featured gnome GUI hostname hosts intel kernel kill lamp server lemp server life MariaDB netflix nginx nvidia password php-fpm phpmyadmin pids processes s.m.a.r.t Security session solid state drive ssd ssh ssh server tag 1 tag 2 Ubuntu upgrade varnish VirtualBox VNC Server web server window manager wordpress xfce
    Facebook X (Twitter) Instagram Pinterest

    Type above and press Enter to search. Press Esc to cancel.

    wpDiscuz