Deploy an LNMP stack (Linux, NGINX, MySQL, and PHP) - Elastic Compute Service

This topic describes how to deploy an LNMP stack (Linux, NGINX, MySQL, and PHP) on an Elastic Compute Service (ECS) instance.

Prerequisites

A public IP address is automatically assigned to the ECS instance. Alternatively, an elastic IP address (EIP) is associated with the ECS instance. For instructions on how to enable public bandwidth, see Enable public bandwidth.
Inbound rules are added to a security group of the ECS instance to open ports 22 and 80. For information about how to add a security group rule, see Add a security group rule.
The ECS instance has at least 4 GiB of memory.

Deploy an LNMP stack

Alibaba Cloud Linux 3 and CentOS 8

Important

All content is removed from the default CentOS 8 repository at the following address: http://mirror.centos.org/centos/8/. If you continue using the default CentOS 8 repository on Alibaba Cloud, an error is reported. You must change CentOS 8 repository addresses. For more information, see Change CentOS 8 repository addresses.

Install NGINX from an official NGINX repository.

Note

By default, the latest stable version of NGINX is installed. If you require another NGINX version, run the sudo dnf search nginx --showduplicates command to search for the supported NGINX versions and add the number of the version that you want to install to the installation command. For example, if you want to install version 1.24.0, run the sudo dnf -y install nginx-1.24.0 command.

# Add an official NGINX repository.
sudo tee /etc/yum.repos.d/nginx.repo <<-'EOF'
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/8/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
# Install NGINX.
sudo dnf -y install nginx
# Start NGINX and configure NGINX to automatically start on system startup.
sudo systemctl start nginx
sudo systemctl enable nginx

Install MySQL.
Note
If your instance runs Alibaba Cloud Linux 3, you must install compat-openssl10, which is compatible with earlier versions of OpenSSL libraries.
```
sudo yum install -y compat-openssl10
```
```
# Add an official MySQL repository.
sudo rpm -Uvh https://repo.mysql.com/mysql84-community-release-el8-1.noarch.rpm
# Install MySQL.
sudo dnf install -y mysql-server
# Start MySQL and configure MySQL to automatically start on system startup.
sudo systemctl start mysqld
sudo systemctl enable mysqld
```
1. Query the default initial password of the root user.
  - If your instance runs Alibaba Cloud Linux 3, run the following command:
```
echo $(PASSWORD=$(sudo grep 'temporary password' /var/log/mysqld.log); PASSWORD=${PASSWORD##* }; echo $PASSWORD)
```
  - If your instance runs CentOS 8, the root user does not have an initial password.
2. Specify a new password for the root user of MySQL. In the following command, replace <oldpwd> with the initial password and <newpwd> with the new password. If your instance runs CentOS 8, replace <oldpwd> with an empty string and press the Enter key to skip to the next line when you are prompted to enter a password.
  Important
  The password must be at least eight characters in length, and contain at least one uppercase letter, one lowercase letter, one digit, and one special character.
```
sudo mysqladmin -uroot -p'<oldpwd>' password '<newpwd>'
```

Install PHP.

Note

In this example, PHP 8.4 is used. If you require another PHP version, change the module name based on the PHP version that you want to install. For example, if you want to install PHP 8.1, change the module name to php:remi-8.1.

# Specify the remi repository and enable the php:remi-8.4 module.
sudo rpm -Uvh http://mirrors.cloud.aliyuncs.com/remi/enterprise/remi-release-8.rpm  --nodeps
sudo dnf install -y yum-utils && sudo dnf module enable -y php:remi-8.4
# Install PHP, PHP FastCGI Process Manager (PHP-FPM), and the MySQL extension.
sudo dnf install -y php php-fpm php-mysqlnd
# Start PHP-FPM and configure PHP-FPM to automatically start on system startup.
sudo systemctl start php-fpm
sudo systemctl enable php-fpm

Verify the LNMP stack.
1. Query the default listening address of PHP-FPM in the configuration file.
```
sudo grep '^listen =' /etc/php-fpm.d/www.conf
```
  - If the address of a socket file is returned, PHP-FPM listens to the socket file.
  - If 127.0.0.1:9000 is returned, PHP-FPM listens on local port 9000.
2. Run the tee command to modify the /etc/nginx/conf.d/default.conf file and add PHP forwarding rules.
  Important
  If the listening address of PHP-FPM is 127.0.0.1:9000, set the fastcgi_pass parameter to 127.0.0.1:9000.
```
sudo tee /etc/nginx/conf.d/default.conf <<-'EOF'
server {
    listen       80;
    server_name  localhost;
    root /usr/share/nginx/html;
    location / {
    index index.php index.html index.htm;
    }
    location ~ .php$ {
        root /usr/share/nginx/html;
        fastcgi_pass unix:/run/php-fpm/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}
EOF
```
3. Restart NGINX for the changes in the configuration file to take effect.
```
 sudo systemctl restart nginx
```
4. Run the tee command to create a PHP file named test.php in the /usr/share/nginx/html directory and add the code used to test MySQL connectivity to the file. Replace <username> with the username of MySQL and <password> with the password of MySQL.
```
sudo tee /usr/share/nginx/html/test.php <<-'EOF'
<?php
$servername = "localhost";
$username = "<username>";
$password = "<password>";
$conn = new mysqli($servername, $username, $password);
if ($conn->connect_error) {
die("fail: " . $conn->connect_error);
}
echo "success\n";
?>
EOF
```
5. In the address bar of a web browser on your on-premises machine, enter http://<Public IP address of the ECS instance>/test.php. If success is returned, you are connected to MySQL by using the PHP proxy.

Alibaba Cloud Linux 2 and CentOS 7

Install NGINX from an official NGINX repository.

Note

By default, the latest stable version of NGINX is installed. If you require another NGINX version, run the sudo yum search nginx --showduplicates command to search for the supported NGINX versions and add the number of the version that you want to install to the installation command. For example, if you want to install version 1.24.0, run the sudo yum -y install nginx-1.24.0 command.

# Add an official NGINX repository.
sudo tee /etc/yum.repos.d/nginx.repo <<-'EOF'
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
# Install NGINX.
sudo yum -y install nginx
# Start NGINX and configure NGINX to automatically start on system startup.
sudo systemctl start nginx
sudo systemctl enable nginx

Install MySQL.

# Add an official MySQL repository.
sudo rpm -Uvh https://repo.mysql.com/mysql84-community-release-el7-1.noarch.rpm
# Install MySQL.
sudo yum install -y mysql-server
# Start MySQL and configure MySQL to automatically start on system startup.
sudo systemctl start mysqld
sudo systemctl enable mysqld

Query the default initial password of the root user.

echo $(PASSWORD=$(sudo grep 'temporary password' /var/log/mysqld.log); PASSWORD=${PASSWORD##* }; echo $PASSWORD)

Specify a new password for the root user of MySQL. In the following command, replace <oldpwd> with the initial password and <newpwd> with the new password.
Important
The password must be at least eight characters in length, and contain at least one uppercase letter, one lowercase letter, one digit, and one special character.
```
sudo mysqladmin -uroot -p'<oldpwd>' password '<newpwd>'
```

Install PHP.

# Specify the remi repository and enable the remi-php83 module.
sudo rpm -Uvh http://mirrors.cloud.aliyuncs.com/remi/enterprise/remi-release-7.rpm  --nodeps
sudo yum install -y yum-utils && sudo yum-config-manager --enable   remi-php83
# Install PHP, PHP-FPM, and the MySQL extension.
sudo yum install -y php php-fpm php-mysqlnd
# Start PHP-FPM and configure PHP-FPM to automatically start on system startup.
sudo systemctl start php-fpm
sudo systemctl enable php-fpm

Verify the LNMP stack.
1. Query the default listening address of PHP-FPM in the configuration file.
```
sudo grep '^listen =' /etc/php-fpm.d/www.conf
```
  - If the address of a socket file is returned, PHP-FPM listens to the socket file.
  - If 127.0.0.1:9000 is returned, PHP-FPM listens on local port 9000.
2. Run the tee command to modify the /etc/nginx/conf.d/default.conf file and add PHP forwarding rules.
  Important
  If the listening address of PHP-FPM is the address of a socket file, change 127.0.0.1:9000 to unix:<path>. Replace <path> with your socket file address.
```
sudo tee /etc/nginx/conf.d/default.conf <<-'EOF'
server {
    listen       80;
    server_name  localhost;
    root /usr/share/nginx/html;
    location / {
            index index.php index.html index.htm;
    }
    location ~ .php$ {
            root /usr/share/nginx/html;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}
EOF
```
3. Restart NGINX for the changes in the configuration file to take effect.
```
 sudo systemctl restart nginx
```
4. Run the tee command to create a PHP file named test.php in the /usr/share/nginx/html directory and add the code used to test MySQL connectivity to the file. Replace <username> with the username of MySQL and <password> with the password of MySQL.
```
sudo tee /usr/share/nginx/html/test.php <<-'EOF'
<?php
$servername = "localhost";
$username = "<username>";
$password = "<password>";
$conn = new mysqli($servername, $username, $password);
if ($conn->connect_error) {
die("fail: " . $conn->connect_error);
}
echo "success\n";
?>
EOF
```
5. In the address bar of a web browser on your on-premises machine, enter http://<Public IP address of the ECS instance>/test.php. If success is returned, you are connected to MySQL by using the PHP proxy.

Ubuntu 20.04 and later

Install NGINX from an official NGINX repository.

# Update installed software in the system and the package management tool.
sudo apt update -y
# Install the dependencies required by NGINX.
sudo apt install -y curl gnupg2 ca-certificates lsb-release ubuntu-keyring
# Import an official NGINX signature key.
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
# Specify the Advanced Packaging Tool (APT) repository.
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
# Install NGINX.
sudo apt install -y nginx

Update the software package list and install the MySQL server.
```
sudo apt update -y && sudo apt install -y mysql-server
```
Change the password and identity authentication plug-in used by the root user of the MySQL server. Replace <newpwd> in the following command with the actual password.
Important
The default identity authentication plug-in used by the root user is auth_socket. After the command is run, you are prompted to enter a password. Press the Enter key to skip to the next line.
```
sudo mysql -uroot -p -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY '<newpwd>';" -e "FLUSH PRIVILEGES;"
```

Install PHP.

Note

Run the sudo apt search php command to query all PHP versions that you can install. If you want to install a different PHP version, replace the version number in the following command with the actual version number. For example, if you want to install PHP 8.1, run the sudo apt install -y php8.1 php8.1-fpm php8.1-mysql command.

# Install the software-properties-common package and add the ppa:ondrej/php Personal Package Archive (PPA) repository.
sudo apt update && sudo apt install -y software-properties-common && sudo add-apt-repository -y ppa:ondrej/php
# Install PHP 8.4 and the related components, including PHP-FPM and the MySQL extension.
sudo apt install -y php8.4 php8.4-fpm php8.4-mysql

Verify the LNMP stack.
1. Query the default listening address of PHP-FPM in the configuration file. Replace <version> with your actual PHP version. For example, if you use PHP 8.4, replace <version> with 8.4.
```
sudo grep '^listen =' /etc/php/<version>/fpm/pool.d/www.conf
```
  - If the address of a socket file is returned, PHP-FPM listens to the socket file.
  - If 127.0.0.1:9000 is returned, PHP-FPM listens on local port 9000.
2. Run the tee command to modify the /etc/nginx/conf.d/default.conf file and add PHP forwarding rules. Replace <listen> with your actual listening address. If the address of a socket file is used as the listening address, add the unix: prefix to the address.
  Important
  To listen to socket files, your account must have the read and write permissions on the socket files. Run the sudo chmod 666 <path> command to grant the preceding permissions. Replace <path> with the actual address of a socket file.
```
# Remove the default site configurations.
sudo rm -f /etc/nginx/sites-enabled/*
# Modify the configuration file.
sudo tee /etc/nginx/conf.d/default.conf <<-'EOF'
server {
    listen       80;
    server_name  localhost;
    root /usr/share/nginx/html;
    location / {
            index index.php index.html index.htm;
    }
    location ~ .php$ {
            root /usr/share/nginx/html;
            fastcgi_pass <listen>;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}
EOF
```
3. Restart NGINX for the changes in the configuration file to take effect.
```
 sudo systemctl restart nginx
```
4. Run the tee command to create a PHP file named test.php in the /usr/share/nginx/html directory and add the code used to test MySQL connectivity to the file. Replace <username> with the username of MySQL and <password> with the password of MySQL.
```
sudo tee /usr/share/nginx/html/test.php <<-'EOF'
<?php
$servername = "localhost";
$username = "<username>";
$password = "<password>";
$conn = new mysqli($servername, $username, $password);
if ($conn->connect_error) {
die("fail: " . $conn->connect_error);
}
echo "success\n";
?>
EOF
```
5. In the address bar of a web browser on your on-premises machine, enter http://<Public IP address of the ECS instance>/test.php. If success is returned, you are connected to MySQL by using the PHP proxy.

FAQ

Why am I unable to access the test.php page by using the public IP address of the ECS instance on which the page is hosted?

Possible causes and solutions:

Port 80 is not open in the security groups of the ECS instance, the system firewall is enabled on the ECS instance, or port 80 is used by a different service.

For information about how to troubleshoot the issue based on the preceding causes, see What do I do if I cannot access a service deployed on an instance?

How do I allow remote access to MySQL?

Create a non-root account and allow remote access to MySQL by using the account. For more information, see Deploy MySQL on a Linux instance.

Where are the configuration files and log files of NGINX located?

By default, the log files of NGINX are stored in the /var/log/nginx/ directory.
By default, the main configuration file of NGINX is /etc/nginx/nginx.conf.
By default, NGINX reads configurations from all additional configuration files whose names are suffixed with .conf in the /etc/nginx/conf.d directory.