Build an LNMP stack - Elastic Compute Service - Alibaba Cloud Documentation Center

LNMP is one of the most common web server architectures. It can be used to run large-scale, high-concurrency web applications, such as e-commerce websites, social networking services, and content management systems. LNMP is an acronym for the names of the following open source components: Linux operating system, NGINX web server, MySQL relational database management system, and PHP programming language. This topic describes how to deploy an LNMP stack on an Elastic Compute Service (ECS) instance that runs an Alibaba Cloud Linux 2, Alibaba Cloud Linux 3, CentOS 7, or CentOS 8 operating system.

Prerequisites

An ECS instance that meets the following requirements is created:

The instance type has at least 4 GiB of memory.
The ECS instance is assigned a public IP address by the system or is associated with an elastic IP address (EIP). For more information, see Enable public bandwidth for an ECS instance.
The ECS instance runs an Alibaba Cloud Linux 2, Alibaba Cloud Linux 3, CentOS 7, or CentOS 8 operating system. We recommend that you use Alibaba Cloud Linux 3.
Inbound rules are added to a security group of the ECS instance to open ports 22, 80, and 443. For information about how to add an inbound security group rule, see Add a security group rule.
Important
- For security reasons, this topic describes only the ports on which traffic must be allowed to deploy and test an LNMP stack. You can configure security group rules to allow traffic on additional ports based on your business requirements. For example, if you want to connect to a MySQL database on an ECS instance, you can configure an inbound rule in a security group of the instance to allow traffic on port 3306, which is the default port for MySQL.
- Alibaba Cloud Linux 2, CentOS 7 and CentOS 8 operating systems have reached their End Of Life (EOL). So we recommend that you use the Alibaba Cloud Linux 3 image to create an ECS instance and deploy an LNMP stack.

Procedure

Alibaba Cloud Linux 2, Alibaba Cloud Linux 3, and CentOS 7.x

In this section, the following software versions are used. If your software versions are different from the following ones, modify the commands and parameter settings based on your business requirements.

NGINX 1.20.1
MySQL 8.0.39
PHP 8.0.30

Step 1: Disable the firewall and SELinux

Important

To prevent unexpected risks, we recommend that you perform operations as a regular user instead of an administrator. If the regular user does not have sudo permissions, grant the permissions to the user. For more information, see the "How do I grant sudo permissions to a regular user?" question in the FAQ section of this topic.

Connect to the ECS instance on which you want to deploy an LNMP stack.
For more information, see Connection method overview.
Disable the firewall.
1. Run the following command to view the status of the firewall:
```
systemctl status firewalld
```
  - If inactive is returned, the firewall is disabled. In this case, proceed to Step 3.
  - If active is returned, the firewall is enabled. In this case, proceed to Step 2.b.
2. Disable the firewall.
  - To temporarily disable the firewall, run the following command:
```
sudo systemctl stop firewalld
```
    Note
    After you run the preceding command, the firewall is temporarily disabled. When you restart the instance, the firewall is automatically enabled.
  - To permanently disable the firewall, perform the following steps:
    1. Run the following command to disable the firewall:
      sudo systemctl stop firewalld
    2. Run the following command to prevent the firewall from being automatically enabled on system startup:
      sudo systemctl disable firewalld
    Note
    You can re-enable the firewall after you disable the firewall. For more information, visit the official firewalld website.
Disable Security-Enhanced Linux (SELinux).
1. Run the following command to view the status of SELinux:
```
getenforce
```
  - If Disabled is returned, SELinux is disabled. In this case, proceed to Step 2: Install NGINX.
  - If Enforcing is returned, SELinux is enabled. In this case, proceed to Step 3.b.
2. Disable SELinux.
  You can temporarily or permanently disable SELinux based on your business requirements. For more information, see Enable or disable SELinux.

Step 2: Install NGINX

Note

This section describes how to install a specific version of NGINX. If you want to install other versions of NGINX, see the "How do I install other NGINX versions?" question in the FAQ section of this topic.

Run the following command to install NGINX:
```
sudo yum -y install nginx
```
Run the following command to view the version of NGINX:
```
nginx -v
```
The following command output indicates that NGINX is installed:
```
nginx version: nginx/1.20.1
```

Step 3: Install and configure MySQL

Install MySQL

If the ECS instance runs the Alibaba Cloud Linux 3 operating system, you must install MySQL dependency packages.
```
sudo yum install compat-openssl10
```
Run the following command to update the Yellowdog Updater Modified (YUM) repository:
```
sudo rpm -Uvh https://dev.mysql.com/get/mysql80-community-release-el7-11.noarch.rpm
```
Run the following command to install MySQL:
```
sudo yum -y install mysql-community-server
```
Run the following command to view the version of MySQL:
```
mysql -V
```
The following command output indicates that MySQL is installed:
```
mysql  Ver 8.0.36 for Linux on x86_64 (MySQL Community Server - GPL)
```
Run the following command to start MySQL:
```
sudo systemctl start mysqld
```
Run the following commands in sequence to configure MySQL to automatically start on system startup:
```
sudo systemctl enable mysqld
sudo systemctl daemon-reload
```

Configure MySQL

Run the following command to view the /var/log/mysqld.log file and obtain and record the initial password of the root user:
```
sudo grep 'temporary password' /var/log/mysqld.log
```
The following command output indicates that ARQTRy3+**** is the initial password of the root user. You can use this initial password when you reset the password of the root user.
```
2021-11-10T07:01:26.595215Z 1 [Note] A temporary password is generated for root@localhost: ARQTRy3+****
```

Run the following command to configure the security settings of MySQL:

sudo mysql_secure_installation

Enter the initial password of MySQL.
Note
For data security purposes, no output is returned when you enter a password. You need only to enter the correct password and then press the Enter key.
```
Securing the MySQL server deployment.

Enter password for user root: # Enter the initial password that you obtained in the previous step.
```

Configure a new password for MySQL.

The existing password for the user account root has expired. Please set a new password.

New password: # Enter a new password. The password must be 8 to 30 characters in length and contain uppercase letters, lowercase letters, digits, and any of the following special characters: ( ) ` ~ ! @ # $ % ^ & * - + = | { } [ ] : ; ' < > , . ? /

Re-enter new password: # Re-enter the new password. 
The 'validate_password' plugin is installed on the server.
The subsequent steps will run with the existing configuration
of the plugin.
Using existing password for root.

Estimated strength of the password: 100 # The strength of the new password is displayed in the command output. 
Change the password for root ? (Press y|Y for Yes, any other key for No) :Y # Enter Y to confirm the new password. 

# After the new password is configured, verify the password. 
New password: # Enter the new password. 

Re-enter new password: # Re-enter the new password. 

Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) :Y # Enter Y to use the new password.

Enter Y to delete the anonymous users.

Remove anonymous users? (Press y|Y for Yes, any other key for No) :Y
Success.

Enter Y to deny remote access by the root user.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) :Y
Success.

Enter Y to delete the test database and the access permissions on the database.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) :Y
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Enter Y to reload privilege tables.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) :Y
Success.

All done!

For more information, see the official MySQL documentation.

Step 4: Install and configure PHP

Install PHP

Install PHP.

Alibaba Cloud Linux 3

Run the following command to update the YUM repository:

sudo rpm -Uvh https://mirrors.aliyun.com/remi/enterprise/remi-release-8.rpm  --nodeps

Run the following command to enable the php:remi-8.0 module stream:
```
sudo yum module enable -y php:remi-8.0
```

Run the following command to install PHP:

sudo yum install -y php php-cli php-fpm php-common php-mysqlnd php-gd php-mbstring php-xml

Alibaba Cloud Linux 2

Run the following command to update the YUM repository:

sudo rpm -Uvh https://mirrors.aliyun.com/remi/enterprise/remi-release-7.rpm

Run the following command to modify the configuration of the yum-plugin-releasever-adapter plugin to support remi repository adaptation for Alibaba Cloud Linux 2:

sudo echo ", remi-php54.repo, remi-php71.repo, remi-php73.repo, remi-php80.repo, remi-php82.repo, remi.repo, epel.repo, remi-modular.repo, remi-php70.repo, remi-php72.repo, remi-php74.repo, remi-php81.repo, remi-php83.repo, remi-safe.repo" >> /etc/yum/pluginconf.d/releasever-adapter.conf

Run the following command to enable the PHP 8.0 repository:

sudo sed -i '1,10s/enabled=0/enabled=1/' /etc/yum.repos.d/remi-php80.repo

Run the following command to install PHP:

sudo yum install -y php php-cli php-fpm php-common php-mysqlnd php-gd php-mbstring

CentOS 7.x

Update the YUM repositories.
1. Run the following commands to install the Extra Packages for Enterprise Linux (EPEL) repository and Remi repository:
```
sudo yum install -y epel-release
sudo yum install -y https://rpms.remirepo.net/enterprise/remi-release-7.rpm
```
2. Run the following command to enable the PHP 8.0 repository:
```
sudo yum install -y yum-utils
sudo yum-config-manager --enable remi-php80
```

Run the following command to install PHP:

sudo yum install -y php php-cli php-fpm php-mysqlnd php-zip php-devel php-gd php-mcrypt php-mbstring php-curl php-xml php-pear php-bcmath php-json

Run the following command to view the version of PHP:

php -v

The following command output indicates that PHP is installed:

PHP 8.0.30 (cli) (built: Aug  3 2023 17:13:08) ( NTS gcc x86_64 )
Copyright (c) The PHP Group
Zend Engine v4.0.30, Copyright (c) Zend Technologies

Modify the NGINX configuration file to enable PHP

Run the following command to back up the NGINX configuration file:
```
sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
```

Modify the NGINX configuration file to add support for PHP.

Important

If you do not add support for PHP, PHP pages cannot be displayed when you access the pages by using a web browser.

Run the following command to open the NGINX configuration file:
```
sudo vim /etc/nginx/nginx.conf
```
Press the I key to enter Insert mode.

Within the server braces, modify or add configuration information.

Retain the default values for all settings except the following settings:

Modify or add configuration information within the location / braces.

        location / {
            index index.php index.html index.htm;
        }

Modify or add configuration information within the location ~ .php$ braces.

        # Add the following information to allow NGINX to use Fast Common Gateway Interface (FastCGI) to process your PHP requests: 
        location ~ .php$ {
            root /usr/share/nginx/html;    # Replace /usr/share/nginx/html with your website root directory. In this example, /usr/share/nginx/html is used as the website root directory. 
            fastcgi_pass 127.0.0.1:9000;   # NGINX forwards your PHP requests to PHP FastCGI Process Manager (PHP-FPM) by using port 9000 of the ECS instance. 
            fastcgi_index index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include fastcgi_params;   # NGINX uses the FastCGI interface to process the PHP requests. 
        }

The following figure shows the added or modified configuration information. nginx配置文件

Press the Esc key, enter :wq, and then press the Enter key to save and close the configuration file.

Run the following command to start NGINX:
```
sudo systemctl start nginx 
```
Run the following command to configure NGINX to automatically start on system startup:
```
sudo systemctl enable nginx
```

Configure PHP

Create and modify the phpinfo.php file to display PHP information.
1. Run the following command to create the phpinfo.php file:
```
sudo vim <Website root directory>/phpinfo.php
```
  <Website root directory> is the root value enclosed inside the location ~ .php$ braces that you configured in the nginx.conf file, as shown in the following figure. In this example, the website root directory is /usr/share/nginx/html. Run the following command to create the phpinfo.php file:
```
sudo vim /usr/share/nginx/html/phpinfo.php
```
2. Press the I key to enter Insert mode.
3. Enter the following content. The phpinfo() function is used to show all configuration information of PHP.
```
<?php echo phpinfo(); ?>
```
4. Press the Esc key, enter :wq, and then press the Enter key to save and close the configuration file.
Run the following command to start PHP-FPM:
```
sudo systemctl start php-fpm
```
Run the following command to configure PHP-FPM to automatically start on system startup:
```
sudo systemctl enable php-fpm
```

Step 5: Test the connection to the LNMP stack

Open a web browser on your on-premises Windows computer or another Windows host that can access the Internet.
In the address bar, enter http://<Public IP address of the ECS instance>/phpinfo.php.
The page in the following figure indicates that the LNMP stack is deployed.

CentOS 8.x

NGINX 1.20.1
MySQL 8.0.26
PHP 7.4.19

Step 1: Disable the firewall and SELinux

Important

Connect to the ECS instance on which you want to deploy an LNMP stack.
For more information, see Connection method overview.
Disable the firewall.
1. Run the following command to view the status of the firewall:
```
systemctl status firewalld
```
  - If inactive is returned, the firewall is disabled. In this case, proceed to Step 3.
  - If active is returned, the firewall is enabled. In this case, proceed to Step 2.b.
2. Disable the firewall.
  - To temporarily disable the firewall, run the following command:
```
sudo systemctl stop firewalld
```
    Note
    After you run the preceding command, the firewall is temporarily disabled. When you restart the instance, the firewall is automatically enabled.
  - To permanently disable the firewall, perform the following steps:
    1. Run the following command to disable the firewall:
      sudo systemctl stop firewalld
    2. Run the following command to prevent the firewall from being automatically enabled on system startup:
      sudo systemctl disable firewalld
    Note
    You can re-enable the firewall after you disable the firewall. For more information, visit the official firewalld website.
Disable SELinux.
1. Run the following command to view the status of SELinux:
```
getenforce
```
  - If Disabled is returned, SELinux is disabled. In this case, proceed to Step 2: Install NGINX.
  - If Enforcing is returned, SELinux is enabled. In this case, proceed to Step 3.b.
2. Disable SELinux.
  You can temporarily or permanently disable SELinux based on your business requirements. For more information, see Enable or disable SELinux.

Step 2: Install NGINX

Note

Make sure that the instance can access the Internet.

Change the CentOS 8 repository address.
CentOS 8 reached EOL. In accordance with Linux community rules, all content was removed from the following CentOS 8 repository address: http://mirror.centos.org/centos/8/. If you continue to use the default CentOS 8 repository on Alibaba Cloud, an error is reported. To use specific installation packages of CentOS 8, change the CentOS 8 repository address. For more information, see Change CentOS 8 repository addresses.
Run the following command to install NGINX.
In this example, NGINX 1.20.1 is used.
Note
Go to the official NGINX website to view the list of NGINX packages suited for CentOS 8.
```
sudo dnf -y install https://nginx.org/packages/centos/8/x86_64/RPMS/nginx-1.20.1-1.el8.ngx.x86_64.rpm
```
Run the following command to view the version of NGINX:
```
nginx -v
```
The following command output shows the version of NGINX:
```
nginx version: nginx/1.20.1
```

Step 3: Install MySQL

Run the following command to install MySQL:
```
sudo dnf -y install @mysql
```
Run the following command to view the version of MySQL:
```
mysql -V
```
The following command output shows the version of MySQL:
```
mysql  Ver 8.0.26 for Linux on x86_64 (Source distribution)
```

Step 4: Install and configure PHP

Run the following commands to add and update the EPEL repository:
```
sudo dnf -y install epel-release
sudo dnf -y update epel-release
```
Run the following commands to delete the cached software packages that are no longer needed and update the software repository:
```
sudo dnf clean all
sudo dnf makecache
```
Run the follow command to enable PHP 7.4.
Note
In this example, PHP 7.4 is used. If you want to use PHP 8.0 or PHP 8.2, you must use the CentOS Stream operating system.
```
sudo dnf module enable php:7.4
```

Run the following command to install the PHP modules:

sudo dnf -y install php php-curl php-dom php-exif php-fileinfo php-fpm php-gd php-hash php-json php-mbstring php-mysqli php-openssl php-pcre php-xml libsodium

Run the following command to view the version of PHP:

php -v

The following command output shows the version of PHP:

PHP 7.4.19 (cli) (built: May  4 2021 11:06:37) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.19, Copyright (c), by Zend Technologies

Step 5: Configure NGINX

Run the following command to view the default path of the NGINX configuration file, and record the path:
```
cat /etc/nginx/nginx.conf
```
The include configuration item enclosed inside the http braces contains the default path of the configuration file.
Run the following commands to back up the default configuration file in the default path of the configuration file:
```
cd /etc/nginx/conf.d
sudo cp default.conf default.conf.bak
```

Modify the default configuration file.

Run the following command to open the default configuration file:
```
sudo vim default.conf
```
Press the I key to enter Insert mode.

Modify the following content within the location braces:

location / {
    # Replace the path with the root directory of your website. 
    root   /usr/share/nginx/html;
    # Add the default homepage index.php. 
    index  index.html index.htm index.php;
}

Remove the comment symbol (#) at the beginning of the location ~ \.php$ line and modify the content enclosed inside the braces.

Sample modifications:

location ~ \.php$ {
    # Replace the path with the root directory of your website. 
    root           /usr/share/nginx/html;
    # NGINX is associated with PHP-FPM by using UNIX sockets. This configuration must be the same as the listen configuration in the /etc/php-fpm.d/www.conf file. 
    fastcgi_pass   unix:/run/php-fpm/www.sock;
    fastcgi_index  index.php;
    # Change /scripts$fastcgi_script_name to $document_root$fastcgi_script_name. 
    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    # NGINX uses the FastCGI interface to process PHP requests. 
    include        fastcgi_params;
}

Note

The following methods can be used for inter-process communication between NGINX and PHP-FPM:

Use TCP sockets. NGINX can communicate with PHP-FPM across instances over the network.
Use UNIX domain sockets. NGINX can communicate with PHP-FPM only within the same instance. Communication across networks is not supported.

Press the Esc key, enter :wq, and then press the Enter key to save and close the configuration file.

Run the following command to start NGINX:
```
sudo systemctl start nginx
```
Run the following command to configure NGINX to automatically start on system startup:
```
sudo systemctl enable nginx
```

Step 6: Configure MySQL

Run the following command to start MySQL and configure MySQL to automatically start on system startup:
```
sudo systemctl enable --now mysqld
```
Run the following command to check whether MySQL is started:
```
sudo systemctl status mysqld
```
If the command output contains Active: active (running), MySQL is started.
Run the following command to configure security settings for MySQL and set the password:
```
sudo mysql_secure_installation
```
After you run the command, perform the following operations based on the command prompts:
1. Enter Y and press the Enter key to start the configuration process.
2. Enter 2 and press the Enter key as prompted for the password strength policy.
  0 indicates a weak password policy, 1 indicates a medium password policy, and 2 indicates a strong password policy. We recommend that you use a strong password policy.
3. Enter a new password for MySQL and confirm it.
  In this example, the password PASSword123! is used.
4. Enter Y and press the Enter key to confirm your password.
5. Enter Y and press the Enter key to delete anonymous users.
6. Specify whether to allow remote access to MySQL.
  - Enter Y and press the Enter key to deny remote access.
  - Enter N or a key other than Y and press the Enter key to allow remote access.
7. Enter Y and press the Enter key to delete the test database and the access permissions on the test database.
8. Enter Y and press the Enter key to reload privilege tables.

Step 7: Configure PHP

Modify the PHP configuration file.
1. Run the following command to open the configuration file:
```
sudo vim /etc/php-fpm.d/www.conf
```
2. Press the I key to enter Insert mode.
3. Find the user = apache and group = apache lines and change apache to nginx.
4. Press the Esc key, enter :wq, and then press the Enter key to save and close the configuration file.
Create and modify the phpinfo.php file to display PHP information.
1. Run the following command to create the phpinfo.php file:
```
sudo vim <Website root directory>/phpinfo.php
```
  <Website root directory> is the root value enclosed inside the location ~ .php$ braces that you configured in the nginx.conf file, as shown in the following figure. In this example, the website root directory is /usr/share/nginx/html. Run the following command to create the phpinfo.php file:
```
sudo vim /usr/share/nginx/html/phpinfo.php
```
2. Press the I key to enter Insert mode.
3. Enter the following content. The phpinfo() function is used to show all configuration information of PHP.
```
<?php echo phpinfo(); ?>
```
4. Press the Esc key, enter :wq, and then press the Enter key to save and close the configuration file.
Run the following command to start PHP-FPM:
```
sudo systemctl start php-fpm
```
Run the following command to configure PHP-FPM to automatically start on system startup:
```
sudo systemctl enable php-fpm
```

Step 8: Test the connection to the LNMP stack

Open a web browser on your on-premises physical machine.
In the address bar, enter http://<Public IP address of the ECS instance>/phpinfo.php.
The page in the following figure indicates that the LNMP stack is deployed.

What to do next

After you confirm that the LNMP stack is deployed, we recommend that you run the following command to delete the phpinfo.php file to prevent data leaks:

sudo rm -rf <Website root directory>/phpinfo.php

Replace <Website root directory> with the website root directory that you configured in the nginx.conf file.

In this example, the website root directory is /usr/share/nginx/html. Run the following command:

sudo rm -rf /usr/share/nginx/html/phpinfo.php

FAQ

Question 1: How do I install other NGINX versions?

Use a web browser to visit the NGINX open source community to obtain the download URLs for different NGINX versions.
Select the NGINX version that you want to install. In this example, NGINX 1.22.1 is used.
Connect to the ECS instance on which you want to deploy an LNMP stack.
For more information, see Connect to an instance by using VNC.

Run the following commands to install NGINX dependencies:

sudo yum install -y gcc-c++
sudo yum install -y pcre pcre-devel
sudo yum install -y zlib zlib-devel
sudo yum install -y openssl openssl-devel

Run the wget command to download NGINX 1.22.1.
You can obtain the URL of the NGINX installation package for the preceding NGINX version from the NGINX open source community. Then, run the wget URL command to download the NGINX installation package to the ECS instance. Sample command:
```
sudo wget http://nginx.org/download/nginx-1.22.1.tar.gz
```
Run the following commands to decompress the NGINX 1.22.1 installation package and go to the folder where NGINX is located:
```
sudo tar zxvf nginx-1.22.1.tar.gz
cd nginx-1.22.1
```

Run the following commands in sequence to compile the source code:

sudo ./configure \
 --user=nobody \
 --group=nobody \
 --prefix=/usr/local/nginx \
 --with-http_stub_status_module \
 --with-http_gzip_static_module \
 --with-http_realip_module \
 --with-http_sub_module \
 --with-http_ssl_module

sudo make && make install

Run the following commands to go to the sbin directory of NGINX and then start NGINX:
```
cd /usr/local/nginx/sbin/
sudo ./nginx
```
Use a web browser on your on-premises computer to access <Public IP address of the ECS instance>.
The page in the following figure indicates that NGINX is installed and started.

Question 2: How do I grant sudo permissions to a regular user?

Connect to a Linux instance as the root user.
For more information, see Connect to an instance by using VNC.
Run the following commands to create a regular user and specify a password for the user. In this example, the regular user is named test.
```
useradd test
passwd test
```
Run the following command to configure permissions on the /etc/sudoers file:
```
chmod 750 /etc/sudoers
```
Run the following command to edit the /etc/sudoers file:
```
vim /etc/sudoers
```
Press the I key to enter Insert mode and add the following configuration:
```
test ALL=(ALL)  NOPASSWD: ALL
```
Enter :wq and then press the Enter key to save and close the file.
Run the following command to switch to the test user:
```
su - test
```
Run the following command to view sudo permissions:
```
sudo cat /etc/redhat-release
```
The following command output indicates that sudo permissions are granted to the test user:
```
[test@iZbp1dqulfhozse3jbp**** ~]$ sudo cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
```