LNMP is one of the mainstream website server architectures and suitable for running large-scale and high-concurrency website applications, such as e-commerce websites, social networks, and content management systems. LNMP is an acronym for the names of the following open source components: Linux operating system, NGINX web server, MySQL relational database management system, and PHP programming language. This topic describes how to deploy an LNMP stack on an Elastic Compute Service (ECS) instance that runs Ubuntu 20 or Ubuntu 22.
Prerequisites
An ECS instance that meets the following requirements is created:
The instance is associated with a static public IP address (also called auto-assigned or system-assigned public IP address) or an elastic IP address (EIP).
The instance runs Ubuntu 20.04 or Ubuntu 22.04.
Inbound rules are added to a security group of the instance to open ports 22, 80, and 443. For information about how to add an inbound security group rule, see Add a security group rule.
ImportantFor security reasons, this topic describes only the ports on which traffic must be allowed to deploy and test an LNMP stack. You can configure security group rules to allow traffic on more ports based on your business requirements. For example, if you want to connect to a MySQL database on an ECS instance, configure an inbound rule in a security group of the instance to allow traffic on port 3306, which is the default port for MySQL.
Step 1: Disable the firewall
To prevent unexpected risks, we recommend that you perform operations as a regular user instead of an administrator. If the regular user does not have sudo permissions, grant the permissions to the user. For more information, see the "How do I grant sudo permissions to a regular user?" question in the FAQ section of this topic.
Connect to the ECS instance on which you want to deploy an LNMP stack.
For more information, see Connection method overview.
Disable the firewall on the instance operating system.
Run the following command to check the status of the firewall:
sudo ufw status
If the firewall is disabled, Status: inactive is displayed in the command output.
If the firewall is enabled, Status: active is displayed in the command output.
(Optional) Disable the firewall.
If the firewall is enabled, run the following command to disable the firewall and configure the firewall not to start on instance startup:
sudo ufw disable
NoteIf you want to re-enable the firewall after the firewall is disabled and configure the firewall to start on instance startup, run the sudo ufw enable command.
Step 2: Install NGINX
Run the following command to update software packages in the Ubuntu operating system:
sudo apt update
Run the following command to install NGINX:
sudo apt -y install nginx
Run the following command to view the version of NGINX:
nginx -v
A command output similar to the following one indicates that NGINX is installed:
nginx version: nginx/1.18.0 (Ubuntu)
Step 3: Install and configure MySQL
Install MySQL.
Run the following command to install MySQL:
sudo apt -y install mysql-server
Run the following command to view the version of MySQL:
mysql -V
A command output similar to the following one indicates that MySQL is installed:
mysql Ver 8.0.36-0ubuntu0.20.04.1 for Linux on x86_64 ((Ubuntu))
Configure MySQL.
Run the following command to connect to MySQL:
sudo mysql
Run the following command to set the password of the root user:
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password by 'mynewpassword';
In this example, the password is set to
Mysql@1234
. Sample command:ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password by 'Mysql@1234';
Run the following command to exit MySQL:
exit;
Run the following command to configure the security settings of MySQL:
sudo mysql_secure_installation
Follow the command line instructions to configure the following settings in sequence.
Enter the password of the root user. In this example, the password
Mysql@1234
is used.root@iZbp19jsi7s0g7m4zgc****:~# sudo mysql_secure_installation Securing the MySQL server deployment. Enter password for user root:
NoteFor security reasons, no command output is returned when you enter a password. You need to only enter the correct password and press the Enter key.
Enter Y to configure a password strength policy.
VALIDATE PASSWORD COMPONENT can be used to test passwords and improve security. It checks the strength of password and allows the users to set only those passwords which are secure enough. Would you like to setup VALIDATE PASSWORD component? Press y|Y for Yes, any other key for No: Y
Set the password strength value as prompted.
In this example, a value of 2 is used.
Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 2
Enter Y to change the password of the root user.
Change the password for root ? ((Press y|Y for Yes, any other key for No) : Y
Enter the password of the root user.
New password: Re-enter new password: Estimated strength of the password: 100
Enter Y to confirm the new password.
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : Y
Enter Y to delete the autonomous user that comes with MySQL.
By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y
Enter Y to deny remote access by the root user to MySQL.
Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y
Enter Y to remove the test database.
By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? (Press y|Y for Yes, any other key for No) :
Enter Y to reload privilege tables.
Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y
If All done! is displayed in the command output, the configuration is complete.
Check whether you can log on to MySQL.
Run the following command to log on to MySQL:
sudo mysql -uroot -p
At the Enter password: prompt, enter the password that you set for MySQL.
NoteFor data security purposes, no output is returned when you enter a password. You need only to enter the correct password and then press the Enter key.
A command output similar to the following one indicates that you are logged on to MySQL:
Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 11 Server version: 8.0.36-0ubuntu0.22.04.1 (Ubuntu) Copyright (c) 2000, 2024, Oracle and/or its affiliates. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>
Run the following command to exit MySQL:
exit;
Step 4: Install and configure PHP
Install PHP.
Run the following command to install PHP:
sudo apt -y install php-fpm
Run the following command to view the version of PHP:
php -v
A command output similar to the following one indicates that PHP is installed:
Ubuntu 22.04
PHP 8.1.2-1ubuntu2.17 (cli) (built: May 1 2024 10:10:07) (NTS) Copyright (c) The PHP Group Zend Engine v4.1.2, Copyright (c) Zend Technologies with Zend OPcache v8.1.2-1ubuntu2.17, Copyright (c), by Zend Technologie
Ubuntu 20.04
PHP 7.4.3-4ubuntu2.22 (cli) (built: May 1 2024 10:11:33) ( NTS ) Copyright (c) The PHP Group Zend Engine v3.4.0, Copyright (c) Zend Technologies with Zend OPcache v7.4.3-4ubuntu2.22, Copyright (c), by Zend Technologies
Modify the NGINX configuration file to support PHP.
Run the following command to open the NGINX configuration file:
sudo vim /etc/nginx/sites-enabled/default
Press the
I
key to enter Insert mode to modify the file.Find the configuration line that starts with
index
within theserver
braces and addindex.php
to the line.Find
location ~ \.php$ {}
within theserver
braces and delete the annotation character (#) from the following configuration lines within the location ~ \.php$ braces:Ubuntu 22.04
location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; }
Ubuntu 20.04
location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; }
Press the
Esc
key to exit Insert mode, enter:wq
, and then press the Enter key to save and close the file.Run the following command to restart NGINX:
sudo systemctl restart nginx.service
Configure PHP.
Run the following command to create a phpinfo.php file in the NGINX website root directory:
sudo vim <Website root directory>/phpinfo.php
<Website root directory> is a variable, which can be viewed in the NGINX configuration file. In this topic, the NGINX configuration file is the default /etc/nginx/sites-enabled/default file. You can run the cat /etc/nginx/sites-enabled/default command to view the file content. A command output similar to the following one indicates that the NGINX website root directory is
/var/www/html
.sudo vim /var/www/html/phpinfo.php
Press the I key to enter Insert mode and add the following configuration to the phpinfo.php file.
The
phpinfo()
function is used to show all configuration information of PHP.<?php echo phpinfo(); ?>
Press the Esc key to exit Insert mode, enter
:wq
, and then press the Enter key to save and close the file.Run the following command to start PHP.
Ubuntu 22.04
sudo systemctl start php8.1-fpm
Ubuntu 20.04
sudo systemctl start php7.4-fpm
Step 8: Test the connection to the PHP configuration page
Open a browser on your on-premises Windows computer or another Windows host that can access the Internet.
In the address bar of the browser, enter
http://<Public IP address of the ECS instance>/phpinfo.php
.If the page shown in the following figure is displayed, the LNMP stack is deployed.
Ubuntu 22.04
Ubuntu 20.04
What to do next
After the LNMP stack is deployed, we recommend that you delete the phpinfo.php test file to prevent data leaks.
sudo rm -rf <Website root directory>/phpinfo.php
In this example, the website root directory /var/www/html
is used. Run the following command to delete the test file:
sudo rm -rf /var/www/html/phpinfo.php
References
You can deploy an LNMP stack on an ECS instance that runs Alibaba Cloud Linux 2, Alibaba Cloud Linux 3, CentOS 7, or CentOS 8. For more information, see Deploy an LNMP stack on an Alibaba Cloud Linux 2, Alibaba Cloud Linux 3, CentOS 7, or CentOS 8 instance.