Deploy an LNMP stack (Linux, NGINX, MySQL, and PHP) - Elastic Compute Service

LNMP is one of the most common web server architectures. LNMP is an acronym for the names of the following open source components: Linux operating system, NGINX web server, MySQL relational database management system, and PHP programming language. LNMP can be used to run large-scale, high-concurrency web applications, such as e-commerce websites, social networking services, and content management systems. This topic describes how to deploy an LNMP stack of a specific version on an Elastic Compute Service (ECS) instance.

Prerequisites

The ECS instance on which you want to deploy an LNMP stack is assigned a public IP address by the system or is associated with an elastic IP address (EIP). For more information, see Associate one or more EIPs with an instance.
Inbound rules are added to a security group of the ECS instance to open ports 22 and 80. For information about how to add a security group rule, see Add a security group rule.
The memory size of the ECS instance is at least 4 GiB.

Deploy an LNMP stack

Alibaba Cloud Linux 3 and CentOS 8

Update the package manager.
```
sudo dnf update -y
```
Install NGINX from the official NGINX repository.
Important
All content was removed from the following CentOS 8 repository address: http://mirror.centos.org/centos/8/. If you continue to use the default CentOS 8 repository on Alibaba Cloud, an error is reported. For more information, see Change CentOS 8 repository addresses.
1. Specify the NGINX official repository address. Create the nginx.repo file in the /etc/yum.repos.d/ directory and add the following content to the file:
```
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/8/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/8/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
```
2. Install and start NGINX and configure NGINX to automatically start on system startup.
  Note
  By default, the latest stable version of NGINX is installed. If you have requirements for the NGINX version, run the sudo dnf search nginx --showduplicates command to search for the supported NGINX versions and add the number of the version that you want to install to the installation command. For example, if you want to install version 1.24.0, run the sudo dnf -y install nginx-1.24.0 command.
```
sudo dnf -y install nginx
sudo systemctl start nginx
sudo systemctl enable nginx
```
Install MySQL.
1. Add an official MySQL repository.
  Note
  If your instance runs Alibaba Cloud Linux 3, you must install compat-openssl10.
```
sudo yum install -y compat-openssl10
```
```
sudo rpm -Uvh https://repo.mysql.com/mysql84-community-release-el8-1.noarch.rpm
```
2. Install and start MySQL and configure MySQL to automatically start on system startup.
```
sudo dnf install -y mysql-server
sudo systemctl start mysqld
sudo systemctl enable mysqld
```
3. Query the default initial password of the root user.
```
echo $(PASSWORD=$(sudo grep 'temporary password' /var/log/mysqld.log); PASSWORD=${PASSWORD##* }; echo $PASSWORD)
```
4. Specify a new password for the root user of MySQL. Replace <oldpwd> in the following command with the initial password and <newpwd> with the password that you want to specify for the root user.
  Important
  The password policy requires that a password must contain at least one uppercase letter, one lowercase letter, one digit, and one special character and be at least eight characters in length.
```
sudo mysqladmin -uroot -p'<oldpwd>' password <newpwd>
```
Install PHP.
1. Specify the remi repository and enable the php:remi-8.4 module.
  Note
  In this example, PHP 8.4 is used. If you have requirements for the PHP version, change the module name based on the PHP version that you want to install. For example, if you want to install PHP 8.1, change the module name to php:remi-8.1.
```
sudo rpm -Uvh https://mirrors.aliyun.com/remi/enterprise/remi-release-8.rpm  --nodeps
sudo dnf module enable -y php:remi-8.4
```
2. Install PHP, PHP FastCGI Process Manager (PHP-FPM), and the MySQL extension. Start PHP-FPM and configure PHP-FPM to automatically start on system startup.
```
sudo dnf install -y php php-fpm php-mysqlnd
sudo systemctl start php-fpm
sudo systemctl enable php-fpm
```
Verify the LNMP stack.
1. Query the default listening address of PHP-FPM in the configuration file.
```
sudo grep 'listen =' /etc/php-fpm.d/www.conf
```
  - If the socket file address is returned, PHP-FPM listens to socket files by default.
  - If 127.0.0.1:9000 is returned, PHP-FPM listens on local port 9000 by default.
2. Edit the /etc/nginx/conf.d/default.conf file and configure PHP forwarding rules in the server section.
  Important
  If the listening address of PHP-FPM is 127.0.0.1:9000, set the fastcgi_pass parameter to 127.0.0.1:9000.
```
location / {
    index index.php index.html index.htm;
}
location ~ .php$ {
    root /usr/share/nginx/html;
    fastcgi_pass unix:/run/php-fpm/www.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
}
```
3. Restart NGINX for the changes in the configuration file to take effect.
```
 sudo systemctl restart nginx
```
4. Create the test.php file in the /usr/share/nginx/html directory and add the following content to the file. Replace <username> with the database username and <password> with the database password.
```
<?php
$servername = "localhost";
$username = "<username>";
$password = "<password>";

$conn = new mysqli($servername, $username, $password);
 
if ($conn->connect_error) {
    die("fail: " . $conn->connect_error);
} 
echo "success\n";
?>
```
5. Enter http://<Public IP address of the ECS instance>/test.php in the address bar of a web browser on your on-premises machine. If success is returned, you are connected to the MySQL database by using the PHP proxy.

Alibaba Cloud Linux 2 and CentOS 7

Update the package manager.
```
sudo yum update -y
```
Install NGINX from the official NGINX repository.
1. Specify the NGINX official repository address. Create the nginx.repo file in the /etc/yum.repos.d/ directory and add the following content to the file:
```
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/7/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
```
2. Install and start NGINX and configure NGINX to automatically start on system startup.
  Note
  By default, the latest stable version of NGINX is installed. If you have requirements for the NGINX version, run the sudo yum search nginx --showduplicates command to search for the supported NGINX versions and add the number of the version that you want to install to the installation command. For example, if you want to install version 1.24.0, run the sudo yum -y install nginx-1.24.0 command.
```
sudo yum -y install nginx
sudo systemctl start nginx
sudo systemctl enable nginx
```
Install MySQL.
1. Add an official MySQL repository.
```
sudo rpm -Uvh https://repo.mysql.com/mysql84-community-release-el7-1.noarch.rpm
```
2. Install and start MySQL and configure MySQL to automatically start on system startup.
```
sudo yum install -y mysql-server
sudo systemctl start mysqld
sudo systemctl enable mysqld
```
3. Query the default initial password of the root user.
```
echo $(PASSWORD=$(sudo grep 'temporary password' /var/log/mysqld.log); PASSWORD=${PASSWORD##* }; echo $PASSWORD)
```
4. Specify a new password for the root user of MySQL. Replace <oldpwd> in the following command with the initial password and <newpwd> with the password that you want to specify for the root user.
  Important
  The password policy requires that a password must contain at least one uppercase letter, one lowercase letter, one digit, and one special character and be at least eight characters in length.
```
sudo mysqladmin -uroot -p'<oldpwd>' password <newpwd>
```

Install PHP.

Specify the remi repository and enable the remi-php83 module.

sudo rpm -Uvh https://mirrors.aliyun.com/remi/enterprise/remi-release-7.rpm  --nodeps
sudo yum-config-manager --enable   remi-php83

Install PHP, PHP-FPM, and the MySQL extension. Start PHP-FPM and configure PHP-FPM to automatically start on system startup.
```
sudo yum install -y php php-fpm php-mysqlnd
sudo systemctl start php-fpm
sudo systemctl enable php-fpm
```

Verify the LNMP stack.
1. Query the default listening address of PHP-FPM in the configuration file.
```
sudo grep 'listen =' /etc/php-fpm.d/www.conf
```
  - If the socket file address is returned, PHP-FPM listens to socket files by default.
  - If 127.0.0.1:9000 is returned, PHP-FPM listens on local port 9000 by default.
2. Edit the /etc/nginx/conf.d/default.conf file and configure PHP forwarding rules in the server section.
  Important
  If the listening address of PHP-FPM is the socket file address, change 127.0.0.1:9000 to unix:<path>. Replace <path> with your socket file address.
```
location / {
    index index.php index.html index.htm;
}
location ~ .php$ {
    root /usr/share/nginx/html;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
}
```
3. Restart NGINX for the changes in the configuration file to take effect.
```
 sudo systemctl restart nginx
```
4. Create the test.php file in the /usr/share/nginx/html directory and add the following content to the file. Replace <username> with the database username and <password> with the database password.
```
<?php
$servername = "localhost";
$username = "<username>";
$password = "<password>";

$conn = new mysqli($servername, $username, $password);
 
if ($conn->connect_error) {
    die("fail: " . $conn->connect_error);
} 
echo "success\n";
?>
```
5. Enter http://<Public IP address of the ECS instance>/test.php in the address bar of a web browser on your on-premises machine. If success is returned, you are connected to the MySQL database by using the PHP proxy.

Ubuntu 20.04 and later

Install NGINX from the official NGINX repository.
1. Install the dependencies required by NGINX.
```
sudo apt install -y curl gnupg2 ca-certificates lsb-release ubuntu-keyring
```
2. Import an official NGINX signature key.
```
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
```
3. Specify the Advanced Packaging Tool (APT) repository.
```
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
```
4. Update the software package list and install NGINX.
  Note
  By default, the latest stable version of NGINX is installed. If you have requirements for the NGINX version, run the sudo apt list -a nginx command to search for the supported NGINX versions and add the number of the version that you want to install to the installation command. For example, if you want to install the 1.22.1-1~focal version, run the sudo apt install -y nginx=1.22.1-1~focal command.
```
sudo apt update -y && sudo apt install -y nginx
```
Install MySQL and configure a password for the MySQL database.
1. Update the software package list and install the MySQL server.
```
sudo apt update -y && sudo apt install -y mysql-server
```
2. Change the listening address in the MySQL configuration file from 127.0.0.1 (MySQL listens only for local connections) to 0.0.0.0 (MySQL listens for connections on all available network interfaces) to allow remote connection to the MySQL server.
```
sudo sed -i "s/127.0.0.1/0.0.0.0/" /etc/mysql/mysql.conf.d/mysqld.cnf
```
3. Change the value of the Host field for the root user from localhost to % to allow the user to connect to MySQL from any address. Change the password and identity authentication plug-in used by the root user. Replace <newpwd> in the following command with the actual password.
  Important
  The default identity authentication plug-in for the root user is auth_socket. If you are prompted to enter a password after the command is run, press the Enter key to proceed to the next step.
```
sudo mysql -uroot -p -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY '<newpwd>';" -e "UPDATE mysql.user SET Host='%' WHERE User='root' AND Host='localhost';" -e "FLUSH PRIVILEGES;"
```
4. Restart MySQL for the configurations to take effect.
```
sudo systemctl restart mysql
```
Install PHP.
1. Update software packages, install the software-properties-common package, and then add the ppa:ondrej/php Personal Package Archive (PPA) repository.
```
sudo apt update && sudo apt install -y software-properties-common && sudo add-apt-repository -y ppa:ondrej/php
```
2. Install PHP 8.4 and related components, including PHP-FPM and the MySQL extension.
  Note
  Run the sudo apt search php command to query all PHP versions that you can install. If you want to install a different PHP version, replace the version number in the following command with the actual version number. For example, if you want to install PHP 8.1, run the sudo apt install -y php8.1 php8.1-fpm php8.1-mysql command.
```
sudo apt install -y php8.4 php8.4-fpm php8.4-mysql
```
Verify the LNMP stack.
1. Query the default listening address of PHP-FPM in the configuration file. Replace <version> with your actual PHP version. For example, if you use PHP 8.4, replace <version> with 8.4.
```
sudo grep '^listen =' /etc/php/<version>/fpm/pool.d/www.conf
```
  - If the socket file address is returned, PHP-FPM listens to socket files by default.
  - If 127.0.0.1:9000 is returned, PHP-FPM listens on local port 9000 by default.
2. Edit the /etc/nginx/conf.d/default.conf file and configure PHP forwarding rules in the server section. Replace <listen> with your actual listening address. If the socket file address is used as the listening address, add the unix: prefix to the address.
  Important
  To listen to socket files, your account must have the read and write permissions on socket files. You can run the sudo chmod 666 <path> command to grant the preceding permissions. Replace <path> with your actual socket file address.
```
location / {
    index index.php index.html index.htm;
}
location ~ .php$ {
    root /usr/share/nginx/html;
    fastcgi_pass <listen>;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
}
```
3. Restart NGINX for the changes in the configuration file to take effect.
```
 sudo systemctl restart nginx
```
4. Create the test.php file in the /usr/share/nginx/html directory and add the following content to the file. Replace <username> with the database username and <password> with the database password.
```
<?php
$servername = "localhost";
$username = "<username>";
$password = "<password>";

$conn = new mysqli($servername, $username, $password);
 
if ($conn->connect_error) {
    die("fail: " . $conn->connect_error);
} 
echo "success\n";
?>
```
5. Enter http://<Public IP address of the ECS instance>/test.php in the address bar of a web browser on your on-premises machine. If success is returned, you are connected to the MySQL database by using the PHP proxy.

FAQ

Q1: Why am I unable to access the test.php page by using the public IP address of the ECS instance on which the page is hosted?

Possible causes and solutions:

Port 80 is not open in the security groups of the ECS instance, the system firewall is enabled on the ECS instance, or port 80 is used by a different service.

For information about how to troubleshoot the issue based on the preceding causes, see What do I do if I cannot access a service deployed on an instance?

Q2: How do I allow remote access to MySQL?

Create a non-root account and allow remote access to MySQL by using the account. For more information, see Deploy MySQL on a Linux instance.