All Products
Search

This Product

    Elastic Compute Service:Manually deploy an LNMP stack

    Document Center

    Elastic Compute Service:Manually deploy an LNMP stack

    Last Updated:Jan 06, 2025

    This topic describes the steps to manually deploy an LNMP stack on an ECS instance.

    Prerequisites

    • A public IP address is automatically assigned to the ECS instance. Alternatively, an elastic IP address (EIP) is associated with the ECS instance. For instructions on how to enable public bandwidth, see Enable public bandwidth.

    • The inbound rules for the security group associated with the ECS instance permit traffic on ports 22 and 80. For more information, see how to add security group rules.

    • The ECS instance has a memory capacity of 4 GiB or more.

    Deploy an LNMP stack

    Alibaba Cloud Linux 3/CentOS 8

    Important

    The source repository located at http://mirror.centos.org/centos/8/ is no longer available. Continuing to use the default CentOS 8 configuration on Alibaba Cloud may result in errors. For guidance on changing your source repositories for CentOS 8 EOL, see How to switch sources for CentOS 8 EOL.

    1. Install NGINX from the official NGINX repository.

      Note

      By default, the latest stable version of NGINX is installed. If you require a specific version, you can search for available NGINX versions by executing sudo dnf search nginx --showduplicates. To install a particular version, such as 1.24.0, modify the installation command accordingly: sudo dnf -y install nginx-1.24.0.

      # Add the official NGINX repository to the system
sudo tee /etc/yum.repos.d/nginx.repo <<-'EOF'
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/8/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
# Install NGINX
sudo dnf -y install nginx
# Start the NGINX service and set it to start on boot
sudo systemctl start nginx
sudo systemctl enable nginx

    2. Install the MySQL database.

      Note

      To ensure compatibility with older versions of the OpenSSL library on Alibaba Cloud Linux 3, you can install the compat-openssl10 package.

      sudo yum install -y compat-openssl10
      # Add the official MySQL repository
sudo rpm -Uvh https://repo.mysql.com/mysql84-community-release-el8-1.noarch.rpm
# Install the MySQL service
sudo dnf install -y mysql-server
# Start the MySQL service and set it to start on boot
sudo systemctl start mysqld
sudo systemctl enable mysqld

      1. Retrieve the default initial password for the root user.

        • For instances running Alibaba Cloud Linux 3, execute the command below.

          echo $(PASSWORD=$(sudo grep 'temporary password' /var/log/mysqld.log); PASSWORD=${PASSWORD##* }; echo $PASSWORD)

        • For instances running CentOS 8, the root user does not have an initial password.

      2. To set a password for the root user of the MySQL service, replace <oldpwd> in the command with the initial password and <newpwd> with your new password. For instances running CentOS 8, replace <oldpwd> with an empty value and press Enter when prompted to bypass password input.

        Important

        The password policy mandates that passwords must include at least one uppercase letter, one lowercase letter, one digit, and one special character, and be a minimum of eight characters long.

        sudo mysqladmin -uroot -p'<oldpwd>' password '<newpwd>'

    3. Install PHP.

      Note

      By default, this topic utilizes PHP 8.4. Should you require a different version, you can change the module name to match the desired version (for instance, to install PHP 8.1, update the module name to php:remi-8.1).

      # Set the remi repository and enable php:remi-8.4
sudo rpm -Uvh http://mirrors.cloud.aliyuncs.com/remi/enterprise/remi-release-8.rpm  --nodeps
sudo dnf install -y yum-utils && sudo dnf module enable -y php:remi-8.4
# Install PHP, PHP-FPM, and MySQL extension modules
sudo dnf install -y php php-fpm php-mysqlnd
# Start the PHP-FPM service and set it to start on boot
sudo systemctl start php-fpm
sudo systemctl enable php-fpm

    4. Verify the LNMP stack.

      1. Retrieve the default listening address from the php-fpm configuration file.

        sudo grep '^listen =' /etc/php-fpm.d/www.conf

        • When a socket file address is returned, it indicates that PHP-FPM is configured to listen on socket files by default.

        • If the output is 127.0.0.1:9000, this signifies that PHP-FPM defaults to listening on local port 9000.

      2. You can use the tee command to modify the /etc/nginx/conf.d/default.conf file and insert PHP forwarding rules.

        Important

        If the php-fpm listening address is set to 127.0.0.1:9000, you must update the fastcgi_pass field in the configuration to 127.0.0.1:9000.

        sudo tee /etc/nginx/conf.d/default.conf <<-'EOF'
server {
    listen       80;
    server_name  localhost;
    root /usr/share/nginx/html;
    location / {
    index index.php index.html index.htm;
    }
    location ~ .php$ {
        root /usr/share/nginx/html;
        fastcgi_pass unix:/run/php-fpm/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}
EOF

      3. Restart NGINX to apply the configuration changes.

         sudo systemctl restart nginx

      4. You can create a PHP file named test.php in the /usr/share/nginx/html directory by using the tee command. To test the database connection, insert the necessary code into this file. Ensure you replace <username> with your database username and <password> with your database password.

        sudo tee /usr/share/nginx/html/test.php <<-'EOF'
<?php
$servername = "localhost";
$username = "<username>";
$password = "<password>";
$conn = new mysqli($servername, $username, $password);
if ($conn->connect_error) {
die("fail: " . $conn->connect_error);
}
echo "success\n";
?>
EOF

      5. Using a browser on a local physical machine, access http://ECS instance public IP/test.php. If the response is success, then the PHP proxy has been configured correctly and the MySQL database connection is established.

    Alibaba Cloud Linux 2/CentOS 7

    1. To install NGINX, use the official NGINX repository.

      Note

      By default, the latest stable version of NGINX is installed. If you require a specific version, execute sudo yum search nginx --showduplicates to find available versions. To install version 1.24.0, for instance, update the command to sudo yum -y install nginx-1.24.0.

      # Add the official NGINX repository to the system
sudo tee /etc/yum.repos.d/nginx.repo <<-'EOF'
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/7/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
EOF
# Install NGINX
sudo yum -y install nginx
# Start the NGINX service and set it to start on boot
sudo systemctl start nginx
sudo systemctl enable nginx

    2. Install the MySQL database service.

      # Add the official MySQL repository
sudo rpm -Uvh https://repo.mysql.com/mysql84-community-release-el7-1.noarch.rpm
# Install the MySQL server
sudo yum install -y mysql-server
# Start the MySQL service and set it to start on boot
sudo systemctl start mysqld
sudo systemctl enable mysqld

      1. Retrieve the default initial password for the MySQL root user.

        echo $(PASSWORD=$(sudo grep 'temporary password' /var/log/mysqld.log); PASSWORD=${PASSWORD##* }; echo $PASSWORD)

      2. To set a new password for the MySQL root user, replace <oldpwd> with the initial password and <newpwd> with your desired new password in the command.

        Important

        The password must be at least eight characters long and include at least one uppercase letter, one lowercase letter, one digit, and one special character, as per the password policy.

        sudo mysqladmin -uroot -p'<oldpwd>' password '<newpwd>'

    3. Proceed with the installation of PHP.

      # Set up the Remi repository and enable remi-php83
sudo rpm -Uvh http://mirrors.cloud.aliyuncs.com/remi/enterprise/remi-release-7.rpm  --nodeps
sudo yum install -y yum-utils && sudo yum-config-manager --enable   remi-php83
# Install PHP, PHP-FPM, and MySQL extension module
sudo yum install -y php php-fpm php-mysqlnd
# Start the PHP-FPM service and set it to start on boot
sudo systemctl start php-fpm
sudo systemctl enable php-fpm

    4. Confirm the LNMP stack is functioning correctly.

      1. Check the default listening address in the php-fpm configuration file.

        sudo grep '^listen =' /etc/php-fpm.d/www.conf

        • A socket file address indicates that PHP-FPM is configured to listen to socket files by default.

        • The return of 127.0.0.1:9000 signifies that PHP-FPM is set to listen on local port 9000 by default.

      2. You can edit the /etc/nginx/conf.d/default.conf file with the tee command to include PHP forwarding rules.

        Important

        Modify the rule 127.0.0.1:9000 to unix:<path> if the php-fpm listening address is a socket file address, replacing <path> with the actual socket file address.

        sudo tee /etc/nginx/conf.d/default.conf <<-'EOF'
server {
    listen       80;
    server_name  localhost;
    root /usr/share/nginx/html;
    location / {
            index index.php index.html index.htm;
    }
    location ~ .php$ {
            root /usr/share/nginx/html;
            fastcgi_pass 127.0.0.1:9000;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}
EOF

      3. Restart NGINX to apply the updated configuration settings.

         sudo systemctl restart nginx

      4. You can create a PHP file named test.php in the /usr/share/nginx/html directory by using the tee command. To test the database connection, insert the necessary code into this file. Ensure you replace <username> with your database username and <password> with your database password.

        sudo tee /usr/share/nginx/html/test.php <<-'EOF'
<?php
$servername = "localhost";
$username = "<username>";
$password = "<password>";
$conn = new mysqli($servername, $username, $password);
if ($conn->connect_error) {
die("fail: " . $conn->connect_error);
}
echo "success\n";
?>
EOF

      5. Using a browser on a local physical machine, access http://ECS instance public IP/test.php. If the response is success, then the PHP proxy has been configured correctly and the MySQL database connection is established.

    Ubuntu 20.04 and later

    1. Install NGINX from the official NGINX repository.

      # Update the system's installed software and package management tools
sudo apt update -y
# Necessary environment for NGINX installation
sudo apt install -y curl gnupg2 ca-certificates lsb-release ubuntu-keyring
# Import the official NGINX signature key
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
# Set the apt repository
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
# Install NGINX
sudo apt install -y nginx

    2. Update the software package list and install the MySQL server.

      sudo apt update -y && sudo apt install -y mysql-server

    3. Modify the password and identity authentication plug-in for the MySQL server root user. Replace <newpwd> in the command with your chosen password.

      Important

      The default identity authentication plug-in for the local root user is auth_socket. When prompted for a password after executing the command, press Enter to bypass.

      sudo mysql -uroot -p -e "ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY '<newpwd>';" -e "FLUSH PRIVILEGES;"

    4. Install PHP.

      Note

      Use sudo apt search php to find all available PHP versions. To install a specific version, change the version number in the command accordingly (for example, for PHP 8.1, use sudo apt install -y php8.1 php8.1-fpm php8.1-mysql).

      # Install the software-properties-common package and add the PPA repository ppa:ondrej/php
sudo apt update && sudo apt install -y software-properties-common && sudo add-apt-repository -y ppa:ondrej/php
# Install PHP 8.4 and related components, including FPM and MySQL extensions
sudo apt install -y php8.4 php8.4-fpm php8.4-mysql

    5. Verify the LNMP stack.

      1. Check the default listening address in the php-fpm configuration file. Substitute <version> with your PHP version (for instance, replace <version> with 8.4 for PHP 8.4).

        sudo grep '^listen =' /etc/php/<version>/fpm/pool.d/www.conf

        • A socket file address indicates PHP-FPM is set to listen to the socket file by default.

        • If 127.0.0.1:9000 is returned, PHP-FPM is configured to listen on local port 9000 by default.

      2. Utilize the tee command to modify the /etc/nginx/conf.d/default.conf file by adding PHP forwarding rules. Replace 'address' with your listener address; if using a socket file, prefix the address with unix:.

        Important

        If using a socket file, set the file permissions to allow read and write access with the command sudo chmod 666 <path>, substituting <path> with your socket file address.

        # Remove the default site configuration
sudo rm -f /etc/nginx/sites-enabled/*
# Write the configuration file
sudo tee /etc/nginx/conf.d/default.conf <<-'EOF'
server {
    listen       80;
    server_name  localhost;
    root /usr/share/nginx/html;
    location / {
            index index.php index.html index.htm;
    }
    location ~ .php$ {
            root /usr/share/nginx/html;
            fastcgi_pass <listen>;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}
EOF

      3. Restart the NGINX service to apply the configuration changes.

         sudo systemctl restart nginx

      4. You can create a PHP file named test.php in the /usr/share/nginx/html directory by using the tee command. To test the database connection, insert the necessary code into this file. Ensure you replace <username> with your database username and <password> with your database password.

        sudo tee /usr/share/nginx/html/test.php <<-'EOF'
<?php
$servername = "localhost";
$username = "<username>";
$password = "<password>";
$conn = new mysqli($servername, $username, $password);
if ($conn->connect_error) {
die("fail: " . $conn->connect_error);
}
echo "success\n";
?>
EOF

      5. Using a browser on a local physical machine, access http://ECS instance public IP/test.php. If the response is success, then the PHP proxy has been configured correctly and the MySQL database connection is established.

    FAQ

    Why am I unable to access the test.php page by using the public IP address of the ECS instance on which the page is hosted?

    Possible causes and solutions include port 80 not being open in the ECS instance's security groups, the system firewall being enabled, or port 80 being used by another service.

    If port 80 is closed in the ECS instance's security groups, the system firewall is activated, or another service is using port 80.

    For additional details, please refer to the referenced document.

    How do I allow remote access to MySQL?

    Create a non-root account to enable remote access to MySQL. For more information, see the referenced document.

    Where are the NGINX configuration and log files located?

    • By default, NGINX log files are stored in the /var/log/nginx/ directory.

    • By default, the main NGINX configuration file is located at /etc/nginx/nginx.conf.

    • By default, NGINX reads all additional configuration files bearing the .conf suffix located in the /etc/nginx/conf.d directory.