How to install LEMP stack (Linux, Nginx, MySQL, PHP-FPM) on CentOS7

A LEMP (Linux, Nginx, MySQL, PHP+Fast-CGI Process Manager) stack is the second most popular after LAMP way setup the web server for hosting web content. Nginx is known for its stability, rich feature set, simple configuration, and low resource consumption. This tutorial shows how you can install Nginx with PHP support through Fast-CGI Process Manager.

We would like to inform you that we do not provide further support for non-cPanel configurations, so further management should be provided solely at your end.

All commands should be performed under root access on a 'blank' operation system only. You can install clean OS using VPS Management console or IMPI for dedicated servers. Also you can submit a ticket to Hosting – VPS and Dedicated servers department so that our technicians re-install the required OS (in this case it is CentOS7.0) at their end. Below you can see VPS Management panel example:




1. System update and password change
2. Nginx and PHP installation
3. Starting and Configuring Nginx
4. Install MariaDB server
5. Add your website or setup server blocks (Nginx virtual hosts)



1. System update and password change

First clean yum, then update the operation system to the latest version using:

yum clean all
yum update


Yum is a CentOS package installer, each time we use it, we see this window:



If you see Complete! at the end running yum update, everything is okay.

Force a SELinux filesystem relabel at next boot:

restorecon -r /



You may want to change the default root password provided in the hosting welcome email. Make sure that the password is secure enough and you keep it in safe place. Hostname should be some subdomain you do not plan to use for the website. By default it is set as server1.yourdomain.tld, but you can change it anytime later.

Password change is done using passwd command. Hostname can be checked using hostname command:



In this example we are planning to build http://nctest.com website and our hostname is server1.nctest.com.

Reboot the server:

reboot



After the server is rebooted we can check upgraded kernel and CentOS version:

uname -r
cat /etc/redhat-release




You may find a rare minor bug after reboot which doesn’t affect further stability:



Just start the service again running:

systemctl start systemd-journald.service

Status of each systemd process can be checked similar to CentOS6 init but using systemctl:

systemctl status




2. Nginx and PHP installation

Nginx is not included in CentOS7 repository by default, so we install Webtatic Yum repository which is a CentOS/RHEL repository containing updated web-related packages and Extra Packages for Enterprise Linux (or EPEL) first. EPEL for Nginx and Webstatic for newer PHP versions support.

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm



And install Nginx using:

yum install nginx

You will need to install the CentOS RPM signing key that is used to sign packages, just type y:



After it is completed, you should see this message:



Then we will install PHP with MySQL and PHP-FPM support:

At the moment default CentOS 7 repositories include PHP 5.4.16 version. However, this PHP version already considered to be outdated, up to date version is 5.6. We suggest checking scripts you are going to install to consider what PHP version you need.

Thus, running this command we will install PHP 5.4.16, in case you need another one, check other options below:

yum install php php-mysql php-fpm

Successful installation looks like on the screenshot below. After an installation we checked php version installed using:

php -v



Installation of another PHP version

No need to worry in case you need another PHP version. We included Webstatic repository before which contains 5.5-7.0 PHP versions.

Checking with the command yum search php, we can find that new PHP packages like php55w, php56w even new php70w are also included. Do not forget to install phpXXw-fpm module.

For example, to install PHP5.5 instead of default 5.4 on CentOS7 we run:

yum install php55w php55w-mysql php55w-opcache php55w-fpm


The same for other PHP versions which will be relevant both both CentOS versions. 5.5 - 7.0 versions include bundled Zend Opcache module so it will be reasonable to install it too:

PHP v5.6: yum install php56w php56w-opcache php56w-mysql php56w-fpm

PHP v7.0: yum install php70w php70w-opcache php70w-mysql php70w-fpm

Packages are outside default CentOS repositories, during the installation you’ll need to import a security key:



The example of successful installation. We installed PHP5.6 here and then checked PHP version using php -v:



Additional PHP modules installation

If you find that some required modules missing, you can list available modules using:

yum search php

In case you have other than 5.3 PHP version it will be reasonable to exclude modules for other version by changing php to phpXX depends on what version you use. For example, for PHP5.6 you need to use yum search php56w command. Yum will show all modules starting from php:



To install a module you need enter:

yum install

where <php-module> is full name of module to install:



To install several modules at once you need to separate the name of each module with a space, like:

yum install php-cli.x86_64 php-common.x86_64 php-dba.x86_64


3. Starting and Configuring Nginx

First we need some modifications to connect configure Nginx with FastCGI.

Open /etc/php.ini PHP main configuration file and find cgi.fix_pathinfo.

We can use nano text editor to modify the file:

nano /etc/php.ini

Change cgi.fix_pathinfo=1 to cgi.fix_pathinfo=0



File is huge, however, you can use these combinations to easily find the requested line: hit Ctrl+V to jump to the next page, Ctrl+W combination allows searching.

Save the file hitting Ctrl+O, Enter and then close it with Ctrl+X.

1 value of cgi.fix_pathinfo will allow searching for the file that is as near to the requested file as possible which in turn may allow non-PHP files to be executed as PHP. It is a possible security risk. 0 causes the PHP interpreter to only try the literal path given and to stop processing if the file is not found. You can find more information here.

Then open Nginx mail configuration file:

nano /etc/nginx/nginx.conf

NGINX can run multiple worker processes, each capable of processing a large number of simultaneous connections. In most cases, running one worker process per CPU core works well, but, we recommend setting auto. In this example we have a server with 2 CPU cores, so set 2.

Worker_connections is a maximum number of connections that each worker process can handle simultaneously. Value between 512 and 1024 is fine:



Nearly every browser supports receiving compressed content so we definitely want to turn that on. Find gzip statement and copy these lines at the end of the file. Be careful with {} signs order:

gzip on;
gzip_min_length 1000;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;




Save and close the file. Then edit php-fpm configuration file:

nano /etc/php-fpm.d/www.conf

First we force php-fpm to listen on Unix socket instead of TCP which should be slightly faster.

listen 127.0.0.1:9000 should be changed to listen = '/var/run/fastcgi.sock'



Then set set Nginx user and group as by default it contains Apache settings which we do not need:



Also we set permissions for Unix socket to the same nginx user and set 0660 permissions for it:



Save and close the file.

Start Nginx server and php-fpm service:

systemctl start nginx
systemctl start php-fpm


And enable auto load of both after the server startup:

systemctl enable nginx
systemctl enable php-fpm


Than add firewalls exceptions for http ports:

firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --reload




In case domain name is pointed to the server you can check Apache start page. Otherwise, you can enter the server IP in browser. Don’t be confused with 'on Fedora' message. EPEL package we used to install Nginx is Fedora project so the same welcome page is used:




4. Install MariaDB server

We use the same Yum installer. On CentOS7 it is reasonable to install native MariaDB package instead of standard MySQL. The goal for Maria-DB is to be a drop-in replacement for MySQL – with more features and better performance:

yum install mariadb-server

Once done check MySQL version installed and start MySQL service:

systemctl start mariadb
systemctl enable mariadb




mysql -V



MariaDB server has its own root user with different password. So we need to set root MySQL password:

/usr/bin/mysql_secure_installation

As we do not have any MySQL password set yet, you need to press Enter when it asks for the current root password and set a new one. MariaDB has its own root user:



Answer y when it prompts you to:
Set root password? [Y/n]
New password: Enter
Re-enter new password: Enter
Remove anonymous users? [Y/n]
Disallow root login remotely? [Y/n]
Remove test database and access to it? [Y/n]
Reload privilege tables now? [Y/n]

At the end it you should see Thanks for using MariaDB!



You can launch MySQL command line using this command:

mysql -u root -p

And enter MySQL password which you have just set:



Below you can find the most useful MySQL commands:

Create database:

CREATE DATABASE databasename;

databasename should be a database you wish to create. You better not use space in the name. In this example we use wp database and wpuser user:



Create user and grant it all permissions:

GRANT ALL ON databasename.* TO user@localhost IDENTIFIED BY 'password';


Change databasename, sqluser and password to your own. The command GRANT ALL assigns all privileges (read, delete, modify or add data) to that user for only this database:



Do not forget to save username and password. You will need it to connect your website to MySQL database.

Database you created can be listed using:

show databases;



Type quit to close MariaDB console.


5. Add your website or setup server blocks (Nginx virtual hosts)

Basically we need to create a folder to upload a specific website files and tell Nginx where specific host files are located. Replace domain.com with your actual domain name. Do this in all part of this tutorial.

Switch to the root directory of the server and create a website folder. Once created, we need to change ownership permissions to the Nginx user (each service has its own user) and set appropriate www folder permissions of 755:

cd /

mkdir -p /var/www/domain.com/public_html

chown -R nginx:nginx /var/www/domain.com/public_html

chmod 755 /var/www


In example below we used nctest.com:



Nginx fetches server blocks (virtual hosts) from /etc/nginx/conf.d folder by default. So everything you need is to create a configuration file with your first host there. You can set any name for it, but, sure to avoid any confusion further it is a good idea to set an appropriate name. For example, website name + conf part. In this example we will create a configuration file for nctest.com (and www.nctest.com alias):

nano /etc/nginx/conf.d/nctest.com.conf

Server block lines look like, paste to the opened file and modify hostname and folder path (we marked fields to modify in green):

  server {
    listen 80;
    server_name nctest.com www.nctest.com;

  location / {
    root /var/www/nctest.com/public_html;
    index index.php index.html index.htm;

   }

# Pass all .php files onto a php-fpm/php-fcgi server.
location ~ \.php$ {

   fastcgi_split_path_info ^(.+\.php)(/.+)$;
if (!-f /var/www/nctest.com/public_html$fastcgi_script_name) {
    return 404;

    }
  include fastcgi_params;
  fastcgi_index index.php;
  fastcgi_param SCRIPT_FILENAME /var/www/nctest.com/public_html$fastcgi_script_name;
  fastcgi_pass unix:/var/run/fastcgi.sock;
     }

  }
More detailed explanation:



In case we need another hostname to be hosted, we repeat the same: creating the directory, setting correct owner and permissions for it and creating another configuration file in /etc/nginx/conf.d

Each time modifying anything in /etc/nginx folder we restart nginx:

service nginx restart



That is all! You can place some index file to the folder you created for the website and check the page in browser:

nano /var/www/domain.com/public_html/index.php

Let's create phpinfo() page to check either server block we set and PHP configuration:

<php
phpinfo();
phpinfo(INFO_MODULES);
?>




We can test some PHP template like WordPress. Change directory to your website directory which was set previously:

cd /var/www/nctest.com/public_html

Make sure that you delete index.php file with phpinfo() in case you created a test page previously. File can be removed by using:

rm -f index.html

Then run these commands:

wget http://wordpress.org/latest.tar.gz
tar --strip-components=1 -xvf latest.tar.gz
rm -f latest.tar.gz


Set correct ownership for the website folder again as wget uploaded files with nginx permissions instead of root:

sudo chown -R nginx:nginx /var/www/domain.com/public_html

Then you can access your website at link like http://nctest.com/wp-admin/setup-config.php and complete the installation by filling MySQL database details.

More advanced WordPress+Nginx configurations can be checked here.

However, this is already not the part of this tutorial, each CMS has its own configuration.


That's it!

              
                      Need any help? Contact our HelpDesk

Comments

We welcome your comments, questions, corrections and additional information relating to this article. Your comments may take some time to appear. Please be aware that off-topic comments will be deleted.

If you need specific help with your account, feel free to contact our Support Team. Thank you.

Need help? We're always here for you.

× Close