Installing a LEMP stack on Ubuntu Server with Server Blocks

This article will cover installing Nginx (with HTTPS), PHP and Mysql on a Ubuntu 17.10 Server. The first step is to install Ubuntu Server, my installation was done on a virtual machine within Hyper-V however the installation should be the same for pretty much every scenario. SSH was installed when prompted during the installation and LEMP wasn’t (just so it could be covered in more detail here).

All commands will be performed via SSH however you can just run these directly.

Install Nginx

sudo apt-get install nginx

As part of installing nginx you should configure the firewall, see this link for help with that. From this point onwards we will assume this has been done correctly.
Create new Directory for new site

My nginx server will host multiple different sites, because of this we will do things slightly different. We will setup virtual hosts for each site so each site needs a directory.

sudo mkdir -p /var/www/example.com/public_html

Set permissions

sudo chown -R tom:www-data /var/www/example.com/public_html
sudo chmod 755 /var/www

Create the Page

sudo nano /var/www/example.com/public_html/index.html
<html>
  <head>
    <title>www.example.com</title>
  </head>
  <body>
    <h1>Success: You Have Set Up a Virtual Host</h1>
  </body>
</html>

Create virtual host file

sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/example.com

Setup virtual host file

sudo nano /etc/nginx/sites-available/example.com
 server {
        listen   80; ## listen for ipv4; this line is default and implied
        #listen   [::]:80 default ipv6only=on; ## listen for ipv6

        root /var/www/example.com/public_html;
        index index.html index.htm;

        # Make site accessible from http://localhost/
        server_name example.com;
}
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/example.com
sudo rm /etc/nginx/sites-enabled/default
sudo service nginx restart

 

If all has worked correctly you should be able to navigate to the url specified in your virtual host file and see your page. This is all done over HTTP and ideally we want HTTPS so the next step used LetsEncrypt to setup HTTPS

Install Certbot

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx

Configure Nginx

sudo nano /etc/nginx/sites-available/example.com

Change to the following (make sure you have an DNS A Record for www. setup)

# Make site accessible from http://localhost/ server_name example.com www.example.com;
sudo nginx -t
sudo systemctl reload nginx

Allow HTTPS in

sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'

Obtain an SSH certificate

sudo certbot --nginx -d example.com -d www.example.com

This should also prompt you for various options, simply select what you want and continue. If everything has gone as planned we should now be using HTTPS (open your site in your browser to confirm)

Install MySQL

sudo apt-get install mysql-server

You will be prompted for a password so choose something strong. Run the following command to secure the installation

mysql_secure_installation

Install PHP

sudo apt-get install php-fpm php-mysql

Open the following file and modify

sudo nano /etc/php/7.1/fpm/php.ini

Uncomment cgi.fix_pathinfo and set to 0, it should look like this

cgi.fix_pathinfo=0

Save and exit

sudo systemctl restart php7.1-fpm

Modify Nginx to use PHP

sudo nano /etc/nginx/sites-available/example.com

Add index.php before index.html, add the following location blocks

 location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.1-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }

Save and exit. Verify everything is working with the following command

sudo nginx -t

If all is okay then reload nginx

sudo systemctl reload nginx

You should now have a functioning LAMP box that supports server blocks.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.