Wednesday, January 7, 2015

How to Set Up a LEMP Server in Ubuntu 14.04

Today I’m going to show you how to set up a LEMP server (Linux NginX MariaDB PHP) on an Ubuntu 14.04. It’s a relatively easy process once you’ve done it a few times, but there are some things that can trip you up, so I thought I’d document it and present it here.
For this tutorial I used a Digital Ocean Droplet, but any Ubuntu 14.04 server should work the same way.

Set up a privileged user

This assumes you’re using a fresh install of Ubuntu 14.04, and it’s not a crucial step in the process if your server is already set up. But we want to create an environment with a privileged user and prevent people from being able to login as root over SSH. This is just an extra precaution I like to do on servers I set up.
Log in to your user as root, and type in the following:

1
adduser web

It doesn’t have to be “web” you can call it anything you want.
"How to set up a LEMP Server on Ubuntu 14.04"
Add a password and there will be some prompts where you can add as much or as little information as you want for the account.
Then run the following command:

1
visudo

look for

1
User privilege specification

and add the new account:

1
2
root    ALL=(ALL:ALL) ALL
web     ALL=(ALL:ALL) ALL

It should look like this:
"How to set up a LEMP Server on Ubuntu 14.04"
Ctrl + X to exit, Y to save the file
Now we want to edit the SSH settings:

1
sudo nano /etc/ssh/sshd_config

Change the Port to something between 1025 and 65536. This just adds an extra step for attackers, and bots that scan for open port 22 won’t find your connection immediately.
Look for this line:

1
PermitRootLogin yes

and change it to

1
PermitRootLogin no

This prevents people from logging into SSH as root.
As an additional step, let’s add the line:

1
AllowUsers web

so only the web user is allowed to log on to the server.
Restart the ssh server:

1
service ssh restart

Now before we log out, we want to test and make sure we can get back in.

1
ssh -p 4400 web@YourIPADDRESS

4400 is the port shown here, but it can be whatever you choose.
If you can log in fine, then you’ll be safe to exit out of your main session, and log back in as “web” (or whatever you used as a username).

Install the Web Server

first type in

1
sudo apt-get update

to update the system.
To install NginX:

1
sudo apt-get install nginx

In Ubuntu 14.04 it will automatically start up the service, and you should see this startup page:
"How to set up a LEMP Server on Ubuntu 14.04"
Now your NginX server is set up so we’ll move on and modify it later.

Install the Web Server

We’re going to install MySQL on the server, but we’ll be using the MariaDB fork instead of the MySQL distribution, because it’s better in many ways.
For our install we’re using Ubuntu 14.04 and I want MariaDB 10, so here is how I set it up:

1
2
3
sudo apt-get install software-properties-common
sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db
sudo add-apt-repository 'deb http://sfo1.mirrors.digitalocean.com/mariadb/repo/10.0/ubuntu trusty main'

If you want to use something different or are working with a different OS, check here to see which repo to use.

1
2
sudo apt-get update
sudo apt-get install mariadb-server

Now we want to secure up our install a bit:

1
sudo mysql_secure_installation

enter your root password and answer “Y” to all the things you want to remove for security purposes.
Now you have a (MySQL compatible) MariaDB instance set up!

Install and configure PHP

Now we want to install PHP and get it set up with NginX.

1
sudo apt-get install php5-fpm php5-mysql php5-cli php5-mcrypt git

Now, we need to configure PHP:

1
sudo nano /etc/php5/fpm/php.ini

Look for the following in the php.ini file:

1
;cgi.fix_pathinfo=1

remove the semicolon and set it to 0:

1
cgi.fix_pathinfo=0

Quit and save the file.
Now we need to make a small change to the PHP-FPM config:

1
sudo nano /etc/php5/fpm/pool.d/www.conf

look for the listen directive and make sure it says:

1
listen = /var/run/php5-fpm.sock

Quit and save the file, then restart PHP5-FPM:

1
sudo service php5-fpm restart

Now you’re set up!

Configure NginX

Create a folder where your web files will be stored. I generally set up something like this:

1
sudo mkdir /var/www/yourdomain.com/public

Now open up this file:

1
sudo nano /etc/nginx/sites-available/default

The default server setup looks like this:

1
2
3
4
5
6
7
8
9
10
11
12
13
server {
          listen 80 default_server;
          listen [::]:80 default_server ipv6only=on;

          root /usr/share/nginx/html;
          index index.html index.htm;

          server_name localhost;

          location / {
              try_files $uri $uri/ =404;
          }
      }

Make the following changes to the config so it looks like this:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
server {
          listen 80 default_server;
          listen [::]:80 default_server ipv6only=on;

          root /var/www/yourdomain.com/public;
          index index.php index.html index.htm;

          server_name server_domain_name_or_IP;

          location / {
              try_files $uri $uri/ /index.php$is_args$args;
          }

          error_page 404 /404.html;
          error_page 500 502 503 504 /50x.html;
          
          location = /50x.html {
              root /var/www/yourdomain.com/public;
          }

          # pass the PHP scripts to FastCGI server listening on /var/run/php5-fpm.sock
          location ~ \.php$ {
                try_files $uri /index.php =404;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                include fastcgi_params;
          }
      }

Replace /var/www/yourdomain.com/public with whatever folder you’d like to use for your website (what you created earlier), and replace server_domain_name_or_IP with your server domain name or IP.
Now restart your web services:

1
2
sudo service php5-fpm restart
sudo service nginx restart

Now we can create a test file to check your PHP configuration:

1
nano /var/www/yourdomain.com/public/phpinfo.php

Add the following:

lang: php
1
<?php phpinfo();

Now bring up the page in a browser and you should see this:
"How to set up a LEMP Server on Ubuntu 14.04"
And you’re done!! Now you can add in your files and start building websites or applications. In future articles I’ll show some good deployment methods for your new website.

2 comments:

  1. I was searching for loan to sort out my bills& debts, then i saw comments about Blank ATM Credit Card that can be hacked to withdraw money from any ATM machines around you . I doubted thus but decided to give it a try by contacting {skylinktechnes@yahoo.com} they responded with their guidelines on how the card works. I was assured that the card can withdraw $5,000 instant per day & was credited with $50,000 so i requested for one & paid the delivery fee to obtain the card, i was shock to see the UPS agent in my resident with a parcel{card} i signed and went back inside and confirmed the card work's after the agent left. This is no doubts because i have the card & has made used of the card. This hackers are USA based hackers set out to help people with financial freedom!! Contact these email if you wants to get rich with this Via email skylinktechnes@yahoo.com whatsapp/t: +1(213)785-1553

    ReplyDelete
  2. i am a successful business owner and father. I got one of these already programmed blank ATM cards that allows me withdraw a maximum of $5,000 daily for 30 days. I am so happy about these cards because I received mine last week and have already used it to get $20,000. Skylink technology is giving out these cards to support people in any kind of financial problem. I must be sincere to you, when i first saw the advert, I believed it to be illegal and a hoax but when I contacted this team, they confirmed to me that although it is illegal, nobody gets caught while using these cards because they have been programmed to disable every communication once inserted into any Automated Teller Machine(ATM). If interested get through to them on mail: skylinktechnes@yahoo.com  or  whatsapp/telegram: +1(213)785-1553  

    ReplyDelete