How to Setup a LEMP Server in Gentoo

You reach a certain point as a developer when a plain old web hosting account just isn’t enough. Whether you build a project that gets wildly popular or you just start finding custom stuff to do eventually want to run your own Web Server. Today I’m going to show you how to set up a screaming fast LEMP server you can use to host your projects or websites.

To start this tutorial, I started with a fresh install of Gentoo Linux. You can get one too for about $20 USD a month here. I have nothing but praise for this company as they provide fast Virtual servers for a very reasonable price. Check em out!

The Gameplan

We’re going to be setting up a nice fast web server. It’s going to use:

• NginX
• Google PageSpeed Module
• SPDY
• PHP 5.4
• MariaDb

This combination will make for a smoking fast server, but it isn’t easy. We’ll be compiling Nginx by hand as well to include everything. Don’t worry it’s not as bad as it sounds.

1. Update Gentoo

Whether you’re starting from scratch or working with an existing server you’ll want to make sure your sources are all up to date.

emerge --sync
emerge portage
etc-update ( I usually choose -3 )
emerge --update --deep --with-bdeps=y world

Go get a cold glass of Orange soda, because this will take a while.

etc-update (again)
eselect profile set default/linux/amd64/13.0 (* optional - My linode server profile)

Once that’s done you’re ready to start building.

2. Get our Software

We’re going to be doing some compiling here so we need to get some sources and put it together.

cd ~
mkdir build
cd build

Get Nginx

cd ~
wget http://nginx.org/download/nginx-1.5.1.tar.gz
tar -xvzf nginx-1.5.1.tar.gz

We are going to build this scratch, but not yet.

Get the PageSpeed Module

cd ~
wget https://github.com/pagespeed/ngx_pagespeed/archive/release-1.5.27.3-beta.zip
unzip release-1.5.27.3-beta.zip
cd ngx_pagespeed-release-1.5.27.3-beta/
wget https://dl.google.com/dl/page-speed/psol/1.5.27.3.tar.gz
tar -xzvf 1.5.27.3.tar.gz

Install PHP + FPM

This is the best way to install PHP on your system. We’re also going to add in GD and MySQLi, as well as the Geo-IP plugin. These are all optional depending on your needs.

echo "dev-lang/php ~amd64" >> /etc/package.keywords
echo "dev-lang/php" >> /etc/package.unmask
echo "dev-lang/php fpm" >> /etc/package.use
echo "dev-lang/php gd" >> /etc/package.use
echo "dev-lang/php mysqli" >> /etc/package.useemerge dev-lang/php
emerge Geo-IP
emerge media-libs/gd 
emerge -av php

This will give you PHP with the options we’ll need for our server.

Configure and Build Nginx

For the configuration we’re going to add in the page speed model, as well as SPDY, GeoIP, gzip static and and an image filter module. This will give us a nice set of options for our web server.

./configure --with-http_ssl_module --conf-path=/etc/nginx/nginx.conf \
  --error-log-path=/var/log/nginx_error.log \
  --http-log-path=/var/log/nginx_access.log \
  --pid-path=/usr/local/nginx/nginx.pid \
  --add-module=$HOME/build/ngx_pagespeed-release-1.5.27.3-beta \
  --with-http_spdy_module \
  --with-http_geoip_module \
  --with-http_gzip_static_module \
  --with-http_image_filter_module  \
  --user=nobody \
  --group=nobody \
  --prefix=/usr

If you don’t receive any errors, you’re ready to make:

make && make install

Now comes the fun stuff!

3.Configure NginX

Now we have to configure Nginx by editing the nginx.conf file.

sudo nano /etc/nginx/nginx.conf

Note that you can create multiple configuration files and load nginx with them, like profiles but that’s for another time. Just remember it is an option if you want to try different configs. You can load a file per server, or per website.

For now we’re going to do it globally throughout the server.

Tip: Download your Nginx conf file

This is optional, but it makes life easier. Download your nginx.conf on to your desktop so you can edit it in on your desktop. In OSX or Linux/Unix you can simply type the following at a command prompt:

scp root@[your domain or ip address]:/etc/nginx/nginx.conf .

This will copy it to whatever directory you’re in, so you can edit it in GEdit or SublimeText or whatever. If you’re using Windows you can use something like WinSCP to do same thing.

When you’re ready to send it back:

scp nginx.conf root@[your domain or ip address]:/etc/nginx/nginx.conf

Note It’s always good to match your processes to the amount of cores/CPUs your server has. A good way to find out is run this command:

cat /proc/cpuinfo | grep processor | wc -l

Note this as the amount of worker processes you should set in Nginx.

Start Configuring

You will want to create a folder /var/ngx_pagespeed_cache and make it writeable by nginx.

mkdir /var/ngx_pagespeed_cache
chown -R nobody:nobody /var/ngx_pagespeed_cache

You will also want to create your web folder. For me I chose the /var/www convention:

mkdir -p /var/www/innovatsiya.com/public_html
chown -R nobody /var/www/innovatsiya.com/

ulimit -n 200000

# add the following to keep on reboot:
vim /etc/security/limits.conf
*        -              nofile                  200000

Add the following to your nginx.conf

user  nobody;

Change your worker processes to the number you get from the command below. For my linode it is:

worker_processes  8;

nginx.conf

For my NginX config, I decided to borrow the optimized nginx.conf found on 6tech and do some modifications. Here is what mine looks like:

#----------------------------------------------------------------------
# Main Module - directives that cover basic functionality
#
#   http://wiki.nginx.org/NginxHttpMainModule
#
#----------------------------------------------------------------------
 
user nobody;
worker_processes  8;
worker_rlimit_nofile 200000;
 
error_log  /var/log/nginx_error.log;
#error_log  /var/log/nginx/error.log  notice;
#error_log  /var/log/nginx/error.log  info;
 
pid        /var/run/nginx.pid;
 
#----------------------------------------------------------------------
# Events Module
#
#   http://wiki.nginx.org/NginxHttpEventsModule
#
#----------------------------------------------------------------------
 
events {
        worker_connections  4000;
        use epoll;
        multi_accept on;
}

#----------------------------------------------------------------------
# HTTP Core Module
#
#   http://wiki.nginx.org/NginxHttpCoreModule
#
#----------------------------------------------------------------------
 
http {

#----------------------------------------------------------------------
# Google PageSpeed Module
#
#   https://github.com/pagespeed/ngx_pagespeed
#
#----------------------------------------------------------------------

    pagespeed on;
    pagespeed FileCachePath /var/ngx_pagespeed_cache;

    include         /etc/nginx/mime.types;
    include         /etc/nginx/sites-enabled/*;
    default_type  application/octet-stream;
 
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
 
    access_log  off;
 
    sendfile    on;
    open_file_cache max=200000 inactive=20s;
    open_file_cache_valid 30s;
    open_file_cache_min_uses 2;
    open_file_cache_errors on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 30;
    keepalive_requests 100000;
    reset_timedout_connection on;
    client_body_timeout 10;
    send_timeout 2;
 
    # Load config files from the /etc/nginx/conf.d directory
    # The default server is in conf.d/default.conf
    include /etc/nginx/conf.d/*.conf;
 
    gzip on;
    gzip_min_length 10240;
    gzip_proxied expired no-cache no-store private auth;
    gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
    gzip_disable "MSIE [1-6]\.";
 
}

Notice we’ve added in some gzip stuff, set some file cache options and added in google PageSpeed.

Your Site Config

Create a folder in your /etc/nginx folder:

mkdir /etc/nginx/sites-enabled

and create a file in there for your server. I named mine innovatsiya.com but obviously you’ll need to replace it with your own domain.

Here is what mine looks like:

server {

    listen *:80;
    server_name *.innovatsiya.com innovatsiya.com;

    #pagespeed stuff
    location ~ "\.pagespeed\.([a-z]\.)?[a-z]{2}\.[^.]{10}\.[^.]+" { add_header "" ""; }
    location ~ "^/ngx_pagespeed_static/" { }
    location ~ "^/ngx_pagespeed_beacon$" { }
    location /ngx_pagespeed_statistics { allow 127.0.0.1; deny all; }
    location /ngx_pagespeed_message { allow 127.0.0.1; deny all; }

    #root files
    $location / {
            autoindex  on;
            root   /var/www/innovatsiya.com/public_html/;
            index index.html index.php index.htm;
    }

    #PHP files
    location ~ \.php$ {
        include /etc/nginx/fastcgi_params;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /var/www/innovatsiya.com/public_html$fastcgi_script_name;
    }
}

You’ll notice how I set up a listener, and added in the proper PageSpeed directives, and set up the fastCGI for PHP Scripts.

You may also note that I do not have SPDY configured here. I was having some issues getting proper output, so I have saved that for another time.

4. Set up MariaDb

Now we’re going to set up our database. You might be asking “Hey, isn’t the M in LEMP supposed to be for MySQL?” and the answer is yes and no.

MariaDB has been a better drop in replacement for MySQL for quite a while now. The reasons are outside the scope of this article. If you really want it you can install MySQL, but I wouldn’t recommend it.

echo "dev-db/mariadb" >> /etc/portage/package.keywords
emerge -va dev-db/mariadb
dispatch-conf
./usr/share/mysql/scripts/mysql_install_db --basedir=/usr
/etc/init.d/mysql start

You will need to set a password for the root user:

/usr/bin/mysql_secure_installation

Follow the prompts, and enter your root password. Remove the test and anonymous access stuff for security.

Now type in:

mysql -u root -p

You should see a screen that looks like this:

If so, you’re ready to go!

5. Startup the Server

Check your config file to make sure there aren’t any errors:

nginx -t

If there aren’t any, start it up:

nginx
/etc/init.d/php-fpm start

To test your server and make sure it’s output is what you expect, run

curl -i http://localhost

and you should see something like this:

Note the header X-Page-Speed: 1.5.27.3-3005. This will show the PageSpeed module installed correctly.

Create some test files in your web root, and after that you should be ready to go!!

You now have a super fast server, dialed in to really handle traffic quickly.

Conclusion

Setting up a server this way is a long, tedious process. But you know you’re getting the best software compiled exactly how you like it. You can make a lot of changes to this configuration and really nitpick every part till it’s exactly how you want.

Is it for everyone? Definitely not. You can just as easily build an Ubuntu machine and run a bunch of apt-get commands and get the same thing. The performance difference is pretty negligible. But, that being said if you’re running a very high traffic site, having a bunch of “dialed in” Gentoo linodes will make a difference. The choice is up to you.

How to Set Up a LEMP Server in Ubuntu 14.04

Today I’m going to show you how to set up a LEMP server (Linux NginX MariaDB PHP) on an Ubuntu 14.04. It’s a relatively easy process once you’ve done it a few times, but there are some things that can trip you up, so I thought I’d document it and present it here.

For this tutorial I used a Digital Ocean Droplet, but any Ubuntu 14.04 server should work the same way.

Set up a privileged user

This assumes you’re using a fresh install of Ubuntu 14.04, and it’s not a crucial step in the process if your server is already set up. But we want to create an environment with a privileged user and prevent people from being able to login as root over SSH. This is just an extra precaution I like to do on servers I set up.

Log in to your user as root, and type in the following:

1	adduser web

It doesn’t have to be “web” you can call it anything you want.

Add a password and there will be some prompts where you can add as much or as little information as you want for the account.

Then run the following command:

1

visudo

look for

1	User privilege specification

and add the new account:

1 2	root ALL=(ALL:ALL) ALL web ALL=(ALL:ALL) ALL

It should look like this:

Ctrl + X to exit, Y to save the file

Now we want to edit the SSH settings:

1	sudo nano /etc/ssh/sshd_config

Change the Port to something between 1025 and 65536. This just adds an extra step for attackers, and bots that scan for open port 22 won’t find your connection immediately.

Look for this line:

1	PermitRootLogin yes

and change it to

1	PermitRootLogin no

This prevents people from logging into SSH as root.

As an additional step, let’s add the line:

1	AllowUsers web

so only the web user is allowed to log on to the server.

Restart the ssh server:

1	service ssh restart

Now before we log out, we want to test and make sure we can get back in.

1	ssh -p 4400 web@YourIPADDRESS

4400 is the port shown here, but it can be whatever you choose.

If you can log in fine, then you’ll be safe to exit out of your main session, and log back in as “web” (or whatever you used as a username).

Install the Web Server

first type in

1	sudo apt-get update

to update the system.

To install NginX:

1	sudo apt-get install nginx

In Ubuntu 14.04 it will automatically start up the service, and you should see this startup page:

Now your NginX server is set up so we’ll move on and modify it later.

Install the Web Server

We’re going to install MySQL on the server, but we’ll be using the MariaDB fork instead of the MySQL distribution, because it’s better in many ways.

For our install we’re using Ubuntu 14.04 and I want MariaDB 10, so here is how I set it up:

1 2 3

sudo apt-get install software-properties-common sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db sudo add-apt-repository 'deb http://sfo1.mirrors.digitalocean.com/mariadb/repo/10.0/ubuntu trusty main'

If you want to use something different or are working with a different OS, check here to see which repo to use.

1 2	sudo apt-get update sudo apt-get install mariadb-server

Now we want to secure up our install a bit:

1	sudo mysql_secure_installation

enter your root password and answer “Y” to all the things you want to remove for security purposes.

Now you have a (MySQL compatible) MariaDB instance set up!

Install and configure PHP

Now we want to install PHP and get it set up with NginX.

1	sudo apt-get install php5-fpm php5-mysql php5-cli php5-mcrypt git

Now, we need to configure PHP:

1	sudo nano /etc/php5/fpm/php.ini

Look for the following in the php.ini file:

1	;cgi.fix_pathinfo=1

remove the semicolon and set it to 0:

1	cgi.fix_pathinfo=0

Quit and save the file.

Now we need to make a small change to the PHP-FPM config:

1	sudo nano /etc/php5/fpm/pool.d/www.conf

look for the listen directive and make sure it says:

1	listen = /var/run/php5-fpm.sock

Quit and save the file, then restart PHP5-FPM:

1	sudo service php5-fpm restart

Now you’re set up!

Configure NginX

Create a folder where your web files will be stored. I generally set up something like this:

1	sudo mkdir /var/www/yourdomain.com/public

Now open up this file:

1	sudo nano /etc/nginx/sites-available/default

The default server setup looks like this:

1 2 3 4 5 6 7 8 9 10 11 12 13

server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; root /usr/share/nginx/html; index index.html index.htm; server_name localhost; location / { try_files $uri $uri/ =404; } }

Make the following changes to the config so it looks like this:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; root /var/www/yourdomain.com/public; index index.php index.html index.htm; server_name server_domain_name_or_IP; location / { try_files $uri $uri/ /index.php$is_args$args; } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /var/www/yourdomain.com/public; } # pass the PHP scripts to FastCGI server listening on /var/run/php5-fpm.sock location ~ \.php$ { try_files $uri /index.php =404; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }

Replace /var/www/yourdomain.com/public with whatever folder you’d like to use for your website (what you created earlier), and replace server_domain_name_or_IP with your server domain name or IP.

Now restart your web services:

1 2	sudo service php5-fpm restart sudo service nginx restart

Now we can create a test file to check your PHP configuration:

1	nano /var/www/yourdomain.com/public/phpinfo.php

Add the following:

lang: php

1	<?php phpinfo();

Now bring up the page in a browser and you should see this:

And you’re done!! Now you can add in your files and start building websites or applications. In future articles I’ll show some good deployment methods for your new website.