NGINX - LEMP Server - Installation Ubuntu 18.04

From Thomas-Krenn-Wiki
Jump to navigation Jump to search

NGINX (engine-x) is an Open Source High Performance HTTP, Reverse-Proxy and IMAP/POP3 Proxy server for free. It is a quite good alternative for the Apache webserver because of its high performance, stability, simple configuration and low resource requirements. LAMP as a complete setup thus becomes LEMP: Linux E(NGINX), Maria-DB, PHP. NGINX scales from the smallest VPS (Virtual Private Server) to the complexe cluster systems and is also used by some high-availability suppliers such as Netflix, Cloudflare, Wordpress and Github. NGINX is set up modularly and supports for example vHosts, FastCGI or SSL.[1]

These instructions describe a Minimal Setup of a LEMP server, based on Ubuntu 18.04, NGINX, Maria-DB and PHP 7.[2] Prerequisite is a server with active network configuration with Internet access for accessing Ubuntu Repositories.

Installation webserver

First, you install the package nginx: 

 sudo apt install nginx

After this, it has to be verified if the webserver has been started correctly: 

 sudo systemctl status nginx

If nginx is not started, you can start the service with the following: 

 sudo systemctl start nginx

In Ubuntu 18.04, there is the UFW firewall, which does not allow any http and https traffic outwards by default. There is an UFW profile for the permission. The UFW profiles, that are available on the system, can be displayed: 

 sudo ufw app list

If you want to know what is behind the packages (ports), you can view the details with sudo ufw app info "NameOfUFW-Profile". In this case, use Nginx Full, as it is allowed to use port 80 (http) and 443 (https). 

 sudo ufw allow in "Nginx Full"

If you call up the IP of the webserver, a welcome message from the nginx webserver should be displayed: "Welcome to nginx!"


Installation of data base server

It is not only a webserver needed for most web applications, but also a data base. For this purpose, install the MariaDB data base server. 

sudo apt install mariadb-server mariadb-client

If no packages are found, it may be that you have not integrated all Ubuntu Repositories. For the installation of MariaDB, the Ubuntu Universe package sources are required. For this, edit the /etc/apt/sources.list file and amend it to read as follows: 

 deb http://archive.ubuntu.com/ubuntu bionic main universe
 deb http://archive.ubuntu.com/ubuntu bionic-security main
 deb http://archive.ubuntu.com/ubuntu bionic-updates main universe

After this, update the package sources with the following command: 

sudo apt update

Now, install MariaDB: 

sudo apt install mariadb-server mariadb-client

As soon as the installation is ready, the state of the data base server must be verified: 

sudo systemctl status mysql


Secure data base access

After the installation, MariaDB should be secured with the mysql_secure_installation tool. To do this, please proceed as follows: 


sudo mysql_secure_installation

You will be asked for the current root password for MariaDB, as there is no root password yet. Press ENTER and leave the password field blank: 

Enter current password for root (enter for none): # ENTER drücken
Set root password? [Y/n] # ENTER drücken
New password: # Geben Sie ein sicheres Root-Passwort für die Datenbank ein
Re-enter new password: # Wiederholen Sie die Passwort Eingabe
Remove anonymous users? [Y/n] # ENTER drücken
Disallow root login remotely? [Y/n] # ENTER drücken
Remove test database and access to it? [Y/n] # ENTER drücken
Reload privilege tables now? [Y/n] # ENTER drücken

Now, we have installed nginx as webserver and MariaDB as data base server.

Create administration user

We create an admin account so that we can also create new data bases and users with phpMyAdmin. Please note that you must use a strong and safe password. 

sudo mariadb -u root
create user admin@localhost identified by 'IHRPASSWORTIMKLARTEXT';
grant all privileges on *.* to admin@localhost with grant option;
flush privileges;
exit;

Installation PHP 7

PHP (version 7.2) is used for the communication of the webserver and data base. It is installed with the following commands: 

sudo apt install php-fpm
sudo apt install php-mysql

PHP-MYSQL is required for the communication of PHP with MYSQL (MariaDB). PHP-FPM is a FastCGI process manager, that holds PHP-processes, so that the loading time of webpages can be accelerated. Please adapt the php.ini file as follows: 

sudo nano /etc/php/7.2/fpm/php.ini 
 cgi.fix_pathinfo=0
sudo systemctl restart php7.2-fpm
sudo systemctl status php7.2-fpm

Here, the status should also be on active (running). The restart of the service is required, so that the changes are taken over to the configuration file. You have to change the configuration file of the Default-vHosts, so that Nginx knows that PHP-FPM should be used: 

nano /etc/nginx/sites-available/default
 server name IP-OR-FQDN;

Example: server_name example.com;

The respective line must be contained in every vHost because of the PHP-FPM: 

location ~ \.php$ {
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
 # concurs with nginx's one
 #
 location ~ /\.ht {
 deny all;
 }

Installation of phpMyAdmin

First, install the phpMyAdmin package from the package sources.[3] We do not make a selection for the automatic configuration, as neither apache2 nor lighttpd is used. If the installer asks for automatic configuration using dbconfig-common, we confirm this. In addition, various passwords will be assigned (please make a note of them). 

sudo apt install phpmyadmin

After this, a Symlink is set on the WWW-Public-Folder by the Default-phpMyAdmin directory: 

sudo ln -s /usr/share/phpmyadmin /var/www/html/phpmyadmin

A vHost for NGINX must be created to enable access via browser. For this, please create the following file: 

sudo nano /etc/nginx/sites-available/pma.example.com

Fill with the following content: 

 
server {
  listen 80;
  listen [::]:80;
  server_name pma.example.com;
  root /usr/share/phpmyadmin/;
  index index.php index.html index.htm index.nginx-debian.html;

  access_log /var/log/nginx/phpmyadmin_access.log;
  error_log /var/log/nginx/phpmyadmin_error.log;

  location / {
    try_files $uri $uri/ /index.php;
  }

  location ~ ^/(doc|sql|setup)/ {
    deny all;
  }

  location ~ \.php$ {
    fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
    include snippets/fastcgi-php.conf;
  }

  location ~ /\.ht {
    deny all;
  }
}

You must also set a symlink from the sites-available file to the sites-enabled folder, so that the configuration is activated:[4] 

sudo ln -s /etc/nginx/sites-available/pma.example.com /etc/nginx/sites-enabled/

Now, restart NGINX and phpMyAdmin should now be available via browser: 

sudo service nginx restart

References

  1. nginx (nginx.org)
  2. Quick Reference LEMP Stack Install with PHP on Ubuntu (lemp.io, 14.01.2015)
  3. How to Install phpMyAdmin with Nginx (LEMP) on Ubuntu 18.04 LTS (linuxbabe.com, 18.05.2018)
  4. a2ensite for Nginx on Ubuntu (evermoretechnologies.com, 10.07.2017)


Author: Jonas Sterr

Jonas Sterr has been working for Thomas-Krenn for several years. Originally employed as a trainee in technical support and then in hosting (formerly Filoo), Mr. Sterr now mainly deals with the topics of storage (SDS / Huawei / Netapp), virtualization (VMware, Proxmox, HyperV) and network (switches, firewalls) in product management at Thomas-Krenn.AG in Freyung.


Translator: Alina Ranzinger

Alina has been working at Thomas-Krenn.AG since 2024. After her training as multilingual business assistant, she got her job as assistant of the Product Management and is responsible for the translation of texts and for the organisation of the department.