1. Home
  2. General
  3. CentOS 7 – LEMP Setup Guide

CentOS 7 – LEMP Setup Guide

This guide is written for self-managed servers running on the CentOS 7 operating system. It guides you through how to setup a very basic LEMP (Linux, NGINX, MySQL and PHP) stack to provide you with your own functioning NGINX web server.

Pre Work

Ensure your install is up to date with the following commands

yum update -y
yum upgrade -y

1. Firewalld

1.1 – Install the Firewalld service using the following yum command:

yum install firewalld -y

1.2 – Enable the Firewalld service at boot and start the service now:

systemctl enable firewalld && systemctl start firewalld

1.3Allow HTTP and HTTPS protocols through the firewall using the following Firewalld commands:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

2. Disable SELinux

2.1 – Use the following command to disable SELinux at boot:

sed -i -e 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

2.2 – Disable SELinux immediately, without rebooting:

setenforce 0

3. NTP

3.1 – Install the NTP service using the following yum command:

yum install ntp -y

3.2 – Enable the NTP service at boot and start the service now:

systemctl enable ntpd
systemctl start ntpd

4. Nginx

4.1 – Enable the NGINX repository by creating the file /etc/yum.repos.d/nginx.repo and entering the following contents:


[nginx]

name=nginx repo

baseurl=http://nginx.org/packages/mainline/centos/7/$basearch/

gpgcheck=0

enabled=1

4.2 – Install, enable and start the NGINX web server using the following commands:

yum install nginx -y
systemctl enable nginx
systemctl start nginx

 

5. PHP-FPM 7.3

5.1 – Install epel-release, yum-utils and remi using the following yum commands:

yum install epel-release yum-utils -y
yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
yum-config-manager --enable remi-php73 -y

5.2 – Install PHP-FPM 7.3, along with common PHP extensions, using the following yum command:

yum install php73 php73-php-fpm php73-php-gd php73-php-json php73-php-mbstring php73-php-mysqlnd php73-php-xml php73-php-xmlrpc php73-php-opcache php73-php-zip php73-php-pecl-zip php73-php-pecl-mysql php73-php-intl php73-php-bcmath php73-php-soap php73-php-mcrypt -y

5.3 – Symlink the php 7.3 CLI executable to /usr/bin/php

ln -s /usr/bin/php73 /usr/bin/php

5.4 – Symlink the PHP-FPM config directory:

ln -s /etc/opt/remi/php73/php-fpm.d/ /etc/php-fpm.d

5.5 – Ensure that PHP CLI is now accessible using the following command:

php -v

If a “command not found” error occurs, please check that the symlink within section 5.3 has been performed. There should be no errors running this command.

5.6 – Enable and start the PHP-FPM service:

systemctl enable php73-php-fpm.service
systemctl start php73-php-fpm.service

5.7 – Using the sed command, change PHP-FPM to run as nginx rather than apache within the configuration file:

sed -i -e 's/\user = apache/user = nginx/g' /etc/php-fpm.d/www.conf
sed -i -e 's/\group = apache/group = nginx/g' /etc/php-fpm.d/www.conf

6. PHP support within Nginx sites.

6.1 – Using Vi or your preferred text editor, open the configuration file found at /etc/nginx/conf.d/default.conf:

vi /etc/nginx/conf.d/default.conf

Enter the following contents and save the file:

## enable php support ##

location ~ \.php$ {

root /usr/share/nginx/html;

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

include fastcgi_params;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

6.2 – Restart the NGINX service for changes to take effect.

systemctl restart nginx

6.3 – Using the following command, place a PHP informational web page to test PHP configuration:

echo -e '<?php\nphpinfo();\n?>' > /usr/share/nginx/html/info.php

6.4 – Visit the web server IP address or hostname within a web browser and check that PHP support is properly configured.

7. MariaDB

7.1 – Enable the MariaDB repository by creating the file /etc/yum.repos.d/MariaDB.repo and entering the following contents:

# MariaDB 10.3 CentOS repository list - created 2019-06-18 15:14 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.3/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

7.2 Install the MariaDB server and client packages using YUMYou may get a prompt to import the GPG key, type Y and hit enter.

After adding the repo you may need to run:

yum clean all
yum install mariadb-server

7.3 Enable and start the MariaDB service

systemctl enable mariadb
systemctl start mariadb

7.4 Secure the mariaDB installation with the following command. This will allow you to set the root password

mysql_secure_installation

7.5 Login as root and create new database and and assign it a new user. Replace the examples with your own new database, user and password.

mysql -u root -p
CREATE DATABASE your_database_name;
CREATE USER 'your_database_user@'localhost' IDENTIFIED BY 'your__database_user_password';
GRANT ALL PRIVILEGES ON your_database_name.* TO 'your_database_user'@'localhost';

8. Nginx Site Configuration

8.1 – Add a new user for the site and set a password for the user:

adduser your_user
passwd your_user  

8.2 – Create the directory /etc/nginx/sites-available/

mkdir /etc/nginx/sites-available/

8.3 – Create the following file (replacing yourdomain.co.uk with your domain name):

touch /etc/nginx/sites-available/yourdomain.co.uk.conf

8.4 – Populate the above file with the following content (Changing your_user and yourdomain.co.uk respectively. Also ensure you are updating the fastcgi_pass unix:/var/run/NAME_fpm.sock; and the access/error log locations):

server {
        server_name yourdomain.co.uk;
        root "/home/your_user/yourdomain.co.uk;
        index index.php;
        client_max_body_size 10m;

        access_log /home/your_user/_logs/access-yourdomain.co.uk.log;
        error_log /home/your_user/_logs/error-yourdomain.co.uk.log;

        if ($http_user_agent ~* (Baiduspider|webalta|nikto|wkito|pikto|scan|acunetix|morfeus|webcollage|youdao) ) {
                return 401;
        }

        if ($http_user_agent ~* (HTTrack|clshttp|archiver|loader|email|harvest|extract|grab|miner) ) {
                return 401;
        }

        location / {
                try_files $uri $uri/ /index.php$uri?$args;
        }

        location ~ "^(.+\.php)($|/)" {
                fastcgi_split_path_info ^(.+\.php)(.*)$;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param SCRIPT_NAME $fastcgi_script_name;
                fastcgi_param PATH_INFO $fastcgi_path_info;
                fastcgi_param SERVER_NAME $host;
                fastcgi_param HTTPS on;

                if ($uri !~ "^/uploads/") {
                        fastcgi_pass   unix:/var/run/php-fpm-name_fpm.sock;
                }

        include       fastcgi_params;
        }

        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                expires max;
                log_not_found off;
                access_log off;
        }

        location ~* \.(html|htm)$ {
                expires 30m;
        }

        location ~* /\.(ht|git|svn) {
                deny  all;
        }
}

8.5 – PHP-FPM configuration

8.5.1 – Create the file /etc/php-fpm.d/yourdomain.co.uk.pool.conf

touch /etc/php-fpm.d/yourdomain.co.uk.pool.conf

8.5.2 – Populate /etc/php-fpm.d/yourdomain.co.uk.pool.conf with the following content (You will also need to replace any reference to [your_user] with the new user/group/website:

[php-fpm-name]

user = your_user

group = your_user_group

listen = /var/run/php-fpm-name_fpm.sock

listen.owner = nginx

listen.group = nginx

;listen.mode = 0660

php_admin_value[disable_functions] = exec,passthru,shell_exec,system

php_admin_flag[allow_url_fopen] = off

catch_workers_output = 1

pm = dynamic

pm.max_children = 50

pm.start_servers = 5

pm.min_spare_servers = 5

pm.max_spare_servers = 5

pm.max_requests = 200

request_terminate_timeout = 30s

chdir = /

php_admin_value[session.save_path] = "/home/your_user/_sessions"

php_admin_value[open_basedir] = "/home/your_user:/usr/share/pear:/usr/share/php:/tmp:/usr/local/lib/php"

php_admin_value[error_log] = /home/your_user/_logs/php-error-yourdomain.co.uk.log

php_admin_flag[log_errors] = on

8.6 – Further user configuration

8.6.1 – Add the user to the web server group and configure permissions for the site’s public_html directory and the site NGINXconfiguration:

usermod -aG your_user nginx
chmod g+rx /home/your_user
chmod 600 /etc/nginx/sites-available/yourdomain.co.uk.conf

8.7 – Create the sites-enabled directory and symlink the site configuration to enable the configuration.

mkdir /etc/nginx/sites-enabled
ln -s /etc/nginx/sites-available/yourdomain.co.uk.conf /etc/nginx/sites-enabled/yourdomain.co.uk.conf

8.8 – Create required directories and set required permissions (changing the folder name as required) :

mkdir -p /home/your_user/yourdomain.co.uk
mkdir /home/your_user/_logs
mkdir /home/your_user/_sessions
chmod 750 /home/your_user/ -R
chmod 700 /home/your_user/_sessions
chmod 770 /home/your_user/_logs
chmod 750 /home/your_user/yourdomain.co.uk
chown your_user:your_user_group /home/your_user/ -R

8.9.1 – Enable the sites-enabled directory
Open the NGINX configuration file:

vi /etc/nginx/nginx.conf

Change the following line:

include /etc/nginx/conf.d/*.conf;

to this:

include /etc/nginx/sites-enabled/*.conf;

8.9.2 – Restart NGINX and PHP-FPM for changes to take affect:

systemctl restart nginx
systemctl restart php73-php-fpm.service

 

9.0 – Test the configuration is correct

9.0.1 – Create an info.php file within the newly configured public_HTML directory:

(only if DNS or host file on server is updated)

echo -e '<?php\nphpinfo();\n?>' > /home/your_user/yourdomain.co.uk/info.php

9.0.2 – Use curl to make a web request to the info.php file:

curl -I http://yourdomain.co.uk/info.php

 

Once you have performed all of the above, you should have a basic running NGINX server which you can start configuring specifically for your website. It should now also be able to support running popular CMS’ such as WordPress, Magento, Drupal and Joomla.

Click here for full details

Classification: Public
Last saved: 2019/11/27 at 16:03 by

How can we help?