A LEMP software stack is a combination of the operating system and open-source software. It is typically installed together to enable a server to host dynamic websites and web apps. The short form of LEMP came from the first letters of Linux, Nginx(engine-x) HTTP Server, MySQL/MariaDB database and PHP/Perl/Python.

In this tutorial, we will demonstrate how to install the LEMP stack on Centos-7 server. We will also explain how to get the rest of the components up and running.

Requirements

• A server running CentOS v. 7
• A static IP Address for your server
• A non-root user account with sudo privilege set up on your server.

Getting Started

Let’s get started. Firstly, make sure that your Centos-7 server is fully up to date. You can update your server by running the following command:

sudo yum update -y

With the server up to date, you can now begin installing LEMP on your server.

Installing Nginx

Nginx (pronounced “engine-x”) is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server written by Igor Sysoev. It is a lightweight web server which is more stable and secure, it serves static content 50 times faster than Apache.

By default Nginx is not available in the official Centos-7 repository. So you will need to install the EPEL repository first.

You can easily install the EPEL repository by running the following command:

sudo yum install epel-release

Now, install Nginx using the following yum command:

sudo yum install nginx -y

Once Nginx has been installed, start the Nginx service and make it to start automatically on every reboot:

sudo systemctl start nginx
sudo systemctl enable nginx

You can then check the status to make sure it is running at any time:

sudo systemctl status nginx.service

You should see the following output:

    nginx.service - The nginx HTTP and reverse proxy server
       Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)
       Active: active (running) since Thu 2016-05-12 00:12:46 IST; 3min 36s ago
      Process: 22844 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
      Process: 22842 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
      Process: 22841 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, status=0/SUCCESS)
     Main PID: 22847 (nginx)
       CGroup: /system.slice/nginx.service
               ├─22847 nginx: master process /usr/sbin/nginx
               └─22848 nginx: worker process

    May 12 00:12:46 centOS-7 systemd[1]: Starting The nginx HTTP and reverse proxy server...
    May 12 00:12:46 centOS-7 nginx[22842]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    May 12 00:12:46 centOS-7 nginx[22842]: nginx: configuration file /etc/nginx/nginx.conf test is successful
    May 12 00:12:46 centOS-7 systemd[1]: Failed to read PID from file /run/nginx.pid: Invalid argument
    May 12 00:12:46 centOS-7 systemd[1]: Started The nginx HTTP and reverse proxy server.

Next, you will need to allow the Nginx server through your firewall if you want to access the web server from remote systems.

You can do this by running the following commands:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https

Now, reload the firewall service for the changes to take effect.

sudo firewall-cmd --reload

Now, open your favorite web browser and type your server IP Address in URL http://server-ip-address/.

You should see a test page of Nginx in below image.

If you see above page, then your web server is now correctly installed.

Configuring Nginx

Once Nginx is installed, run the following command to find out the number of CPUs available in your system:

sudo cat /proc/cpuinfo | grep -i processor

You should see the following output:

    processor : 0
    processor : 1
    processor : 2
    processor : 3

This number represents the number of processors on your system.

Now, set the worker_processes by editing nginx file located at /etc/nginx directory:

sudo nano /etc/nginx/nginx.conf

Set worker_process as 3:

    worker_processes 3;

Next, scroll down and make the changes as shown below.

    server {
            listen       80;
            server_name  yourdomain.com;
            root         /usr/share/nginx/html;

    location ~ .php$ {
                root           /usr/share/nginx/html;
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                include        fastcgi_params;
            }

Note: Make sure to change domain name and IP address with your actual domain and IP address.

Save and close the file and test the nginx configuration for any syntax errors using command:

sudo nginx -t

You should see the following output:

    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf test is successful

Now, restart nginx service.

sudo systemctl restart nginx

Installing MariaDB

Now, your Nginx web server is up and running, it’s time to install MariaDB, a MySQL drop-in replacement. It is easy to install, offers many speed and performance improvements, and is easy to integrate into most MySQL deployments. It is a robust, scalable and reliable SQL server that comes with a rich set of enhancements.

You can install MariaDB by running the following command:

yum install mariadb-server mariadb -y

Start the MariaDb service and set it to start at every boot.

sudo systemctl start mariadb
sudo systemctl enable mariadb

Now your MySQL database is running. Next you will need to run the MySQL secure script to set your MySQL root password to prevent unauthorized access to MySQL.

Run the following command to setup MySQL root user password:

sudo mysql_secure_installation

Answer all the questions shown as below:

    /usr/bin/mysql_secure_installation: line 379: find_mysql_client: command not found

    NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
          SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

    In order to log into MariaDB to secure it, we'll need the current
    password for the root user.  If you've just installed MariaDB, and
    you haven't set the root password yet, the password will be blank,
    so you should just press enter here.

    Enter current password for root (enter for none): 
    ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)
    Enter current password for root (enter for none): 
    OK, successfully used password, moving on...

    Setting the root password ensures that nobody can log into the MariaDB
    root user without the proper authorisation.

    Set root password? [Y/n] Y
    New password: 
    Re-enter new password: 
    Password updated successfully!
    Reloading privilege tables..
     ... Success!


    By default, a MariaDB installation has an anonymous user, allowing anyone
    to log into MariaDB without having to have a user account created for
    them.  This is intended only for testing, and to make the installation
    go a bit smoother.  You should remove them before moving into a
    production environment.

    Remove anonymous users? [Y/n] Y
     ... Success!

    Normally, root should only be allowed to connect from 'localhost'.  This
    ensures that someone cannot guess at the root password from the network.

    Disallow root login remotely? [Y/n] Y
     ... Success!

    By default, MariaDB comes with a database named 'test' that anyone can
    access.  This is also intended only for testing, and should be removed
    before moving into a production environment.

    Remove test database and access to it? [Y/n] Y
     - Dropping test database...
     ... Success!
     - Removing privileges on test database...
     ... Success!

    Reloading the privilege tables will ensure that all changes made so far
    will take effect immediately.

    Reload privilege tables now? [Y/n] Y
     ... Success!

    Cleaning up...

    All done!  If you've completed all of the above steps, your MariaDB
    installation should now be secure.

    Thanks for using MariaDB!

Your MariaDB installation is now complete and secure. You can ckeck the MariaDB service status by running the following command:

sudo systemctl status mariadb

You should see the following output:

    mariadb.service - MariaDB database server
       Loaded: loaded (/usr/lib/systemd/system/mariadb.service; disabled; vendor preset: disabled)
       Active: active (running) since Thu 2016-05-12 21:10:04 IST; 23s ago
      Process: 9848 ExecStartPost=/usr/libexec/mariadb-wait-ready $MAINPID (code=exited, status=0/SUCCESS)
      Process: 9820 ExecStartPre=/usr/libexec/mariadb-prepare-db-dir %n (code=exited, status=0/SUCCESS)
     Main PID: 9847 (mysqld_safe)
       CGroup: /system.slice/mariadb.service
               ├─ 9847 /bin/sh /usr/bin/mysqld_safe --basedir=/usr
               └─10005 /usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --plugin-dir=/usr/lib64/mysql/plugin --log-error=/var/log/mariadb/m...

    May 12 21:10:01 centOS-7 systemd[1]: Starting MariaDB database server...
    May 12 21:10:02 centOS-7 mysqld_safe[9847]: 160512 21:10:02 mysqld_safe Logging to '/var/log/mariadb/mariadb.log'.
    May 12 21:10:02 centOS-7 mysqld_safe[9847]: 160512 21:10:02 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
    May 12 21:10:04 centOS-7 systemd[1]: Started MariaDB database server.

You can also check if everything went well during the installation using the default MySQL client command:

sudo mysql -u root -p

You will be prompted to enter the root password.

You can also modify the configuration of MariaDB by editing my.cnf file. Remember, you will need to restart MariaDB service each time after modifying the file.

Installing PHP

You have now Nginx installed to serve pages and MariaDB installed to store and manage your data. However, you still don’t have anything that can generate dynamic content. You can use PHP for this.

PHP (Hypertext Preprocessor) is a widely used open-source general purpose scripting language that will process code to display dynamic content. It can run scripts, connect to our MySQL databases to get information, and hand the processed to your web server to display.

PHP is a popular general-purpose scripting language that is especially suited to web development. Fast, flexible and pragmatic, PHP powers everything from your blog to the most popular websites in the world.

Also, you will need to install php-fpm which stands for “fastCGI process manager” and tells Nginx to pass PHP requests to this software for processing.

You can install PHP and php-fpm with following command:

sudo yum install php php-common php-fpm php-mysql -y

Start php-fpm service and set it to start automatically on boot:

sudo systemctl start php-fpm
sudo systemctl enable php-fpm

To check the php-fpm service status, run the following command:

sudo systemctl status php-fpm

    php-fpm.service - The PHP FastCGI Process Manager
       Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; disabled; vendor preset: disabled)
       Active: active (running) since Thu 2016-05-12 21:14:16 IST; 6s ago
     Main PID: 10071 (php-fpm)
       Status: "Ready to handle connections"
       CGroup: /system.slice/php-fpm.service
               ├─10071 php-fpm: master process (/etc/php-fpm.conf)
               ├─10073 php-fpm: pool www
               ├─10074 php-fpm: pool www
               ├─10075 php-fpm: pool www
               ├─10076 php-fpm: pool www
               └─10077 php-fpm: pool www

    May 12 21:14:16 centOS-7 systemd[1]: Starting The PHP FastCGI Process Manager...
    May 12 21:14:16 centOS-7 systemd[1]: Started The PHP FastCGI Process Manager.

Configuring PHP

Once PHP has been installed, you will need to make a slight configuration change to make your setup more secure.

You can do this by editing the main php-fpm configuration file:

sudo nano /etc/php.ini

Find the line cgi.fix_pathinfo and change the value from 1 to 0

    cgi.fix_pathinfo=0

Save and close the file.

Next, open the file /etc/php-fpm.d/www.conf and make changes as shown below.

sudo nano /etc/php-fpm.d/www.conf

Next, find the lines that set the listen.owner and listen.group and uncomment them, then change the user and group values from apache to nginx:

    listen.owner = nobody
    listen.group = nobody

    ; Note: The user is mandatory. If the group is not set, the default user's group will be used.
    ; RPM: apache Choosed to be able to access some dir as httpd
    user = apache
    ; RPM: Keep a group allowed to write in log dir.
    group = apache

Save and close the file. Restart php-fpm service:

sudo systemctl restart php-fpm

Testing PHP

To test your PHP installation, create test.php file in your nginx document root directory.

sudo nano /usr/share/nginx/html/test.php

Add the following content:

Save and close the file. Restart Nginx service:

sudo systemctl restart nginx

Now, open your favorite web browser and visit the URL http://server-ip-address/test.php, You should see a default PHP information page similar to this one:

After verifying that Nginx renders the PHP page correctly, it is recommended to remove the test.php file you created before. Because it can give unauthorized users some hints about your PHP. You can recreate this file if you need it later.

To remove this file, run the following command:

sudo rm -rf /usr/share/nginx/html/test.php

Congratulations!, your LEMP stack installation and setup on Centos-7 is now complete. At the end you should have a working hosting environment which includes the Nginx, MariaDB and PHP software.

Conclusion

In this tutorial, you have learned how to install and configure Nginx, MariaDB and PHP on Centos-7 server. You can now easily start building your web applications with Nginx and MariaDB. Feel free to contact me if you have any questions.