In this article, we are going guide you to install LEMP stack to brand new Debian GNU/Linux 9 Stretch. LEMP stands for Linux, Nginx (as in Engine X), MySQL and PHP. From Debian 9, Mariadb is the default mysql server. But you can also choose mysql for installation.
It is the counterpart of more popular LAMP stack except instead of Apache httpd we use nginx. Earlier we have tried LEMP stack on Ubuntu and docker container. This time we can try on Debian flavor.
Installing Nginx, Mariadb and PHP
We will start off by installing all the packages we need. The nginx, MariaDB and PHP are all installed by this command
apt install nginx mysql-server mysql-client php-fpm php-mysql libfcgi0ldbl
Now we can start all needed services with systemd
systemctl start php7.0-fpm nginx mysql
And then enable them to start at boot
systemctl enable php7.0-fpm nginx mysql
Configuring LEMP Stack
So we now have LEMP stack up and running, and we need to configure it so it serves some page.
First thing to do would be to run mysql_secure_installation script.
mysql_secure_installation
You answer here everything with y and add new password for root. Next, you need to bind socket for fastcgi
cgi-fcgi -bind -connect /run/php/php7.0-fpm.sock
Then we go to configure available sites in nginx configuration folder. First we move default config as backup
mv /etc/nginx/sites-available/default /etc/nginx/sites-available/df.bk
Next we make new empty file
nano /etc/nginx/sites-available/default
There we make new configuration. You can paste this
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
}
And finally we make a test page that will show us info about this server:
echo "<?php phpinfo(); ?>" > /var/www/html/index.php
We will create one more php file that will make database connection
nano /var/www/html/db.php
<?php
$dbh = mysqli_connect('localhost', 'linoxide', 'password');
if (!$dbh) {
die('Could not connect: ' . mysqli_error());
}
echo 'Connected successfully to Linoxide test database';
mysqli_close($dbh);
?>
To be able to connect to database, we need to add linoxide user with password. This will be done with following commands
mysql -u root -e "CREATE USER 'linoxide'@'%' IDENTIFIED BY 'password';" mysql -u root -e "GRANT ALL PRIVILEGES ON *.* TO 'linoxide'@'%' WITH GRANT OPTION"
Testing it out
In order to test this, let's restart all services:
systemctl restart php7.0-fpm nginx mysql
Next open your browser, navigate to the ip of your server and you should find there something like this:
If you go to same url but add /db.php you will get database connection page
Securing the server
We are going to use uncomplicated firewall to secure the Debian 9 server. This command will install it:
apt install ufw
We sure need ssh access so lets open TCP port 22.
ufw allow 22/tcp
Next we can enable firewall:
ufw enable
Next we cann allow mysql, http and https ports
ufw allow 3306/tcp ufw allow 80/tcp ufw allow 443/tcp (allow if you use https)
After this, you can go through testing steps again.
We have successfully installed and secured the LEMP stack on brand new Debian 9. Debian is a universal operating system that can be used as a server or desktop. LEMP is the best stack for hosting and can easily install WordPress from CLI. Thank you for reading and let us know if you have any comments.
