How to Install LEMP Stack on Debian 9 Stretch

lemp stack debian 9In this article, we are going guide you to install LEMP stack to brand new Debian GNU/Linux 9 Stretch. LEMP stands for Linux, Nginx (as in Engine X), MySQL and PHP. From Debian 9, Mariadb is the default mysql server. But you can also choose mysql for installation. It is the counterpart of more popular LAMP stack except instead of Apache httpd we use nginx. Earlier we have tried LEMP stack on Ubuntu and docker container. This time we can try on Debian flavor.

Installing Nginx, Mariadb and PHP

We will start off by installing all the packages we need. The nginx, MariaDB and PHP are all installed by this command

apt install nginx mysql-server mysql-client php-fpm php-mysql libfcgi0ldbl

Now we can start all needed services with systemd

systemctl start php7.0-fpm nginx mysql

And then enable them to start at boot

systemctl enable php7.0-fpm nginx mysql

Configuring LEMP Stack

So we now have LEMP stack up and running, and we need to configure it so it serves some page.

First thing to do would be to run mysql_secure_installation script.

mysql_secure_installation

You answer here everything with y and add new password for root. Next, you need to bind socket for fastcgi

cgi-fcgi -bind -connect /run/php/php7.0-fpm.sock

Then we go to configure available sites in nginx configuration folder. First we move default config as backup

mv /etc/nginx/sites-available/default /etc/nginx/sites-available/df.bk

Next we make new empty file

nano /etc/nginx/sites-available/default

There we make new configuration. You can paste this

 server {
        listen 80 default_server;
        listen [::]:80 default_server;
        root /var/www/html;
        index index.php index.html index.htm index.nginx-debian.html;

        server_name _;
        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        }
}

And finally we make a test page that will show us info about this server:

echo "<?php phpinfo(); ?>" > /var/www/html/index.php

We will create one more php file that will make database connection

nano /var/www/html/db.php

<?php
$dbh = mysqli_connect('localhost', 'linoxide', 'password');
if (!$dbh) {
die('Could not connect: ' . mysqli_error());
}
echo 'Connected successfully to Linoxide test database';
mysqli_close($dbh);
?>

To be able to connect to database, we need to add linoxide user with password. This will be done with following commands

mysql -u root -e "CREATE USER 'linoxide'@'%' IDENTIFIED BY 'password';"

mysql -u root -e "GRANT ALL PRIVILEGES ON *.* TO 'linoxide'@'%' WITH GRANT OPTION"

Testing it out

In order to test this, let's restart all services:

systemctl restart php7.0-fpm nginx mysql

Next open your browser, navigate to the ip of your server and you should find there something like this:

If you go to same url but add /db.php you will get database connection page

Securing the server

We are going to use uncomplicated firewall to secure the Debian 9 server. This command will install it:

apt install ufw

We sure need ssh access so lets open TCP port 22.

ufw allow 22/tcp

Next we can enable firewall:

ufw enable

Next we cann allow mysql, http and https ports

ufw allow 3306/tcp
ufw allow 80/tcp
ufw allow 443/tcp (allow if you use https)

After this, you can go through testing steps again.

We have successfully installed and secured the LEMP stack on brand new Debian 9. Debian is a universal operating system that can be used as a server or desktop. LEMP is the best stack for hosting and installing PHP site like WordPress. Thank you for reading and let us know if you have any comments.

About Mihajlo Milenovic

Miki is a long time GNU/Linux user, Free Software advocate and a freelance system administrator from Serbia. Got introduced to GNU/Linux in year 2003 on old AMD Duron computer, and since than always eager to learn new stuff about this system. From 2016 writes for Linoxide to share his experiences with wider audience

Author Archive Page

Have anything to say?

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.