NGINX is a small and efficient web server software that can be used to build an LNMP web service environment. The LNMP environment is based on the four major components required in this architecture: Linux, NGINX, MySQL, and PHP. This topic describes how to manually build an LNMP environment on an ECS instance.

Prerequisites

  • You must have registered an Alibaba Cloud account. If not, create a new Alibaba Cloud account first.
  • You have created an ECS instance and assigned a public IP address to the instance. For information about how to create an instance, see Create an ECS instance.
  • You have added an inbound rule to the security group of the ECS instance to allow traffic on port 80. For information about how to allow traffic on port 80, see Add security group rules.
    Rule direction Authorization policy Protocol Port range Priority Authorization type Authorization object
    Inbound Allow HTTP (80) 80/80 1 IPv4 CIDR block The public IP addresses of clients to be allowed to access the LNMP environment. Separate multiple IP addresses with commas (,).

    A value of 0.0.0.0/0 indicates that all IP addresses are allowed to access the LNMP environment.

Background information

The procedure described in this topic is applicable to users who are familiar with Linux, but new to web development on Alibaba Cloud ECS instances.

You can also create a website by purchasing an LNMP image from Alibaba Cloud Marketplace and launching an ECS instance from the image.

This example uses an ECS instance with the following configurations: The actual operation depends on your instance configuration.
  • CPU: 2 vCPUs
  • Memory: 4 GiB
  • Network type: VPC
  • IP address: public IP address

Limits

The procedure described in this topic is applicable to the following software versions:

  • Operating system: public image for CentOS 7.2 64-bit
  • NGINX version: 1.16.1
  • MySQL version: 5.7.28
  • PHP: version: 7.0.33
Note When you use software versions different from the preceding versions, you may need to adjust the commands and parameter settings as needed.

Procedure

To manually build an LNMP environment on an ECS instance, follow these steps:

Step 1: Prepare the compiling environment

  1. Connect to a Linux instance.
  2. Disable the firewall.
    1. Run the systemctl status firewalld command to check the status of the firewall.
      Check the status of the firewall
      • If the firewall is in the inactive state, the firewall is disabled.
      • If the firewall is in the active state, the firewall is enabled. In this example, the firewall is in the active state, so the firewall must be disabled.
    2. Disable the firewall. Skip this step if the firewall is already in the inactive state.
      • To temporarily disable the firewall, run the systemctl stop firewalld command.
        Note After running this command, the firewall is temporarily disabled. It will enter the active state when you next restart the instance.
      • To indefinitely disable the firewall, run the systemctl disable firewalld command.
        Note You can re-enable the firewall after it has been disabled. For more information, see the firewalld website.
  3. Disable Security-Enhanced Linux (SELinux).
    1. Run the getenforce command to check the status of SELinux.
      Check the status of SELinux
      • If SELinux is in the Disabled state, SELinux is disabled.
      • If SELinux is in the Enforcing state, SELinux is enabled. In this example, SELinux is in the Enforcing state, so SELinux must be disabled.
    2. Disable SELinux. Skip this step if SELinux is already in the Disabled state.
      • To temporarily disable SELinux, run the setenforce 0 command.
        Note After running this command, SELinux is temporarily disabled. It will enter the Enforcing state when you next restart the instance.
      • To indefinitely disable SELinux, follow these steps: Run the vim /etc/selinux/config command. Press the Enter key, move the pointer to the SELINUX=enforcing row, and press the I key to edit the configuration file. Change SELINUX=enforcing to SELINUX=disabled and press the Esc key. Type :wq and then press the Enter key to save and close the SELinux configuration file.
        Note You can re-enable SELinux after it has been disabled. For more information, see the SELinux website.
    3. Restart the system to apply the settings.

Step 2: Install NGINX

  1. Run the following command to install NGINX:
    yum -y install nginx
  2. Run the following command to check the NGINX version:
    nginx -v                            
    The following response indicates that NGINX has been installed:
    nginx version: nginx/1.16.1                            

Step 3: Install MySQL

  1. Run the following command to update the YUM Repository:
    rpm -Uvh  http://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm
  2. Run the following command to install MySQL:
    yum -y install mysql-community-server
  3. Run the following command to check the MySQL version:
    mysql -V
    The following response indicates that MySQL has been installed:
    mysql  Ver 14.14 Distrib 5.7.28, for Linux (x86_64) using  EditLine wrapper

Step 4: Install PHP

  1. Update the YUM Repository.
    1. Run the following command to add the IUS repository:
      # Before running the command, replace <Version number> with the currently available version number. 
      yum install -y http://dl.iuscommunity.org/pub/ius/stable/CentOS/7/x86_64/ius-release-<Version number>.ius.centos7.noarch.rpm

      This example uses ius-release 1.0-15, so the command is as follows:

      yum install -y http://dl.iuscommunity.org/pub/ius/stable/CentOS/7/x86_64/ius-release-1.0-15.ius.centos7.noarch.rpm

      You can take the following steps to check available version numbers of IUS:

      1. Visit the ius community website.
      2. Enter ius-release in the search box.
      3. Select the version number with the centos7 characters. The content in the following red box is the available version number.ius-release
    2. Run the following command to add the Webtatic repository:
      rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
  2. Run the following command to install PHP:
    yum -y install php70w-devel php70w.x86_64 php70w-cli.x86_64 php70w-common.x86_64 php70w-gd.x86_64 php70w-ldap.x86_64 php70w-mbstring.x86_64 php70w-mcrypt.x86_64  php70w-pdo.x86_64   php70w-mysqlnd  php70w-fpm php70w-opcache php70w-pecl-redis php70w-pecl-mongodb
  3. Run the following command to check the PHP version:
    php -v
    The following response indicates that PHP has been installed.
    PHP 7.0.33 (cli) (built: Dec  6 2018 22:30:44) ( NTS )
    Copyright (c) 1997-2017 The PHP Group
    Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
        with Zend OPcache v7.0.33, Copyright (c) 1999-2017, by Zend Technologies                

Step 5: Configure NGINX

  1. Run the following command to back up the NGINX configuration file:
    cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
  2. Modify the NGINX configuration file to add NGINX support for PHP.
    Note If you do not add this configuration, the PHP page cannot be displayed when accessed through a browser later.
    1. Run the following command to open the NGINX configuration file:
      vim /etc/nginx/nginx.conf
    2. Press the I key to enter editing mode.
    3. Within the Server braces, add the following configuration information:
              # Retain the default values for all settings except the following settings:
              location / {
                  # Add the following information in the location braces to configure the default homepage when the website is accessed.
                  index index.php index.html index.htm;
              }
              # Add the following information to enable NGINX to process your PHP requests by using Fast Common Gateway Interface (FastCGI).
              location ~ .php$ {
                  root /usr/share/nginx/html;    # Replace /usr/share/nginx/html with the root directory of your website, which in this example is /usr/share/nginx/html.
                  fastcgi_pass 127.0.0.1:9000;   # NGINX forwards PHP requests to PHP FastCGI Process Manager (PHP-FPM) through port 9000 of the ECS instance.
                  fastcgi_index index.php;
                  fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                  include fastcgi_params;   # NGINX calls the FastCGI operation to process PHP requests.
              }                

      The configurations are as shown in the following figure.

      nginx-configuration
    4. Press the Esc key, type :wq, and press the Enter key to save and close the configuration file.
  3. Run the following command to start the NGINX service:
    systemctl start nginx 
  4. Run the following command to enable the NGINX service to run during startup:
    systemctl enable nginx

Step 6: Configure MySQL

  1. Run the following command to launch MySQL:
    systemctl start mysqld
  2. Run the following command to enable the MySQL service to run during startup:
    systemctl enable mysqld
  3. Run the following command to check the /var/log/mysqld.log file, and obtain and record the initial password of the root user:
    grep 'temporary password' /var/log/mysqld.log

    The response is as follows:

    2016-12-13T14:57:47.535748Z 1 [Note] A temporary password is generated for root@localhost: p0/G28g>lsHD
    Note You must use the initial password to reset the password of the root user.
  4. Run the following command to configure your MySQL databases and secure data:
    mysql_secure_installation

    Continue with these steps for the security configuration:

    1. Reset the password of the root user.
      Enter password for user root: # Enter the initial password that you obtained in the previous step.
      The 'validate_password' plugin is installed on the server.
      The subsequent steps will run with the existing configuration of the plugin.
      Using existing password for root.
      Estimated strength of the password: 100 
      Change the password for root ? (Press y|Y for Yes, any other key for No) : Y
      New password: # Enter a new password that is 8 to 30 characters in length. It must contain lowercase and uppercase letters, digits, and special characters. Special characters include () `   ~ ! @ # $ % ^ & * - + = | {} [] : ; ‘ < > , . ? /
      Re-enter new password: # Re-enter the new password for confirmation.
      Estimated strength of the password: 100 
      Do you wish to continue with the password provided?( Press y|Y for Yes, any other key for No) : Y
    2. Enter Y to delete the anonymous user account.
      By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment.
      Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y
      Success.
    3. Enter Y to deny remote access by the root user.
      Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y
      Success.
    4. Enter Y to delete the test database and access permissions on this database.
      Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y
      - Dropping test database...
      Success.
    5. Enter Y to reload privilege tables.
      Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y
      Success.
      All done!

For more information, see MySQL documentation.

Step 7: Configure PHP

  1. Create the phpinfo.php file to display phpinfo information.
    1. Run the following command to create the file:
      vim <Website root directory>/phpinfo.php  # Replace <Website root directory> with your configured website root directory.

      The website root directory is the root value within the location ~ .php$ braces that you configured in the nginx.conf file as shown in the following figure:

      lnmp-root-dir

      In this example, the website root directory is /usr/share/nginx/html, so the command is as follows:

      vim /usr/share/nginx/html/phpinfo.php
    2. Press the I key to enter editing mode.
    3. Enter the following content:
      <? php echo phpinfo(); ? >
    4. Press the Esc key, type :wq, and press the Enter key to save and close the configuration file.
  2. Run the following command to start PHP-FPM:
    systemctl start php-fpm
  3. Run the following command to enable PHP-FPM to run during startup:
    systemctl enable php-fpm

Step 8: Test the connection to the LNMP environment

  1. Open your browser.
  2. In the address bar, enter the URL http://<Public IP address of the ECS instance>/phpinfo.php.
    The following response indicates that the LNMP environment has been deployed.LNMP deployed

What to do next

Afterward, we recommend that you run the following command to delete the phpinfo.php file to ensure system security:
rm -rf <Website root directory>/phpinfo.php   # Replace the <Website root directory> with the website root directory that you configured in nginx.conf

The website root directory configured in this example is /usr/share/nginx/html, so the command is as follows:

rm -rf /usr/share/nginx/html/phpinfo.php