All Products
Search
Document Center

Elastic Compute Service:Deploy an LNMP stack on a CentOS 7 instance

Last Updated:Jul 24, 2023

LAMP is one of the most common software stacks that are used for web development. LNMP is an acronym of the names of its original four open source components: Linux operating system, NGINX web server, MySQL relational database management system, and PHP programming language. This topic describes how to deploy an LNMP stack on an Elastic Compute Service (ECS) instance that runs a minor version of CentOS 7.

Background information

You can deploy an LNMP stack by using one of the following methods based on your business requirements:

  • Quickly deploy an LNMP stack: You can use Resource Orchestration Service (ROS) to help you quickly deploy an LNMP stack. Compared with manual deployment, the required resources are automatically created and configured without the need for human intervention in this method.

  • Manually deploy an LNMP stack: You can use this method if you are familiar with Linux operating systems, the software that is required to be installed, and the compatibility of the software.

Note

You can also purchase an LNMP image in Alibaba Cloud Marketplace and create an ECS instance from the image to deploy an LNMP stack.

In this topic, the following software versions are used. If your software version is different from the following ones, modify the commands and parameter settings based on your business requirements.

  • NGINX 1.20.1

  • MySQL 5.7.42

  • PHP 7.0.33

Preparations

To manually deploy an LNMP stack or quickly deploy an LNMP stack by using an existing ECS instance, the ECS instance must meet the following requirements:

  • The instance has a public IP address or an elastic IP address (EIP).

  • The instance runs a minor version of CentOS 7.

  • An inbound rule is added to a security group of the instance to allow traffic on ports 22, 80, and 443. For more information, see Add a security group rule.

    Important

    For security reasons, this topic describes only the ports on which traffic must be allowed to deploy and test an LNMP stack. You can configure security group rules to allow traffic on additional ports based on your requirements. For example, if you want to connect to a MySQL database that is deployed on an ECS instance, you must add an inbound rule to a security group of the instance to allow traffic on port 3306, which is the default port used for MySQL.

Procedures

Quickly deploy an LNMP stack

  1. Log on to the ROS console and go to the Use New Resources (Standard) page to quickly deploy an LNMP stack by using a template.

  2. In the upper-left corner of the top navigation bar, select a region. Region
  3. In the Configure Template Parameters step, enter a name for the resource stack, create or select an ECS instance, and then enter a password for the MySQL database.

    To create an ECS instance, you must specify the zone, instance type, system disk category, and password for the instance.

    Important

    The created instance runs a minor version of CentOS 7, uses the pay-as-you-go billing method, and has a pay-as-you-go EIP. For information about billing of ECS and EIP, see ECS billing overview and EIP billing overview.

  4. Confirm the specified information and click Create.

    After the LNMP stack is deployed, the value in the Status column on the Stack Information tab changes from Creating to Created.

  5. Click the Outputs tab, and then click the URL in the Value column.

    The page in the following figure indicates that the LNMP stack is deployed.

    php结果

Manually deploy an LNMP stack

Step 1: Disable the firewall and SELinux

Important

To prevent unexpected risks, we recommend that you perform operations as a regular user instead of an administrator. If the regular user does not have sudo permissions, grant the permissions to the user. For more information, see the "How do I grant sudo permissions to a regular user?" question in the FAQ section.

  1. Connect to the ECS instance on which you want to deploy an LNMP stack.

    For more information, see Connection methods.

  2. Disable the firewall.

    1. Run the following command to check the status of the firewall:

      systemctl status firewalld
      查看防火墙状态
      • If inactive is returned, the firewall is disabled. Proceed to Step 3.

      • If active is returned, the firewall is enabled. Proceed to Step 2.b.

    2. Disable the firewall.

      • To temporarily disable the firewall, run the following command:

        sudo systemctl stop firewalld
        Note

        After you run the command, the firewall is temporarily disabled. When you restart the instance, the firewall is automatically enabled.

      • To permanently disable the firewall, run the following commands.

        1. Disable the firewall.

          sudo systemctl stop firewalld
        2. Prevent the firewall from being automatically enabled on instance startup.

          sudo systemctl disable firewalld
        Note

        You can re-enable the firewall after you disable the firewall. For more information, visit the official firewalld website.

  3. Disable SELinux.

    1. Run the following command to check the status of SELinux:

      getenforce
      • If Disabled is returned, SELinux is disabled. Proceed to Step 2: Install NGINX.

      • If Enforcing is returned, SELinux is enabled. Proceed to Step 3.b.

    2. Disable SELinux.

      You can temporarily or permanently disable SELinux based on your business requirements. For more information, see Enable or disable SELinux.

Step 2: Install NGINX

Note

This section describes the installation method for a specific version of NGINX. If you want to install other versions of NGINX, see the "How do I install other NGINX versions?" question in the FAQ section.

  1. Run the following command to install NGINX:

    sudo yum -y install nginx
  2. Run the following command to check the version of NGINX:

    nginx -v

    The following command output indicates that NGINX is installed:

    nginx version: nginx/1.20.1

Step 3: Install and configure MySQL

Install MySQL

  1. Run the following command to update the YUM repository:

    sudo rpm -Uvh  http://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm
  2. Run the following command to install MySQL.

    Note

    If the "No match for argument" error message is returned, run the sudo yum module disable mysql command to disable the MySQL module in the YUM package manager. Then, install MySQL.

    sudo yum -y install mysql-community-server --nogpgcheck
  3. Run the following command to check the version of MySQL:

    mysql -V

    The following command output indicates that MySQL is installed:

    mysql  Ver 14.14 Distrib 5.7.42, for Linux (x86_64) using  EditLine wrapper
  4. Run the following command to start MySQL:

    sudo systemctl start mysqld
  5. Run the following commands in sequence to configure MySQL to automatically start on instance startup:

    sudo systemctl enable mysqld
    sudo systemctl daemon-reload

Configure MySQL

  1. Run the following command to view the /var/log/mysqld.log file and obtain and record the initial password of the root user:

    sudo grep 'temporary password' /var/log/mysqld.log

    The following command output indicates thatARQTRy3+**** is the initial password of the root user. You will use this initial password when you reset the password of the root user.

    2021-11-10T07:01:26.595215Z 1 [Note] A temporary password is generated for root@localhost: ARQTRy3+****
  2. Run the following command to configure the security settings of MySQL:

    sudo mysql_secure_installation
    1. Enter the initial password of MySQL.

      Note When you enter a password, no command output is returned to maximize data security. You need only to enter the correct password and then press the Enter key.
      Securing the MySQL server deployment.
      
      Enter password for user root: # Enter the initial password that you obtained in the previous step.
    2. Enter a new password for MySQL.

      The existing password for the user account root has expired. Please set a new password.
      
      New password: # Enter a new password. The password must be 8 to 30 characters in length, and must contain uppercase letters, lowercase letters, digits, and special characters. Special characters include ( ) ` ~ ! @ # $ % ^ & * - + = | { } [ ] : ; ' < > , . ? /
      
      Re-enter new password: # Re-enter the new password. 
      The 'validate_password' plugin is installed on the server.
      The subsequent steps will run with the existing configuration
      of the plugin.
      Using existing password for root.
      
      Estimated strength of the password: 100 # The strength of the new password is contained in the command output. 
      Change the password for root ? (Press y|Y for Yes, any other key for No) :Y # Enter Y to confirm the new password. 
      
      # After the new password is set, you must verify the password. 
      New password:# Enter the new password. 
      
      Re-enter new password: # Re-enter the new password. 
      
      Estimated strength of the password: 100
      Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) :Y # Enter Y to use the new password.

    3. Enter Y to delete the anonymous user account.

      Remove anonymous users? (Press y|Y for Yes, any other key for No) :Y
      Success.
    4. Enter Y to deny access from the root user to MySQL.

      Disallow root login remotely? (Press y|Y for Yes, any other key for No) :Y
      Success.
    5. Enter Y to delete the test database and the access permissions on the database.

      Remove test database and access to it? (Press y|Y for Yes, any other key for No) :Y
       - Dropping test database...
      Success.
      
       - Removing privileges on test database...
      Success.
    6. Enter Y to reload privilege tables.

      Reload privilege tables now? (Press y|Y for Yes, any other key for No) :Y
      Success.
      
      All done!

For more information, see the official MySQL documentation.

Step 4: Install and configure PHP

Install PHP

  1. Update the YUM repository.

    1. Run the following commands to add the Extra Packages for Enterprise Linux (EPEL) repository:

      sudo yum install \
      https://repo.ius.io/ius-release-el7.rpm \
      https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
    2. Run the following command to add the Webtatic repository:

      sudo rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm
  2. Run the following command to install PHP:

    sudo yum -y install php70w-devel php70w.x86_64 php70w-cli.x86_64 php70w-common.x86_64 php70w-gd.x86_64 php70w-ldap.x86_64 php70w-mbstring.x86_64 php70w-mcrypt.x86_64  php70w-pdo.x86_64   php70w-mysqlnd  php70w-fpm php70w-opcache php70w-pecl-redis php70w-pecl-mongodb
  3. Run the following command to check the version of PHP:

    php -v

    The following command output indicates that PHP is installed:

    PHP 7.0.33 (cli) (built: Dec  6 2018 22:30:44) ( NTS )
    Copyright (c) 1997-2017 The PHP Group
    Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
        with Zend OPcache v7.0.33, Copyright (c) 1999-2017, by Zend Technologies                

Modify the NGINX configuration file to enable PHP

  1. Run the following command to back up the NGINX configuration file:

    sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
  2. Modify the NGINX configuration file to add NGINX support for PHP.

    Important

    If you do not add NGINX support for PHP, PHP pages cannot be displayed when you access the pages by using a browser.

    1. Run the following command to open the NGINX configuration file:

      sudo vim /etc/nginx/nginx.conf
    2. Press the I key to enter Insert mode.

    3. Modify or add the following information enclosed inside the server braces.

      Retain the default values for all settings except the following settings:

      • Modify or add the following information enclosed inside the location / braces.

                location / {
                    index index.php index.html index.htm;
                }
      • Modify or add the following information enclosed inside the location ~ .php$ braces.

                # Add the following information to make NGINX use Fast Common Gateway Interface (FastCGI) to process your PHP requests: 
                location ~ .php$ {
                    root /usr/share/nginx/html;    # Replace /usr/share/nginx/html with your website root directory. In this example, /usr/share/nginx/html is used as the website root directory. 
                    fastcgi_pass 127.0.0.1:9000;   # NGINX forwards your PHP requests to PHP FastCGI Process Manager (PHP-FPM) by using port 9000 of the ECS instance. 
                    fastcgi_index index.php;
                    fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                    include fastcgi_params;   # NGINX uses FastCGI to process the PHP requests. 
                }

      The following figure shows the added or modified configuration information. nginx配置文件

    4. Press the Esc key, enter :wq, and then press the Enter key to save and close the configuration file.

  3. Run the following command to start NGINX:

    sudo systemctl start nginx 
  4. Run the following command to configure NGINX to automatically start on instance startup:

    sudo systemctl enable nginx

Configure PHP

  1. Create and edit the phpinfo.php file to display PHP information.

    1. Run the following command to create the phpinfo.php file:

      sudo vim <Website root directory>/phpinfo.php

      The <website root directory> is the root value enclosed inside the location ~ .php$ braces that you configured in the nginx.conf file, as shown in the following figure. 网站根目录In this example, the website root directory is /usr/share/nginx/html. Run the following command to create the phpinfo.php file:

      sudo vim /usr/share/nginx/html/phpinfo.php
    2. Press the I key to enter Insert mode.

    3. Enter the following content. The phpinfo() function displays all configuration information of PHP.

      <?php echo phpinfo(); ?>
    4. Press the Esc key, enter :wq, and then press the Enter key to save and close the configuration file.

  2. Run the following command to start PHP-FPM:

    sudo systemctl start php-fpm
  3. Run the following command to configure PHP-FPM to automatically start on instance startup:

    sudo systemctl enable php-fpm

Step 5: Test the connection to the LNMP stack

  1. Open a browser on your on-premises Windows computer or another Windows host that can access the Internet.

  2. In the address bar, enter http://<Public IP address of the ECS instance>/phpinfo.php.

    The page in the following figure indicates that the LNMP stack is deployed.

    php结果

What to do next

After you confirm that the LNMP stack is deployed, we recommend that you run the following command to delete the phpinfo.php file to prevent data leaks:

sudo rm -rf <Website root directory>/phpinfo.php

Replace <website root directory> with the website root directory that you configured in the nginx.conf file.

In this example, the website root directory is /usr/share/nginx/html. Run the following command:

sudo rm -rf /usr/share/nginx/html/phpinfo.php

FAQ

Question 1: How do I install other NGINX versions?

  1. Use a browser to visit the NGINX open source community to obtain the download URLs of NGINX versions.

    Select the NGINX version that you want to install. In this example, NGINX 1.8.1 is used.

  2. Connect to the ECS instance on which you want to deploy an LNMP stack.

    For more information, see Connect to a Linux instance by using a password.

  3. Run the following commands to install NGINX dependencies:

    sudo yum install -y gcc-c++
    sudo yum install -y pcre pcre-devel
    sudo yum install -y zlib zlib-devel
    sudo yum install -y openssl openssl-devel
  4. Run the wget command to download NGINX 1.8.1.

    You can obtain the URL of the NGINX installation package for the required version from the NGINX open source community. Then, run the wget URL command to download the NGINX installation package to the ECS instance. For example, to download NGINX 1.8.1, run the following command:

    sudo wget http://nginx.org/download/nginx-1.8.1.tar.gz
  5. Run the following commands to decompress the NGINX 1.8.1 installation package and go to the folder in which NGINX resides:

    sudo tar zxvf nginx-1.8.1.tar.gz
    cd nginx-1.8.1
  6. Run the following commands in sequence to compile the source code:

    sudo ./configure \
     --user=nobody \
     --group=nobody \
     --prefix=/usr/local/nginx \
     --with-http_stub_status_module \
     --with-http_gzip_static_module \
     --with-http_realip_module \
     --with-http_sub_module \
     --with-http_ssl_module
    sudo make && make install
  7. Run the following commands to go to the sbin directory of NGINX and then start NGINX:

    cd /usr/local/nginx/sbin/
    sudo ./nginx
  8. Use a browser to access <Public IP address of the ECS instance>.

    The page in the following figure indicates that NGINX is installed and started.nginx

Question 2: How do I grant sudo permissions to a regular user?

  1. Connect to a Linux instance as the root user.

    For more information, see Connect to a Linux instance by using a password.

  2. Run the following commands to create a regular user and specify a password for the user. In this example, the regular user is named test.

    useradd test
    passwd test
  3. Run the following command to configure permissions on the /etc/sudoers file:

    chmod 750 /etc/sudoers
  4. Run the following command to edit the /etc/sudoers file:

    vim /etc/sudoers

    Press the I key to enter Insert mode and add the following configuration:

    test ALL=(ALL)  NOPASSWD: ALL

    sada45 Enter :wq to save and close the file.

  5. Run the following command to switch to the test user:

    su - test
  6. Run the following command to check sudo permissions:

    sudo cat /etc/redhat-release

    The following command output indicates that sudo permissions are granted to the test user:

    [test@iZbp1dqulfhozse3jbp**** ~]$ sudo cat /etc/redhat-release
    CentOS Linux release 7.9.2009 (Core)