Manually build an LNMP environment on a CentOS 7 instance - Elastic Compute Service

NGINX is a small and efficient web server software that can be used to build an LNMP web service environment. LNMP is an acronym of the names of its original four open source components: Linux operating system, NGINX web server, MySQL relational database management system, and PHP programming language. This topic describes how to manually build an LNMP environment on an Elastic Compute Service (ECS) instance that runs a CentOS 7 operating system.

Prerequisites

An ECS instance is created and a public IP address is assigned to the instance. For more information, see Creation method overview.
In this example, an ECS instance with the following configurations is used. We recommend that you do not change the operating system during deployment. Otherwise, errors may be reported when commands are run.
- Instance type: ecs.c6.large
- Operating system: CentOS 7.8 64-bit public image
- Network type: Virtual Private Cloud (VPC)
- IP address: a public IP address
An inbound rule is added to a security group of the ECS instance to allow traffic on ports 22, 80, and 443. For more information, see Add a security group rule.
Note For security purposes, this topic describes only the ports on which traffic must be allowed to deploy and test an LNMP environment. You can configure security group rules to allow traffic on more ports based on your needs. For example, if you want to connect to a MySQL database on an ECS instance, you must configure an inbound rule in a security group of the instance to allow traffic on port 3306, which is the default port used for MySQL.

Background information

This topic is intended for individual users who are familiar with Linux operating systems but new to using Alibaba Cloud ECS to build websites.

You can also purchase an LNMP image in Alibaba Cloud Marketplace and create an ECS instance from the image to build websites.

The following software versions are used in the sample procedure. If your software version differs from the preceding ones, you may need to adjust the commands and parameter settings.

NGINX 1.20.1
MySQL 5.7.36
PHP 7.0.33

Step 1: Prepare the compilation environment

Important To prevent unexpected risks, we recommend that you perform operations as a regular user, instead of an administrator. If the regular user does not have sudo permissions, grant the permissions to the user. For more information, see the "How do I grant sudo permissions to a regular user?" question in the FAQ section.

Connect to the ECS instance on which you want to deploy an LNMP environment.
For more information, see Connection methods .
Disable the firewall.
1. Run the systemctl status firewalld command to check the status of the firewall.
  - If the firewall is in the inactive state, the firewall is disabled.
  - If the firewall is in the active state, the firewall is enabled.
2. Disable the firewall. Skip this step if the firewall is already disabled.
  - To temporarily disable the firewall, run the following command:
```
sudo systemctl stop firewalld
```
    Note After you run this command, the firewall is temporarily disabled. When you restart the Linux instance, the firewall is automatically enabled.
  - To permanently disable the firewall, perform the following steps:
    1. Run the following command to disable the firewall:
      sudo systemctl stop firewalld
    2. Run the following command to prevent the firewall from being automatically enabled on system startup:
      sudo systemctl disable firewalld
    Note You can re-enable the firewall after it is disabled. For more information, visit the official firewalld website.
Disable Security-Enhanced Linux (SELinux).
1. Run the getenforce command to check the status of SELinux.
  - If SELinux is in the Disabled state, SELinux is disabled.
  - If SELinux is in the Enforcing state, SELinux is enabled.
2. Disable SELinux. Skip this step if SELinux is already disabled.
  You can disable SELinux on a temporary or permanent basis depending on your business needs. For more information, see Enable or disable SELinux.

Step 2: Install NGINX

Note This topic provides the installation method for a single version of NGINX. If you want to install other versions of NGINX, see the "FAQ" section in this topic.

Run the following command to install NGINX:
```
sudo yum -y install nginx
```
Run the following command to check the version of NGINX:
```
nginx -v
```
The following command output indicates that NGINX is installed:
```
nginx version: nginx/1.20.1
```

Step 3: Install MySQL

Run the following command to update the YUM repository:

sudo rpm -Uvh  http://dev.mysql.com/get/mysql57-community-release-el7-9.noarch.rpm

Run the following command to install MySQL.
Note If you are using an operating system whose kernel version is el8, you may receive the No match for argument error message. If the issue occurs, run the sudo yum module disable mysql command to disable the default MySQL module before you install MySQL.
```
sudo yum -y install mysql-community-server --nogpgcheck
```
Run the following command to check the version of MySQL:
```
mysql -V
```
The following command output indicates that MySQL is installed:
```
mysql  Ver 14.14 Distrib 5.7.36, for Linux (x86_64) using  EditLine wrapper
```
Run the following command to start MySQL:
```
sudo systemctl start mysqld
```
Run the following commands in sequence to configure MySQL to start on system startup:
```
sudo systemctl enable mysqld
sudo systemctl daemon-reload
```

Step 4: Install PHP

Update the YUM repositories.

Run the following commands to add the Extra Packages for Enterprise Linux (EPEL) repository:

sudo yum install \
https://repo.ius.io/ius-release-el7.rpm \
https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

Run the following command to add the Webtatic repository:

sudo rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

Run the following command to install PHP:

sudo yum -y install php70w-devel php70w.x86_64 php70w-cli.x86_64 php70w-common.x86_64 php70w-gd.x86_64 php70w-ldap.x86_64 php70w-mbstring.x86_64 php70w-mcrypt.x86_64  php70w-pdo.x86_64   php70w-mysqlnd  php70w-fpm php70w-opcache php70w-pecl-redis php70w-pecl-mongodb

Run the following command to check the version of PHP:

php -v

The following command output indicates that PHP is installed:

PHP 7.0.33 (cli) (built: Dec  6 2018 22:30:44) ( NTS )
Copyright (c) 1997-2017 The PHP Group
Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.0.33, Copyright (c) 1999-2017, by Zend Technologies

Step 5: Configure NGINX

Run the following command to back up the NGINX configuration file:
```
sudo cp /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak
```

Modify the NGINX configuration file to add support for PHP.

Note If you do not add support for PHP, PHP pages cannot be displayed when you access them by using a browser.

Run the following command to open the NGINX configuration file:
```
suod vim /etc/nginx/nginx.conf
```
Press the I key to enter the edit mode.

Modify or add the following information enclosed inside the server braces.

Retain the default values for all settings except the following settings:

Modify or add information enclosed inside the location / braces.

        location / {
            index index.php index.html index.htm;
        }

Modify or add information enclosed inside the location ~ .php$ braces.

        # Add the following information to make NGINX use Fast Common Gateway Interface (FastCGI) to process your PHP requests: 
        location ~ .php$ {
            root /usr/share/nginx/html;    # Replace /usr/share/nginx/html with your website root directory. In this example, /usr/share/nginx/html is used as the website root directory. 
            fastcgi_pass 127.0.0.1:9000;   # NGINX forwards your PHP requests to PHP FastCGI Process Manager (PHP-FPM) by using port 9000 of the ECS instance. 
            fastcgi_index index.php;
            fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            include fastcgi_params;   # NGINX calls the FastCGI operation to process the PHP requests. 
        }

The following figure shows the added or modified configuration information. NGINX configuration file

Press the Esc key, enter :wq, and then press the Enter key to save and close the configuration file.

Run the following command to start NGINX:
```
sudo systemctl start nginx 
```
Run the following command to configure NGINX to start on system startup:
```
sudo systemctl enable nginx
```

Step 6: Configure MySQL

Run the following command to view the /var/log/mysqld.log file and obtain and record the initial password of the root user:
```
sudo grep 'temporary password' /var/log/mysqld.log
```
A command output similar to the following one is displayed, in which ARQTRy3+n8*W is the initial password of the root user. This initial password will be used when you reset the password of the root user.
```
2021-11-10T07:01:26.595215Z 1 [Note] A temporary password is generated for root@localhost: ARQTRy3+n8*W
```

Run the following command to configure the security settings of MySQL:

sudo mysql_secure_installation

Enter the initial password of the root user.
Note When you enter a password, no command output is returned to maximize data security. You need only to enter the correct password and then press the Enter key.
```
Securing the MySQL server deployment.

Enter password for user root: # Enter the initial password that you obtained in the preceding step.
```

Reset the password of the root user.

The existing password for the user account root has expired. Please set a new password.

New password: # Enter a new password. The password must be 8 to 30 characters in length, and must contain uppercase letters, lowercase letters, digits, and special characters. Special characters include ( ) ` ~ ! @ # $ % ^ & * - + = | { } [ ] : ; ' < > , . ? /.

Re-enter new password: # Enter the new password again. 
The 'validate_password' plugin is installed on the server.
The subsequent steps will run with the existing configuration
of the plugin.
Using existing password for root.

Estimated strength of the password: 100 # The strength of the new password is contained in the command output. 
Change the password for root ? (Press y|Y for Yes, any other key for No) : Y # Enter Y to confirm the new password. 

# After the new password is set, you need to verify it again. 
New password:# Enter the new password. 

Re-enter new password: # Enter the new password again. 

Estimated strength of the password: 100
Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) :Y # Enter Y to confirm the new password.

Enter Y to delete the anonymous user account.

Remove anonymous users? (Press y|Y for Yes, any other key for No) :Y
Success.

Enter Y to deny remote access by the root user.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) :Y
Success.

Enter Y to delete the test database and the access permissions on the database.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) :Y
 - Dropping test database...
Success.

 - Removing privileges on test database...
Success.

Enter Y to reload privilege tables.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) :Y
Success.

All done!

For more information, see the official MySQL documentation.

Step 7: Configure PHP

Create and edit the phpinfo.php file to show PHP information.
1. Run the following command to create the phpinfo.php file:
```
sudo vim <Website root directory>/phpinfo.php
```
  Replace <website root directory> with the root value enclosed inside the location ~ .php$ braces that you configured in the nginx.conf file, as shown in the following figure. In this example, the website root directory is /usr/share/nginx/html. You can run the following command to create the phpinfo.php file:
```
sudo vim /usr/share/nginx/html/phpinfo.php
```
2. Press the I key to enter the edit mode.
3. Enter the following content. The phpinfo() function is used to show all configuration information of PHP.
```
<?php echo phpinfo(); ?>
```
4. Press the Esc key, enter :wq, and then press the Enter key to save and close the configuration file.
Run the following command to start PHP-FPM:
```
sudo systemctl start php-fpm
```
Run the following command to configure PHP-FPM to start on system startup:
```
sudo systemctl enable php-fpm
```

Step 8: Test the connection to the LNMP environment

Open a browser on your Windows computer or another Windows host that can access the Internet.
In the address bar, enter http://<public IP address of the ECS instance>/phpinfo.php.
The following page indicates that the LNMP environment is deployed.

What to do next

After you confirm that the LNMP environment is deployed, we recommend that you run the following command to delete the phpinfo.php file to prevent data leaks:

sudo rm -rf <Website root directory>/phpinfo.php

Replace <website root directory> with the website root directory that you configured in the nginx.conf file.

In this example, the website root directory is /usr/share/nginx/html. Run the following command:

sudo rm -rf /usr/share/nginx/html/phpinfo.php

FAQ

Question 1: How do I install other NGINX versions?

Use a browser to visit the NGINX open source community to obtain the download URLs of NGINX versions.
Select the NGINX version that you want to install. In this example, NGINX 1.8.1 is used.
Connect to the ECS instance on which you want to build an LNMP environment.
Run the wget command to download NGINX 1.8.1.
You can obtain the URL of the NGINX installation package for the required version from the NGINX open source community. Then, run the wget URL command to download the NGINX installation package to the ECS instance. For example, you can download NGINX 1.8.1 by running the following command:
```
sudo wget http://nginx.org/download/nginx-1.8.1.tar.gz
```

Run the following commands to install NGINX dependencies:

sudo yum install -y gcc-c++
sudo yum install -y pcre pcre-devel
sudo yum install -y zlib zlib-devel
sudo yum install -y openssl openssl-devel

Run the following commands to decompress the NGINX 1.8.1 installation package and go to the folder in which NGINX resides:
```
sudo tar zxvf nginx-1.8.1.tar.gz
cd nginx-1.8.1
```

Run the following commands in sequence to compile the source code:

sudo ./configure \
 --user=nobody \
 --group=nobody \
 --prefix=/usr/local/nginx \
 --with-http_stub_status_module \
 --with-http_gzip_static_module \
 --with-http_realip_module \
 --with-http_sub_module \
 --with-http_ssl_module

sudo make && make install

Run the following commands to go to the sbin directory of NGINX and then start NGINX:
```
cd /usr/local/nginx/sbin/
sudo ./nginx
```
Use a browser to access <Public IP address of the ECS instance>.
If the following page appears, it indicates that NGINX is installed and started.

Question 2: How do I grant sudo permissions to a regular user?

Connect to a Linux instance as the root user.
For more information, see Connect to a Linux instance by using a password.
Run the following command to create a regular user named test and set a password for the user:
```
useradd test
passwd test
```
Run the following command to set permissions on the /etc/sudoers file:
```
chmod 750 /etc/sudoers
```
Run the following command to edit the /etc/sudoers file:
```
vim /etc/sudoers
```
Press the I key to enter the edit mode and add the following configuration:
```
test   ALL=(ALL)     NOPASSWD: ALL
```
Enter :wq to save and close the file.
Run the following command to switch to the test user:
```
su - test
```
Run the following command to check sudo permissions:
```
sudo cat /etc/redhat-release
```
A command output similar to the following one indicates that sudo permissions are granted to the test user:
```
[test@iZbp1dqulfhozse3jbp**** ~]$ sudo cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
```