LNMP stack building - Elastic Compute Service - Alibaba Cloud Documentation Center

LNMP is one of the mainstream website server architectures and suitable for running large-scale and high-concurrency website applications, such as e-commerce websites, social networks, and content management systems. LNMP is an acronym for the names of the following open source components: the Linux operating system, NGINX web server, MySQL relational database management system, and PHP programming language. This topic describes how to deploy an LNMP stack on an Elastic Compute Service (ECS) instance that runs Ubuntu 20 or Ubuntu 22.

Prerequisites

An ECS instance is created and meets the following requirements:

The instance is assigned a public IP address or associated with an elastic IP address (EIP).
The instance runs a Ubuntu 20 or Ubuntu 22 operating system.
Inbound rules are added to a security group of the instance to open ports 22, 80, and 443. For information about how to add an inbound security group rule, see Add a security group rule.
Important
For security purposes, this topic describes only the ports on which traffic must be allowed to deploy and test an LNMP stack. You can configure security group rules to allow traffic on more ports based on your business requirements. For example, if you want to connect to a MySQL database on an ECS instance, configure an inbound rule in a security group of the instance to allow traffic on port 3306, which is the default port used for MySQL.

Step 1: Disable the firewall

Important

To prevent unexpected risks, we recommend that you perform operations as a regular user instead of an administrator. If the regular user does not have sudo permissions, grant the permissions to the user. For more information, see the "How do I grant sudo permissions to a regular user?" question in the FAQ section.

Connect to the ECS instance on which you want to deploy an LNMP stack.
For more information, see Connection method overview.
Disable the firewall on the instance operating system.
1. Run the following command to check the status of the firewall:
```
sudo ufw status
```
  - If the firewall is disabled, Status: inactive is displayed in the command output.
  - If the firewall is enabled, Status: active is displayed in the command output.
2. (Optional) Disable the firewall.
  If the firewall is enabled, run the following command to disable the firewall and prevent the firewall from starting on instance startup:
```
sudo ufw disable
```
  Note
  If you want to re-enable the firewall after it is disabled and configure the firewall to start on instance startup, run the sudo ufw enable command.

Step 2: Install NGINX

Run the following command to update software packages in the Ubuntu operating system:
```
sudo apt update
```
Run the following command to install NGINX:
```
sudo apt -y install nginx
```
Run the following command to view the NGINX version:
```
nginx -v
```
A command output similar to the following one indicates that NGINX is installed and its version is 1.18.0.
```
nginx version: nginx/1.18.0 (Ubuntu)
```

Step 3: Install and configure MySQL

Install MySQL.
1. Run the following command to install MySQL:
```
sudo apt -y install mysql-server
```
2. Run the following command to view the MySQL version:
```
mysql -V
```
  A command output similar to the following one indicates that MySQL is installed and its version is 8.0.27.
```
mysql  Ver 8.0.36-0ubuntu0.20.04.1 for Linux on x86_64 ((Ubuntu))
```

Configure MySQL.

Run the following command to connect to MySQL:
```
sudo mysql
```

Run the following command to set the password of the root user:

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password by 'mynewpassword';

In this example, the password is set to Mysql@1234. Sample command:

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password by 'Mysql@1234';

Run the following command to exit MySQL:
```
exit;
```
Run the following command to configure the security settings of MySQL:
```
sudo mysql_secure_installation
```

Follow the command line instructions to configure the following settings in sequence.

Enter the password of the root user. In this example, the password Mysql@1234 is used.
```
root@iZbp19jsi7s0g7m4zgc****:~# sudo mysql_secure_installation

Securing the MySQL server deployment.

Enter password for user root: 
```
Note
When you enter a password, no command output is returned for data security purposes. You need only to enter the correct password and then press the Enter key.

Enter Y to configure a password strength policy.

VALIDATE PASSWORD COMPONENT can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD component?

Press y|Y for Yes, any other key for No: Y

Set the password strength value as prompted.
In this example, a value of 2 is used.
```
Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 2
```

Enter Y to change the password of the root user.

Change the password for root ? ((Press y|Y for Yes, any other key for No) : Y

Enter the password of the root user.

New password:

Re-enter new password:

Estimated strength of the password: 100

Enter Y to confirm the new password.

Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : Y

Enter Y to delete the autonomous user that comes with MySQL.

By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y

Enter Y to deny remote access by the root user to MySQL.

Normally, root should only be allowed to connect from
'localhost'. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y

Enter Y to remove the test database.

By default, MySQL comes with a database named 'test' that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.


Remove test database and access to it? (Press y|Y for Yes, any other key for No) :

Enter Y to reload privilege tables.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y

If All done! is displayed in the command output, the configuration is complete.

Check whether you can log on to MySQL.

Run the following command to log on to MySQL:
```
sudo mysql -uroot -p
```

At the Enter password: prompt, enter the password that you set for MySQL.

Note

For data security purposes, no output is returned when you enter a password. You need only to enter the correct password and then press the Enter key.

A command output similar to the following one indicates that you are logged on to MySQL.

root@iZbp19jsi7s0g7m4zgc****:~# sudo mysql -uroot -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 15
Server version: 8.0.29-0ubuntu0.20.04.3 (Ubuntu)

Copyright (c) 2000, 2022, Oracle and/or its affiliates.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

Run the following command to exit MySQL:
```
exit;
```

Step 4: Install and configure PHP

Installed PHP.

Run the following command to install PHP:
```
sudo apt -y install php-fpm
```

Run the following command to view the PHP version:

php -v

A command output similar to the following one indicates that PHP is installed:

Ubuntu 22.04

PHP 8.1.2-1ubuntu2.14 (cli) (built: Aug 18 2023 11:41:11) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.2, Copyright (c) Zend Technologies
    with Zend OPcache v8.1.2-1ubuntu2.14, Copyright (c), by Zend Technologies

Ubuntu 20.04

PHP 7.4.3 (cli) (built: Nov 25 2021 23:16:22) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
    with Zend OPcache v7.4.3, Copyright (c), by Zend Technologies

Modify the NGINX configuration file to support PHP.
1. Run the following command to open the NGINX configuration file:
```
sudo vim /etc/nginx/sites-enabled/default
```
2. Press the I key to enter Insert mode to modify the file.
  1. Find the configuration line that starts with index within the server braces and add index.php to the line.
  2. Find location ~ \.php$ {} within the server braces and delete the annotation character (#) from the following configuration lines within the location ~ \.php$ braces:
    Ubuntu 22.04
    location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; }
    Ubuntu 20.04
    location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; }
3. Press the Esc key to exit Insert mode, enter :wq, and then press the Enter key to save and close the file.
4. Run the following command to restart NGINX:
```
sudo systemctl restart nginx.service
```
Configure PHP.
1. Run the following command to create a phpinfo.php file in the NGINX website root directory:
```
sudo vim <Website root directory>/phpinfo.php
```
  <Website root directory> is a variable, which can be viewed in the NGINX configuration file. In this topic, the NGINX configuration file is the default /etc/nginx/sites-enabled/default directory. You can run cat /etc/nginx/sites-enabled/default command to view the file content. A command output similar to the following one indicates that the NGINX website root directory is /var/www/html.
```
sudo vim /var/www/html/phpinfo.php
```
2. Press the I key to enter Insert mode and add the following configuration to the phpinfo.php file.
  The phpinfo() function is used to show all configuration information of PHP.
```
<?php echo phpinfo(); ?>
```
3. Press the Esc key to exit Insert mode, enter :wq, and then press the Enter key to save and close the file.
4. Run the following command to start PHP:
  - Ubuntu 22.04:
```
sudo systemctl start php8.1-fpm
```
  - Ubuntu 20.04:
```
sudo systemctl start php7.4-fpm
```

Step 8: Test the connection to the PHP configuration page

Open a browser on your on-premises Windows computer or another Windows host that can access the Internet.
In the address bar, enter http://<Public IP address of the ECS instance>/phpinfo.php.
An output similar to the following one indicates that the LNMP stack is deployed.
Ubuntu 22.04
Ubuntu 20.04

What to do next

After the LNMP stack is deployed, we recommend that you delete the phpinfo.php test file to prevent data leaks.

sudo rm -rf <Website root directory>/phpinfo.php

In this example, the website root directory /var/www/html is used. Run the following command to delete the test file:

sudo rm -rf /var/www/html/phpinfo.php

References

You can deploy an LNMP stack on an ECS instance that runs Alibaba Cloud Linux 2, Alibaba Cloud Linux 3, CentOS 7, or CentOS 8. For more information, see Manually deploy an LNMP stack on an Alibaba Cloud Linux 2, Alibaba Cloud Linux 3, CentOS 7, or CentOS 8 instance.