How to install Nginx with Fedora 31 using PHP and MariaDB (LEMP Stack)
The LEMP software stack is a set of open source software that is installed together to enable servers to host websites and applications. Acronym large inux, Ë Nginx server, M ySQL (MariaDB is used here), and P life value.
In this guide, you will install the LEMP stack on a Fedora 31-based server. We will also install PHPMyAdmin, Redis and Opcache.
prerequisites
-
A server running Fedora 31.
-
Non-root user sudo user.
-
Make sure everything is updated.
$ sudo dnf upgrade -
The system requires very few software packages.
$ sudo dnf install wget curl nano -ySome of these packages may already be installed on your system.
-
Disable SELinux.
$ sudo setenforce 0
Configure firewall
The first step is to configure the firewall. Fedora servers are pre-installed with a Firewalld firewall.
Check if the firewall is running.
$ sudo firewall-cmd --state
You should get the following output.
running
Set the firewall’s default locale to public.
$ sudo firewall-cmd --set-default-zone=public
Check currently allowed services / ports.
$ sudo firewall-cmd --zone=public --permanent --list-services
It should show the following output.
dhcpv6-client mdns ssh
Allow HTTP and HTTPS ports.
$ sudo firewall-cmd --zone=public --permanent --add-service=http
$ sudo firewall-cmd --zone=public --permanent --add-service=https
Check the status of the firewall again.
$ sudo firewall-cmd --zone=public --permanent --list-services
You should see similar output.
dhcpv6-client http https mdns ssh
Reload the firewall.
$ sudo systemctl reload firewalld
Install PHP
Fedora 31 comes with PHP 7.3 by default. But we are installing PHP 7.4, and for this we need to add a REMI repository.
Install the REMI repository, which is the official Fedora repository for installing PHP packages.
$ sudo dnf -y install https://rpms.remirepo.net/fedora/remi-release-31.rpm
Enable remi with remi-php74 Repository and disabled remi-modular database. This will enable the repositories required to install the PHP 7.4 package.
$ sudo dnf config-manager --set-enabled remi
$ sudo dnf config-manager --set-enabled remi-php74
$ sudo dnf config-manager --set-disabled remi-modular
Install PHP 7.4 and some other packages.
$ sudo dnf install -y php-cli php-fpm php-mysqlnd
Check if PHP is working properly.
$ php --version
You should see similar output.
PHP 7.4.3 (cli) (built: Feb 18 2020 11:53:05) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
Install MariaDB
MariaDB is a direct replacement for MySQL, which means that the commands to run and operate MariaDB are the same as those for MySQL.
Fedora 31 comes with MariaDB 10.3 by default, but we can also install the latest 10.4 (available at the time of writing this tutorial). To do this, we need to add the official MariaDB repository.
Create MariaDB.repo inside /etc/yum.repos.d/ table of Contents.
$ sudo nano /etc/yum.repos.d/MariaDB.repo
Add the following code in it.
# MariaDB 10.4 Fedora repository list
# https://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = https://yum.mariadb.org/10.4/fedora31-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
Save the file by pressing Ctrl + X Then enter ÿ When prompted.
To install MariaDB, issue the following command
$ sudo dnf install MariaDB-server -y
Note the command. If you want to install copy (10.3) in a Fedora repository, you should use sudo dnf install mariadb-server But for version 10.4, we are using sudo dnf install MariaDB-server .
Check if MariaDB is installed correctly.
$ mysql --version
You should see the following output.
mysql Ver 15.1 Distrib 10.4.12-MariaDB, for Linux (x86_64) using EditLine wrapper
Enable and start the MariaDB service.
$ sudo systemctl enable mariadb
$ sudo systemctl start mariadb
Run the following commands to perform the default configuration, such as providing the root password, deleting anonymous users, disabling remote root logins, and deleting the test table.
$ sudo mysql_secure_installation
With MariaDB 10.4, you will now be asked if you want to use the root password or the unix_socket plugin. With the unix_socket plugin, you can log in to MariaDB with your Linux user credentials. Although you will need a traditional username / password to use third-party applications (such as PhpMyAdmin), it is still considered more secure. In this tutorial, we will stick to the unix_socket plugin. You can still use PhpMyAdmin with specific users created for the database.
Press Enter to select the default option (uppercase, Y in this case).
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
Enter current password for root (enter for none): [PRESS ENTER]
OK, successfully used password, moving on...
Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.
You already have your root account protected, so you can safely answer 'n'.
Switch to unix_socket authentication [Y/n] [PRESS ENTER]
Enabled successfully!
Reloading privilege tables..
... Success!
You already have your root account protected, so you can safely answer 'n'.
Change the root password? [Y/n] [ANSWER n]
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] [PRESS ENTER]
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] [PRESS ENTER]
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] [PRESS ENTER]
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] [PRESS ENTER]
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
That’s it. Next time you want to log into MySQL, use the following command
$ sudo mysql
Enter your root password when prompted.
Install Nginx
Fedora 31 comes with a stable version of Nginx (1.16.1) by default. If you want to install the mainline version of Nginx, follow our guide on building Nginx from source code. Make sure you get the latest version of Nginx and the dependencies mentioned in this tutorial. The remaining instructions will remain the same (in ./configure command). For this tutorial, we will stick to the stable version of Nginx.
Install Nginx server.
$ sudo dnf install nginx -y
Check if it works.
$ nginx -v
You should see the following output.
nginx version: nginx/1.16.1
Start and enable Nginx.
$ sudo systemctl start nginx
$ sudo systemctl enable nginx
Open the server’s IP address in a browser to see the next page. This means that Nginx works properly.
Configure Nginx
Sets the directory where the server block is located.
$ sudo mkdir /etc/nginx/sites-available
$ sudo mkdir /etc/nginx/sites-enabled
Create the directory where your website is located.
$ sudo mkdir /var/www/googlesyndication.com/html -p
Use -p The instruction creates a parent directory that did not previously exist.
Run the following command to add a profile for your site.
$ sudo nano /etc/nginx/sites-available/googlesyndication.com.conf
Paste the following code into the editor.
server {
listen *:80;
server_name googlesyndication.com;
root /var/www/googlesyndication.com/html;
index index.php index.html;
location / {
try_files $uri $uri/ =404;
}
access_log /var/log/nginx/googlesyndication.com.access.log;
error_log /var/log/nginx/googlesyndication.com.error.log;
location ~ .php$ {
try_files $uri =404;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_index index.php;
include fastcgi_params;
}
}
The file assumes we will host googlesyndication.com In the directory /var/www/html . If you do not plan to use any domains and configure the server to be accessible only by IP address / localhost, you need to delete the corresponding server block settings from the server. nginx.conf File, otherwise it will be confused with the server block you will create.
By linking it to sites-enabled table of Contents.
$ sudo ln -s /etc/nginx/sites-available/googlesyndication.com.conf /etc/nginx/sites-enabled/
turn on /etc/nginx/nginx.conf File for editing.
$ sudo nano /etc/nginx/nginx.conf
Paste the following line after the line include /etc/nginx/conf.d/*.conf
include /etc/nginx/sites-enabled/*.conf;
server_names_hash_bucket_size 64;
Change value types_hash_max_size From 2048 to 4096.
types_hash_max_size 4096;
Press Ctrl + X Close the editor and press ÿ When you are prompted to save the file. Test Nginx configuration.
$ sudo nginx -t
You should see the following output, indicating that your configuration is correct.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Reload the Nginx service.
$ sudo systemctl reload nginx
Configure PHP-FPM
Open file /etc/php-fpm.d/www.conf .
$ sudo nano /etc/php-fpm.d/www.conf
We need to set the Unix user / PHP process group to Nginx . Find out user=apache with group=apache Line in the file and change it to nginx.
...
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
; RPM: apache user chosen to provide access to the same directories as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
...
Also, set the ownership of the unix socket to nginx and delete ; In front of them.
listen.owner = nginx
listen.group = nginx
Save the file by pressing Ctrl + X Then enter ÿ When prompted.
Restart the PHP-fpm process.
$ sudo systemctl restart php-fpm
To test your PHP setup, create a file test.php inside html folder.
$ sudo nano /var/www/googlesyndication.com/html/test.php
Add the following to it and press to save the file Ctrl + X Then enter ÿ When prompted.
Launch https://
In your web browser, you should see the following.
in conclusion
That's all for this tutorial. Your LEMP setup is complete and you can start making and hosting your website and applications.
