Setup Secure Web Server Using Ubuntu 18.04, NGINX, PHP7.4, MySQL | Install LEMP In 12 Minutes

0
Install LEMP on Ubuntu 18.04 | PHP7.4 | TechTurismo

What is LEMP?

The LEMP software stack is a group of software that can be used to serve dynamic web pages and web applications. This is an acronym that describes a Linux operating system, with an Nginx (pronounced like “Engine-X”) web server. The backend data is stored in the MySQL database and the dynamic processing is handled by PHP.

This guide demonstrates how to install a LEMP stack on an Ubuntu 18.04 server with PHP 7.4. The Ubuntu operating system takes care of the first requirement. We will describe how to get the rest of the components up and running.

This installation is tested on Digital Ocean and Linode. If you are setting up the Server for the first time then don’t forget the get the free referral credits by following my referral links.

Click Here to get $10 free referral credits from DigitalOcean.

Step 1 – Setting Up a Basic Firewall

Execute the following command to enable and add the firewall UFW to start automatically during system boot-up.

ufw allow ssh
ufw allow http
ufw logging off
ufw enable

 

Step 2 –Installing MySQL to Manage Site Data on Ubuntu 18.04

Now that you have a web server, you need to install MySQL (a database management system) to store and manage the data for your site.

Install MySQL by typing:

sudo apt install mysql-server

The MySQL database software is now installed, but its configuration is not yet complete.

To secure the installation, MySQL comes with a script that will ask whether we want to modify some insecure defaults. Initiate the script by typing:

This script will ask if you want to configure the

VALIDATE PASSWORD PLUGIN

Warning: Enabling this feature is something of a judgment call. If enabled, passwords which don’t match the specified criteria will be rejected by MySQL with an error. This will cause issues if you use a weak password in conjunction with software which automatically configures MySQL user credentials, such as the Ubuntu packages for phpMyAdmin. It is safe to leave validation disabled, but you should always use strong, unique passwords for database credentials.

Answer

Y

for yes, or anything else to continue without enabling.

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No:

 

If you’ve enabled validation, the script will also ask you to select a level of password validation. Keep in mind that if you enter 2 – for the strongest level – you will receive errors when attempting to set any password which does not contain numbers, upper and lowercase letters, and special characters, or which is based on common dictionary words.

Next, you’ll be asked to submit and confirm a root password:

Please set the password for root here.

New password:

Re-enter new password:

 

For the rest of the questions, you should press

Y

and hit the

ENTER

key at each prompt. This will remove some anonymous users and the test database, disable remote root logins, and load these new rules so that MySQL immediately respects the changes we have made.

Note that in Ubuntu systems running MySQL 5.7 (and later versions), the root MySQL user is set to authenticate using the auth_socket plugin by default rather than with a password. This allows for some greater security and usability in many cases, but it can also complicate things when you need to allow an external program (e.g., phpMyAdmin) to access the user.

If using the auth_socket plugin to access MySQL fits with your workflow, you can proceed to Step 3. If, however, you prefer to use a password when connecting to MySQL as root, you will need to switch its authentication method from auth_socket to mysql_native_password.

To do this, open up the MySQL prompt from your terminal:

sudo mysql

Next, check which authentication method each of your MySQL user accounts use with the following command:

SELECT user,authentication_string,plugin,host FROM mysql.user;

Output

+------------------+-------------------------------------------+-----------------------+-----------+
| user             | authentication_string                     | plugin                | host      |
+------------------+-------------------------------------------+-----------------------+-----------+
| root             |                                           | auth_socket           | localhost |
| mysql.session    | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| mysql.sys        | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| debian-sys-maint | *CC744277A401A7D25BE1CA89AFF17BF607F876FF | mysql_native_password | localhost |
+------------------+-------------------------------------------+-----------------------+-----------+
4 rows in set (0.00 sec)

 

In this example, you can see that the root user does in fact authenticate using the auth_socket plugin. To configure the root account to authenticate with a password, run the following ALTER USER command. Be sure to change password to a strong password of your choosing:

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';

Then, run FLUSH PRIVILEGES which tells the server to reload the grant tables and put your new changes into effect:

FLUSH PRIVILEGES;

Check the authentication methods employed by each of your users again to confirm that root no longer authenticates using the auth_socket plugin:

SELECT user,authentication_string,plugin,host FROM mysql.user;

Output

+------------------+-------------------------------------------+-----------------------+-----------+
| user             | authentication_string                     | plugin                | host      |
+------------------+-------------------------------------------+-----------------------+-----------+
| root             | *3636DACC8616D997782ADD0839F92C1571D6D78F | mysql_native_password | localhost |
| mysql.session    | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| mysql.sys        | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| debian-sys-maint | *CC744277A401A7D25BE1CA89AFF17BF607F876FF | mysql_native_password | localhost |
+------------------+-------------------------------------------+-----------------------+-----------+
4 rows in set (0.00 sec)

You can see in this example output that the root MySQL user now authenticates using a password. Once you confirm this on your own server, you can exit the MySQL shell:

exit

At this point, your database system is now set up and you can move on to installing PHP.

Step 3 – Installing PHP 7.4 on Ubuntu 18.04

Install PHP 7.4 on Ubuntu 18.04. This guide let you learn how install the latest PHP version 7.4 on your Ubuntu system or your Ubuntu server on any VPS or any Cloud or any Dedicated hosting and configure it with Nginx.

The latest PHP 7.4 version is officially released on November 28th, 2019. It comes with a number of new features and a few incompatibilities that you should be aware of before upgrading from the previous version.

Getting started

Make sure your Ubuntu server is having the latest packages by running the following command.

sudo apt update
sudo apt upgrade

This will update the package index and update the installed packages to the latest version.

Add PPA for PHP 7.4

Add the

ondrej/php

which has PHP 7.4 package and other required PHP extensions.

sudo apt install software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt update

Once you have added the PPA you can install PHP 7.4.

Install PHP 7.4 FPM for Nginx

For Nginx you need to install FPM, execute the following command to install PHP 7.4 FPM

sudo apt install php7.4-fpm

After the installation has completed, confirm that PHP 7.4 FPM has installed correctly with this command

php-fpm7.4 -v

Install PHP 7.4 Extensions

Installing PHP extensions are simple with the following syntax.

sudo apt install php7.4-extension_name

Now, install some commonly used

php-extensions

with the following command.

sudo apt install php7.4-common php7.4-mysql php7.4-xml php7.4-xmlrpc php7.4-curl php7.4-gd php7.4-imagick php7.4-cli php7.4-dev php7.4-imap php7.4-mbstring php7.4-opcache php7.4-soap php7.4-zip php7.4-intl -y

Configure PHP 7.4

Now we configure PHP for Web Applications by changing some values in php.ini file.

For PHP 7.4 FPM with Nginx the php.ini location will be in following directory.

sudo nano /etc/php/7.4/fpm/php.ini

Hit

F6

for search inside the editor and update the following values for better performance.

upload_max_filesize = 32M 
post_max_size = 48M 
memory_limit = 256M 
max_execution_time = 600 
max_input_vars = 3000 
max_input_time = 1000

Once you have modified your PHP settings

Hit

CTRL + X

and

Y

to save the configuration. You can skip this step by uploading the pre-modified php.ini file and replacing it on your server. Download the files here.

Configure PHP 7.4 FPM Pools

PHP 7.4 FPM allows you to configure the user and group, that the service will run under. You can modify these with these commands

sudo nano /etc/php/7.4/fpm/pool.d/www.conf

 

Change the following lines by replacing the www-data with nginx

user = nginx
group = nginx
listen.owner = nginx
listen.group = nginx

Hit

CTRL + X

and

Y

to save the configuration. You can skip this step by uploading the pre-modified www.conf file and replacing it on your server. Download the files here.

Restart PHP 7.4 FPM

Once you have updated your PHP FPM settings you need to restart it to apply the changes.

sudo php-fpm7.4 -t 
sudo service php7.4-fpm restart

Now you are having PHP 7.4 Installed and configured.

Note: Here, the php service restart will throw an error and might fail to restart. Don’t worry, this is because the service can’t find the username nginx. This will be solved when NGINX is installed in the next step.

Step 4 – Installing the NGINX Web Server on Ubuntu 18.04

In order to display web pages to our site visitors, we are going to deploy Nginx, a modern, efficient web server.

NGINX is included in the Ubuntu software repository but the version you get from Ubuntu software repository may not be the latest version, so let’s download and configure it from the Official NGINX repository.

Add the official NGINX repository in the Ubuntu’s source list.

Open source list by executing the following command

sudo nano /etc/apt/sources.list

Use the CTRL+W then CTRL+V to jump to the end of the source list

Add the following two line at the end of the code.

deb http://nginx.org/packages/mainline/ubuntu/ xenial nginx
deb-src http://nginx.org/packages/mainline/ubuntu/ xenial nginx

Hit

CTRL + X

and

Y

to save the configuration and check if the configuration is correct and restart PHP.

 

Execute the following command to import NGINX public key.

wget http://nginx.org/keys/nginx_signing.key
sudo apt-key add nginx_signing.key

You are good to go with the installation of NGINX from the official repository, run the below commands.

sudo apt update
sudo apt install nginx

 

Type and enter Y or yes to confirm the installation.

After the successful installation of NGINX, open FileZilla and navigate to

/etc/nginx/conf.d/

directory.

Upload “default.conf” and “drop” to the /etc/nginx/conf.d/ directory. Overwrite the file if asks!. Download the files here.

Create www directory and give it proper permission and ownership.
Run these commands one by one.

mkdir -p /var/www/
chown nginx:nginx /var/www/

 

Now you need to restart NGINX server and PHP, to do so run this two command one by one.

service nginx restart
sudo service php7.4-fpm restart

Conclusion

A LEMP stack is a powerful platform that will allow you to set up and serve nearly any website or application from your server.

There are a number of next steps you could take from here. For example, you should ensure that connections to your server are secured.

If you have executed all the steps as mentioned in the tutorial then your server should be ready and you can start hosting websites on it. Click Here to get $10 free referral credits from DigitalOcean. In case you are getting any error or you have any query about the article, feel free to leave a comment below in the comment section.

If you don’t want to mess with your server on your own and you want to get it done by an expert then just drop an email to [email protected].

Sources: TechinfoBit, Digital Ocean, Cloudbooklet