Install the LEMP environment for the Nginx server in Ubuntu 16.04 (mariadb,php 7 and Support HTTP 2.0) _linux

Source: Internet
Author: User
Tags file info fpm install php openssl install wordpress http 2 mysql command line nginx ssl

LEMP is abbreviated to represent a set of software packages (l:linux Os,e:nginx network server, M:MYSQL/MARIADB database and p:php service-side dynamic programming language), which is used to build dynamic Web applications and Web pages.

(LCTT: Why use LEMP instead of LNMP abbreviations?) According to Https://'s explanation: Nginx pronunciation is engine-x, important pronunciation rather than initials, and lemp is actually readable, and lnmp looks just the alphabet. )

This tutorial will show you how to install LEMP (Nginx and Mariadb and PHP7) on the Ubuntu 16.04 server.


Install the Ubuntu 16.04 Server version

Step 1: Install the Nginx server

1. Nginx is an advanced, resource-optimized Web server program that is used to present web pages to visitors on the Internet. We start with the installation of the Nginx server and use apt to get the Nginx program from the official Ubuntu software warehouse.

$ sudo apt-get install Nginx

Install Nginx in Ubuntu 16.04
2, then enter the netstat and SYSTEMCTL commands to confirm that the Nginx process has started and is bound to port 80.

$ netstat-tlpn

Check the Nginx network port connection

$ sudo systemctl status Nginx.service

Check Nginx service Status

When you confirm that the service process has started, you can open a browser, use the HTTP protocol to access your server IP address or domain name, browse the Nginx default page.


Step 2: Enable the Nginx http/2.0 protocol

3. Support for the HTTP/2.0 protocol is included by default in the Nginx binaries of the latest release of Ubuntu 16.04, which can only be connected through SSL and guarantee a significant increase in the speed of loading Web pages.

To enable this protocol for Nginx, first locate the Web site configuration file provided by Nginx, and enter the following command to back up the configuration file.

$ cd/etc/nginx/sites-available/
$ sudo mv default Default.backup

Backing up the Nginx Web site configuration file
4. Then, create a new default file with a text editor and enter the following:

server {Listen 443 SSL HTTP2 default_server;
    Listen [::]:443 SSL HTTP2 default_server;
    Index index.html index.htm index.php;
    Location/{Try_files $uri $uri/= 404;
    Ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    Ssl_prefer_server_ciphers on; Ssl_ciphers eecdh+chacha20:eecdh+aes128:rsa+aes128:eecdh+aes256:rsa+aes256:eecdh+3des:rsa+3des:!
    Ssl_session_cache shared:ssl:20m;
    Ssl_session_timeout 180m;
    Add_header strict-transport-security "max-age=31536000;
    #includeSubDomains "always;
        Location ~ \.php$ {include snippets/fastcgi-php.conf;
    Fastcgi_pass Unix:/run/php/php7.0-fpm.sock;
    } location ~/\.ht {deny all;
    } server {Listen 80;
    Listen [::]:80; server_name;
return https://$server _name$request_uri; }

Enable Nginx HTTP 2 protocol
The configuration fragment above adds the HTTP2 parameter to all the SSL listening instructions to enable http/2.0.

The last paragraph added above to the server configuration is used to redirect all non-SSL traffic to the SSL/TLS default host. Then replace the parameters of the server_name option with your host's IP address or DNS record (preferably with the FQDN name).

5, after you follow the above steps to edit the Nginx default profile, use the following commands to generate, view SSL certificate and key.

Complete the production of the certificate with your custom settings, and note that Common Name is set to match your DNS FQDN record or server IP address.

$ sudo mkdir/etc/nginx/ssl
$ sudo openssl req-x509-nodes-days 365-newkey rsa:2048-keyout/etc/nginx/ssl/ Y-OUT/ETC/NGINX/SSL/NGINX.CRT
$ ls/etc/nginx/ssl/

Generate Nginx SSL certificate and key
6, by entering the following command to use a strong DH encryption algorithm, which will modify the previous configuration file Ssl_dhparam configured files.

$ sudo OpenSSL dhparam-out/etc/nginx/ssl/dhparam.pem 2048

Create Diffie-hellman Key
7, when the Diffie-hellman key generation, verify that the Nginx configuration file is correct, can be Nginx Network Service Program application. Then run the following command to reboot the daemon to see what's changed.

$ sudo nginx-t
$ sudo systemctl restart Nginx.service

Check the configuration of the Nginx
8, type the following command to test Nginx using the HTTP/2.0 protocol. Seeing the H2 in the protocol indicates that Nginx has successfully configured the use of the HTTP/2.0 protocol. All the latest browsers can support this protocol by default.

$ OpenSSL s_client-connect Localhost:443-nextprotoneg '

Test Nginx HTTP 2.0 protocol

3rd Step: Install the PHP 7 interpreter

With the assistance of the FastCGI process management program, Nginx is able to generate dynamic network content using the PHP Dynamic language interpreter. FastCGI can be obtained from the installation of the PHP-FPM binary package from the Ubuntu official warehouse.

9, enter the following command in your server console to obtain PHP7.0 and expansion packs, which enables PHP to communicate with the Nginx Network service process.


Install PHP 7 and PHP-FPM
10. When the PHP7.0 interpreter is installed successfully, enter the following command to start or check the PHP7.0-FPM daemon:

$ sudo systemctl start php7.0-fpm
$ sudo systemctl status php7.0-fpm

Open and verify PHP-FPM service
11, the current Nginx configuration file has been configured to use PHP FPM to provide dynamic content.

This partial server configuration gives Nginx the ability to use the PHP interpreter, so there is no need to make any other modifications to the Nginx configuration file.

Location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        Fastcgi_pass unix:/run/php/php7.0-fpm.sock;

The screenshot below is the contents of the Nginx default configuration file. You may need to modify or uncomment the code.

Enable PHP FastCGI
12. To test the Nginx server with PHP-FPM enabled, create a PHP test configuration file info.php with the following command. Then use http://IP_or domain/info.php this URL to view the configuration.

$ sudo su-c ' echo ' <?php phpinfo ();?> "|tee/var/www/html/info.php"

Create PHP Info file

Check the PHP FastCGI information
Check to see if the server declares support for the HTTP/2.0 protocol, navigate to the $_server[' Server_protocol ' in the PHP variable area like this screenshot below.

Check HTTP2.0 protocol Information
13, in order to install other PHP7.0 modules, use the APT search php7.0 command to find the PHP module and then install.

If you want to install WordPress or other CMS, you need to install the following PHP modules, these modules will be useful sooner or later.

$ sudo apt install php7.0-mcrypt php7.0-mbstring

Install the PHP 7 module
14, to register these additional PHP modules, enter the following command to restart the php-fpm daemon.

$ sudo systemctl restart Php7.0-fpm.service

Step 4th: Install the MARIADB database

15, finally, we need to mariadb database to store and manage the site data, only to complete the LEMP.

Run the following command to install the MARIADB database management system and restart the PHP-FPM service to communicate with the database using the MySQL module.

$ sudo apt install mariadb-server mariadb-client php7.0-mysql
$ sudo systemctl restart Php7.0-fpm.service

16. To secure the MARIADB, run the security script from the binary package in the Ubuntu software warehouse, which will ask you to set a root password, remove the anonymous user, disable the root remote login, and remove the test database.

Enter the following command to run the script and confirm all the selections. Refer to the screenshot below.

$ sudo mysql_secure_installation

Secure installation of MARIADB
17, configure MARIADB so that ordinary users can not use the system's sudo permissions to access the database. Open the MySQL command line interface with root privileges, and run the following command:

$ sudo mysql 
mariadb> use MySQL;
mariadb> Update user set plugin= ' where user= ' root ';
mariadb> flush Privileges;
Mariadb> exit

User Rights for MARIADB
Finally, by logging into the MARIADB database by executing the following command, you can execute commands in any database without the need for root permissions:

$ mysql-u root-p-e ' show databases '

View the MARIADB database
All right! Now that you have a LEMP environment configured on an Ubuntu 16.04 server, you can deploy complex dynamic network applications that can interact with the database.


Author: Matei Cezar Translator: gitfuture proofreading: Wxy

This article by LCTT original compilation, Linux China honor launch

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.