How To Install Linux, Nginx, Mariadb 10.x, PHP (LEMP) stack On RHEL/CentOS 8

por | 12 noviembre, 2021

dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

  • on RHEL 8 it is required to also enable the codeready-builder-for-rhel-8-*-rpms repository since EPEL packages may depend on packages from it:

subscription-manager repos --enable "codeready-builder-for-rhel-8-$(arch)-rpms"

sudo dnf install nginx
sudo systemctl enable nginx
sudo systemctl start nginx

Installing MariaDB Server 10.4

o deploy MariaDB Community Server 10.4 on RHEL 8 or CentOS 8, first download and use the mariadb_repo_setup script to configure the MariaDB repositories for YUM:

$ sudo dnf install wget
$ wget https://downloads.mariadb.com/MariaDB/mariadb_repo_setup
$ chmod +x mariadb_repo_setup
$ sudo ./mariadb_repo_setup

To install MariaDB Community Server and dependencies:

$ sudo dnf install MariaDB-server

Configuring and Securing MariaDB Server

Start the systemd service for MariaDB Server 5.5 or 10.4 using systemctl:

$ sudo systemctl enable mariadb.service

$ sudo systemctl start mariadb.service

Specific security practices should always follow any business-specific requirements and governance. Some basic steps should be taken to help harden the MariaDB Community Server 5.5 or 10.4 deployment:

$ sudo mariadb-secure-installation

Installing PHP

To install the Remi repository for RHEL/CentOS 8, run:

dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
dnf install yum-utils

dnf module reset php
dnf module install php:remi-8.0

dnf install curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel

dnf install php php-mysqlnd php-fpm

dnf install php-{cli,devel,gd,ldap,mysql,odbc,mcrypt,snmp,soap,pspell,tidy,xmlrpc,imagick,pear,cgi,common,curl,mbstring,gd,gettext,bcmath,json,xml,intl,zip,imap}
 php -v
PHP 8.0.12 (cli) (built: Oct 19 2021 10:34:32) ( NTS gcc x86_64 )
Copyright (c) The PHP Group
Zend Engine v4.0.12, Copyright (c) Zend Technologies

we need to make a few adjustments to the default configuration

sudo vi /etc/php-fpm.d/www.conf

/etc/php-fpm.d/www.conf

…
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
; RPM: apache user chosen to provide access to the same directories as httpd
user = apache
; RPM: Keep a group allowed to write in log dir.
group = apache
…

You’ll notice that both the user and group variables are set to apache. We need to change these to nginx:/etc/php-fpm.d/www.conf

…
; RPM: apache user chosen to provide access to the same directories as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
…

Next, locate the listen directive. By default, php-fpm will listen on a specific host and port over TCP. We want to change this setting so it listens on a local socket file, since this improves the overall performance of the server.
Change the line containing the listen directive to the following:/etc/php-fpm.d/www.conf

listen = /var/run/php-fpm/php-fpm.sock;

Finally, we’ll need to change the owner and group settings for the socket file we just defined within the listen directive. Locate the listen.ownerlisten.group and listen.mode directives. These lines are commented out by default. Uncomment them by removing the preceding ; sign at the beginning of the line. Then, change the owner and group to nginx:/etc/php-fpm.d/www.conf

listen.owner = nginx
listen.group = nginx
listen.mode = 0660

Save and close the file when you’re done editing. If you are using nano, do so by pressing CTRL + X, then Y and ENTER.

To enable and start the php-fpm service, run:



sudo systemctl enable php-fpm



sudo systemctl start php-fpm

Change the owner of the directory /var/lib/php/session to nginx

chown nginx:nginx /var/lib/php/session

hange the owner of the directory to nginx

Configuring Nginx to Process PHP Pages

 mkdir /etc/nginx/sites-available
 mkdir /etc/nginx/sites-enabled

we need to make a few adjustments to the default configuration

vi /etc/nginx/nginx.conf

Now look for :

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

Add the following line:

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*.conf;

change directory

cd /etc/nginx/sites-available

Copy the following PHP server definition block to your configuration file, and don’t forget to replace the server_name directive so that it points to your server’s domain name or IP address:/etc/nginx/sites-avaible/00default.conf

server {
    listen       80;
    server_name  server_domain_or_IP;

    root   /usr/share/nginx/html;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }
    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;

    location = /50x.html {
        root /usr/share/nginx/html;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

Enabling your Server Blocks and Restart Nginx

sudo ln -s /etc/nginx/sites-available/00default.conf /etc/nginx/sites-enabled/00default.conf

Test configuration and restart Nginx to apply the changes:

 nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

sudo systemctl restart nginx

Your web server is now fully set up. In the next step, we’ll test the PHP integration to Nginx.

Step 5 — Testing PHP Processing on your Web Server

Now that your web server is set up, we can create a test PHP script to make sure Nginx is correctly handling .php scripts with the help of php-fpm.

Before creating our script, we’ll make a change to the default ownership settings on Nginx’s document root, so that our regular sudo user is able to create files in that location.

The following command will change the ownership of the default Nginx document root to a user and group called sammy, so be sure to replace the highlighted username and group in this command to reflect your system’s username and group.

sudo chown -R sammy.sammy /usr/share/nginx/html/

 Copy

We’ll now create a test PHP page to make sure the web server works as expected.

Create a new PHP file called info.php at the /usr/share/nginx/html directory:

nano /usr/share/nginx/html/info.php

 Copy

The following PHP code will display information about the current PHP environment running on the server:/usr/share/nginx/html/info.php

<?php

phpinfo();

 Copy

When you are finished, save and close the file.

Now we can test whether our web server can correctly display content generated by a PHP script. Go to your browser and access your server hostname or IP address, followed by /info.php:

http://server_host_or_IP/info.php

To set file permissions for the Apache web server

  1. Add the ec2-user user to the apache group.sudo usermod -a -G apache ec2-user
  2. Log out to refresh your permissions and include the new apache group.exit
  3. Log back in again and verify that the apache group exists with the groups command.groupsYour output looks similar to the following:ec2-user adm wheel apache systemd-journal
  4. Change the group ownership of the /var/www directory and its contents to the apache group.sudo chown -R ec2-user:apache /var/www
  5. Change the directory permissions of /var/www and its subdirectories to add group write permissions and set the group ID on subdirectories created in the future.

    sudo chmod 2775 /var/www

    find /var/www -type d -exec sudo chmod 2775 {} \;
  6. Recursively change the permissions for files in the /var/www directory and its subdirectories to add group write permissions.


    find /var/www -type f -exec sudo chmod 0664 {} \;

Now, ec2-user (and any future members of the apache group) can add, delete, and edit files in the Apache document root, enabling you to add content, such as a static website or a PHP application.