There is a new version of this tutorial available for Fedora 32.

How to Install Nginx with PHP and MariaDB (LEMP Stack) on Fedora 31

The LEMP software stack is a group of open-source software that is installed together to enable a server to host websites and apps. It is an acronym for Linux, ENginx server, MySQL (using MariaDB here), and PHP.

In this guide, you will install a LEMP stack on a Fedora 31 based server. We will also install PHPMyAdmin, Redis, and Opcache.

Prerequisites

  • A server running Fedora 31.

  • A non-root sudo user.

  • Make sure everything is updated.

    $ sudo dnf upgrade
    
  • Few packages that your system needs.

    $ sudo dnf install wget curl nano -y
    

    Some of these packages may already be installed on your system.

  • Disable SELinux.

    $ sudo setenforce 0
    

Configure Firewall

The first step is to configure the firewall. Fedora server comes with Firewalld firewall preinstalled.

Check if the firewall is running.

$ sudo firewall-cmd --state

You should get the following output.

running

Set the default zone of the firewall to public.

$ sudo firewall-cmd --set-default-zone=public

Check the current allowed services/ports.

$ sudo firewall-cmd --zone=public --permanent --list-services

It should show the following output.

dhcpv6-client mdns ssh

Allow HTTP and HTTPS ports.

$ sudo firewall-cmd --zone=public --permanent --add-service=http
$ sudo firewall-cmd --zone=public --permanent --add-service=https

Check the status of the firewall again.

$ sudo firewall-cmd --zone=public --permanent --list-services

You should see a similar output.

dhcpv6-client http https mdns ssh

Reload the Firewall.

$ sudo systemctl reload firewalld

Install PHP

Fedora 31 by default ships with PHP 7.3. But we want to install PHP 7.4 for which we need to add the REMI repository.

Install the REMI repository which is the official Fedora repository for installing PHP packages.

$ sudo dnf -y install https://rpms.remirepo.net/fedora/remi-release-31.rpm

Enable the remi and remi-php74 repositories and disable the remi-modular repository. This enables the repository required to install PHP 7.4 packages.

$ sudo dnf config-manager --set-enabled remi
$ sudo dnf config-manager --set-enabled remi-php74
$ sudo dnf config-manager --set-disabled remi-modular

Install PHP 7.4 along with some additional packages.

$ sudo dnf install -y php-cli php-fpm php-mysqlnd

Check if PHP is working correctly.

$ php --version

You should see a similar output.

PHP 7.4.3 (cli) (built: Feb 18 2020 11:53:05) ( NTS )
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies

Install MariaDB

MariaDB is a drop-in replacement for MySQL which means commands to run and operate MariaDB are the same as those for MySQL.

Fedora 31 by default ships with MariaDB 10.3 but we can install the latest 10.4 (available at the time of writing this tutorial) as well. For this we need to add the official MariaDB repository.

Create MariaDB.repo in the /etc/yum.repos.d/ directory.

$ sudo nano /etc/yum.repos.d/MariaDB.repo

Add the following code in it.

# MariaDB 10.4 Fedora repository list
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.4/fedora31-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

Save the file by pressing Ctrl + X and entering Y when prompted.

To install MariaDB issue the following commands

$ sudo dnf install MariaDB-server -y

Notice the command. If you want to install the copy(10.3) in the Fedora repository, you should use sudo dnf install mariadb-server but for the 10.4 version, we are using sudo dnf install MariaDB-server.

Check if MariaDB installed correctly.

$ mysql --version

You should see the following output.

mysql  Ver 15.1 Distrib 10.4.12-MariaDB, for Linux (x86_64) using  EditLine wrapper

Enable and start the MariaDB service.

$ sudo systemctl enable mariadb
$ sudo systemctl start mariadb

Run the following command to perform default configuration such as giving a root password, removing anonymous users, disallowing root login remotely and dropping test tables.

$ sudo mysql_secure_installation

With MariaDB 10.4, you will now be asked between using the root password or unix_socket plugin. The unix_socket plugin allows you to login to MariaDB with your Linux user credentials. It is considered more secure though you will need a traditional username/password to use 3rd party apps like PhpMyAdmin. We will stick to using unix_socket plugin for this tutorial. You can still use PhpMyAdmin via any user you specific user you create for your databases.

Pressing Enter chooses the default option (the one that is capitalized, Y in this case).

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none): [PRESS ENTER]
OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n] [PRESS ENTER]
Enabled successfully!
Reloading privilege tables..
 ... Success!

You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n] [ANSWER n]

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] [PRESS ENTER]
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] [PRESS ENTER]
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] [PRESS ENTER]
 \- Dropping test database...
 ... Success!
 \- Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] [PRESS ENTER]
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

That's it. Next time you want to login to MySQL, use the following command

$ sudo mysql

Enter your root password when prompted.

Install Nginx

Fedora 31 by default ships with Nginx's stable version (1.16.1). If you want to install the mainline version of Nginx, follow our guide of building Nginx from source. Make sure you grab the latest version of Nginx and the dependencies mentioned in the tutorial. The rest of the instructions will remain the same (Change path names accordingly during the ./configure command). For this tutorial, we will stick with the stable version of Nginx.

Install Nginx server.

$ sudo dnf install nginx -y

Check if it is working correctly.

$ nginx -v

You should see the following output.

nginx version: nginx/1.16.1

Start and enable Nginx.

$ sudo systemctl start nginx
$ sudo systemctl enable nginx

Open your server's IP address in a browser to see the following page. It means Nginx is working properly.

Fedora Nginx Test Page

Configure Nginx

Set up directories where the server blocks will live.

$ sudo mkdir /etc/nginx/sites-available
$ sudo mkdir /etc/nginx/sites-enabled

Create the directory where your site will live.

$ sudo mkdir /var/www/example.com/html -p

Using the -p directive creates parent directories that didn't exist before.

Run the following command to add a configuration file for your site.

$ sudo nano /etc/nginx/sites-available/example.com.conf

Paste the following code in the editor.

server {
  listen          *:80;
  server_name     example.com;
  root            /var/www/example.com/html;
  index           index.php index.html;

  location / {
    try_files   $uri $uri/ =404;
  }
    
  access_log /var/log/nginx/example.com.access.log;
  error_log /var/log/nginx/example.com.error.log;

  location ~ \.php$ {
    try_files $uri =404;
    fastcgi_pass  unix:/run/php-fpm/www.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_index index.php;
    include  fastcgi_params;
  }
}

This file assumes that we will be hosting example.com in the directory /var/www/html. If you are not going to use any domain and configuring your server to be accessible just via the IP address/localhost, you will need to remove corresponding server block settings from the nginx.conf file otherwise it will mess with the server block you will create.

Activate this configuration file by linking it to the sites-enabled directory.

$ sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/

Open the /etc/nginx/nginx.conf file for editing.

$ sudo nano /etc/nginx/nginx.conf	

Paste the following lines after the line include /etc/nginx/conf.d/*.conf

include /etc/nginx/sites-enabled/*.conf;
server_names_hash_bucket_size 64;

Change the value of types_hash_max_size from 2048 to 4096.

types_hash_max_size 4096;

Press Ctrl + X to close the editor and press Y when prompted to save the file. Test the Nginx configuration.

$ sudo nginx -t

You should see the following output indicating your configuration is correct.

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Reload the Nginx service.

$ sudo systemctl reload nginx

Configure PHP-FPM

Open the file /etc/php-fpm.d/www.conf.

$ sudo nano /etc/php-fpm.d/www.conf

We need to set the Unix user/group of PHP processes to nginx. Find the user=apache and group=apache lines in the file and change them to nginx.

...
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
; RPM: apache user chosen to provide access to the same directories as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx
...

Also, set ownership permissions for unix socket to nginx and remove the ; in front of them.

listen.owner = nginx
listen.group = nginx

Save the file by pressing Ctrl + X and entering Y when prompted.

Restart the PHP-fpm process.

$ sudo systemctl restart php-fpm

To test your PHP setup, create a file test.php in the html folder.

$ sudo nano /var/www/example.com/html/test.php

Add the following content to it and save the file by pressing Ctrl + X and entering Y when prompted.

<?php phpinfo();

Launch http://<yourserverip>/test.php in your web browser and you should see the following.

PHP Info page

Conclusion

That's all for this tutorial. Your LEMP Setup is complete and you can start making and hosting your websites and applications.

Share this page:

0 Comment(s)