How to Install & Configure LEMP (Linux, Nginx, MariaDB, PHP-FPM) on CentOS 7

by · May 12, 2015

LEMP is an archetypal model of web service solution stacks, named as an acronym of the names of its original four components: the Linux operating system, the Nginx HTTP Server, the MySQL/MariaDB relational database management system (RDBMS), and the PHP programming language.

This is how to install and configure LEMP (Linux, Nginx, MariaDB and PHP-FPM) on CentOS 7. Please follow this tutorial with your own risk!

UPDATE YOUR CENTOS

yum update

INSTALL VIM AND ENABLE EPEL
Install the vim editor if it’s not already installed on the system and enable the EPEL repository by running:

if ! type -path "vim" > /dev/null 2>&1; then yum install vim -y; fi
yum install epel-release

INSTALL MARIADB DATABASE SERVER
MariaDB is an enhanced, drop-in replacement for MySQL. It is the default database server in CentOS 7 / RedHat and can be installed on the virtual server using yum.

yum install mariadb mariadb-server

once MariaDB is installed, restart it using systemctl

systemctl restart mariadb
systemctl status mariadb

next, it is recommended to run MySQL/MariaDB post installation script mysql_secure_installation as in:

mysql_secure_installation

Enter current password for root (enter for none):
Set root password? [Y/n] y
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

finally, edit /etc/my.cnf.d/server.cnf and add bind-address = 127.0.0.1 within the [mysqld] block:

vim +/^[mysqld /etc/my.cnf.d/server.cnf

[mysqld]
bind-address = 127.0.0.1
restart the database server using systemctl for the changes to take effect:

systemctl restart mariadb
systemctl status mariadb

verify MariaDB is listening on localhost only:

ss -tnlp | grep 3306
LISTEN 0 0 127.0.0.1:3306 *:* users:(("mysqld",1159,14))

INSTALL NGINX HTTP SERVER
Nginx is an open source reverse proxy server for HTTP, HTTPS, SMTP, POP3, and IMAP protocols, as well as a load balancer, HTTP cache, and a web server (origin server). It is event-based driven and asynchronous which means it uses less resources and can handle much more load and concurrent requests.

Anyway, it can be installed on the virtual server using yum:

yum install nginx

change to /etc/nginx directory and backup your original Nginx configuration file

cd /etc/nginx
cp nginx.conf{,.bak}

Now edit /etc/nginx.conf and make sure it looks like the following:

vim nginx.conf

 user nginx; worker_processes 2; error_log /var/log/nginx/error.log; #error_log /var/log/nginx/error.log notice; #error_log /var/log/nginx/error.log info; pid /run/nginx.pid; events { worker_connections 1024; use epoll; } # set open fd limit to 30000 worker_rlimit_nofile 30000; http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; #access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 30; server_tokens off; connection_pool_size 256; client_header_buffer_size 1k; large_client_header_buffers 4 2k; request_pool_size 4k; output_buffers 1 32k; postpone_output 1460; types_hash_max_size 2048; server_names_hash_bucket_size 64; gzip on; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; gzip_http_version 1.1; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js; add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; # include vhosts from sites-enabled/ include /etc/nginx/sites-enabled var WPGroHo = {"my_hash":""};