Amazon Linux AMI Install Linux, nginx, MySQL, PHP (LEMP)

ADVERTISEMENTS



Amazon Linux AMI LEMP stack installation

How do I install Linux, nginx, MySQL, PHP (LEMP) stack on Amazon Linux AMI running on AWS?LEMP is an acronym for Linux, nginx, MySQL, and PHP. This page explains how to set up PHP 7.3, MySQL database server, and nginx stack on Amazon Linux AMI running on EC2 or Lightsail to run dynamic web apps.

The procedure is as follows:

Update Amazon Linux AMI, run sudo yum update Install Nginx, execute: sudo yum install nginx Let us install MySQL database server, execute: sudo yum install mysql57-server Set up PHP version 7.3, execute: Open port 80 using iptables firewall Test your LEMP stack running on Amazon AMI Linux

Let us see all steps and examples in details.

1. Update your Amazon Linux AMI system

Check for the updates using the yum command and apply security updates on Amazon Linux AMI:

yum check-update

sudo yum update -y



Reboot the Linux system powered by Amazon Linux AMI if kernel update was installed:

sudo reboot

2. Install Nginx web server

Nginx is a web server and a reverse proxy server for HTTP/HTTPS and more. It is part of LEAP stack. Simply type the following yum command to install it on Amazon Linux AMI:

sudo yum search nginx

sudo yum info nginx

sudo yum install nginx



As usual, nginx web server does not start on Amazon Linux AMI. To start nginx server running, execute the following service command:

sudo service nginx start

Enable service at boot time using the chkconfig command sudo chkconfig nginx on

Verify that nginx service is running with help of pgrep command/ss command/netstat command commands:

sudo service nginx status

pgrep nginx

ss -tlpn | grep :80



Open port TCP port 80

Edit the file:

sudo vi /etc/sysconfig/iptables

Append the following line to open TCP port 80 before final DROP rule:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

Save and close the file. Restart the firewall:

sudo service iptables restart

See “Set Up a Basic Iptables Firewall on Amazon Linux AMI” for more info about IPv4 and IPv6 firewall.

Test it

Fire a web browser and type your public IPv4 address such as:

http://1.2.3.4/

http://your-domain-mapped-to-public-ip-com/

http://202.1.2.3/



3. Install MySQL database server

The first step is to search for MySQL DB version, run:

yum list mysql*-server

Sample outputs:

Loaded plugins: priorities, update-motd, upgrade-helper Available Packages mysql-server.noarch 5.5 - 1.6 .amzn1 amzn-main mysql51-server.x86_64 5.1.73- 8.72 .amzn1 amzn-main mysql55-server.x86_64 5.5.62- 1.23 .amzn1 amzn-updates mysql56-server.x86_64 5.6.45- 1.34 .amzn1 amzn-updates mysql57-server.x86_64 5.7.27- 1.13 .amzn1 amzn-updates Loaded plugins: priorities, update-motd, upgrade-helper Available Packages mysql-server.noarch 5.5-1.6.amzn1 amzn-main mysql51-server.x86_64 5.1.73-8.72.amzn1 amzn-main mysql55-server.x86_64 5.5.62-1.23.amzn1 amzn-updates mysql56-server.x86_64 5.6.45-1.34.amzn1 amzn-updates mysql57-server.x86_64 5.7.27-1.13.amzn1 amzn-updates

Now you know all about MySQL version, let us install MySQL DB version 5.7.x on Amazon Linux AMI to store data on our LEMP stack:

sudo yum info mysql57-server

sudo yum install mysql57-server



Enable MySQL service

sudo chkconfig mysqld on

Start MySQL service

sudo service mysqld start

Make sure server is running, run:

sudo service mysqld status



Secure MySQL server

Next run the following command to improve the security of your MySQL installation in the following ways:

Set a password for root accounts.

Remove root accounts that are accessible from outside the local host.

Delete anonymous-user accounts.

Erase the test database (which by default can be accessed by all users, even anonymous users), and privileges that permit anyone to access databases with names that start with test_.

sudo /usr/bin/mysql_secure_installation

Sample session:

New password: Re-enter new password: Estimated strength of the password: 100 Do you wish to continue with the password provided? ( Press y|Y for Yes, any other key for No ) : Y By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? ( Press y|Y for Yes, any other key for No ) : Y Success. Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? ( Press y|Y for Yes, any other key for No ) : Y Success. By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? ( Press y|Y for Yes, any other key for No ) : Y - Dropping test database... Success. - Removing privileges on test database... Success. Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? ( Press y|Y for Yes, any other key for No ) : Y Success. All done! New password: Re-enter new password: Estimated strength of the password: 100 Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : Y By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y Success. Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y Success. By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y - Dropping test database... Success. - Removing privileges on test database... Success. Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y Success. All done!

4. Install PHP 7.3

Now that we have Nginx and MySQL installed, it is time to install PHP. Again, list PHP versions, run:

yum list php*-fpm

Sample outputs:

Loaded plugins: priorities, update-motd, upgrade-helper Available Packages php-fpm.x86_64 5.3.29- 1.8 .amzn1 amzn-main php54-fpm.x86_64 5.4.45- 1.75 .amzn1 amzn-main php55-fpm.x86_64 5.5.38- 2.119 .amzn1 amzn-main php56-fpm.x86_64 5.6.40- 1.142 .amzn1 amzn-updates php70-fpm.x86_64 7.0.33- 1.32 .amzn1 amzn-updates php71-fpm.x86_64 7.1.32- 1.42 .amzn1 amzn-updates php72-fpm.x86_64 7.2.22- 1.16 .amzn1 amzn-updates php73-fpm.x86_64 7.3.9- 1.19 .amzn1 amzn-updates Loaded plugins: priorities, update-motd, upgrade-helper Available Packages php-fpm.x86_64 5.3.29-1.8.amzn1 amzn-main php54-fpm.x86_64 5.4.45-1.75.amzn1 amzn-main php55-fpm.x86_64 5.5.38-2.119.amzn1 amzn-main php56-fpm.x86_64 5.6.40-1.142.amzn1 amzn-updates php70-fpm.x86_64 7.0.33-1.32.amzn1 amzn-updates php71-fpm.x86_64 7.1.32-1.42.amzn1 amzn-updates php72-fpm.x86_64 7.2.22-1.16.amzn1 amzn-updates php73-fpm.x86_64 7.3.9-1.19.amzn1 amzn-updates

PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites. It is recommend that you use php73-fpm with Nginx, run:

sudo yum install php73-fpm



Installing additional PHP modules

php73-gd – A module for PHP applications for using the gd graphics library.

php73-mysqlnd – A module for PHP applications that use MySQL databases.

php73-opcache – The Zend OPcache provides faster PHP execution through opcode caching and optimization. It improves PHP performance by storing precompiled script bytecode in the shared memory.

php73-pdo – The php-pdo package contains a dynamic shared object that will add database access abstraction layer to PHP. This module provides a common interface for accessing MySQL, PostgreSQL or other databases.

php73-xmlrpc – The php-xmlrpc package contains a dynamic shared object that will add support for the XML-RPC protocol to PHP.

To install them, run:

sudo yum install php73-gd php73-mysqlnd php73-opcache php73-xmlrpc php73-pdo



One can search and list addional php modules using:

yum list php73-*

Enable the PHP-fpm service

sudo chkconfig php-fpm on

Start the PHP-fpm service

sudo service php-fpm start

Check status of the PHP-fpm service

sudo service php-fpm status

Verify that Unix socket is up and running for PHP-FPM using the ls command:

ls -l /var/run/php-fpm/www.sock

Restart Nginx service

Use the cat command to list config:

cat /etc/nginx/conf.d/php-fpm.conf

You must restart Nginx to activate PHP support via /var/run/php-fpm/www.sock socket:

sudo servive nginx restart



PHP configuration

PHP is configured using the /etc/nginx/default.d/php.conf file as follows:

cat /etc/nginx/default.d/php.conf

Sample outputs:

# pass the PHP scripts to FastCGI server # # See conf.d/php-fpm.conf for socket configuration # index index.php index.html index.htm; location ~ \. ( php|phar ) ( /.* ) ?$ { fastcgi_split_path_info ^ ( .+\. ( ?:php|phar ) ) ( /.* ) $; fastcgi_intercept_errors on; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_pass php-fpm; } # pass the PHP scripts to FastCGI server # # See conf.d/php-fpm.conf for socket configuration # index index.php index.html index.htm; location ~ \.(php|phar)(/.*)?$ { fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$; fastcgi_intercept_errors on; fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_pass php-fpm; }

Edit the /etc/php-fpm.d/www.conf file:

sudo vi /etc/php-fpm.d/www.conf

Find the apache in the user and group:

user = apache

group = apache

Replace with the nginx:

user = nginx

group = nginx

Make sure you restart/reload PHP-fpm whenever you make config changes:

sudo service php-fpm reload

Test PHP installation on Amazon Linux AMI

Create a file name test.php in /usr/share/nginx/html, run:

sudo vi /usr/share/nginx/html/test.php

Append the following text:

<?php // test server with php support phpinfo ( ) ; ?> <?php // test server with php support phpinfo(); ?>

Fire a web browser such as Firefox and type your public IPv4 address such as:

http://1.2.3.4/test.php

http://your-domain-mapped-to-public-ip-com/test.php

http://202.1.2.3/test.php



Nginx server configuration

Import files:

Main config file – /etc/nginx/nginx.conf

PHP-FPM FastCGI socket/server config file – /etc/nginx/conf.d/php-fpm.conf

Enable PHP 7.3 scripts to FastCGI server for Nginx – /etc/nginx/default.d/php.conf

Virtual Domain – /etc/nginx/conf.d/ (put each domain config file in this directory)

Sample Nginx virtual domain config:

A sample config for server1.cyberciti.biz virtual domain:

cat /etc/nginx/conf.d/server1.cyberciti.biz

# # A virtual host # server { listen 80 ; server_name server1.cyberciti.biz server1; location / { root /www/domains/server1.cyberciti.biz/http; index index.html index.htm; } } # # A virtual host # server { listen 80; server_name server1.cyberciti.biz server1; location / { root /www/domains/server1.cyberciti.biz/http; index index.html index.htm; } }

Make sure you restart/reload nginx when you change/update Nginx config files:

sudo service nginx configtest

sudo service nginx reload

Customize MySQL server

You need to edit the /etc/my.cnf file:

cat /etc/my.cnf

Sample outputs:

[ mysqld ] datadir = /var/lib/mysql socket = /var/lib/mysql/mysql.sock # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links = 0 # Settings user and group are ignored when systemd is used. # If you need to run mysqld under a different user or group, # customize your systemd unit file for mysqld according to the # instructions in http://fedoraproject.org/wiki/Systemd [ mysqld_safe ] log-error = /var/log/mysqld.log pid-file = /var/run/mysqld/mysqld.pid [mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 # Settings user and group are ignored when systemd is used. # If you need to run mysqld under a different user or group, # customize your systemd unit file for mysqld according to the # instructions in http://fedoraproject.org/wiki/Systemd [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid

Again, restart/reload the MySQL service whenever you made change to config:

sudo service mysqld restart

Conclusion

You studied how to install Linux, nginx, MySQL, PHP (LEMP) stack on Amazon Linux AMI. For more information, please see the following resources: