How to Install LEMP Stack Nginx, MySQL, PHP on Ubuntu 22.04

LAMP is an acronym denoting one of the most common software stacks for many of the web’s most popular applications. However, LAMP now refers to a generic software stack model and its components are largely interchangeable.

In this tutorial, i am going to show you how to install and configure LEMP (Nginx, MySQL, PHP) on Ubuntu 22.04 server with Let’s Encrypt SSL.

How to Install LEMP Stack Nginx, MySQL, PHP on Ubuntu 22.04

Follow the below given steps to install and configure LEMP Linux, Nginx, PHP, MySQL in ubuntu 22.04:

  • Step 1 – Update System Dependencies
  • Step 2 – Install Nginx
  • Step 3 – Setup Firewall
  • Step: 4 Check Nginx Installation
  • Step 5 – Install MySQL
  • Step 6 – Secure MySQL
  • Step 7 – Install PHP
  • Step 8 – Configure PHP
  • Step 9 – Configure Nginx
  • Step 10 – Install Let’s Encrypt SSL

Step 1 – Update System Dependencies

Start terminal and run following command on command prompt to update the packages to the latest version available:

sudo apt update
sudo apt upgrade

Once we have updated the setup we can start the setup.

Step 2 – Install Nginx

Run the following command on command prompt to install nginx on ubuntu 22.04 system:

sudo apt install nginx

Step 3 – Setup Firewall

Once the nginx installation has been finished, and run the folowing command on terminal to set up Uncomplicated Firewall (UFW) with Nginx to allow public access on default web ports for HTTP and HTTPS

sudo ufw app list

All listed applications.

Available applications:
   Nginx Full
   Nignx HTTP
   Nginx HTTPS
   OpenSSH
  • Nginx HTTP: This profile opens port 80 (normal, unencrypted web traffic)
  • Nginx Full: This profile opens both port 80 (normal, unencrypted web traffic) and port 443 (TLS/SSL encrypted traffic)
  • Nginx HTTPS: This profile opens only port 443 (TLS/SSL encrypted traffic)
  • OpenSSH: This profile opens port 22 for SSH access.

Then enable Nginx full by using the following command; is as follows:

sudo uff allow OpenSSH
sudo ufw allow 'Nginx Full'
sudo ufw enable

With this command, you can view the status of UFW.

sudo ufw status

You will see the output as follows.

Output
Status: active
 To                         Action      From
 --                         ------      ----
 Nginx Full                 ALLOW       Anywhere                  
 OpenSSH                    ALLOW       Anywhere                  
 Nginx Full (v6)            ALLOW       Anywhere (v6)             
 OpenSSH (v6)               ALLOW       Anywhere (v6)

Step: 4 Check Nginx Installation

Once nginx is installed and firewall configuration has been finished, you can check nginx version using the following command: is as follows:

sudo systemctl status nginx

Output as follows:

 nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2022-05-04 05:36:49 UTC; 44s ago
       Docs: man:nginx(8)
    Process: 10272 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCC>
    Process: 10273 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
   Main PID: 10274 (nginx)
      Tasks: 3 (limit: 1151)
     Memory: 5.3M
        CPU: 35ms
     CGroup: /system.slice/nginx.service

Step 5 – Install MySQL

Runt the following commands on terminal to install and configure mysql on ubuntu 22.04:

sudo apt install mysql-server

Once the installation is completed. you can verify that the MySQL server status is running, type:

sudo service mysql status

The output should show that the service is enabled and running:

● mysql.service - MySQL Community Server
     Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2022-04-29 00:38:45 UTC; 11s ago
    Process: 13836 ExecStartPre=/usr/share/mysql/mysql-systemd-start pre (code=exited, statu>
   Main PID: 13844 (mysqld)
     Status: "Server is operational"
      Tasks: 38 (limit: 1151)
     Memory: 351.4M
        CPU: 1.043s
     CGroup: /system.slice/mysql.service
             └─13844 /usr/sbin/mysqld

To check mysql version using the following command:

sudo mysql -V
Output
mysql  Ver 8.0.28-0ubuntu4 for Linux on x86_64 ((Ubuntu))

Step 6 – Secure MySQL

MySQL installation comes with a script named mysql_secure_installation that allows we to easily improve the MySQL server security.

sudo mysql_secure_installation

Will be asked to configure the VALIDATE PASSWORD PLUGIN which is used to test the strength of the MySQL users passwords and improve the security.

Press y if we want to set up the validate password plugin or any other key to move to the next step.

There are three levels of password validation policy, low, medium, and strong. Enter 2 for strong password validation.

On the next prompt, will be asked to set a password for the MySQL root user.

If we set up the validate password plugin, the script will show we the strength of we new password. Type y to confirm the password.

Next, will be asked to remove the anonymous user, restrict root user access to the local machine, remove the test database, and reload privilege tables. we should answer y to all questions.

Step 7 – Install PHP

Run the following command on terminal to install PHP:

sudo apt install php8.1-fpm php8.1 php8.1-common php8.1-mysql php8.1-xml php8.1-xmlrpc php8.1-curl php8.1-gd php8.1-imagick php8.1-cli php8.1-imap php8.1-mbstring php8.1-opcache php8.1-soap php8.1-zip php8.1-intl php8.1-bcmath unzip -y

Once the PHP installed has been complete, you can use the following command to check the version of installed php:

php -v
Output
PHP 8.1.5 (cli) (built: Apr  7 2022 17:46:26) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.1.5, Copyright (c) Zend Technologies
    with Zend OPcache v8.1.5, Copyright (c), by Zend Technologies

Step 8 – Configure PHP

To configure PHP by changing some values in php.ini file.

So, open php.ini file by using execute the following command on command prompt:

sudo nano /etc/php/8.1/fpm/php.ini

Hit F6 for search inside the editor and update the following values for better performance.

upload_max_filesize = 32M 
post_max_size = 48M 
memory_limit = 256M 
max_execution_time = 600 
max_input_vars = 3000 
max_input_time = 1000

Once you have modified PHP settings, need to restart PHP-FPM for the changes to take effect.

sudo service php8.1-fpm restart

Step 9 – Configure Nginx

Disable default Nginx configuration.

sudo rm -rf /etc/nginx/sites-enabled/default
sudo rm -rf /etc/nginx/sites-available/default

Create website directories.

sudo mkdir -p /var/www/html/domainname/public

Setup correct permissions.

sudo chmod -R 755 /var/www/html/domainname
sudo chown -R www-data:www-data /var/www/html/domainname

Create a new virtual host configuration.

sudo nano /etc/nginx/sites-available/domainname.conf

Paste the following configurations in the new file:

server {
    listen 80;
    listen [::]:80;

    server_name yourdomainname.com www.yourdomainname.com;

    root /var/www/html/domainname/public;
    index index.html index.php;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ .php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+.php)(/.+)$;
        fastcgi_pass unix:/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }
}

Enable the new configuration.

sudo ln -s /etc/nginx/sites-available/domainname.conf /etc/nginx/sites-enabled/domainname.conf

Step 10 – Install Let’s Encrypt SSL

HTTPS is a protocol for secure communication between a server (instance) and a client (web browser). Due to the introduction of Let’s Encrypt, which provides free SSL certificates, HTTPS are adopted by everyone and also provides trust to our audiences.

sudo apt install python3-certbot-nginx

Now you have installed Certbot by Let’s Encrypt for Ubuntu 22.04, run this command to receive our certificates.

sudo certbot --nginx --agree-tos --redirect -m [email protected] -d domainname.com -d www.domainname.com

Certificates provided by Let’s Encrypt are valid for 90 days only, so you need to renew them often. So, let’s test the renewal feature using the following command.

sudo certbot renew --dry-run

This command will test the certificate expiry and configures the auto-renewable feature.

Conclusion

In this tutorial, i have shown to you how to install LEMP stack Ubuntu 22.04 with Let’sEncrypt SSL

More Tutorials

Leave a Comment