from Michael Reber

Nginx LEMP Stack on Rocky Linux

Web server

Rocky Linux is a distribution based on CentOS that provides a stable and Reliable platform for the Development and operation of web applications offers.

In this blog post, we will show you how to create a LEMP stack (Nginx, PHP 8.2 and MariaDB) on Rocky Linux 8 and additionally secure them.

The Nginx web server is one of the most most frequently used solutions for the provision of web applications. Nginx is known for its Performance, Scalability and reliability.

Some of the advantages of Nginx are:

  • High performanceNginx is particularly well suited for processing static content and handling many simultaneous connections.
  • ScalabilityNginx makes it possible to achieve horizontal scaling by using multiple processes and distributing the load across multiple servers.
  • RobustnessNginx is known for its robustness and ability to remain stable even under high loads.
  • Resource efficiencyNginx uses fewer resources than other web servers and can therefore be used well on low-performance servers.

Nginx is the bodyguard among web servers - strong, reliable and always ready to carry the load.

Basic source and package installation

First run the following command to install the Remi repository on your system. This repository contains more up-to-date versions of PHP that are not included in the standard repository.

  1. Add the Remi repository to Rocky:
  1. Activate the Remi repository for PHP 8.2:
  1. Update the system and then immediately install all required dependencies for the stack:

Configuration of MariaDB

  1. Start the MariaDB service and activate it by executing the following commands:
  1. Save the MariaDB installation by selecting "mysql_secure_installation" command. The first command is recommended for generating a strong password (then follow the instructions):
  1. Create a new database and a new user for your web application and give the user all authorisations for the database by executing the following commands:

Configuration of PHP-FPM (communication to Ngnix)

  1. Configure PHP-FPMby opening the file "/etc/php-fpm.d/www.conf" edit.
    Remove the comments and change the following lines:
  1. Start and activate the PHP-FPM service:

Basic configuration of Nginx

  1. Configure Nginx by opening the file "/etc/nginx/nginx.conf" edit. Add the following lines in the http block added:
  1. Check the configuration of Nginx for errors:
  1. If no error is found, this means that our configuration is valid and we can start the Nginx web server as follows:
  1. Is Firewalld is active on your system, you still need to Port 80 as follows so that the web server can be reached from outside (i.e. from your LAN):
  1. Test the LEMP stack by creating a new PHP file (info.php) in the directory "/var/www/html/" with the following code (this should then be created under http://IP-ihres.servers/info.php be reachable):

Please note that these instructions are intended as general help and may require adjustments depending on the specific setup and your requirements. It is important to read the documentation and instructions for the software used carefully to ensure that the configurations are carried out correctly.

Securing the LEMP stack

  • Use a firewallto restrict incoming traffic to the required ports.
  • Use the Strong passwords for all system and database users.
  • Hold all Software up to dateby regularly applying security patches.
  • Use HTTPS for all web traffic to Encrypt data in Transit.
  • Limit the number of users with access to the server and Monitor suspicious activities.
Photo of author

Michael Reber

Years of experience in Linux, security, SIEM and private cloud

Hinterlassen Sie einen Kommentar

17 + 5 =

en_GB