L.E.M.P Stack Installation

- Posted in Server Configuration by

General Installation

apt-get update --allow-releaseinfo-change
apt-get install --reinstall ca-certificates
apt-get upgrade -y
apt-get install nano wget perl sudo -y
sudo apt -y dist-upgrade
sudo apt --purge autoremove
sudo apt update && sudo apt upgrade
apt -y purge Apache2* bind* exim ufw
rm -rf /etc/apache2

Nginx

Install the Nginx web server.
$ sudo apt-get install nginx -y 

Start the Nginx service.
$ sudo systemctl start nginx 

Enable the Nginx service to start at system reboot.
$ sudo systemctl enable nginx 

Check the Nginx version to verify the installation.
$ sudo nginx -v 

http://your_domain_or_IP

UFW if want,

Configure the Firewall

List the available application profiles.
$ sudo ufw app list 

Among the other entries, you should see the following profiles

Nginx Full
Nginx HTTP
Nginx HTTPS
* The Nginx Full profile opens both HTTPS (443) and HTTP (80) ports.

The Nginx HTTP profile opens the HTTP (80) port only.
The Nginx HTTPS profile opens the HTTPS (443) port only.
Allow the Nginx Full profile in the firewall. 
Certbot requires ports 80 and 443 to install a Let's Encrypt TLS/SSL certificate.

$ sudo ufw allow 'Nginx Full'

Check the Firewall status.
$ sudo ufw status 

PHP Installation

 sudo apt -y install php libapache2-mod-php php-mysql php-fpm
apt -y install libmcrypt-dev libreadline-dev mcrypt php-pear libapache2-mod-fcgid
sudo apt -y install software-properties-common
sudo apt -y install php-common php-mysql php-xml php-xmlrpc php-curl php-gd php-imagick php-cli
sudo apt -y install php-imap php-mbstring php-opcache php-soap php-dev php-cgi php-zip php-intl
sudo apt autoremove
    php -v
    sudo nano /etc/php8.2/fpm/php.ini
    Uncomment cgi.fix_pathinfo and set it to "0". 
    This is a security fix to disable PHP from finding the closes file if no match is found.
       cgi.fix_pathinfo=0
    Restart PHP Processor
    $ sudo service php5-fpm restart

Create an Nginx Virtual Host---Tested, Good.

Remove the default Nginx configuration.
$ sudo rm -rf /etc/nginx/sites-enabled/default
$ sudo rm -rf /etc/nginx/sites-available/default   

Create an Nginx virtual host configuration file. 
Replace your-domain.com with your domain name.

sudo mkdir /var/www/your_domain
sudo chown -R $USER:$USER /var/www/your_domain

$ sudo nano /etc/nginx/sites-available/your_domain
In case, nginx sites-available folder not found 
create the sites-available and sites-enabled folder 
 sudo mkdir /etc/nginx/sites-available 
$ sudo mkdir /etc/nginx/sites-enabled 
$ nano /etc/nginx/nginx.conf and add this line at the end 
include /etc/nginx/sites-enabled/*; 
Now, create a server configuration

Paste this into the file. Replace example.com with your domain name.

server {
  listen 80;
  server_name your domain;

  root /var/www/html/crunch;
  index index.php index.html index.nginx-debian.html;
  access_log /var/log/nginx/example_access.log;
  error_log /var/log/nginx/example_error.log;

  location / {
    try_files $uri $uri/ /index.php$is_args$args;
  }

  location ~ \.php$ {
    try_files $uri =404;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_pass unix:/run/php/php-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  }
 } 

Enable the new Nginx configuration. Replace example.com with your domain name.

$ sudo ln -s /etc/nginx/sites-available/crunch.riverfire.net /etc/nginx/sites-enabled/crunch.riverfire.net
Reload the Nginx service.
 $ sudo systemctl reload nginx
sudo service nginx restart
nginx -t
output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successf

sudo systemctl restart 

Mysql Installation

$ apt install -y mariadb-server mariadb-client
$ systemctl status mariadb
$ mysql_secure_installation
 Set root password
 Remove anonymous users.
 Disable remote login for root user.
 Remove test database and access to it.

$ mysql -u root -p --Enter password:

     Maria DB [(none)]>
     CREATE DATABASE crunch; 
     CREATE USER 'crunch'@localhost IDENTIFIED BY 'password';
       (check its status by entering: SELECT User FROM mysql.user;)

     GRANT ALL PRIVILEGES ON *.* TO 'crunch'@localhost IDENTIFIED  BY 'password';
       (GRANT ALL PRIVILEGES ON 'crunch'.* TO 'crunch'@localhost;) 

     FLUSH PRIVILEGES;
     SHOW GRANTS FOR 'crunch'@localhost; 
    SHOW DATABASES;
    Exit

DROP USER 'crunch'@localhost;

PHP MyAdmin

$ wget -P Downloads https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-english.tar.gz
wget -P Downloads https://files.phpmyadmin.net/phpmyadmin.keyring

cd Downloads
gpg --import phpmyadmin.keyring
wget https://www.phpmyadmin.net/downloads/phpMyAdmin-latest-english.tar.gz.asc
gpg --verify phpMyAdmin-latest-english.tar.gz.asc

sudo mkdir /var/www/crunch/phpMyAdmin
sudo tar xvf phpMyAdmin-latest-english.tar.gz --strip-components=1 -C /var/www/html/crunch/phpmyadmin
sudo cp /var/www/html/crunch/phpmyadmin/config.sample.inc.php /var/www/html/crunch/phpmyadmin/config.inc.php
sudo nano /var/www/html/crunch/phpmyadmin/config.inc.php
  set blowfish passwd
sudo chmod 660 /var/www/html/crunch/phpmyadmin/config.inc.php
sudo chown -R www-data:www-data /var/www/html/crunch/phpmyadmin
sudo systemctl restart apache2

Webmin

sudo apt -y install curl
curl -o setup-repos.sh https://raw.githubusercontent.com/webmin/webmin/master/setup-repos.sh
sh setup-repos.sh
apt -y install webmin --install-recommends