Setting Up a LEMP Server on Ubuntu 14.04

Published on Author craigzearfossLeave a comment
  1. Update and install nginx.
    sudo apt-get update
    sudo apt-get install nginx
    
  2. Check that the nginx server is up. To find out your ngnix server’s ip address:
    ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'
    

    Or you could try:

    curl http://icanhazip.com
  3. To make sure nginx starts automatically:
    sudo update-rc.d nginx defaults
    
  4. Install MySQL.
    sudo apt-get install mysql-server
    sudo apt-get install mysql-client
    sudo mysql_install_db
    sudo mysql_secure_installation
    
  5. Install PHP for processing.
    sudo apt-get install php5-fpm php5-mysql
    
    • Configure the PHP processor.
      Edit the php.ini file.

      sudo nano /etc/php5/fpm/php.ini
      

      Set the following line:

      cgi.fix_pathinfo=0
      

    Restart php.

    sudo service php5-fpm restart
    
  6. Install additional PHP modules.
    sudo apt-get install php5-cli
    sudo apt-get install php5-curl
    sudo service php5-fpm restart
    

    Some other PHP modules you may want to install include:
    php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl

  7. Configure Nginx to Use our PHP Processor.
    sudo nano /etc/nginx/sites-available/default
    
    server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;root /usr/share/nginx/html;
        index index.php index.html index.htm;
    
        # Make site accessible from http://localhost/
        server_name DOMAIN_NAME;
    
        location / {
            # First attempt to serve request as file, then
            # as directory, then fall back to displaying a 404.
            try_files $uri $uri/ =404;
            # Uncomment to enable naxsi on this location
            # include /etc/nginx/naxsi.rules
        }
    
        # Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
        #location /RequestDenied {
        #    proxy_pass http://127.0.0.1:8080;
        #}
    
        error_page 404 /404.html;
    
        # redirect server error pages to the static page /50x.html
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
            root /usr/share/nginx/html;
        }
    
        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        location ~ \.php$ {
            try_files $uri =404;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
    
            # With php5-cgi alone:
            fastcgi_pass 127.0.0.1:9000;
            # With php5-fpm:
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }
    }
    
  8. Install git.
    sudo apt-get install git
    
  9. Install subversion (if you need it).
    sudo apt-get install subversion
  10. Install zip:

    sudo apt-get install unzip
  11. Install phpMyAdmin.
    sudo apt-get install phpmyadmin
    sudo ln -s /usr/share/phpmyadmin/ /usr/share/nginx/html
    sudo service nginx restart
    
  12. Install Composer.
    cd /tmp
    curl -s http://getcomposer.org/installer | php
    sudo mv composer.phar /usr/local/bin/
    alias composer='/usr/local/bin/composer.phar'
    
  13. Create a user for ssh.
    sudo adduser
    sudo adduser admin
    sudo visudo -f /etc/sudoers
    
    • In the user privileges section add the following line:
      ALL=(ALL) NOPASSWD:ALL
      
    su
    cd /home/
    mkdir .ssh
    chmod 700 .ssh
    cd .ssh
    ssh-keygen -b 1024 -f id_ -t dsa
    cat ~/.ssh/id_*.pub > ~/.ssh/authorized_keys
    chmod 600 ~/.ssh/*
    cp ~/.ssh/* /tmp
    chmod 644 /tmp/*
    sudo nano /etc/ssh/sshd_config
    
    • Add the new account to the AllowUsers field (or create the line if it’s not there).
      AllowUsers ubuntu
      

    Restart ssh.

    sudo service ssh restart
    
  14. Download the new key from your computer using your ubuntu account.
    scp -i ~/.ssh/.pem ubuntu@:/tmp/* ~/.ssh
    cd ~/.ssh
    chmod 400 id_
    

    Test: ssh -i .ssh/id_ @

  15. Remove the key files from the server’s tmp directory:
    rm -rf /tmp/*
    
  16. Turn off SSH Access for Default root (ubuntu) Account. (Only do this if step 7 was successful.)
    sudo nano /etc/ssh/sshd_config
    

    Remove the ubuntu account from the AllowUsers field:

    AllowUsers
    

    Make sure PermitRootLogin is off:

    PermitRootLogin no
    

    Restart shh.

    sudo service ssh restart
    

Reference:

Leave a Reply

Your email address will not be published. Required fields are marked *