How To Install Linux, Nginx, MySQL, PHP (LEMP) on Debian 8

Published by The GrimmChester on

Files Structure:

  • /srv
    • /mydomain.com
      • /.socks
      • /www
        • /cgi-bin
        • /logs
        • /public_html
        • /ssl
        • /tmp
      • /blog
        • /cgi-bin
        • /logs
        • /public_html
        • /ssl
        • /tmp

1. Installation of Nginx

apt-get -y install nginx

2. Installation of MySQL

You can automate this step by following this tutorial.
apt-get install -y mysql-server

2.1 Securing the installation

To secure your installation of MySQL you have to use the command line mysql_secure_installation and remove all test tables and users.

3. Installation of PHP (FPM) + basic modules

apt-get install -y php5-fpm php-apc php5-mysql php5 php5-common php5-gd php5-mysql php5-imap php5-cli php5-cgi php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick php5-curl php5-intl php5-memcache php5-memcached php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached

4. Configure your first website

#Create the user
/usr/sbin/useradd -M website1 -d /srv/mydomain.com/www/ -s /bin/false

#Create the structure
mkdir -p /srv/mydomain.com/.socks
chown -R root:root /srv/mydomain.com/.socks
chmod 1751 /srv/mydomain.com/.socks

mkdir -p /srv/mydomain.com/www/{cgi-bin,logs,public_html,ssl,tmp}
chown -R website1:website1 /srv/mydomain.com/www/
chown -R root:root /srv/mydomain.com/www/ssl
chown -R website1:website1 /srv/mydomain.com/www/cgi-bin
chown root:website1 /srv/mydomain.com/www/logs
chown root:root /srv/mydomain.com/www
chmod 1755 /srv/mydomain.com/www/
chmod 1700 /srv/mydomain.com/www/ssl
chmod 1750 /srv/mydomain.com/www/tmp
chmod 1750 /srv/mydomain.com/www/logs
chmod 1750 /srv/mydomain.com/www/cgi-bin

4.1 Non-SSL Virtual Host

Virtual Host folder: /etc/nginx/sites-available

Put the content below to /etc/nginx/sites-available/www.mydomain.com.conf

server {
    root /srv/mydomain.com/www/public_html/;
    index index.php index.html;
    server_name mydomain.com;
	
	#Redirect http to https
	#rewrite     ^   https://$server_name$request_uri? permanent;
	
	location ~* \.(jpg|jpeg|gif|png|css|js|ico|xml)$ {
		access_log        off;
		log_not_found     off;
		expires           360d;
	}

	# Pass PHP scripts to PHP FPM
	location ~* \.php$ {
		fastcgi_index   index.php;
		#fastcgi_pass    127.0.0.1:9000;
		fastcgi_pass    unix:/srv/mydomain.com/.socks/www.mydomain.com.sock;
		include         fastcgi_params;
		fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
		fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
	}

	location ~ /\. {
		access_log off;
		log_not_found off; 
		deny all;
	}

    location / {
        try_files $uri $uri/ =404;
    }
}

4.2 Configuration of PHP FPM

Pool configuration folder: /etc/php5/fpm/pool.d (one pool per Virtual Host)

Put the content below to /etc/php5/fpm/pool.d/www.mydomain.com.conf

; Pool name
[www.mydomain.com]
; We will use a socket instead of a port
listen = /srv/mydomain.com/.socks/www.mydomain.com.sock
; Permission for the socket
listen.owner = website1
listen.group = website1
listen.mode = 0666
; User/Group for the process
user = website1
group = website1
; Process configuration
pm = dynamic
pm.max_children = 20
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 10
slowlog = /srv/mydomain.com/www/logs/php5-fpm.www.mydomain.com.log.slow
; Some PHP configuration directives (Change the way you want)
; If you enable open_basedir, upload_tmp_dir must be a child folder of the base_dir directory.
php_admin_value[open_basedir] = /srv/mydomain.com/www
php_admin_value[session.save_path] = /srv/mydomain.com/www/tmp
php_admin_value[upload_tmp_dir] = /srv/mydomain.com/www/tmp
php_admin_value[short_open_tag] = On
php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i
;Disable unsecure functions
php_admin_value[disable_functions] = pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,exec,passthru,system,shell_exec,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source,fsocket,fsockopen,pfsockopen

4.3 Enable the new configuration

#Enable your new Nginx Virtual Host
ln -s /etc/nginx/sites-available/www.mydomain.com.conf /etc/nginx/sites-enabled/
#Reload PHP5 FPM pools
service php5-fpm reload
#Reload Nginx
service nginx reload

Common Problems

If your PHP FPM won’t spawn your socket, check if you don’t have two pools with the same domain/subdomain [www.mydomain.com] (First or second line of your fpm pool configuration file)

Categories: Debian 7Debian 8DiversHTTPLinux
Tags:

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

Debian 7

How To Install Linux, Apache, MySQL, PHP (LAMP) on Debian 8

Files Structure: /srv /mydomain.com /.socks /www /cgi-bin /logs /public_html /ssl /tmp /blog /cgi-bin /logs /public_html /ssl /tmp 1. Installation of Apache 2.4 apt-get -y install apache2-mpm-prefork apache2-utils apache2-suexec 1.1. Configuration of Apache 2 We need Read more…