This tutorial, the second in a series about setting up WordPress on an Alibaba Cloud Instance, will take us through completing the installation of a highly performant LEMP stack on our server.
As before, it will serve just as well as a guide for achieving the same aim with most any of the other Cloud VPS providers (I’m looking at you Digital Ocean, Linode, Vultr, and to a lesser extent AWS). And as with all of my tutorials, I primarly wrote it down to record the process as an aid for my own skills development.
Before starting, please make sure you have completed the previous tutorial and have a brand new Alibaba Cloud Ubuntu 16.04 Instance ready. If you haven’t completed that tutorial, it can be found here.
Today’s tutorial will finish our LEMP stack with NGINX, MariaDB, and PHP7, widely regarded as the optimum foundation for a modern WordPress site. While the following tutorial will look at configuring a domain, and the necessary DNS settings, to enable the installation of an SSL certificate to secure our site. Before the final tutorial completes the series with the installation of WordPress via curl and WP-CLI, and a look at transactional emails.
It’s a lot to do, so let’s get going.
First, login to your instance with your username, remember to replace your_user and your_server_ip with your own superuser name and server ip:
$ ssh your_user@your_server_ip
In my case, it looks like this:
Part One. Completing the LEMP Stack
Step 1. Install the NGINX Web Server
We have chosen NGINX as our web server, it is widely regarded as much faster, more modern, secure, and efficient, than the more common Apache2 web server that is part of the alternative LAMP stack.
We will be installing most of the components of our stack from the standard Ubuntu package repository, we do this using the apt package management suite built into Ubuntu.
If this is the first time that you are using apt in this terminal session, it’s good practice to update your local package index before installing anything. After doing that we will install the NGINX server:
$ sudo apt-get update $ sudo apt-get install nginx
Since we’re working on an Ubuntu 16.04 Instance, NGINX will start running as soon as it has been installed.
In the previous tutorial we enabled the UFW firewall, so now we must configure it to allow connections to NGINX. UFW is as uncomplicated as it’s name suggests, since NGINX registered itself with the firewall upon installation, this whole procedure is very simple.
To enable connections type:
$ sudo ufw allow 'Nginx HTTP'
Notice we only configured this for HTTP, meaning we’re only allowing incoming traffic on port 80. This is because we haven’t configured our SSL certificate for the server yet, we will do that in the next tutorial.
You can verify the change with the following command:
$ sudo ufw status
If everything is configured properly, your terminal should look like the following:
NGINX should now be installed correctly, and you can visit your server at it’s IP address in your web browser. If things are working as they should, you’ll be greeted by the NGINX default landing page, which looks like this:
Step 2. Install MariaDB relational database
Our aim is to have a performant WordPress stack, and since WordPress needs a MySQL compatible database to run, then we will use MariaDB. MariaDB was created by the original developer of MySQL following its purchase by Oracle. The aim of the project is to maintain the database as a drop-in replacement for MySQL, while guaranteeing it’s Open Source codebase. It also doesn’t harm things that MariaDB is generally more optimized and performant than MySQL too.
Using the apt package management suite continues to make our life easy, install MariaDB by simply entering:
$ sudo apt-get install mariadb-server
We should also ensure MariaDB starts after any server reboot, we can do that with the following:
$ sudo systemctl enable mysql
Enter the following to check to make sure that MariaDB is running:
$ sudo systemctl status mysql
All good? Excellent!
We aren’t finished with MariaDB yet though, now we need to secure our database installation. To do that enter the following:
$ sudo mysql_secure_installation
MariaDB will run through some security configurations. If this is the first time it has been run since installation, then a root password won’t have been set, so you can set it now. Otherwise it’ll already have been set, and you need not bother. Your terminal should now look something like this:
There will be several other security configurations you will need to address after that. You’ll be asked to remove an anonymous user that exists for testing purposes, disallow the root login, remove test databases, and a few other housekeeping tasks. Answer yes to all of them.
Now your terminal should closely resemble the following:
With all those steps complete your MariaDB is set up, functioning and secure.
Step. 3 Install PHP and the modules required for NGINX and MariaDB
In the previous 2 steps we installed our webserver and database, now the final part of the stack is PHP, the scripting language WordPress requires to generate dynamic content.
We will be installing PHP7, which introduces great new features and a whole new Zend Engine, meaning 50% better memory consumption and up to 2x faster performance, over PHP5.6.
There is a slight fly in the ointment regarding using NGINX and PHP though. Whilst NGINX is known to be faster and more efficient, unlike Apache2 it doesn’t actually have the ability to process PHP natively. To remedy this situation we will install php-fpm, which stands for ‘PHP fastCGI process manager’, this software will be used to process the PHP after we configure NGINX to pass PHP requests to it.
We will also install the php-mysql helper module to allow PHP to talk to our MariaDB installation.
Issue the following command:
$ sudo apt-get install php-fpm php-mysql
The installation of the components will look like this:
A few words about installing PHP7
Installing PHP-FPM should install all the required additional packages, as shown in the screenshot above. However at least one tutorial user has reported that some of the components weren’t installed.
Please make sure the following packages are installed:
- php-common
- php7.0-cli
- php7.0-common
- php7.0-fpm
- php7.0-mysql
- php7.0-json
- php7.0-opcache
- php7.0-readline
If any of these packages are not installed, then please install them separately using apt-get install.
Alternatively you could install them all by name with:
$ sudo apt-get install php-common php7.0-cli php7.0-common php7.0-fpm php-mysql php7.0-json php7.0-opcache php7.0-readline
Now we have the necessary core PHP components installed, we need to configure things for security. To do that open the main php-fpm configuration file with root privileges:
$ sudo nano /etc/php/7.0/fpm/php.ini
You need to locate the cgi.fix_pathinfo parameter, it should be commented out with a semi-colon ;, and set to 1 by default.
This is not optimal. It tells PHP to execute the closest file it can find, if the requested PHP file can’t be located. This presents a vulnerability which could be exploited by specially crafted PHP requests, and that could have particularly nasty results. So we’re going to change this parameter, uncomment the line and change the setting to 0:
$ cgi.fix_pathinfo=0
Your file should now look like this:
Once you’ve saved the file you still need to restart the PHP processor to implement the changes:
$ sudo systemctl restart php7.0-fpm
Step 4. Configure NGINX to use the PHP Processor
The essential PHP components are installed, but there are still some configuration changes needed to tell NGINX to use the php-fpm PHP processor.
This is done on the server block level in the NGINX configuration file. For the purposes of this tutorial, we will be using the default NGINX server block configuration file, but this system is usually configured with configuration files and server blocks for each webapp.
$ sudo nano /etc/nginx/sites-available/default
The default NGINX configuration file will contain lots of elements that are currently commented out using the hash character #. I will remove these to make the file cleaner. After that you will need to make the following changes
1. Add index.php as the first value of the index directive so that index.php files are served with precedence over other index files, if they are available, when a directory is requested:
index index.php index.html index.htm index.nginx-debian.html;
2. Modify the server_name directive so that it points at the server’s public IP address. We will adjust this again later when we have configured our domain names and DNS, but for now the server IP address will suffice:
server_name server_ip_address;
3. To enable the PHP processing, we need to uncomment out the segment of the file that handles PHP requests by removing the hash symbol # from the front of each line. This will be the location ~\.php$ location block, the fastcgi-php.conf snippet, and the socket associated with php-fpm:
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
4. The location block dealing with .htaccess also needs to be uncommented in the same way. NGINX doesn’t process these files so they shouldn’t be served:
location ~ /\.ht {
deny all;
}
Now your default NGINX configuration file’s server block should look like the following:
Save the changes and close the file. Whenever you make changes to your NGINX configuration file it is best practice to check for any sytax errors. We do this with the following command:
$ sudo nginx -t
If there are any errors, return to the file and double-check it. When the file passes the syntax check, you can go ahead and reload it to make the necessary changes:
$ sudo systemctl reload nginx
Your terminal should look like this:
Step 5. Test the Configuration to ensure PHP files are being served
The LEMP stack is complete and should be functioning now. The easiest way to test that NGINX can correctly pass .php files to the PHP processor is to create a PHP info file in the document root:
$ sudo nano /var/www/html/info.php
Paste the following PHP code into the newly created file:
<?php phpinfo();
This code will serve a page which returns information about your server. Save and close the file, then visit your page in your web browser by visiting your server’s public IP address suffixed with /info.php:
http://server_ip/info.php
Assuming everything is working correctly, your web browser should show something like this:
You have now installed and configured a LEMP stack on your Alibaba Ubuntu 16.04 Instance, this is considered both a flexible and performant foundation for not only running a WordPress site, but also for serving other Webapps and PHP framework based sites.
At present we can only visit our site by entering the server IP address in a web browser, so we will fix that in the next tutorial by configuring a domain name to serve our site, and securing everything with an SSL certificate.
See you then.
Jeff
Leave a Reply