Knowledgebase

How to Install a LEMP Stack on Arch Linux Print

  • 0

Introduction

This guide explains how to install Nginx, MariaDB, and PHP on Arch Linux (LEMP) and secure the web site with a free Let's Encrypt certificate.

Prerequisites

Before beginning this guide, please:

This guide uses app.example.com as the example DNS name of the server.

Install UFW Firewall

UFW (uncomplicated firewall) is a simple and configurable firewall.

  1. Install UFW.

     $ sudo pacman -S --noconfirm ufw
  2. Configure UFW

    Configure UFW to allow outgoing traffic, but refuse any incoming or routed traffic by default.

     $ sudo ufw default allow outgoing
     $ sudo ufw default deny incoming
     $ sudo ufw default deny routed

    Allow traffic on TCP ports 22 (SSH), 80 (HTTP), and 443 (HTTPS).

     $ sudo ufw allow 22/tcp
     $ sudo ufw allow 80/tcp
     $ sudo ufw allow 443/tcp
  3. Enable the firewall to make the new configuration active. If you are connected over SSH, it will display a warning message about possibly interrupting the connection. You can ignore this warning because TCP port 22 (SSH) was allowed through the firewall in the earlier step.

     $ sudo ufw enable

Install Nginx

  1. Install the Nginx package.

     $ sudo pacman -S --noconfirm nginx
  2. Start the Nginx service and enable it to start automatically on boot.

     $ sudo systemctl start nginx.service
     $ sudo systemctl enable nginx.service

Install MariaDB

  1. Install the MariaDB package.

     $ sudo pacman -S --noconfirm mariadb
  2. Initialize MariaDB's internal database and system tables.

     $ sudo mariadb-install-db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
  3. Start the MariaDB service and enable it to start automatically on boot.

     $ sudo systemctl start mariadb.service
     $ sudo systemctl enable mariadb.service
  4. Run the secure installation script to configure MariaDB security.

     $ sudo mysql_secure_installation

When prompted for the current password for root, press Enter for none. When asked to supply a new root password, use a secure password. Answer Y or press Enter for all remaining prompts.

Install PHP

  1. Install the PHP and PHP-FPM packages.

     $ sudo pacman -S --noconfirm php php-fpm
  2. Start the PHP-FPM service and enable it to start automatically on boot.

     $ sudo systemctl start php-fpm.service
     $ sudo systemctl enable php-fpm.service

Install Certbot

Certbot is used to request free Let's Encrypt SSL/TLS certificates. The recommended way to install Certbot on Arch is with Snap.

Follow the instructions at eff.org to install Certbot for Nginx on Arch Linux.

Request an SSL/TLS certificate with Certbot. Replace user@example.com with your email and app.example.com with your fully-qualified domain name.

    $ sudo certbot certonly --agree-tos --no-eff-email --nginx -m user@example.com -d app.example.com

Test PHP

  1. Create a PHP test page in the web root directory.

     $ sudo nano /srv/http/index.php
  2. Paste the following lines.

     <?php
     phpinfo();
  3. Save and exit the file.

To see the test page, navigate to your fully qualified domain name in a web browser. It should display the PHP version as well as other system information.

The LEMP stack installation is now complete. Next, upload your web pages to /srv/http.

More Resources

Introduction This guide explains how to install Nginx, MariaDB, and PHP on Arch Linux (LEMP) and secure the web site with a free Let's Encrypt certificate. Prerequisites Before beginning this guide, please: Deploy a new Arch Linux instance Create a sudo user. Update the system Create a DNS "A" record that points to your server's IP address. This guide uses app.example.com as the example DNS name of the server. Install UFW Firewall UFW (uncomplicated firewall) is a simple and configurable firewall. Install UFW. $ sudo pacman -S --noconfirm ufw Configure UFW Configure UFW to allow outgoing traffic, but refuse any incoming or routed traffic by default. $ sudo ufw default allow outgoing $ sudo ufw default deny incoming $ sudo ufw default deny routed Allow traffic on TCP ports 22 (SSH), 80 (HTTP), and 443 (HTTPS). $ sudo ufw allow 22/tcp $ sudo ufw allow 80/tcp $ sudo ufw allow 443/tcp Enable the firewall to make the new configuration active. If you are connected over SSH, it will display a warning message about possibly interrupting the connection. You can ignore this warning because TCP port 22 (SSH) was allowed through the firewall in the earlier step. $ sudo ufw enable Install Nginx Install the Nginx package. $ sudo pacman -S --noconfirm nginx Start the Nginx service and enable it to start automatically on boot. $ sudo systemctl start nginx.service $ sudo systemctl enable nginx.service Install MariaDB Install the MariaDB package. $ sudo pacman -S --noconfirm mariadb Initialize MariaDB's internal database and system tables. $ sudo mariadb-install-db --user=mysql --basedir=/usr --datadir=/var/lib/mysql Start the MariaDB service and enable it to start automatically on boot. $ sudo systemctl start mariadb.service $ sudo systemctl enable mariadb.service Run the secure installation script to configure MariaDB security. $ sudo mysql_secure_installation When prompted for the current password for root, press ENTER for none. When asked to supply a new root password, use a secure password. Answer Y or press ENTER for all remaining prompts. Install PHP Install the PHP and PHP-FPM packages. $ sudo pacman -S --noconfirm php php-fpm Start the PHP-FPM service and enable it to start automatically on boot. $ sudo systemctl start php-fpm.service $ sudo systemctl enable php-fpm.service Install Certbot Certbot is used to request free Let's Encrypt SSL/TLS certificates. The recommended way to install Certbot on Arch is with Snap. Follow the instructions at eff.org to install Certbot for Nginx on Arch Linux. Request an SSL/TLS certificate with Certbot. Replace user@example.com with your email and app.example.com with your fully-qualified domain name. $ sudo certbot certonly --agree-tos --no-eff-email --nginx -m user@example.com -d app.example.com Test PHP Create a PHP test page in the web root directory. $ sudo nano /srv/http/index.php Paste the following lines.
Was this answer helpful?
Back

Powered by WHMCompleteSolution