Knowledgebase

How to Install a LEMP Stack on Arch Linux Print

  • 0

Introduction

This guide explains how to install Nginx, MariaDB, and PHP on Arch Linux (LEMP) and secure the web site with a free Let's Encrypt certificate.

Prerequisites

Before beginning this guide, please:

This guide uses app.example.com as the example DNS name of the server.

Install UFW Firewall

UFW (uncomplicated firewall) is a simple and configurable firewall.

  1. Install UFW.

    $ sudo pacman -S --noconfirm ufw
    
  2. Configure UFW

    Configure UFW to allow outgoing traffic, but refuse any incoming or routed traffic by default.

    $ sudo ufw default allow outgoing
    
    $ sudo ufw default deny incoming
    
    $ sudo ufw default deny routed
    

    Allow traffic on TCP ports 22 (SSH), 80 (HTTP), and 443 (HTTPS).

    $ sudo ufw allow 22/tcp
    
    $ sudo ufw allow 80/tcp
    
    $ sudo ufw allow 443/tcp
    
  3. Enable the firewall to make the new configuration active. If you are connected over SSH, it will display a warning message about possibly interrupting the connection. You can ignore this warning because TCP port 22 (SSH) was allowed through the firewall in the earlier step.

    $ sudo ufw enable
    

Install Nginx

  1. Install the Nginx package.

    $ sudo pacman -S --noconfirm nginx
    
  2. Start the Nginx service and enable it to start automatically on boot.

    $ sudo systemctl start nginx.service
    
    $ sudo systemctl enable nginx.service
    

Install MariaDB

  1. Install the MariaDB package.

    $ sudo pacman -S --noconfirm mariadb
    
  2. Initialize MariaDB's internal database and system tables.

    $ sudo mariadb-install-db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
    
  3. Start the MariaDB service and enable it to start automatically on boot.

    $ sudo systemctl start mariadb.service
    
    $ sudo systemctl enable mariadb.service
    
  4. Run the secure installation script to configure MariaDB security.

    $ sudo mysql_secure_installation
    

When prompted for the current password for root, press ENTER for none. When asked to supply a new root password, use a secure password. Answer Y or press ENTER for all remaining prompts.

Install PHP

  1. Install the PHP and PHP-FPM packages.

    $ sudo pacman -S --noconfirm php php-fpm
    
  2. Start the PHP-FPM service and enable it to start automatically on boot.

    $ sudo systemctl start php-fpm.service
    
    $ sudo systemctl enable php-fpm.service
    

Install Certbot

Certbot is used to request free Let's Encrypt SSL/TLS certificates. The recommended way to install Certbot on Arch is with Snap.

Follow the instructions at eff.org to install Certbot for Nginx on Arch Linux.

Request an SSL/TLS certificate with Certbot. Replace user@example.com with your email and app.example.com with your fully-qualified domain name.

    $ sudo certbot certonly --agree-tos --no-eff-email --nginx -m user@example.com -d app.example.com

Test PHP

  1. Create a PHP test page in the web root directory.

    $ sudo nano /srv/http/index.php
    
  2. Paste the following lines.

    <?php
    
    phpinfo();
    
  3. Save and exit the file.

To see the test page, navigate to your fully qualified domain name in a web browser. It should display the PHP version as well as other system information.

The LEMP stack installation is now complete. Next, upload your web pages to /srv/http.

More Resources


Was this answer helpful?
Back

Powered by WHMCompleteSolution