Deploy LEMP stack on CentOS 6 x86 with 512MB Memory

LEMP stands for Linux, Nginx, MariaDB/MySQL and PHP/PHP-FPM. LEMP stack provides a whole solution for dynamic website hosting. Here I provide my record of installation on a CentOS 6 X86 machine with 512MB RAM.

Prep

• Some basic skills about Vim (editor), copy/paste techniques during operations via SSH.
• Tools necessary for the installation. If not preinstalled, execute the following command and have them installed.

yum install screen wget unzip -y

Then SSH to the server and input in the terminal window screen -S LEMP before beginning the job. If for any reason you are disconnected half way during the installation, re-login to the server and restore your interrupted process by screen -r LEMP. A concise guide on this Screen command can be found here.

Generally it does not matter in which order LEMP stack is installed. However, it may be safer to get MariaDB and PHP installed first. For my personal preference, I’ll do it starting from Nginx web server, followed by the database server and to the php-fpm part to make a full stack working.

Install Nginx

Step 1, visit Nginx’s download page and locate at the bottom the pre-built packages section for the stable version^[1].

Step 2, create a repo file named nginx.repo by running the command in the terminal window:

vi /etc/yum.repos.d/nginx.repo

Hit i on the keyboard to enter the edit mode and paste the following scripts into the repo file. Double check the repo file before quitting the edit mode by ESC, and press :x or :wq to save the job.

[nginx]
name = nginx repo
baseurl = http://nginx.org/packages/centos/6/$basearch/
gpgcheck = 0
enabled = 1

Save the file, execute the following line of script and the latest version of Nginx web server should have been installed into CentOS 6.

yum install nginx -y

Step 3, make Nginx a system service and auto-start everytime the server boots by executing the following combined scripts.

service nginx start && chkconfig --levels 3 nginx on

Remeber to keep a note of the following locations, the directories and files as they’ll be used when configuring the web server.

Default document root directory: /usr/share/nginx/html
Default configuration file: /etc/nginx/nginx.conf
Default Virtual host config directory: /etc/nginx/conf.d/
Default Virtual host config file: /etc/nginx/conf.d/default.conf

Install MariaDB/MySQL

Option 1, MariaDB

Step 1, visit MariaDB repository generator page to set up the repositories. Since I plan to run my LEMP stack on a lowend box with 512MB RAM, I don’t want to install the latest series, but rather the old v5.5 stable version. With the help of the repo generation wizard, I can obtain the custom MariaDB YUM repository as displayed below.

# MariaDB 5.5 CentOS repository list - created 2018-04-20 03:22 UTC
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/5.5/centos6-x86
gpgkey = https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck = 1

Step 2, switch back to the terminal window to create under /etc/yum.repos.d/ a new repo file, MariaDB.repo, by executing:

vi /etc/yum.repos.d/MariaDB.repo

Paste the custom MariaDB repo information into the newly created MariaDB.repo and save it.

Step 3, Run yum install MariaDB-server MariaDB-client -y and have both the database server and the client installed.

After the installation, run /etc/init.d/mysql start to start MariaDB.

To have MariaDB start as a system service every time the machine boots, perform the couple of commands as suggested by MariaDB official web site as follows:

chkconfig --add mysql && chkconfig --level 345 mysql on

Note: --levels 235 is widely suggested, but I found from some sources explanations^[2] that in practical situations --levels 3 is probably OK for my own case.

Step 4, To keep the initial setup of the database server safe, run the following line of command:

mysql_secure_installation

The shell script will walk you through the process of what MariaDB claims as enabling you to improve the security of your MariaDB installation.

The purpose is to set a password (as strong as you will generate since the default password is set to none) for root account, remove anonymous user account and remove the test database integrated. For each Yes-or-No question prompted during the secure installation, just respond with a y (Yes).

Option two, MySQL

CentOS 6 includes MySQL v5.1 repo, so this option can be done easily by the following commands, plus mysql_secure_installation.

yum install mysql-server -y
chkconfig --add mysqld && chkconfig --level 345 mysqld on && service mysqld start

Refer to MySQL official web site on installation via Yum repository for more specifications. I personally omitted this step as I prefer MariaDB to MySQL.

Install PHP/PHP-FPM 7.2 & extensions

Note: For PHP/PHP-FPM v5.6, check the instructions here, and here.

Step 1, get PHP/PHP-FPM ready.

Option 1, install PHP

Since CentOS 6 is shipped with an outdated version (v5.3) of PHP/PHP-FPM, an upgrade to, say v7.2, is recommended. Turn to Remi’s RPM repo wizard to generate a few lines of necessary scripts that are ready to be executed.

#yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
yum install http://rpms.remirepo.net/enterprise/remi-release-6.rpm
yum install yum-utils
yum-config-manager --enable remi-php72
#yum update
yum install php-7.2.5
yum install php-mbstring php-mysql php-xml php-fpm php-common

Option 2, install PHP-FPM only

To achieve a more slimmer package for the sake of performance and maybe personal flavor, installing only PHP-FPM rather than the whole package can be an option.

yum install http://rpms.remirepo.net/enterprise/remi-release-6.rpm
yum install yum-utils
yum-config-manager --enable remi-php72
yum install php-mbstring php-mysql php-xml php-fpm

Initiate PHP-FPM then before making some modifications.

/etc/init.d/php-fpm start && /sbin/chkconfig php-fpm on

Step 2, edit /etc/php-fpm.d/www.conf by vi /etc/php-fpm.d/www.conf and replace the default value with entries suited to Nginx server. The modified www.conf file should now look like this:

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group will be used.
; RPM: apache Choosed to be able to access some dir as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginx

Actually I may stop here and save the configuration file, but if the Unix socket mode is more preferred (to the TCP mode of communication between Nginx and FastCGI), the following modifications must be made^[3].

Change listen = 127.0.0.1:9000 to listen = /var/run/php-fpm/php-fpm.sock, uncomment a few lines and make them look like this:

listen.owner = nginx
listen.group = nginx
listen.mode = 0660

Step 3, finally run the following two lines to ensure that you’ve done the right thing, or /usr/sbin/php-fpm -version to check the installed PHP-FPM version.

php --version
php --modules

Before going through to the final setup, perform the status check to see if all three applications are running OK.

service nginx status && service mysql status && service php-fpm status

If they are not running but configured properly, start or restart them by keying in the following commands:

service nginx restart
service mysql restart
service php-fpm restart

install phpBB3

Prerequisites: Nginx configuration file(s) ready.

Step 1, download phpBB zip pack from its official site and unpack it to the default web directory by running the following bunch of commands:

cd /usr/share/nginx/html
wget https://www.phpbb.com/files/release/phpBB-3.2.2.zip
unzip phpBB-3.2.2.zip
chmod 666 /usr/share/nginx/html/phpBB3/config.php

This will download the zip pack, save it to the default website directory and unzip the pack to phpBB3 directory ready for installation.

Step 2, creat a database (say, for instance, bbs) in advance since the installer will not automatically create it correspondingly during manual installation.

The widely used MySQL manager, phpMyAdmin, is among the best tools, but to keep the database creation job simple, and if you prefer the pure command way, here is what leads to the destination with the same effect. Make sure you remember the password for root account when prompted at login stage.

mysql -u root -p
CREATE DATABASE bbs COLLATE 'utf8_general_ci';
exit

Refer to MariaDB website KB articles here^[4], and here^[5] for more detailed instructions, if necessary.

Step 4, direct to your website IP/hostname (if there is one), follow the instructions accordingly, and the installation will soon start^[6].

Now almost all applications have been set up but the system has not yet been protected from possible attacks from outside. It is important that the server firewall, which is an integrated part shipped with CentOS 6 be initiated.

Set up & config the iptables service

A simple manual can be located at lnmp.org

To put it simple, just execute these commands line by line to allow some data flow (in) and dis-allow some data flow. For more detailed specifications, please check this blog entry.

iptables -F && iptables -Z && iptables -X
iptables -A FORWARD -j DROP
iptables -A OUTPUT -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp -m multiport --dports 80,22 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -j DROP
service iptables save
chkconfig --level 345 iptables on
iptables -nvL --line-numbers

Now, mission completed!

Note: for a simulated video recording with Chinese comment please check my asciinema cast below. Hope this helps.

---

1. at the time of installation, nginx just released v1.14 stable, which is the highest official version users can obtain. ↩︎

2. refer to this post and this post ↩︎

3. https://stackoverflow.com/a/35245008/5883075 ↩︎

4. Create a MySQL/MariaDB database ↩︎

5. Setting Character Sets and Collations ↩︎

6. Actually I skipped the configuration part of the rewrite file, but those who are interested can refer to the pre-canned Nginx’s host configuration suggested by David Yin. ↩︎