LEMP Stack (Linux, Nginx, MySQL, PHP) and PHPMyAdmin under Centos7

Nginx is also sometimes poetically called as the “unsinkable Webserver”. Thanks to the thread pool it can serve many concurrent TCP connections (even very slow ones from smartphones) using minimal system resources.
MySQL is a powerful RDBMS (Relational Database Management System) and is available for free. It is the basis of prominent web applications such as WordPress or Joomla.
While writing this article the individual steps on a Rackhansa VPS (Virtual Private Server) were tested.

1. Vorbereitungen

a) Firewall: Centos has enabled the firewall for IPv4 by default but not for IPv6.
For the Centos template we have prepared in / root two shell scripts for You. Rackhansa thus has generated and saved the firewall tables for IPv4 and IPv6. Please revise our scripts or use a firewall software of your choice. Below You will find some important commands:

 # IPV4 - Check mit
iptables -n -L -v
# IPV6 - Check mit
ip6tables -n -L -v 

b) System update:

 yum update 

3) Apache already occupied port 80. You can uninstall Apache, with:

 # Apache Deinstallieren
yum remove httpd 

Or Apache is reconfigured to a different port, so nginx can later on offer its services on port 80. Edit the file /etc/httpd/conf/httpd.conf and change the line with “listen” into this:

 listen 8000; 

Restart apache:

 service httpd restart 

2. Installation MySQL Server

It’s cool that Centos has the Maria DB in Repos. This server is a drop-in replacement and in many points faster than the MySQL server. The installation is very easy with:

 yum install mariadb-server mariadb
systemctl start mariadb 

Secure your SQL instance. The DB root password is not set, enter a blank password and set a new SQL root password. All other questions can be answered with “Yes”.

 /usr/bin/mysql_secure_installation 

3. Installation NGINX

Option 1:Downloadthe yum configuration file with the PGP public-key. You get a warning that this rpm is not signed. The signature of nginx packages are checked during the installation.

 wget nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
rpm -i nginx-release-centos-7-0.el7.ngx.noarch.rpm 

Option 2: Edit the new file /etc/yum.repos.d/nginx.repo with the following content like it is described on the nginx homepage (the signature of the nginx packages are not checked during installation):

 [nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1 

Then install nginx with:

 yum install nginx 

Now port 80 is not occupied anymore and we can start the nginx server now:

 service nginx restart 

Test: With ifconfig You can display the address of your server. Check the URL http://meine-ip-adressse/ (or make sure that your DNS settings are correct and use http://www.meine-domain.de/ instead of an IP-address) and You will be greeted with the following message:

 # Screen Shot hier einsetzten (Bootstrap formatierte Seite)
Welcome to nginx! 

Configure ngninx for the cooperation with php5-fpm:
Edit the file /etc/nginx/conf.d/default.conf, then restart nginx.

 # finden Sie die Zeile 
server_name localhost;

# und ändern Sie in:
server_name www.meine-domain.tld;

# Änderen Sie den Block:
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

# wie folgt:
    index  index.html index.htm index.php;
    root   /usr/share/nginx/html;
    location / {
        try_files $uri $uri/ =404;
    }


# Editieren Sie den Block für php-Verarbeitung wie folgt:
    location ~ .php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    } 

Nginx needs to be restarted:

 service nginx restart 

4. PHP

For php5-fpm only a few packages have to be specified, the rest is controlled by dependencies:

 yum install php php-mysql php-fpm

systemctl start php-fpm
systemctl enable php-fpm.service 

Konfiguration: cgi.fix_pathinfo is set by default to 1. This may lead to a security breach. For help, see the comments in the configuration file php.ini. Edit the file /etc/php.ini and look for the line with cgi.fix_pathinfo and change it as follows:

 cgi.fix_pathinfo=0 

php5-fpm should already run with the fast Unix Socket. Edit the file /var/run/php-fpm/php-fpm.sock like this:

 # listen = 127.0.0.1:9000
listen = /var/run/php-fpm/php-fpm.sock 

Just php5-fpm has to be started:

 systemctl enable php-fpm.service
systemctl start php-fpm 

PHP-Info Page
Edit a new file:nano /usr/share/nginx/www/info.php with the following content:

 <?php phpinfo(); ?> 

Test: Browse your URL http://meine-ip-adressse/info.php. The output of info.php should look like this (the PHP version depends on the point of time at installation):

5. PHPMyAdmin

It’s just nice to be able to manage your database server with a graphical user interface. Below phpMyAdmin is installed so that You only can access it on localhost and your database is protected from attacks from the Internet. For an occasional access to your database, building a SSH tunnel is much more convenient than fiddling with SQL commands.
The main advantage of using SSH tunnel is that it can be setup quickly and provides less target for hackers than any web application (secure passwords assumed).
First, we perform the installation with a standard configuration for apache2 so PHPMyAdmin can create the necessary MySQL tables.

 yum install epel-release
yum install phpmyadmin 

The installation is now complete. The installation includes an apache configuration file, which has already put into place. PhpMyAdmin is now only accessible locally, but that’s what we intend. For more configuration details You can check /etc/httpd/conf.d/phpMyAdmin.conf.
To access we need the SSH tunnel:

 # Einen neuen Benutzer anlegen
useradd -m test
passwd test

# Falls Sie unter Windows arbeiten, können Sie z.B. putty für den Tunnelaufbau verwenden.

# SSH-Tunnel (ersetzen Sie www.meine-domain.tld mit dem richtigen Hostname oder IP-Adresse)
ssh -fCN test@www.meine-domain.tld  -L 8000:localhost:8000

# Die Option des obigen Befehls:
# -f :  ssh wird als Hintergrundprozess gestartet
# -N : kein remote command wird ausgeführt 
# -C : Datenkompression wird eingeschaltet
# 8000:localhost:8000 : der entfernte TCP-Port 8000 wird mit localhost:8000 verbunden. 

Your PHPMyAdmin URL: http://localhost:8000/
Your server is now ready for real applications.