LEMP Stack & Certbot

Published:
Thursday 2nd of September 2021


Reading Time:
5 minutes

A bit of background

Last month i was helping out a friend with some server logs on a Hetzner Cloud Package and was quite impressed with the Hetzner server controls etc... then my buddy told me the price and i was blown away... for cheaper than i was paying he was getting more bang for his buck! so i made the decision to switch servers this month.

Nginx or Apache?

Since i started Web Development i have always used Apache as it was the "go to install" for PHP developers and LAMP was the first i heard to go with.... so stuck with it. On twitter i kept hearing Nginx was a good one to go with, use that... its worth it etc better performance etc.... i don't know how much of it is true but i went with Nginx this time round and so far I'm REALLY liking it. Although Config Syntax is different I'm not finding it difficult to apply the logic from Apache2 stuff to Nginx.

Lets get Started!

I'm going to go through the process i followed in order to install LEMP... i want go through in detail what to do with the commands once they have run but to be honest, the setup is simple enough.

If your just starting out and need something to help you with the initial Server Setup, Please check out Digital Ocean - Initial Server Setup with Ubuntu 20.04

That is a great resource for initial setup !

LEMP Stack, Basically means Linux, EngineX, MySQL & PHP... that's really it. a few things you'll need an understanding of, Basic Linux Command Line tools and how to navigate your Ubuntu installation without issue.

First things first lets check if the ufw is enabled and if not enable it with the following commands:

sudo ufw status
sudo ufw enable
sudo ufw status

That's the firewall essentially set up.... dead easy right!

As with any install of software on Ubuntu Server we start with and update to apt followed by the actual software we want.

sudo apt update
sudo apt install nginx

Note: You will need to answer Y to any prompts you get from the install.

Enable Nginx through the firewall

The ufw is a great little tool and is quite literally an "Uncomplicated FireWall" which you can enable and disable rules with text alone... Cool right!

If you run sudo ufw app list it will display a list of applications that can be enabled and disabled easily.

To enable a setting is a piece of cake! simply type the following to enable Nginx (with HTTPS Support)

sudo ufw allow 'Nginx Full'

Now if you run sudo ufw status you will get something like below:

As you can see in my screenshot above i was a bit lazy and haven't disabled the HTTP yet which isn't really required with Nginx Full enabled.

if you go to http://YOUR_SERVER_IP_HERE in a browser you will now be faced with the below screen:

and that's it... Nginx is now ready to serve up static sites.

MySQL Installation

If your coming to this tutorial now you will need to sudo apt update to get your packages ready, if your following on from before simply run the following to get MySQL server installed.

sudo apt install mysql-server

Select Y to the next few prompts.

Now the next bit has caused me a bit of confusion for a while as it asks if you want to enable the "VALIDATE PASSWORD PLUGIN"... i dont know why but every time i selected no to this... my MySQL installation would complete and i wouldn't be able to login.... dont know why, never got to the bottom of it... so i just enable it with low length security for Dev environment and high level for production. Type the following into your terminal.

sudo mysql_secure_installation

This will launch the SQL Installation. I've screenshot the first bit for clarity the rest you can remove or not as needed.

For the next few questions i tend to answer Y to them all. as i don't want anonymous users, remote root logins or a test DB and finally we need to reload the privileges table. Now your can login to MySQL with

sudo mysql -u root 

And thats it for MySQL. You can now create new users and tables etc for use, or if you're feeling really spicy install something like phpmyadmin or create a remote user that can hit the server with MySQL Workbench.

Install PHP

Nginx is slightly different to Apache, which comes with PHP support out of the box, for Nginx there is a few little bits we need to install or we aren't going anywhere. PHP-FPM and PHP-MYSQL

sudo apt install php-fpm php-mysql

Accept any prompts that come up, and that's it for your LEMP environment, You can find NGNIX configs online which you need to put into your /etc/nginx/sites-available/ i'm going to write a post on the configs themselves at some point as its a big subject.

for the examples im going to use a mikej directory as the example for the next bit.

Certbot

Certbot is great as it works for both Nginx and Apache, how i hadnt heard of it before this week il never know. simply head over to Cerbot Installation page and pick the OS you're using for installation instructions. in my instance its Ubuntu 20.04. then run the commands from the guide. Mine were:

sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

sudo certbot --nginx

the final command will pop up with some questions like below:

so in the prompt i'm going to type 5,6 for mikej.rocks and www.mikej.rocks and hit enter. if your doing more than one site it make take a short while to finish but what its essentially doing is... calling for a new cert from LetsEncrypt and editing your Nginx config file... yep that's right you don't have to do a thing! When it finishes you should see the following:

And that's it.... if you visit your site now, it will have an SSL Certificate installed and just work!.

Final word!

If you found this tutorial helpful please consider following me on twitter @skino2020 for more updates on my blog. And if you really found it helpful, why not buy me a Coffee, Beer or Pizza here

Mike