Preparation
Install ubuntu 16.04 server version
Step 1: Install nginx server
1, nginx It is an advanced, resource-optimized web server program used to display web pages to visitors on the Internet. We start with the installation of the nginx server and use the apt command to obtain the nginx program from the official software repository of ubuntu.
$ sudo apt-get install nginx
Install nginx on ubuntu 16.04
2. Then enter the netstat and systemctl commands to confirm that the nginx process has been started and bound to port 80.
$ netstat -tlpn
Check nginx network port connection
$ sudo systemctl status nginx.service
Check nginx service status
When you confirm that the service process has been started, you can open a browser, use the http protocol to access your server IP address or domain name, and browse the default web page of nginx.
http://ip-address
Step 2: Enable nginx http/2.0 protocol
3. Support for http/2.0 protocol is included by default in the latest release of nginx on ubuntu 16.04 Binary is included, it only connects via ssl and promises a huge improvement in loading web pages.
To enable this protocol of nginx, first find the website configuration file provided by nginx and enter the following command to back up the configuration file.
$ cd /etc/nginx/sites-available/ $ sudo mv default default.backup
Back up nginx website configuration file
4. Then, use a text editor to create a new default file and enter the following content:
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
root /var/www/html;
index index.html index.htm index.php;
server_name 192.168.1.13;
location / {
try_files $uri $uri/ =404;
}
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_protocols tlsv1 tlsv1.1 tlsv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers eecdh+chacha20:eecdh+aes128:rsa+aes128:eecdh+aes256:rsa+aes256:eecdh+3des:rsa+3des:!md5;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_session_cache shared:ssl:20m;
ssl_session_timeout 180m;
resolver 8.8.8.8 8.8.4.4;
add_header strict-transport-security "max-age=31536000;
#includesubdomains" always;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 80;
listen [::]:80;
server_name 192.168.1.13;
return 301 https://$server_name$request_uri;
}
Enable nginx http 2 protocol
The above configuration snippet adds the http2 parameter to all ssl listening instructions to enable http/2.0.
The last section added to the server configuration above is used to redirect all non-ssl traffic to the ssl/tls default host. Then replace the server_name option with your host's IP address or DNS record (preferably the fqdn name).
5. After you follow the above steps to edit the default configuration file of nginx, use the following commands to generate and view the SSL certificate and key.
Use your custom settings to complete the certificate production. Note that the common name is set to match your dns fqdn record or server ip address.
$ sudo mkdir /etc/nginx/ssl $ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt $ ls /etc/nginx/ssl/
Generate nginx ssl certificate and key
6. Use a strong dh encryption algorithm by entering the following command, which will modify the previous configuration file ssl_dhparam configuration document.
$ sudo openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
Create diffie-hellman key
7. After the diffie-hellman key is generated, verify whether the nginx configuration file is correct and whether it can be served by the nginx network program application. Then run the following command to restart the daemon and observe any changes.
$ sudo nginx -t $ sudo systemctl restart nginx.service
Check nginx configuration
8. Type the following command to test that nginx uses the http/2.0 protocol. If you see h2 in the protocol, it means that nginx has been successfully configured to use the http/2.0 protocol. All latest browsers support this protocol by default.
$ openssl s_client -connect localhost:443 -nextprotoneg ''
Test the nginx http 2.0 protocol
Step 3: Install the php 7 interpreter
With the assistance of the fastcgi process management program, nginx can generate dynamic web content using the PHP dynamic language interpreter. fastcgi can be obtained by installing the php-fpm binary package from the ubuntu official repository.
9. Enter the following command in your server console to obtain php7.0 and the extension package, which allows php to communicate with the nginx network service process.
$ sudo apt install php7.0 php7.0-fpm
Install php 7 and php-fpm
10. After the php7.0 interpreter is successfully installed, enter the following command to start or check the php7.0-fpm daemon Process:
$ sudo systemctl start php7.0-fpm $ sudo systemctl status php7.0-fpm
开启、验证 php-fpm 服务
11、 当前的 nginx 配置文件已经配置了使用 php fpm 来提供动态内容。
下面给出的这部分服务器配置让 nginx 能够使用 php 解释器,所以不需要对 nginx 配置文件作别的修改。
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}下面是的截图是 nginx 默认配置文件的内容。你可能需要对其中的代码进行修改或者取消注释。
启用 php fastcgi
12、 要测试启用了 php-fpm 的 nginx 服务器,用下面的命令创建一个 php 测试配置文件 info.php。接着用 http://ip_or domain/info.php 这个网址来查看配置。
$ sudo su -c 'echo "<?php phpinfo(); ?>" |tee /var/www/html/info.php'
创建 php info 文件
检查 php fastcgi 的信息
检查服务器是否宣告支持 http/2.0 协议,定位到 php 变量区域中的 $_server[‘server_protocol'] 就像下面这张截图一样。
检查 http2.0 协议信息
13、 为了安装其它的 php7.0 模块,使用 apt search php7.0 命令查找 php 的模块然后安装。
如果你想要 安装 wordpress 或者别的 cms,需要安装以下的 php 模块,这些模块迟早有用。
$ sudo apt install php7.0-mcrypt php7.0-mbstring
安装 php 7 模块
14、 要注册这些额外的 php 模块,输入下面的命令重启 php-fpm 守护进程。
$ sudo systemctl restart php7.0-fpm.service
第 4 步:安装 mariadb 数据库
15、 最后,我们需要 mariadb 数据库来存储、管理网站数据,才算完成 lemp 的搭建。
运行下面的命令安装 mariadb 数据库管理系统,重启 php-fpm 服务以便使用 mysql 模块与数据库通信。
$ sudo apt install mariadb-server mariadb-client php7.0-mysql $ sudo systemctl restart php7.0-fpm.service
安装 mariadb
16、 为了安全加固 mariadb,运行来自 ubuntu 软件仓库中的二进制包提供的安全脚本,这会询问你设置一个 root 密码,移除匿名用户,禁用 root 用户远程登录,移除测试数据库。
输入下面的命令运行脚本,并且确认所有的选择。参照下面的截图。
$ sudo mysql_secure_installation
mariadb 的安全安装
17、 配置 mariadb 以便普通用户能够不使用系统的 sudo 权限来访问数据库。用 root 用户权限打开 mysql 命令行界面,运行下面的命令:
$ sudo mysql mariadb> use mysql; mariadb> update user set plugin='‘ where user='root'; mariadb> flush privileges; mariadb> exit
mariadb 的用户权限
最后通过执行以下命令登录到 mariadb 数据库,就可以不需要 root 权限而执行任意数据库内的命令:
$ mysql -u root -p -e 'show databases'
查看 mariadb 数据库
The above is the detailed content of How to install LEMP environment for Nginx server in Ubuntu. For more information, please follow other related articles on the PHP Chinese website!
The Advantages of NGINX: Speed, Efficiency, and ControlMay 12, 2025 am 12:13 AMThe reason why NGINX is popular is its advantages in speed, efficiency and control. 1) Speed: Adopt asynchronous and non-blocking processing, supports high concurrent connections, and has strong static file service capabilities. 2) Efficiency: Low memory usage and powerful load balancing function. 3) Control: Through flexible configuration file management behavior, modular design facilitates expansion.
NGINX vs. Apache: Community, Support, and ResourcesMay 11, 2025 am 12:19 AMThe differences between NGINX and Apache in terms of community, support and resources are as follows: 1. Although the NGINX community is small, it is active and professional, and official support provides advanced features and professional services through NGINXPlus. 2.Apache has a huge and active community, and official support is mainly provided through rich documentation and community resources.
NGINX Unit: An Introduction to the Application ServerMay 10, 2025 am 12:17 AMNGINXUnit is an open source application server that supports a variety of programming languages and frameworks, such as Python, PHP, Java, Go, etc. 1. It supports dynamic configuration and can adjust application configuration without restarting the server. 2.NGINXUnit supports multi-language applications, simplifying the management of multi-language environments. 3. With configuration files, you can easily deploy and manage applications, such as running Python and PHP applications. 4. It also supports advanced configurations such as routing and load balancing to help manage and scale applications.
Using NGINX: Optimizing Website Performance and ReliabilityMay 09, 2025 am 12:19 AMNGINX can improve website performance and reliability by: 1. Process static content as a web server; 2. forward requests as a reverse proxy server; 3. allocate requests as a load balancer; 4. Reduce backend pressure as a cache server. NGINX can significantly improve website performance through configuration optimizations such as enabling Gzip compression and adjusting connection pooling.
NGINX's Purpose: Serving Web Content and MoreMay 08, 2025 am 12:07 AMNGINXserveswebcontentandactsasareverseproxy,loadbalancer,andmore.1)ItefficientlyservesstaticcontentlikeHTMLandimages.2)Itfunctionsasareverseproxyandloadbalancer,distributingtrafficacrossservers.3)NGINXenhancesperformancethroughcaching.4)Itofferssecur
NGINX Unit: Streamlining Application DeploymentMay 07, 2025 am 12:08 AMNGINXUnit simplifies application deployment with dynamic configuration and multilingual support. 1) Dynamic configuration can be modified without restarting the server. 2) Supports multiple programming languages, such as Python, PHP, and Java. 3) Adopt asynchronous non-blocking I/O model to improve high concurrency processing performance.
NGINX's Impact: Web Servers and BeyondMay 06, 2025 am 12:05 AMNGINX initially solved the C10K problem and has now developed into an all-rounder who handles load balancing, reverse proxying and API gateways. 1) It is well-known for event-driven and non-blocking architectures and is suitable for high concurrency. 2) NGINX can be used as an HTTP and reverse proxy server, supporting IMAP/POP3. 3) Its working principle is based on event-driven and asynchronous I/O models, improving performance. 4) Basic usage includes configuring virtual hosts and load balancing, and advanced usage involves complex load balancing and caching strategies. 5) Common errors include configuration syntax errors and permission issues, and debugging skills include using nginx-t command and stub_status module. 6) Performance optimization suggestions include adjusting worker parameters, using gzip compression and
Nginx Troubleshooting: Diagnosing and Resolving Common ErrorsMay 05, 2025 am 12:09 AMDiagnosis and solutions for common errors of Nginx include: 1. View log files, 2. Adjust configuration files, 3. Optimize performance. By analyzing logs, adjusting timeout settings and optimizing cache and load balancing, errors such as 404, 502, 504 can be effectively resolved to improve website stability and performance.
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Dreamweaver Mac version
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function
MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
