LEMP - nbspou/scripts GitHub Wiki

Ubuntu 18.04 LTS

References

• https://www.tecmint.com/install-nginx-mariadb-php-in-ubuntu-18-04/
• https://itsyndicate.org/blog/install-letsencrypt-on-ubuntu-16-04-and-ubuntu-18-04/
• https://bjornjohansen.no/redirect-to-https-with-nginx
• https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms

MariaDB

sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] http://mirrors.digitalocean.com/mariadb/repo/10.3/ubuntu bionic main'

sudo aptitude install mariadb-server mariadb-client
sudo systemctl status mysql
sudo mysql_secure_installation

Y to all questions.

To create a development user with full privileges.

sudo mysql -u root -p

CREATE USER 'me'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'me'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT

Nginx

sudo aptitude install nginx
sudo systemctl status nginx

Generate a self signed certificate for development

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt

Let's Encrypt! Generate a certificate for a domain On Ubunut 18 LTS, use certbot ppa, 18 and higher don't

sudo add-apt-repository ppa:certbot/certbot
sudo aptitude update

sudo aptitude install letsencrypt

Set default configuration to handle Let's Encrypt and redirect to HTTPS Use self signed certificate for non-domain

sudo mkdir -p /var/www/letsencrypt
sudo nano /etc/nginx/sites-available/default

server {
	listen 80 default_server;
	listen [::]:80 default_server;

	server_name _;

	location ~ /\.well-known/acme-challenge/ {
		allow all;
		root /var/www/letsencrypt;
		try_files $uri =404;
	}

	location / {
		# Enable the following line only if you want to enforce HSTS on your entire domain
		# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
		return 301 https://$host$request_uri;
	}
}

server {
	# listen 80 default_server;
	# listen [::]:80 default_server;

	listen 443 ssl http2 default_server;
	listen [::]:443 ssl http2 default_server;
	
	ssl on;
	ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
	ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

	root /var/www/html;

	# Add index.php to the list if you are using PHP
	index index.html index.htm index.nginx-debian.html;

	server_name _;

	location / {
		# First attempt to serve request as file, then
		# as directory, then fall back to displaying a 404.
		try_files $uri $uri/ =404;
	}

	# pass PHP scripts to FastCGI server
	#location ~ \.php$ {
	#	include snippets/fastcgi-php.conf;
	#
	#	# With php-fpm (or other unix sockets):
	#	fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
	#}

	# deny access to .htaccess files, if Apache's document root
	# concurs with nginx's one
	#
	#location ~ /\.ht {
	#	deny all;
	#}
}

sudo nginx -t
sudo service nginx reload

sudo letsencrypt certonly -a webroot --webroot-path=/var/www/letsencrypt -m [email protected] --agree-tos -d example.com

sudo mkdir -p /var/www/example.com
sudo nano /etc/nginx/sites-available/default

server {
	listen 443 ssl http2;
	listen [::]:443 ssl http2;

	root /var/www/example.com;
	
	ssl on;
	ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

	index index.html;
	
	server_name example.com;
	
	location / {
		try_files $uri $uri/ =404;
	}
}

sudo nginx -t
sudo service nginx reload

Set up automatic certificate renewal, append ; /etc/init.d/nginx reload to the cron configuration.

sudo nano /etc/cron.d/certbot

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew; /etc/init.d/nginx reload

Set up automatic certificate renewal.

sudo nano /etc/letsencrypt/renewal-hooks/post/reload-services.sh

#!/bin/sh
service nginx reload

sudo chmod 750 /etc/letsencrypt/renewal-hooks/post/reload-services.sh

PHP

sudo aptitude install php-fpm php-common php-mysql php-gd php-cli
sudo systemctl status php7.2-fpm
sudo nano /etc/nginx/sites-available/default

Settings individual to each virtual host

	index index.html index.htm index.nginx-debian.html index.php;

	location ~ \.php$ {
		include snippets/fastcgi-php.conf;
		fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
	}

sudo nginx -t
sudo service nginx reload

echo "<?php phpinfo(); ?>" | sudo tee /var/www/html/info.php

phpMyAdmin

sudo aptitude install phpmyadmin

No automatic install (tab, enter), automated password, don't put your root password here since it will be stored plaintext.

https://mirzmaster.wordpress.com/2009/01/16/mysql-access-denied-for-user-debian-sys-maintlocalhost/

May replace html in path with localhost or with the public domain, whichever is needed.

sudo ln -s  /usr/share/phpmyadmin /var/www/html/phpmyadmin

https://stackoverflow.com/questions/48001569/phpmyadmin-count-parameter-must-be-an-array-or-an-object-that-implements-co

Edit file '/usr/share/phpmyadmin/libraries/sql.lib.php'

Replace: (count($analyzed_sql_results['select_expr'] == 1)

With: ((count($analyzed_sql_results['select_expr']) == 1)