lemp_ubuntu18 - ryzom/ryzomcore GitHub Wiki
title: LEMP description: published: true date: 2023-03-01T04:56:41.817Z tags: editor: markdown dateCreated: 2019-11-24T12:10:10.319Z
- https://www.tecmint.com/install-nginx-mariadb-php-in-ubuntu-18-04/
- https://itsyndicate.org/blog/install-letsencrypt-on-ubuntu-16-04-and-ubuntu-18-04/
- https://bjornjohansen.no/redirect-to-https-with-nginx
- https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms
- https://medium.com/@haotangio/how-to-properly-setup-mysql-5-7-for-production-on-ubuntu-16-04-dd4088286016
sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] http://mirrors.digitalocean.com/mariadb/repo/10.3/ubuntu bionic main'
sudo aptitude install mariadb-server mariadb-client
sudo systemctl status mysql
sudo mysql_secure_installation
Y to all questions.
Update /etc/my.cnf to use utf8mb4.
[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4
[mysqld]
character-set-client-handshake = FALSE
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
sudo /etc/init.d/mysql restart
To create a development user with full privileges.
sudo mysql -u root -p
CREATE USER 'me'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'me'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT
To allow remote connections.
sudo nano /etc/mysql/my.cnf
bind-address = 0.0.0.0
sudo /etc/init.d/mysql restart
And configure a user for your remote IP.
sudo aptitude install nginx
sudo systemctl status nginx
Generate a self signed certificate for development
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
Let's Encrypt! Generate a certificate for a domain
sudo aptitude install letsencrypt
Set default configuration to handle Let's Encrypt and redirect to HTTPS Use self signed certificate for non-domain
sudo mkdir -p /var/www/letsencrypt
sudo nano /etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
location ~ /\.well-known/acme-challenge/ {
allow all;
root /var/www/letsencrypt;
try_files $uri =404;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
# listen 80 default_server;
# listen [::]:80 default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl on;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
sudo nginx -t
sudo service nginx reload
sudo letsencrypt certonly -a webroot --webroot-path=/var/www/letsencrypt -m [email protected] --agree-tos -d example.com
sudo mkdir -p /var/www/example.com
sudo nano /etc/nginx/sites-available/default
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /var/www/example.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
index index.html;
server_name example.com;
location / {
try_files $uri $uri/ =404;
}
}
sudo nginx -t
sudo service nginx reload
Set up automatic certificate renewal.
sudo nano /etc/letsencrypt/renewal-hooks/post/reload-services.sh
#!/bin/sh
service nginx reload
sudo chmod 750 /etc/letsencrypt/renewal-hooks/post/reload-services.sh
sudo aptitude install php-fpm php-common php-mysql php-gd php-cli
sudo systemctl status php7.2-fpm
sudo nano /etc/nginx/sites-available/default
Settings individual to each virtual host
index index.html index.htm index.nginx-debian.html index.php;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
sudo nginx -t
sudo service nginx reload
echo "<?php phpinfo(); ?>" | sudo tee /var/www/html/info.php
sudo aptitude install phpmyadmin
No automatic install (tab, enter), automated password, don't put your root password here since it will be stored plaintext.
https://mirzmaster.wordpress.com/2009/01/16/mysql-access-denied-for-user-debian-sys-maintlocalhost/
May replace html in path with localhost or with the public domain, whichever is needed.
sudo ln -s /usr/share/phpmyadmin /var/www/html/phpmyadmin
Edit file '/usr/share/phpmyadmin/libraries/sql.lib.php'
Replace: (count($analyzed_sql_results['select_expr'] == 1)
With: ((count($analyzed_sql_results['select_expr']) == 1)