lemp_ubuntu20 - ryzom/ryzomcore GitHub Wiki
title: LEMP for Ubuntu 20.04 LTS description: published: true date: 2023-03-01T05:15:22.046Z tags: editor: markdown dateCreated: 2021-09-27T12:42:59.687Z
- https://www.tecmint.com/install-nginx-mariadb-php-in-ubuntu-18-04/
- https://itsyndicate.org/blog/install-letsencrypt-on-ubuntu-16-04-and-ubuntu-18-04/
- https://bjornjohansen.no/redirect-to-https-with-nginx
- https://www.digitalocean.com/community/tutorials/understanding-nginx-server-and-location-block-selection-algorithms
- https://medium.com/@haotangio/how-to-properly-setup-mysql-5-7-for-production-on-ubuntu-16-04-dd4088286016
sudo aptitude install mariadb-server mariadb-client
sudo systemctl status mysql
sudo mysql_secure_installation
Y to all questions.
Update /etc/mysql/my.cnf to use utf8mb4. Add the following to the end of the configuration file.
[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4
[mysqld]
character-set-client-handshake = FALSE
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci
sudo /etc/init.d/mysql restart
To create a development user with full privileges. (Do NOT do this in production!)
sudo mysql -u root -p
CREATE USER 'me'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'me'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT
To allow remote connections, append this to the configuration.
sudo nano /etc/mysql/my.cnf
[mysqld]
skip-networking=0
skip-bind-address
sudo /etc/init.d/mysql restart
And configure a user for your remote IP through phpMyAdmin, once it's installed.
sudo aptitude install nginx
sudo systemctl status nginx
Generate a self signed certificate for development
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
Let's Encrypt! Generate a certificate for a domain
sudo aptitude install letsencrypt
Set default configuration to handle Let's Encrypt and redirect to HTTPS Use self signed certificate for non-domain
sudo mkdir -p /var/www/letsencrypt
sudo nano /etc/nginx/sites-available/default
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
location ~ /\.well-known/acme-challenge/ {
allow all;
root /var/www/letsencrypt;
try_files $uri =404;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
# listen 80 default_server;
# listen [::]:80 default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
# pass PHP scripts to FastCGI server
#location ~ \.php$ {
# include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
# fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
sudo nginx -t
sudo service nginx reload
sudo letsencrypt certonly -a webroot --webroot-path=/var/www/letsencrypt -m [email protected] --agree-tos -d example.com
sudo mkdir -p /var/www/example.com
sudo nano /etc/nginx/sites-available/default
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /var/www/example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
index index.html;
server_name example.com;
location / {
try_files $uri $uri/ =404;
}
}
sudo nginx -t
sudo service nginx reload
Set up automatic certificate renewal.
sudo nano /etc/letsencrypt/renewal-hooks/post/reload-services.sh
#!/bin/sh
service nginx reload
sudo chmod 750 /etc/letsencrypt/renewal-hooks/post/reload-services.sh
sudo aptitude install php-fpm php-common php-mysql php-gd php-cli
sudo systemctl status php7.4-fpm
sudo nano /etc/nginx/sites-available/default
Settings individual to each virtual host
index index.html index.htm index.nginx-debian.html index.php;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
}
sudo nginx -t
sudo service nginx reload
echo "<?php phpinfo(); ?>" | sudo tee /var/www/html/info.php
sudo aptitude install phpmyadmin
No automatic web server install (tab, enter), automatic db config, automated password (blank), don't put your root password here since it will be stored plaintext.
May replace html in path with localhost or with the public domain, whichever is needed.
sudo ln -s /usr/share/phpmyadmin /var/www/html/phpmyadmin
sudo mysql -u root
CREATE USER 'user123'@localhost IDENTIFIED BY 'password123';
GRANT ALL PRIVILEGES ON *.* TO 'user123'@localhost;
GRANT GRANT OPTION ON *.* TO 'user123'@localhost;
FLUSH PRIVILEGES;
From your home folder.
sudo apt install bindfs
mkdir www
sudo nano /etc/fstab
Add the following to the end, replace user123.
bindfs#/var/www /home/user123/www fuse force-user=user123,force-group=user123,create-for-user=www-data,create-for-group=www-data,chgrp-ignore,chown-ignore,x-systemd.requires=/home,nofail 0 0
Reboot.