Share this page:

Set up a LEMP server

A LEMP server consists of Linux Nginx, MySQL PHP. This is an alternative to the LAMP server which is built around Apache. Nginx has performance advantages, and uses less memory than Apache.

Nginx handles requests for static files like HTML and Javascript files, but it doesn't have a built-in method for handling requests for dynamic pages. For PHP based sites, Nginx must be used with the PHP FastCGI Process Manager (PHP FPM). Nginx passes requests for PHP pages to the PHP FPM process which executes the necessary PHP code and passes the resulting output back to the Nginx. Nginx then delivers the response to the client.

PHP APC is used to speed up the execution of PHP scripts. When PHP code is executed, it is usually compiled on the fly into byte code. PHP APC caches the byte code so that the next time the same PHP code is executed, it has been pre-compiled.

PHP scripts often use databases to store information. In a LEMP stack, it's common to use MySQL. 

Install the software

First, make sure your server is up to date by installing updates:

sudo apt-get update
sudo apt-get upgrade

Install the following packages:

sudo apt-get install nginx php5 php-apc php5-fpm php5-mysql mysql-server mysql-client

This command installs the MySQL client and server.  The client doesn't have to be installed, but it's useful during development.

When the MySQL server is installed, you will be prompted to enter a password for the root user account. You need to enter it a second time to confirm the password. Make a note of the password as you'll need it later when you connect to the server.

On some ditributions, Nginx doesn't start automatically when it's installed, so you need to start it with this command:

sudo service nginx start

Check that Nginx is working by opening a web browser and visiting your server's IP address. You should see this page:

Welcome to Nginx


Enable PHP

The Nginx virtual host file needs to be modified to enable support for PHP. Open /etc/nginx/sites-available/default in nano:

sudo nano /etc/nginx/sites-available/default

Look for the index directive, and add index.php:

    index index.php index.html index.htm;

Next, look for the location that manages requests for PHP page. By default it is commented out. 

    #location ~ \.php$ {
    #    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #    # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
    #    # With php5-cgi alone:
    #    fastcgi_pass;
    #    # With php5-fpm:
    #    fastcgi_pass unix:/var/run/php5-fpm.sock;
    #    fastcgi_index index.php;
    #    include fastcgi_params;

This location needs to be un-commented, and one of the fastcgi_pass directives needs to be deleted. If PHP FPM is installed, the first fastcgi_pass should be deleted. The PHP location should now look like this:

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;

        # With php5-fpm:
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;

Type control-o and press return to save the file, and type control-x to exit nano. Restart Nginx:

sudo service nginx restart

Test that PHP is working. Create a simple PHP test file:

sudo nano /usr/share/nginx/www/test.php

Enter this text, and save the file:

<?php phpinfo(); ?>

Type control-o and press return to save the file, and type control-x to exit nano. Now visit the new page in your web browser by visiting http://server IP address/test.php.  In my case this is You should see a page like this:

PHP test data served by Nginx

Secure the database

There are some adjustments that can be made to the MySQL server to make it more secure. The mysql_secure_installation utility will guide you through these steps, by asking a series of questions. The first one is whether you want to change the root password - answer no because a root password is already set.  Answer yes to all the other questions:

$ sudo mysql_secure_installation


In order toa log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] n
 ... skipping.

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
ERROR 1008 (HY000) at line 1: Can't drop database 'test'; database doesn't exist
 ... Failed!  Not critical, keep moving...
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

Your LEMP server is now up and running.  You can use it to develop PHP applications or run a PHP CMS like Wordpress.


More from this category: