Installing WordPress with LEMP and MariaDB on Ubuntu

To install WordPress with LEMP and MariaDB on Ubuntu, you will set up a WordPress MariaDB database, install the required PHP packages, download WordPress, configure the web server and MariaDB database, and then complete the installation through the WordPress web interface.

Note

If you want to skip all the technical steps of setting up WordPress on your server and have it installed in minutes, then I have some great news for you! Our team of engineers has prepared a ready-to-use 1-click WordPress application for your convenience. Just choose a server, and while prompted to choose the operating system, choose WordPress from the dropdown menu. This will set up WordPress in minutes!

Prerequisites for Installing WordPress with LEMP and MariaDB

To install WordPress with the LEMP stack and MariaDB database, you need the following:

• An Ubuntu 24.04 server. We offer the globe's absolute lowest cost Ubuntu servers!
• Root access to your server or a sudo user. Check out our How to access your server using SSH guide to learn how to access your server and create a sudo user.
• The LEMP stack installed on your server. Use our Installing LEMP on Ubuntu 22.04 LTS guide to set it up. Or you can use our LEMP 1-Click Application to get started in minutes! Just choose a server, and while prompted to choose the operating system, choose LEMP from the dropdown menu.

Step 1 - Updating the Package Cache

Before you install WordPress with LEMP and MariaDB, you need to update your Ubuntu packages in the package manager cache to the latest available versions using the following command:

sudo apt update

Step 2 - Creating a WordPress MariaDB Database and User

WordPress needs a MySQL database to store your site's data, such as user information, posts, pages, etc. In this tutorial we'll use MariaDB, which is a compatible drop-in replacement for MySQL but with more features.

To create a MySQL/MariaDB database, use the mysql client to connect to MariaDB and access its command line interface with the following command:

sudo mysql

If you get an error that contains Access denied for user 'root', this means that the default authentication method has changed, and connecting to MariaDB requires a password for the root account. To solve this issue, use the following command to connect to MariaDB using the root user and a password:

mysql -u root -p

You'll be asked for your MySQL root password, enter it and then press Enter.

Note: If you've installed the LEMP stack using our 1-Click App, you'll find your MySQL root password in the App Details widget on your SSDNodes Dashboard. As demonstrated in the following image:

You should get a prompt similar to the following:

Now you can create a database for WordPress. We'll name the database wordpress, but feel free to use your site's name, or any other name you would like, just make sure to remember it. Use the following MySQL statement to create a database named wordpress:

CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;

This creates a database called wordpress with UTF-8 as a character set, which supports all alphabets and languages.

If you receive an error upon entering the preceding command, make sure you've typed it in correctly, and that you end it with a semicolon (;).

Next, you'll need to create a MariaDB user account that will manage this wordpress database. Only this one account can interact with the site's database, which is a good security best practice. For this new user, we'll use the name wp_user, but again, feel free to use another name of your choice.

To create a new MariaDB user account, use the following statement in the MariaDB command line interface. Remember to replace password with a strong password for your user account, or you might wake up some day to the news of your WordPress website transforming into an abnormal nightmare:

CREATE USER 'wp_user'@'localhost' IDENTIFIED BY 'password';

Now, you'll need to give all access permissions to the user account that will manage your wordpress database:

GRANT ALL ON wordpress.* TO 'wp_user'@'localhost';

Here, you use the GRANT ALL statement to grant all privileges on the wordpress database to your wp_user user.

Refresh the privileges for the preceding command to take effect and apply the permission changes to the database server:

FLUSH PRIVILEGES;

Exit out of the MariaDB command line interface and return to the regular Linux shell with the following command:

EXIT;

With this, you have a MariaDB database and a MariaDB user account that can be used by your WordPress website to store data. Next, you'll install some important PHP packages that WordPress needs to function properly.

Step 3 - Installing Required PHP Extensions for WordPress

WordPress requires a few additional PHP packages to be installed, in addition to the PHP packages that were installed with the LEMP stack. In this step, you'll use the apt command to install the most important PHP extensions that WordPress uses.

Note: The PHP packages we'll install are required for basic WordPress usage, but many WordPress plugins that extend the basic functionalities of WordPress come with their own requirements, and may require additional PHP extension packages to be installed. Refer to the documentation of the specific plugin you want to install to find out its required packages and install them with apt using the method we'll demonstrate in this step.

To install the most important PHP extensions for WordPress, run the following command:

sudo apt install php-curl php-gd php-intl php-mbstring php-soap php-xml php-xmlrpc php-zip php-imagick

Here, you install the following packages:

• php-curl: Provides a CURL module for PHP. CURL is used in command lines and scripts to transfer data through URLs.
• php-gd: Provides a GD module for PHP. The GD library is a library that offers graphics drawing tools to manage image data.
• php-intl: Provides an Internationalisation module for PHP.
• php-mbstring: A package that provides the MBSTRING module for PHP, which is used to manage non-ASCII strings.
• php-soap: Provides the SOAP module for PHP. SOAP is an API architecture that uses the XML language to transfer data between software. Although it has been replaced by the more flexible REST architecture in most web services, SOAP is still used by some companies.
• php-xml: A package that provides a DOM, SimpleXML, WDDX, XML, and XSL module for PHP.
• php-xmlrpc: Provides a XMLRPC-EPI module for PHP. XML-RPC is a feature of WordPress that enables data to be transmitted via HTTP using XML for encoding.
• php-zip: Provides a Zip module for PHP. Zip is a tool that is used to archive and compress files.
• php-imagick: Imagick is a native php extension to create and modify images using the ImageMagick API.

Once the installation is complete, restart the php-fpm process for it to use the newly installed PHP extensions:

sudo systemctl restart php8.1-fpm.service

Note: You may have another version of php-fpm installed on your system, so you might have to change 8.1 in the preceding command with your version of PHP. To check your php-fpm version, use the following command:

sudo systemctl status php* | grep fpm.service

You should receive the full name and version of your php-fpm service:

With this, the required PHP extensions are now installed. Next, you'll configure Nginx to serve WordPress.

Step 4 - Configuring Nginx to Serve WordPress

Now that our WordPress database and the PHP extensions are ready, we'll configure the Nginx web server to serve the pages and posts of our website. We'll create a new root web directory for WordPress files, and use a new Nginx configuration file made specifically for the website.

First check Nginx’s status with the following command:

sudo systemctl status nginx

The output should show that the Nginx service is enabled and running:

By default, Nginx is configured to serve files out of a root web directory located at /var/www/html. This default configuration is suitable for small single-site web servers. However, hosting multiple sites using this method will quickly become unmanageable and cumbersome. Instead, it is best to create a root web directory for each site you’d like to host on your web server. In this tutorial, we will create a root web directory for our WordPress website located at /var/www/wordpress. Again, feel free to use your site's name or some other name instead of wordpress for this root web directory, just remember to use the correct path in your Nginx configuration.

Use the following command to create a root web directory for your WordPress site, replacing wordpress with your site’s name if you want:

sudo mkdir /var/www/wordpress

Next, open a new configuration file in Nginx’s sites-available directory, which is a directory that contains configuration for each of your sites. Again, make sure to replace wordpress with your name of choice:

sudo nano /etc/nginx/sites-available/wordpress

Paste into it the following:

server {
    listen 80;
    listen [::]:80;
    server_name <domain_name_or_IP>;
    access_log off;
    location / {
        rewrite ^ https://$host$request_uri? permanent;
    }
}

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name <domain_name_or_IP>;
    root /var/www/wordpress;
    index index.php index.html index.htm index.nginx-debian.html;
    autoindex off;
    ssl_certificate /etc/ssl/certs/lemp.pem;
    ssl_certificate_key /etc/ssl/private/lemp.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location ~ \.php$ {
         include snippets/fastcgi-php.conf;
         fastcgi_pass unix:/var/run/php/php-fpm.sock;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         include fastcgi_params;
    }

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }
    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt { log_not_found off; access_log off; allow all; }
    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
        expires max;
        log_not_found off;
    }
}

Here, you have two server blocks representing configuration for two ports: port 80 which serves HTTP requests, and port 443 that serves HTTPS requests.

Notice that, in the HTTP configuration, you use the rewrite directive in the location block to redirect HTTP requests to HTTPS.

In the preceding configuration file, you set up the following:

• listen: The port number Nginx will listen on. Here, you set its value to 80 in the HTTP server block, which is the port number assigned to HTTP. And you set it to 443 in the HTTPS server block, which is the port number for HTTPS.
• server_name: The domain names or IP addresses these two server block configurations should respond for. Make sure to replace `` with your domain name or IP address.
• access_log: Configures Nginx access logs, the special value off cancels all access_log directives on the current level.
• root: The root web directory, also known as the document root, that stores the files served by your website. Here, you set its value to /var/www/wordpress, which is the root web directory we created earlier, so make sure to set the proper value in your case.
• index: The order in which Nginx will prioritize index files for your website.
• autoindex: Configures Nginx auto indexing to enable or disable the ability to browse your files from the web browser. We set it to off to disable auto indexing.
• ssl_certificate: The SSL certificate file path. See Secure Your Site Using HTTPS for more information.
• ssl_certificate_key: The path of your SSL certificate's private key file.
• ssl_protocols: The protocols that will be used by SSL.
• ssl_ciphers: The ciphers that will be used by SSL.
• location ~ \.php$: A location block that handles PHP processing. It tells Nginx to handle any HTTP request with a URL that ends with .php with the directives included in this location block. This effectively points Nginx to the fastcgi-php.conf configuration file and the php-fpm.sock file, which declares the socket that is associated with php-fpm.
• location /: The main location block, which includes a try_files directive, and it allows Nginx to route HTTP requests to the WordPress index.php file.
• location = /favicon.ico: A location block for requests to /favicon.ico. Which you configure to disable logging for the favicon.ico file.
• location = /robots.txt: A location block for requests to /robots.txt. Which you configure to disable logging for the /robots.txt file.
• location ~* \.(css|gif|ico|jpeg|jpg|js|png)$: A location block to configure static files to be cached with the maximum value, which sets the browser cache expiration time in the far future. This is important because these static files are expensive resources to serve.

Next, you'll need to activate this Nginx server block configuration by linking your wordpress configuration file to the configuration file in Nginx’s sites-enabled directory using the following command:

sudo ln -s /etc/nginx/sites-available/wordpress /etc/nginx/sites-enabled

To check that your configuration file has been properly linked to Nginx’s sites-enabled directory, run the following command:

sudo ls -l /etc/nginx/sites-enabled

You should receive an output that’s similar to the following:

total 0
lrwxrwxrwx 1 root root 34 Aug 13 14:06 default -> /etc/nginx/sites-available/default
lrwxrwxrwx 1 root root 36 Aug 14 10:17 wordpress -> /etc/nginx/sites-available/wordpress

Here, you can see that your /etc/nginx/sites-available/wordpress configuration file has been successfully linked.

Next, unlink the default Nginx configuration from the /sites-enabled/ directory. This forces Nginx to use your wordpress configuration instead of the default configuration:

sudo unlink /etc/nginx/sites-enabled/default

To check that the default Nginx configuration has been properly unlinked from the sites-enabled directory, run the following command:

sudo ls -l /etc/nginx/sites-enabled

You should receive an output that’s similar to the following:

total 0
lrwxrwxrwx 1 root root 36 Aug 14 10:17 wordpress -> /etc/nginx/sites-available/wordpress

Here, you can see that the default configuration symlink is no longer in the sites-enabled directory, which means that it has been successfully unlinked.

Next, test your configuration’s syntax using the following command:

sudo nginx -t

You should receive an output that’s similar to the following:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

This output shows that there are no errors in the configuration file.

If you receive any errors, review your configuration file and make sure you’ve set your directives and values properly.

Next, reload Nginx for the changes you’ve made to take effect by running the following command:

sudo systemctl reload nginx

You now have Nginx configured to serve files from the /var/www/wordpress root web directory. Let's test the configuration using a test HTML file:

sudo nano /var/www/wordpress/test.html

Add the following HTML code to it:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Wordpress on LEMP Test Page</title>
</head>
<body>
    <h1>Test Page for WordPress Nginx Configuration</h1>
</body>
</html>

Save and close the file.

Use your browser to navigate to this test.html file:

https://<domain_name_or_IP>/test.html

As always, replace <domain_name_or_IP> with your domain name or IP address.

If you haven't set up an SSL certificate from a Certificate Authority like Let's Encrypt, you will receive a "Not Secure" error informing you that the connection to your server is not secure. This error message is normal because your website is encrypted and secured with a self-signed certificate, and the browser does not recognize it since your server is not one of its known certificate authorities.

Click the Advanced button or More information depending on the browser, and choose to proceed. The following is an example of the error in the Google Chrome browser:

Once you proceed, you'll receive the message Test Page for WordPress Nginx Configuration. Which means that the Nginx configuration is correct.

To secure your WordPress website using a valid SSL certificate, check out the Creating and Installing a CA Certificate section of our Secure Your Site Using HTTPS with Self-Signed or CA SSL Certificates on Ubuntu article.

You now have Nginx configured and tested, and you can now download and install the WordPress files on your server and serve them with Nginx, which is what we'll do in the next step.

Step 5 - Downloading WordPress and Setting up its Configuration File

You've created a database for your WordPress site, installed the required PHP extensions, and configured Nginx. Now, you are ready to download WordPress files and set them up in your root web directory.

First go to your /tmp temporary directory, in which you'll download the WordPress release compressed in a tar.gz archive:

cd /tmp

Next, use wget to download the latest WordPress release using the following command:

wget https://wordpress.org/latest.tar.gz

Once the download finishes, use the tar command line tool to extract the package:

tar -xzvf latest.tar.gz

Check that a new wordpress folder is in your /tmp directory and display its contents with ls:

ls /tmp/wordpress

You should see a list of files. These files represent the source code of WordPress.

The WordPress documentation recommends that you rename the wp-config-sample.php sample configuration file into wp-config.php, which is the file name WordPress uses for configuration. Use the following command to copy the wp-config-sample.php file into a file called wp-config.php to be used by WordPress:

cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php

Next, copy the contents of this wordpress directory into your /var/www/wordpress root web directory using the following command:

sudo cp -a /tmp/wordpress/. /var/www/wordpress

Now check the contents of your /var/www/wordpress root web directory:

sudo ls -l /var/www/wordpress

You should receive an output similar to the following:

Nginx will need permissions to modify the /var/www/wordpress directory, so you'll need to assign its ownership to the www-data user and group, which is the user and group that Nginx uses. Run the following command to assign the root web directory to Nginx's user and group:

sudo chown -R www-data:www-data /var/www/wordpress

With this, WordPress code is in your root web directory, and Nginx has permission to modify it in order to serve and update it.

Configuring WordPress with MariaDB

Next, you'll need to set up some WordPress configurations for your site to function properly.

First, set up secret keys required for WordPress to enhance security. You can generate the required secret keys using an online service that WordPress provides. Use the following command to get random and secure secret keys from the WordPress API:

curl -s https://api.wordpress.org/secret-key/1.1/salt/

You'll get random values similar to the following:

You can copy the keys you get and paste them into your wp-config.php configuration file.

Note: Do not share your unique secret keys with anyone!

Copy the keys you receive and open the wp-config.php configuration file:

sudo nano /var/www/wordpress/wp-config.php

Find the following section:

define('AUTH_KEY',         'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');

And replace the values with your unique secret keys.

Next, configure WordPress to use the database you created earlier. Look for the following lines in your configuration file, and set the proper values to them:

define( 'DB_NAME', 'wordpress' );

/** MySQL database username */
define( 'DB_USER', 'wp_user' );

/** MySQL database password */
define( 'DB_PASSWORD', 'password' );

Here you set the following configuration values:

• DB_NAME: The database name you created in Step 2.
• DB_USER: The database user name.
• DB_PASSWORD: The database password.

Next, to allow Nginx to write files to your WordPress website, add the following line to wp-config.php. This forces WordPress to use direct file IO requests from within PHP. Make sure to add it before the line that instructs you to stop editing the configuration:

define( 'FS_METHOD', 'direct' );
/* That's all, stop editing! Happy publishing. */

Save and close the file.

You now have the required WordPress configuration. Next, we'll perform one last thing to finish up our WordPress installation journey, where you'll use the web interface that comes with WordPress to set up your website.

Step 6 - Finishing up Your WordPress & MariaDB Installation

You've created a MariaDB database, installed the required PHP extensions, configured the Nginx web server to serve your website, and configured your WordPress website through the wp-config.php file. It is now time to finish the installation through the WordPress web interface.

First, navigate to your website using your browser:

https://<domain_name_or_IP>/

You'll receive a web form asking you to choose your WordPress site's language:

Next, you'll be asked to set a title for your website, a user name, a password, your email address, and search engine visibility. Set your preferred values and click Install WordPress.

Note: For security reasons, it is recommended to choose a hard to guess username. Avoid using your first name or common names such as admin or administrator.

You'll be redirected to a page notifying you that the installation was successful, and asking you to login using the username and password you've set.

Logging in will take you to the WordPress dashboard:

Now visit your site with your web browser:

https://<domain_name_or_IP>/

Your website is now officially online!

Congrats

You now have your very own place on the Internet! You can use your WordPress website to create a blog, an online shop, or an online gallery to show your amazing art, or whatever else you'd like!

Explore the WordPress dashboard to learn more about what you can do. For example, go to Appearance > Themes to select a new theme for your website.

Important Note

What we’ve done in this article is suitable for testing purposes and personal use, whereas if you want to publish your site to production, and securely process your customers’ online transactions, we do suggest you check our Secure Your Site Using HTTPS with Self-Signed or CA SSL Certificates on Ubuntu blog article.

Reader Alert!

If you feel that the technical instructions in this tutorial are time-consuming, or beyond your expertise, you can choose a very convenient and practical solution, ready-made, fully and professionally tested, and developed by SSD Nodes (That is us ). Just visit our website, choose the server’s specifications that fit your needs, and while prompted to choose among the operating systems and the 1-Click Applications we have, choose WordPress from the dropdown menu, complete your checkout, and in a couple of minutes our algorithms will take care of all the technical aspects smoothly and effortlessly, just for you!

Bonus: All our 1-Click applications are now installed with an active HTTPS self-signed certificate!

Way more practical, smooth, and headacheless, isn’t it?

What is LEMP in Linux?

The LEMP (Linux, Nginx, MySQL, PHP) stack in Linux refers to a toolkit comprising of Linux as the operating system, Nginx (pronounced Engine-x) as the web server, MySQL (or MariaDB) as the database system, and PHP (or Perl/Python) as the scripting language. These components are commonly used for creating web applications.

What is a LEMP Stack Used for?

A LEMP stack is used for building and deploying dynamic PHP-based web applications. It combines Linux as the operating system, Nginx as the web server, MySQL for database management, and PHP (or Perl/Python) for server-side scripting. This stack offers a robust and efficient environment for developing scalable and high-performance web applications.

What Does LEMP Stack Stand for?

LEMP stands for "Linux, Nginx, MySQL, and PHP." Together, these software technologies can be used to create a fully-functional web application

• Linux is the most popular, secure and open source operating system used in web servers.
• Apache HTTP Server is a free and open-source web server that delivers web content through the internet.
• MySQL is a relational database engine that allows you to store data and manage it.
• PHP is a widely used open source and general purpose server side scripting language used mainly in web development to create dynamic websites and applications.

NOTE: In this tutorial, we’ll be using MariaDB— a backward compatible, drop-in replacement of the MySQL® Database Server. MariaDB was designed to maintain the same functionality while introducing new features and improvements.

Installing LEMP on Ubuntu 24.04

To install LEMP on Ubuntu 24.04, you'll first update the Ubuntu package index, then install the MariaDB database server and secure it, install Nginx, then install PHP and configure the Nginx web server to handle PHP processing.

Prerequisites for Installing LEMP on Ubuntu 24.04

• Familiarity with the Linux command line.
• An Ubuntu 24.04 server with a non-root user with sudo privileges. If you haven't noticed, we offer top-tier Ubuntu servers at the globe's best prices. Check out our offerings and get ready to be amazed .

Check out our How to access your server using SSH guide to learn how to access your server and create a sudo user.

Note

Want to skip these time-consuming technical steps? Our engineers have created a ready-to-use 1-click LEMP application. Just select one of our servers, choose LAMP from the App menu during checkout, and LEMP will be set up in minutes. However, if you prefer to learn how to do it yourself, keep reading.

Step 1: Update The Package Cache

Start by updating the packages in the package manager cache to the latest available versions using the following command:

sudo apt update

Step 2: Install the MariaDB Database Server

After updating our package cache, we will now install the MariaDB database server. We'll use MariaDB instead of MySQL because it includes more features and supports new storage engines, in addition to its high performance.

To install MariaDB, execute the following command:

sudo apt install mariadb-server mariadb-client

Tap the y key then Enter to continue the installation.

In the preceding command, you install two packages:

• mariadb-server: The MariaDB database server which actually stores data.
• mariadb-client: The MariaDB database client which allows you to interact with and manage the database server via the command line.

Once the installation is finished, verify that the MariaDB database server is running properly by executing the following command to check out the MariaDB service status:

sudo service mariadb status

The output should show that the service is enabled and running:

Here, you can see that the service is active and running in the line "Active: active (running) ...".

Ensure That MariaDB Starts at Boot

To make sure that the MariaDB database server starts with the system at boot, use the enable subcommand of the systemctl command. To do so, execute the following command:

sudo systemctl enable mariadb.service

You should receive the following output:

Synchronizing state of mariadb.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable mariadb

Securing The MariaDB Database Server

MariaDB comes with some unsafe default settings which may expose your database server to dangerous security vulnerabilities. It's recommended that you run a security script that comes with MariaDB to strengthen your database server and minimize the risk of database intrusions or breaches.

To secure your MariaDB database server, execute the following command, where you will be presented with seven prompts:

First, run the script:

sudo mysql_secure_installation

You’ll be asked for your current root password:

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none): 

Tap Enter.

Next, you'll be asked whether you want to use the unix_socket authentication method:

OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

Switch to unix_socket authentication [Y/n] 

Tap Y to enable unix_socket authentication for better security.

The unix_socket authentication method uses the Unix user's credentials instead of a password to connect to the MariaDB account with the same username, which makes it a passwordless security mechanism, and because it depends on the user's credentials, it cannot be used to grant multiple Unix users access to a single MariaDB user account. With this, access to your MariaDB database server is limited to the Unix user, adding a security layer for your MariaDB account and preventing attackers from brute forcing or taking advantage of an accidental password leak.

The unix_socket authentication method is particularly strong due to the default sturdiness of Unix user security in preventing remote access. However, unskilled administration of your Unix user system may expose dangerous vulnerabilities. So, keep a wide and open eye on potential Unix user security issues such as weak passwords or accidental password exposure, excessive sudo permissions that allow users to execute commands of a different Unix user, scripts of other users executed by your MariaDB Unix user, running unsafe scripts, or weak remote access security.

Next, you'll be asked to change the root password:

Enabled successfully!
Reloading privilege tables..
 ... Success!

Change the root password? [Y/n] 

Tap Y to set a new password for root, and re-enter it for validation.

Next, you'll be asked to remove anonymous users:

Change the root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] 

Tap Y to remove the anonymous users that come with your MariaDB installation.

Next, you’ll be asked whether you want to disallow remote root logins:

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] 

Tap Y to disable remote root login.

Next, you’ll be asked whether you want to remove the test database that comes with your MariaDB installation:

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] 

Tap Y to remove your MariaDB test database and disable access to it.

In order for the changes you've made to take effect, you’ll be asked to reload your MariaDB privilege tables:

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] 

Tap Y to reload your MariaDB privilege tables. This will ensure that your changes will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

With this, your MariaDB installation is more secure than before, provided that you follow security best practices.

You now have the MariaDB database server installed, and you’re ready to store and manage your data. Next, you’ll need to serve the data you store using an HTTP server, which is the NGINX web server in the LEMP stack.

Step 3: Install NGINX

After installing and securing the MariaDB database server, the next step in our LEMP stack installation is installing the NGINX HTTP server, which serves web content.

Use apt to install the NGINX web server using the following command:

sudo apt install nginx

You’ll be asked to confirm the installation. Tap the y key then Enter to continue.

Once the installation is finished, check NGINX’s version to confirm that it was properly installed using the following command:

sudo nginx -v

You should receive an output that looks as follows:

Check NGINX’s status with the following command:

sudo systemctl status nginx

The output should show that the Nginx service is enabled and running:

Ensure That NGINX Starts at Boot

To make sure that the NGINX web server starts with the system at boot, use the enable subcommand of the systemctl command. To do so, execute the following command:

sudo systemctl enable nginx.service

You should receive the following output:

Synchronizing state of nginx.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable nginx

You now have NGINX installed. Next, you’ll install the PHP language.

Step 4: Install PHP

With MariaDB you can store and manage data, and the NGINX HTTP server allows you to serve it. You now need to install PHP to dynamically display data, and allow users to interact with your web service via easy-to-use web forms or API calls.

Use the following command to install the main PHP package, along with basic PHP packages that allow you to interact with your database and HTTP server:

sudo apt install php-fpm php-mysql php-xml php-mbstring

When prompted, tap the y key then Enter to continue the installation.

In the preceding command, you install the following packages:

• php-fpm: A package that allows NGINX to handle PHP processes and serve websites written in PHP.
• php-mysql: A package that allows PHP to communicate with MySQL-based databases such as MariaDB.
• php-xml: A package that provides a DOM, SimpleXML, WDDX, XML, and XSL module for PHP.
• php-mbstring: A package that provides the MBSTRING module for PHP, which is used to manage non-ASCII strings.

The main PHP language package will be installed automatically as part of the installation process as a dependency.

To ensure PHP was successfully installed, check its version using the following command:

php -v

You should receive an output similar to the following:

This means that you’ve successfully installed PHP.

Step 5: Configure NGINX to Handle PHP Processing

After we've finished installing all the components of the LEMP stack, we will now configure NGINX so it can serve PHP-based websites.

By default, NGINX is configured to serve files out of a root web directory located at /var/www/html. This default configuration is suitable for small single-site web servers, but hosting multiple sites using this method will quickly become unmanageable and cumbersome. Instead, it is best to create a root web directory for each site you’d like to host on your web server, while leaving the default /var/www/html root web directory to be served when a user requests a site that doesn’t exist.
Create the root web directory for your site as follows, replacing mysite with your site’s name:

sudo mkdir /var/www/mysite

Next, open a new configuration file in NGINX’s sites-available directory, which is a directory that contains configuration for each of your sites. Again, make sure to replace mysite with your site’s name:

sudo nano /etc/nginx/sites-available/mysite

Paste into it the following:

server {
    listen 80;
    server_name mysite www.mysite;
    root /var/www/mysite;

    index index.html index.htm index.php;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ .php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.3-fpm.sock;
     }
}

Note: The preceding NGINX configuration is called a server block.

Remember to replace mysite with your site’s name.

If you don’t have a domain name, you can replace the line server_name mysite www.mysite; with just server_name your_IP_address;, where your_IP_address is your server’s IP address.

Save the file by pressing CTRL+x and then y and Enter to confirm.

In the preceding configuration file, you set up the following:

• listen:The port number NGINX will listen on. Here, you set its value to 80, which is the port number assigned to HTTP.
• server_name: The domain names or IP addresses this server block configuration should respond for. Remember to replace mysite with your site’s name. If you don’t have a domain name, you can replace the line server_name mysite www.mysite; with just server_name your_IP_adress;, where your_IP_adress is your server’s IP address.
• root: The root web directory, also known as the document root, that stores the files served by your website. Here, you set its value to /var/www/mysite, which is the root web directory we created earlier, so make sure to set the proper value in your case.
• index: The order in which NGINX will prioritize index files for your website. Here, you set the order as follows: index.html index.htm index.php, which means that when requesting the index page, NGINX will initially look for a file called index.html in your root web directory and serve it, if no file matches that filename, it will look for a file called index.htm and serve it instead. Otherwise, it will look for a PHP file called index.php.
• location /: The main location block, which includes a try_files directive, and it allows NGINX to route HTTP requests to the correct location within the file system. It looks for files or directories matching a URL request. If no resource matches the HTTP request, NGINX will return a 404 Not Found HTTP error.
• location ~ .php$: A location block that handles PHP processing. It tells NGINX to handle any HTTP request with a URL that ends with .php with the directives included in this location block. This effectively points NGINX to the fastcgi-php.conf configuration file and the php8.3-fpm.sock file, which declares the socket that is associated with php-fpm.

Activate NGINX Configuration

Now that you’ve set up an NGINX server block configuration for your site, you need to activate it. You can do this by linking your mysite configuration file to the configuration file from NGINX’s sites-enabled directory:

sudo ln -s /etc/nginx/sites-available/mysite /etc/nginx/sites-enabled

To check that your configuration file has been properly linked to NGINX’s sites-enabled directory, run the following command:

sudo ls -l /etc/nginx/sites-enabled

You should receive an output that’s similar to the following:

total 0
lrwxrwxrwx 1 root root 34 Aug  4 09:43 default -> /etc/nginx/sites-available/default
lrwxrwxrwx 1 root root 33 Aug  4 10:07 mysite -> /etc/nginx/sites-available/mysite

Here, you can see that your sites-available/mysite configuration file has been successfully linked.
Next, unlink the default NGINX configuration from the /sites-enabled/ directory. This forces NGINX to use your mysite configuration instead of the default configuration:

sudo unlink /etc/nginx/sites-enabled/default

To check that the default NGINX configuration has been properly unlinked from the sites-enabled directory, run the following command:

sudo ls -l /etc/nginx/sites-enabled

You should receive an output that’s similar to the following:

total 0
lrwxrwxrwx 1 root root 33 Aug  4 10:07 mysite -> /etc/nginx/sites-available/mysite

Here, you can see that the default configuration symlink is no longer in the sites-enabled directory, which means that it has been successfully unlinked.
Next, test your configuration’s syntax using the following command:

sudo nginx -t

You should receive an output that’s similar to the following:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

This output shows that there are no errors in the configuration file.

If you receive any errors, review your configuration file and make sure you’ve set your directives and values properly.

Next, reload NGINX for the changes you’ve made to take effect by running the following command:

sudo systemctl reload nginx

With this, you can now create an HTML test file to test your setup.

In your /var/www/mysite root web directory, create a new index.html file:

sudo nano /var/www/mysite/index.html

Paste The following HTML code into it:

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>My website</title>
</head>
<body>
    <h1>Hello World!</h1>
    <p>This is the landing page of <strong>My Site</strong></p>
</body>
</html>

As you can see, this is straightforward HTML code.

Save the file by pressing CTRL+x and then y and Enter to confirm.

Now, open your browser and navigate to your server’s domain name or IP address:

http://your_server_domain_or_IP_address

You should see that the index.html file you created earlier is properly served.

Note: What we’ve done in this article is suitable for testing purposes and personal use, whereas if you want to publish your site to production, and securely process your online transactions, we do suggest you check our How To Install Let’s Encrypt on Ubuntu 24.04 article, that explains in detail how to secure your site with SSL certificates.

Reader Alert!

If you feel that the technical instructions in this tutorial are time-consuming, or beyond your expertise, you can choose a very convenient and practical solution, ready-made, fully and professionally tested, and developed by SSD Nodes (That is us ). Just visit our website, choose the server’s specifications that fit your needs, and while prompted to choose among the operating systems and the 1-Click Applications we have, choose LEMP from the Apps dropdown menu, complete your checkout, and in a couple of minutes our algorithms will take care of all the technical aspects smoothly and effortlessly, just for you!

Bonus: All our 1-Click applications are now installed with an active HTTPS self-signed certificate!

Conclusion

For the next steps to go live, it is important to secure your web server connections by serving requests with HTTPS instead of HTTP. You can accomplish this using a CA certificate, which is the more convenient solution when going public; check out our How To Install Let’s Encrypt on Ubuntu guide.

The LEMP “stack” involves the Linux operating system (L), the Nginx web server (E), a MySQL database (M), and PHP for dynamic webpages (P).

Prerequisites

Before you start, you need the following:

• A VPS running Ubuntu 16.04
• A regular (non-root) account with sudo privileges. See our SSH keys tutorial for more information.

Step 1: Disabling apache2

We need to ensure that Apache (a different web server option) isn’t running. Let’s remove it from the server.

sudo apt-get remove apache2
sudo rm /var/www/html/index.html

Step 2: Installing Nginx

Ubuntu’s apt package management software makes installing nginx quite easy. Running the update command ensures you get the most up-to-date version.

sudo apt-get update
sudo apt-get install nginx

Nginx will automatically start running at this point. You can double check this by navigating to the IP address of your VPS via a web browser.

http://remote_server

If successful, you’ll see a default Nginx page.

Step 3: Installing MySQL

Next, we’ll install MySQL, which is a database that will be used to store information. Install this with apt as well.

sudo apt-get install mysql-server

You will be prompted to input a password for the adminisrative user for MySQL. We recommend a strong, secure password. For additional security, you won’t be able to see the characters as you type them in.

Next, run a script to improve the security of the installation.

sudo mysql_secure_installation

You’ll see the following warning about the VALIDATE PASSWORD PLUGIN .

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No: 

This plugin will reject passwords that are not strong enough. It’s not necessary if you’re diligent about using strong, secure passwords. If you choose Yes , you’ll be asked to define a policy for strong passwords.

You will also be given an opportunity to change the root password if you’d like.

Using existing password for root.
Change the password for root ? ((Press y|Y for Yes, any other key for No) : 

For the remainder of the questions, type in y or Y and then hit Enter . These remove anonymous users and restrict root logins, both of which are best practices.

Step 4: Installing PHP

PHP will be used to serve up dynamic web pages to users as they visit your site. There are other options available, such as Ruby or Node.js, but these fall beyond the scope of this tutorial.

We need to start with installing some programs that help PHP communicate with Nginx and MySQL.

sudo apt-get install php-fpm php-mysql

You need to edit the php.ini file and change one particular line to make the configuration more secure.

sudo nano /etc/php/7.0/fpm/php.ini

You’re looking for a line that begins with ;cgi.fix_pathinfo . To find it easily in nano, type in Ctrl+w and type in cgi.fix_pathinfo . You need to uncomment this line—remove the semicolon—and change the setting to 0 . The end result should look like this:

cgi.fix_pathinfo=0

Once you’ve saved the file, a quick restart of the PHP processor will enable this change.

sudo systemctl restart php7.0-fpm

Step 5: Configuring Nginx and PHP

As we tested earlier, Nginx is already working properly, but it defaults to using HTML to serve up a webpage, not PHP. We need to change that by editing the default Nginx server block.

sudo nano /etc/nginx/sites-available/default

Let’s go step by step through the lines that you will want to edit.

First, you might want to change the root directory of your website, if you’d like to serve it from a different location. The default configuration is perfectly fine, however, so we recommend leaving it alone.

root /var/www/html;

Next, you want to request that Nginx look for an index.php file rather than index.html .

Before:

# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;

After:

# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;

After that, you need to uncomment the area that connects to php-fpm .

Before:

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ .php$ {
#       include snippets/fastcgi-php.conf;
#
#       # With php7.0-cgi alone:
#       fastcgi_pass 127.0.0.1:9000;
#       # With php7.0-fpm:
#       fastcgi_pass unix:/run/php/php7.0-fpm.sock;
#}

After:

location ~ .php$ {
        include snippets/fastcgi-php.conf;

#       # With php7.0-cgi alone:
#       fastcgi_pass 127.0.0.1:9000;
#       # With php7.0-fpm:
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}

Finally, you should restrict access to .htaccess files, which Nginx doesn’t use.

Before:

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /.ht {
#       deny all;
#}

After:

# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /.ht {
       deny all;
}

Once you’ve made those three changes, you can save and close the file and test out the configuration.

sudo nginx -t

If you see any errors, check the file for any syntax mistakes you might have made. Once the command returns a positive result, you can restart Nginx to load the new configuration.

sudo systemctl restart nginx

Step 6: Testing PHP

At this point, the LEMP stack should be completely configured, but it doesn’t hurt to take a few extra moments to double-check that it’s running correctly. The easiest way to do that is to create a new file in your document root.

sudo nano /var/www/html/info.php

Inside that file, type or paste in these two lines:

<?php
phpinfo();

Save and close the file, and then visit your website again via a browser.

http://remote_server/info.php

If you see a file like the following, you’re all set up! You’re now ready to host and deploy some serious content to your visitors.

In future tutorials, we’ll cover how to add a WordPress installation on top of your LEMP stack, in addition to securing the connection between your server and your visitors with SSL certificates.