How to Use Vultr's LEMP Marketplace Application
The LEMP stack combines Linux, Nginx, MySQL, and PHP to serve dynamic websites and applications. It provides a powerful foundation for hosting PHP-based applications with Nginx's high-performance web server, MySQL's robust database management, and PHP's server-side scripting capabilities. The Vultr Marketplace provides a pre-configured LEMP instance, enabling quick deployment and setup on a Vultr server.
This guide explains deploying and using Vultr's LEMP Marketplace Application. You will deploy an instance, verify the installation, configure DNS and SSL, set up a virtual host, secure MySQL, and implement best practices for production deployments.
Deploy Vultr's LEMP Marketplace Application
Log in to your Vultr Customer Portal and click the Deploy Server button.
Select your preferred server type.
Choose a server location.
Select a server plan with at least 1GB RAM and 1 CPU core for basic workloads, or 2GB RAM and 2 CPU cores for production applications.
Click the Configure button to proceed.
Under Marketplace Apps, search for
LEMPand select it as the Marketplace Application.Select the Limited Login option from the Additional Features section to create a limited user with sudo access.
Review your configurations and click the Deploy Now button to start deployment.
It may take up to 10 minutes for your server to finish installing the LEMP stack.NoteAfter the instance shows the status of Running, navigate to the Server Overview page and copy the SSH connection details.
Initial Setup and Configuration
After deployment, verify the installation, configure DNS, and secure your LEMP stack before hosting applications.
Create a DNS A record pointing to your server's IP address, such as
lemp.example.com.Connect to your Vultr server instance over SSH using the connection details from the Server Overview page.
Verify LEMP Installation
Check the Nginx service status.
console$ sudo systemctl status nginx
The service should show as
active (running).Verify the PHP installation.
console$ php -v
Output:
PHP 8.3.12 (cli) (built: Sep 27 2024 03:53:05) (NTS)Check the MySQL service status.
console$ sudo systemctl status mysql
The service should show as
active (running).Verify Nginx is serving the default page by visiting
http://SERVER_IPin a web browser.
Configure Firewall Security
Secure your server by configuring the firewall to allow only necessary traffic before enabling SSL.
Allow SSH connections.
console$ sudo ufw allow OpenSSH
Allow HTTP and HTTPS traffic for Nginx and Certbot.
console$ sudo ufw allow 'Nginx Full'
Enable the firewall.
console$ sudo ufw enable
Verify firewall status.
console$ sudo ufw status
Secure LEMP with SSL/TLS
Protect your web server with HTTPS using Let's Encrypt certificates via Certbot.
Install Certbot and the Nginx plugin.
console$ sudo apt update $ sudo apt install certbot python3-certbot-nginx -y
Request an SSL certificate for your domain.
console$ sudo certbot --nginx -d lemp.example.com
Follow the prompts and select the option to redirect HTTP traffic to HTTPS when asked.
Verify SSL certificate auto-renewal.
console$ sudo certbot renew --dry-run
Access your site securely at
https://lemp.example.com.
Configure Nginx Virtual Host
Set up a virtual host to serve your website with proper configurations for PHP applications.
Create a directory for your website.
console$ sudo mkdir -p /var/www/lemp.example.com/html
Set proper ownership.
console$ sudo chown -R www-data:www-data /var/www/lemp.example.com
Set safe directory permissions.
console$ sudo chmod -R 755 /var/www/lemp.example.com
Create a test index file.
console$ sudo nano /var/www/lemp.example.com/html/index.php
php<!DOCTYPE html> <html> <head> <title>Welcome to LEMP Server</title> </head> <body> <h1>Success! The LEMP virtual host is working.</h1> <p>Server time: <?php echo date('Y-m-d H:i:s'); ?></p> </body> </html>
Save and close the file.
Create an Nginx virtual host configuration.
console$ sudo nano /etc/nginx/sites-available/lemp.example.com
nginxserver { listen 80; listen [::]:80; server_name lemp.example.com; root /var/www/lemp.example.com/html; index index.php index.html index.htm; access_log /var/log/nginx/lemp.example.com-access.log; error_log /var/log/nginx/lemp.example.com-error.log; location / { try_files $uri $uri/ =404; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php8.3-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~ /\.ht { deny all; } }
Replace
lemp.example.comwith your domain name and adjust the PHP-FPM socket path if needed.Save and close the file.
Enable the virtual host.
console$ sudo ln -s /etc/nginx/sites-available/lemp.example.com /etc/nginx/sites-enabled/
Disable the default Nginx site.
console$ sudo rm /etc/nginx/sites-enabled/default
Test the Nginx configuration.
console$ sudo nginx -t
Output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successfulReload Nginx to apply changes.
console$ sudo systemctl reload nginx
Run Certbot again to configure SSL for the new virtual host.
console$ sudo certbot --nginx -d lemp.example.com
Access your site at
https://lemp.example.comto verify the test page loads with SSL.
Configure MySQL Database
Set up MySQL with secure authentication and create a database for your application.
Secure MySQL Installation
Run the MySQL secure installation script.
console$ sudo mysql_secure_installation
Follow the prompts:
- Set root password: Enter a strong password
- Remove anonymous users: Yes
- Disallow root login remotely: Yes
- Remove test database: Yes
- Reload privilege tables: Yes
Create Database and User
Log in to MySQL as root.
console$ sudo mysql -u root -p
Enter the root password when prompted.
Create a database for your application.
sql> CREATE DATABASE myapp_db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
Create a dedicated database user.
sql> CREATE USER 'myapp_user'@'localhost' IDENTIFIED BY 'secure_password_here';
Replace
secure_password_herewith a strong password.Grant privileges to the user.
sql> GRANT ALL PRIVILEGES ON myapp_db.* TO 'myapp_user'@'localhost';
Flush privileges and exit.
sql> FLUSH PRIVILEGES; > EXIT;
Test the new user connection.
console$ mysql -u myapp_user -p myapp_db
Enter the password when prompted. If you can access the database, the setup is correct.
Configure PHP
Optimize PHP settings for production use and security.
Update PHP Configuration
Edit the PHP-FPM configuration file.
console$ sudo nano /etc/php/8.3/fpm/php.ini
Update the following settings for production use.
iniupload_max_filesize = 64M post_max_size = 64M memory_limit = 256M max_execution_time = 300 max_input_time = 300 display_errors = Off log_errors = On error_log = /var/log/php/error.log
Adjust values based on your application requirements.
Save and close the file.
Create the PHP log directory.
console$ sudo mkdir -p /var/log/php $ sudo chown www-data:www-data /var/log/php
Restart PHP-FPM to apply changes.
console$ sudo systemctl restart php8.3-fpm
Install Common PHP Extensions
Install frequently used PHP extensions.
console$ sudo apt install php8.3-mysql php8.3-curl php8.3-gd php8.3-mbstring php8.3-xml php8.3-zip php8.3-intl -y
Restart PHP-FPM after installing extensions.
console$ sudo systemctl restart php8.3-fpm
Verify installed extensions.
console$ php -m
Best Practices and Configuration
Implement these recommendations to ensure your LEMP stack runs securely and efficiently.
Security Hardening
Configure Nginx security headers in your virtual host.
console$ sudo nano /etc/nginx/sites-available/lemp.example.com
Add the following inside the
serverblock:nginxadd_header X-Frame-Options "SAMEORIGIN" always; add_header X-Content-Type-Options "nosniff" always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "no-referrer-when-downgrade" always;
Save, close, and reload Nginx.
Disable PHP version exposure.
console$ sudo nano /etc/php/8.3/fpm/php.ini
Set:
iniexpose_php = Off
Restart PHP-FPM:
sudo systemctl restart php8.3-fpmKeep the system and packages updated.
console$ sudo apt update $ sudo apt upgrade -y
Performance Optimization
Enable PHP OPcache for better performance.
console$ sudo nano /etc/php/8.3/fpm/php.ini
iniopcache.enable=1 opcache.memory_consumption=128 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=10000 opcache.revalidate_freq=60
Restart PHP-FPM.
Configure Nginx client body size for uploads.
console$ sudo nano /etc/nginx/nginx.conf
Add inside the
httpblock:nginxclient_max_body_size 64M;
Reload Nginx.
Backup Configuration
Create regular backups of important directories.
console$ sudo tar -czf /root/backup-$(date +%F).tar.gz /var/www /etc/nginx /etc/php
Back up MySQL databases.
console$ sudo mysqldump -u root -p --all-databases > /root/mysql-backup-$(date +%F).sql
Troubleshooting
This section covers common issues and diagnostic commands to help resolve problems with your LEMP stack.
Check Service Status
Verify all services are running.
console$ sudo systemctl status nginx $ sudo systemctl status php8.3-fpm $ sudo systemctl status mysql
View service logs.
console$ sudo journalctl -u nginx -e $ sudo journalctl -u php8.3-fpm -e $ sudo journalctl -u mysql -e
Common Issues
502 Bad Gateway Error
Check PHP-FPM status and restart if needed.
console$ sudo systemctl status php8.3-fpm $ sudo systemctl restart php8.3-fpm
Verify the PHP-FPM socket path matches the Nginx configuration.
console$ ls -l /var/run/php/
PHP Files Downloading Instead of Executing
Verify PHP-FPM is running.
console$ sudo systemctl status php8.3-fpm
Check that the Nginx virtual host includes the PHP location block.
Restart both services.
console$ sudo systemctl restart nginx php8.3-fpm
Permission Denied Errors
Set proper ownership for web directories.
console$ sudo chown -R www-data:www-data /var/www/lemp.example.com $ sudo chmod -R 755 /var/www/lemp.example.com
Check Nginx and PHP-FPM are running as the same user.
console$ ps aux | grep nginx $ ps aux | grep php-fpm
MySQL Connection Errors
Verify MySQL is running and accessible.
console$ sudo systemctl status mysql $ mysql -u root -p -e "SELECT 1;"
Check user privileges.
console$ sudo mysql -u root -p -e "SELECT user, host FROM mysql.user;"
Use Cases
The LEMP stack provides a flexible environment suitable for various PHP-based web workloads:
- Content Management Systems: Deploy WordPress, Joomla, Drupal, or other popular CMS platforms with Nginx's high-performance serving.
- PHP Frameworks: Host Laravel, Symfony, CodeIgniter, or custom PHP applications with optimized PHP-FPM processing.
- E-commerce Platforms: Run Magento, PrestaShop, or WooCommerce stores with robust database management and secure SSL.
- API Backends: Serve RESTful APIs with fast response times and efficient connection handling through Nginx.
- Web Applications: Deploy custom business applications, dashboards, CRM systems, or SaaS platforms.
- Development Environments: Create isolated staging and testing environments for application development and deployment testing.
Conclusion
In this guide, you deployed Vultr's LEMP Marketplace Application and configured it for production use. You secured the server with firewall rules and SSL/TLS certificates, set up Nginx virtual hosts with proper permissions, configured MySQL with secure authentication and dedicated database users, and optimized PHP settings for performance and security. With this production-ready LEMP stack, you can host PHP applications, manage databases, and serve dynamic content efficiently.