How to install Nginx, PHP 7.3 LEMP Stack on Ubuntu 18.04 LTS with Google Compute Engine and connect with Cloud SQL.
Not using Ubnt 18.04 LTS? Choose a different OS:
The installation is mostly done via command line so I assume you are comfortable using command line interface.
Prerequisites
- Comfortable using LINUX command line interface
- Your Compute Engine Instance running.
- For setting up Compute Engine, see the Setting up Compute Engine Instance
- Domain name is pointed to your virtual machine.
- For setting up Cloud DNS, see the Setting up Google Cloud DNS for your domain
Install Nginx
Go to Compute Engine >> VM Instances page, here you will have your instances listed. Click the SSH button to launch the terminal in a new browser window.
Although you have just created your new instance, it is likely that some software packages are out of date. Let’s make sure that you are using the latest software packages.
sudo apt update
Once completed let’s update all the installed packages. You will be prompted with the selection to start the update. Hitting Y and Enter will begin the process.
sudo apt upgrade
Once the upgrade is completed you can proceed to install Nginx
sudo apt install nginx
Once complete, you can confirm that Nginx has been installed by issuing this command
nginx -v
Visit your domain in your browser, you will see the Nginx welcome page.
Now you can secure your instance by setting up firewall and Fail2ban.
Firewall
The firewall provides an additional layer of security to your instance by blocking inbound network traffic. The ufw (Uncomplicated Firewall) package is usually installed by default in Ubuntu 18.04 LTS, so we need to just add the rules which deny all incoming traffics and allow all outgoing traffics. We now add the ports for SSH (22), HTTP (80), HTTPS (443).
sudo ufw allow OpenSSH
sudo ufw allow 'Nginx HTTP'
sudo ufw allow 'Nginx HTTPS'
sudo ufw enable
Fail2ban
This works alongside with ufw and monitors intrusion attempts to your instance and blocks the offending host for a set period of time, so let’s install it now.
sudo apt install fail2ban
sudo service fail2ban start
Next, open the Nginx configuration file, which can be found at /etc/nginx/nginx.conf
Start by setting the user to the username that you’re currently logged in with. This will make managing file permissions much easier in the future.
The worker_processes directive is the amount of CPU cores your instance. In my case, this is 1.
Uncomment the multi_accept directive and set it to on.
Lower the keepalive_timeout directive to 15.
For security reasons, you should uncomment the server_tokens directive and ensure it is set to off.
Add the new client_max_body_size directive below the server_tokens and set the value to 64m.
Uncomment the gzip_proxied directive and set it to any, uncomment the gzip_comp_level directive and set it to the value of 2 and finally uncomment the gzip_types directive.
In order for Nginx to correctly serve PHP you also need to ensure the fastcgi_param SCRIPT_FILENAME directive is set, otherwise, you will receive a blank white screen when accessing any PHP scripts. So open fastcgi_params file by issuing
sudo nano /etc/nginx/fastcgi_params
Add the following at the end of the file
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
That’s all, this is the basic Nginx configuration, hit CTRL+X followed by Y to save the changes. Ensure that the configuration file contains no errors and restart Nginx for the changes to take effect by issuing the following command
sudo nginx -t
If you get a successful message, then proceed with the following command
sudo service nginx restart
If everything worked out fine, you should still be able to see the Nginx welcome page when visiting your domain in the browser. However, unless visiting a known host the server should return a 444 response. So, we remove the default server blocks from Nginx.
sudo rm /etc/nginx/sites-available/default
sudo rm /etc/nginx/sites-enabled/default
Now you need to add a catch-all block to the Nginx configuration. Open the nginx.conf file
sudo nano /etc/nginx/nginx.conf
Find the line with include /etc/nginx/sites-enabled/*;
Below this line add the following
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 444;
}Hit CTRL+X followed by Y to save the changes and then test the Nginx configuration and restart Nginx.
sudo nginx -t
sudo service nginx restart
Now when you visit the domain name you should receive an error.
From here you can setup Nginx server blocks configuration for your website.
Install PHP 7.3
sudo apt install software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt update
sudo apt install php7.3-fpm php7.3-common php7.3-mysql php7.3-xml php7.3-xmlrpc php7.3-curl php7.3-gd php7.3-imagick php7.3-cli php7.3-dev php7.3-imap php7.3-mbstring php7.3-opcache php7.3-soap php7.3-zip unzip -y
After the installation has completed, confirm that PHP 7.3 has installed correctly with this command
php-fpm7.3 -v
Now that PHP 7.3.* has installed and you need to configure the user and group that the service will run under.
sudo nano /etc/php/7.3/fpm/pool.d/www.conf
Change the following lines by replacing the www-data with your username.
user = username
group = username
listen.owner = username
listen.group = username
Now we configure PHP for WordPress by changing some values in php.ini.
sudo nano /etc/php/7.3/fpm/php.ini
Hit F6 for search inside the editor and update the following values
upload_max_filesize = 32M
post_max_size = 48M
memory_limit = 256M
max_execution_time = 600
max_input_vars = 3000
max_input_time = 1000
Hit CTRL+X and Y to save the configuration and check if the configuration is correct and restart PHP
sudo php-fpm7.3 -t
sudo service php7.3-fpm restart
Now you can create Nginx configurations for different web applications
Now we have completed NGINX and PHP 7.3 in Ubuntu 18.04 LTS.
Learn How to connect your Google Compute Engine with Cloud SQL database
