Setting up LEMP – Nginx, PHP 7.2 in Google Cloud

This page shows you how to get your WordPress website running on a virtual machine instance with Nginx, PHP 7.2, Cloud SQL

The installation is mostly done via command line so I assume you are comfortable using command line interface.

Prerequisites

• Comfortable using LINUX command line interface
• Your Compute Engine Instance running.
• For setting up Compute Engine, see the Setting up Compute Engine Instance
• Domain name is pointed to your virtual machine.
• For setting up Cloud DNS, see the Setting up Google Cloud DNS for your domain

Install Nginx

Go to Compute Engine >> VM Instances page, here you will have your instances listed. Click the SSH button to launch the terminal in a new browser window.

Although you have just created your new instance, it is likely that some software packages are out of date. Let’s make sure that you are using the latest software packages.

sudo apt-get update

Once completed let’s update all the installed packages. You will be prompted with the selection to start the update. Hitting Y and Enter will begin the process.

sudo apt-get upgrade

Once the upgrade is completed you can proceed to install Nginx

sudo apt install nginx

Once complete, you can confirm that Nginx has been installed by issuing this command

nginx -v

Visit your domain in your browser, you will see the Nginx welcome page.

Now you can secure your instance by setting up firewall and Fail2ban.

Firewall

The firewall provides an additional layer of security to your instance by blocking inbound network traffic. The ufw (Uncomplicated Firewall) package is usually installed by default in Ubuntu 18.04 LTS, so we need to just add the rules which deny all incoming traffics and allow all outgoing traffics. We now add the ports for SSH (22), HTTP (80), HTTPS (443).

sudo ufw allow OpenSSH
sudo ufw allow 'Nginx HTTP'
sudo ufw allow 'Nginx HTTPS'
sudo ufw enable

Fail2ban

This works alongside with ufw and monitors intrusion attempts to your instance and blocks the offending host for a set period of time, so let’s install it now.

sudo apt-get install fail2ban
sudo service fail2ban start

Next, open the Nginx configuration file, which can be found at /etc/nginx/nginx.conf

Start by setting the user to the username that you’re currently logged in with. This will make managing file permissions much easier in the future.

The worker_processes directive is the amount of CPU cores your instance. In my case, this is 1.

Uncomment the multi_accept directive and set it to on.

Lower the keepalive_timeout directive to 15.

For security reasons, you should uncomment the server_tokens directive and ensure it is set to off.

Add the new client_max_body_size directive below the server_tokens and set the value to 64m.

Uncomment the gzip_proxied directive and set it to any, uncomment the gzip_comp_level directive and set it to the value of 2 and finally uncomment the gzip_types directive.

In order for Nginx to correctly serve PHP you also need to ensure the fastcgi_param SCRIPT_FILENAME directive is set, otherwise, you will receive a blank white screen when accessing any PHP scripts. So open fastcgi_params file by issuing

sudo nano /etc/nginx/fastcgi_params

Add the following at the end of the file

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

That’s all, this is the basic Nginx configuration, hit CTRL+X followed by Y to save the changes. Ensure that the configuration file contains no errors and restart Nginx for the changes to take effect by issuing the following command

sudo nginx -t

If you get a successful message, then proceed with the following command

sudo service nginx restart

If everything worked out fine, you should still be able to see the Nginx welcome page when visiting your domain in the browser. However, unless visiting a known host the server should return a 444 response. So, we remove the default server blocks from Nginx.

sudo rm /etc/nginx/sites-available/default
sudo rm /etc/nginx/sites-enabled/default

Now you need to add a catch all block to the Nginx configuration. Open the nginx.conf file

sudo nano /etc/nginx/nginx.conf

Find the line with include /etc/nginx/sites-enabled/*;

Below this line add the following

server {
   listen 80 default_server;
   listen [::]:80 default_server;
   server_name _;
   return 444;
}

Hit CTRL+X followed by Y to save the changes and then test the Nginx configuration and restart Nginx.

sudo nginx -t
sudo service nginx restart

Now when you visit the domain name you should receive an error.

Install PHP 7.2

sudo apt-get install php7.2-fpm php7.2-common php7.2-mysql php7.2-xml php7.2-xmlrpc php7.2-curl php7.2-gd php7.2-imagick php7.2-cli php7.2-dev php7.2-imap php7.2-mbstring php7.2-opcache php7.2-soap php7.2-zip -y

After the installation has completed, confirm that PHP has installed correctly with this command

php-fpm7.2 -v

Now that PHP 7.2.* has installed and you need to configure the user and group that the service will run under.

sudo nano /etc/php/7.2/fpm/pool.d/www.conf

Change the following lines by replacing the www-data with your username.

user = username
group = username
listen.owner = username
listen.group = username

Now we configure PHP for WordPress by changing some values in php.ini.

sudo nano /etc/php/7.2/fpm/php.ini

Hit F6 for search inside the editor and update the following values

upload_max_filesize = 32M
post_max_size = 48M
memory_limit = 256M
max_execution_time = 600
max_input_vars = 1000
max_input_time = 400

Hit CTRL+X and Y to save the configuration and check if the configuration is correct and restart PHP

sudo php-fpm7.2 -t
sudo service php7.2-fpm restart

Now we have completed NGINX and PHP 7.2 in Ubuntu 18.04 LTS.

In the next post, we can configure Cloud SQL for the WordPress database.