Google Cloud Compute Engine

Setting up LEMP – Nginx, PHP 7.2 in Google Cloud

Disclosure: This post may contain affiliate links, which means we may receive a commission if you click a link and purchase something that we recommended.

Pinterest LinkedIn Tumblr

This page shows you how to get your WordPress website running on a virtual machine instance with Nginx, PHP 7.2, Cloud SQL

The installation is mostly done via command line so I assume you are comfortable using command line interface.

Prerequisites

Install Nginx

Go to Compute Engine >> VM Instances page, here you will have your instances listed. Click the SSH button to launch the terminal in a new browser window.

Although you have just created your new instance, it is likely that some software packages are out of date. Let’s make sure that you are using the latest software packages.

sudo apt-get update

Once completed let’s update all the installed packages. You will be prompted with the selection to start the update. Hitting Y and Enter will begin the process.

sudo apt-get upgrade

Once the upgrade is completed you can proceed to install Nginx

sudo apt install nginx

Once complete, you can confirm that Nginx has been installed by issuing this command

nginx -v

Visit your domain in your browser, you will see the Nginx welcome page.

Now you can secure your instance by setting up firewall and Fail2ban.

Firewall

The firewall provides an additional layer of security to your instance by blocking inbound network traffic. The ufw (Uncomplicated Firewall) package is usually installed by default in Ubuntu 18.04 LTS, so we need to just add the rules which deny all incoming traffics and allow all outgoing traffics. We now add the ports for SSH (22), HTTP (80), HTTPS (443).

sudo ufw allow OpenSSH
sudo ufw allow 'Nginx HTTP'
sudo ufw allow 'Nginx HTTPS'
sudo ufw enable

Fail2ban

This works alongside with ufw and monitors intrusion attempts to your instance and blocks the offending host for a set period of time, so let’s install it now.

sudo apt-get install fail2ban
sudo service fail2ban start

Next, open the Nginx configuration file, which can be found at /etc/nginx/nginx.conf

Start by setting the user to the username that you’re currently logged in with. This will make managing file permissions much easier in the future.

The worker_processes directive is the amount of CPU cores your instance. In my case, this is 1.

Uncomment the multi_accept directive and set it to on.

Lower the keepalive_timeout directive to 15.

For security reasons, you should uncomment the server_tokens directive and ensure it is set to off.

Add the new client_max_body_size directive below the server_tokens and set the value to 64m.

Uncomment the gzip_proxied directive and set it to any, uncomment the gzip_comp_level directive and set it to the value of 2 and finally uncomment the gzip_types directive.

In order for Nginx to correctly serve PHP you also need to ensure the fastcgi_param SCRIPT_FILENAME directive is set, otherwise, you will receive a blank white screen when accessing any PHP scripts. So open fastcgi_params file by issuing

sudo nano /etc/nginx/fastcgi_params

Add the following at the end of the file

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

That’s all, this is the basic Nginx configuration, hit CTRL+X followed by Y to save the changes. Ensure that the configuration file contains no errors and restart Nginx for the changes to take effect by issuing the following command

sudo nginx -t

If you get a successful message, then proceed with the following command

sudo service nginx restart

If everything worked out fine, you should still be able to see the Nginx welcome page when visiting your domain in the browser. However, unless visiting a known host the server should return a 444 response. So, we remove the default server blocks from Nginx.

sudo rm /etc/nginx/sites-available/default
sudo rm /etc/nginx/sites-enabled/default

Now you need to add a catch all block to the Nginx configuration. Open the nginx.conf file

sudo nano /etc/nginx/nginx.conf

Find the line with include /etc/nginx/sites-enabled/*;

Below this line add the following

server {
   listen 80 default_server;
   listen [::]:80 default_server;
   server_name _;
   return 444;
}

Hit CTRL+X followed by Y to save the changes and then test the Nginx configuration and restart Nginx.

sudo nginx -t
sudo service nginx restart

Now when you visit the domain name you should receive an error.

Install PHP 7.2

sudo apt-get install php7.2-fpm php7.2-common php7.2-mysql php7.2-xml php7.2-xmlrpc php7.2-curl php7.2-gd php7.2-imagick php7.2-cli php7.2-dev php7.2-imap php7.2-mbstring php7.2-opcache php7.2-soap php7.2-zip -y

After the installation has completed, confirm that PHP has installed correctly with this command

php-fpm7.2 -v

Now that PHP 7.2.* has installed and you need to configure the user and group that the service will run under.

sudo nano /etc/php/7.2/fpm/pool.d/www.conf

Change the following lines by replacing the www-data with your username.

user = username
group = username
listen.owner = username
listen.group = username

Now we configure PHP for WordPress by changing some values in php.ini.

sudo nano /etc/php/7.2/fpm/php.ini

Hit F6 for search inside the editor and update the following values

upload_max_filesize = 32M
post_max_size = 48M
memory_limit = 256M
max_execution_time = 600
max_input_vars = 1000
max_input_time = 400

Hit CTRL+X and Y to save the configuration and check if the configuration is correct and restart PHP

sudo php-fpm7.2 -t
sudo service php7.2-fpm restart

Now we have completed NGINX and PHP 7.2 in Ubuntu 18.04 LTS.

In the next post, we can configure Cloud SQL for the WordPress database.

8 Comments

  1. Adam Hopper Reply

    is this an over site or typo? Please read instructions below and then review the noted area again…

    Change the following lines by replacing the www-data with your username.

    user = username
    group = username
    listen.owner = username
    listen.group = username
    Now we configure PHP for WordPress by changing some values in php.ini.

    How do we perform this task? Not sure if this is within the CLI text but I am already confused…
    //—>replacing the www-data with your username.<–//

    • Cloudbooklet Reply

      You need to replace the www-data with your username you see in your terminal [email protected]_name:~$ in /etc/php/7.2/fpm/pool.d/www.conf

  2. when I run the nginx -t command, I get an error message saying that invalid number of arguments in client_max_size_body directive. Could you please help?

    • I figured it out, made a silly mistake sorry. Do you have alternative to the command line for installing php? When I run the command line, it is unable to locate any package

      • Cloudbooklet Reply

        You can try adding the repo and install PHP
        sudo apt install software-properties-common
        sudo add-apt-repository ppa:ondrej/php
        sudo apt update

  3. Hello Thank you for the tutorial. I was following the steps in setting up my server but now i am getting error when i try to test php-fpm with this command: sudo php-fpm7.2 -t

    This is the error i get on the command line
    ERROR: [/etc/php/7.2/fpm/pool.d/www.conf:22] value is NULL for a ZEND_INI_PARSER_ENTRY
    [24-Feb-2020 12:35:53] ERROR: Unable to include /etc/php/7.2/fpm/pool.d/www.conf from /etc/php/7.2/fpm/php-fpm.conf at line 22
    [24-Feb-2020 12:35:53] ERROR: failed to load configuration file ‘/etc/php/7.2/fpm/php-fpm.conf’
    [24-Feb-2020 12:35:53] ERROR: FPM initialization failed
    Please your response is appreciated. thanks

    • Please try replacing the hash symbols “#” with semicolons “;” in your www.conf. Maybe that could be the cause for the error. If that didnt fix please share the contents of www.conf file. Thank you

  4. Achmad Norcholis Reply

    hey, I notice every time I execute command sudo service nginx restart or sudo service php7.2-fpm restart
    I always get the error
    Job for php7.2-fpm.service failed because the control process exited with error code.
    See “systemctl status php7.2-fpm.service” and “journalctl -xe” for details.

Write A Comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.