How To Install Linux, Nginx, MySQL, PHP (LEMP stack) on Ubuntu 18.04


LEMP is a pack of software. It is generally used to serve dynamic web applications and web pages. The term LEMP is actually an acronym which includes a Linux OS, with an Nginx (web server (the latter is pronounced as “Engine-X”) with PHP handling the dynamic processing and MYSQL database being a storage for  backend data.

This guide will help you to install LEMP on an Ubuntu 18.04 server. With Ubuntu operating system taking care of the 1st requirement,  there is the need to show how to install and set up the rest of the components.

First Step  – How to Install the Nginx Web Server

Nginx web server is used to display web pages to the visitors of the website. 

The software for this procedure is a part of Ubuntu package repositories set by default meaning that the apt package management suite can be used for the installations.

Since this apt is used for this session for the first time, you need to update the package index of your server. After that, proceed to server installation:

$ sudo apt update
$ sudo apt install nginx

Note, that on Ubuntu 18.04, Nginx starts running upon installation.

In case the ufw firewall is running, as shown in the initial guide, you need to grant connections to Nginx. It registers itself with ufw during the installation, and the process is simple and obvious.

We recommend enabling the profile that is the most restrictive yet that will allow the traffic you need. Since SSL for your server has not been configured yet, what you need to do is to allow traffic on port 80.

Type the following to enable that:

$ sudo ufw allow 'Nginx HTTP'

To verify the change, type:

$ sudo ufw status

The output of the above command will show that HTTP traffic is allowed:

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
Nginx HTTP                 ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
Nginx HTTP (v6)            ALLOW       Anywhere (v6)

To check whether the server is properly functioning with a new rule added, access its public IP address or the domain name in your web browser.

In case you do not know the public IP address of your server, or the domain name is not pointed, run the following command to find it out:

$ ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'

Several IP addresses will be pointed out. Type those in turn in your web browser.

There is also an alternative to check the IP address that is accessible. You can view it from other internet locations:

$ curl -4

Having found out the address,typeit in your web browser. You will be taken to the default landing page of Nginx:


Nginx default page

If you see the page above, it means that your web server is installed correctly.

2 Step – How to Install MySQL to Manage Site Data

With the you web server installed, the next step is to set up the database management system (MySQL) that manages and stores your website data.

Type the following to install MySQL:

$ sudo apt install mysql-server

Now, you have installed MySQL database software. However, you still need to configure it.

Note that  MySQL has  a script that aims to secure the installation. Thus, it will ask to modify the insecure defaults. To initiate the script write the following:

$ sudo mysql_secure_installation

The script is going to ask whether you wish set up the configurations of the VALIDATE PASSWORD PLUGIN.

Warning: Having enabled this this feature, you will have to provide only those passwords that match the specified criteria. Those passwords that do not correspond to these criteria will be rejected by MySQL. Thus, if you try to set a weak password together with software that configures MySQL user credentials automatically  ( for example,Ubuntu packages for phpMyAdmin), the system will show an error. For this reason, it is safe to disable the validation. However, it is recommended to always use unique, strong passwords for database credentials.

Press Y for yes, or any other key to proceed without enabling.

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No:

In case you have decided to enable validation, you will also be asked to set the password validation level. Remmber, if you choose the strongest lever - 2 – you will have to make sure that your passwords must contain uncommon dictionary words, special characters, upper and lowercase letters, and numbers, otherwise errors will be shown.

There are three levels of password validation policy:

LOW    Length >= 8
MEDIUM Length >= 8, numeric, mixed case, and special characters
STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file

Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1

The next step is to provide and confirm a root password:

Please set the password for root here.

New password:

Re-enter new password:

For the following questions, simply press Y and ENTER  for each prompt. The prompts are aimed at removing the test database and anonymous users, as well as disabling remote root logins. This will also load the new rules for MySQL to respect the changes immediately.

It is noteworthy that in Ubuntu systems with MySQL 5.7 (and later versions), the root MySQL user, by default, authenticates with the auth_socket plugin rather than a password. It ensures better usability and security, however, it may cause difficulties when an external program (e.g., phpMyAdmin) tries to access the user.

In case you use plugin auth_socket to access MySQL that fits your workflow, proceed to Step 3. But if you prefer password to connect to MySQL as root, switch the method of authentication from auth_socket to mysql_native_password. To change the settings, open the prompt  for MySQL from the terminal:

$ sudo mysql

The next step is to check which the method of authentication used by each of your MySQL user accounts. Type the command below:

mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;
| user             | authentication_string                     | plugin                | host      |
| root             |                                           | auth_socket           | localhost |
| mysql.session    | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| mysql.sys        | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| debian-sys-maint | *CC744277A401A7D25BE1CA89AFF17BF607F876FF | mysql_native_password | localhost |
4 rows in set (0.00 sec)

From the given example, it is obvious that the root user uses the auth_socket plugin  for authentication. In order to change the configurations of root account to password authentification, run the ALTER USER command below. Set a strong password in the password field:

mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';

After that, run FLUSH PRIVILEGES. The command makes the server accept new changes and reload the grant tables:


Verify the authentication methods set for all of your users. It has to be done to make sure that the auth_socket plugin is no longer used for root authentication:

mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;
| user             | authentication_string                     | plugin                | host      |
| root             | *3636DACC8616D997782ADD0839F92C1571D6D78F | mysql_native_password | localhost |
| mysql.session    | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| mysql.sys        | *THISISNOTAVALIDPASSWORDTHATCANBEUSEDHERE | mysql_native_password | localhost |
| debian-sys-maint | *CC744277A401A7D25BE1CA89AFF17BF607F876FF | mysql_native_password | localhost |
4 rows in set (0.00 sec)

The given example output shows that the root MySQL user uses a password to authenticate. After confirming this fact on your server,  exit the shell of MySQL:

mysql> exit

Attention: Having set the authentication method of root MySQL user to password, it will be impossible to access MySQL with the sudo mysql command that was previously used. Instead, run the command below:

$ mysql -u root -p

Enter the password you have set to see the MySQL prompt.

Now, having finished this step, you have set up your database system and you can proceed to installing PHP.

3 Step  –  PHP Installation and Nginx Configuring to Use the PHP Processor

 At this stage, Nginx  is set up and ready to serve your pages and MySQL is up to manage and store the data. Yet you need something to generate dynamic content. For this purpose, you need to install PHP.

Unlike some other web servers, Nginx lacks native PHP processing. Thus, you need to install php-fpm, which stands for “fastCGI process manager” and set Nginx to send PHP requests to this software.

Note: It depends on cloud provider, but, before installing the php-fpm package, you may need to add universe repository for Ubuntu, which is a free and open-source software maintained by the Ubuntu community. Type the following command to do it:

$ sudo add-apt-repository universe

Then, proceed to the installation of the php-fpm module together with php-mysql, which is an additional helper package. This will ensure the communication between PHP and your database backend and will pull in the essential PHP core files:

$ sudo apt install php-fpm php-mysql

At this stage, all the necessary components of LEMP are installed. Yet there is the need to make some configuration changes to set Nginx to using the PHP processor for dynamic content.

The server block level (similar to Apache’s virtual hosts) is used to make the needed configurations. Open a new server block configuration file in the directory  /etc/nginx/sites-available/ . The example provided below names the new server block configuration file as, yet you can give it the title you prefer:

$ sudo nano /etc/nginx/sites-available/

If you edit a new server block configuration file (not the default one), you can restore the default configuration without any difficulties if the need arises.

Use the content provided below to your new server block configuration file.The content is slightly modified from the default server block configuration file:

server {
        listen 80;
        root /var/www/html;
        index index.php index.html index.htm index.nginx-debian.html;

        location / {
                try_files $uri $uri/ =404;

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;

        location ~ /\.ht {
                deny all;

See the below explanation of the directives and location blocks and their functions:

listen — Defines the port for Nginx to listen on. The default port for HTTP in this case is  port 80.

root — Defines the document root to store the  the files that are served by the website.

index — Sets Nginx for prioritizing files index.php if a request for an index file is sent (if those files are available).

server_name — Defines the server block to be used for a particular request to your server. This directive should be pointed out to your server’s public IP address or domain name.

location / — The 1st location block has a try_files directive. It looks for files that match a URI request. If Nginx fails to find the needed file, a 404 error will be returned.

location ~ \.php$ — It handles the actual PHP processing. This location block points Nginx to the configuration file fastcgi-php.conf  and the php7.2-fpm.sock file. The latter points what socket associates with php-fpm.

location ~ /\.ht — It deals with .htaccess files, which are not processed by Nginx. If you add the deny all directive, in case any .htaccess files find the way into the document root, Ninx will not serve these files to visitors.

 Save and close the file having added the above content. Create a symbolic link from your new server block configuration file to enable your new server block your new server block. It has to be made from the directory in the /etc/nginx/sites-available/ directory to the /etc/nginx/sites-enabled/ directory:

$ sudo ln -s /etc/nginx/sites-available/ /etc/nginx/sites-enabled/

After that, use the /sites-enabled/ directory to unlink the default configuration file:

$ sudo unlink /etc/nginx/sites-enabled/default

Note: Recreating the symbolic link will restore the default configuration:

$ sudo ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/

Check the syntax of your new configuration file:

$ sudo nginx -t

In case the system reports of any errors, you need to recheck your file.

After that,  to make the necessary changes, reload Nginx:

$ sudo systemctl reload nginx

This step is the last in LEMP installation and configuration. Yet, we  recommend to ensure that all its components can communicate with each other.

4 Step  – Testing Configuration and Creating a PHP File

At this point, LEMP is supposed to be set up. Now you can validate that Nginx hands .php files off to the PHP processor correctly.

To check it, create a test PHP file in your text editor and call it info.php in your document root:

$ sudo nano /var/www/html/info.php

Then type the lines provided below into the new file. These are a valid PHP code and it  will show information concerning your server:


After that, save and close the file.

From this moment, you can use your web browser to visit this page. For this you need to visit your server’s public IP address or domain name followed by /info.php:


Normally, you should see a PHP-generated web page that contains information about your server:

PHP page info

This page means that PHP processing was successfully set up with Nginx.

Verify that the page is correctly rendered by Nginx and remove the file. It is recommended to prevent unauthorized users from finding out some configuration details that may help them in breaking in. This file can be easily restored when you need it in the future.

To remove the file, type:

$ sudo rm /var/www/html/info.php

At this point, your LEMP is configured and functioning on Ubuntu 18.04 server.


  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu 18.04

Introduction ‘LAMP” is a stack of open-source software. Typically, it is installed together in...

How To Install Nginx on CentOS 7

What is Nginx Nginx is server software that is characterized by high performance, flexibility,...

How To Install Node.js on Debian 10

Introduction Node.js a Javascript platform that allows easy creation of networked applications...

How To Install Node.js on Ubuntu 18.04

Introduction Node.js is a JavaScript platform that is used to allow users to build network...

How To Install Node.js on a CentOS 7 server

Introduction Node.js a Javascript platform that allows easy creation of networked applications...

Powered by WHMCompleteSolution