In this guide, you will learn how to install LEMP stack on an Arch Linux server. LEMP is a popular stack used by web developers for testing and hosting websites and applications. LEMP is an abbreviation for Linux Nginx (pronounced as Engine X) MariaDB / MySQL and PHP. Nginx is a high-performance and stable web server which can also be used as a reverse proxy. It’s popular for serving high traffic sites and is usually preferred to Apache in production servers. MariaDB / MySQL are open source database Engines for storing website data. MariaDB is a fork of MySQL and is mostly preferred since the takeover of MySQL by Oracle. Lastly, we have PHP which is a server-side scripting language used for developing dynamic web pages. We are going to install each of these components and test their installation on Arch Linux.
Step 1) Install Nginx Web Server
Before the installation of any package, it’s always a good idea to update the system packages. So, proceed and update Arch packages using the command:
$ sudo pacman -Syy
To install Nginx, run the command:
$ sudo pacman -S nginx
Once installed, enable Nginx to start upon boot and start Nginx service by running the commands:
$ sudo systemctl enable nginx
$ sudo systemctl start nginx
To confirm that Nginx is running, execute the command:
$ sudo systemctl status nginx
The output indicates that Nginx is up and running. Additionally, you can confirm that the Nginx web server is up by launching your browser and typing your server’s IP address in the URL bar as shown.
To check the version of Nginx installed, run:
$ nginx -v
By default, Nginx listens on port 80. To confirm this, use the netstat command as shown:
$ sudo netstat -plntu
Step 2) Install MariaDB database Engine
To install MariaDB database engine, run the command:
$ sudo pacman -S mariadb
Once installed, proceed and initialize the MariaDB data directory and create system tables as shown below
$ sudo mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql
After the initialization is complete, enable and start the MariaDB service as shown
$ sudo systemctl enable mariadb
$ sudo systemctl start mariadb
By default, upon installation, MariaDB database engine does not have a password for the root user. This can create a loop hole for a potential breach. To prevent that from happening,we need to secure our database engine and enforce a list of other restrictions.
So change to root user and run the command below to begin hardening MariaDB
This will start a series of prompts. First, you will be required to set the root password. Initially, you will be notified that the root account is protected and that you can proceed at your discretion and ignore changing the root password.
If you feel that you need to change the password hit ‘Y’ on the keyboard and provide a strong password and confirm it.
The rest of the prompt will require you to perform a few hardening tweaks to your MariaDB database engine. This includes removing anonymous users, disabling remote root login , removing the test database and finally reloading the privileges tables to which you should answer Yes to all …