Skip to main content

LEMP (Latest Version) – Ubuntu 20.04

Overview

Category: Frameworks
Supported OS: Ubuntu 20.04

Quickly deploy a cloud server with Nginx, MySQL, and PHP pre-installed—the essential components for hosting high-performance, scalable web applications. The LEMP stack is popular for modern websites and applications that require speed and security.

Software Included

  • Nginx: 1.18
  • MySQL: 8.0.32
  • PHP: 8.1
  • Fail2ban: 0.11.1
  • Postfix: 3.4.13
  • Certbot: 0.40.0

Getting Started After Deployment

1. Firewall Configuration

Allow only SSH (port 22, rate limited), HTTP (port 80), and HTTPS (port 443) for security and web access.

2. Deployment Message

During deployment, you will be logged out and see the following message:

Please wait until the installation is completed.... Connection to $IPADDRESS closed.

Do not log in for at least 2 minutes after the instance is created to allow the setup to complete.

3. First Login Steps

  • View your LEMP instance by visiting its IP address in your browser.

  • Log in as the ubuntu user (using the password or SSH key you set during creation).

  • Switch to the root user without a password:

    sudo su -

  • The MySQL root password is stored under:

    /root/.mysql_root_password

  • Log in to MySQL with:

mysql -u root -p <password from the above file>

  • The web root directory is:

    /var/www/html

4. Securing Your Instance

To secure your connection, configure a registered domain for your instance.

Nginx Server Blocks (for Multi-site Hosting)

  • Create a directory in /var/www for each domain.

  • Create a server block config in /etc/nginx/sites-available for each domain.

  • Enable your new server block with:

    ln -s /etc/nginx/sites-available/<your-domain-config> /etc/nginx/sites-enabled/ systemctl reload nginx

SSL Setup with Certbot

  • Ensure DNS A records are set for your domain and www subdomain.

  • The server_name directive in your server block should match the domain.

  • Generate an SSL certificate:

    certbot --nginx -d example.com -d www.example.com

  • After setting up HTTPS, optionally deny HTTP traffic on port 80 for better security.

5. Setting up Postfix

  • Set a valid hostname:

    hostnamectl set-hostname $HOSTNAME

    Replace $HOSTNAME with your desired hostname and ensure it has a proper A record. The instance IP must have a valid PTR record.

  • Configure the hostname in /etc/postfix/main.cf:

    myhostname = $hostname

  • Restart Postfix:

    systemctl restart postfix

  • Test outgoing email:

    echo "Postfix test" | mail -s "Subject" test@gmail.com

Note: Initial emails may be delivered to the spam folder. As your server’s reputation builds, emails will be delivered to inboxes.