Before a few hours ago this site was hosted on an OpenVZ container running a cPanel LAMP stack which was provided by the company I work for. I found a $10 credit for DigitalOcean so I decided I would configure a LEMP stack and move this site over there since I haven’t played around with vanilla Nginx in quite some time.
It took a few hours to get everything setup and I’ve documented the process below.
- Get everything up to date:
yum update -y
- We’ll need the EPEL repo in order to install nginx:
yum install -y epel-release yum install -y nginx
- For PHP-FPM 7 we need the IUS repos. WordPress also requires the GD extension to edit images:
curl 'https://setup.ius.io/' -o setup-ius.sh bash setup-ius.sh yum install -y php70u-fpm-nginx php70u-cli php70u-mysqlnd php70u-gd php70u-imagick php70u-opcache php70u-ioncube-loader
- Setup the MariaDB repo and install the database server:
cat >/etc/yum.repos.d/MariaDB101.repo<<EOF # MariaDB 10.1 CentOS repository list - created 2017-02-12 21:25 UTC # http://downloads.mariadb.org/mariadb/repositories/ [mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.1/centos7-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1 EOF
yum clean all yum install -y mariadb-server mariadb-libs mariadb-devel mariadb-client
- I chose to use /var/www/html as the primary document root for Nginx:
mkdir -p /var/www/html chown php-fpm:nginx -R /var/www/
- While unnecessary when using Nginx I decided to also have Varnish handle non-HTTPS web traffic, mainly because I haven’t used Varnish in a while and wanted to play with it, we’ll install it now and configure it later:
yum install -y varnish
- I’m using Let’s Encrypt for SSL since without cPanel there are no more free Comodo SSL certificates. I needed to point my domain to this server before I could go any further but wanted to at least have the site up before doing so, so we’ll finish up with the SSL certificate installation later:
yum install -y certbot
- At this point we’re pretty much ready to start enabling services and configuring our LEMP stack.
- Enable everything:
systemctl enable varnish php-fpm nginx mariadb
- I won’t go into too much detail on how to configure the services because the config files are commented pretty well and I’m providing mine.
- We’ll have Varnish on port 80 forwarding to Nginx on port 8080, Nginx will also handle all HTTPS traffic. PHP-FPM will be configured to use a socket instead of a loopback connection and MariaDB 10.1 will be used to handle the database for this site.
- The configuration files used here are available for download here. It’s in git so check the branches.
- We’ll now need to start the services in order to request the SSL certificates from Let’s Encrypt:
systemctl start varnish nginx php-fpm mariadb
- Request and install the SSL certificate and configure a cron to renew it every 30 days:
certbot certonly -a webroot --webroot-path=/var/www/html/blog -d blog.donthurt.us
[root@centoscloud ~]# crontab -u root -l 30 2 * * 1 /usr/bin/certbot renew >> /var/log/le-renew.log 35 2 * * 1 /usr/bin/systemctl reload nginx
- As seen below, HTTP traffic is going through Varnish to Nginx while Nginx handles all HTTPS traffic:
[root@centoscloud ~]# curl --head http://blog.donthurt.us HTTP/1.1 200 OK Server: nginx/1.10.2 Date: Mon, 13 Feb 2017 09:29:43 GMT Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/7.0.15 Link: <http://blog.donthurt.us/wp-json/>; rel="https://api.w.org/" X-Cache: EXPIRED X-Varnish: 327744 262211 Age: 3 Via: 1.1 varnish-v4 Connection: keep-alive [root@centoscloud ~]# curl --head https://blog.donthurt.us HTTP/1.1 200 OK Server: nginx/1.10.2 Date: Mon, 13 Feb 2017 09:31:01 GMT Content-Type: text/html; charset=UTF-8 Connection: keep-alive X-Powered-By: PHP/7.0.15 Link: <https://blog.donthurt.us/wp-json/>; rel="https://api.w.org/" X-Cache: HIT