NGINX
SSL MYSQL APACHE
LEMP
is a combination of the operating system and open-source software
stack. The acronym LEMP comes from the first letters of Linux,
Nginx(engine-x)
HTTP Server, MySQL
database, and PHP/Perl/Python.
In this
tutorial, let us see how to install Nginx, MySQL on Ubuntu 14.10.
Install Nginx
root@raj:~# apt-get install nginx
root@raj:~# service nginx start
Configure Nginx
root@raj:~#
vim /etc/nginx/nginx.conf
Set
the worker_processes (i.e No. of CPU’s in your system). To see the
no. of CPU’s, use the command “lscpu”. In my case it’s “1″.
So I set this as ’1′.
worker_processes 1;
root@raj:~# service nginx restart
Open the
file /etc/nginx/sites-available/default in any editor.
root@raj:~#
vim /etc/nginx/sites-available/default
upstream
web-virt {
server 192.168.122.245:80;
}
server {
listen 443 ssl;
server_name 192.168.1.110:443;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
location
/ {
proxy_pass http://127.0.0.1:80;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;
}
}
##Next
server goes here
Save and
exit the file.
Test nginx configuration
Test the
nginx configuration for any syntax errors using command:
root@raj:~# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Install MySQL
root@raj:~# apt-get install mysql-server mysql-client
OR
root@raj:~# apt-get install software-properties-common
root@raj:~# apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xcbcb082a1bb943db
root@raj:~# add-apt-repository 'deb http://sgp1.mirrors.digitalocean.com/mariadb/repo/5.5/ubuntu trusty main'
root@raj:~# apt-get update
root@raj:~# apt-get install mariadb-server mariadb-client -y
root@raj:~# /etc/init.d/mysqld restart
root@raj:~# mysql -p
password:
mysql> create database test;
mysql> grant all on insuramatch_r.* to 'insuramatch_r'@'192.168.122.%'
identified by 'insuramatch_r';
mysql> flush privileges;
mysql> \q
How To Create a SSL Certificate on nginx for Ubuntu 12.04
About Self-Signed Certificates
A SSL certificate is a way to encrypt a site's information and create a more secure connection. Additionally, the certificate can show the virtual private erver's identification information to site visitors. Certificate Authorities can issue SSL certificates that verify the server's details while a self-signed certificate has no 3rd party corroboration.root@raj:~# mkdir /etc/nginx/ssl
root@raj:~# cd /etc/nginx/ssl
Create the Server Key and Certificate Signing Request
root@raj:~# openssl genrsa -des3 -out server.key 1024
root@raj:~# openssl req -new -key server.key -out server.csr
You
are about to be asked to enter information that will be incorporated
into your
certificate request.
What you
are about to enter is what is called a Distinguished Name or a DN.
There are
quite a few fields but you can leave some blank
For some
fields there will be a default value,
If you
enter '.', the field will be left blank.
-----
Country
Name (2 letter code) [AU]:In
State or
Province Name (full name) [Some-State]:New Delhi
Locality
Name (eg, city) []:New delhi
Organization
Name (eg, company) [Internet Widgits Pty Ltd]:Example Inc
Organizational
Unit Name (eg, section) []:IT
Common
Name (e.g. server FQDN or YOUR name) []:sharma.com
Email
Address []:root@raj.sharma.com
root@raj:~# cp server.key server.key.org
root@raj:~# openssl rsa -in server.key.org -out server.key
Step Four— Sign your SSL Certificate
Your certificate is all but done, and you just have to sign it. Keep in mind that you can specify how long the certificate should remain valid by changing the 365 to the number of days you prefer. As it stands this certificate will expire after one year. openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Set Up the Certificate
Now
we have all of the required components of the finished
certificate.The next thing to do is to set up the virtual hosts to
display the new certificate.
root@raj:~# vim /etc/nginx/sites-available/default
server
{ listen
443 ssl;
server_name
192.168.122.76;
ssl_certificate
/etc/nginx/ssl/server.crt;
ssl_certificate_key
/etc/nginx/ssl/server.key;
location
/ {
proxy_pass
http://127.0.0.1:80;
proxy_set_header
X-Real-IP $remote_addr;
proxy_set_header
X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header
X-Forwarded-Proto https;
proxy_set_header
X-Forwarded-Port 443;
proxy_set_header
Host $host;
}
}
root@raj:~# ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled/default
root@raj:~# service nginx restart
Now
go to the apache server
root@sunny:/etc/apache2/sites-available#
vim raj.conf
<VirtualHost
*:80>
ServerAdmin
root@sharma.com
ServerName
sunny.com
DocumentRoot
/var/www/sunny/
<Directory
/>
Options
FollowSymLinks
AllowOverride
All
</Directory>
<Directory
/var/www/sunny/>
Options
Indexes FollowSymLinks MultiViews
AllowOverride
All
Order
allow,deny
allow
from all
</Directory>
ErrorLog
${APACHE_LOG_DIR}/sunny.error.log
#
Possible values include: debug, info, notice, warn, error, crit,
#
alert, emerg.
LogLevel
warn
CustomLog
${APACHE_LOG_DIR}/sunny.access.log combined
</VirtualHost>
save
and quit
Now
run comand a2ensite
a2ensite
is a script that enables the specified site (which contains a
<VirtualHost> block) within the apache2 configuration.
It does this by creating symlinks within /etc/apache2/sites-enabled.
Likewise, a2dissite disables a site by removing those symlinks
root@raj:~#
a2ensite sunny.conf
Restart
the apache2 service
root@raj:~#
/etc/init.d/apache2 restart
Now
access the site in browser
https://192.168.122.245/sunny
