Create a LEMP stack in AWS with EC2 (Linux, Nginx, MariaDB and PHP 7.2)

Hopefully, this quick run-through will help you get a LEMP server up and running quite quickly in AWS. If you have any questions, feel free to ask in the comments.

Important! Please, choose the required data center from the top right hand corner. Remember to do this for any configuration changes or new instances when logging into the AWS console.

Follow the navigation to start launching a new EC2 instance:
AWS > Compute > EC2 > Instances > Launch Instance

Select the Amazon Linux Candidate we want to use:
Amazon Linux 2 LTS Candidate 2 AMI (HVM), SSD Volume Type – ami-921423eb

And the following flavour with our desired specifications:
General Purpose: t2.xlarge

Click on the ‘next’ buttons in the bottom right hand corner until you get to ‘Configure Security Group’. Leave all other configuration options as default.

The SSH rule should be added already, but you will need to add the 443 and 80 port open from anywhere. Name this security group something relevant with a similar description, so it can be reused for other instances.

Finally, click ‘Review and launch’.

When prompted, create a new key pair and download this to your machine. This will be in the form of a .pem file which you should add to your .ssh directory. For now, this is the quickest way to configure a role to allow you to access the server:

Where aws.pem is the name of your key pair. The usage of CI means no one else should need access to the server, and less human intervention will prevent any configuration from changing. Cloud setups should be kept extremely automated.

If you wish for this to change, consider creating an IAM role, such as, ‘DevOps’, and create and add the necessary users, which will all have different key pairs, AWS logins and API keys. Use different user accounts per employee, to make it easy to revoke them where and when necessary.

Once your key pair is downloaded, you will be able to finally launch your instance. Head back to the ‘Instances’ page and wait for your instance to complete setup. The instance should be in a ‘Running’ state and the status check should show as ‘Initializing’.

When the status checks finalizes and shows ‘2/2 checks passed’, you will be able to use the public IVP4 address of your instance. Use this to login via SSH using the ec2-user user:

Where xxx.xxx.xxx.xxx is your public IPV4 address of the instance.

Please note, if you are unable to ping or access this IP address, your security group may be misconfigured.

Once logged into the box, run the following commands to configure:

Find the following line:

Add this line below it:

Come out of the file, and create the sites-available directory:

Now, create a new virtual host entry:

Paste in the following for a virtual host setup:

For non-dev environments, the SSL certificate will need to be properly generated via a third party (such as CloudFlare or Let’s Encrypt). This will then need to be uploaded to the server(s) and the location of the key changed in the virtual host entry. After applying any changes, Nginx will need to be restarted for these changes to take effect.

Please be sure to change the server_name directive, and set up the relevant DNS (pointing to the load balancer or Elastic IP). After that, create the virtual host symlink:

Finally, we will need to create a server key for the SSL binding. For the key generation, use an empty passphrase, and leave the challenge password blank:

And change the matching keys to the following values:

Feel free to comment out the default virtual host after you have confirmed everything is working as expected, which can be done in:

Once complete, Nginx and PHP-FPM should be running. You can install your website at /var/www/my-site to get started.

To install MariaDB, we’ll need to tell AWS to use the newer repositories:

For other repositories, you can check their website directly or use their repository generator.

Then, we can go ahead and install MariaDB:

We can then go ahead and add the root user and any other necessary users:

To enable mysql on startup, use:

At a later stage, when the website is fully deployed, an image should be taken to allow us to recreate boxes at the click of a button, as well as being able to set up auto-scaling in the future. This will drastically reduce the time needed to re-create an instance, and could be used in an emergency situation if an instance is unresponsive.

Please note, it is not recommended to take an image when the instance is running, as Amazon is not able to guarantee the integrity of the file system on the created image. When creating images, please bear in mind the instance will be shut down. If taking images on a working production environment, the instance should be taken out of the load balancer before working on it.

If you have any problems or need to troubleshoot, check your Nginx configuration by using:

And using the Nginx error log to check for errors when accessing the web server:

Once a configuration file has changed, you will need to restart nginx with:

Leave a Reply

Your email address will not be published. Required fields are marked *