Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Situation Awareness
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive

Manually Deploying LNMP (Ubuntu 20.04)

Updated on 2024-11-04 GMT+08:00

Overview

The best practices for Huawei Cloud ECS guide you through the deployment of LNMP on a Linux ECS. This section uses the Ubuntu 20.04 64bit as an example.

Prerequisites

  1. The ECS has an EIP bound.
  2. The rule listed in the following table has been added to the security group which the target ECS belongs to. For details, see Adding a Security Group Rule.
    Table 1 Security group rule

    Direction

    Priority

    Action

    Type

    Protocol & Port

    Source Address

    Inbound

    1

    Allow

    IPv4

    TCP: 80

    0.0.0.0/0

  3. The image source has been updated to a Huawei Cloud image source. For details, see How Can I Use an Automated Tool to Configure a Huawei Cloud Image Source (x86_64 and Arm)? This facilitates obtaining and updating the system and software.

Resource Planning

Table 2 lists the resource configuration and software versions used in this practice. The commands and parameters may vary according to the hardware specifications or software versions you would use.

Table 2 Resources and costs

Resource

Description

Cost

ECS

  • Billing mode: pay-per-use
  • AZ: AZ1
  • Flavor: s6.large.2
  • Image: Ubuntu 20.04 64bit
  • System disk: 40 GiB
  • EIP: Auto assign
  • EIP type: Dynamic BGP
  • Billed by: Traffic
  • Bandwidth: 5 Mbit/s

The following resources generate costs:

  • ECSs
  • EVS disks
  • EIPs

For billing details, see Billing Modes.

Nginx

A high-performance HTTP and reverse proxy server.

Free

MySQL

An open-source relational database software.

Free

PHP

An open-source software used for web development.

Free

Procedure

  1. Install Nginx.

    1. Log in to the ECS.
    2. Run the following commands to install Nginx:

      sudo apt-get update

      sudo apt-get install nginx

      If Do you want to continue? [Y/n] is displayed, enter y or Y to continue the installation.

    3. (Optional) Configure the firewall.

      Uncomplicated Firewall (UFW) is an iptables interface that simplifies the firewall configuration. By default, Ubuntu has UFW installed. Run the following command to check the firewall status:

      sudo ufw status

      If you do not want to enable the firewall, skip this step. If you want to enable the firewall, run the following command:

      sudo ufw enable

      Verify that the firewall is enabled.

      Before testing Nginx, you need to reconfigure the firewall to allow access to Nginx. Run the following command to automatically register Nginx with UFW:

      sudo ufw app list

      Information similar to the following is displayed:

      Available applications:
        Nginx Full
        Nginx HTTP
        Nginx HTTPS
        ...
      • Nginx Full: Port 80 is enabled to distribute normal and unencrypted web traffic, and port 443 to distribute TLS/SSL-encrypted traffic.
      • Nginx HTTP: Port 80 is enabled to distribute normal and unencrypted web traffic.
      • Nginx HTTPS: Port 443 is enabled to distribute TLS/SSL-encrypted traffic.

      Run the following command to ensure that the firewall allows HTTP and HTTPS connections:

      sudo ufw allow 'Nginx Full'

    4. Verify that Nginx can work properly.

      Use the domain name or IP address to access Nginx. The Welcome to nginx page is displayed if Nginx is started normally.

      Enter http://IP address of the Nginx server in the address bar to access Nginx. If the following page is displayed, Nginx has been installed.

      Figure 1 Accessing Nginx

  2. Install MySQL.

    1. Run the following command to install MySQL:

      sudo apt -y install mysql-server

    2. Check the MySQL status.

      sudo systemctl status mysql

      ● mysql.service - MySQL Community Server
           Loaded: loaded (/lib/systemd/system/mysql.service; enabled; vendor preset: enabled)
           Active: active (running) since Wed 2023-07-26 15:57:29 CST; 22min ago
         Main PID: 10770 (mysqld)
           Status: "Server is operational"
             Tasks: 37 (limit: 4217)
           Memory: 364.9M
           CGroup: /system.slice/mysqld.service
                 └─10770 /usr/sbin/mysqld
      
      Jul 26 15:57:29 ecs-ubuntu systemd[1]: Starting MySQL Community Server...
      Jul 26 15:57:29 ecs-ubuntu systemd[1]: Started MySQL Community Server.
    3. Run the following command to access MySQL:

      sudo mysql

    4. Run the following command to set the password for user root:

      ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password by 'xxxxx';

      In the preceding command, xxxxx indicates the password you set for user root.

    5. Run the following command to exit MySQL:

      exit;

    6. Run the following command and follow the prompts to harden MySQL:

      mysql_secure_installation

      Securing the MySQL server deployment.
      
      Enter password for user root:         #Enter the password of user root set in step 4.
      
      VALIDATE PASSWORD COMPONENT can be used to test passwords
      and improve security. It checks the strength of password
      and allows the users to set only those passwords which are
      secure enough. Would you like to setup VALIDATE PASSWORD component?
      
      Press y|Y for Yes, any other key for No: Y    #Press Y to set the password validation policy.
      
      There are three levels of password validation policy:
      
      LOW    Length >= 8
      MEDIUM Length >= 8, numeric, mixed case, and special characters
      STRONG Length >= 8, numeric, mixed case, special characters and dictionary                  file
      
      Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 2       #Enter 2 to select the password validation policy.
      Using existing password for root.
      
      Estimated strength of the password: 25
      Change the password for root ? ((Press y|Y for Yes, any other key for No) : Y   #Press Y to change the password of user root.
      
      New password:  #Enter a new password of user root.
      
      Re-enter new password:   #Enter the new password again.
      
      Estimated strength of the password: 100
      Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : Y  #Press Y to confirm the new password.
      By default, a MySQL installation has an anonymous user,
      allowing anyone to log into MySQL without having to have
      a user account created for them. This is intended only for
      testing, and to make the installation go a bit smoother.
      You should remove them before moving into a production
      environment.
      
      Remove anonymous users? (Press y|Y for Yes, any other key for No) : Y   #Press Y to remove anonymous users.
      Success.
      
      
      Normally, root should only be allowed to connect from
      'localhost'. This ensures that someone cannot guess at
      the root password from the network.
      
      Disallow root login remotely? (Press y|Y for Yes, any other key for No) : Y   #Press Y to disallow remote logins of user root.
      Success.
      
      By default, MySQL comes with a database named 'test' that
      anyone can access. This is also intended only for testing,
      and should be removed before moving into a production
      environment.
      
      
      Remove test database and access to it? (Press y|Y for Yes, any other key for No) : Y   #Press Y to delete the test database and remove access to it.
       - Dropping test database...
      Success.
      
       - Removing privileges on test database...
      Success.
      
      Reloading the privilege tables will ensure that all changes
      made so far will take effect immediately.
      
      Reload privilege tables now? (Press y|Y for Yes, any other key for No) : Y   #Press Y to reload privilege tables.
      Success.
      
      All done!

  3. Install PHP.

    1. Run the following commands to install PHP:

      sudo apt update

      sudo apt install php-fpm

    2. Run the following command to check the version of the installed PHP:

      php -v

      Information similar to the following is displayed:

      PHP 7.4.3-4ubuntu2.19 (cli) (built: Jun 27 2023 15:49:59) ( NTS )
      Copyright (c) The PHP Group
      Zend Engine v3.4.0, Copyright (c) Zend Technologies
          with Zend OPcache v7.4.3-4ubuntu2.19, Copyright (c), by Zend Technologies
    3. Run the following command to check the runtime status of PHP:

      systemctl status php7.4-fpm

      Information similar to the following is displayed:

      ● php7.4-fpm.service - The PHP 7.4 FastCGI Process Manager
           Loaded: loaded (/lib/systemd/system/php7.4-fpm.service; enabled; vendor preset: enabled)
           Active: active (running) since Mon 2023-07-31 17:33:35 CST; 3min 50s ago
             Docs: man:php-fpm7.4(8)
      NOTE:

      If lines 1-16/16 (end) is displayed in the command output, press q to exit.

    4. Modify the Nginx configuration file to support PHP.
      1. Run the following command to open the default Nginx configuration file:

        sudo vim /etc/nginx/sites-enabled/default

      2. Press i to enter insert mode.
      3. Modify the opened Nginx configuration file.

        In server{}, find the line starting with index and add index.php to this line.

        Find location ~ \.php$ {} in server{} and delete the comments from the lines in the following red box:

      4. Press Esc to exit insert mode. Then, enter :wq to save the settings and exit.
    5. Run the following command to reload the Nginx configuration file:

      sudo systemctl restart nginx

  4. Test the LNMP deployment.

    1. In the root directory of the Nginx website, create the phpinfo.php file.

      sudo vim /var/www/html/phpinfo.php

    2. Press i to enter insert mode.
    3. Modify the phpinfo.php file and add the following to the file:
      <?php echo phpinfo(); ?>
    4. Press Esc to exit insert mode. Then, enter :wq to save the settings and exit.
    5. Enter http://IP address of the Nginx server/phpinfo.php in the address bar. If the following page is displayed, the LNMP environment has been deployed.

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback