Linux, nginx, MySQL 5.7, and PHP 7 (LEMP) on AWS with free SSL

A stack is a group of software that creates a foundation to build upon. The LEMP stack is a web software stack which allows for delivering web applications. It is one of the most common of the web stacks to deliver a PHP application. LEMP uses a Linux kernel, Nginx for the webserver, MySQL or MariaDB for the database, and PHP for the scripting language.

Nearly all distributions of GNU/Linux will have the same instructions to install the required packages. There is also little change between versions of Ubuntu to warrant a special blog post entitled “LEMP on Ubuntu 14.04” and “LEMP on Ubuntu 16.04” as they will contain the same exact instructions. There are a few oddities on the Amazon Linux AMI to get Let’s Encrypt working on the t2.nano (1 CPU, 512 RAM) instance which I will cover here.

Once you launch your instance, the packages you need to install are:

sudo yum localinstall
sudo yum localinstall
sudo yum install nginx.x86_64 php70-php-fpm php70-php-cli php70-php-mysqlnd mysql-community-server --enablerepo=epel

Now enable the services to run at boot:

sudo chkconfig nginx on
sudo chkconfig mysqld on
sudo chkconfig php70-php-fpm on
sudo service nginx start
sudo service mysqld start
sudo service php70-php-fpm start

Congratulations, you installed a LEMP stack! Now let us go a step further and set up SSL and a WordPress website. Type the following commands to set up our document root and create our virtual host:

The above commands are intended to be copied and pasted into a terminal. If you edited the file and pasted the contents in, remove the backslashes ( \ ) from the try_files line. Next let’s verify our php-fpm configuration to see how it is listening for requests.
sudo grep -in ^listen /etc/opt/remi/php70/php-fpm.d/www.conf

We can either edit the listen directive in /etc/opt/remi/php70/php-fpm.d/www.conf to match our unix socket in our wordpress.conf nginx virtual host file or leave it as is. We have already made nginx look at the unix socket first (which is faster) and revert to the IP address as a backup option.

Now let’s make our document root, download WordPress, and extract it to our specified directory.

Our next step is to set the appropriate permissions on the files and directories.

Now let’s create a database user and secure our database. If you remember from a previous post mysql generates a temporary password. Let us grab that and run mysql_secure_installation. Answer all questions and provide a secure root password.

New we need to set up a database for WordPress.

Now let’s set up our SSL certificate with Let’s Encrypt. To install the client, we need additional software and a swap file.

Fill out the prompted information to get a certificate (we have already filled out the pertinent information in our nginx conf). All that is left to do is to make sure we get automatic renewals. To do that set up your crontab (sudo crontab -e) to include this line:

We are now all set to continue with the installation of WordPress using the built in installer. This can be accessed by visiting your website at

After installing WordPress, I recommend installing the jetpack module. Not only does it allow for posting to social media, but it has a setting to keep your WordPress installation on the latest version (a huge security plus).


      you will also then need to press y 3 times during the installation of the sudo yum install nginx.x86_64 php70-php-fpm php70-php-cli php70-php-mysqlnd mysql-community-server –enablerepo=epel sequence of commands i guess you could also add -y to the end of the sequence

    cesar bibriesca

    remember to enable 443 on aws security

Add to the conversation:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.