How to install a LEMP stack on AlmaLinux

By Angus Published 30 September 2024 Updated 4 March 2026 9 min read

A LEMP stack combines Linux, NGINX, MariaDB and PHP to create a high-performance web server environment. NGINX handles HTTP requests more efficiently than Apache under heavy traffic, making LEMP ideal for busy WordPress sites, web applications and ecommerce platforms.

You will install and configure each component of the LEMP stack on AlmaLinux 8, open the necessary firewall ports and verify that all services work together correctly. This guide assumes you have a fresh AlmaLinux 8 installation on your VPS.

Before you begin

  • You need SSH access to your AlmaLinux 8 VPS with root privileges.
  • Your VPS must have at least 1GB RAM for optimal performance.
  • We recommend noting your server’s IP address or hostname from your welcome email.

Prepare your VPS

You need to update system packages and configure the firewall before installing LEMP components. This prevents conflicts with outdated software and allows web traffic to reach your server.

  1. Connect to your VPS via SSH.
    Use PuTTY on Windows or Terminal on macOS and Linux. Enter ssh root@your-server-ip replacing your-server-ip with your actual server address. Enter your root password when prompted.
  2. Update installed packages.
    Run dnf update to check for available updates. Type y and press Enter when prompted to confirm the installation. This brings all system packages to their latest versions.
  3. Check current firewall rules.
    Run firewall-cmd --zone=public --list-services to see which services can receive traffic. By default, AlmaLinux blocks HTTP and HTTPS connections.
Terminal output showing firewall services list without HTTP or HTTPS enabled
Default firewall configuration blocks web traffic.
  1. Open HTTP and HTTPS ports.
    Run these three commands in sequence to allow web traffic and apply the changes:
    firewall-cmd --permanent --zone=public --add-service=http
    firewall-cmd --permanent --zone=public --add-service=https
    firewall-cmd --reload
  2. Verify the firewall changes.
    Run firewall-cmd --zone=public --list-services again. The output should now include http and https in the list of allowed services.
Terminal output showing HTTP and HTTPS services enabled in firewall configuration
Firewall now permits web traffic on ports 80 and 443.

Your VPS is now ready to receive web traffic. Next, you will install NGINX to handle incoming HTTP requests.

Install and configure NGINX

NGINX serves as your web server, processing HTTP requests and delivering content to visitors. You will install the latest stable version and configure it to work with PHP.

  1. Check available NGINX versions.
    Run dnf module list nginx to see which versions are available. This displays all NGINX module streams in the AlmaLinux repository.
Terminal output showing available NGINX module versions in AlmaLinux repository
Available NGINX versions in the module repository.
  1. Enable the latest NGINX version.
    Run dnf module enable nginx:1.24 to activate version 1.24. Replace 1.24 with a different version number if your application requires it.
  2. Install NGINX and dependencies.
    Run dnf install epel-release -y to add the EPEL repository, which provides additional packages. Then run dnf install nginx -y to install NGINX. The -y flag skips confirmation prompts.
Terminal output showing NGINX installation progress with package dependencies
NGINX installation completes with required dependencies.
  1. Start and enable NGINX.
    Run systemctl start nginx to start the web server immediately. Then run systemctl enable nginx to configure NGINX to start automatically when your VPS boots.
  2. Create the default server configuration.
    Run nano /etc/nginx/conf.d/default.conf to create a new configuration file. Paste the following configuration, replacing your-server-ip with your actual server IP address or hostname:
server {
    listen 80;
    server_name your-server-ip;
    root /usr/share/nginx/html;

    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/run/php-fpm/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}

This configuration tells NGINX to listen on port 80, serve files from /usr/share/nginx/html and pass PHP requests to PHP-FPM. The final location block prevents access to Apache configuration files.

Nano text editor showing NGINX server configuration file with PHP-FPM settings
NGINX configuration file with PHP-FPM integration.
  1. Apply the configuration changes.
    Press Ctrl+X, then Y, then Enter to save and close the file. Run systemctl reload nginx to apply your changes without interrupting active connections.

NGINX is now installed and configured to handle web requests. Next, you will install MariaDB to store application data.

Install and configure MariaDB

MariaDB provides database functionality for your web applications. You will install the database server, secure it and verify that it accepts connections.

  1. Check available MariaDB versions.
    Run dnf module list mariadb to see which versions are available in the repository.
  2. Enable and install MariaDB.
    Run dnf module enable mariadb:10.11 to activate version 10.11. Then run dnf install mariadb mariadb-server to install both the client and server packages.
Terminal output showing MariaDB server and client installation progress
MariaDB installation includes server and client components.
  1. Start and enable MariaDB.
    Run systemctl start mariadb to start the database server. Then run systemctl enable mariadb to configure it to start automatically on boot.
  2. Secure your MariaDB installation.
    Run mysql_secure_installation to launch the security configuration wizard. Press Enter when prompted for the current root password (there is none yet). Type Y to set a root password and enter a strong password twice. Answer Y to all remaining prompts to remove anonymous users, disable remote root login, remove the test database and reload privileges.
Terminal showing MariaDB secure installation wizard prompts and responses
MariaDB security configuration removes default vulnerabilities.
  1. Test database connectivity.
    Run mysql -u root -p and enter your root password when prompted. You should see the MariaDB prompt. Type exit or press Ctrl+D to close the connection.

MariaDB is now running and secured with a root password. Next, you will install PHP to process dynamic content.

Install and configure PHP

PHP processes server-side code and generates dynamic web pages. You will install PHP with necessary extensions and configure PHP-FPM to work with NGINX.

  1. Check available PHP versions.
    Run dnf module list php to see which PHP versions are available. This displays all PHP module streams in the repository.
Terminal output showing available PHP module versions in AlmaLinux repository
Available PHP versions in the module repository.
  1. Enable PHP 8.2.
    Run dnf module enable php:8.2 to activate PHP 8.2. This version provides modern language features and security improvements.
  2. Install PHP and required extensions.
    Run the following command to install PHP with commonly needed extensions:
dnf install php php-fpm php-zip php-intl php-opcache php-gd php-mbstring php-xml php-mysqlnd

These extensions provide image processing, database connectivity, XML parsing and other functionality required by most web applications.

  1. Configure PHP-FPM for NGINX.
    Run nano /etc/php-fpm.d/www.conf to open the PHP-FPM configuration file. Press Ctrl+W to search, type user = apache and press Enter. Change user = apache to user = nginx. Search again for group = apache and change it to group = nginx. Press Ctrl+X, then Y, then Enter to save.
Nano text editor showing PHP-FPM configuration file with user and group settings
PHP-FPM configuration updated to run as nginx user.
  1. Start and enable PHP-FPM.
    Run systemctl start php-fpm to start the PHP processor. Then run systemctl enable php-fpm to configure it to start automatically on boot.
  2. Create a PHP test file.
    Run nano /usr/share/nginx/html/index.php to create a new file. Type the following PHP code:
<?php phpinfo(); ?>

Press Ctrl+X, then Y, then Enter to save the file.

  1. Test PHP processing.
    Open your web browser and navigate to http://your-server-ip/index.php replacing your-server-ip with your actual server address. You should see a page displaying PHP configuration information. This confirms that NGINX passes PHP requests to PHP-FPM correctly.

Your LEMP stack is now fully installed and functional. All components work together to serve dynamic web content.

Troubleshooting

NGINX fails to start

Configuration syntax errors prevent NGINX from starting. Run nginx -t to test your configuration files. The output identifies the file and line number of any errors. Common issues include missing semicolons, mismatched brackets or incorrect file paths.

PHP files download instead of executing

This occurs when NGINX cannot communicate with PHP-FPM. Check that PHP-FPM is running with systemctl status php-fpm. Verify that the socket path in your NGINX configuration matches the PHP-FPM socket location. The default socket is /run/php-fpm/www.sock.

Cannot connect to MariaDB

Connection failures usually indicate that MariaDB is not running or the password is incorrect. Run systemctl status mariadb to check the service status. If you forgot your root password, you can reset it by stopping MariaDB, starting it with mysqld_safe --skip-grant-tables &, connecting without a password and running ALTER USER 'root'@'localhost' IDENTIFIED BY 'new-password';

502 Bad Gateway errors

These errors appear when NGINX cannot reach PHP-FPM. Check that PHP-FPM is running and that the socket file exists at /run/php-fpm/www.sock. Verify that the nginx user has permission to access the socket. You can check PHP-FPM logs at /var/log/php-fpm/www-error.log for specific error messages.

Further reading on LEMP stack management

The LEMP stack requires ongoing maintenance to remain secure and performant. Regular updates patch security vulnerabilities in all components. You should monitor your server’s resource usage to identify bottlenecks before they affect performance. NGINX provides detailed access and error logs that help diagnose issues.

PHP-FPM offers several configuration options that affect performance. The pm.max_children setting controls how many PHP processes can run simultaneously. Setting this too low causes requests to queue, while setting it too high exhausts available memory. The PHP-FPM configuration documentation explains how to tune these settings for your workload.

MariaDB performance depends heavily on proper configuration. The innodb_buffer_pool_size setting determines how much memory MariaDB uses for caching. For dedicated database servers, set this to 70-80% of available RAM. The MariaDB knowledge base provides detailed guidance on optimising database performance.

Our guide on installing a LAMP stack on AlmaLinux covers Apache-based configurations if you need to compare approaches or migrate between web servers.

Wrapping up

Your AlmaLinux VPS now runs a complete LEMP stack. You installed NGINX as your web server, MariaDB for database storage and PHP for processing dynamic content. The firewall permits web traffic and all components communicate correctly through Unix sockets.

Test your stack thoroughly before deploying applications. Create a database, upload a simple PHP application and verify that all functionality works as expected. Our VPS hosting provides the resources and flexibility to run demanding web applications on your LEMP stack.

UWH
SAVE 16%

Power Up Your Apps

VPS-1 Hosting

£9.99 £8.33/mo

GET VPS HOSTING

Categories

Need more power?

Get scalable resources with our VPS hosting with root access and optional software.

Get VPS Hosting

Starting something new?

Perfect for websites and small businesses unlimited bandwidth with cPanel hosting.

Get cPanel Hosting