Acronym Refresher
Instead of only serving static HTML pages, a LEMP server can generate dynamic web pages that run PHP code and load data from a MySQL database.
LEMP Stands for "Linux, Nginx (pronounced as engine-x, hence the E in the acronym), MySQL, and PHP." Together, these software technologies can be used to create a fully-functional web server.
Linux is the most popular, secure and open source operating system used in web servers.
NGINX is an open-source web server delivering web content through the internet, as well as reverse proxying, caching, load balancing, media streaming, and more.
MySQL is a relational database engine that allows you to store data and manage it.
PHP is a widely used open source and general purpose server side scripting language used mainly in web development to create dynamic websites and applications.
NOTE: In some instances, the "P" in LEMP may stand for either Perl or Python, which are other scripting languages.
In this tutorial, we’ll be using MariaDB— a backward compatible, drop-in replacement of the MySQL® Database Server, which includes all major open source storage engines, and allows you to manage relational databases for storing and organizing data.
Prerequisites
- Root access to your server or a
sudouser.
Step 1: Update The Package Cache
Start by updating the packages in the package manager cache to the latest available versions using the following command:
sudo apt updateStep 2: Install the MariaDB Database Server
After updating our package cache, we will now install the MariaDB database server. We'll use MariaDB instead of MySQL because it includes more features and supports new storage engines, in addition to its high performance.
To install MariaDB, execute the following command:
sudo apt install mariadb-server mariadb-clientTap the y key then Enter to continue the installation.
In the preceding command, you install two packages:
mariadb-server: The MariaDB database server which actually stores data.mariadb-client: The MariaDB database client which allows you to interact with and manage the database server via the command line.
Once the installation is finished, verify that the MariaDB database server is running properly by executing the following command to check out the MariaDB service status:
sudo service mariadb statusThe output should show that the service is enabled and running:
● mariadb.service - MariaDB 10.6.7 database server
Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2022-08-02 18:43:46 UTC; 52s ago
Docs: man:mariadbd(8)
https://mariadb.com/kb/en/library/systemd/
Main PID: 2731 (mariadbd)
Status: "Taking your SQL requests now..."
Tasks: 17 (limit: 19072)
Memory: 57.5M
CPU: 421ms
CGroup: /system.slice/mariadb.service
└─2731 /usr/sbin/mariadbd
Here, you can see that the service is active and running in the line "Active: active (running) ...".
Ensure That MariaDB Starts at Boot
To make sure that the MariaDB database server starts with the system at boot, use the enable subcommand of the systemctl command. To do so, execute the following command:
sudo systemctl enable mariadb.serviceYou should receive the following output:
Synchronizing state of mariadb.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable mariadbSecuring The MariaDB Database Server
MariaDB comes with some unsafe default settings which may expose your database server to dangerous security vulnerabilities. It's recommended that you run a security script that comes with MariaDB to strengthen your database server and minimize the risk of database intrusions or breaches.
To secure your MariaDB database server, execute the following command, where you will be presented with seven prompts:
First, run the script:
sudo mysql_secure_installationYou’ll be asked for your current root password:
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.
Enter current password for root (enter for none): Tap Enter.
Next, you'll be asked whether you want to use the unix_socket authentication method:
OK, successfully used password, moving on...
Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.
Switch to unix_socket authentication [Y/n] Tap Y to enable unix_socket authentication for better security.
The unix_socket authentication method uses the Unix user's credentials instead of a password to connect to the MariaDB account with the same username, which makes it a passwordless security mechanism, and because it depends on the user's credentials, it cannot be used to grant multiple Unix users access to a single MariaDB user account. With this, access to your MariaDB database server is limited to the Unix user, adding a security layer for your MariaDB account and preventing attackers from brute forcing or taking advantage of an accidental password leak.
The unix_socket authentication method is particularly strong due to the default sturdiness of Unix user security in preventing remote access. However, unskilled administration of your Unix user system may expose dangerous vulnerabilities. So, keep a wide and open eye on potential Unix user security issues such as weak passwords or accidental password exposure, excessive sudo permissions that allow users to execute commands of a different Unix user, scripts of other users executed by your MariaDB Unix user, running unsafe scripts, or weak remote access security.
Next, you'll be asked to change the root password:
Enabled successfully!
Reloading privilege tables..
... Success!
Change the root password? [Y/n] Tap Y to set a new password for root, and re-enter it for validation.
Next, you'll be asked to remove anonymous users:
Change the root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
productionby subscribing to our newsletter.
