TL;DR
In this post, I am going to show you how you can set up a LAMP server along with reverse proxy using Nginx. The system I am using here is CentOS 8. Here, we will not just install the packages and but also enable SELinux and configure it to work with the LAMP setup. So, we need to set SELinux to enforcing which can be done by running the following command:
# setenforce 1
Now that you have enabled SELinux in your Linux system, Let’s install the Apache server by installing httpd package.
# yum install httpd -y
We don’t want to run Apache in port 80 because we want to run Nginx at port 80 so we configure Apache to run at port 81. For this purpose, edit /etc/httpd/conf/httpd.conf and change line ‘Listen 80’ to ‘Listen 81’. Now start httpd
# systemctl enable --now httpd
The next step is to install MySQL. In our case, we will be using the MariaDB server which is a fork of MySQL. To install MariaDB run:
# yum module install mariadb -y
Now start the database server:
# systemctl enable --now mariadb
After installation, it is suggested to secure MySQL by running ‘mysql_secure_installation’:
Now its time to install PHP.
# yum module install php -y
To allow PHP connect to MariaDB install php-mysqlnd:
# yum -y install php-mysqlnd
Also, allow Apache to connect to MariaDB through the network by running the following command:
# setsebool -P httpd_can_network_connect_db on
For PHP based projects the SELinux policy should be httpd_sys_rw_content_t
# semanage fcontext -a -t httpd_sys_rw_content_t /var/www/html/*.php
Now that, we have install LAMP, we will install Nginx and configure reverse proxy:
# yum install nginx -y
Start Nginx and set it to start at boot
# systemctl enable - now ngnix
To configure the reverse proxy, in your nginx.conf file you can add
server {
/ {
proxy_pass http://localhost:81/
index index.html index.html
}
}
Let’s configure the firewall to open the ports 80 and 443 on the system with the following command:
# firewall-cmd - add-service=http - add-service=https - permanent
# firewall-cmd - reload
SELinux disables any web server to connect to the network. To enable network connection, we need to set sebool httpd_can_network_connect to on. We use -P option for persistence change across a system reboot.
# setsebool -P httpd_can_network_connect on
This can be verified with the command
# getsebool httpd_can_network_connect
The output is as follows: