Step-by-Step Guide to Building an LNMP Stack with SSL and Auth
This tutorial walks you through installing and configuring Nginx, MariaDB, PHP‑FPM, setting up a Xiaomi‑style website, securing the server with self‑signed SSL certificates, and adding basic HTTP authentication, complete with command‑line examples and configuration snippets.
Practical 1: Build LNMP and a Xiaomi‑style site
Environment: disable firewall and SELinux.
1. Install packages and start services
yum -y install nginx mariadb-server php-fpm php-mysql
systemctl start nginx
systemctl start mariadb
systemctl start php-fpm2. Modify Nginx configuration
Copy default config and edit /etc/nginx/nginx.conf:
# Example snippets
user nobody;
error_log /var/log/nginx/error.log info;
events {
worker_connections 65535;
}
gzip on;
server {
listen 80;
server_name xiaomi.along.com;
root /data/web;
location / {
index index.php index.html index.htm;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}Test configuration with nginx -t and restart: systemctl restart nginx. Adjust file descriptor limit:
ulimit -n 655353. Adjust PHP‑FPM settings
Edit /etc/php.ini:
date.timezone = Asia/Shanghai
short_open_tag = OnEdit /etc/php-fpm.d/www.conf:
user = nobody
group = nobodyRestart PHP‑FPM: systemctl restart php-fpm.
4. Create MySQL database
create database xiaomi;5. Deploy website files
Upload the Xiaomi source package, unzip to /data/web, and set ownership:
mkdir -p /data/web
unzip -d /data/web/ xiaomi.zip
cd /data/web/
chown -R nobody.nobody *6. Access the site
Admin login: user admin, password 123456. Configure database connection in /data/web/data/config.php as shown in the screenshots.
7. Verify the installation
Open the admin panel at http://192.168.30.107/admin and confirm the site works.
8. Load testing
ab -c 100 -n 1000 http://192.168.30.107/Practical 2: Enable SSL encryption
1. Create directory for certificates
mkdir /etc/nginx/ssl2. Generate self‑signed certificate
cd /etc/pki/tls/certs/
make nginx.crtDecrypt the private key for Nginx:
openssl rsa -in nginx.key -out nginx2.key3. Copy certificate and key
cp nginx.crt nginx2.key /etc/nginx/ssl/
cd /etc/nginx/ssl/
mv nginx2.key nginx.key4. Add SSL server block
server {
listen 443 ssl;
server_name www.along.com;
ssl on;
ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
}5. Test HTTPS access
Open https://192.168.30.7/ in a browser and trust the certificate.
Practical 3: Implement HTTP basic authentication
1. Create password file
cd /etc/nginx/conf.d
htpasswd -c -m .htpasswd http1
htpasswd -m .htpasswd http22. Update Nginx configuration
location /images {
auth_basic "images site";
auth_basic_user_file /etc/nginx/conf.d/.htpasswd;
}3. Verify authentication
Access http://172.17.22.22/images/loading.gif and provide credentials.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.