Installing LEMP on Debian 8

Warning: Draft Only, still work on this !!!

This walk-through is part of series of explicit step-by-step instruction to develop a WordPress based production platform. This document intended as learning points for beginner sysadmin and check list notes for experts.

If you are a web master, designer, blog writers, enterprise web admin, SME owner/manager, and you need a low cost system administrator to plan, create, secure, and maintain your WordPress production server, please contact us.

Installation walk-through performed on: Debian 8 on Digital Ocean Droplet. Same procedure should be work on AWS, Google Cloud, or other Cloud Instance / VPS with root privilege SSH access.

Scope of this walk-through is Installing Debian 8 LEMP on existing Debian 8 server.

  • MariaDB – Standard Debian 8
  • Nginx – Custom build: NAXSI, PageSpeed (later CertBot, HTTP/2)
  • PHP – Standard Debian 8
  • Phpmyadmin – Standard Debian 8
  • Varnish – Varnish Repo

Related Readings

Parent Document:
Complete Walk-through to Create a WordPress Production Platform.

Requirements: Server hardware, server software, client software.

Previous Walk-through: Debian 8 Initial Setup

Next Walk-through: WordPress Multi-site on Debian 8

General Instruction

  1. Words in bold should be change according to your preferences.
  2. Words pre-formatted is command line instructions to put on Debian text console.
  3. Copy each and entire command line instruction (using triple click and control-c), then left click on Bitvise SSH Client console to execute.
  4. Words inside brackets is words to be clicked.


Do following step:

  1. Cleanup from previous Apache & MySQL (Only required when reinstall existing server).
    Check whether apache or mysql or mariadb service registered:

    sudo service --status-all

    If not registered, skip following step.

    sudo apt-get remove --purge apache2 apache2-utils apache2-common apache2.2-bin
    sudo apt-get remove --purge mysql-server mysql-client mysql-common
    whereis mysql
    rm -rf /var/lib/mysql
    rm -rf /etc/mysql
  2. Install MariaDB
    Setup MariaDB Repository, go to MariaDB website
    Pick distro: [Debian]
    Pick release: [Debian 8 “Jessie”]
    Pick latest stable version: [10.1 [stable]]
    [Show all mirrors]
    Choose mirror closest to your hosting server, not to your PC: [digitalocean-sgp]

    Run all command under “Here are the commands to run to add MariaDB to your system:”. Just copy each line, then left click on Bitvise SSH Client to paste. Below is the example (use the one from MariaDB site):

    sudo apt-get install software-properties-common 
    sudo apt-key adv --recv-keys --keyserver 0xcbcb082a1bb943db 
    sudo add-apt-repository 'deb [arch=amd64,i386] jessie main'

    Update and install MariaDB Server

    sudo apt-get update
    sudo apt-get install mariadb-server

    Enter root password for mariadb

  3. Configure and test MariaDB
    sudo service mariadb status

    (If succeed you will get something like this:)
    hostname:~$ sudo service mariadb status
    mariadb.service – MariaDB database server
    Loaded: loaded (/lib/systemd/system/mariadb.service; enabled)
    Drop-In: /etc/systemd/system/mariadb.service.d
    Active: active (running) since Thu 2016-xx-xx xx:xx:xx EDT; 24s ago
    Main PID: xxxx (mysqld)
    Status: “Taking your SQL requests now…”
    CGroup: /system.slice/mariadb.service
    └─xxxx /usr/sbin/mysqld

  4. Optimize mariadb
    query_cache_limit = 256K
    query_cache_min_res_unit = 2k
    query_cache_size = 80M
    tmp_table_size= 64M
    max_heap_table_size= 64M
    slow-query-log = 1
    slow-query-log-file = /var/lib/mysql/mysql-slow.log
    long_query_time = 5 #1
    tar xf master
    cd major-MySQLTuner-perl-993bc18/
    mysqlcheck -u root -p --auto-repair --check notwordpress
    mysqlcheck -u root -p --auto-repair --optimize notwordpress
  5. Create Snapshoot of the Server for Backup
  6. Install Nginx: Build Custom Nginx
  7. Install PHP
    sudo apt-get install php5 php5-fpm php5-mysql memcached php5-memcached

    Edit php.ini configuration

    sudo nano /etc/php5/fpm/php.ini

    Best practice, fix_pathinfo=0
    (find cgi.fix using [F6] – “cgi.fix” – [Enter])


    Increase memory limit from 128M, according to your server memory
    (find memory limit using [F6], “memory_limit”, [Enter])


    Set date.timezone, pick your timezone from
    (find memory limit using [F6], “date”, [Enter])
    date.timezone Asia/Jakarta

    [Control-x], [y], [Enter] to save and exit nano.

  8. Configure PHP FPM
    sudo nano /etc/php5/fpm/pool.d/www.conf

    Adjust max_children, start_servers, spare_servers, and max_requests according to your server memory and usage. If you have large memory and server dedicated for php-fpm, you could increase the value.

    listen = /var/run/php5-fpm.sock
    pm = dynamic
    pm.max_children = 20
    pm.start_servers = 5
    pm.min_spare_servers = 1
    pm.max_spare_servers = 5
    pm.max_requests = 500

    [Control-x], [y], [Enter] to save and exit nano.

  9. Configure Nginx-PHP
    sudo nano /etc/nginx/sites-available/default

    On server{}, add index.php as index:

            index index.php index.html index.htm;

    On server{}, add php script fastCGI pass:

    # pass the PHP scripts to FastCGI server listening on /var/run/php5-fpm.sock
     location ~ \.php$ {
     try_files $uri =404;
     fastcgi_pass unix:/var/run/php5-fpm.sock;
     fastcgi_index index.php;
     fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
     include fastcgi_params;

    [Control-x], [y], [Enter] to save and exit nano.

  10. Test Nginx-PHP using phpinfo()
    sudo service nginx restart
    sudo service php5-fpm restart

    Create new folder to store utilities pages

    sudo mkdir /var/www/html/yoursecretfolder
    sudo touch /etc/nginx/.htpasswd
    sudo sh -c "echo -n 'yourusername:' >> /etc/nginx/.htpasswd"
    sudo sh -c "openssl passwd yourpassword >> /etc/nginx/.htpasswd"
    cat /etc/nginx/.htpasswd
    sudo nano /etc/nginx/sites-enabled/default
    location /yoursecretfolder {
    try_files $uri $uri/ =404;
    auth_basic "Restricted Content";
    auth_basic_user_file /etc/nginx/.htpasswd;
    location ~ /\. { deny  all; }

    Create the phpinfo file

    nano /var/www/html/yoursecretfolder/testphp.php

    [Control-x], [y], [Enter] to save and exit nano.

    Browse to http://localhost/yoursecretfolder/testphp.php

    Check PHP version: 5.6.24-0+deb8u1
    Check MariaDB Client API version on MySQL tab: 10.1.16-MariaDB
    Check Memcached version: 2.2.0
    Check Server Software on PHP Variables: nginx/1.9.10


  11. Install phpmyadminYou can skip this if you don’t use phpmyadmin
    sudo apt-get install phpmyadmin

    (when asked between apache or httpd, just skip with tab)
    (configure with dbconfig-common, yes)
    (enter MariaDB password)
    (enter twice for random phpmyadmin password)
    (create link on www on your special dir, exempt from index:)

    sudo ln -s /usr/share/phpmyadmin/ /var/www/html/yoursecretfolder/phpmyadmin


  12. Install Varnish (OBSOLETE – repo has been moved)
    sudo apt-get install apt-transport-https
    curl | sudo apt-key add -
    echo "deb jessie varnish-4.1" \
        | sudo tee -a /etc/apt/sources.list.d/varnish-cache.list
    sudo apt-get update
    sudo apt-get install varnish






5 thoughts on “Installing LEMP on Debian 8”

  1. Instead of manually setting up a PHP server on DigitalOcean isn’t it better to use some server provisioning or managed services to start a server? It is much quicker and easier this way, here is an example: .Not only this saves time, but also saves money that otherwise would have gone into hiring sysadmin team for maintaining the server. So, is there any benefit of going directly to DigitalOcean instead of using such services?

    1. Exactly. We recommend to use those service, either cloudways, serverpilot, runcloud, easyengine, or even service like wordpress hosting, for web developers.

      This blog is dedicated for sysadmin fans. Perhaps for people who wants to provide services to web developers, similar to big guys stated above.

      The benefit is for a single freelancers or a full stack web developers, probably who has budget constrain. Also for those who have intention to learn things behind the sysadmin services.

      At the time this blog was made, most provisioning service don’t provide a good Nginx installation. We need to recompile Nginx to have proper web server. That why this writing was important.

      As for today, there are several good one click provisioning installation, including using LiteSpeed cache. We might share our installation step also.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s