Question

Trouble with LEMP stack install on CentOS 7

Posted March 21, 2016 2.4k views
CentOS PHP LEMP

I’m following alongLEMP stack tutorial and I’m stuck on Configure PHP processor portion. I did the first step under Configure php processor, but I can’t implement the second step in the tutorial: Configure the PHP Processor

We now have our PHP components installed, but we need to make a slight configuration change to make our setup more secure.

Open the main php-fpm configuration file with root privileges:

sudo vi /etc/php.ini
What we are looking for in this file is the parameter that sets cgi.fix_pathinfo. This will be commented out with a semi-colon (;) and set to “1” by default.

This is an extremely insecure setting because it tells PHP to attempt to execute the closest file it can find if a PHP file does not match exactly. This basically would allow users to craft PHP requests in a way that would allow them to execute scripts that they shouldn’t be allowed to execute.

We will change both of these conditions by uncommenting the line and setting it to “0” like this:

/etc/php.ini excerpt
cgi.fix_pathinfo=0
Save and close the file when you are finished.

Next, open the php-fpm configuration file www.conf:

sudo vi /etc/php-fpm.d/www.conf
Find the line that specifies the listen parameter, and change it so it looks like the following:

/etc/php-php.d/www.conf — 1 of 3
listen = /var/run/php-fpm/php-fpm.sock
Next, find the lines that set the listen.owner and listen.group and uncomment them. They should look like this:

/etc/php-php.d/www.conf — 2 of 3
listen.owner = nobody
listen.group = nobody
Lastly, find the lines that set the user and group and change their values from “apache” to “nginx”:

/etc/php-php.d/www.conf — 3 of 3
user = nginx
group = nginx
Then save and quit.

Now, we just need to start our PHP processor by typing:

sudo systemctl start php-fpm
This will implement the change that we made.

Next, enable php-fpm to start on boot:

sudo systemctl enable php-fpm

2 comments
  • Thanks for posting! I understand that you’re getting stuck in the second step of the “Configure the PHP Processor” subsection in step 3. I am not clear on what problem you are having with that step. Can you provide some clarification so I can best assist you in finding a solution?

  • I cannot find the line
    /etc/php.ini excerpt
    cgi.fix_pathinfo=0

    I need to uncomment and change to finish configuring the php and finish setting up my CentOS server. Not that experience with using Terminal on MacBook Prol

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer

Hi @alanacweaver,

As I understand correctly you’ve started experiencing issues with the installation of MySQL and securing it, correct?

If you are having issues with that, I’ll suggest actually reinstalling and securing it following these steps

sudo yum remove mariadb-server mariadb

As soon as you’ve actually removed everything, you can start doing so

sudo yum install mariadb-server

This will install the MariaDB package using the yum package manager.Once the installation is complete, start the MariaDB service and enable it to start on boot using the following commands:

sudo systemctl start mariadb
sudo systemctl enable mariadb

To verify that the installation was successful, check the MariaDB service status by typing:

sudo systemctl status mariadb

Nex is the the mysqlsecureinstallation script:

sudo mysql_secure_installation

You will be prompted to set up the root user password, remove anonymous user accounts, restrict root user access to the local machine, and remove the test database.

The steps are explained in detail. It is recommended to answer Y (yes) to all question

Now you are good to go

Regards,
KDSys

Submit an Answer