Question

Trouble with LEMP stack install on CentOS 7

I’m following alongLEMP stack tutorial and I’m stuck on Configure PHP processor portion. I did the first step under Configure php processor, but I can’t implement the second step in the tutorial: Configure the PHP Processor

We now have our PHP components installed, but we need to make a slight configuration change to make our setup more secure.

Open the main php-fpm configuration file with root privileges:

sudo vi /etc/php.ini What we are looking for in this file is the parameter that sets cgi.fix_pathinfo. This will be commented out with a semi-colon (;) and set to “1” by default.

This is an extremely insecure setting because it tells PHP to attempt to execute the closest file it can find if a PHP file does not match exactly. This basically would allow users to craft PHP requests in a way that would allow them to execute scripts that they shouldn’t be allowed to execute.

We will change both of these conditions by uncommenting the line and setting it to “0” like this:

/etc/php.ini excerpt cgi.fix_pathinfo=0 Save and close the file when you are finished.

Next, open the php-fpm configuration file www.conf:

sudo vi /etc/php-fpm.d/www.conf Find the line that specifies the listen parameter, and change it so it looks like the following:

/etc/php-php.d/www.conf — 1 of 3 listen = /var/run/php-fpm/php-fpm.sock Next, find the lines that set the listen.owner and listen.group and uncomment them. They should look like this:

/etc/php-php.d/www.conf — 2 of 3 listen.owner = nobody listen.group = nobody Lastly, find the lines that set the user and group and change their values from “apache” to “nginx”:

/etc/php-php.d/www.conf — 3 of 3 user = nginx group = nginx Then save and quit.

Now, we just need to start our PHP processor by typing:

sudo systemctl start php-fpm This will implement the change that we made.

Next, enable php-fpm to start on boot:

sudo systemctl enable php-fpm

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hi @alanacweaver,

As I understand correctly you’ve started experiencing issues with the installation of MySQL and securing it, correct?

If you are having issues with that, I’ll suggest actually reinstalling and securing it following these steps

sudo yum remove mariadb-server mariadb

As soon as you’ve actually removed everything, you can start doing so

sudo yum install mariadb-server

This will install the MariaDB package using the yum package manager.Once the installation is complete, start the MariaDB service and enable it to start on boot using the following commands:

sudo systemctl start mariadb
sudo systemctl enable mariadb

To verify that the installation was successful, check the MariaDB service status by typing:

sudo systemctl status mariadb

Nex is the the mysql_secure_installation script:

sudo mysql_secure_installation

You will be prompted to set up the root user password, remove anonymous user accounts, restrict root user access to the local machine, and remove the test database.

The steps are explained in detail. It is recommended to answer Y (yes) to all question

Now you are good to go

Regards, KDSys