LEMP One-Click Application

DigitalOcean’s LEMP One-Click application provides a robust starting point for web apps. Using it automatically installs the popular web service stack and additional security software on an Ubuntu 18.04 Droplet. It also automates initial setup for components like the firewall and database, reducing the time it takes to go from provisioning a server to working on a web app.

The LEMP One-Click installs Nginx, MySQL, and PHP on an Ubuntu 18.04 Droplet. It also includes Fail2Ban, a daemon that scans log files and bans malicious IP addresses; Certbot, a tool to automate HTTPS setup and management; and Postfix, which provides a local MTA for PHP’s mail() function.

Components

Droplets created using this One-Click have the following software components:

Component Version
Linux Ubuntu 18.04.1
Nginx Latest from APT
MySQL server Latest from APT
PHP Latest from APT
Fail2ban Latest from APT
Certbot Latest from Certbot’s PPA
Postfix Latest from APT

In addition to the package installation, the One-Click also:

  • Enables the UFW firewall to allow only SSH (port 22, rate limited), HTTP (port 80), and HTTPS (port 443) access.

  • Sets the MySQL root password and runs mysql_secure_installation.

  • Sets up the debian-sys-maint user in MySQL so the system’s init scripts for MySQL will work without requiring the MySQL root user password.

Quickstart

After you create a LEMP One-Click Droplet:

  • You can view the LEMP instance immediately by visiting the Droplet’s IP address in your browser.

  • You can log into the Droplet as root using either the password emailed to you or with an SSH key, if you added one during creation.

  • The MySQL root password is in /root/.digitalocean_password.

  • The web root is /var/www/html.

  • You can get information about the PHP installation by logging into the Droplet and running php -i.

In addition, there are a few customized setup steps that we recommend you take.

Create a Server Block File

Creating an Nginx server block file for each site maintains the default configuration as the fallback, as intended, and makes it easier to manage changes when hosting multiple sites.

To do so, you’ll need to create two things for each domain: a new directory in /var/www for that domain’s content, and a new server block file in /etc/nginx/sites-available for that domain’s configuration. For a detailed walkthrough, you can follow How to Set Up Nginx Server Blocks.

Enable HTTPS

Setting up an SSL certificate enables HTTPS on the web server, which secures the traffic between the server and the clients connecting to it. Certbot is a free and automated way to set up SSL certificates on a server. It’s included as part of the LEMP One-Click to make securing the Droplet easier.

To use Certbot, you’ll need a registered domain name and two DNS records:

  • An A record from a domain (e.g., example.com) to the server’s IP address
  • An A record from a domain prefaced with www (e.g., www.example.com) to the server’s IP address

Additionally, if you’re using a virtual hosts file, you’ll need to make sure the server name directive in the VirtualHost block (e.g., ServerName example.com) is correctly set to the domain.

Once the DNS records and, optionally, the virtual hosts files are set up, you can generate the SSL certificate. Make sure to substitute the domain in the command.

certbot --nginx -d example.com -d www.example.com

HTTPS traffic on port 443 is already allowed through the firewall. After you set up HTTPS, you can optionally deny HTTP traffic on port 80:

ufw delete allow 80/tcp

For a more detailed walkthrough, you can follow How to Secure Nginx with Let’s Encrypt or view Certbot’s official documentation.

Upload Files

You can serve files from the web server by adding them to the web root (/var/www/html) using SFTP or other tools.

A newly-created LEMP Droplet includes an index.html web page. You can change this by uploading a custom index.html file or remove it.

API Creation

In addition to creating a Droplet from the LEMP One-Click application via the control panel, you can also use the DigitalOcean API.

You can list all One-Click application images using the API. As an example, to create a 4GB LEMP Droplet in the SFO2 region, you can use the following curl command. You’ll need to either save your API access token to an environment variable or substitute it into the command below.

curl -X POST -H 'Content-Type: application/json' \
    -H 'Authorization: Bearer '$TOKEN'' -d \
    '{"name":"choose_a_name","region":"sfo2","size":"4gb","image":"lemp-18-04"}' \
    "https://api.digitalocean.com/v2/droplets"