Install LEMP on Alibaba Cloud ECS

To deploy our application on Alibaba Cloud ECS we will use the latest Ubuntu distro available on ECS - 14.04 64bit. Spin up an instance that satisfies your expected usage and pick a data center closest to your target audience. We can always set-up Alibaba Cloud CDN and Alibaba Cloud SLB later to deliver content from multiple regions.

Setting up the ECS instance

When you first create your ECS instance you will go to your Alibaba Cloud Console, pick the correct region at the top and choose ECS > Instances in the menu. This will show you the instance you just created.

For security reasons the instance will only have a couple of ports open - which you are warned about in the yellow warning above the instances. We have to set up the security group by going to the link in the warning and creating rules for ports 80 and 443 used by HTTP and HTTPS respectively.

This is done by clicking on “Quick Rule Creation”, selecting the services we need and using the mask to select all public IPs.

Connecting to the ECS instance

The public IP of the instance is available in “Instance Details”. The root password is specified upon creation of the ECS, but you can always reset it by using the “Reset Password” feature under “More”.

Now just SSH to the instance.

$ ssh root@<Your Public IP>

Installing services

Before installing any services we will make sure that our package manager is up to date:

$ apt update

Install Nginx

$ apt install nginx

Now our server will show the Nginx welcome screen if we visit the Public IP using a web browser.

This confirms that Nginx is correctly installed and that you set up the Security Groups correctly.

Install MySQL

$ apt install mysql-server mysql-client

The MySQL server installer has a visual wizard that will lead you through the setup. Be sure to take note of the MySQL root user password as this account will be used to administrate/use the database later.

Install PHP7

$ sudo apt-get install software-properties-common zip unzip
$ add-apt-repository ppa:ondrej/php
$ apt update
$ apt install php php-cli php-fpm php-mysql php-curl

After we are done installing PHP itself we will install Composer.

$ wget -O - -q | php -- --quiet
$ mv composer.phar /bin/composer

You can check if Composer installed correctly by trying to run it using the composer command.

Setting up the app

First, we will clone our app to /var/www/app. To do that we have to install Git which does not come pre-installed on the machine.

$ apt install git

Then we create the directory and clone our project.

$ mkdir -p /var/www/app
$ cd /var/www/app
$ git clone .

We can install the dependencies right away using

$ composer install

Installing PHP extensions

For Symfony 4 I needed to install the following extensions. It may differ for different frameworks and custom apps so you might need more then the ones listed below.

$ apt install php-xml php-mbstring php-sqlite php-intl

Configuring PHP

Your PHP config file location can be checked by running php -i | grep "Loaded Configuration". This will give you the location of the CLI php.ini file. Mine is in /etc/php/7.2/cli/php.ini, therefore the php.ini that is being used by Nginx is in /etc/php/7.2/fpm/php.ini.

We will open up that file using a text editor and correct some settings. If you can’t find the setting you can add it, also be sure they are not commented out by a semicolon on the beginning of the row.

; Default timezone, full list here:
date.timezone = Europe/Zagreb
; Maximum size of a POST request
post_max_size = 128M
; Maximum memory allocation a request can get
memory_limit = 512M

Configuring Nginx

To configure our Nginx virtual host we will open up /etc/nginx/sites-enabled/default in our text editor of choice. If we remove all the comments from the default config it will look something like this.

server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;

        root /usr/share/nginx/html;
        index index.html index.htm;

        server_name localhost;

        location / {
                try_files $uri $uri/ =404;

After we set up PHP FPM, set the correct directory and our domain we will have something like this. The lines marked with a comment are ones you probably have to modify for your use.

server {
        listen 80 default_server;
        listen [::]:80 default_server ipv6only=on;

        root /var/www/app/public; # Web root of the site

        server_name; # Domain this site is served one

        location / {
                try_files $uri /index.php$is_args$args;

        location ~ ^/index\.php(/|$) {
                fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; # Set the PHP version to the one you installed
                fastcgi_split_path_info ^(.+\.php)(/.*)$;
                include fastcgi_params;

                fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                fastcgi_param DOCUMENT_ROOT $realpath_root;

        location ~ \.php$ {
                return 404;

        error_log /var/log/nginx/project_error.log;
        access_log /var/log/nginx/project_access.log;

Setting up HTTPS

Setting up SSL has never been easier thanks to Let’s Encrypt. We will use the certbot tool to do all of the hard work.

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx 

Now we just have to run

$ sudo certbot --nginx

and follow the simple wizard provided by Certbot which will generate an SSL certificate and install it on our web server. You can choose to redirect all HTTP traffic to HTTPS if you want.

All Done

Now you have a LEMP stack running on your Alibaba Cloud ECS instance. Try setting up some more Alibaba Cloud services to protect your server from DDoS attacks, enable state-of-the-art monitoring with Server Guard and make your server always available and fast in all regions using Alibaba Cloud CDN and Alibaba Cloud SLB

1 Like