In this tutorial we will show you how to install and set-up LEMP (Linux Nginx MariaDB and PHP) stack in ArchLinux system.


First log in to your VPS as ROOT via SSH. Once you are in the first thing you need to do is to downloads the package lists from the repositories and “update” them to get information on the newest versions of packages and their dependencies using “pacman“. To do that type:

pacman -Syyu


To install “MariaDB” database server using “pacman” type:

pacman -S mariadb

Once the installation is done you can configure MariaDB by editing the “my.cnf” configuration file:

nano /etc/mysql/my.cnf

once the file is edited add the following to the “[mysqld]” section:

bind-address =

Save and close the file and restart MariaDB for the changes to take effects:

systemctl restart mysqld

next add MariaDB it to system’s startup so that each time the system is rebooted the MariaDB service can start automatically:

systemctl enable mysqld

You can also run the post install script to setup some basic security for MariaDB:

  • Enter current password for root (enter for none):
  • Set root password? [Y/n] y
  • Remove anonymous users? [Y/n] y
  • Disallow root login remotely? [Y/n] y
  • Remove test database and access to it? [Y/n] y
  • Reload privilege tables now? [Y/n] y

and setup the “my.cnf” client configuration for the root account. To do that edit:

nano ~/.my.cnf

and add:

#socket=/var/lib/mysql/mysql.sock #centos
#socket=/var/run/mysqld/mysqld.sock #gentoo, debian
socket=/run/mysqld/mysqld.sock #archlinux


To install Nginx using pacman and configure Nginx main configuration file located at “/etc/nginx/nginx.conf” type the following commands:

pacman -S nginx

create a backup of the configuration file:

cp /etc/nginx/nginx.conf{,.orig}

edit the file:

nano /etc/nginx/nginx.conf

and add the following:

user              http;
worker_processes  2;

error_log  /var/log/nginx/error.log;

events {
    worker_connections  1024;
    use epoll;

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;

    keepalive_timeout  30;
    server_tokens off;

    connection_pool_size 256;
    client_header_buffer_size 1k;
    large_client_header_buffers 4 2k;
    request_pool_size 4k;

    output_buffers 1 32k;
    postpone_output 1460;

    gzip on;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";
    gzip_http_version 1.1;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js;

    include /etc/nginx/sites-enabled/*;

Save and close the file.
The “worker_processes” option is determined by the number of CPU’s the machine has. In my case, the cubbieboard2 has 2 CPU cores as shown by “lscpu

Next, we will use Debian server block management style using “sites-available” and “sites-enabled

mkdir -p /etc/nginx/sites-{available,enabled}

and add Nginx server block that will serve a static website/content. To do that edit:

nano /etc/nginx/sites-available/

and add:

server {
    listen 80;
    root /srv/http/;
    access_log /var/log/nginx/your_web_site-access;
    #access_log off;
    error_log /var/log/nginx/your_web_site-error error;

    location / {
        root /srv/http/;
        index  index.html index.htm;

    ## caches
    include /etc/nginx/conf.d/caches.conf;

Since I’m referencing to “/etc/nginx/conf.d/caches.conf” we will need to create this file, so:

mkdir -p /etc/nginx/conf.d

edit the file:

nano /etc/nginx/conf.d/caches.conf

and add:

## caches
location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ {
    access_log off;
    expires max;
location ~* \.(js)$ {
    access_log      off;
    log_not_found   off;
    expires         7d;
location ~* \.(woff|svg)$ {
    access_log      off;
    log_not_found   off;
    expires         30d;
location ~ /\.ht {
    deny  all;

Save and close the file.

Next, add a server block which will pass all “PHP” requests to “PHP-FPM” socket:

nano /etc/nginx/sites-available/

and add:

server {
    listen 80;
    rewrite ^(.*)$1 permanent;

server {
    listen 443 default;

    ssl    on;
    ssl_certificate        /etc/nginx/SSL/;
    ssl_certificate_key    /etc/nginx/SSL/;
    ssl_session_timeout  5m;
    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers   on;

    access_log /var/log/nginx/your_web_site.ssl-access;
    #access_log off;
    error_log /var/log/nginx/your_web_site.ssl-error error;

    client_max_body_size 5m;
    client_body_timeout 60;

    root /srv/http/;
    index  index.html index.php;

    # root directory
    location / {
        try_files $uri $uri/ @rewrites;

    location @rewrites {
        rewrite ^ /index.php last;

    ## caches
    include /etc/nginx/conf.d/caches.conf;

    ## php block
    location ~ \.php?$ {
        try_files $uri =404;
        include fastcgi_params;

        fastcgi_pass unix:/run/php-fpm/php-fpm.sock;

        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_intercept_errors on;
        fastcgi_split_path_info ^(.+\.php)(.*)$;
        fastcgi_hide_header X-Powered-By;

Save and close the file, and enable the newly created Nginx server blocks using:

cd /etc/nginx/sites-enabled
ln -s /etc/nginx/sites-available/
ln -s /etc/nginx/sites-available/

Next, copy my SSL certificate and key to “/etc/nginx/SSL” and test, start and enable Nginx on the system

nginx -t
systemctl restart nginx
systemctl enable nginx


To install “PHP-FPM” using “pacman” type:

pacman -S php-fpm

edit “/etc/php/php.ini” and change/uncomment the following:

date.timezone = Europe/Skopje
memory_limit = 64M
expose_php = Off

Save and close the file.

Next, set-up “/etc/php/php-fpm.conf” by adding the the following:

echo -e "include=/etc/php/fpm.d/*.conf\n" > /etc/php/php-fpm.conf
echo -e "[global]\npid = /run/php-fpm/" >> /etc/php/php-fpm.conf
echo -e "emergency_restart_threshold = 10" >> /etc/php/php-fpm.conf
echo -e "emergency_restart_interval = 1m" >> /etc/php/php-fpm.conf
echo -e "process_control_timeout = 10\n" >> /etc/php/php-fpm.conf

Set-up a”PHP-FPM” pool in “/etc/php/fpm.d/www-pool.conf“. To do that edit:

nano /etc/php/fpm.d/www-pool.conf

and add:

;listen =
listen = /run/php-fpm/php-fpm.sock
user = http
group = http
listen.owner = http = http
listen.mode = 0660
request_slowlog_timeout = 5s
slowlog = /var/log/php-fpm.log
listen.allowed_clients =
pm = dynamic
pm.max_children = 10
pm.start_servers = 3
pm.min_spare_servers = 2
pm.max_spare_servers = 4
pm.max_requests = 400
listen.backlog = -1
pm.status_path = /status
request_terminate_timeout = 120s
rlimit_files = 131072
rlimit_core = unlimited
catch_workers_output = yes
php_value[session.save_handler] = files
;php_value[session.save_path] = /var/lib/php/session
php_admin_value[error_log] = /var/log/php-fpm-error.log
php_admin_flag[log_errors] = on

restart “PHP-FPM” and add it on system’s start-up using:

systemctl restart php-fpm
systemctl enable php-fpm

To enable MySQL/MariaDB support in PHP, uncomment the “mysql” extension in “/etc/php/php.ini” file and reload “php-fpm“. To do that edit:

nano /etc/php/php.ini

and uncomment the following lines:

Save and close the file and restart “php-fpm” for the changes to take effects:

systemctl restart php-fpm


To be able to deploy “Laravel” application you need the “Mcrypt PHP” extension:

pacman -S php-mcrypt
vim +/ /etc/php/php.ini
systemctl restart php-fpm

If you’re one of our Linux VPS Hosting customers we can help you to install and set-up LEMP (Linux Nginx MariaDB and PHP) stack on your virtual server for you free of charge. Just contact us and some of our experts will complete your request immediately.

Leave a Reply

Your email address will not be published. Required fields are marked *