Skip to main content

Setup webserver (NGINX) on Ubuntu

Nginx + PHP + MariaDB + phpMyAdmin + SSH

0. Introduction

Goal

Set up a production-ready Ubuntu server with: Nginx, PHP (PHP-FPM), MariaDB, phpMyAdmin, and SSH on a custom port.

Assumptions

  • Ubuntu Server (22.04+)
  • CLI access
  • User max with sudo rights

1. Secure SSH (Custom Port)

Edit SSH configuration

sudo nano /etc/ssh/sshd_config

Required settings

Port 1611
PermitRootLogin no
PasswordAuthentication yes

Apply changes

sudo ufw allow 1611/tcp
sudo systemctl restart ssh

Verify

sudo ss -tlnp | grep ssh

2. Install Nginx

Install

sudo apt update
sudo apt install nginx -y

Enable and start

sudo systemctl enable nginx
sudo systemctl start nginx

Allow firewall

sudo ufw allow 'Nginx Full'

3. Install PHP (PHP-FPM)

Install PHP and extensions

sudo apt install php-fpm php-cli php-mysql php-curl php-gd php-mbstring php-xml php-zip -y

Verify PHP

php -v
systemctl status php8.3-fpm

4. Configure Nginx + PHP

Default site config

sudo nano /etc/nginx/sites-available/default

Minimal PHP configuration

server {
    listen 80;
    server_name _;
    root /var/www/html;
    index index.php index.html;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php8.3-fpm.sock;
    }
}

Reload

sudo nginx -t
sudo systemctl reload nginx

5. Install MariaDB

Install

sudo apt install mariadb-server mariadb-client -y

Secure

sudo mysql_secure_installation

Create admin user

sudo mariadb

CREATE USER 'max'@'localhost' IDENTIFIED BY 'STRONG_PASSWORD';
GRANT ALL PRIVILEGES ON *.* TO 'max'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;

6. Install phpMyAdmin

Install package

sudo apt install phpmyadmin -y

When prompted:

  • Select no webserver
  • Choose Yes for dbconfig-common

 

Nginx configuration

sudo nano /etc/nginx/snippets/phpmyadmin.conf

location /phpmyadmin {
    root /usr/share/;
    index index.php;

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php8.3-fpm.sock;
    }
}

Enable

sudo nano /etc/nginx/sites-available/default

Add:

include snippets/phpmyadmin.conf;

sudo nginx -t
sudo systemctl reload nginx

7. File Ownership & Permissions

Recommended structure

/var/www/qool/test

Ownership

sudo chown -R max:www-data /var/www/qool/test

Permissions

find /var/www/qool/test -type d -exec chmod 750 {} \;
find /var/www/qool/test -type f -exec chmod 640 {} \;

Final Notes

  • Nginx handles HTTP, PHP-FPM executes PHP
  • MariaDB uses socket authentication for root
  • phpMyAdmin should be IP-restricted in production
  • SSH on a custom port reduces automated attacks
  • This setup is production-ready and extensible
Back to top