Memories of the ‘Migration’ away from CentOS 8
In late 2021, when CentOS 8 unexpectedly reached its End of Life (EOL), many fellow sysadmins and I were caught off guard. At the time, I was managing five production servers for clients. I had only one week to migrate everything to Rocky Linux to keep the systems secure.
After those sleepless nights, I realized Rocky Linux 9 is an incredibly reliable destination. It retains the stability of Red Hat while being completely free. Today, let’s rebuild the LEMP (Linux, Nginx, MariaDB, PHP) framework on this ‘new land’.
Why LEMP instead of LAMP?
This question is very familiar, but it’s worth revisiting. For entry-level VPS (1 vCPU, 1GB RAM), Nginx is a fantastic lifesaver. In practice, Nginx consumes only about 20MB of RAM when idle. Meanwhile, Apache often ‘gobbles up’ 3-4 times that amount.
Nginx handles thousands of concurrent connections smoothly thanks to its event-driven architecture. Think of Nginx as a master waiter. He can take orders from 50 tables simultaneously without getting flustered or breaking anything.
Step 1: Installing Nginx – High-Speed Transit Station
Let’s get started! The first step is always updating the system to avoid conflicts with old packages.
sudo dnf update -y
sudo dnf install nginx -yOnce installed, remember to enable Nginx to start automatically on reboot. Many beginners forget this step, leading to websites going down when the server restarts.
sudo systemctl start nginx
sudo systemctl enable nginxNext, open ports 80 (HTTP) and 443 (HTTPS) on the firewall. Rocky Linux is locked down tight by default. If you don’t open these, you’ll just see a ‘Connection timed out’ error when accessing the site.
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reloadStep 2: Installing MariaDB – The ‘Rock Solid’ Data Store
I prefer MariaDB over MySQL due to its high compatibility and being completely free. In complex query tests, MariaDB often provides 5-10% faster response times.
sudo dnf install mariadb-server mariadb -y
sudo systemctl start mariadb
sudo systemctl enable mariadbNever just use the default configuration. Run the security script to clean out ‘junk’ users and set a strong root password.
sudo mysql_secure_installationMy advice: When the script asks, just press Y (Yes) for everything to maximize database security.
Step 3: Installing PHP 8.1 – Speeding up Logic Processing
Rocky Linux 9 comes with PHP 8.1, featuring JIT for significantly faster execution than version 7.4. WordPress or Laravel projects usually see a 20-30% reduction in page response times when upgrading to PHP 8.1.
sudo dnf install php php-fpm php-mysqlnd php-gd php-curl php-xml php-mbstring -yKey point: By default, php-fpm runs as the apache user. Since we are using Nginx, you must change it to the nginx user to avoid 403 errors or ‘Permission Denied’.
Open the file /etc/php-fpm.d/www.conf and edit these two lines:
user = nginx
group = nginxThen start the service:
sudo systemctl start php-fpm
sudo systemctl enable php-fpmStep 4: Configuring Nginx to ‘Shake Hands’ with PHP
Nginx cannot read PHP files directly; it must send them to PHP-FPM for processing via a socket. We will create a new server block configuration file.
Create the file /etc/nginx/conf.d/itfromzero.conf:
server {
listen 80;
server_name your_domain_or_IP;
root /usr/share/nginx/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass unix:/run/php-fpm/www.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}Before restarting, run the command sudo nginx -t. If you see ‘syntax is ok’, you’re on the right track.
sudo systemctl restart nginxFinishing Line: Testing and Monitoring
To verify if the system is working smoothly, create a quick info.php file:
echo "<?php phpinfo(); ?>" | sudo tee /usr/share/nginx/html/info.phpAccess your server’s IP at /info.php. If the information table appears, congratulations—you now have a properly configured LEMP stack!
My hard-earned lesson: If you encounter a 502 Bad Gateway error, 90% of the time it’s because SELinux is blocking Nginx from connecting to the socket. Try running setsebool -P httpd_can_network_connect 1 to clear this hurdle. Don’t be discouraged; reading logs at /var/log/nginx/error.log daily will turn you into a true sysadmin expert.
