Website on LAMP or LEMP stack
LAMP
In this tutorial, you will learn to deploy LAMP (LEMP) in the Yandex Cloud infrastructure. At the end, you will launch a VM running your website's web server.
To set up a LAMP or LEMP-based website:
- Prepare your cloud.
- Create a cloud network.
- Create a security group.
- Create a VM with a pre-installed web server.
- Upload the website files.
- Configure the DNS.
- Check that the website is running.
If you no longer need the website, delete all its resources.
You can also deploy an infrastructure for a LAMP web server or a LEMP site in Terraform using a ready-made configuration file.
Prepare your cloud
Sign up for Yandex Cloud and create a billing account:
- Go to the management console
and log in to Yandex Cloud or create an account if you do not have one yet. - On the Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page
Learn more about clouds and folders.
Required paid resources
The cost for maintaining a LAMP server includes:
- Fee for a continuously running VM (see Yandex Compute Cloud pricing).
- Fee for using dynamic or static external IP address (see Yandex Virtual Private Cloud pricing).
- Fee for using DNS (see Yandex Cloud DNS pricing).
Create a cloud network
All resources you have created in the tutorial belong to the same cloud network.
To create a network:
- In the management console
, select Virtual Private Cloud. - Click Create network.
- Specify the Name of the network:
web-network
. - In the Advanced field, select Create subnets.
- Click Create network.
Create a security group
Security groups include rules that allow accessing your VMs from the internet. In this tutorial, you will create a security group called sg-web
.
To create a security group:
-
In the management console
, select Virtual Private Cloud. -
Open the Security groups tab.
-
Create a security group for the load balancer:
-
Click Create group.
-
Enter the Name of the group:
sg-web
. -
Select the Network:
web-network
. -
Under Rules, create the following rules using the instructions below the table:
Traffic
directionDescription Port
rangeProtocol Source/
destination typeSource /
destinationOutgoing any All Any CIDR 0.0.0.0/0 Incoming ext-http 80 TCP CIDR 0.0.0.0/0 Incoming ext-https 443 TCP CIDR 0.0.0.0/0 -
Select the Outgoing traffic or Incoming traffic tab.
-
Click Add rule.
-
In the Port range field of the window that opens, specify a single port or a range of ports that traffic will come to or from.
-
In the Protocol field, specify the desired protocol or leave Any to allow traffic transmission over any protocol.
-
In the Purpose or Source field, select the purpose of the rule:
- CIDR: Rule will apply to the range of IP addresses. In the CIDR blocks field, specify the CIDR and masks of subnets that traffic will come to or from. To add multiple CIDRs, click Add CIDR.
- Security group: Rule will apply to the VMs from the current group or the selected security group.
-
Click Save. Repeat the steps to create all rules from the table.
-
-
Click Save.
-
Create a VM with a pre-installed web server
-
On the management console
folder page, click Create resource and select Virtual machine. -
In the Name field, enter
lamp-vm
orlemp-vm
as the VM name.- The name must be from 3 to 63 characters long.
- It may contain lowercase Latin letters, numbers, and hyphens.
- The first character must be a letter and the last character cannot be a hyphen.
-
Select an availability zone to place the VM in. If you do not know which availability zone you need, leave the default one.
-
Under Image/boot disk selection, go to the Cloud Marketplace tab and select a VM image with the desired set of components:
-
Under Computing resources:
- Choose a VM platform.
- Specify the required number of vCPUs and the amount of RAM.
The minimum configuration is enough for functional website testing:
- Platform: Intel Ice Lake.
- Guaranteed vCPU share: 20%.
- vCPU: 2.
- RAM: 1 GB.
-
In the Network settings section, select the
web-network
network and the subnet to connect the VM to. -
Under Public address, keep Auto to assign your VM a random external IP address from the Yandex Cloud pool, or select a static address from the list if you reserved one in advance.
-
Enter the VM access information:
-
Enter the username in the Login field.
-
In the SSH key field, paste the contents of the public key file.
You will need to create a key pair for the SSH connection yourself, see Connecting to a Linux VM via SSH.
Alert
Once created, the VM will be assigned an IP address and a host name (FQDN) for connections. If you selected No address in the Public address field, you won't be able to access the VM from the internet.
-
-
Click Create VM.
It may take a few minutes to create the VM. When the VM status changes to
RUNNING
, you can upload the website files.
Upload the website files
To test the web server, upload the index.html
file to the VM. You can use a test file
-
Under Network on the VM page in the management console
find the VM's public IP address. -
Connect to the VM via SSH.
-
Grant your user write access to the directory
/var/www/html
:sudo chown -R "$USER":www-data /var/www/html
-
Upload the website files to the VM via SCP
.Linux/macOSWindowsUse the
scp
command-line utility:scp -r <path_to_file_directory> <VM_username>@<VM_IP_address>:/var/www/html
Use WinSCP
to copy the local file directory to/var/www/html
on the VM.
Configure the DNS (if you have a domain name)
If you have a registered domain name, use the Cloud DNS service to manage the domain.
You can also configure the DNS via Terraform. For more information, see How to create an infrastructure using Terraform.
The tutorial below describes configuring DNS for the example.com
domain name.
Add a zone
To add a public zone:
- Open the Cloud DNS section of the folder where you need to create a DNS zone.
- Click Create zone.
- Specify the zone settings:
- Zone name:
example-zone-1
. - Zone:
example.com
. Specify your registered domain. - Type: Public.
- Zone name:
- Click Create.
Add resource records
Create DNS records in the public zone:
- Under Network on the VM page in the management console
find the VM's public IP address. - Create an A record:
- Open the Cloud DNS section of the folder where the
example.com
zone is located. - Select
example.com
from the list. - Click Create record.
- Set the record parameters:
- Name: Leave empty.
- Record type: Keep
A
as the value. - TTL (record time to live): Leave the default.
- Value: Enter your VM's public address.
- Click Create.
- Open the Cloud DNS section of the folder where the
- Create a CNAME record:
- Select
example.com
from the list. - Click Create record.
- Set the record parameters:
- Name:
www
. - Record type: Select
CNAME
as the value. - TTL (record time to live): Leave the default.
- Value: Enter
example.com
.
- Name:
- Click Create.
- Select
Delegate the domain name
Delegation is the transfer of authority from the registrar's servers to yours. For a domain, NS resource records are created (ns1.yandexcloud.net
and ns2.yandexcloud.net
).
To delegate a domain, specify its DNS servers in the registrar's account.
Delegation does not take effect immediately. It normally takes internet service providers up to 24 hours (86400 seconds) to update records. This depends on the TTL value which determines how long domain records are cached.
You can verify domain delegation using the Whoisdig
utility:
dig +short NS example.com
Result:
ns2.yandexcloud.net.
ns1.yandexcloud.net.
Check that the website is running
To check that the site is up, enter its IP address or domain name in your browser:
http://<public_IP_of_VM>
.http://www.example.com
.
How to delete the resources you created
To stop paying for the resources you created:
- Delete the VM.
- Delete the static public IP if you reserved one specifically for this VM.
- Delete the DNS zone if you set up the DNS.
How to create an infrastructure using Terraform
With Terraform
For more information about the provider resources, see the documentation on the Terraform
If you change the configuration files, Terraform automatically determines which part of your configuration is already deployed and what should be added or removed.
To use Terraform to deploy a LAMP or LEMP web server for your site running on a VM:
-
Specify the source for installing the Yandex Cloud provider (see Configure a provider, step 1).
-
Prepare files with the infrastructure description:
Ready-made archiveCreating files manually- Create a directory for files:
- Download the archive
(1 KB). - Unpack the archive to the directory. As a result, it should contain the
lamp-lemp.tf
configuration file and thelamp-lemp.auto.tfvars
file with user data.
-
Create a directory for the file with the infrastructure description.
-
Create the
lamp-lemp.tf
configuration file in the directory:lamp-lemp.tf# Declaring variables for user-defined parameters variable "zone" { type = string } variable "folder_id" { type = string } variable "vm_image_family" { type = string } variable "vm_user" { type = string } variable "ssh_key_path" { type = string } variable "dns_zone" { type = string } # Adding other variables locals { network_name = "web-network" subnet_name = "subnet1" sg_vm_name = "sg-web" vm_name = "lamp-vm" dns_zone_name = "example-zone" } # Provider configuration terraform { required_providers { yandex = { source = "yandex-cloud/yandex" version = ">= 0.47.0" } } } provider "yandex" { folder_id = var.folder_id } # Creating a cloud network resource "yandex_vpc_network" "network-1" { name = local.network_name } # Creating a subnet resource "yandex_vpc_subnet" "subnet-1" { name = local.subnet_name v4_cidr_blocks = ["192.168.1.0/24"] zone = var.zone network_id = yandex_vpc_network.network-1.id } # Creating a security group resource "yandex_vpc_security_group" "sg-1" { name = local.sg_vm_name network_id = yandex_vpc_network.network-1.id egress { protocol = "ANY" description = "any" v4_cidr_blocks = ["0.0.0.0/0"] } ingress { protocol = "TCP" description = "ext-http" v4_cidr_blocks = ["0.0.0.0/0"] port = 80 } ingress { protocol = "TCP" description = "ext-https" v4_cidr_blocks = ["0.0.0.0/0"] port = 443 } } # Adding a ready-to-use VM image resource "yandex_compute_image" "lamp-vm-image" { source_family = var.vm_image_family } resource "yandex_compute_disk" "boot-disk" { name = "bootvmdisk" type = "network-hdd" zone = "ru-central1-a" size = "20" image_id = yandex_compute_image.lamp-vm-image.id } # Creating a VM resource "yandex_compute_instance" "vm-lamp" { name = local.vm_name platform_id = "standard-v3" zone = var.zone resources { core_fraction = 20 cores = 2 memory = 1 } boot_disk { disk_id = yandex_compute_disk.boot-disk.id } network_interface { subnet_id = yandex_vpc_subnet.subnet-1.id nat = true security_group_ids = [yandex_vpc_security_group.sg-1.id] } metadata = { user-data = "#cloud-config\nusers:\n - name: ${var.vm_user}\n groups: sudo\n shell: /bin/bash\n sudo: 'ALL=(ALL) NOPASSWD:ALL'\n ssh-authorized-keys:\n - ${file("${var.ssh_key_path}")}" } } # Creating a DNS zone resource "yandex_dns_zone" "zone1" { name = local.dns_zone_name zone = var.dns_zone public = true } # Creating a type A resource record resource "yandex_dns_recordset" "rs-a" { zone_id = yandex_dns_zone.zone1.id name = var.dns_zone type = "A" ttl = 600 data = [ yandex_compute_instance.vm-lamp.network_interface.0.nat_ip_address ] } # Creating a CNAME resource record resource "yandex_dns_recordset" "rs-cname" { zone_id = yandex_dns_zone.zone1.id name = "www" type = "CNAME" ttl = 600 data = [ var.dns_zone ] }
-
In the directory, create a
lamp-lemp.auto.tfvars
file with user data:lamp-lemp.auto.tfvarszone = "<availability_zone>" folder_id = "<folder_ID>" vm_image_family = "<VM_image_family>" vm_user = "<VM_username>" ssh_key_path = "<path_to_public_SSH_key>" dns_zone = "<DNS_zone>"
For more information about the parameters of resources used in Terraform, see the provider documentation:
-
In the
lamp-lemp.auto.tfvars
file, set the user-defined parameters:zone
: Availability zone that will host your VM.folder_id
: ID of the folder.family_id
: Specify the family of a VM image with a relevant set of components:vm_user
: VM username.ssh_key_path
: Path to the file with a public SSH key to authenticate the user on the VM. For details, see Creating an SSH key pair.dns_zone
: DNS zone. Specify your registered domain with a period at the end, e.g.,example.com.
.
-
Create resources:
-
In the terminal, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using the command:
terraform validate
If the configuration is correct, the following message is returned:
Success! The configuration is valid.
-
Run the command:
terraform plan
The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
in the terminal and press Enter.
-