Complete Guide: Nginx + PHP 7.4 + MariaDB 10.5 + Memcached on Debian 11.11 for mgrei.com

Rey Posted on 19 days ago 33 Views

Need to squeeze every last drop of performance out of a tiny 1-core, 762 MB VPS?

This walkthrough shows how to install and harden a modern LEMP stack on Debian 11.11, serve mgrei.com from /www/mgrei, and handle 5 000+ daily visitors without breaking a sweat.

1. Update the System

apt update && apt upgrade -y
apt install curl wget gnupg2 lsb-release -y

2. Install Nginx

apt install nginx -y

Clean /etc/nginx/nginx.conf

/etc/nginx/nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 1024;
    use epoll;
    multi_accept on;
}

http {
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    server_tokens off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    # SSL defaults
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    access_log /var/log/nginx/access.log;
    error_log  /var/log/nginx/error.log;

    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types
        text/plain text/css text/xml text/javascript
        application/json application/javascript application/xml+rss image/svg+xml;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

3. Install PHP 7.4-FPM & Extensions

apt install -y php7.4-fpm php7.4-mysql php7.4-mbstring \
  php7.4-xml php7.4-gd php7.4-curl php7.4-zip \
  php7.4-fileinfo php7.4-opcache php7.4-apcu \
  php-imagick php7.4-exif php7.4-intl php7.4-xsl \
  php7.4-bz2 php-igbinary php-memcached

PHP-FPM Pool (memory-friendly)

/etc/php/7.4/fpm/pool.d/www.conf
[www]
user = www-data
group = www-data
listen = /run/php/php7.4-fpm.sock
listen.owner = www-data
listen.group = www-data
pm = ondemand
pm.max_children = 5
pm.max_requests = 200
request_terminate_timeout = 30s

Optimized php.ini

/etc/php/7.4/fpm/php.ini
[PHP]
engine = On
short_open_tag = Off
output_buffering = 4096
max_execution_time = 30
max_input_time = 60
memory_limit = 128M
post_max_size = 64M
upload_max_filesize = 32M
display_errors = Off
log_errors = On
date.timezone = PRC
opcache.enable = 1
opcache.memory_consumption = 64
opcache.max_accelerated_files = 4000
opcache.revalidate_freq = 60
systemctl restart php7.4-fpm

4. Install MariaDB 10.5

apt install mariadb-server-10.5 -y
mysql_secure_installation

Small-RAM Optimizations

/etc/mysql/mariadb.conf.d/50-server.cnf
[mysqld]
innodb_buffer_pool_size = 128M
max_connections = 30
thread_cache_size = 4
key_buffer_size = 16M
innodb_log_file_size = 32M
systemctl restart mariadb

5. Install Memcached

apt install memcached -y
/etc/memcached.conf
-m 64
-c 128
-l 127.0.0.1
systemctl restart memcached

6. Create Web Directory & Permissions

mkdir -p /www/mgrei
chown -R www-data:www-data /www/mgrei
find /www/mgrei -type f -exec chmod 644 {} \;
find /www/mgrei -type d -exec chmod 755 {} \;

7. Site Configuration (SSL + Cache + WordPress Permalinks)

Place Cloudflare Origin Certificates

/etc/ssl/certs/mgrei.com.pem
/etc/ssl/private/mgrei.com.key

Virtual Host

/etc/nginx/sites-available/mgrei.com
server {
    listen 80;
    server_name mgrei.com www.mgrei.com;
    return 301 https://www.mgrei.com$request_uri;
}

server {
    listen 443 ssl http2;
    server_name mgrei.com;
    ssl_certificate     /etc/ssl/certs/mgrei.com.pem;
    ssl_certificate_key /etc/ssl/private/mgrei.com.key;
    ssl_protocols       TLSv1.2 TLSv1.3;
    return 301 https://www.mgrei.com$request_uri;
}

server {
    listen 443 ssl http2;
    server_name www.mgrei.com;
    root /www/mgrei;
    index index.php index.html;

    ssl_certificate     /etc/ssl/certs/mgrei.com.pem;
    ssl_certificate_key /etc/ssl/private/mgrei.com.key;
    ssl_protocols       TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;
    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

    # Static cache
    location ~* \.(css|js)$ {
        expires 1d;
        add_header Cache-Control "public, immutable";
        access_log off;
    }
    location ~* \.(jpg|jpeg|png|gif|ico|svg|webp|woff|woff2|ttf|eot)$ {
        expires 365d;
        add_header Cache-Control "public, immutable";
        access_log off;
    }

    # WordPress pretty permalinks
    location / {
        try_files $uri $uri/ /index.php?$args;
    }
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    }
    location ~ /\. { deny all; }
}

Enable & reload:

ln -sf /etc/nginx/sites-available/mgrei.com /etc/nginx/sites-enabled/
nginx -t && systemctl reload nginx

8. Firewall & Auto-Start

apt install ufw -y
ufw allow 22/tcp
ufw allow 80/tcp
ufw allow 443/tcp
ufw --force enable

systemctl enable --now nginx php7.4-fpm mariadb memcached

9. Reset MariaDB Root Password (if needed)

systemctl stop mariadb
mysqld_safe --skip-grant-tables --skip-networking &
mysql -u root
FLUSH PRIVILEGES;
ALTER USER 'root'@'localhost' IDENTIFIED BY 'NewRootPass!';
exit
pkill -f mysqld_safe
systemctl start mariadb

10. Fix phpMyAdmin Login (1698)

CREATE USER 'pmaadmin'@'localhost' IDENTIFIED BY 'PmaStrongPass!';
GRANT ALL PRIVILEGES ON *.* TO 'pmaadmin'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;

Use pmaadmin in phpMyAdmin instead of root.

11. Quick Health Check

curl -I https://www.mgrei.com

Look for HTTP/2 200 and the long-lived cache headers.

That’s it — a fully tuned, SSL-ready LEMP stack ready to serve mgrei.com from /www/mgrei. Open a cold one and watch those 5 000 daily hits roll in.

Share the love: https://www.mgrei.com/debian11-lemp-cloudflare-guide

This author has not provided a description.
Last updated on 2025-08-24