There are several cloud services these days that have a free-tier for certain cloud services. I’ve tried several. Amazon Web Services gives you 700 hours per month free, which is pretty close to free. Microsoft Azure gives you a whole year of free services, and then you have to pay (a comparable price to AWS). Oracle Cloud, however, by far has the best deal. You can have up to two micro-class VPSs free — forever.
So in this guide, we will be setting up a NGINX / PHP-FPM server stack on an Oracle Cloud free VPS.
Step 1 — Create Your Free VPS Instance
First, let’s get set up with a free account. Follow this link to get started.
You’ll need to confirm your email address. Once that’s done, you should be able to log in.
Once you’re at your dashboard, click the menu button in the upper left corner and click on Compute, then Instances.
It may take some time to get to the instances dashboard. Once you’re there, click Create Instance.
You can name your VPS whatever you like, in my example, I named mine nginx-server. Leave everything else as-is and then click edit on the right-hand side of the image and shape section.
The default OS image is Oracle Linux 8 (at the time of this writing). In my example, we’re going to use Ubuntu 20.04 LTS.
Next, scroll down to Add SSH keys and make sure generate a key pair for me is checked and then click download private key. You won’t need the public key as it will automatically be installed on the VPS.
Once your key is downloaded click the Create button.
You should now see your VPS instance listed. Copy the Public IP Address and create a hostname with your DNS / Domain provider. For this example, I’m going to use your-host.example.com.
Step 2 — Setup Your Firewall
Ok, we’re getting there. Inbound port 22 is allowed to the world by default, which you may want to restrict to your own CIDR subnet or IP address. In this example, we’re just going to leave port 22 open and also open ports 80 and 443.
In the search bar at the top of the dashboard, search for security groups and then click Default Security List for vcn-…
Scroll down and click Add Ingress Rules.
Alright, in the Source CIDR field, enter 0.0.0.0/0. If you’re unfamiliar with firewalls, that allows the source IP address to be any address in the world. Alternatively, you could set that to your own IP address or subnet, but on a web server, you probably want the HTTP and HTTPS ports to be open to the world.
Now in the Destination Port Range enter 80. And in Description enter HTTP.
Now click + Another Ingress Rule and do the same for port 443 / HTTPS, and then click Add Ingress Rules.
Step 3 — Connect to Your VPS and Update
Alright! We now have a totally free Ubuntu server. Now we need to get connected. If you’re on MacOS, you can just open terminal to connect, but if you’re on Windows, you’ll need to enable SSH. You can find a guide here on how to do just that. Alternatively, you can download the free PUTTY SSH Client.
If you don’t already have an SSH Key Pair create one now by entering:
You can enter a password (recommended) but you don’t have to. Hit enter to place the file in the default location which is /your_home_directory/.ssh.
Now that that’s done, do the following:
The above example is for MacOS. For Windows you should be able to do notepad instead of nano. Also Windows uses for path separator, and MacOS or other ‘IXes use /.
Now in the new config file copy and paste the following. Change to suit your environment:
The nice thing about setting up host configs is you don’t have to specify the key file every time and you can assign the host a nickname that you can use on the command line.
Hit CTRL-X, Y, Enter if using nano or CTRL-S if using notepad.
Now let’s connect to our VPS!
Hopefully you are now logged in to your VPS and have a shell prompt. Now we need to update:
This will take a little time to complete. Next, let’s set our server’s Fully Qualified Domain Name or FQDN:
Now, although we've already setup our VCN firewall for the virtual network, we need to update IP Tables from within Ubuntu. You have two options: you can either disable IP tables completely and rely on the subnet firewall, or we can add the allow rules for ports 443 and 80 manually. You could also install a firewall management tool, such as the Uncomplicated Firewall (UFW). Your choice.
Option 1 - Remove IP Tables Completely:
Option 2 - Allow Ports 443 and 80:
Step 4 — Install Server Software
Now we’ll install the NGINX http server:
Once that’s done you can test to see if it’s working by entering http://your-host.example.com in your web browser. You should see the default (it works) web page.
Next let’s install PHP-FPM, which is a very fast version of PHP that runs as a daemon. We’ll install the latest version, which is v8.1 at the time of this writing:
Let’s see if it’s working:
Hopefully, you will see the above output.
Now it’s time to install Mysql, which you’re probably going to want:
Once that’s done, we need to setup Mysql for production by running:
Enter y for the first question if you want to enforce complex passwords, and then set a root password. Enter y for the rest of the questions.
Next we’ll install the php-mysql extension:
Now we need to create a Mysql super user:
Step 5 — Configure NGINX
First we’ll create a non-privileged user to store our public HTML files:
You can enter the finger information if you like but it’s optional.
You’ll probably want to import your public key that you created with ssh-keygen:
Now copy and paste your id_rsa.pub contents from your .ssh directory on your local PC into the authorized_keys file.
Hit CTRL-X, Y, Enter to save.
Ok, let’s create some directories for our server root:
Enter the following into the new file:
Now let’s create a directory for PHPMyAdmin, a web-based Mysql admin tool:
Save the file and then hit CTRL-D to exit the web user session.
Now we need to configure NGINX. First we’ll set up cache control:
Copy and past the following into the new file:
Again, CTRL-X, Y, Enter to save. Now we’ll create a virtual host configuration:
Copy and paste the following config into the new file, change to suit your situation, and then hit CTRL-X, Y, Enter:
The above configuration will route any files not found to index.php, which is usually what you want.
Next, we’ll create a configuration for PHPMyAdmin:
Copy and paste the following configuration:
Now let’s enable the configurations by creating symbolic links:
And reload NGINX:
Now refresh your your-host.example.com page. You should see the phpinfo page.
Step 6 — Setup SSL
In my example, we’re going to use certbot, a free SSL certificate tool provided by the Electronic Frontier Foundation:
Certbot will ask you to enter an admin email address. This will be your login identifier for Let’s Encrypt. Next, certbot will ask you if you want to receive periodic emails from the EFF. This is totally up to you.
Next you should see a list of virtual hosts that are configured in NGINX. In this example, we only have two: your-host.example.com and pma.your-host.example.com. You can just hit enter to select them all. Certbot will then do the following:
- Create a hash file in each virtual host’s root directory
- Verify those hashes via HTTP
- Install the newly issues SSL certificates
- Automatically configure your NGINX config files for SSL
Now if you refresh your web browser, it should automatically redirect you from http to https. If not, just change it in the address bar. Check that you are able to connect to https://pma.your-host.example.com and login with the admin user we created.
I hope everything went as planned and you are now the proud new owner of a completely free web server.
For information on how to create backups of your VPS, please see: Scheduling Backups on an Oracle Cloud VPS.
Thanks for reading!