WordPress is one of the most widely used open-source content management software. It powers around 60 million websites including 33% of the top 10 million websites. It is written in PHP and uses
MariaDB /
MySQL as a database to store information.
Here, we will see how to install
WordPress with
Nginx on
Ubuntu 20.04. We will also deploy
Let’s Encrypt SSL for WordPress for the secure delivery of the website.
Install WordPress With Nginx On Ubuntu 20.04
Install LEMP Stack
Before proceeding, set up the LEMP stack on Ubuntu 20.04 for a WordPress installation.
Install LEMP (Nginx, MariaDB, and PHP) Stack on Ubuntu 20.04
Install PHP Extensions
The following extensions are required for WordPress to run on Ubuntu 20.04. So, install them using the
apt command.
sudo apt update
sudo apt install -y php-dom php-simplexml php-ssh2 php-xml php-xmlreader php-curl php-exif php-ftp php-gd php-iconv php-imagick php-json php-mbstring php-posix php-sockets php-tokenizer
Create Nginx Server Block For WordPress
Let’s create an Nginx’s server block for WordPress installation. This server block requires a domain name, port number, document root, log location, fast CGI, etc.
Assume the following,
Domain Name: www.holhol24.net
Document Root: /sites/www.holhol24.net/public_html/
Logs: /sites/www.holhol24.net/logs/
Create a server block configuration file under the /etc/nginx/conf.d directory.
sudo nano /etc/nginx/conf.d/www.holhol24.net.conf
Place the following content.
server {
server_name www.holhol24.net;
root /sites/www.holhol24.net/public_html/;
index index.html index.php;
access_log /sites/www.holhol24.net/logs/access.log;
error_log /sites/www.holhol24.net/logs/error.log;
# Don't allow pages to be rendered in an iframe on external domains.
add_header X-Frame-Options "SAMEORIGIN";
# MIME sniffing prevention
add_header X-Content-Type-Options "nosniff";
# Enable cross-site scripting filter in supported browsers.
add_header X-Xss-Protection "1; mode=block";
# Prevent access to hidden files
location ~* /.(?!well-known/) {
deny all;
}
# Prevent access to certain file extensions
location ~.(ini|log|conf)$ {
deny all;
}
# Enable WordPress Permananent Links
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ .php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
Create document root and logs directory.
sudo mkdir -p /sites/www.holhol24.net/public_html/
sudo mkdir -p /sites/www.holhol24.net/logs/
Verify the configuration files.
sudo nginx -t
The following message confirms that Nginx’s server block configuration is correct.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Restart the services.
sudo systemctl restart nginx
Install Let’s Encrypt SSL for WordPress (Optional)
In the current situation, almost all websites/blogs use HTTPS (SSL certificate) for authenticity. Google asks owners to
switch to HTTPS for better security and improve Google page rankings.
Install Certbot
To generate an SSL certificate, install
Certbot ACME client on your system. It handles certificate issuance and installation of the certificate with no downtime.
At the time of writing this article, Certbot client doesn’t automatically configure Nginx to use an SSL certificate. We need to install the SSL certificates manually.
The Certbot client is now available in Ubuntu repositories. So, install it with
apt command.
sudo apt update
sudo apt install -y software-properties-common
sudo add-apt-repository universe
sudo apt update
Now, install the certbot client.
sudo apt install -y certbot
Update / Change DNS Record
Go to your domain registrar and create an A/CNAME record for your domain.
Wait for some time to let the record propagate.
Generate Let’s Encrypt SSL Certificate
Use the certbot command to generate and install a Let’s Encrypt certificate.
sudo certbot certonly --webroot
Output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator webroot, Installer None Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): holhol24.web@gmail.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y www.holhol24.net Obtaining a new certificate Performing the following challenges: http-01 challenge for www.holhol24.net Input the webroot for www.holhol24.net: (Enter 'c' to cancel): /sites/www.holhol24.net/public_html/ Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/www.holhol24.net/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/www.holhol24.net/privkey.pem Your cert will expire on 2020-08-07. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Deploy Let’s Encrypt SSL Certificate
Edit the Nginx’s server block file we created for a WordPress installation.
sudo nano /etc/nginx/conf.d/www.holhol24.net.conf
Add the SSL certificate into the server block.
server {
. . .
# Let's Encrypt SSL certificate
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/www.holhol24.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.holhol24.net/privkey.pem;
. . .
}
Redirect HTTP requests to HTTPS with Nginx
We will also create two more server blocks to redirect the traffic comes for the HTTP site to the HTTPS site.
sudo nano /etc/nginx/conf.d/www.holhol24.net.conf
Add the below block at the end of the file.
# Redirect WWW HTTP to WWW HTTPS # http://www.holhol24.net >> https://www.holhol24.net server { if ($host = www.holhol24.net) { return 301 https://$host$request_uri; } server_name www.holhol24.net; listen 80; return 404; } # Redirect NON-WWW HTTP to WWW HTTPS # http://holhol24.net >> https://www.holhol24.net server { if ($host = holhol24.net) { return 301 https://www.holhol24.net$request_uri; } server_name holhol24.net; listen 80; return 404; }
Restart the Nginx service.
sudo systemctl restart nginx
Create Database For WordPress
Login into MariaDB / MySQL.
sudo mysql -u root -p
Create the desired database for WordPress.
CREATE DATABASE wordpress;
Create a user.
CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'wppassword';
Grant permission to the created user to access the database.
GRANT ALL PRIVILEGES ON wordpress.* TO 'wpuser'@'localhost';
Exit from the MariaDB / MySQL shell.
quit
Download WordPress
Download the latest version of WordPress from WordPress.org.
wget http://wordpress.org/latest.tar.gz
Extract the WordPress package with
tar command.
tar -zxvf latest.tar.gz
Move the WordPress files to the document root.
sudo mv wordpress/* /sites/www.holhol24.net/public_html/
Change the ownership so that the Nginx web server can write files into it.
sudo chown -R www-data:www-data /sites/www.holhol24.net/public_html/
sudo chown -R www-data:www-data /sites/www.holhol24.net/logs/
Install WordPress
Open your
web browser and visit:
http://your-web-site-url
You will get the WordPress installation wizard.
Click the Let’s go!.
On this page, enter the database details to let WordPress connect with the database.
If the connection to the database is successful, you will get the below page. Click Run the Installation.
On this page, enter the site title, WordPress admin, and password (of your choice) and then the email address. Then, click Install WordPress.
The WordPress installation is now complete. You can click on Login to go to the WordPress Admin (Backend).
Enter the WordPress admin user and its password to access the WordPress Admin page.
WordPress Admin:
WordPress Frontend:
WordPress server information (YLD Server Information plugin):
Configure Maximum Upload Filesize
By default, PHP doesn’t allow uploads above file size of 2MB. To allow larger file uploads through the WordPress web interface, configure the upload_max_filesize setting & post_max_sizin php.ini.
sudo nano /etc/php/7.4/fpm/php.ini
Change the upload size as per your requirement
upload_max_filesize = 256M
Change the upload size as per your requirement.
post_max_size = 256M
Add the client_max_body_size core module in the Nginx server configuration file.
sudo nano /etc/nginx/nginx.conf
The directive can be added to the HTTP block (for all sites), particular server block, or in location context.
I am adding the directive to the HTTP block which sets the value for all sites running on this server.
http {
....
client_max_body_size 256M;
....
}
Restart the services.
sudo systemctl restart php7.4-fpm
sudo systemctl restart nginx
Conclusion
That’s All. I hope you have learned how to install
WordPress with
Nginx on
Ubuntu 20.04. Please share your feedback in the comments section.
