How to Install WordPress with Nginx and Let’s Encrypt SSL on Debian 11

WordPress is the most popular website platform on the internet. It is free, open-source, and works well with almost any web hosting service, making it one of the easiest to install and use.

If you do not have any web hosting yet, we recommend installing WordPress on your local Debian machine or VPS.

Here, we will see how to install WordPress with Nginx on Debian 11.

Install LEMP Stack

Follow the below links to install the LEMP stack on your Debian system for your WordPress installation.

Install EMP (Nginx, MariaDB, and PHP) on Debian 11

Setup Nginx Virtual Host

We will start with creating a virtual host for a WordPress installation. You can find all Nginx’s virtual host configuration files under /etc/nginx/conf.d directory. Typically virtual host files contain a domain name, port number, document root, log location, fast CGI, etc.

Assume the following,

Domain name: itzgeek.net, www.itzgeek.net
Port No: 80
Document root: /usr/share/nginx/www.itzgeek.net/html
Logs: /usr/share/nginx/www.itzgeek.net/logs

Create a virtual host configuration.

sudo nano /etc/nginx/conf.d/www.itzgeek.net.conf

Then, place the following content into the above configuration file. You will need to change server_name as per your requirement.

server {
	server_name itzgeek.net www.itzgeek.net;
	root /usr/share/nginx/www.itzgeek.net/html;

	index index.php index.html;

	access_log /usr/share/nginx/www.itzgeek.net/logs/access.log;
	error_log /usr/share/nginx/www.itzgeek.net/logs/error.log;

	# Prevent access to hidden files
	location ~* /\.(?!well-known\/) {
		deny all;
	}

	# Prevent access to certain file extensions
	location ~\.(ini|log|conf)$ {
		deny all;
	}

        # Enable WordPress Permananent Links
	location / {
		try_files $uri $uri/ /index.php?$args;
	}

	location ~ \.php$ {
        # NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
        include fastcgi_params;
        fastcgi_intercept_errors on;
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	}

}

Create a document root and logs directory.

sudo mkdir -p /usr/share/nginx/www.itzgeek.net/html/

sudo mkdir -p /usr/share/nginx/www.itzgeek.net/logs/

Verify the Nginx configuration file with the below command.

sudo nginx -t

If you get the following, it means that the virtual host configuration is correct.

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Restart the Nginx and PHP-FPM services.

sudo systemctl reload nginx php7.4-fpm

Create DNS Record

Go to your domain registrar and create an A and CNAME (optional if you do not want to use www subdomain) record for your domain. Typically you will have to make two records for your WordPress website.

1. Non-www Domain Name (Ex. itzgeek.net) >> A record point to your server IP
2. www Domain Name (Ex. www.itzgeek.net)  >> CNAME record point to itzgeek.net

For this demo, I will create two records so that my WordPress website will be accessible at www.itzgeek.net.

Install Let’s Encrypt SSL Certificate

Install Certbot client

The Certbot client, which helps us generate and install the Let’s Encrypt SSL certificate, is now available as a snap package for Debian operating system. So, first, install snapd daemon on your system.

sudo apt update

sudo apt install -y snapd

Then, update snapd to the latest version.

sudo snap install core && sudo snap refresh core

Finally, install the Certbot client using the below command.

sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Install SSL Certificate

Use the below command to generate and install the Let’s Encrypt SSL certificate for the Nginx web server.

sudo certbot --nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: itzgeek.net
2: www.itzgeek.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1,2

Wait for the SSL installation to complete. You will now be able to access the website with HTTPS.

Note: If you access the website now, you will get a 403 forbidden error because you are yet to place WordPress files.

Redirect non-www HTTP requests to www HTTPS with Nginx

You may like to configure the Nginx server to redirect the traffic from the non-www HTTP site to the WWW HTTPS site, I.e., http://itzgeek.net >> https://www.itzgeek.net.

Auto-Renew SSL Certificate

The Certbot client now includes auto-renewal of SSL certificates through the systemd. So, you will not have to renew the certificates manually.

Install WordPress with Nginx

Create WordPress Database

First, login into MariaDB/MySQL database server.

sudo mysql -u root -p

Then, create the database for WordPress installation along with the database user and password.

CREATE DATABASE wpdatabase;

CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'wppassword';

GRANT ALL PRIVILEGES ON wpdatabase.* TO 'wpuser'@'localhost';

EXIT

Download WordPress

Download the latest version of the WordPress installer by using the following command.

curl -O https://wordpress.org/latest.tar.gz

Then, extract the downloaded file.

tar -zxvf latest.tar.gz

And then, move the files to your website document root directory.

sudo mv wordpress/* /usr/share/nginx/www.itzgeek.net/html/

Update the ownership and a group of the WordPress directory.

sudo chown -R www-data:www-data /usr/share/nginx/www.itzgeek.net/

Install WordPress

Open your browser and visit your WordPress website domain to perform the WordPress installation.

Access WordPress Website

Now, you will be able to access the site with your domain name.

Conclusion

That’s All. I hope you have learned how to install WordPress with Nginx on Debian 11.