How To Install WordPress 5.x With Nginx On Ubuntu 18.04 / Ubuntu 16.04

0

WordPress is the most widely used open-source web blogging and content management software that powers around 60 million websites. It is written in PHP and uses MariaDB / MySQL as a database.

This tutorial helps you how to install WordPress 5.x with Nginx on Ubuntu 18.04 / Ubuntu 16.04.

We will also see how to install Let’s Encrypt SSL for WordPress for secure delivery of the website.

Install LEMP Stack

Before proceeding, you might want to look at how to install LEMP stack.

Install LEMP (Nginx, MariaDB, and PHP) Stack on Ubuntu 18.04

Install LEMP (Nginx, MariaDB, and PHP) Stack on Ubuntu 16.04

Install PHP Extensions

The following extensions are required to install and run WordPress on Ubuntu OS.

sudo apt install -y php-mysql php-dom php-simplexml php-ssh2 php-xml php-xmlreader php-curl php-exif php-ftp php-gd php-iconv php-imagick php-json php-mbstring php-posix php-sockets php-tokenizer

Configure Nginx Server Block For WordPress

Let’s create an Nginx server block for WordPress installation. Virtual host configuration files can be found in /etc/nginx/conf.d directory.

Server block requires a domain name, port number, document root, log location, fast CGI, etc.

Assume the following,

Domain Name: www.itzgeek.net
Document Root: /sites/www.itzgeek.net/public_html/
Logs: /sites/www.itzgeek.net/logs/

Create a virtual host.

If you have installed Nginx from Ubuntu repository, the virtual host configuration files are found in /etc/nginx/sites-enabled, and the file path will be like /etc/nginx/sites-enabled/www.itzgeek.net.conf.
sudo nano /etc/nginx/conf.d/www.itzgeek.net.conf

Place the following content.

server {
	listen 80; 
	server_name www.itzgeek.net;

	root /sites/www.itzgeek.net/public_html/;

	index index.html index.php;

	access_log /sites/www.itzgeek.net/logs/access.log;
	error_log /sites/www.itzgeek.net/logs/error.log;

	# Don't allow pages to be rendered in an iframe on external domains.
	add_header X-Frame-Options "SAMEORIGIN";

	# MIME sniffing prevention
	add_header X-Content-Type-Options "nosniff";

	# Enable cross-site scripting filter in supported browsers.
	add_header X-Xss-Protection "1; mode=block";

	# Prevent access to hidden files
	location ~* /\.(?!well-known\/) {
		deny all;
	}

	# Prevent access to certain file extensions
	location ~\.(ini|log|conf)$ {
		deny all;
	}
        
        # Enable WordPress Permananent Links
	location / {
		try_files $uri $uri/ /index.php?$args;
	}

	location ~ \.php$ {
        include /etc/nginx/fastcgi_params;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	}

}

Create document root and logs directory.

sudo mkdir -p /sites/www.itzgeek.net/public_html/

sudo mkdir -p /sites/www.itzgeek.net/logs/

Verify the configuration files.

sudo nginx -t

If you get the following, it means that virtual host entries are correct.

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Restart the services.

sudo systemctl restart nginx

Install Let’s Encrypt SSL for WordPress (Optional)

In the current situation, almost all websites use HTTPS (SSL certificate) for authenticity, secure accounts, to keep user communications private. Google asks owners to switch to HTTPS for better security and improve rankings.

Install Certbot

To generate an SSL certificate, install Certbot ACME client on your system. It handles certificate issuance and installation of certificate with no downtime.

The Certbot client is not available in Ubuntu repositories. So, we need to configure Certbot PPA on Ubuntu.

sudo apt update

sudo apt install -y software-properties-common

sudo add-apt-repository universe

sudo add-apt-repository ppa:certbot/certbot

sudo apt update

Now, install the certbot client.

sudo apt install -y certbot python-certbot-nginx

Update / Change DNS Record

Access your domain registrar and create an A/CNAME record for your domain.

Update DNS Record
Update DNS Record

Wait for some time to let the record propagate.

Install Let’s Encrypt SSL Certificate

Use the certbot command to generate and install a Let’s Encrypt certificate.

sudo certbot --nginx

Output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]  << Enter email id to receive notification

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A  << Accept Terms of Service

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y  << Subscribe to newsletter

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: www.itzgeek.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1  << Install SSL certificate for www.itzgeek.net
Deploying Certificate to VirtualHost /etc/nginx/conf.d/www.itzgeek.net.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2  < Redirect HTTP traffic to HTTPS site
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/www.itzgeek.net.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://www.itzgeek.net

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=www.itzgeek.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:                                                                                                   
 - Congratulations! Your certificate and chain have been saved at:                                                 
   /etc/letsencrypt/live/www.itzgeek.net/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/www.itzgeek.net/privkey.pem
   Your cert will expire on 2019-12-12. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Redirect non-www HTTP requests to www HTTPS with Nginx

We will now create a new server block to redirect the traffic comes for non-www HTTP site to the www HTTPS site. I.e., http://itzgeek.net >> https://www.itzgeek.net.

sudo nano /etc/nginx/conf.d/www.itzgeek.net.conf

Add the below block at the end of the file.

# Redirect NON-WWW HTTP to WWW HTTPS

server {
    if ($host = itzgeek.net) {
        return 301 https://www.itzgeek.net$request_uri;
    }


   server_name itzgeek.net;
    listen 80;
    return 404;

}

Restart the Nginx service.

sudo systemctl restart nginx

Create Database For WordPress

Login into MySQL.

sudo mysql -u root -p

Create the desired database for WordPress.

CREATE DATABASE wordpress;

Create a user.

CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'wppassword';

Grant permission to the created user to access the database.

GRANT ALL PRIVILEGES ON wordpress.* TO 'wpuser'@'localhost';

Exit from the MariaDB shell.

quit

Download WordPress

Download the latest WordPress package.

wget http://wordpress.org/latest.tar.gz

Extract WordPress package.

tar -zxvf latest.tar.gz

Move the WordPress files to the document root.

sudo mv wordpress/* /sites/www.itzgeek.net/public_html/

Make the Apache (www-data) user as the owner to the WordPress site.

sudo chown -R www-data:www-data /sites/www.itzgeek.net/public_html/

sudo chown -R www-data:www-data /sites/www.itzgeek.net/logs/

Install WordPress

Open your browser and visit:

http://your-web-site-url

You will get the WordPress installation wizard.

Choose the language for your WordPress installation.

Choose Language
Choose Language

Ensure you have WordPress database name, database user, and database user’s password. If you are ready, click the Let’s go!.

Let's Go
Let’s Go

In this page, enter the database information to let WordPress connect with database.

WordPress Database Details
WordPress Database Details

If the connection to the database is successful, you will get the below page. Click Run the Installation.

Run WordPress Installation
Run WordPress Installation

In this page, enter the site title, WordPress admin, and password (of your choice) and then the email address. Then, click Install WordPress.

Site Details
Site Details

The WordPress installation is now complete. You can click on Login to go to the WordPress Admin page.

WordPress Installation Completed
WordPress Installation Completed

Enter the WordPress admin user and its password to access the WordPress Admin page.

WordPress Admin Login
WordPress Admin Login

WordPress Admin:

WordPress Admin
WordPress Admin

WordPress Frontend:

WordPress Site
WordPress Site

WordPress server information (YLD Server Information plugin):

Server Information
Server Information

Few Extra Configurations

Configure Maximum File Size Upload for WordPress

By default, PHP doesn’t allow web uploads above 2MB. To allow larger file uploads through the WordPress web interface, configure the upload_max_filesize setting in php.ini.

sudo nano /etc/php/7.2/fpm/php.ini

Change the upload size as per your requirement

; Maximum allowed size for uploaded files.
; http://php.net/upload-max-filesize
upload_max_filesize = 256M

Restart the php7.2-fpm service.

sudo systemctl restart php7.2-fpm

Configure client_max_body_size on Nginx for WordPress

You may encounter below error even if you have changed maximum upload filesize in the previous step.

2019/09/13 04:40:08 [error] 3803#3803: *517 client intended to send too large body: 9872781 bytes, client: 49.207.143.143, server: www.itzgeek.net, request: "POST /wp-admin/update.php?action=upload-theme HTTP/1.1", host: "www.itzgeek.net", referrer: "https://www.itzgeek.net/wp-admin/theme-install.php?browse=featured"

Add client_max_body_size core module in Nginx server configuration file.

sudo nano /etc/nginx/nginx.conf

The directive can be added to http block (for all sites), particular server block, or in location context. I am adding the directive to http block which sets the value for all sites running on this server.

http {
....

    client_max_body_size 256M;

....
}

Also, we have to change the value of post_max_size in php7.2-fpm.

sudo nano /etc/php/7.2/fpm/php.ini

Change the upload size as per your requirement.

post_max_size = 256M

Restart the services.

sudo systemctl restart php7.2-fpm

sudo systemctl restart nginx

Conclusion

That’s All. I hope you have learned how to install WordPress 5.x with Nginx on Ubuntu 18.04 / Ubuntu 16.04. Please share your feedback in the comments section.

You might also like