WordPress is the most widely used open-source web blogging and content management software that powers around 60 million websites. It is written in PHP and uses MariaDB / MySQL as a database.
This tutorial helps you how to install WordPress 5.x with Nginx on Ubuntu 18.04 / Ubuntu 16.04.
We will also see how to install Let’s Encrypt SSL for WordPress for secure delivery of the website.
Install LEMP Stack
Before proceeding, you might want to look at how to install LEMP stack.
Install LEMP (Nginx, MariaDB, and PHP) Stack on Ubuntu 18.04
Install LEMP (Nginx, MariaDB, and PHP) Stack on Ubuntu 16.04
Install PHP Extensions
The following extensions are required to install and run WordPress on Ubuntu OS.
sudo apt install -y php-mysql php-dom php-simplexml php-ssh2 php-xml php-xmlreader php-curl php-exif php-ftp php-gd php-iconv php-imagick php-json php-mbstring php-posix php-sockets php-tokenizer
Configure Nginx Server Block For WordPress
Let’s create an Nginx server block for WordPress installation. Virtual host configuration files can be found in /etc/nginx/conf.d directory.
Server block requires a domain name, port number, document root, log location, fast CGI, etc.
Assume the following,
Domain Name: www.itzgeek.net
Document Root: /sites/www.itzgeek.net/public_html/
Logs: /sites/www.itzgeek.net/logs/
Create a virtual host.
sudo nano /etc/nginx/conf.d/www.itzgeek.net.conf
Place the following content.
server {
listen 80;
server_name www.itzgeek.net;
root /sites/www.itzgeek.net/public_html/;
index index.html index.php;
access_log /sites/www.itzgeek.net/logs/access.log;
error_log /sites/www.itzgeek.net/logs/error.log;
# Don't allow pages to be rendered in an iframe on external domains.
add_header X-Frame-Options "SAMEORIGIN";
# MIME sniffing prevention
add_header X-Content-Type-Options "nosniff";
# Enable cross-site scripting filter in supported browsers.
add_header X-Xss-Protection "1; mode=block";
# Prevent access to hidden files
location ~* /\.(?!well-known\/) {
deny all;
}
# Prevent access to certain file extensions
location ~\.(ini|log|conf)$ {
deny all;
}
# Enable WordPress Permananent Links
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
Create document root and logs directory.
sudo mkdir -p /sites/www.itzgeek.net/public_html/ sudo mkdir -p /sites/www.itzgeek.net/logs/
Verify the configuration files.
sudo nginx -t
If you get the following, it means that virtual host entries are correct.
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Restart the services.
sudo systemctl restart nginx
Install Let’s Encrypt SSL for WordPress (Optional)
In the current situation, almost all websites use HTTPS (SSL certificate) for authenticity, secure accounts, to keep user communications private. Google asks owners to switch to HTTPS for better security and improve rankings.
Install Certbot
To generate an SSL certificate, install Certbot ACME client on your system. It handles certificate issuance and installation of certificate with no downtime.
The Certbot client is not available in Ubuntu repositories. So, we need to configure Certbot PPA on Ubuntu.
sudo apt update sudo apt install -y software-properties-common sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot sudo apt update
Now, install the certbot client.
sudo apt install -y certbot python-certbot-nginx
Update / Change DNS Record
Access your domain registrar and create an A/CNAME record for your domain.
Wait for some time to let the record propagate.
Install Let’s Encrypt SSL Certificate
Use the certbot command to generate and install a Let’s Encrypt certificate.
sudo certbot --nginx
Output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] << Enter email id to receive notification - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A << Accept Terms of Service - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y << Subscribe to newsletter Which names would you like to activate HTTPS for? - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: www.itzgeek.net - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate numbers separated by commas and/or spaces, or leave input blank to select all options shown (Enter 'c' to cancel): 1 << Install SSL certificate for www.itzgeek.net Deploying Certificate to VirtualHost /etc/nginx/conf.d/www.itzgeek.net.conf Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 < Redirect HTTP traffic to HTTPS site Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/www.itzgeek.net.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://www.itzgeek.net You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=www.itzgeek.net - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/www.itzgeek.net/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/www.itzgeek.net/privkey.pem Your cert will expire on 2019-12-12. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Redirect non-www HTTP requests to www HTTPS with Nginx
We will now create a new server block to redirect the traffic comes for non-www HTTP site to the www HTTPS site. I.e., http://itzgeek.net >> https://www.itzgeek.net.
sudo nano /etc/nginx/conf.d/www.itzgeek.net.conf
Add the below block at the end of the file.
# Redirect NON-WWW HTTP to WWW HTTPS
server {
if ($host = itzgeek.net) {
return 301 https://www.itzgeek.net$request_uri;
}
server_name itzgeek.net;
listen 80;
return 404;
}
Restart the Nginx service.
sudo systemctl restart nginx
Create Database For WordPress
Login into MySQL.
sudo mysql -u root -p
Create the desired database for WordPress.
CREATE DATABASE wordpress;
Create a user.
CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'wppassword';
Grant permission to the created user to access the database.
GRANT ALL PRIVILEGES ON wordpress.* TO 'wpuser'@'localhost';
Exit from the MariaDB shell.
quit
Download WordPress
Download the latest WordPress package.
wget http://wordpress.org/latest.tar.gz
Extract WordPress package.
tar -zxvf latest.tar.gz
Move the WordPress files to the document root.
sudo mv wordpress/* /sites/www.itzgeek.net/public_html/
Make the Apache (www-data) user as the owner to the WordPress site.
sudo chown -R www-data:www-data /sites/www.itzgeek.net/public_html/ sudo chown -R www-data:www-data /sites/www.itzgeek.net/logs/
Install WordPress
Open your browser and visit:
You will get the WordPress installation wizard.
Choose the language for your WordPress installation.
Ensure you have WordPress database name, database user, and database user’s password. If you are ready, click the Let’s go!.
In this page, enter the database information to let WordPress connect with database.
If the connection to the database is successful, you will get the below page. Click Run the Installation.
In this page, enter the site title, WordPress admin, and password (of your choice) and then the email address. Then, click Install WordPress.
The WordPress installation is now complete. You can click on Login to go to the WordPress Admin page.
Enter the WordPress admin user and its password to access the WordPress Admin page.
WordPress Admin:
WordPress Frontend:
WordPress server information (YLD Server Information plugin):
Few Extra Configurations
Configure Maximum File Size Upload for WordPress
By default, PHP doesn’t allow web uploads above 2MB. To allow larger file uploads through the WordPress web interface, configure the upload_max_filesize setting in php.ini.
sudo nano /etc/php/7.2/fpm/php.ini
Change the upload size as per your requirement
; Maximum allowed size for uploaded files. ; http://php.net/upload-max-filesize upload_max_filesize = 256M
Restart the php7.2-fpm service.
sudo systemctl restart php7.2-fpm
Configure client_max_body_size on Nginx for WordPress
You may encounter below error even if you have changed maximum upload filesize in the previous step.
2019/09/13 04:40:08 [error] 3803#3803: *517 client intended to send too large body: 9872781 bytes, client: 49.207.143.143, server: www.itzgeek.net, request: "POST /wp-admin/update.php?action=upload-theme HTTP/1.1", host: "www.itzgeek.net", referrer: "https://www.itzgeek.net/wp-admin/theme-install.php?browse=featured"
Add client_max_body_size core module in Nginx server configuration file.
sudo nano /etc/nginx/nginx.conf
The directive can be added to http block (for all sites), particular server block, or in location context. I am adding the directive to http block which sets the value for all sites running on this server.
http {
....
client_max_body_size 256M;
....
}
Also, we have to change the value of post_max_size in php7.2-fpm.
sudo nano /etc/php/7.2/fpm/php.ini
Change the upload size as per your requirement.
post_max_size = 256M
Restart the services.
sudo systemctl restart php7.2-fpm sudo systemctl restart nginx
Conclusion
That’s All. I hope you have learned how to install WordPress 5.x with Nginx on Ubuntu 18.04 / Ubuntu 16.04. Please share your feedback in the comments section.
