Install WordPress with Nginx and Let’s Encrypt SSL on Ubuntu 22.04

0

WordPress is one of the most popular website platforms on the internet. It is a free, open-source content management system that works well with almost any web hosting service, making it one of the easiest to install and use for publishing online content.

Regular web hosting may not be sufficient for traffic-intensive websites. So, it would be best if you have Ubuntu VPS to install WordPress.

Here, we will see how to install WordPress with Nginx on Ubuntu 22.04.

Install LEMP Stack

Follow the below link to install the LEMP stack on your Ubuntu system for a WordPress installation.

Set up LEMP (Nginx, MariaDB, and PHP) on Ubuntu 22.04

Configure PHP for WordPress

The default PHP values may not be appropriate for everyone, and you may need to change them based on the requirement. So, update the /etc/php/8.1/fpm/php.ini file as per your requirement. You may start with the below values for now and increase or decrease the values at any time when required.

max_connection_time = 300

upload_max_filesize = 64M

post_max_size = 64M

sudo sed -i 's/^max_execution_time \= .*/max_execution_time \= 300/g' /etc/php/8.1/fpm/php.ini

sudo sed -i 's/^upload_max_filesize \= .*/upload_max_filesize \= 64M/g' /etc/php/8.1/fpm/php.ini

sudo sed -i 's/^post_max_size \= .*/post_max_size \= 64M/g' /etc/php/8.1/fpm/php.ini

Setup Nginx Server Block

We will start with creating a server block for a WordPress installation. Typically a server block contains domain names, document root, log location, fast CGI, etc.

Assume the following,

Domain name: itzgeek.net, www.itzgeek.net
Port No: 80
Document root: /usr/share/nginx/www.itzgeek.net/html
Logs: /usr/share/nginx/www.itzgeek.net/logs
Server block: /etc/nginx/conf.d/www.itzgeek.net.conf

If you have installed Nginx from the Ubuntu repository, you need to create a server block configuration file under /etc/nginx/sites-available directory and WordPress files under the /var/www/html directory

First, create a  server block configuration file.

sudo nano /etc/nginx/conf.d/www.itzgeek.net.conf

Then, place the following server block information into the above file. However, you may need to change the server_name , root, and fastcgi_pass details as per your requirement.

server {
	server_name itzgeek.net www.itzgeek.net;
	root /usr/share/nginx/www.itzgeek.net/html;

	index index.php index.html;

	access_log /usr/share/nginx/www.itzgeek.net/logs/access.log;
	error_log /usr/share/nginx/www.itzgeek.net/logs/error.log;

	# Prevent access to hidden files
	location ~* /\.(?!well-known\/) {
		deny all;
	}

	# Prevent access to certain file extensions
	location ~\.(ini|log|conf)$ {
		deny all;
	}

        # Enable WordPress Permananent Links
	location / {
		try_files $uri $uri/ /index.php?$args;
	}

	location ~ \.php$ {
               include fastcgi_params;
               fastcgi_intercept_errors on;
               fastcgi_pass unix:/run/php/php8.1-fpm.sock;
               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	}

}

Next, create a document root and logs directory.

sudo mkdir -p /usr/share/nginx/www.itzgeek.net/html/

sudo mkdir -p /usr/share/nginx/www.itzgeek.net/logs/

Then, verify the Nginx configuration file with the below command.

sudo nginx -t

If you get the following message, the server block configurations are correct.

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Finally, restart the Nginx and PHP-FPM services.

sudo systemctl reload nginx php8.1-fpm

If you do not wish to secure WordPress installation with a free SSL certificate, proceed directly to installing WordPress.

Create DNS Record for WordPress

Visit your domain registrar portal and create an A and CNAME (optional if you do want to use the www subdomain) record for your domain. Typically you will have to make two records for your WordPress website.

  1. Non-www Domain Name (Ex. itzgeek.net) >> A record point to your server IP
  2. www Domain Name (Ex. www.itzgeek.net) >> CNAME record point to itzgeek.net

Example:

DNS Records
DNS Records

Install Let’s Encrypt SSL Certificate

Install Certbot client

The Certbot client, which helps us install the Let’s Encrypt SSL certificate, is now available as a snap package for Ubuntu operating system. So first, install snapd daemon on your system.

sudo apt update

sudo apt install -y snapd

Then, update snapd to the latest version.

sudo snap install core && sudo snap refresh core

Finally, install the Certbot client using the below command.

sudo snap install --classic certbot

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Install SSL Certificate

Use the below command to generate and install the Let’s Encrypt SSL certificate for the Nginx web server.

sudo certbot --nginx
1. Enter email address to receive notification on urgent renewal and security notices
2. Type Y and press Enter to register with the ACME server
3. Type Y or N to receive emails about EFF news, campaigns, and newsletter.
4. Certbot will automatically detect the WordPress domain and ask you permission to activate HTTPS for your WordPress website. Type 1 or appropriate numbers separated by a comma if you have multiple websites.
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: itzgeek.net
2: www.itzgeek.net
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1,2

Wait for the SSL installation to complete. You will now be able to access the website with HTTPS.

Note: If you access the website now, you will get a 403 forbidden error because you are yet to place WordPress files.

Redirect non-www HTTP requests to www HTTPS with Nginx

You may like to configure domain redirection to redirect the traffic from the non-www HTTP site to the WWW HTTPS site, I.e., http://itzgeek.net >> https://www.itzgeek.net.

Auto-Renew SSL Certificate

The Certbot client has an auto-renewal function for renewing SSL certificates through the systemd. So, you will not have to renew the certificates manually.

Install WordPress with Nginx on Ubuntu 22.04

Create WordPress Database

First, login into MariaDB/MySQL database server.

sudo mysql -u root -p

Then, create the database for WordPress installation and the database user and password.

CREATE DATABASE wpdatabase;

CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'wppassword';

GRANT ALL PRIVILEGES ON wpdatabase.* TO 'wpuser'@'localhost';

EXIT

Download WordPress

First, download the latest version of the WordPress installer by using the following command.

curl -O https://wordpress.org/latest.tar.gz

Then, extract the downloaded file.

tar -zxvf latest.tar.gz

And then, move the files to your website document root directory.

sudo mv wordpress/* /usr/share/nginx/www.itzgeek.net/html/

Next, update the ownership and a group of the WordPress directory.

sudo chown -R www-data:www-data /usr/share/nginx/www.itzgeek.net/

Install WordPress

Open your browser and visit your WordPress website domain to perform the WordPress installation.

https://your-wordpress-website

1. Choose the Installation Language and click Continue

2. Click Let’s go!

3. Enter the WordPress database details and then click Submit

4. Click Run the installation

5. Enter the WordPress website information and then click Install WordPress

6. Click Log In to access the WordPress admin backend to manage WordPress installation. Alternatively, you can access the WordPress backend by going to https://your-wordpress-website/wp-admin

Access WordPress Website

Now, you will be able to access the site with your domain name.

https://your-wordpress-website
WordPress Website on Nginx
WordPress Website on Nginx

Conclusion

That’s All. I hope you have learned how to install WordPress with Nginx on Ubuntu 22.04.

You might also like