How To Install WordPress With Nginx On Ubuntu 20.04

THIS DOCUMENT IS ALSO AVAILABLE FOR

WordPress is one of the most widely used open-source content management software. It powers around 60 million websites including 33% of the top 10 million websites. It is written in PHP and uses MariaDB / MySQL as a database to store information.

Here, we will see how to install WordPress with Nginx on Ubuntu 20.04. We will also deploy Let’s Encrypt SSL for WordPress for the secure delivery of the website.

Install WordPress With Nginx On Ubuntu 20.04

Install LEMP Stack

Before proceeding, set up the LEMP stack on Ubuntu 20.04 for a WordPress installation.

Install LEMP (Nginx, MariaDB, and PHP) Stack on Ubuntu 20.04

Install PHP Extensions

The following extensions are required for WordPress to run on Ubuntu 20.04. So, install them using the apt command.

sudo apt update

sudo apt install -y php-dom php-simplexml php-ssh2 php-xml php-xmlreader php-curl php-exif php-ftp php-gd php-iconv php-imagick php-json php-mbstring php-posix php-sockets php-tokenizer

Create Nginx Server Block For WordPress

Let’s create an Nginx’s server block for WordPress installation. This server block requires a domain name, port number, document root, log location, fast CGI, etc.

Assume the following,

Domain Name: www.itzgeek.net

Document Root: /sites/www.itzgeek.net/public_html/

Logs: /sites/www.itzgeek.net/logs/

Create a server block configuration file under the /etc/nginx/conf.d directory.

sudo nano /etc/nginx/conf.d/www.itzgeek.net.conf

Place the following content.

server {
	server_name www.itzgeek.net;
	root /sites/www.itzgeek.net/public_html/;

	index index.html index.php;

	access_log /sites/www.itzgeek.net/logs/access.log;
	error_log /sites/www.itzgeek.net/logs/error.log;

	# Don't allow pages to be rendered in an iframe on external domains.
	add_header X-Frame-Options "SAMEORIGIN";

	# MIME sniffing prevention
	add_header X-Content-Type-Options "nosniff";

	# Enable cross-site scripting filter in supported browsers.
	add_header X-Xss-Protection "1; mode=block";

	# Prevent access to hidden files
	location ~* /\.(?!well-known\/) {
		deny all;
	}

	# Prevent access to certain file extensions
	location ~\.(ini|log|conf)$ {
		deny all;
	}

        # Enable WordPress Permananent Links
	location / {
		try_files $uri $uri/ /index.php?$args;
	}

	location ~ \.php$ {
        include /etc/nginx/fastcgi_params;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
	}

}

Create document root and logs directory.

sudo mkdir -p /sites/www.itzgeek.net/public_html/

sudo mkdir -p /sites/www.itzgeek.net/logs/

Verify the configuration files.

sudo nginx -t

The following message confirms that Nginx’s server block configuration is correct.

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Restart the services.

sudo systemctl restart nginx

Install Let’s Encrypt SSL for WordPress (Optional)

In the current situation, almost all websites/blogs use HTTPS (SSL certificate) for authenticity. Google asks owners to switch to HTTPS for better security and improve Google page rankings.

Install Certbot

To generate an SSL certificate, install Certbot ACME client on your system. It handles certificate issuance and installation of the certificate with no downtime.

At the time of writing this article, Certbot client doesn’t automatically configure Nginx to use an SSL certificate. We need to install the SSL certificates manually.

The Certbot client is now available in Ubuntu repositories. So, install it with apt command.

sudo apt update

sudo apt install -y software-properties-common

sudo add-apt-repository universe

sudo apt update

Now, install the certbot client.

sudo apt install -y certbot

Update / Change DNS Record

Go to your domain registrar and create an A/CNAME record for your domain.

Update DNS Record
Update DNS Record

Wait for some time to let the record propagate.

Generate Let’s Encrypt SSL Certificate

Use the certbot command to generate and install a Let’s Encrypt certificate.

sudo certbot certonly --webroot

Output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]  << Email ID to receive renewal notification

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A << Accept Terms

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y << Subscribe to newsletter
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): www.itzgeek.net  << Domain name
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.itzgeek.net
Input the webroot for www.itzgeek.net: (Enter 'c' to cancel): /sites/www.itzgeek.net/public_html/  << Document root
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/www.itzgeek.net/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/www.itzgeek.net/privkey.pem
   Your cert will expire on 2020-08-07. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Deploy Let’s Encrypt SSL Certificate

Edit the Nginx’s server block file we created for a WordPress installation.

sudo nano /etc/nginx/conf.d/www.itzgeek.net.conf

Add the SSL certificate into the server block.

server {

   .   .   .

 # Let's Encrypt SSL certificate
   listen 443 ssl;
   ssl_certificate /etc/letsencrypt/live/www.itzgeek.net/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/www.itzgeek.net/privkey.pem;

   .   .   .

}

Redirect HTTP requests to HTTPS with Nginx

We will also create two more server blocks to redirect the traffic comes for the HTTP site to the HTTPS site.

sudo nano /etc/nginx/conf.d/www.itzgeek.net.conf

Add the below block at the end of the file.

# Redirect WWW HTTP to WWW HTTPS
# http://www.itzgeek.net >> https://www.itzgeek.net

server {
    if ($host = www.itzgeek.net) {
        return 301 https://$host$request_uri;
    }

    server_name www.itzgeek.net;
    listen 80;
    return 404;

}

# Redirect NON-WWW HTTP to WWW HTTPS
# http://itzgeek.net >> https://www.itzgeek.net

server {
    if ($host = itzgeek.net) {
        return 301 https://www.itzgeek.net$request_uri;
    }

   server_name itzgeek.net;
    listen 80;
    return 404;

}

Restart the Nginx service.

sudo systemctl restart nginx

Create Database For WordPress

Login into MariaDB / MySQL.

sudo mysql -u root -p

Create the desired database for WordPress.

CREATE DATABASE wordpress;

Create a user.

CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'wppassword';

Grant permission to the created user to access the database.

GRANT ALL PRIVILEGES ON wordpress.* TO 'wpuser'@'localhost';

Exit from the MariaDB / MySQL shell.

quit

Download WordPress

Download the latest version of WordPress from WordPress.org.

wget http://wordpress.org/latest.tar.gz

Extract the WordPress package with tar command.

tar -zxvf latest.tar.gz

Move the WordPress files to the document root.

sudo mv wordpress/* /sites/www.itzgeek.net/public_html/

Change the ownership so that the Nginx web server can write files into it.

sudo chown -R www-data:www-data /sites/www.itzgeek.net/public_html/

sudo chown -R www-data:www-data /sites/www.itzgeek.net/logs/

Install WordPress

Open your web browser and visit:

http://your-web-site-url

You will get the WordPress installation wizard.

Click the Let’s go!.

Let’s Go
Let’s Go

On this page, enter the database details to let WordPress connect with the database.

Enter WordPress Database Details
Enter WordPress Database Details

If the connection to the database is successful, you will get the below page. Click Run the Installation.

Run WordPress Installation
Run WordPress Installation

On this page, enter the site title, WordPress admin, and password (of your choice) and then the email address. Then, click Install WordPress.

Enter Site Details
Enter Site Details

The WordPress installation is now complete. You can click on Login to go to the WordPress Admin (Backend).

WordPress Installation Completed
WordPress Installation Completed

Enter the WordPress admin user and its password to access the WordPress Admin page.

WordPress Admin Login Page
WordPress Admin Login Page

WordPress Admin:

WordPress Admin
WordPress Admin

WordPress Frontend:

WordPress Site
WordPress Site

WordPress server information (YLD Server Information plugin):

Server Information
Server Information

Configure Maximum Upload Filesize

By default, PHP doesn’t allow uploads above file size of 2MB. To allow larger file uploads through the WordPress web interface, configure the upload_max_filesize setting & post_max_sizin php.ini.

sudo nano /etc/php/7.4/fpm/php.ini

Change the upload size as per your requirement

upload_max_filesize = 256M

Change the upload size as per your requirement.

post_max_size = 256M

Add the client_max_body_size core module in the Nginx server configuration file.

sudo nano /etc/nginx/nginx.conf

The directive can be added to the HTTP block (for all sites), particular server block, or in location context.

I am adding the directive to the HTTP block which sets the value for all sites running on this server.

http {
    ....

    client_max_body_size 256M;

    ....
}

Restart the services.

sudo systemctl restart php7.4-fpm

sudo systemctl restart nginx

Conclusion

That’s All. I hope you have learned how to install WordPress with Nginx on Ubuntu 20.04. Please share your feedback in the comments section.

Prev Post
Next Post
comments powered by Disqus