Wordpress with nginx

Gini Gini Follow · 8 mins read
Share this

1. Install LEMP stack on Debian 10

(Linux, Nginx, MariaDB, PHP)

1.1. Set Up a Firewall with UFW on Debian


1.1.1. Install firewall - ufw

sudo apt install ufw

1.1.2. Configure Firewall policy

sudo ufw default deny incoming
sudo ufw default allow outgoing

# allow ssh, http, https
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https

1.1.3. Enable ufw and check status

sudo ufw enable
sudo ufw status

Resetting or Disabe ufw

sudo ufw disable
# Any rules that you created with UFW will no longer be active. You can always run sudo ufw enable if you need to activate it later.

sudo ufw reset
# This will disable UFW and delete any rules that were previously defined. 

1.2. Install nginx


sudo apt update
sudo apt install nginx

1.3. Installing MariaDB

sudo apt install mariadb-server

When the installation is finished, it’s recommended that you run a security script that comes pre-installed with MariaDB. This script will remove some insecure default settings and lock down access to your database system. Start the interactive script by running:

sudo mysql_secure_installation

And set root password.


Login to mariadb

$ sudo mariadb
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 61
Server version: 10.3.18-MariaDB-0+deb10u1 Debian 10

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> 

Sample tests:

# create database
MariaDB [(none)]> CREATE DATABASE example_database;

# create new user and grant access
MariaDB [(none)]> GRANT ALL ON example_database.* TO 'example_user'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;

# Flush the privileges to ensure that they are saved and available in the current session:
MariaDB [(none)]> exit;

1.4. Installing PHP

sudo apt install php-fpm php-mysql

1.5. Configuring Nginx to Use the PHP Processor

1.5.1. Create your project directory

sudo mkdir /var/www/your_domain

Assign ownership of the directory with the $USER environment variable, which should reference your current system user:

sudo chown -R $USER:$USER /var/www/wp-test

1.5.2. Create a configuration for your domain

sudo nano /etc/nginx/sites-available/wp-test

# Sample Content
server {
    listen 80;
    listen [::]:80;

    root /var/www/wp-test;
    index index.php index.html index.htm;

    server_name dev.yourdomain.com;

    location / {
        try_files $uri $uri/ =404;

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;

1.5.3. Activate new configuration

sudo ln -s /etc/nginx/sites-available/wp-test /etc/nginx/sites-enabled/

1.5.4. Test config and reload nginx

# test configuration
sudo nginx -t

# reload nginx
sudo systemctl reload nginx

1.5.5. Create Test php file

$ cat /var/www/wp-test/info.php

1.6. Secure Nginx with Let’s Encrypt on Debian 9


1.6.1. Installing Certbot

To add the backports repository, first open /etc/apt/sources.list and add below lines.

deb http://deb.debian.org/debian stretch-backports main contrib non-free
deb-src http://deb.debian.org/debian stretch-backports main contrib non-free


sudo apt update

Install Certbot’s Nginx package with apt:

sudo apt install python-certbot-nginx -t stretch-backports

1.6.2. Confirming Nginx’s Configuration

Make sure your server block configuration contains correct server_name value for your domain.

$ sudo cat /etc/nginx/sites-available/wp-test |grep server_name 
    server_name dev.yourdomain.com;

1.6.3. Verify and reload nginx config

sudo nginx -t
sudo systemctl reload nginx

Certbot can now find the correct server block and update it.

1.6.4. Obtaining an SSL Certificate

sudo certbot --nginx -d dev.yourdomain.com -d mail.dev.yourdomain.com

It will ask for email address for notifications; also auto-redirect to https

1.6.5. Verifying Certbot Auto-Renewal

Test the renewal process, you can do a dry run with certbot:

sudo certbot renew --dry-run

2. Configure Wordpress on LEMP Stack


2.1. Create Database and User

sudo mariadb -u root -p
GRANT ALL ON wordpress.* TO 'wordpress_user'@'localhost' IDENTIFIED BY 'password';

2.2. Installing Additional PHP Extensions

sudo apt update
sudo apt install php-curl php-gd php-intl php-mbstring php-soap php-xml php-xmlrpc php-zip

Restart php-fpm process

sudo systemctl restart php7.3-fpm.service

2.3. Configuring Nginx

Please ntoes, if you have enabled SSL (using Certbot) there will be two server blocks in your nginx configuration. Find the one with root /var/www/your_domain and add some entries as below.

server {
    . . .

    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt { log_not_found off; access_log off; allow all; }
    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
        expires max;
        log_not_found off;
    . . .

Also adjust try_files

    . . .
    location / {
        #try_files $uri $uri/ =404;
        try_files $uri $uri/ /index.php$is_args$args;
    . . .

2.4. Downloading WordPress

cd /tmp
curl -LO https://wordpress.org/latest.tar.gz

# extract
tar xzvf latest.tar.gz

# copy sample wp-config.php
cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php

# copy content to our domain location
sudo cp -a /tmp/wordpress/. /var/www/wp-test

# adjust permission
sudo chown -R www-data:www-data /var/www/wp-test

2.5. Setting up the WordPress Configuration File

Generate secret keys and use it inside the config.

curl -s https://api.wordpress.org/secret-key/1.1/salt/

Copy the content inside wp-config.php where you can find same entries with dummy values.

Adjust database values

Configure db entries as we generated in firt steps.

. . .

define('DB_NAME', 'wordpress');

/** MySQL database username */
define('DB_USER', 'wordpress_user');

/** MySQL database password */
define('DB_PASSWORD', 'password');

. . .

define('FS_METHOD', 'direct');

2.6. Access the site and finish wordpress setup

Access the url over browser and complete wordpress configuration.

3. Migrating or Moving a Wordpress sire

Now we login to old server and export our database and website files (media, scripts, plugins etc)

3.1. Export Database

### from old server
$ mysqldump -u root -p old_databse |gzip > old_databse_20190104.gz

3.2. Backup website files in zip file

Let’s gzip all web folder into a single file for easy transfer.

$ cd /var/www/
$ tar -cv html | gzip > mywpsite.tar.gz

3.3. Copy databse and website backup to new server

scp user@old_server:/home/user/old_databse_20190104.gz .
scp user@old_server:/home/user/mywpsite.tar.gz .

3.4. Restore database on new server

### on new server
gunzip < old_databse_20190104.gz  | mysql -u root -pMyPasswd wordpress101

3.5. Restore website files

### on new server
gunzip mywpsite.tar.gz
tar -xvf mywpsite.tar -C /web/pe/

Where -C is to point the destination directory.

3.6. Update and Verify your wp-config.php

Check your database name, username and password are properly configured.

4. Troubleshooting

4.1. How to fix 404 not found nginx problem?

Change the line in the location block to:

try_files $uri $uri/ /index.php?q=$uri&$args;

and reload nginx

sudo systemctl reload nginx

5. Appendix:

bitnami deployment https://docs.bitnami.com/google/apps/wordpress-pro/configuration/create-vhost-nginx/

Written by Gini Follow
Backpacker, Foodie, Techie

Latest Stories

How to attend Red Hat Remote Exam ? Every details you need to know

In August 2020, Red Hat announced the availability of Remote exams for students and the entire Learning community were so happy, yes we can attend Red Hat exams from our home or offic...

In redhat, Nov 09, 2020
How to Import Existing VMWare VM’s into Terraform

Terraform is an amazing tool for your infrastructure automation. Everything about your infrastructure can be write as code and maintain by team; means your infrastructure is transpare...

In terraform, Nov 04, 2020
Connecting Ansible Tower to Git Server with Self Signed Certificates

So many questioned me when I mention git server in an Ansible Tower environment; and later I realized that, most of them are keeping their projects inside Ansible Tower !!!

In Ansible, Oct 12, 2020
HashiCorp Certified Terraform Associate – Learning & Exam Tips

I started using Terraform somewhere in 2018, but very limited usage as I thought it is just another tool for provisioning infrastructure and other services – or a variant of Vagrant; ...

In terraform, Sep 18, 2020
How to Pass CKA & CKAD Exams ? 10 Tips for Kubernetes Exams

Here see the best tips for Kubernetes Exams - Certified Kubernetes Administrator (CKA) & Certified Kubernetes Application Developer (CKAD).

In kubernetes, Aug 15, 2020