Wordpress with nginx

  1. 1. Wordpress with nginx
  2. 2. Install LEMP stack on Debian 10
  3. 2.1. Set Up a Firewall with UFW on Debian 1. 2.1.1. Install firewall - ufw 2. 2.1.2. Configure Firewall policy 3. 2.1.3. Enable ufw and check status
  4. 2.2. Install nginx
  5. 2.3. Installing MariaDB
  6. 2.4. Installing PHP
  7. 2.5. Configuring Nginx to Use the PHP Processor 1. 2.5.1. Create your project directory 2. 2.5.2. Create a configuration for your domain 3. 2.5.3. Activate new configuration 4. 2.5.4. Test config and reload nginx 5. 2.5.5. Create Test php file
  8. 2.6. Secure Nginx with Let’s Encrypt on Debian 9 1. 2.6.1. Installing Certbot 2. 2.6.2. Confirming Nginx’s Configuration 3. 2.6.3. Verify and reload nginx config 4. 2.6.4. Obtaining an SSL Certificate 5. 2.6.5. Verifying Certbot Auto-Renewal
  9. 3. Configure Wordpress on LEMP Stack
  10. 3.1. Create Database and User
  11. 3.2. Installing Additional PHP Extensions
  12. 3.3. Configuring Nginx
  13. 3.4. Downloading WordPress
  14. 3.5. Setting up the WordPress Configuration File
  15. 3.6. Access the site and finish wordpress setup
  16. Migrating or Moving a Wordpress sire
  17. Export Database
  18. Backup website files in zip file
  19. Copy databse and website backup to new server
  20. Restore database on new server
  21. Restore website files
  22. Update and Verify your wp-config.php
  23. 4. Appendix:

2. Install LEMP stack on Debian 10

(Linux, Nginx, MariaDB, PHP)

2.1. Set Up a Firewall with UFW on Debian

Reference

2.1.1. Install firewall - ufw

1
sudo apt install ufw

2.1.2. Configure Firewall policy

1
2
3
4
5
6
7
sudo ufw default deny incoming
sudo ufw default allow outgoing

# allow ssh, http, https
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https

2.1.3. Enable ufw and check status

1
2
sudo ufw enable
sudo ufw status

Resetting or Disabe ufw

1
2
3
4
5
sudo ufw disable
# Any rules that you created with UFW will no longer be active. You can always run sudo ufw enable if you need to activate it later.

sudo ufw reset
# This will disable UFW and delete any rules that were previously defined. 

2.2. Install nginx

Reference

1
2
sudo apt update
sudo apt install nginx

2.3. Installing MariaDB

1
sudo apt install mariadb-server

When the installation is finished, it’s recommended that you run a security script that comes pre-installed with MariaDB. This script will remove some insecure default settings and lock down access to your database system. Start the interactive script by running:

1
sudo mysql_secure_installation

And set root password.

1
2
ALTER USER 'root'@'localhost' IDENTIFIED BY 'MY_NEW_PASSWORD';
FLUSH PRIVILEGES;

Login to mariadb

1
2
3
4
5
6
7
8
9
10
$ sudo mariadb
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 61
Server version: 10.3.18-MariaDB-0+deb10u1 Debian 10

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> 

Sample tests:

1
2
3
4
5
6
7
8
9
# create database
MariaDB [(none)]> CREATE DATABASE example_database;

# create new user and grant access
MariaDB [(none)]> GRANT ALL ON example_database.* TO 'example_user'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;

# Flush the privileges to ensure that they are saved and available in the current session:
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> exit;

2.4. Installing PHP

1
sudo apt install php-fpm php-mysql

2.5. Configuring Nginx to Use the PHP Processor

2.5.1. Create your project directory

1
sudo mkdir /var/www/your_domain

Assign ownership of the directory with the $USER environment variable, which should reference your current system user:

1
sudo chown -R $USER:$USER /var/www/wp-test

2.5.2. Create a configuration for your domain

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
sudo nano /etc/nginx/sites-available/wp-test

# Sample Content
server {
    listen 80;
    listen [::]:80;

    root /var/www/wp-test;
    index index.php index.html index.htm;

    server_name dev.yourdomain.com;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
    }
}

2.5.3. Activate new configuration

1
sudo ln -s /etc/nginx/sites-available/wp-test /etc/nginx/sites-enabled/

2.5.4. Test config and reload nginx

1
2
3
4
5
# test configuration
sudo nginx -t

# reload nginx
sudo systemctl reload nginx

2.5.5. Create Test php file

1
2
3
$ cat /var/www/wp-test/info.php
<?php
phpinfo();

2.6. Secure Nginx with Let’s Encrypt on Debian 9

Reference

2.6.1. Installing Certbot

To add the backports repository, first open /etc/apt/sources.list and add below lines.

1
2
deb http://deb.debian.org/debian stretch-backports main contrib non-free
deb-src http://deb.debian.org/debian stretch-backports main contrib non-free

Then,

1
sudo apt update

Install Certbot’s Nginx package with apt:

1
sudo apt install python-certbot-nginx -t stretch-backports

2.6.2. Confirming Nginx’s Configuration

Make sure your server block configuration contains correct server_name value for your domain.

1
2
$ sudo cat /etc/nginx/sites-available/wp-test |grep server_name 
    server_name dev.yourdomain.com;

2.6.3. Verify and reload nginx config

1
2
sudo nginx -t
sudo systemctl reload nginx

Certbot can now find the correct server block and update it.

2.6.4. Obtaining an SSL Certificate

1
sudo certbot --nginx -d dev.yourdomain.com -d mail.dev.yourdomain.com

It will ask for email address for notifications; also auto-redirect to https

2.6.5. Verifying Certbot Auto-Renewal

Test the renewal process, you can do a dry run with certbot:

1
sudo certbot renew --dry-run

3. Configure Wordpress on LEMP Stack

Reference

3.1. Create Database and User

1
2
3
4
5
sudo mariadb -u root -p
CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
GRANT ALL ON wordpress.* TO 'wordpress_user'@'localhost' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
exit;

3.2. Installing Additional PHP Extensions

1
2
sudo apt update
sudo apt install php-curl php-gd php-intl php-mbstring php-soap php-xml php-xmlrpc php-zip

Restart php-fpm process

1
sudo systemctl restart php7.3-fpm.service

3.3. Configuring Nginx

Please ntoes, if you have enabled SSL (using Certbot) there will be two server blocks in your nginx configuration. Find the one with root /var/www/your_domain and add some entries as below.

1
2
3
4
5
6
7
8
9
10
11
server {
    . . .

    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt { log_not_found off; access_log off; allow all; }
    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
        expires max;
        log_not_found off;
    }
    . . .
}

Also adjust try_files

1
2
3
4
5
6
    . . .
    location / {
        #try_files $uri $uri/ =404;
        try_files $uri $uri/ /index.php$is_args$args;
    }
    . . .

3.4. Downloading WordPress

1
2
3
4
5
6
7
8
9
10
11
12
13
14
cd /tmp
curl -LO https://wordpress.org/latest.tar.gz

# extract
tar xzvf latest.tar.gz

# copy sample wp-config.php
cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php

# copy content to our domain location
sudo cp -a /tmp/wordpress/. /var/www/wp-test

# adjust permission
sudo chown -R www-data:www-data /var/www/wp-test

3.5. Setting up the WordPress Configuration File

Generate secret keys and use it inside the config.

1
curl -s https://api.wordpress.org/secret-key/1.1/salt/

Copy the content inside wp-config.php where you can find same entries with dummy values.

Adjust database values

Configure db entries as we generated in firt steps.

1
2
3
4
5
6
7
8
9
10
11
12
13
. . .

define('DB_NAME', 'wordpress');

/** MySQL database username */
define('DB_USER', 'wordpress_user');

/** MySQL database password */
define('DB_PASSWORD', 'password');

. . .

define('FS_METHOD', 'direct');

3.6. Access the site and finish wordpress setup

Access the url over browser and complete wordpress configuration.

Migrating or Moving a Wordpress sire

Now we login to old server and export our database and website files (media, scripts, plugins etc)

Export Database

1
2
### from old server
$ mysqldump -u root -p old_databse |gzip > old_databse_20190104.gz

Backup website files in zip file

Let’s gzip all web folder into a single file for easy transfer.

1
2
$ cd /var/www/
$ tar -cv html | gzip > mywpsite.tar.gz

Copy databse and website backup to new server

1
2
scp user@old_server:/home/user/old_databse_20190104.gz .
scp user@old_server:/home/user/mywpsite.tar.gz .

Restore database on new server

1
2
3
### on new server
gunzip < old_databse_20190104.gz  | mysql -u root -pMyPasswd wordpress101

Restore website files

1
2
3
### on new server
gunzip mywpsite.tar.gz
tar -xvf mywpsite.tar -C /web/pe/

Where -C is to point the destination directory.

Update and Verify your wp-config.php

Check your database name, username and password are properly configured.

4. Appendix:

bitnami deployment https://docs.bitnami.com/google/apps/wordpress-pro/configuration/create-vhost-nginx/

comments powered by Disqus