How to Install WordPress with Nginx on Ubuntu with SSL?

Don't Forget to Share

WordPress is the most popular CMS worldwide, and people use various methods to host it. In this tutorial, I will tell you how to install WordPress with Nginx on Ubuntu. I have tried many hosting, but trust me, this is the best setup for WordPress. Although there are many web servers available but we will use Nginx. The reason to use Nginx for our setup is that it is incredibly fast. It can handle a lot of traffic without any stability or performance issues if configured correctly. Secondly, it needs a very less amount of resources when compared to others, allowing the server to breathe when your website goes through peak times. Nginx comes pre-installed with FastCGI cache, and FastCGI cache has the capability to skyrocket the performance of your website.

Since SSL is very important, we will install Let’s Encrypt SSL using certbot.

We are using Ubuntu as our Linux Operating System because it’s stable, gets the latest updates quickly, allowing our server to stay updated, and it is beginner-friendly.

So let’s get going

Prerequisite

  • We need a Ubuntu server with the Initial configuration done. Here is my complete tutorial on initial server setup with Ubuntu.
  • A Sudo user having access to the server using SSH

Step 1 – Install and Configure Nginx Web Server on Ubuntu

The first step is to install and configure Nginx on our Ubuntu server. This will display the web pages to the visitors.
We are using Ubuntu, and it uses the apt package manager to install packages. So, the first command will update the repository, and the second will install Nginx.

# sudo apt update
# sudo apt install nginx -y

Step 2 – Updating the firewall

If you have configured the UFW firewall given in our initial server setup, you will have to update the firewall rule as well. To check the current rules of your firewall, execute the command given below.

# sudo ufw app list

The output should be

Output
Available applications:
  Nginx Full
  Nginx HTTP
  Nginx HTTPS
  OpenSSH

Since HTTP uses the 80 protocol, we will have to allow the same in our firewall so that visitors can access our website. Allow it by executing the command below

# sudo ufw allow 'Nginx HTTP'

Now, let’s verify it

# sudo ufw status

output should look like this

Output
Status: active

To            	            	 Action		 From
--                     	    	  ------ 		   ----
OpenSSH                    	ALLOW       Anywhere
Nginx HTTP                 	ALLOW       Anywhere
OpenSSH (v6)               	ALLOW       Anywhere (v6)
Nginx HTTP (v6)            ALLOW       Anywhere (v6)

As you can see Nginx HTTP for both IPv4 and IPv6 has been added.

Step 3 – Installing MySQL Server

Next, we need a database that will hold all the data of our website. So, we will install MariaDB for this, which is highly responsive and works well with a PHP environment.

# sudo apt install mariadb-server -y

Configuring MySQL Server

As the installation completes, let’s configure our database server to make it secure and accessible. Execute the command given below and follow the instructions as shown

# sudo mysql_secure_installation

Follow the steps as shown

Enter current password for root (leave blank if none): {Just hit Enter key here}
Switch to unix_socket authentication? (Y/n):N {Press N and hit Enter}
Change the root password? (Y/n):Y {Press Y and hit Enter to setup root password}
Remove anonymous users? (Y/n):Y {Press Y and hit Enter}
Disallow root login remotely? (Y/n):Y {Press Y and hit Enter}
Remove test database and access to it? (Y/n): Y {Press Y and hit Enter}
Reload privilege tables now? (Y/n): Y {Press Y and hit Enter}

With this, you have configured your database.

Step 4 – Installing PHP 8.4

Now, you have a web server which will serve pages to the visitors and a database which will store data of your website. The next step is to install PHP, which will process the WordPress application. Since Nginx doesn’t have an interpreter, and it needs another interpreter, PHP is the one that will do all the work.
So let’s install PHP. In this tutorial, we will use PHP 8.4, which is the latest version of PHP. PHP-FPM is the module that will communicate with Nginx, and PHP-MYSQL will communicate with the database.

We will first install the required dependencies and then add the ppa:ondrej/php repository

# sudo apt update && sudo apt upgrade -y
# sudo apt install software-properties-common apt-transport-https ca-certificates -y
# sudo add-apt-repository ppa:ondrej/php

Hit the “Enter” key when prompted to confirm adding the repository

Now, let’s install PHP 8.4

# sudo apt install php8.4-fpm php8.4-mysql php8.4-bcmath php8.4-imagick php8.4-curl php8.4-gd php8.4-intl php8.4-mbstring php8.4-soap php8.4-xml php8.4-xmlrpc php8.4-zip -y

Step 5 – Configure Nginx to use the PHP processor

Now, let’s configure Nginx so that it will use the PHP processor to run the WordPress application. For this, we will create an Nginx configuration file under /etc/nginx/sites-available/your_domain

# sudo nano /etc/nginx/sites-available/your_domain

Copy and paste the code given below in this editor and make the required changes

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    server_name your_domain www.your_domain;
    root /var/www/html/your_domain;

    index index.html index.htm index.php;

    location / {
	try_files $uri $uri/ /index.php$is_args$args;
    }
    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt { log_not_found off; access_log off; allow all; }
    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
        expires max;
        log_not_found off;
    }
    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.4-fpm.sock;
     }

    location ~ /\.ht {
        deny all;
    }

}
Note:- Make sure to change “your_domain” to your real domain name

Press “ctrl+x”,”y” hit the “Enter” key to save the file

Next, we will have to activate the Nginx configuration that we have created.

# sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled/
Note: Make sure to change “your_domain” to your real domain name

Now, unlink the default file that is available in /etc/nginx/sites-enabled/default

# sudo unlink /etc/nginx/sites-enabled/default

Now let’s check if our Nginx configuration file has any errors

# sudo nginx -t

If it is successful, let’s restart the nginx service for the changes to take effect.

# sudo systemctl reload nginx

Step 6 – Creating a database and a user

Now, we will create a database, a database user, and grant privileges so that it will make updates to the database

# sudo mysql -u root -p

When prompted, enter the root’s password that you have created in step 3 above.

mysql>CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
mysql>CREATE USER 'wordpressuser'@'localhost' IDENTIFIED BY 'password';
mysql>GRANT ALL ON wordpress.* TO 'wordpressuser'@'localhost';
mysql>exit;
Note: you can change “wordpress” (database name), wordpressuser” (database user) and “password” (database user password) as per your need

Make sure to save these info somewhere, as we will need this later.

Step 7 – Creating a directory and downloading WordPress

Our Nginx. PHP and the database are ready. Now we will download WordPress and create a directory where the WordPress files will be saved.

# cd /var/www/html/
# sudo curl -LO https://wordpress.org/latest.tar.gz
# sudo tar -xzvf latest.tar.gz
# sudo mv wordpress/ your_domain
Note:- change “your_domain” to your real domain name

Now let’s copy wp-config-sample.php to wp-config.php

# sudo cd /var/www/html/your_domain
# sudo cp wp-config-sample.php wp-config.php

Let’s assign rights to the Nginx user to access our WordPress folder

# sudo chown -R www-data:www-data /var/www/html/your_domain

Step 8 – Configure the wp-config.php file

The next step is to configure the wp-config.php file to use our database

# sudo nano /var/www/html/your_domain/wp-config.php

Click here to generate WP salts. Scroll down and

Remove

define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY',  'put your unique phrase here');
define('LOGGED_IN_KEY',    'put your unique phrase here');
define('NONCE_KEY',        'put your unique phrase here');
define('AUTH_SALT',        'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT',   'put your unique phrase here');
define('NONCE_SALT',       'put your unique phrase here');

and paste the wp salts that you have generated above. It should look like this

define('AUTH_KEY', '1jl/vqfs<XhdXoAPz9 DO NOT COPY THESE VALUES c_j{iwqD^<+c9.k<J@4H');
define('SECURE_AUTH_KEY',  'E2N-h2]Dcvp+aS/p7X DO NOT COPY THESE VALUES {Ka(f;rv?Pxf})CgLi-3');
define('LOGGED_IN_KEY',    'W(50,{W^,OPB%PB<JF DO NOT COPY THESE VALUES 2;y&,2m%3]R6DUth[;88');
define('NONCE_KEY',        'll,4UC)7ua+8<!4VM+ DO NOT COPY THESE VALUES #`DXF+[$atzM7 o^-C7g');
define('AUTH_SALT',        'koMrurzOA+|L_lG}kf DO NOT COPY THESE VALUES  07VC*Lj*lD&?3w!BT#-');
define('SECURE_AUTH_SALT', 'p32*p,]z%LZ+pAu:VY DO NOT COPY THESE VALUES C-?y+K0DK_+F|0h{!_xY');
define('LOGGED_IN_SALT',   'i^/G2W7!-1H2OQ+t$3 DO NOT COPY THESE VALUES t6**bRVFSD[Hi])-qS`|');
define('NONCE_SALT',       'Q6]U:K?j4L%Z]}h^q7 DO NOT COPY THESE VALUES 1% ^qUswWgn+6&xqHN&%');

Now, scroll above and enter the database details that you have saved while creating the database in step 5

define( 'DB_NAME', 'wordpress' );

/** MySQL database username */
define( 'DB_USER', 'wordpressuser' );

/** MySQL database password */
define( 'DB_PASSWORD', 'password' );

. . .

define( 'FS_METHOD', 'direct' );

Now, let’s restart all the services

# sudo systemctl restart nginx php8.4-fpm mysql

Step – 9 Install Let’s Encrypt SSL

The first step while installing SSL is to install certbot. Certbot is a tool that will help us configure our SSL and will also renew the SSL certificates in the future, so you won’t have to do it manually.

# sudo snap install core; sudo snap refresh core
# sudo apt remove certbot
# sudo snap install --classic certbot
# sudo ln -s /snap/bin/certbot /usr/bin/certbot

Let’s update the firewall

Now, since we will install SSL and all the traffic will be on HTTPS, we will have to update the firewall rule as well

# sudo ufw allow 'Nginx Full'
# sudo ufw delete allow 'Nginx HTTP'

Let’s check and verify our firewall rules. Make sure that it looks like this

Output
Status: active

To                         		Action      From
--                         		------         ----
OpenSSH                  	ALLOW       Anywhere
Nginx Full                 	ALLOW       Anywhere
OpenSSH (v6)               	ALLOW       Anywhere (v6)
Nginx Full (v6)            	ALLOW       Anywhere (v6)

Step 10 – Install SSL certificate from Let’s Encrypt

The last and final stage is to obtain an SSL certificate from Let’s Encrypt

# sudo certbot --nginx -d example.com -d www.example.com
Note:- change “example” to your real domain name

When prompted, enter your email ID and agree to the terms and conditions but entering “y” and wait for a couple of minutes.

Let’s verify the certbot status

# sudo systemctl status snap.certbot.renew.service

Let’s test to renew the certificates

# sudo certbot renew –dry-run

Conclusion

With this, we have installed WordPress with Nginx on Ubuntu. If you face any issues, just write them down in the comments.

Tags
Don't Forget to Share
Sourabh Verma
Sourabh Verma

Hi, I am Sourabh. With over 12 years of experience in Linux, Windows, servers, databases and other I.T related areas, I make sure to publish easy and well tested tutorials and opinions. I hope you like my work. Thanks

Leave a Reply

Your email address will not be published. Required fields are marked *