WordPress, an open source content management system is easy to install and manage. Basically, WordPress is a great CMS for creating, modifying, publishing, and managing a blog or a website with minimum coding knowledge.
Here at LinuxAPT, as part of our Server Management Services, we regularly help our Customers to perform related WordPress queries.
In this context, we shall look into how to install WordPress CMS in Ubuntu 20.04 LTS with NGINX (web server).
If you need to set up WordPress with Apache web server, visit our guide on How to Setup WordPress on Ubuntu Server with Apache.
To begin with this installation task, you must have a user with the sudo privileges for installing WordPress on your machine.
Then, follow the steps below.
1. Install Nginx
The default repositories of Ubuntu contain the Nginx package.
i. You can install it by running this command in the Terminal:
$ sudo apt-get install nginx
ii. Enter sudo password. If prompted with the y/n choice, hit y to continue. After that, it will begin installing Nginx on the system.
iii. Once the installation is finished, start Nginx service as follows:
$ sudo systemctl start nginx
iv. Also, enable the service at boot:
$ sudo systemctl enable nginx
v. Then to confirm if the service is fully functional, run this command:
$ sudo systemctl status nginx
If the service is functional, you will be seeing active (running) in the output.
2. Install MariaDB and PHP
WordPress is a PHP based application, and PHP is required to run it. Since some versions of Ubuntu don't have the latest version of PHP, you can add a third-party PPA repository to install PHP from there.
The command below will add a third-party PPA to Ubuntu:
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:ondrej/php
Then update and upgrade to PHP 7.4
$ sudo apt update
Now install MariaDB and PHP for WordPress to function.
Execute the below command to do so:
$ sudo apt-get install php php-mysql php-fpm php-curl php-gd php-intl php-mbstring php-soap php-xml php-xmlrpc php-zip mariadb-server mariadb-client
When you are prompted with the y/n option, hit y to continue. After that, it will start installing the packages on the system.
i. When the installation is finished, start MariaDB service:
$ sudo systemctl start mariadb
ii. Also, enable the MariaDB service through this command:
$ sudo systemctl enable mariadb
iii. Then to confirm if the service is fully functional, use this command:
$ sudo systemctl status mariadb
If the service is functional, you will be seeing active (running) in the output.
iv. Now start the PHP-FPM service:
$ sudo systemctl start php7.4-fpm
v. Then enable the service at boot:
$ sudo systemctl enable php7.4-fpm
vi. Then to confirm if the service is fully functional, use this command:
$ sudo systemctl status php7.4-fpm
If the service is functional, you will be seeing active (running) status.
vii. Now to secure the MariaDB installation, execute this command:
$ sudo mysql_secure_installation
When prompted, answer the questions below by following the guide:
Enter current password for root (enter for none): Just press the Enter
Set root password? [Y/n]: Y
New password: Enter password
Re-enter new password: Repeat password
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y
You can see from above that for all options and questions, we simply hit y to proceed.
3. Create Database for WordPress
WordPress requires the MySQL database for storing and managing data on the servers.
Here, we will create a MySQL database and then a user for WordPress.
First, log in to MySQL shell using this command:
$ sudo mysql -u root -p
Now from the MySQL shell, run the below command to create a database named "wp_test":
$ CREATE DATABASE wp_test CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
Create a user named "wp_test_user" with the password "wp_pass":
$ CREATE USER 'wp_test_user'@'localhost' IDENTIFIED BY 'wp_pass';
Now give the new user "wp_test_user" access to the database "wp_test":
$ GRANT ALL ON wp_test.* TO 'wp_test_user'@'localhost'
Now execute the below commands for the changes to take effect:
$ FLUSH PRIVILEGES;
Now exit the MySQL shell:
$ EXIT;
4. Download and Install WordPress
Now in this step, we will download and install WordPress.
i. Before downloading WordPress, create a root directory for a WordPress installation.
Execute the below command in Terminal to do so:
$ sudo mkdir -p /var/www/html/wpress
ii. Download WordPress using the below command:
$ wget http://wordpress.org/latest.tar.gz
iii. Extract the downloaded WordPress package:
$ tar xfvz latest.tar.gz
iv. After the archive is extracted, copy the WordPress folder into the /var/www/html/wpress directory:
$ sudo cp -r wordpress/* /var/www/html/wpress
v. Now change the ownership and assign permission to the WordPress root directory.
We are doing this step to avoid errors during installation.
$ sudo chown -R www-data /var/www/html/wpress
$ sudo chmod -R 755 /var/www/html/wpress
After installation, we will revert permissions.
5. Create NGINX Virtual Host for WordPress
i. Create Nginx virtual host file for WordPress.
Run the below command in Terminal to do this:
$ sudo nano /etc/nginx/conf.d/wpress.conf
Copy-paste the below content in the file:
server {
listen 80;
listen [::]:80;
root /var/www/html/wpress; index index.php index.html index.htm;
server_name wpress.conf www.wpress.conf;
error_log /var/log/nginx/wpress.conf_error.log;
access_log /var/log/nginx/wpress.conf_access.log;
client_max_body_size 100M;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
}
ii. Save and close the file.
iii. Then remove the default Nginx server blocks using the command below in the Terminal:
$ sudo rm /etc/nginx/sites-enabled/default
iv. Now check for any errors in the Nginx configuration file using the command below in the Terminal:
$ sudo systemctl config nginx
The output will show that the configuration is correct.
v. Now restart the Nginx server to apply changes.
$ sudo systemctl restart nginx
Now, WordPress is ready to use without SSL. However, if you want to serve web traffic over HTTPS, then installing and configuring Let's Encrypt SSL certificate or other public certificates is a must.
i. To install Let's Encrypt, run the commands below:
$ sudo apt update
$ sudo apt-get install letsencrypt
The commands above will install certbot tool and all dependencies that will be allowed to make the tool function.
Let's Encrypt provides many ways to challenge you to validate that you own the domain you want to provide SSL certificates for. You will not be able to generate certificates if you can't prove that you own the domain you want to secure.
For wildcard certificates, the only challenge method Let's Encrypt accepts is the DNS challenge, which we can invoke via the preferred-challenges=dns flag.
ii. So, to generate a wildcard cert for domain *.example.com, you run the commands below:
$ sudo certbot certonly --manual --preferred-challenges=dns --email admin@example.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d example.com -d *.example.com
The command options above are explained below:
certonly: Obtain or renew a certificate, but do not install
–manual: Obtain certificates interactively
–preferred-challenges=dns: Use dns to authenticate domain ownership
–server: Specify the endpoint to use to generate
–agree-tos: Agree to the ACME server's subscriber terms
-d: Domain name to provide certificates for
After executing the command above, Let's Encrypt will provide a text string to add a text record to your DNS entry.
Example:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: y
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for example.com
-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.
Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o: y
-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:
x5MrZ6y-JqFJQRmq_lGi9ReRQHPa1aTC9J2O7wDKzq9
Before continuing, verify the record is deployed.
iii. Go to your DNS provider portal and add a text record for the string above and save.
After the changes above and Let's encrypt is able to validate that you own the domain, you should see a successful message as below:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/example.com/privkey.pem
Your cert will expire on 2020-01-09. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
The wildcard certificate is now generated and ready to be used.
iv. To verify that the certificate is ready, run the commands below:
$ sudo certbot certificates
That should display similar screen as below:
Found the following certs:
Certificate Name: example.com
Domains: *.example.com
Expiry Date: 2020-01-05 07:48:04+00:00 (VALID: 85 days)
Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
Now, Let's Encrypt's certificates are valid for 90 days. You'll want to setup a crob job to automate the renewal process.
To do that, open crontab and add the entry below:
$ sudo crontab -e
Then add the line below and save.
0 1 * * * /usr/bin/certbot renew >> /var/log/letsencrypt/renew.log
Save and you're done!
With Let's Encrypt installed, reopen Nginx VirtualHost file created above and add Let's Encrypt configurations to secure your website.
Below is where you configure Nginx VirtualHost file for the WordPress site you're creating. This file defines how client requests are handled and processed.
Run the commands below to create a new VirtualHost file called wordpress in the /etc/nginx/sites-available/ directory:
$ sudo nano /etc/nginx/sites-available/wordpress
A very good configuration settings for most WordPress site on Nginx server is below. This configuration should work great.
Copy the content below and save into the file created above.
server {
listen 80;
listen [::]:80;
root /var/www/wordpress;
index index.php index.html index.htm;
server_name example.com www.example.com;
client_max_body_size 100M;
autoindex off;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Save the file and exit.
After saving the file above, run the commands below to enable the new site, then restart Nginx server.
$ sudo ln -s /etc/nginx/sites-available/wordpress /etc/nginx/sites-enabled/
$ sudo systemctl restart nginx.service
Then, Run the commands below open the file:
$ sudo nano /etc/nginx/sites-available/wordpress
Then add the highlighted lines to the VirtualHost file as shown below:
server {
listen 80;
listen [::]:80;
server_name *.example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /var/www/wordpress;
index index.php;
server_name *.example.com;
if ($host != "example.com") {
return 301 https://example.com$request_uri;
}
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS13+AESGCM+AES128:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;
client_max_body_size 100M;
autoindex off;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
After the above, restart Nginx and PHP 7.4-FPM:
$ sudo systemctl reload nginx
$ sudo systemctl reload php7.4-fpm
6. Launch the WordPress Web Installer
i. Now to complete the WordPress installation, open the web browser and point it to your server's IP address.
http://ip-address
ii. By doing so, the installation wizard will appear. Choose the preferred language and then hit Continue.
iii. Enter a title for your WordPress site, then user name, and password which will be used to login to the WordPress site. Also, provide your email address and then click Install WordPress.
iv. Once WordPress is installed, you will be seeing the following view. Click Log In.
You will see the WordPress Admin panel once you're logged in.
v. Now revert the ownership back to root user:
$ sudo chown -R root /var/www/html/wpress
This article covers how to install WordPress on Ubuntu 20.04 with Nginx HTTP Server and Let's Encrypt wildcard SSL Certificates. WordPress is a free, open-source, and most popular content management system that allows you to create a blog on the Internet.
You can install nginx, MariaDB, PHP and all the required PHP extensions with the following command:
$ apt-get install nginx mariadb-server php php-curl php-mysql php-gd php-intl php-mbstring php-soap php-xml php-xmlrpc php-zip php-fpm -y
Once the LEMP server is installed, start the Nginx and MariaDB service with the following command:
$ systemctl start nginx
$ systemctl start mariadb
Nginx's inbuilt features includes: