Skip to content

Instantly share code, notes, and snippets.

Show Gist options
  • Save aksiksi/3b7421dba6258a94984ccb09219adf11 to your computer and use it in GitHub Desktop.
Save aksiksi/3b7421dba6258a94984ccb09219adf11 to your computer and use it in GitHub Desktop.
Setup Nginx and LetsEncrypt for Wordpress (Debian)

Prerequisites

Install

# Nginx
sudo apt install nginx

# PHP
sudo apt install php7.3 php7.3-fpm

# Certbot
sudo apt install certbot python3-certbot-nginx

Verify

# Make sure Nginx is running
sudo systemctl start nginx

# Make sure php-fpm is running
sudo systemctl status php7.3-fpm

Configuration

Nginx

This assumes that your Wordpress site is located here: /var/www/example.com/.

Create /etc/nginx/sites-available/example.com:

# Upstream to abstract backend connection(s) for php
upstream php {
        server unix:/run/php/php7.3-fpm.sock;
}

server {
        server_name example.com;
        root /var/www/example.com;
        index index.php;

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }

        location / {
                # This is cool because no php is touched for static content.
                # include the "?$args" part so non-default permalinks doesn't break when using query string
                try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
                include fastcgi_params;
                fastcgi_intercept_errors on;
                fastcgi_pass php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        }

        location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                expires max;
                log_not_found off;
        }
}

PHP

Add (or modify) the following config variables in: /etc/php/7.3/fpm/php.ini

# Important for large image uploads
post_max_size = 64M
upload_max_filesize = 64M

# Required by Nginx
cgi.fix_pathinfo=0

Certbot/LetsEncrypt

  1. Create certificates:
sudo certbot --nginx -d example.com -d www.example.com
  1. Add renewal to your crontab:
# crontab -e
0 12 * * * /usr/bin/certbot renew --quiet

Optional

Enable Swap

If running on a memory-constrained VPS with an SSD, it might be a good idea to setup some swap. This way, Nginx and MySQL will be less likely to crash due to OOM at higher load.

Guide: https://linuxize.com/post/how-to-add-swap-space-on-debian-10/

Nginx Wordpress Performance Tips

https://www.nginx.com/blog/9-tips-for-improving-wordpress-performance-with-nginx/#cache-static

Enable the Site

Symlink the Nginx site config to sites-enabled to enable the site:

sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/example.com

References

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment