Skip to content

Instantly share code, notes, and snippets.

@blaxpot
Last active July 25, 2021 06:53
Show Gist options
  • Save blaxpot/0057781f2f1402b9de24c54fa7f4ae8c to your computer and use it in GitHub Desktop.
Save blaxpot/0057781f2f1402b9de24c54fa7f4ae8c to your computer and use it in GitHub Desktop.
WordPress with LEMP on a Ubuntu VPS
<?php
/**
* The base configuration for WordPress
*
* The wp-config.php creation script uses this file during the installation.
* You don't have to use the web site, you can copy this file to "wp-config.php"
* and fill in the values.
*
* This file contains the following configurations:
*
* * MySQL settings
* * Secret keys
* * Database table prefix
* * ABSPATH
*
* @link https://wordpress.org/support/article/editing-wp-config-php/
*
* @package WordPress
*/
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define( 'DB_NAME', getenv('DB_NAME') );
/** MySQL database username */
define( 'DB_USER', getenv('DB_USER') );
/** MySQL database password */
define( 'DB_PASSWORD', getenv('DB_PASSWORD') );
/** MySQL hostname */
define( 'DB_HOST', getenv('DB_HOST') );
/** Database charset to use in creating database tables. */
define( 'DB_CHARSET', 'utf8' );
/** The database collate type. Don't change this if in doubt. */
define( 'DB_COLLATE', '' );
/**#@+
* Authentication unique keys and salts.
*
* Change these to different unique phrases! You can generate these using
* the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}.
*
* You can change these at any point in time to invalidate all existing cookies.
* This will force all users to have to log in again.
*
* @since 2.6.0
*/
define( 'AUTH_KEY', getenv('AUTH_KEY') );
define( 'SECURE_AUTH_KEY', getenv('SECURE_AUTH_KEY') );
define( 'LOGGED_IN_KEY', getenv('LOGGED_IN_KEY') );
define( 'NONCE_KEY', getenv('NONCE_KEY') );
define( 'AUTH_SALT', getenv('AUTH_SALT') );
define( 'SECURE_AUTH_SALT', getenv('SECURE_AUTH_SALT') );
define( 'LOGGED_IN_SALT', getenv('LOGGED_IN_SALT') );
define( 'NONCE_SALT', getenv('NONCE_SALT') );
/**#@-*/
/**
* WordPress database table prefix.
*
* You can have multiple installations in one database if you give each
* a unique prefix. Only numbers, letters, and underscores please!
*/
$table_prefix = 'wp_';
/**
* For developers: WordPress debugging mode.
*
* Change this to true to enable the display of notices during development.
* It is strongly recommended that plugin and theme developers use WP_DEBUG
* in their development environments.
*
* For information on other constants that can be used for debugging,
* visit the documentation.
*
* @link https://wordpress.org/support/article/debugging-in-wordpress/
*/
define( 'WP_DEBUG', false );
/* Add any custom values between this line and the "stop editing" line. */
/* That's all, stop editing! Happy publishing. */
/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
define( 'ABSPATH', __DIR__ . '/' );
}
/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';

Manual setup of WordPress with LEMP on a Ubuntu VPS with a local DB.

You'll probably want to replace mysite.com with your A record and the change the DB name / user name / password to something else.

Setup Ubuntu VPS

  1. sudo apt update && sudo apt upgrade
  2. sudo apt install nginx mysql-server php-fpm php-mysql php-gd php-curl php-xml php-mbstring php-imagick php-zip
  3. sudo mysql_secure_installation
  4. Create Wordpress DB and MySQL user:
sudo mysql -e 'CREATE DATABASE mysite CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;'
sudo mysql -e "CREATE USER 'mysiteadmin'@'localhost' IDENTIFIED BY 'password';"
sudo mysql -e "GRANT ALL PRIVILEGES ON mysite.* TO 'mysiteadmin'@'localhost';"
sudo mysql -e 'FLUSH PRIVILEGES;'
  1. Fetch the latest version of WordPress and put it in /var/www/:
sudo mkdir -p /var/www/html/mysite.com
cd /var/www/html/mysite.com
sudo wget https://wordpress.org/latest.tar.gz
sudo tar xf latest.tar.gz
sudo chown -R www-data: /var/www/html/mysite.com
  1. Create a wp-config.php file. This process uses a slightly modified one that uses getenv() to fetch secrets passed through NGINX's fastcgi_params, but you can also just copy and edit wp-config-sample.php:
sudo rm /var/www/html/mysite.com/wp-config-sample.php
sudo wget https://gist.githubusercontent.com/blaxpot/0057781f2f1402b9de24c54fa7f4ae8c/raw/22ba49f6415dd8aa8dfdf6da9edbf2e18a750c36/wp-config.php /var/www/html/mysite.com/wp-config.php
  1. Create /etc/nginx/sites-available/mysite.com with contents:
# Redirect HTTP -> HTTPS
server {
  server_name mysite.com;

  listen 80;
  listen [::]:80;

  return 301 https://mysite.com$request_uri;
}

server {
  server_name mysite.com;

  listen 443 ssl http2;
  listen [::]:443 ssl http2 ipv6only=on;

  root /var/www/html/mysite.com;
  index index.php;

  # SSL parameters
  ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
  ssl_trusted_certificate /etc/letsencrypt/live/mysite.com/chain.pem;
  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

  location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
  }

  location / {
    try_files $uri $uri/ /index.php?$args;
  }

  location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php7.4-fpm.sock;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

    # WordPress env - edit these:
    fastcgi_param DB_NAME "";
    fastcgi_param DB_USER "";
    fastcgi_param DB_PASSWORD "";
    fastcgi_param DB_HOST "";
    # These can be generated using the WordPress.org secret-key service https://api.wordpress.org/secret-key/1.1/salt/
    fastcgi_param AUTH_KEY "";
    fastcgi_param SECURE_AUTH_KEY "";
    fastcgi_param LOGGED_IN_KEY "";
    fastcgi_param NONCE_KEY "";
    fastcgi_param AUTH_SALT "";
    fastcgi_param SECURE_AUTH_SALT "";
    fastcgi_param LOGGED_IN_SALT "";
    fastcgi_param NONCE_SALT "";
  }

  location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
    expires max;
    log_not_found off;
  }
}
  1. Edit the fastcgi_param statements in the 'Wordpress env' section of the above NGINX config. Use the DB creds you created above for the DB related params. If you're not using getenv() in wp-config.php then you can just delete this section.
  2. Open ports 80 and 443 to the internet (also ensure that your VPS network also allows traffic through from these ports):
sudo iptables -I INPUT 2 -m state --state NEW -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT 2 -m state --state NEW -p tcp --dport 443 -j ACCEPT
sudo netfilter-persistent save
  1. Go and get a Let's Encrypt SSL certificate. It should end up in /etc/letsencrypt/live/mysite.com/. Edit the above NGINX config. file if not.
  2. sudo ln -s /etc/nginx/sites-available/mysite.com /etc/nginx/sites-enabled/
  3. sudo nginx -t && sudo systemctl restart nginx
  4. Browse to https://mysite.com and complete the WordPress setup process.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment