Manual setup of WordPress with LEMP on a Ubuntu VPS with a local DB.
You'll probably want to replace mysite.com
with your A record and the change the DB name / user name / password to something else.
sudo apt update && sudo apt upgrade
sudo apt install nginx mysql-server php-fpm php-mysql php-gd php-curl php-xml php-mbstring php-imagick php-zip
sudo mysql_secure_installation
- Create Wordpress DB and MySQL user:
sudo mysql -e 'CREATE DATABASE mysite CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;'
sudo mysql -e "CREATE USER 'mysiteadmin'@'localhost' IDENTIFIED BY 'password';"
sudo mysql -e "GRANT ALL PRIVILEGES ON mysite.* TO 'mysiteadmin'@'localhost';"
sudo mysql -e 'FLUSH PRIVILEGES;'
- Fetch the latest version of WordPress and put it in
/var/www/
:
sudo mkdir -p /var/www/html/mysite.com
cd /var/www/html/mysite.com
sudo wget https://wordpress.org/latest.tar.gz
sudo tar xf latest.tar.gz
sudo chown -R www-data: /var/www/html/mysite.com
- Create a
wp-config.php
file. This process uses a slightly modified one that usesgetenv()
to fetch secrets passed through NGINX'sfastcgi_param
s, but you can also just copy and editwp-config-sample.php
:
sudo rm /var/www/html/mysite.com/wp-config-sample.php
sudo wget https://gist.githubusercontent.com/blaxpot/0057781f2f1402b9de24c54fa7f4ae8c/raw/22ba49f6415dd8aa8dfdf6da9edbf2e18a750c36/wp-config.php /var/www/html/mysite.com/wp-config.php
- Create
/etc/nginx/sites-available/mysite.com
with contents:
# Redirect HTTP -> HTTPS
server {
server_name mysite.com;
listen 80;
listen [::]:80;
return 301 https://mysite.com$request_uri;
}
server {
server_name mysite.com;
listen 443 ssl http2;
listen [::]:443 ssl http2 ipv6only=on;
root /var/www/html/mysite.com;
index index.php;
# SSL parameters
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/mysite.com/chain.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# WordPress env - edit these:
fastcgi_param DB_NAME "";
fastcgi_param DB_USER "";
fastcgi_param DB_PASSWORD "";
fastcgi_param DB_HOST "";
# These can be generated using the WordPress.org secret-key service https://api.wordpress.org/secret-key/1.1/salt/
fastcgi_param AUTH_KEY "";
fastcgi_param SECURE_AUTH_KEY "";
fastcgi_param LOGGED_IN_KEY "";
fastcgi_param NONCE_KEY "";
fastcgi_param AUTH_SALT "";
fastcgi_param SECURE_AUTH_SALT "";
fastcgi_param LOGGED_IN_SALT "";
fastcgi_param NONCE_SALT "";
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
expires max;
log_not_found off;
}
}
- Edit the
fastcgi_param
statements in the 'Wordpress env' section of the above NGINX config. Use the DB creds you created above for the DB related params. If you're not usinggetenv()
inwp-config.php
then you can just delete this section. - Open ports 80 and 443 to the internet (also ensure that your VPS network also allows traffic through from these ports):
sudo iptables -I INPUT 2 -m state --state NEW -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT 2 -m state --state NEW -p tcp --dport 443 -j ACCEPT
sudo netfilter-persistent save
- Go and get a Let's Encrypt SSL certificate. It should end up in
/etc/letsencrypt/live/mysite.com/
. Edit the above NGINX config. file if not. sudo ln -s /etc/nginx/sites-available/mysite.com /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl restart nginx
- Browse to https://mysite.com and complete the WordPress setup process.