Setting up WordPress on LEMP for Beginners https://www.wphuman.com/setting-up-wordpress-on-lemp-for-beginners/

adduser-deployer.sh

$ adduser deployer
$ gpasswd -a deployer sudo
$ gpasswd -a deployer www-data
$ sudo usermod -g www-data deployer

chmod.sh

$ cd /src/www/your-domain.com/
$ sudo chown -R deployer *
$ sudo chgrp -R www-data *
$ sudo chmod -R g+rwx /src/www/your-domain.com/

common.conf

port_in_redirect off;
server_tokens off;
autoindex off;
 
add_header X-XSS-Protection "1; mode=block";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
 
client_max_body_size 25m;
client_body_buffer_size 128k;
 
index index.php index.html index.htm;
 
log_not_found off;
access_log off;
 
expires 86400s;
add_header Pragma public;
add_header Cache-Control "max-age=86400, public, must-revalidate, proxy-revalidate";
 
error_page 403 = 404;
 
location / {
    try_files $uri $uri/ /index.php?$args;
}
 
location ~ /(.|wp-config.php|readme.html|licence.txt) {
    return 404;
}
 
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
 
location ~ /favicon.ico {
    log_not_found off;
    access_log off;
}
 
location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}
 
location ~* ^.+.(css|js)$ {
    rewrite ^(.+).(d+).(css|js)$ $1.$3 last;
    expires 24h;
    access_log off;
    log_not_found off;
    add_header Pragma public;
    add_header Cache-Control "public";
}
 
location ~* .(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|odb|odc|odf|odg|odp|ods|odt|ogg|ogv|otf|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|t?gz|tif|tiff|ttf|wav|webm|wma|woff|wri|xla|xls|xlsx|xlt|xlw|zip)$ {
    expires 24h;
    access_log off;
    log_not_found off;
    add_header Pragma public;
    add_header Cache-Control "public";
}
 
location ~ /. {
    deny all;
    access_log off;
    log_not_found off;
}
 
location ~* /(?:uploads|files)/.*.php$ {
    deny all;
}

cp-wp-config.sh

$ cd /src/www/your-domain.com/htdocs/
$ cp wp-config-sample.php wp-config.php
$ sudo nano wp-config.php

date.sh

$ sudo dpkg-reconfigure tzdata
$ date
Mon Dec 15 15:39:46 EST 2014

ln-s.sh

$ cd /etc/nginx/sites-enabled
$ sudo ln -s /etc/nginx/sites-available/your-domain.conf .

mkdir.sh

$ sudo mkdir -p /src/www/your-domain.com/htdocs
$ sudo mkdir /src/www/your-domain.com/logs
$ cd ~
$ wget http://wordpress.org/latest.tar.gz
$ tar xzvf latest.tar.gz
$ cd ~/wordpress
$ sudo cp -r . /src/www/your-domain.com/htdocs/

mysql.sh

$ sudo apt-get install mysql-server
$ sudo mysql_install_db
$ sudo mysql_secure_installation

nginx-t.sh

$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

opcache.txt

opcache.memory_consumption=512
opcache.max_accelerated_files=50000

ssh-copy-id.sh

local $ ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
local $ brew install ssh-copy-id

ssh-keygen.sh

local $ ssh-keygen -f ~/.ssh/deployer_rsa -t rsa -b 4080 -C "deployer@123.123.123.123-$(date +"%d-%B-%Y")"
local $ ssh-copy-id -i ~/.ssh/deployer_rsa.pub deployer@'123.123.123.123'

sshd_config.txt

PermitRootLogin no
ChallengeResponseAuthentication no
PermitEmptyPasswords no
PasswordAuthentication no
AllowUsers deployer

update.sh

$ sudo apt-get update
$ sudo apt-get upgrade -y
$ sudo apt-get dist-upgrade -y

wp-config.php

// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'your-db-name');
 
/** MySQL database username */
define('DB_USER', 'your-db-username');
 
/** MySQL database password */
define('DB_PASSWORD', 'your-db-password');
 
/** MySQL hostname */
define('DB_HOST', 'localhost');

wp-content.sh

$ cd /src/www/your-domain.com/htdocs/wp-content/
$ sudo mkdir uploads
$ sudo chmod 775 -R uploads
$ sudo mkdir cache
$ sudo chmod 775 -R cache
$ sudo mkdir backups
$ sudo chmod 775 -R backups

wp.sql

CREATE DATABASE your-db-name;
CREATE USER your-db-username@localhost;
SET PASSWORD FOR your-db-username@localhost= PASSWORD("your-db-password");
GRANT ALL PRIVILEGES ON your-db-name.* TO your-db-username@localhost IDENTIFIED BY 'your-db-password';
FLUSH PRIVILEGES;
exit

your-domain.conf

server {
    # Configure the domain that will run WordPress
    listen 80;
    listen [::]:80;
    server_name your-domain.com;
 
error_log /src/www/your-domain.com/logs/nginx.error.log;
access_log /src/www/your-domain.com/logs/nginx.access.log;
 
# WordPress needs to be in the webroot of /src/www/your-domain.com/htdocs in this case
root /src/www/your-domain.com/htdocs;
 
 # pass PHP scripts to Fastcgi listening on Unix socket
 # Do not process them if inside WP uploads directory
 # If using Multisite or a custom uploads directory,
 # please set the */uploads/* directory in the regex below
 location ~* (^(?!(?:(?!(php|inc)).)*/uploads/).*?(php)) {
    try_files $uri = 404;
    fastcgi_split_path_info ^(.+.php)(/.+)$;
    fastcgi_pass unix:/var/run/php5-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
    fastcgi_intercept_errors on;
    fastcgi_ignore_client_abort off;
    fastcgi_connect_timeout 60;
    fastcgi_send_timeout 180;
    fastcgi_read_timeout 180;
    fastcgi_buffer_size 128k;
    fastcgi_buffers 4 256k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
}
 
include sites-available/common.conf;
}