Set up WordPress Site with Nginx on Ubuntu

WordPress is the most popular CMS (content management system) on the planet, it powers more than 40% of the web. It is a free and open source software that allows anyone to easily set up blogs and websites on top of a MySQL or MariaDB …

WordPress is the most popular CMS (content management system) on the planet, it powers more than 40% of the web.

It is a free and open source software that allows anyone to easily set up blogs and websites on top of a MySQL or MariaDB backend with PHP processing.

WordPress has seen incredible adoption, and is used by the likes of TechCrunch, Facebook, Vogue, and other big brands. After the initial setup, almost all administration can be done through the web frontend.

This tutorial will be focussing on setting up a WordPress instance on a LEMP stack (Linux, Nginx, MySQL, and PHP) on an Ubuntu server.

I’ve used Microsoft Azure as an example, the steps will be the same for any other cloud provider be it DigitalOcean, Linode, AWS, etc.

Creating a Virtual Machine

This is the first step, and it will vary from cloud provider to provider, all you need to do it to create a virtual machine instance.

A basic VM with 1vCPU and 1 GiB RAM running Ubuntu 20.04 would suffice for most use cases, pick the server location that’s closest to you or the website viewers.

Updating the DNS Entry

Note down the IP address of the virtual machine, and go to your domain registrar and update the A records as shown below:

Update DNS Records

Configuring the Virtual Machine

Now, you can go ahead and start configuring the virtual machine.

Step 1: SSH into the Virtual Machine

Open the terminal on your device, and run this command:

ssh root@1.2.3.4

Use the username you selected when creating the virtual machine instead of root (if applicable), and replace the 1.2.3.4 with the IP address of your VM.

You’ll be prompted with “The authenticity of host…”, just type yes, and then enter your password.

Step 2: Prerequisites

Before you go ahead and install something or start configuring your VM, here are a few things, I recommend you to perform:

# Update packages
sudo apt update && apt upgrade

# Configure automatic updates
sudo dpkg-reconfigure --priority=low unattended-upgrades

# Test automatic updates
sudo unattended-upgrades --dry-run --debug

With all of that out of the way, let’s get into the good stuff.

Step 3: Creating a “sudo” user

If your cloud provider didn’t ask you to choose a username for your VM while creating it, you are given root access to your server.

It is recommended to not use the “root” user, which has unlimited privileges and can execute any command, even ones that could accidentally disrupt your server.

That’s why it’s recommended to use a limited user on a server, and temporarily elevating your limited user’s privileges using sudo for day-to-day administration tasks.

Most of the cloud providers, like Azure, don’t provide root access, instead gives you the option to create sudo user, anyway, here’s how you can create a sudo user and lock down the root user:

# Create a New user
adduser username

# Add user to the "sudo" group
usermod -aG sudo username

# Check user's group
groups username

# Switching users
su - username
su - root

Now that you have created and a limited user and added it to the sudo group, let’s lock down the root user, to prevent ssh access via root:

# Disable root login (password & key) via SSH
sudo nano /etc/ssh/sshd_config
PermitRootLogin no

# Allow user login (password & key) via SSH
sudo nano /etc/ssh/sshd_config
AllowUsers username

# Disable password-based login via SSH for all users [optional]
sudo nano /etc/ssh/sshd_config
PasswordAuthentication no

Open up the sshd_config and scroll down to the PermitRootLogin option, and replace yes with no, additionally, add AllowUsers username, and then save it by Ctrl+O and exit by Ctrl+X as shown below:

Disable Root Login via SSH

Step 4: Configuring SSH Keys

Using SSH keys instead of passwords provides you with better security, as SSH keys are long and complex, far more than any password could be.

It is generally recommended to use SSH keys over passwords, but, it is totally optional, though, I recommend you use SSH keys instead of passwords, here’s how to do just that:

First, you need to create SSH key pair, to do that open a new terminal window and follow these commands:

# Create SSH keys
ssh-keygen

You’ll be asked to enter the file name for your SSH key, additionally, you can also choose a password for your SSH key.

You can check your SSH keys by using this command:

# Check SSH keys
ls -l ~/.ssh

There’ll be two keys, public and private, the one with “.pub” extension is your public key, never share the other one as that’s the private key.

Now, you need to add the public SSH key to your server, here’s how you can do just that:

# Copy Public key to the server
ssh-copy-id -i ~/.ssh/yourkeyname.pub username@1.2.3.4

Once that’s done, you can log in to your server via SSH by just switching to the SSH key on your device using this command:

# Switch SSH keys on your device
ssh-add yourkeyname

# Log in to server using SSH keys
ssh ssh username@1.2.3.4

Now, your server is ready to install WordPress.

Step 5: Installing EasyEngine

EasyEngine is a free and open source automation script by rtCamp, that allows you to create WordPress sites with simple commands.

You don’t have to worry about setting up individual components like Nginx, MySQL, PHP, etc., everything is taken care by EasyEngine.

The latest version of EasyEngine uses Docker, but you don’t really need to know about docker, EasyEngine is production-ready and is loved by developers and freelancers alike.

# Install EasyEngine on the server
wget -qO ee rt.cx/ee4 && sudo bash ee

It will take a few minutes to install all the necessary softwares and configure them, once done, you’ll be prompted with something like this:

Status: Downloaded newer image for easyengine/redis:v4.3.0
docker.io/easyengine/redis:v4.3.0

+-------------------+----------------------------------------------------------+
| OS                | Linux 5.8.0-1040-azure #43~20.04.1-Ubuntu SMP Mon Aug 2  |
|                   | 22:06:11 UTC 2021 x86_64                                 |
| Shell             | /bin/bash                                                |
| PHP binary        | /usr/bin/php8.0                                          |
| PHP version       | 8.0.10                                                   |
| php.ini used      | /etc/php/8.0/cli/php.ini                                 |
| EE root dir       | phar://ee.phar                                           |
| EE vendor dir     | phar://ee.phar/vendor                                    |
| EE phar path      | /home/nas                                                |
| EE packages dir   |                                                          |
| EE global config  |                                                          |
| EE project config |                                                          |
| EE version        | 4.3.1                                                    |
+-------------------+----------------------------------------------------------+
/usr/sbin/cron
/usr/bin/crontab
-----> Adding ssl-renew cron
no crontab for root
-----> Run "ee help site" for more information on how to create a site.

This concludes that EasyEngine has been successfully installed, and is ready for you to create websites.

Step 6: Creating a WordPress Site

Run the following commands to create a WordPress site:

# Creating WordPress site with Redis cache & Let's Encrypt SSL certificate
sudo ee site create example.com --type=wp --cache --ssl=le

This will create a WordPress site, configure Nginx fastcgi cache, and will also install a free Let’s Encrypt SSL certificate.

Once completed, you’ll be prompted with something like this:

Starting site creation.
Configuring project.
Creating WordPress site nas.codes
Copying configuration files.
Starting site's services.
Downloading and configuring WordPress.
Moved /var/www/htdocs/wp-config.php to /var/www/wp-config.php successfully
Checking and verifying site-up status. This may take some time.

Installing WordPress site.
Success: https://nas.codes has been created successfully!
Enter your mail id: nas@nas.codes
Starting SSL verification.
The authorization check was successful!
Executing first request.
Requesting first certificate for domain nas.codes.
Certificate received
Certificate stored
Success: SSL verification completed.
Starting site's services.
Site entry created.
Creating cron entry
Success: Cron created successfully
+--------------------+---------------------------------+
| Site               | https://nas.codes               |
+--------------------+---------------------------------+
| Site Root          | /opt/easyengine/sites/nas.codes |
+--------------------+---------------------------------+
| Site Title         | nas.codes                       |
+--------------------+---------------------------------+
| WordPress Username | fervent-hodgkin                 |
+--------------------+---------------------------------+
| WordPress Password | XXXXXXXXXXXXXXXXXX              |
+--------------------+---------------------------------+
| Alias Domains      | None                            |
+--------------------+---------------------------------+
| DB Host            | global-db                       |
+--------------------+---------------------------------+
| DB Name            | nas_codes                       |
+--------------------+---------------------------------+
| DB User            | nas.codes-ruuUpz                |
+--------------------+---------------------------------+
| DB Password        | XXXXXXXXXXXX                    |
+--------------------+---------------------------------+
| E-Mail             | admin@nas.codes                 |
+--------------------+---------------------------------+
| SSL                | Enabled                         |
+--------------------+---------------------------------+
| SSL Wildcard       | No                              |
+--------------------+---------------------------------+
| Cache              | Enabled                         |
+--------------------+---------------------------------+
| Proxy Cache        | Off                             |
+--------------------+---------------------------------+

A random username & password will be generated for both your WordPress site and the Database, you should delete that user account from your WordPress dashboard, and create a new user.

Setting up Multiple WordPress Sites

With the same EasyEngine command used above to create a WordPress site, multiple websites can be created and hosted on a single server.

However, since EasyEngine v4 uses Docker, which has a limitation of 31 networks per machine. EasyEngine creates one network per site, and it also needs few Docker networks for global services.

This limits the number of sites per server to 27.

You can use WordPress Multisite to get around this limitation, as the Multisite is counted as a single site, this reduces overall burden and in a way enforce usage of quality codes.

Or, you can just spin up a new server as you reach the 27 site limit.

Useful EasyEngine Commands

# View site information
ee site info example.com

# View installation logs
cat /opt/easyengine/logs/install.log

# View error logs
cat /opt/easyengine/logs/ee.log

EasyEngine also has a list of all the commands.

Set up WordPress with Nginx Conclusion

Automated scripts like EasyEngine have made it incredibly easy to configure and install WordPress sites on a self-hosted web server, there is a helpful EsayEngine community on GitHub.

You should look into Admin Tools which can be accessed from example.com/ee-admin, to learn about all the cool admin tools that come preinstalled with EasyEngine like opcache-gui, MailHog, etc.

Photo by Fikret tozak on Unsplash

Leave a Comment