Support #974
Updated by Daniel Curtis 3 days ago
This is a simple guide for setting up WordPress with nginx on Debian 10. * Make sure the system is up to date: <pre> sudo apt update && sudo apt upgrade </pre> h2. Install Nginx * Install nginx: <pre> sudo apt install nginx </pre> * Start and enable nginx at boot: <pre> sudo systemctl nginx enable sudo systemctl nginx start </pre> h2. Install PHP * Install php-fpm and extensions: <pre> sudo apt install php-fpm php-common php-gd php-getid3 php-mysql php7.3-cli php7.3-common php7.3-gd php7.3-json php7.3-mysql php7.3-opcache php7.3-readline </pre> * Start and enable php-fpm: <pre> sudo systemctl enable php7.3-fpm sudo systemctl start php7.3-fpm </pre> h2. Install MariaDB * Install MariaDB: <pre> sudo apt install mariadb-server mariadb-client </pre> * Secure the database server: <pre> sudo mysql_secure_installation </pre> #* NOTE: I had an issue logging in as root, to workaround this: <pre> sudo systemctl stop mariadb sudo mysqld_safe --skip-grant-tables --skip-networking mysql -u root UPDATE mysql.user SET plugin = 'mysql_native_password' WHERE user = 'root' AND plugin = 'unix_socket'; FLUSH PRIVILEGES; sudo kill -9 $(pgrep mysql) sudo systemctl start mariadb </pre> h3. Configure a new MySQL database * Log into the MySQL console: <pre> mysql -h localhost -u root -p </pre> #* Create the wordpressuser user with the SuperSecretPassword password and the wordpressdb database: <pre> CREATE USER 'wordpressuser'@'localhost' IDENTIFIED BY 'SuperSecretPassword'; CREATE DATABASE IF NOT EXISTS `wordpressdb` CHARACTER SET utf8 COLLATE utf8_general_ci; GRANT ALL PRIVILEGES ON `wordpressdb`.* TO 'wordpressuser'@'localhost'; flush privileges; exit </pre> h2. Install Wordpress * Install git: <pre> sudo apt install git </pre> * Download wordpress: <pre> cd /var/www sudo git clone -b 6.0-branch --depth=1 https://github.com/WordPress/WordPress.git </pre> * Create the nginx config: <pre> sudo nano /etc/nginx/sites-enabled/wordpress.conf </pre> #* And add the following: <pre> fastcgi_cache_path /var/cache/nginx/examplesite.com levels=1:2 keys_zone=wpcache:200m max_size=10G inactive=2h use_temp_path=off; fastcgi_cache_key "$scheme$request_method$host$request_uri"; fastcgi_ignore_headers Cache-Control Expires Set-Cookie; upstream SITEPHP { server unix:/var/run/examplesite.com.sock; } server { listen 80; server_name examplesite.com; wordpress-example.com; root /usr/local/www/examplesite.com; /var/www/wordpress; index index.php; index.php index.html index.htm; client_max_body_size 12m; set $skip_cache 0; if ($request_method = POST) { set $skip_cache 1; } if ($query_string != "") { set $skip_cache 1; } if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|^/feed/*|/tag/.*/feed/*|index.php|/.*sitemap.*\.(xml|xsl)") { set $skip_cache 1; } if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { set $skip_cache 1; } add_header X-FastCGI-Cache $upstream_cache_status; 122400m; location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { /index.php?q=$uri&$args; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $request_filename; include fastcgi_params; fastcgi_intercept_errors on; fastcgi_pass SITEPHP; fastcgi_cache wpcache; fastcgi_cache_valid 200 301 302 2h; fastcgi_cache_use_stale error timeout updating invalid_header http_500 http_503; fastcgi_cache_min_uses 1; fastcgi_cache_lock on; fastcgi_cache_bypass $skip_cache; fastcgi_no_cache $skip_cache; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } } server { listen 443 ssl; server_name error_page 500 502 503 504 examplesite.com; root /var/www/examplesite.com; index index.php; client_max_body_size 128m; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; set $skip_cache 0; if ($request_method = POST) { /50x.html; set $skip_cache 1; } if ($query_string != "") { set $skip_cache 1; } if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|^/feed/*|/tag/.*/feed/*|index.php|/.*sitemap.*\.(xml|xsl)") { set $skip_cache 1; } if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { set $skip_cache 1; } ssl_certificate /etc/letsencrypt/live/examplesite.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/examplesite.com/privkey.pem; # Configure Strong SSL ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH; ssl_prefer_server_ciphers on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_stapling on; ssl_stapling_verify on; ssl_dhparam /usr/local/etc/nginx/dhparam.pem; add_header Strict-Transport-Security max-age=63072000; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; add_header X-FastCGI-Cache $upstream_cache_status; location = /favicon.ico /50x.html { root /usr/local/www/nginx-dist; log_not_found off; access_log off; } location = /robots.txt ~ \.php$ { allow all; log_not_found off; access_log off; } location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php7.3-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_cache wpcache; fastcgi_cache_valid 200 301 302 2h; fastcgi_cache_use_stale error timeout updating invalid_header http_500 http_503; fastcgi_cache_min_uses 1; fastcgi_cache_lock on; fastcgi_cache_bypass $skip_cache; fastcgi_no_cache $skip_cache; include fastcgi_params; fastcgi_intercept_errors on; fastcgi_pass SITEPHP; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } } </pre> * Change the wordpress ownership: <pre> sudo chown -R www-data:www-data /var/www/WordPress/ </pre> * Restart nginx: <pre> sudo systemctl nginx restart </pre>