How to Install WordPress with Nginx and Let's Encrypt SSL on Ubuntu 22.04
WordPress CMS is a free, open-source content management system that allows users to create and manage websites easily. It's known for its flexibility, user-friendly interface, and vast plugin and theme library, making it ideal for both beginners and professionals.
WordPress makes it easy to create and maintain websites and blogs. Due to its popularity, more than a third of websites today are powered by WordPress. It is written in PHP and uses MariaDB and MySQL as a database backend.
In this tutorial, we will show you how to install WordPress with Nginx and a free Let's Encrypt SSL certificate on Ubuntu 22.04.
Prerequisites
- A server running Ubuntu 22.04.
- A valid domain name is pointed with your server IP.
- A root password is configured on the server.
Install Nginx, MariaDB, and PHP
Before starting, the LEMP server must be installed on your server. If not installed, you can install it by running the following command:
apt install nginx mariadb-server php php-fpm php-curl php-mysql php-gd php-mbstring php-xml php-imagick php-zip php-xmlrpc -y
Once the LEMP server is installed, verify the PHP version using the following command:
php -v
You will get the PHP version in the following output:
PHP 8.1.2 (cli) (built: Apr 7 2022 17:46:26) (NTS) Copyright (c) The PHP Group Zend Engine v4.1.2, Copyright (c) Zend Technologies with Zend OPcache v8.1.2, Copyright (c), by Zend Technologies
Next, edit the PHP configuration file and tweak some default settings:
nano /etc/php/8.1/fpm/php.ini
Change the following lines:
cgi.fix_pathinfo=0 upload_max_filesize = 128M post_max_size = 128M memory_limit = 512M max_execution_time = 120
Save and close the file when you are finished.
Create a Database for WordPress
WordPress uses a database to store its content. So you will need to create a database and user for WordPress.
First, log in to the MariaDB shell with the following command:
mysql
Once you are logged in, create a database and user with the following command:
MariaDB [(none)]> CREATE DATABASE wpdb;
MariaDB [(none)]> CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'securepasssword';
Next, grant all the privileges to the WordPress database using the following command:
MariaDB [(none)]> GRANT ALL ON wpdb.* TO 'wpuser'@'localhost';
Next, flush the privileges and exit from the MariaDB with the following command:
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> EXIT;
Once you are finished, you can proceed to the next step.
Install WordPress on Ubuntu 22.04
First, navigate to the Nginx web root directory and download the latest version of WordPress using the following command:
cd /var/www/html
wget https://wordpress.org/latest.tar.gz
Once the WordPress is downloaded, extract the downloaded file with the following command:
tar -zxvf latest.tar.gz
Next, rename the WordPress sample configuration file.
mv /var/www/html/wordpress/wp-config-sample.php /var/www/html/wordpress/wp-config.php
Next, edit the WordPress configuration file and define your database settings:
nano /var/www/html/wordpress/wp-config.php
Define your database settings as shown below:
define( 'DB_NAME', 'wpdb' ); /** Database username */ define( 'DB_USER', 'wpuser' ); /** Database password */ define( 'DB_PASSWORD', 'securepasssword' ); /** Database hostname */ define( 'DB_HOST', 'localhost' );
For security reasons, you will also need to update the security keys in your wp-config file. First, go here to generate them. Then, add it as shown below:
define('AUTH_KEY', 'Y$I,-gafVeR>Z-8qy&jQ62L}{R)e|lK/#RBh.Y#f+p-P*.8,,hP-iX[q3*tVP-fu'); define('SECURE_AUTH_KEY', 'D)k6o`D G%<()-zXP5{T{v2)Zgo-c+8T-Un=+R3%n/X2=MLDb5$O]UHA%gK| .WR'); define('LOGGED_IN_KEY', 'eL|5#`ul|;MrKm#q$KVl/ky(i}Jc;xrH(Eb|Hwzb/?-.RLSUSX2X[4HD:U:UOP:Y'); define('NONCE_KEY', ']azQ+9f^#~l*r>uPMH5H>ck:?az4o[)*Txo:+MGjE5f&0kag3O9m85g3~VJ6YVWE'); define('AUTH_SALT', 'fAM5&`m4X+{+wSsF.!}-/8@Ce~~u%>}la1bCC,@#+R*t]uYf?[hph/>!Bw>v#oaQ'); define('SECURE_AUTH_SALT', '}|Z&dj_tFV2T$7y(O#O|bwwQ$sH6t!-zdE.MlOHLZ>4WDqG:_Qzn#Allm-UO1#7P'); define('LOGGED_IN_SALT', 'b9Uf~**E_xt@{KWknsAL^9D7Ix3CO.+PpFF~btd)-pG~pXPQ,[c&WRE-NgLG9~)|'); define('NONCE_SALT', '}mTUi&.#i+YJT-TSrbIwqWO<]ut3K%CS~7g.} *NztVlgZDr`?>wxJ+_VW-D_zif');
Save and close the file when you are finished. Next, set proper permission and ownership to the WordPress directory:
chown -R www-data:www-data /var/www/html/wordpress
chmod -R 755 /var/www/html/wordpress
Create an Nginx Virtual Host for WordPress
Next, you will need to create an Nginx virtual host configuration file to serve WordPress over the internet.
nano /etc/nginx/conf.d/wordpress.conf
Add the following configuration:
server { listen 80; root /var/www/html/wordpress; index index.php index.html index.htm; server_name wordpress.example.com; client_max_body_size 500M; location / { try_files $uri $uri/ /index.php?$args; } location = /favicon.ico { log_not_found off; access_log off; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php8.1-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
Save and close the file then verify the Nginx configuration using the following command:
nginx -t
You will get the following output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Next, restart the Nginx and PHP-FPM services to apply the changes.
systemctl restart nginx
systemctl restart php8.1-fpm
You can also check the status of the Nginx using the following command:
systemctl status nginx
You will get the following output:
? nginx.service - A high performance web server and a reverse proxy server Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2022-05-05 11:36:28 UTC; 10s ago Docs: man:nginx(8) Process: 16880 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS) Process: 16882 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS) Main PID: 16883 (nginx) Tasks: 3 (limit: 4630) Memory: 3.4M CPU: 49ms CGroup: /system.slice/nginx.service ??16883 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;" ??16884 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ??16885 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" May 05 11:36:28 ubuntu2204 systemd[1]: Starting A high performance web server and a reverse proxy server... May 05 11:36:28 ubuntu2204 systemd[1]: Started A high performance web server and a reverse proxy server.
Complete WordPress Web Installation
Now, open your web browser and access the WordPress installation wizard using the URL http://wordpress.example.com. You will be redirected to the following page:
Select your language and click on the Continue button. You should see the WordPress Site configuration page:
Provide your website name, admin username, password, email, and click on the Install WordPress button. Once the WordPress is installed, you should see the following page:
Click on the Log in button. You should see the WordPress login page:
Provide your admin username, password, and click on the Login button. You should see the WordPress dashboard on the following page:
Enable HTTPS on WordPress
To enable HTTPS on your site, you will need to install the Certbot Let's Encrypt client to your system. You can install it by running the following command:
apt-get install python3-certbot-nginx -y
Once the Certbot client is installed, run the following command to enable the HTTPS on your website:
certbot --nginx -d wordpress.example.com
You will be asked to provide a valid email address and accept the term of service as shown below:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): [email protected] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (A)gree/(C)ancel: A - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - (Y)es/(N)o: Y Obtaining a new certificate Performing the following challenges: http-01 challenge for wordpress.example.com Waiting for verification... Cleaning up challenges Deploying Certificate to VirtualHost /etc/nginx/conf.d/wordpress.conf
Next, choose whether or not to redirect HTTP traffic to HTTPS as shown below:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Type 2 and hit Enter to finish the installation. You should see the following output:
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/wordpress.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations! You have successfully enabled https://wordpress.example.com You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=wordpress.example.com - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/wordpress.example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/wordpress.example.com/privkey.pem Your cert will expire on 2023-02-08. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le - We were unable to subscribe you the EFF mailing list because your e-mail address appears to be invalid. You can try again later by visiting https://act.eff.org.
Conclusion
Congratulations! You have successfully installed WordPress with Nginx and Let's Encrypt SSL on Ubuntu 22.04. You can now install your preferred themes and plugins and start building your own website.