Last Revised: October 2, 2021
- Versions to install
- Configuring the Operating System
- Installing MariaDB
- Installing nginx
- Installing PHP
- Installation of sodium
- Installing Redis
- Configuring HTTPS
- Firewall settings
- About this document
This tutorial has been created on a Clouding.io VPS. You can create your own VPS from 3€/month.
In addition, you have the possibility to create your VPS with the WordPress image in one click.
Versions to install
Operating System: Ubuntu 19
Control Panel: None
Web server: nginx
Database: MariaDB 10.3
Processor: PHP 7.3
Here we leave you a small installation manual from a basic operating system installation of Ubuntu 19.
Configuring the Operating System
Once the operating system is installed, the first thing we will configure will be the server time. In this case we will configure the time zone of Madrid.
timedatectl set-timezone 'Europe/Madrid' timedatectl set-ntp on
The next thing we will do is check the version of the operating system and, subsequently, make a complete update of it.
lsb_release -a apt -y update && apt -y upgrade && apt -y dist-upgrade && apt -y autoremove
Once everything is updated, we install some tools and base software that can be useful to have on the system.
apt -y install software-properties-common curl vim unzip ufw
The next step will be the installation of the database. In this case we are going to use MariaDB 10.3. The first thing we will do is configure the download, and then its installation.
apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8 add-apt-repository 'deb [arch=amd64,arm64,ppc64el] http://tedeco.fi.upm.es/mirror/mariadb/repo/10.3/ubuntu bionic main' apt -y update && apt -y upgrade && apt -y dist-upgrade && apt -y autoremove apt -y install mariadb-server mariadb-client
Now that it is installed, we will proceed to the initial configuration. For this we will use the secure installation system, which will ask us some questions.
To the question of whether we want to change the password, depending on whether or not we have put in the installation, we will change it. In case you have not put any, it is highly recommended to put a strong password.
Set root password? [Y/n]: Y
To the rest of the questions, we will answer the following:
Remove anonymous users? [Y/n]: Y Disallow root login remotely? [Y/n]: Y Remove test database and access to it? [Y/n]: Y Reload privilege tables now? [Y/n]: Y
At this time we will have the database configured. Now we will make it run on the system restarts and start it.
systemctl stop mysql.service systemctl start mysql.service
At this moment we have the database configured and we will proceed to the installation of the web server. In this case we are going to use nginx.
apt -y update && apt -y upgrade && apt -y dist-upgrade && apt -y autoremove apt -y install nginx nginx-extras
Now that we have nginx installed, we are going to configure it to start at the system restarts automatically.
systemctl stop nginx.service systemctl enable nginx.service systemctl start nginx.service
At this time we already have the web server, so we are going to install and configure PHP to work properly with the database and the web server. In this case we are going to install PHP version 7.3. First we will do the installation of the most updated packages (which are not those that come with the operating system) and that in case of needing it, in addition, they would allow us to have several versions of PHP in parallel.
add-apt-repository ppa:ondrej/php apt -y update && apt -y upgrade && apt -y dist-upgrade && apt -y autoremove apt -y install php7.3 php7.3-fpm php7.3-common php7.3-dev php7.3-cli php7.3-bcmath php7.3-curl php7.3-gd php7.3-imap php7.3-json php7.3-mbstring php7.3-mysql php7.3-opcache php7.3-soap php7.3-xml php7.3-xmlrpc php7.3-zip php-imagick php-pear php-ssh2 php-xdebug libgeoip-dev
Installation of sodium
At the moment a system would be missing, which is everything related to encryption with libsodium and that we will have to download and compile before continuing to install.
wget https://download.libsodium.org/libsodium/releases/LATEST.tar.gz tar xvf LATEST.tar.gz cd libsodium-stable/ ./configure make && make check make install pecl install libsodium echo "extension=sodium.so" >> /etc/php/7.3/mods-available/libsodium.ini
In some cases, the system integrates Apache HTTPD as standard, so we will do a cleaning, in case any of it is installed.
apt -y purge apache2*
Now that we have PHP correctly installed, let’s activate it so that when the system restarts it runs automatically.
systemctl stop php7.3-fpm.service systemctl enable php7.3-fpm.service systemctl start php7.3-fpm.service
To work with improvements in the performance of the object cache, we are going to leave Redis ready as a storage system.
apt -y update && apt -y upgrade && apt -y dist-upgrade && apt -y autoremove apt -y install redis-server php-redis
Later, and in the same way as the rest of the elements, we are going to configure it to start automatically if the server is restarted.
systemctl stop redis-server.service systemctl enable redis-server.service systemctl start redis-server.service
As we are going to mount our website on a secure web server (HTTPS), we will need to install the Let’s Encrypt certificate generator, so that we will previously prepare the systems for the creation of secure keys.
openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
And at this time we will install the certbot certificate creation system.
add-apt-repository ppa:certbot/certbot apt -y update && apt -y upgrade && apt -y dist-upgrade && apt -y autoremove apt -y install python-certbot-nginx
In order for the certificates to be updated automatically, we will activate a scheduled task (cron) once a day that automatically renews the certificates.
Once inside, we will configure, for example, that it runs at 06:45 every morning.
45 6 * * * certbot renew
To finish, we are going to activate the Firewall and leave only the SSH ports open (for which we are working at the moment) and later the web ports, leaving the rest inactive.
ufw app list ufw allow 'OpenSSH' ufw allow 'Nginx Full' ufw enable
From this moment we can restart the machine if we want, and we will have it ready to start its use and assemble the websites.
About this document
This document is regulated by the EUPL v1.2 license, published in WP SysAdmin and created by Javier Casares. Please, if you use this content in your website, your presentation or any material you distribute, remember to mention this site or its author, and having to put the material you create under EUPL license.