WordPress on Ubuntu 19 (nginx, MariaDB, PHP, Redis)

Last Revised: October 2, 2021

This tutorial has been created on a Clouding.io VPS. You can create your own VPS from 3€/month.

In addition, you have the possibility to create your VPS with the WordPress image in one click.

PARTNERSHIP

Versions to install

Operating System: Ubuntu 19
Control Panel: None
Web server: nginx
Database: MariaDB 10.3
Processor: PHP 7.3
Cache: Redis

Here we leave you a small installation manual from a basic operating system installation of Ubuntu 19.

Configuring the Operating System

Once the operating system is installed, the first thing we will configure will be the server time. In this case we will configure the time zone of Madrid.

timedatectl set-timezone 'Europe/Madrid'
timedatectl set-ntp on

The next thing we will do is check the version of the operating system and, subsequently, make a complete update of it.

lsb_release -a
apt -y update && apt -y upgrade && apt -y dist-upgrade && apt -y autoremove

Once everything is updated, we install some tools and base software that can be useful to have on the system.

apt -y install software-properties-common curl vim unzip ufw

Installing MariaDB

The next step will be the installation of the database. In this case we are going to use MariaDB 10.3. The first thing we will do is configure the download, and then its installation.

apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
add-apt-repository 'deb [arch=amd64,arm64,ppc64el] http://tedeco.fi.upm.es/mirror/mariadb/repo/10.3/ubuntu bionic main'
apt -y update && apt -y upgrade && apt -y dist-upgrade && apt -y autoremove
apt -y install mariadb-server mariadb-client

Now that it is installed, we will proceed to the initial configuration. For this we will use the secure installation system, which will ask us some questions.

mysql_secure_installation

To the question of whether we want to change the password, depending on whether or not we have put in the installation, we will change it. In case you have not put any, it is highly recommended to put a strong password.

Set root password? [Y/n]: Y

To the rest of the questions, we will answer the following:

Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y

At this time we will have the database configured. Now we will make it run on the system restarts and start it.

systemctl stop mysql.service
systemctl start mysql.service

Installing nginx

At this moment we have the database configured and we will proceed to the installation of the web server. In this case we are going to use nginx.

apt -y update && apt -y upgrade && apt -y dist-upgrade && apt -y autoremove
apt -y install nginx nginx-extras

Now that we have nginx installed, we are going to configure it to start at the system restarts automatically.

systemctl stop nginx.service
systemctl enable nginx.service
systemctl start nginx.service

Installing PHP

At this time we already have the web server, so we are going to install and configure PHP to work properly with the database and the web server. In this case we are going to install PHP version 7.3. First we will do the installation of the most updated packages (which are not those that come with the operating system) and that in case of needing it, in addition, they would allow us to have several versions of PHP in parallel.

add-apt-repository ppa:ondrej/php
apt -y update && apt -y upgrade && apt -y dist-upgrade && apt -y autoremove
apt -y install php7.3 php7.3-fpm php7.3-common php7.3-dev php7.3-cli php7.3-bcmath php7.3-curl php7.3-gd php7.3-imap php7.3-json php7.3-mbstring php7.3-mysql php7.3-opcache php7.3-soap php7.3-xml php7.3-xmlrpc php7.3-zip php-imagick php-pear php-ssh2 php-xdebug libgeoip-dev

Installation of sodium

At the moment a system would be missing, which is everything related to encryption with libsodium and that we will have to download and compile before continuing to install.

wget https://download.libsodium.org/libsodium/releases/LATEST.tar.gz
tar xvf LATEST.tar.gz
cd libsodium-stable/
./configure
make && make check
make install
pecl install libsodium
echo "extension=sodium.so" >> /etc/php/7.3/mods-available/libsodium.ini

In some cases, the system integrates Apache HTTPD as standard, so we will do a cleaning, in case any of it is installed.

apt -y purge apache2*

Now that we have PHP correctly installed, let’s activate it so that when the system restarts it runs automatically.

systemctl stop php7.3-fpm.service
systemctl enable php7.3-fpm.service
systemctl start php7.3-fpm.service

Installing Redis

To work with improvements in the performance of the object cache, we are going to leave Redis ready as a storage system.

apt -y update && apt -y upgrade && apt -y dist-upgrade && apt -y autoremove
apt -y install redis-server php-redis

Later, and in the same way as the rest of the elements, we are going to configure it to start automatically if the server is restarted.

systemctl stop redis-server.service
systemctl enable redis-server.service
systemctl start redis-server.service

Configuring HTTPS

As we are going to mount our website on a secure web server (HTTPS), we will need to install the Let’s Encrypt certificate generator, so that we will previously prepare the systems for the creation of secure keys.

openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

And at this time we will install the certbot certificate creation system.

add-apt-repository ppa:certbot/certbot
apt -y update && apt -y upgrade && apt -y dist-upgrade && apt -y autoremove
apt -y install python-certbot-nginx

In order for the certificates to be updated automatically, we will activate a scheduled task (cron) once a day that automatically renews the certificates.

crontab -e

Once inside, we will configure, for example, that it runs at 06:45 every morning.

45 6 * * * certbot renew

Firewall settings

To finish, we are going to activate the Firewall and leave only the SSH ports open (for which we are working at the moment) and later the web ports, leaving the rest inactive.

ufw app list
ufw allow 'OpenSSH'
ufw allow 'Nginx Full'
ufw enable

From this moment we can restart the machine if we want, and we will have it ready to start its use and assemble the websites.


About this document

This document is regulated by the EUPL v1.2 license, published in WP SysAdmin and created by Javier Casares. Please, if you use this content in your website, your presentation or any material you distribute, remember to mention this site or its author, and having to put the material you create under EUPL license.