Nginx, PHP, WordPress

Install Nginx and PHP-FPM

sudo apt install nginx sudo ufw app info "Nginx Full" sudo ufw allow in "Nginx Full"

PHP 7.2 FPM

sudo apt install php-fpm php-mysql php-dom php-simplexml php-ssh2 php-xml php-xmlreader php-curl php-exif php-ftp php-gd php-iconv php-imagick php-json php-mbstring php-posix php-sockets php-tokenizer php7.2-cli sudo systemctl reload php7.2-fpm sudo nano /etc/php/7.2/fpm/php.ini ; Maximum allowed size for uploaded files. ; http://php.net/upload-max-filesize upload_max_filesize = 256M post_max_size = 256M upload_max_filesize = 256M memory_limit = 256M max_execution_time = 360 date.timezone = Asia/Kolkata # Restrict FPM to Localhost cgi.fix_pathinfo = 0 file_uploads = On allow_url_fopen = On short_open_tag = On sudo systemctl status php7.2-fpm.service sudo systemctl restart php7.2-fpm sudo systemctl status php7.2-fpm.service

Install WordPress

cd /tmp curl -O https://wordpress.org/latest.tar.gz tar xzvf latest.tar.gz ### touch /tmp/wordpress/.htaccess cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php mkdir /tmp/wordpress/wp-content/upgrade sudo cp -a /tmp/wordpress/. /var/www/html/wordpress sudo chown -R www-data:www-data /var/www/html/wordpress curl -s https://api.wordpress.org/secret-key/1.1/salt/ sudo nano /var/www/html/wordpress/wp-config.php # EDIT DATABASE DETAILS # Add the SALTs received above $_SERVER['HTTPS'] = 'on'; define('FS_METHOD', 'direct');

Configure NGINX

sudo cp /etc/nginx/sites-enabled/default /etc/nginx/sites-available/wordpress sudo nano /etc/nginx/sites-available/wordpress server { listen 80; listen [::]:80; server_name example.com; root /var/www/html/wordpress; access_log /var/log/nginx/wordpress.access.log; error_log /var/log/nginx/wordpress.error.log; client_max_body_size 256M; autoindex off; ## https://github.com/littlebizzy/slickstack/blob/master/nginx/default-single-site.txt ## redirect index.php requests ## if ($request_uri ~* "^(.*/)index\.php$") { return 301 $1; } #Add trailing slash to */wp-admin requests. rewrite /faq/wp-admin$ $scheme://$host$uri/ permanent; location / { # Pretty permalinks # try_files $uri $uri/ /index.php$is_args$args; try_files $uri $uri/ /index.php?$args; } # https://www.cyberciti.biz/faq/how-to-configure-nginx-for-wordpress-permalinks/ # Pass all .php files onto a php-fpm/php-fcgi server. index index.php; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; if (!-f $document_root$fastcgi_script_name) { return 404; } # This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default) include /etc/nginx/fastcgi_params; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass php; } } #enable gzip compression gzip on; gzip_vary on; gzip_min_length 1000; gzip_comp_level 5; gzip_types application/json text/css application/x-javascript application/javascript image/svg+xml; gzip_proxied any; location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { log_not_found off; access_log off; allow all; } # disable access to hidden files location ~ /\.ht { access_log off; log_not_found off; deny all; } # https://github.com/littlebizzy/slickstack/blob/master/nginx/default-single-site.txt #################################################################################################### #### Server Block: Favicon Settings ################################################################ #################################################################################################### location = /favicon.ico { ## 204 error better than 404 error if not found ## try_files $uri =204; } #################################################################################################### #### Server Block: Static Resource Settings (Expiration Headers) ################################### #################################################################################################### ## CloudFlare (or CDNs) overwrite these headers ## location ~* \.(atom|bmp|bz2|css|doc|docx|eot|gif|gz|ico|jpeg|jpg|js|mid|midi|mp4|ogg|ogv|otf|png|ppt|rar|rss|rtf|svg|svgz|tar|tgz|ttf|wav|woff|xls|zip)$ { expires max; } #################################################################################################### #### Server Block: Browser Resource (Render) Settings ############################################## #################################################################################################### location ~ \.(eot|ttf|ttc|otf|woff|woff2|svg|css|js)$ { ## avoid render security errors in certain browsers e.g. Firefox/IE ## add_header Access-Control-Allow-Origin "*"; expires max; } #################################################################################################### #### Server Block: Deny Access To Various (Unsafe + Unused) WordPress Core Files ################### #################################################################################################### ## WP directories ## location ~* /(?:wp-includes|wp-content|mu-plugins|uploads)/.*\.php$ { deny all; } ## WP meta files ## location ~* (license|licence|readme)\.(htm|html|txt) { deny all; } ## wp-config ## location = /wp-config*.php { deny all; } ## XML-RPC ## location = /xmlrpc.php { deny all; } ## wp-mail ## location = /wp-mail.php { deny all; } ## wp-links-opml ## location = /wp-links-opml.php { deny all; } ## wp-trackback ## location = /wp-trackback.php { deny all; } ## WP debug logs ## location ~ /wp-content/debug\.log { deny all; } #################################################################################################### #### Server Block: WP-Login Settings (Rate Limiting) ############################################### #################################################################################################### location = /wp-login.php { ## limit access to one request per second per IP address limit_req zone=one burst=1 nodelay; ## we must re-include this routing for php-fpm ## include /etc/nginx/fastcgi.conf; try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; ## fastcgi_pass unix:/var/run/php/php7.2-fpm.sock ## fastcgi_pass unix:/run/php/php7.2-fpm.sock; fastcgi_pass 127.0.0.1:9000; fastcgi_read_timeout 300; fastcgi_index index.php; fastcgi_cache WORDPRESS; fastcgi_cache_valid 200 301 404 @CACHEVALID; fastcgi_cache_bypass $skip_cache; fastcgi_no_cache $skip_cache; } } sudo ln -s /etc/nginx/sites-available/wordpress /etc/nginx/sites-enabled/wordpress sudo unlink /etc/nginx/sites-enabled/default sudo nginx -t sudo systemctl reload nginx sudo systemctl status nginx

Complete WordPress Installation

http://server_domain_or_IP