{"id":61,"date":"2024-02-28T05:40:22","date_gmt":"2024-02-28T05:40:22","guid":{"rendered":"https:\/\/blog.devops955.com\/swain\/?p=61"},"modified":"2024-03-06T07:13:05","modified_gmt":"2024-03-06T07:13:05","slug":"step-by-step-guide-to-deploying-wordpress-with-lemp-stack","status":"publish","type":"post","link":"https:\/\/blog.devops955.com\/swain\/2024\/02\/28\/step-by-step-guide-to-deploying-wordpress-with-lemp-stack\/","title":{"rendered":"Step-by-Step Guide to Deploying WordPress with LEMP Stack"},"content":{"rendered":"
\n

Estimated reading time: 15 min<\/p>\n<\/blockquote>\n

Introduction<\/h1>\n

This note documents the process of deploying a WordPress website using the LEMP<\/strong> stack. Before we start, let's briefly understand what LEMP and WordPress are.<\/p>\n

LEMP<\/strong> is an acronym that stands for Linux<\/strong>, Nginx<\/strong> (pronounced "Engine-X"), MySQL\/MariaDB<\/strong>, and PHP<\/strong>. It is a powerful and efficient software stack. Of course, another popular stack is the LAMP stack, which replaces Nginx with Apache<\/strong>, but I went directly with Nginx due to limited resources.<\/p>\n

In this deployment, we are using Ubuntu 20.04<\/strong> as the server operating system. We set up a blog site by building LEMP and then installing WordPress.<\/p>\n

WordPress<\/strong> is the world's most popular content management system (CMS). It allows users to create, manage, and publish content online without advanced technical skills. WordPress is known for its simplicity, flexibility, and vast ecosystem of themes and plugins. There are also other options, such as Ghost, or direct hosting on Github.<\/p>\n

In this guide, I will walk you through my process of setting up a WordPress site on the LEMP stack and try to avoid potential problems as much as possible.<\/p>\n

Let's get started!<\/p>\n

Installing and Configuring the LEMP Stack<\/h1>\n

Before we install WordPress, we need to set up the LEMP stack on our Linux server. Here, I'm skipping over the installation and configuration of Ubuntu, assuming you already have an Ubuntu 20.04 server set up.<\/p>\n

Installing and configuring Nginx<\/h2>\n

To install Nginx<\/strong> on Ubuntu 20.04<\/strong>, follow these steps:<\/p>\n

    \n
  1. \n

    Open your terminal or connect to your server via SSH.<\/p>\n<\/li>\n

  2. \n

    Update the package lists to ensure you get the latest version of the software by running the following command:<\/p>\n

    sudo apt update<\/code><\/pre>\n<\/li>\n
  3. \n
    Install Nginx by running the following command:<\/p>\n
    sudo apt install nginx<\/code><\/pre>\n<\/li>\n
  4. \n
    Once the installation is complete, you can check the status of Nginx to ensure it is running:<\/p>\n
    sudo systemctl status nginx<\/code><\/pre>\n
    If Nginx is not running, you can start it with:<\/p>\n
    sudo systemctl start nginx<\/code><\/pre>\n
    And don't forget to ensure Nginx starts automatically upon server reboot:<\/p>\n
    sudo systemctl is-enabled nginx<\/code><\/pre>\n
    If not, enable it using the following command:<\/p>\n
    sudo systemctl enable nginx<\/code><\/pre>\n<\/li>\n
  5. \n
    You can now test if Nginx is properly installed and running by navigating to your server's IP address in a web browser. You should see the default Nginx welcome page.<\/p>\n<\/li>\n<\/ol>\n
    \n
    Note: Don't forget to configure the firewall to ensure incoming traffic can access your server normally. While Ubuntu commonly uses UFW (Uncomplicated Firewall), I am more familiar with iptables, so I'll provide the firewall rules using iptables as an example. To allow HTTP traffic on port 80, which is what Nginx uses by default, you can add a rule to iptables by executing the following command:<\/p>\n
    sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT<\/code><\/pre>\n
    This command tells the firewall to accept incoming TCP traffic on port 80, which is necessary for accessing the Nginx server through a web browser.<\/p>\n<\/blockquote>\n
      \n
    1. \n
      Configure Nginx to serve your WordPress site. To do this, you'll need to create a new virtual host configuration file in the \/etc\/nginx\/sites-available<\/em> directory.<\/p>\n
      cd \/etc\/nginx\/sites-available\/<\/code><\/pre>\n<\/li>\n
    2. \n
      Create a new configuration file for your WordPress site. Replace blog.your_domain<\/em> with your actual domain name:<\/p>\n
      sudo vim blog.your_domain.conf<\/code><\/pre>\n
      \n
      This guide assumes familiarity with vim<\/strong> as a text editor. If not, you might want to use a more straightforward editor like nano<\/strong> or refer to a basic vim tutorial before proceeding.<\/p>\n<\/blockquote>\n<\/li>\n
    3. \n
      In the new file, add the following server block. This configuration is for a basic WordPress site. Be sure to replace your_domain<\/em> with your actual domain name and \/var\/www\/your_domain<\/em> or \/var\/www\/html\/your_domain<\/em> with the correct path where WordPress will be installed later on:<\/p>\n
      server {\nlisten 80;\nserver_name blog.your_domain;\n# Specify the directory where your WordPress is (or will be) installed.\nroot \/var\/www\/blog.your_domain;  \nindex index.php index.html index.htm;\n\nlocation \/ {\n    try_files $uri $uri\/ \/index.php?$args;\n}\n# PHP processing section: Configure the handling of .php files.\nlocation ~ \\.php$ {\n    include snippets\/fastcgi-php.conf;\n    fastcgi_pass unix:\/var\/run\/php\/php7.4-fpm.sock;\n    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;\n    include fastcgi_params;\n}\n# Security: Deny access to hidden files and directories (those that begin with a dot).\nlocation ~ \/\\.ht {\n    deny all;\n}\n# While Nginx does not use these files, this rule prevents accidental exposure of sensitive information if such files exist. You may use a different set of rules if you prefer.\n#    location ~ \/\\. {\n#    deny all;\n#    }\n\nlocation = \/favicon.ico {\n    log_not_found off;\n    access_log off;\n}\n\nlocation = \/robots.txt {\n    allow all;\n    log_not_found off;\n    access_log off;\n}\n}<\/code><\/pre>\n<\/li>\n
    4. \n
      Save and close the file, then ensure that the nginx.conf includes the configuration include \/etc\/nginx\/sites-enabled\/*;<\/code> to read files from this directory. After that, enable the site by creating a symbolic link of your site's configuration file from sites-available<\/em> to sites-enabled<\/em>.:<\/p>\n
      sudo ln -s \/etc\/nginx\/sites-available\/blog.your_domain \/etc\/nginx\/sites-enabled\/<\/code><\/pre>\n<\/li>\n
    5. \n
      Test your Nginx configuration to ensure proper syntax.<\/p>\n
      sudo nginx -t <\/code><\/pre>\n<\/li>\n
    6. \n
      If the test is successful, reload Nginx and apply the changes, otherwise you should first address any reported syntax errors and retest until the configuration is correct:<\/p>\n
      sudo systemctl reload nginx<\/code><\/pre>\n
      \n
      When you use the command sudo systemctl reload nginx<\/code> or sudo nginx -s reload<\/code>, you are instructing Nginx to reload it's configuration files without interrupting ongoing connections (soft reload). This is particularly useful for applying changes smoothly without affecting current visitors to your site.
      \nOn the other hand, using a restart command (such as sudo systemctl restart nginx<\/code>) will completely stop and then start the Nginx service again. This approach can briefly interrupt active connections, making it less suitable for changes that need to be applied without impacting site availability.
      \nFor updates like modifying configuration files, reload<\/code> is usually the preferred method as it updates the configuration without impacting ongoing business or user experience.<\/p>\n<\/blockquote>\n<\/li>\n<\/ol>\n
      Installing and configuring Mysql<\/h2>\n
      MySQL<\/strong> is a popular relational database management system used for storing and managing data. Here we will cover how to install MySQL and perform basic security configurations.<\/p>\n
        \n
      1. \n
        Install MySQL server:<\/p>\n
        sudo apt install mysql-server<\/code><\/pre>\n<\/li>\n
      2. \n
        Once the installation is complete, check if MySQL is running and make sure to enable it to start on boot:<\/p>\n
        sudo systemctl status mysql\nsudo systemctl is-enabled mysql<\/code><\/pre>\n
        If not started, run the following command to start it and enable it:<\/p>\n
        sudo systemctl start mysql\nsudo systemctl enable mysql<\/code><\/pre>\n<\/li>\n
      3. \n
        you can run the security script that comes pre-packaged with MySQL. This script will help you improve the security of your MySQL installation:<\/p>\n
        sudo mysql_secure_installation<\/code><\/pre>\n<\/li>\n<\/ol>\n
        \n
        This script will guide you through several security considerations, including setting up a root password(if not set), removing anonymous users, disabling root login remotely, and removing test databases. It is recommended to accept the defaults which are aimed at increasing the security of your database server.<\/p>\n<\/blockquote>\n
        Now that MySQL is installed and secured, the next step is to create a database and user for WordPress. WordPress uses a database to manage and store site and user information, so it's essential to set this up before installing WordPress.<\/p>\n
          \n
        1. \n
          Log into the MySQL root administrative account by typing:<\/p>\n
          sudo mysql -u root -p<\/code><\/pre>\n
          Enter the root password you set before.<\/p>\n<\/li>\n
        2. \n
          Once logged in, create a new database for WordPress. Replace wordpressdb with the name you want to give to your database:<\/p>\n
          CREATE DATABASE wordpressdb DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;<\/code><\/pre>\n<\/li>\n
        3. \n
          Create a new MySQL user account that will be used exclusively by WordPress. Replace wordpressuser<\/em> with the username you want to use, and password<\/em> with a strong password:<\/p>\n
          CREATE USER 'wordpressuser'@'localhost' IDENTIFIED BY 'password';<\/code><\/pre>\n<\/li>\n
        4. \n
          Grant the newly created user full privileges on the WordPress database, then flush the MySQL privileges to ensure they are applied and saved:<\/p>\n
          GRANT ALL PRIVILEGES ON wordpressdb.* TO 'wordpressuser'@'localhost';\nFLUSH PRIVILEGES;\nEXIT;<\/code><\/pre>\n
          By completing these steps, you should have successfully created a dedicated database and user for your WordPress installation. These credentials will be used during the WordPress configuration to allow WordPress to connect to the database and store your website's data.<\/p>\n<\/li>\n<\/ol>\n
          \n
          Remember to keep the database name, username, and password handy as you will need them when setting up WordPress.<\/p>\n<\/blockquote>\n
          Installing and configuring PHP<\/h2>\n
          WordPress is written in PHP<\/strong> and requires it to execute its scripts. In this section, we'll install PHP along with some common modules that WordPress needs to function properly.<\/p>\n
            \n
          1. Install PHP and necessary PHP extensions. On Ubuntu 20.04, you can use the following command to install PHP along with commonly used extensions that WordPress requires:\n
            sudo apt install php-fpm php-mysql php-gd php-xml php-mbstring php-curl php-xmlrpc php-imagick php-zip -y<\/code><\/pre>\n<\/li>\n
          2. Check the PHP version to confirm it's correctly installed:\n
            php -v<\/code><\/pre>\n
            You should see the PHP version information displayed, confirming that PHP is successfully installed on your system.
            \nWordPress can usually run well with default PHP settings. However, you can adjust PHP configurations for performance and security in the php.ini file if necessary. But for a standard setup, sticking with the default settings should suffice.<\/p>\n<\/li>\n
          3. Make sure PHP-FPM (FastCGI Process Manager) is active and running:\n
            sudo systemctl status php{version}-fpm<\/code><\/pre>\n
            Replace {version} with your PHP version. If it's not running, you can start it with:<\/p>\n
            sudo systemctl start php{version}-fpm<\/code><\/pre>\n<\/li>\n
          4. Now, PHP should be set up and ready to support your WordPress installation. It's also important to ensure that PHP-FPM is enabled to start automatically when your server boots up. You can do this with the following command:<\/li>\n<\/ol>\n
            sudo systemctl enable php{version}-fpm<\/code><\/pre>\n
            Installing and configuring WordPress<\/h1>\n
            Installing WordPress<\/h2>\n
            Now that your LEMP stack is fully configured, it's time to install WordPress and get your website up and running.<\/p>\n
              \n
            1. \n
              Download WordPress:
              \nFirst, navigate to the root directory of your website. Replace blog.your_domain<\/em> with your actual domain or directory path:<\/p>\n
              cd \/var\/www\/blog.your_domain<\/code><\/pre>\n
              Then, use the wget command to download the latest WordPress release:<\/p>\n
              sudo wget https:\/\/wordpress.org\/latest.tar.gz<\/code><\/pre>\n
              If you don't have wget, you can simply install it with sudo apt install wget<\/code>. If you have curl, you can also use curl<\/strong> to complete the download.<\/p>\n
              sudo curl -O https:\/\/wordpress.org\/latest.tar.gz<\/code><\/pre>\n<\/li>\n
            2. \n
              Extract WordPress:
              \nUnpack the WordPress archive to the current directory, then clean up the temp file and directory.<\/p>\n
              tar -xzvf latest.tar.gz\nmv wordpress\/* .\/\nrmdir wordpress\nmv latest.tar.gz \/tmp<\/code><\/pre>\n<\/li>\n
            3. \n
              Adujst ownership and permissions:
              \nAdjust the file ownership and permissions to ensure WordPress can function properly. Replace www-data<\/em> with your web server's user if different:<\/p>\n
              sudo chown -R www-data:www-data \/var\/www\/blog.your_domain<\/code><\/pre>\n<\/li>\n<\/ol>\n
              Configuring WordPress<\/h2>\n
                \n
              1. Set up WordPress:
                \nCopy the WordPress sample configuration file to create a new configuration:<\/p>\n
                cp wp-config-sample.php wp-config.php<\/code><\/pre>\n
                Then edit the wp-config.php<\/em> file to add your database connection details.<\/p>\n
                sudo vim wp-config.php<\/code><\/pre>\n<\/li>\n<\/ol>\n
                Fill in the database details, such as the name, user, and password, which you created earlier during the MySQL setup steps. Below is an example of how you should modify the wp-config.php<\/em> file with your actual database details:<\/p>\n
                \/** The name of the database for WordPress *\/\ndefine( 'DB_NAME', 'wordpressdb' ); \/\/ Replace 'wordpressdb' with your actual database name\n\n\/** MySQL database username *\/\ndefine( 'DB_USER', 'wordpressuser' ); \/\/ Replace 'wordpressuser' with your actual database username\n\n\/** MySQL database password *\/\ndefine( 'DB_PASSWORD', 'password' ); \/\/ Replace 'password' with your actual database password\n\n\/** MySQL hostname *\/\ndefine( 'DB_HOST', 'localhost' ); \/\/ Generally 'localhost' but modify if different in your setup\n\n\/** Database charset to use in creating database tables. *\/\ndefine( 'DB_CHARSET', 'utf8' ); \/\/ Recommended to leave as 'utf8'\n\n\/** The Database Collate type. Don't change this if in doubt. *\/\ndefine( 'DB_COLLATE', '' ); \/\/ Usually best to leave this empty<\/code><\/pre>\n
                  \n
                1. Almost successfully installed WordPress!
                  \nNow, navigate to your website http:\/\/blog.your_domain<\/a><\/em> in a web browser. You should see the WordPress installation page. Follow the on-screen instructions to select a language, and fill in the site information and administrator details. After completing these steps, your WordPress website should be installed and ready to use. But before you start posting, you should secure your website<\/strong>.<\/li>\n<\/ol>\n
                  Securing Your WordPress Site with HTTPS<\/h1>\n
                  It's crucial in today's web environment to ensure that your website uses HTTPS, the secure version of HTTP. HTTPS<\/strong> encrypts the data between your user's web browser and your web server, making it more difficult for attackers to intercept and tamper with the data. This is especially important for a site like a WordPress blog, where users may be submitting personal information.<\/p>\n
                  In this guide, we will use a free, automated, and open certificate authority provided by Let's Encrypt<\/strong>. We'll use Certbot<\/strong>, a tool designed to simplify the process of obtaining and renewing certificates from Let's Encrypt.<\/p>\n
                  Installing  and configuring Certbot<\/h2>\n
                  Plan A<\/strong><\/p>\n
                  1a. Install Certbot and its Nginx plugin to make this easier:<\/p>\n
                  sudo apt install certbot python3-certbot-nginx<\/code><\/pre>\n
                  2a. Obtaining a Certificate, you can run it with the --nginx flag to automatically obtain and install a certificate and configure Nginx to use it:<\/p>\n
                  sudo certbot --nginx<\/code><\/pre>\n
                  Follow the prompts to enter your email address, agree to the terms of service, and decide whether you want to redirect HTTP traffic to HTTPS (which is recommended).<\/p>\n
                  If this not work well, you can try mannually apply for the certificate and configure HTTPS on Nginx, you can use the following approach:<\/p>\n
                  Plan B<\/strong><\/p>\n
                  1b. Obtaining a Certificate Manually:<\/p>\n
                  sudo certbot certonly<\/code><\/pre>\n
                  This command will obtain the certificate but will not modify your Nginx configuration. After entering this command, follow the prompts to complete the validation process. You will need to: <\/p>\n