Deamions LabBlogWordPress + Nginx
Blog

WordPress + Nginx

Deamion

I made a resend swap from Apache2 to Nginx for speed improvements.

This guild is for for Ubuntu 22.04 and assuming you are already running a WordPress site.

Your will need to install 4 packages

  1. Certbox LetsEncrypt
  2. python3-certbot-apache
  3. Nginx
  4. Php8.1 or what ever version you require for your site. (Optional)

Part 1

Install everything you need

sudo apt install certbot python3-certbot-apache php8.1 nginx

now to make the packages work…

PHP setup is optional if you already have a working site.

Lets start with php8.1

You will need to enable it and build the scripts for it

update-alternatives --set php /usr/bin/php8.1
update-alternatives --config php
php -v

Part 2

Now lets make the necessary firewall rules to permit ports 80/443

sudo ufw app list
sudo ufw allow 'Nginx HTTP'
sudo ufw allow 'Nginx HTTPS'

Part 4

Generate your LetsEncrypt certs

certbot certonly --manual --preferred-challenge dns -d "<Your Domain>" -d "*.<Your Domain>"

This will create a basic config for you under /etc/nginx/sites-available/ and store your new certs in /etc/letsencrypt/live/<Your Domain>/

Now to configure Nginx

Nginx has a few components that need to be setup for before its operational

Modify the Certbot generated config file for your domain

cd /etc/nginx/sites-available/
vim <your domain>

Replace your domain config code with the following code

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
        server_name <Your Domain>;

        ssl_certificate /etc/letsencrypt/live/<Your Domain>/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/<Your Domain>/privkey.pem;

        access_log /var/log/access.log;
        error_log /var/log/error.log;

        root /var/www/<Your Domain>;
        index index.php;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php8.1-fpm.sock;
        fastcgi_index index.php;
        include fastcgi.conf;
    }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

        server_name www.<Your Domain>;

        ssl_certificate /etc/letsencrypt/live/<Your Domain>/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/<Your Domain>/privkey.pem;

    return 301 https://<Your Domain>$request_uri;
}

server {
    listen 80;
    listen [::]:80;

        server_name <Your Domain> www.<Your Domain>;

        return 301 https://<Your Domain>$request_uri;
}

The above config will load the site on port 80 and redirect it to port 443 while also accepting connections on 443 its self. Apply your. You will be able to create a custom path for your access and error log files.

Start the Nginx service. 

systemctl start nginx

Once Nginx has started try to load your website again via DNS name on http and https to verity the redirect is working. Something to keep in mind is that Nginx does take a few sec to begin serving web content.

You may want to setup a systemd service or crontab job to automatically renew your cert with Certbot

Loading

Related Posts

Leave a Reply

We use cookies to improve your experience on our website