Skip to content

Instantly share code, notes, and snippets.

@amanjuman

amanjuman/Complete WordPress with Nginx

Last active September 11, 2024 12:09
Show Gist options
  • Save amanjuman/21a439d4dfad68dbad9245ff1a18bf1e to your computer and use it in GitHub Desktop.
Save amanjuman/21a439d4dfad68dbad9245ff1a18bf1e to your computer and use it in GitHub Desktop.
Download ZIP
Complete WordPress with Nginx
Raw
Complete WordPress with Nginx
sudo apt-get update && sudo apt-get -y upgrade && sudo apt-get autoremove -y && sudo apt-get install software-properties-common
sudo add-apt-repository ppa:ondrej/php -y && sudo add-apt-repository ppa:ondrej/nginx -y
sudo apt-get install nginx mariadb-server zip unzip redis-server certbot python3-certbot-nginx php8.1-{apcu,bcmath,bz2,cli,common,curl,dev,fpm,gd,imap,intl,imagick,mbstring,mysql,opcache,redis,soap,xml,xmlrpc,zip} -y
mysql_secure_installation
sudo sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/8.1/fpm/php.ini
sudo sed -i 's/max_execution_time = 30/max_execution_time = 120/g' /etc/php/8.1/fpm/php.ini
sudo sed -i 's/memory_limit = 128M/memory_limit = 512M/g' /etc/php/8.1/fpm/php.ini
sudo sed -i 's/post_max_size = 8M/post_max_size = 1024M/g' /etc/php/8.1/fpm/php.ini
sudo sed -i 's/upload_max_filesize = 2M/upload_max_filesize = 512M/g' /etc/php/8.1/fpm/php.ini
sudo sed -i 's/max_input_time = 60/max_input_time = 120/g' /etc/php/8.1/fpm/php.ini
sudo sed -i 's/max_input_vars = 1000/max_input_vars = 5000/g' /etc/php/8.1/fpm/php.ini
sudo sed -i 's/short_open_tag = Off/short_open_tag = On/g' /etc/php/8.1/fpm/php.ini
sudo sed -i 's/;opcache.enable=1/opcache.enable=1/g' /etc/php/8.1/fpm/php.ini
sudo sed -i 's/;opcache.save_comments=1/opcache.save_comments=1/g' /etc/php/8.1/fpm/php.ini
sudo sed -i 's/;date.timezone.*/date.timezone = UTC/' /etc/php/8.1/fpm/php.ini
sudo nano /etc/nginx/fastcgi_params
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
sudo service nginx restart
sudo update-alternatives --set php /usr/bin/php8.1
sudo systemctl restart php8.1-fpm
mysql -u root -p
CREATE DATABASE example_db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'example_user'@'%' IDENTIFIED BY 'Password';
GRANT ALL ON example_db.* TO 'example_user'@'%' IDENTIFIED BY 'Password' WITH GRANT OPTION;
FLUSH PRIVILEGES;
cd /var/www/
sudo wget https://wordpress.org/latest.zip && unzip latest.zip && rm latest.zip
mv wordpress/ example.com
sudo chmod 775 -R /var/www/example.com/
sudo chown -R www-data:www-data /var/www/example.com/
sudo certbot --nginx -d example.com -d www.example.com --register-unsafely-without-email
sudo openssl dhparam -dsaparam -out /etc/ssl/dhparam.pem 2048
sudo wget -q https://gist.githubusercontent.com/amanjuman/8ee772b38bc1a14cecf30546d0e53b73/raw/696eb10ae462d0603290a4f23120592b0de4f669/nginx.conf -O /etc/nginx/nginx.conf
sudo wget -q https://gist.githubusercontent.com/amanjuman/8ad9e374cb970a352d08b950e3d3dbef/raw/ddf53d463c80dfe76f7594b3bb3a58df63cd2aad/default -O /etc/nginx/sites-available/default
sudo service nginx restart
sudo nano /etc/nginx/sites-available/example.com.conf
server
{
# Listen
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
# Server Name and Alias
server_name example.com www.example.com;
# Directory & Server Naming
root /var/www/example.com;
# Disable Directory Listing
autoindex off;
# Index Files
index index.php index.html;
# CloudFlare Proxy Issue for Large Header
large_client_header_buffers 4 16k;
# HTTP to HTTPS redirection
if ($scheme != "https")
{
return 301 https://$host$request_uri;
}
# SSL
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# Disable Hidden FIle Access Except Lets Encrypt Verification
location ~ /\.well-known
{
allow all;
log_not_found off;
access_log off;
}
# Nginx Logging
access_log /var/log/nginx/example.com-access.log;
error_log /var/log/nginx/example.com-error.log warn;
# Max Upload Size
client_max_body_size 100M;
# Permalink Support
location / {
try_files $uri $uri/ /index.php?$args;
}
# PHP Upsteam
location ~ \.php$
{
include snippets/fastcgi-php.conf;
## For PHP 8.1
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
# WordPress: Deny wp-content, wp-includes php files
location ~* ^/(?:wp-content|wp-includes)/.*\.php$
{
deny all;
}
# WordPress: Deny nasty stuff uploads that aren’t images, videos, music, etc
location ~* ^/wp-content/uploads/.*.(html|htm|shtml|php|js|swf)$
{
deny all;
}
# WordPress: Deny Scripts & Styles Concat
location ~* \/wp-admin\/load-(?:scripts|styles)\.php
{
deny all;
log_not_found off;
access_log off;
}
# WordPress: Deny General Stuff
location ~* ^/(?:xmlrpc\.php|wp-links-opml\.php|wp-config\.php|wp-config-sample\.php|wp-comments-post\.php|readme\.html|license\.txt)$
{
deny all;
#allow 192.0.64.0/18; To allow any IP
log_not_found off;
access_log off;
}
# Robot Text Logging Off
location = /robots.txt
{
allow all;
log_not_found off;
access_log off;
}
# Fav ICON Disable
location = /favicon.ico
{
log_not_found off;
access_log off;
expires max;
}
# Cache Static Files
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|woff2|ttf|m4a|mp4|ttf|rss|atom|jpe?g|gif|cur|heic|png|tiff|ico|webm|mp3|aac|tgz|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf|webp|json|webmanifest|cast)$
{
add_header Access-Control-Allow-Origin *;
add_header Cache-Control "public, no-transform";
log_not_found off;
access_log off;
expires max;
}
}
sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/
sudo service nginx restart
sudo certbot renew --dry-run
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment