AWS EC2: Install Nginx, MariaDB, PHP 7.3 and WordPress on Ubuntu 18.04.2 LTS

Step 1: Update Ubuntu 18.04.2 LTS

Before we install any software, it’s always a good idea to update repository and software packages. SSH into your Ubuntu 16.04 server and enter the below commands.

sudo apt update
sudo apt upgrade

Step 2: Install Nginx Web Server

Nginx is a high performance web server. It also can be used as a reverse proxy. Enter this command to install Nginx Web server.

sudo apt install nginx

After it’s installed, we can enable Nginx to auto start when Ubuntu is booted by running the following command.

sudo systemctl enable nginx

Then start Nginx with this command:

sudo systemctl start nginx

Now check out its status.

systemctl status nginx

Step 3: Install MariaDB

MariaDB is a drop-in replacement for MySQL. It is developed by former members of MySQL team who concerned that Oracle might turn MySQL into a closed-source product. Many Linux distributions (Arch Linux, Fedora etc), companies and organizations (Google, Wikipedia) have migrated to MariaDB. So we’re going to install MariaDB instead of MySQL.

sudo apt install mariadb-server mariadb-client

To enable MariaDB to automatically start when Ubuntu 18.04 is rebooted:

sudo systemctl enable mysql

After it’s enabled, use systemctl to check its status.

systemctl status mysql

If it’s not running, start it with this command:

sudo systemctl start mysql

Now run the post installation security script.

sudo mysql_secure_installation

When it asks you to enter MariaDB root password, press enter because you have not set the root password yet. Then enter y to set the root password for MariaDB server.  Next you can just press Enter to answer all the remaining questions. This will remove anonymous user, disable remote root login and remove test database. This step is a basic requirement for MariaDB database security.

Step 4: Create database for WordPress website

Change database name and user and remember to change the password to a secure one 🙂


mysql -u root -p

CREATE DATABASE nunosarmento DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;

GRANT ALL ON nunosarmento.* TO 'nunosarmentouser'@'localhost' IDENTIFIED BY 'ypourpassword';

FLUSH PRIVILEGES;

EXIT;

Step 5: Install PHP 7.3

Enter the following command to install repo, PHP 7.3 and PHP7 extensions.


sudo apt install software-properties-common

sudo add-apt-repository ppa:ondrej/php

sudo apt update

sudo apt install php7.3-fpm php7.3-common php7.3-mysql php7.3-xml php7.3-xmlrpc php7.3-curl php7.3-gd php7.3-imagick php7.3-cli php7.3-dev php7.3-imap php7.3-mbstring php7.3-opcache php7.3-soap php7.3-zip unzip -y

After the installation has completed, confirm that PHP 7.3 has installed correctly with this command


php-fpm7.3 -v

Now that PHP 7.3.* has installed and you need to configure the user and group that the service will run under.


sudo nano /etc/php/7.3/fpm/pool.d/www.conf

user = www-data
group = www-data
listen.owner = www-data
listen.group = www-data

Now we configure PHP for WordPress by changing some values in php.ini.


sudo nano /etc/php/7.3/fpm/php.ini

file_uploads = On
allow_url_fopen = On
upload_max_filesize = 100M 
post_max_size = 64M 
memory_limit = 256M 
max_execution_time = 360 
max_input_vars = 3000 
max_input_time = 1000

Now reload php7.3-fpm.

sudo systemctl reload php7.3-fpm

Check status:

systemctl status php7.3-fpm

Sample output:

Step 6: Test PHP

To test the cli version of PHP 7.3, we just need to enter this command:

php --version

Sample output:

php-version

Step 7: Create Nginx Virtual Host

Create nginx conf file (change the domain name to your domain name)

sudo nano /etc/nginx/sites-available/nuno-sarmento.com

Paste the following text into the file. Replace “server_name” with your actual domain name.


server{

        listen 80; 
        server_name nuno-sarmento.com www.nuno-sarmento.com;

        root /var/www/nuno-sarmento.com;
        index index.php;
        
        # log files
        access_log /var/log/nginx/nuno-sarmento.com.access.log;
        error_log /var/log/nginx/nuno-sarmento.com.error.log;

        location = /favicon.ico {
           log_not_found off;
           access_log off;
        }

        location = /robots.txt {
           allow all;
           log_not_found off;
           access_log off;
        }

        location / {
           try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
        }

        location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
                 expires max;
                log_not_found off;
        }

}

Save and close the file. Then create syslink to nginx sites-enable conf directory.


sudo ln -s /etc/nginx/sites-available/nuno-sarmento.com /etc/nginx/sites-enabled/

Create your virtual host website directory


sudo mkdir /var/www/nuno-sarmento.com/

Set permissions to the virtal host directory


sudo chown -R www-data:www-data /var/www/nuno-sarmento.com/

Check if your nginx changes doesn’t have errors

sudo nginx -t
sudo systemctl reload nginx

Step 8: Install wordpress


cd /tmp/

curl -LO https://wordpress.org/latest.tar.gz

tar xzvf latest.tar.gz

cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php

sudo cp -a /tmp/wordpress/. /var/www/nuno-sarmento.com/

sudo chown -R www-data:www-data /var/www/nuno-sarmento.com/*

Edit the wordpress wp-config.php with the details from step 4 “Create database for WordPress website”


nano /var/www/nuno-sarmento.com/wp-config.php

NOTE – you will need also to create the WordPress Salt Keys https://api.wordpress.org/secret-key/1.1/salt/ and added manually to your wp-config.php

Step 9: Install Letsencrypt


sudo add-apt-repository ppa:certbot/certbot

sudo apt install python-certbot-nginx

sudo certbot --nginx -d nuno-sarmento.com -d www.nuno-sarmento.com

LetsEncrypt setps:

1 – Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): hello@nuno-sarmento.com
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

2 – Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(A)gree/(C)ancel: A

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
3- Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(Y)es/(N)o: Y

4 – Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: No redirect – Make no further changes to the webserver configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/nuno-sarmento.com
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/nuno-sarmento.com

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Congratulations! You have successfully enabled (https://nuno-sarmento.com) and
(https://www.nuno-sarmento.com)

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=nuno-sarmento.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.nuno-sarmento.com
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

If in case you choose on LetsEncrypt step 4 option 1 you will need to change your nginx virtual host file to redirect http to https. You can copy the code below and updated the domain conf blocks


nano /etc//nginx/sites-available/nuno-sarmento.com

Server{

    listen 443 ssl;
    listen [::]:443 ssl;
    server_name nuno-sarmento.com www.nuno-sarmento.com;

    if ($host = 'nuno-sarmento.com') {
      return 301 https://www.nuno-sarmento.com$request_uri;
    }

    root /var/www/nuno-sarmento.com;
    index index.php;

    location / {
      try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
       include snippets/fastcgi-php.conf;
       fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
    }

    location ~ /\.ht {
       deny all;
    }
}

server{
    if ($host = www.nuno-sarmento.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = nuno-sarmento.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    server_name nuno-sarmento.com www.nuno-sarmento.com;
    return 404; # managed by Certbot

}

Step 10: Send WordPress (wp admin, woocommerce, forms, etc) emails

I use a light SMPT client MSMTP (https://marlam.de/msmtp/) that transmits all e-mails to an SMTP server which takes care of further delivery.

In this tutorial I will be using gmail account for sending emails

Requirements:

  • gmail acccount
  • enable gmail “Less secure app access” under gmail/account/security.

You can run this script https://gist.github.com/nfsarmento/4bb5e0ff3090f150c6696793cf8e8488 that I have created to this tutorial and it will install and setup MSMTP for you.

Test the configuration with the below code


echo -e "Subject: Test Mail\r\n\r\nThis is a test mail" | msmtp --debug --from=default -t nuno@nuno-sarmento.com --file=/etc/msmtprc

Congratulations you have successfully installed Nginx, MariaDB and PHP-7.3 on Ubuntu 18.04.02. You may also want to instal phpmyadmin on server for managing MariaDB databases.

ABOUT AUTHOR

Nuno

I am a Freelance Web Developer and WordPress Expert based in London with a wealth of website development and support experience. I am great at problem solving and developing quick solutions.

LEAVE A COMMENT

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • LET'S TALK!

    Fill in the form below to make an enquiry or find my contact details on my contact page.

  • This form collects your name and email address so that I can respond to the enquiry(ies) that you submit via this website. Please check my privacy policy for the full story on how I use, protect and manage your submitted data.