This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies.
Setting up a secure and efficient web server environment is crucial for hosting websites or web applications. In this comprehensive guide, I’ll walk you through the process of installing Ubuntu Server with PHP 8.3, MariaDB, NGINX, setting up virtual hosts, installing WordPress, integrating Let’s Encrypt for SSL/TLS encryption, adding security headers, implementing REDIS cache for WordPress, and ensuring both server and WordPress security.
– A computer with Ubuntu Server installed
– Access to the internet
– Basic knowledge of the Linux command line
Before starting, ensure your system is up to date:
sudo apt update sudo apt upgrade
NGINX is a high-performance web server known for its stability and low resource consumption.
sudo apt install nginx
Add the Ondřej Surý PHP PPA repository and install PHP 8.3 and necessary extensions:
sudo add-apt-repository ppa:ondrej/php sudo apt update sudo apt install php8.3 php8.3-fpm php8.3-mysql php8.3-common php8.3-gd php8.3-json php8.3-cli php8.3-curl php8.3-mbstring php8.3-xml php8.3-xmlrpc php8.3-zip
MariaDB is a popular open-source relational database server.
sudo apt install mariadb-server
Run the security script to set up MariaDB securely:
sudo mysql_secure_installation
Log in to MariaDB and create a database and user for WordPress:
sudo mysql -u root -p CREATE DATABASE wordpress; CREATE USER 'wordpressuser'@'localhost' IDENTIFIED BY 'your_password'; GRANT ALL ON wordpress.* TO 'wordpressuser'@'localhost' IDENTIFIED BY 'your_password'; FLUSH PRIVILEGES; EXIT;
Download and extract the latest version of WordPress:
sudo wget -c https://wordpress.org/latest.tar.gz sudo tar -xzvf latest.tar.gz -C /var/www/
Create a new Nginx server block configuration file for your WordPress site:
sudo nano /etc/nginx/sites-available/wordpress
Paste the following configuration, replacing your_domain with your domain name:
server { listen 80; listen [::]:80; server_name your_domain; root /var/www/wordpress; index index.php index.html index.htm; location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php8.3-fpm.sock; } location ~ /\.ht { deny all; } }
Create a symbolic link to enable the site:
sudo ln -s /etc/nginx/sites-available/wordpress /etc/nginx/sites-enabled/
Test the Nginx configuration for syntax errors and restart Nginx:
sudo nginx -t sudo systemctl restart nginx
Install Certbot, a tool for obtaining and renewing Let’s Encrypt SSL certificates:
sudo apt install certbot python3-certbot-nginx
Obtain a certificate for your domain:
sudo certbot --nginx -d your_domain
Edit your Nginx configuration file to include security headers:
sudo nano /etc/nginx/nginx.conf
Add the following lines within the http block:
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-XSS-Protection "1; mode=block" always;
sudo apt install redis-server sudo systemctl enable redis-server sudo systemctl start redis-server
Once the installation is complete, you can verify that Redis is running by checking its status:
sudo systemctl status redis
Install Redis PHP Extension
You’ll need to install the Redis PHP extension to allow WordPress to connect to Redis:
sudo apt install php8.3-redis
Configure Redis for WordPress
Now, you need to configure WordPress to use Redis as its object cache. Edit your WordPress wp-config.php file:
sudo nano /var/www/wordpress/wp-config.php
Add the following lines at the end of the file:
define('WP_REDIS_CLIENT', 'pecl'); define('WP_REDIS_PECL_EXTENSION', 'redis'); define('WP_REDIS_HOST', '127.0.0.1'); define('WP_REDIS_PORT', '6379');
Restart NGINX and PHP-FPM to apply the changes:
sudo systemctl restart nginx sudo systemctl restart php8.3-fpm
You can verify if WordPress is using Redis as its object cache by installing a plugin like “Redis Object Cache” from the WordPress plugin repository. Once activated, the plugin should indicate that Redis is being used for caching.
You can also test if Redis caching is working properly by monitoring Redis activity. Use the following command to connect to the Redis server:
redis-cli
Then, run the following command to monitor Redis activity in real-time:
monitor
Now, perform actions on your WordPress site, such as loading pages or publishing posts. You should see Redis activity in the monitor window, indicating that Redis is successfully caching data for your WordPress site.
– Keep the system up to date with security patches regularly.
– Configure a firewall using ufw to allow only necessary ports.
– Set up SSH key-based authentication and disable password authentication.
– Install and configure fail2ban to protect against brute-force attacks.
– Keep WordPress, themes, and plugins updated regularly.
– Use strong passwords and consider implementing two-factor authentication (2FA) for login.
– Limit login attempts and use security plugins like Wordfence or Sucuri.
– Disable file editing from the WordPress dashboard.
– Regularly back up your WordPress site and database.
By following these steps, you can install WordPress on Ubuntu 23.10 with PHP 8.3, MariaDB, NGINX, Let’s Encrypt and REDIS and implement both server and WordPress security measures to ensure a secure and optimized web hosting environment. Enjoy hosting your websites with confidence!