In this post I am documenting how I installed and configured WordPress, Nginx, Mariadb, PHP, and Letsencrypt on Ubuntu 22.04 server hosted on an Azure virtual machine. The objective is to create my own personal blog, powered by WordPress, and secured by SSL.

The first step is to provision the Ubuntu Linux. In this case I use an Azure virtual machine. You can use any other cloud provider as long as it can be reached from the internet. If you have a home network that can be accessed from the internet, you can provision a VM or provide a bare-metal machine for this purpose. The OS is not necessarily Ubuntu. I chose Ubuntu, because I’m already familiar with it.

The following image shows my ubuntu-vmweb virtual machine on Azure portal.

For the domain name, I already have pena.id, so that I don’t have to buy a new one. I created a subdomain of my pena.id domain: smarthome.pena.id. The domain name is necessary, so if you currently don’t have one, you have to purchase it. DNS entry should be created to point the domain name to the virtual machine’s IP address that will host the domain. I assume you already knew how to perform this, so I don’t describe it here.

The second step is to update Ubuntu repositories and perform upgrade if there are new versions of packages.

sudo apt update && sudo apt upgrade -y

Installing Mariadb Database

Next step is installing database either using Mysql or Mariadb. In this guide, I use Mariadb. To install Mariadb, execute the following commands in the Terminal window.

sudo apt install mariadb-server mariadb-client -y

After installation is done, perform Mysql secure installation by typing the following command.

sudo mysql_secure_installation

This is basically a wizard to set password for root account, remove remote access for root account, remove anonymous user, and remove test database. After completing this wizard, login to Mariadb using root account by typing the following command.

sudo mariadb -u root -p

Type the password for the root account you set at the previous step. Once logged-in, create an admin user replacing root for common administrative tasks such as creating databases. Use the following commands, but don’t forget to change the username to suit your own, and also change the password accordingly.

CREATE USER 'admin'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost';

Next step is creating database and user for the WordPress site. I use wpsmarthome as the database name and also the username.

CREATE DATABASE wpsmarthome;
CREATE USER 'wpsmarthome'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON wpsmarthome.* TO 'wpsmarthome'@'localhost';

To apply privileges for the newly created users, execute the following command, and then exit mariadb.

FLUSH PRIVILEGES;
EXIT;

To verify that database and user are already created, type the following command in bash shell to login, and then type the password you set for the wpsmarthome user.

sudo mariadb -u wpsmarthome -p;

Type the following command to show all databases accessible by wpsmarthome user.

SHOW DATABASES;

You should see there should be only one database: wpsmarthome displayed.

Installing Nginx, PHP 7.4, and WordPress

To install Nginx, PHP 7.4, and its modules type the following command in the Terminal window.

sudo apt install nginx -y
sudo add-apt-repository ppa:ondrej/php
sudo apt install php7.4 php7.4-fpm php7.4-cli php7.4-common php7.4-mbstring php7.4-gd php7.4-intl php7.4-xml php7.4-mysql php7.4-zip php7.4-json php7.4-curl php7.4-imagick -y

Use the following commands to download the latest version of WordPress, extract it, and then move it to the /var/www directory. Note that you shouldn’t create the directory prior to extraction process. If you do, the extraction result will be placed in the wordpress subdirectory, which is not correct.

wget https://wordpress.org/latest.tar.gz -O wordpress.tar.gz
tar xzvf wordpress.tar.gz
sudo mv wordpress /var/www/smarthome.pena.id

Then change the owner and group of all WordPress files and directories to www-data. This will make it easier when installing WordPress add-ons later. Also, set the the directory permission to 0755 and file permission to 0644 recursively from the root directory of the website. This is to make sure that only the owner of the files (www-data) has write access, while everyone else will only have read access. Automatic updates of themes and plugins depends on this permission setting.

sudo chown -R www-data:www-data /var/www/smarthome.pena.id
cd /var/www/smarthome.pena.id
find . -type d -exec sudo chmod 0755 {} \;
find . -type f -exec sudo chmod 0644 {} \;  

Creating Virtual Host for the Domain

We need to create virtual host configuration file for the domain. To do that, we use vim to create the file.

sudo vim /etc/nginx/conf.d/smarthome.pena.id.conf

Then use the following code block as the content of the file. Note that you have to replace domain name with your own.

server {
    listen 80;
    server_name smarthome.pena.id;
    root /var/www/smarthome.pena.id;
    index index.php index.html index.htm;
 
    location / {
      try_files $uri $uri/ /index.php?$args;
    }
 
    location ~ \.php$ {
      try_files $fastcgi_script_name =404;
      include fastcgi_params;
      fastcgi_pass  unix:/run/php/php7.4-fpm.sock;
      fastcgi_index index.php;
      fastcgi_param DOCUMENT_ROOT    $realpath_root;
      fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; 
    }
 
    access_log /var/log/nginx/smarthome.pena.id_access.log;
    error_log /var/log/nginx/smarthome.pena.id_error.log;
}

Then restart nginx and make sure it runs after restarting.

sudo systemctl restart nginx
sudo systemctl status nginx

Ensuring DNS Resolution

Before accessing the website from a web browser, make sure that the DNS resolution for our domain is correct. You can use any online services to do that, or simply use nslookup command from Terminal.

nslookup smarthome.pena.id

Make sure the IP address shown points to the public IP address of the virtual machine. Otherwise, you need to edit the DNS entry for the A (or alias) record of the domain. If DNS resolution is correct, open a web browser and navigate it to the domain name. Now it should be ready for WordPress website setup that you can easily follow.

Configuring Letsencrypt SSL

To secure the information sent or received from the website, especially the password we sent while login to the admin page, we have to secure the connection using SSL. The cheapest solution is using Letsencrypt service to automatically install and configure the SSL for us. Note that in order to successfully execute this command, your server should be online and the Letsencrypt service must be able to resolve the domain name to your web server.

sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --nginx -d smarthome.pena.id
sudo certbot renew

Voila! done! Now You should be able to access your website address using https protocol.

Last step is configuring cron job to trigger automatic renewal of Letsencrypt certificate because the validity period of the certificate is only three months. We can configure this cron job to run once weekly, for example at Sunday 08:05 AM. Use the following command to edit the crontab file.

crontab -e

You will be prompted by the choices of text editor used to edit the crontab file. Choose the one you are most familiar with, or choose the default one. Then, add the following line to configure the job to run weekly on Sunday 08:05 AM.

5 8 * * 0 certbot renew

Conclusion

In this post, we already installed and configured WordPress, Nginx, Mariadb, PHP, and Letsencrypt on Ubuntu Linux 22.04 running on an Azure virtual machine.

References

1. Cara Install WordPress dengan Nginx di Ubuntu 20.04
2. https://crontab.guru/every-week