\n
![](\"https:\/\/jirak.net\/wp\/wp-content\/uploads\/2020\/10\/automating-installation-WordPress-Unit_topology.png\")
<\/p>\nAutomating Installation of WordPress with NGINX Unit on Ubuntu
\n<\/p>\n
There is an incredible amount of information out there about installing WordPress – a Google search for “WordPress install” yields 488,000 results as of this writing. Yet among those results are very few tutorials that comprehensively explain how to install both WordPress and the underlying operating system in a way that’s maintainable in the long term. Perhaps that’s because the right configuration varies so much depending on specific needs, or perhaps it’s because a comprehensive guide doesn’t make for an easy-to-read<\/span> article. <\/p>\n In this post we’re trying to combine the best of both worlds, by providing a We’re building on the architecture for deploying WordPress with NGINX Unit that’s described in an earlier post on our blog<\/a>, while also installing and configuring features not covered there (or in many other tutorials):<\/p>\n This post describes setting up WordPress on a single node where the static asset web server, PHP processing server, and database are co‑located. Installation of a multi‑host, multi‑service WordPress configuration is a potential future topic. What else would you like us to cover in a future post? Let us know in the comments section at the end of the blog!<\/p>\n The application architecture is the same as described in the previous blog post<\/a>: a three‑tier web application. It includes PHP scripts that must be executed by a PHP processor and static files that have to be delivered by a web server.<\/p>\n Before running the script, set the following environment variables. <\/p>\n The script checks that the WordPress‑related variables are set and exits if any are not (lines 8–42<\/span>, not shown here). Lines 572–576<\/span><\/a> check the value of The script (lines 55–61<\/span>, not shown here)<\/span> sets the following environment variables, either to a hardcoded value or a value derived from variables you set in the previous section.<\/p>\n The script sets the hostname of the compute instance to match the domain name of the WordPress site. This is optional and not needed in every configuration, but is useful when sending outgoing emails via SMTP in a single‑host setup like the one configured by the script.<\/p>\n The WP‑Cron<\/a> plug‑in is used by WordPress to run scheduled tasks, and requires that WordPress can ping itself over HTTP. To ensure WP‑Cron works well in all environments, the script adds an entry to \/etc\/hosts<\/strong> so that WordPress can route to itself over the local loopback interface<\/a>. <\/p>\n Later parts of the script use certain utilities and assume the repository index is updated. We update the repo index (line 77) and install the required tools at this point (lines 78–84)<\/span>.<\/p>\n The script installs NGINX Unit and NGINX Open Source from the official NGINX repositories to ensure we always have the latest security updates and bug fixes.<\/p>\n Here the script installs the NGINX Unit repo (lines 87–91)<\/span> and NGINX Open Source repo (lines 94–98)<\/span> by adding a signing key to the system and a file to the Actual installation of NGINX Unit and NGINX Open source happens in the next section<\/a>. We’re adding the repositories beforehand to avoid updating metadata multiple times, thereby making the overall installation faster.<\/p>\n With all the repositories in place, we update the repository metadata and install the applications. The packages installed by the script include the PHP extensions<\/a> that are recommended when running WordPress.<\/p>\n The script creates a configuration file in the PHP conf.d<\/strong> directory (lines 136–147)<\/span>. It sets the maximum size of uploaded files for PHP (line 142), directs PHP errors to We’ve opted to use MariaDB instead of MySQL as the WordPress database. MariaDB has a more active open source community behind it and arguably offers better performance out of the box<\/a>. <\/p>\n The script initializes the new database and creates credentials for WordPress to access it over the local loopback address.<\/p>\n Now the script installs the WP‑CLI utility<\/a>. Using it to install and manage WordPress gives you full control over WordPress configuration without having to manually modify files, update the database, or navigate to the WordPress administrator\u2019s panel. You can also use it to install themes or plug‑ins, and to upgrade WordPress.<\/p>\n The script installs the latest version of WordPress in the \/var\/www\/wordpress<\/strong> directory and configures these settings:<\/p>\n The script configures NGINX Unit to run PHP and handle WordPress paths, isolates PHP process namespaces, and tunes performance settings. There are three noteworthy features:<\/p>\n Namespace support is conditionally defined, based on whether the script is being run in a container (lines 213–224)<\/span>. This is necessary because most container configurations do not support running additional containers inside of themselves.<\/p>\n<\/li>\n When namespace support is enabled, the The maximum number of processes is calculated (lines 226–228)<\/span> using the following algorithm: (Available memory with MariaDB and NGINX Unit running) \/ (PHP memory limit + 5)<\/strong>.<\/span> The value is then set in the NGINX Unit configuration on lines 277–280<\/span>.<\/p>\n This value ensures there are always at least two PHP processes running, which is important because WordPress makes many asynchronous callouts to itself and without the additional process, operations like WP‑Cron fail. You may need to increase or decrease this setting based on your particular WordPress configuration, because the setting generated here is conservative. On many production systems, settings between 10 and 100 are common.<\/li>\n<\/ol>\n The script creates a directory for NGINX cache directory (line 301), then creates the main NGINX nginx.conf<\/strong> configuration file (lines 304–341)<\/span>. Among the configuration settings are the number of NGINX worker processes (line 306) and maximum upload size (line 325). Line 329 imports the compression configuration defined in the next section<\/a>, and lines 332–337<\/span> set caching parameters.<\/p>\n Compressing content on the fly before sending it to clients is a good way to improve website performance, but only if compression is configured correctly. The script uses a configuration (lines 346–414)<\/span> from the h5bp repository on GitHub<\/a>.<\/p>\n Next the script creates an NGINX configuration file called default.conf<\/strong> in the conf.d<\/strong> directory with settings for WordPress (lines 417–541). The configuration:<\/p>\n Certbot<\/a> is a free tool from the Electronic Frontier Foundation (EFF) that obtains and auto‑renews TLS certificates from Let\u2019s Encrypt. The script performs the following actions which configure Certbot to handle Let\u2019s Encrypt certificates for NGINX:<\/p>\n We’ve explained how our For even better website performance, consider upgrading to NGINX Plus<\/a>, our enterprise‑grade, commercially supported product based on NGINX Open Source. NGINX Plus subscribers get the dynamically loaded Brotli module<\/a>, and (at an additional cost) the NGINX ModSecurity WAF<\/a>. We also offer NGINX App Protect<\/a>, a WAF module for NGINX Plus based on F5’s industry‑leading security technology. <\/p>\n Want to try out the script with NGINX Plus? Start your free 30-day trial<\/a><\/span> today or contact us to discuss your use cases<\/a>.<\/p>\n The post Automating Installation of WordPress with NGINX Unit on Ubuntu<\/a> appeared first on NGINX<\/a>.<\/p>\n Source: Automating Installation of WordPress with NGINX Unit on Ubuntu<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Automating Installation of WordPress with NGINX Unit on Ubuntu There is an incredible amount of information out there about installing WordPress – a Google search for “WordPress install” yields 488,000 results as of this writing. Yet among those results are very few tutorials that comprehensively explain how to install both WordPress and the underlying operating system in a way that’s maintainable in the long term. Perhaps that’s because the right configuration varies so much depending on specific needs, or perhaps it’s because a comprehensive guide doesn’t make for an easy-to-read article. In this post we’re trying to combine the best of both worlds, by providing a bash script that automates WordPress installation on Ubuntu and walking through it to explain what each section does and the design trade‑offs we made. (If you are an advanced user, you may want to skip this [ more… ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":38853,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[169],"tags":[652],"class_list":["post-38852","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-nginx"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/38852","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=38852"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/38852\/revisions"}],"predecessor-version":[{"id":38854,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/38852\/revisions\/38854"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media\/38853"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=38852"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=38852"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=38852"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}bash<\/code> script that automates WordPress installation<\/a> on Ubuntu and walking through it to explain what each section does and the design trade‑offs we made. (If you are an advanced user, you may want to skip this post and go directly to the script<\/a>, downloading and modifying it for your environment.) The resulting WordPress installation is scriptable, supports Let\u2019s Encrypt, uses NGINX Unit, and has production‑ready settings.<\/p>\n\n
Prerequisites<\/h2>\n
\n
root<\/code> privileges or equivalent access via sudo<\/code><\/li>\n<\/ul>\nArchitecture Overview<\/h2>\n
![\"\"](\"https:\/\/www.nginx.com\/wp-content\/uploads\/2020\/10\/automating-installation-WordPress-Unit_topology.png\")
<\/p>\nGeneral Principles<\/h2>\n
\n
if<\/code> statements), for idempotency: the script can run multiple times without risk of changing settings that are already correct.<\/li>\napt<\/code> upgrade<\/code>).<\/li>\nroot<\/code> because they change the core system configuration, but in the runtime state WordPress runs under a regular user identity.<\/li>\n<\/ul>\nSetting Environment Variables<\/h2>\n
\n
WORDPRESS_DB_PASSWORD<\/code> – The password for the WordPress database.<\/li>\nWORDPRESS_ADMIN_USER<\/code> – The username of the WordPress administrator.<\/li>\nWORDPRESS_ADMIN_PASSWORD<\/code> – The password for the WordPress administrator.<\/li>\nWORDPRESS_ADMIN_EMAIL<\/code> – The email address of the WordPress administrator.<\/li>\nWORDPRESS_URL<\/code> – The full URL for the WordPress site, starting with https:\/\/<\/strong>.<\/li>\nLETS_ENCRYPT_STAGING<\/code> – Blank by default, but set to 1<\/code> if you are using staging Let\u2019s Encrypt servers, which is necessary when frequently testing new deployments of your configuration. Otherwise, Let\u2019s Encrypt might block your IP address temporarily for making excessive requests.<\/li>\n<\/ul>\nLETS_ENCRYPT_STAGING<\/code>.<\/p>\nSetting Derived Environment Variables<\/h2>\n
\n
DEBIAN_FRONTEND=\"noninteractive\"<\/code> – Indicates to applications that an automated script is executing commands and no user interaction is possible.<\/li>\nWORDPRESS_CLI_VERSION=\"2.4.0\"<\/code> – The version of the WordPress CLI to download.<\/li>\nWORDPRESS_CLI_MD5= \"dedd5a662b80cda66e9e25d44c23b25c\"<\/code> – The cryptographic checksum for the WordPress CLI 2.4.0 binary (the version specified by the WORDPRESS_CLI_VERSION<\/code> variable). Line 162<\/a> uses the value to verify that the correct WordPress CLI version was downloaded.<\/li>\nUPLOAD_MAX_FILESIZE=\"16M\"<\/code> – The maximum size of a file that can be uploaded to WordPress. This setting is used in several places in the configuration and it is useful to have it centrally defined.<\/li>\nTLS_HOSTNAME= \"$(echo ${WORDPRESS_URL} | cut -d'\/' -f3)\"<\/code> – The system’s addressable hostname, extracted from the WORDPRESS_URL<\/code> variable. It is used to fetch the appropriate TLS\/SSL certificates from Let\u2019s Encrypt and when WordPress needs to ping itself (see Adding the WordPress Site Hostname to \/etc\/hosts<\/strong><\/a>).<\/li>\nNGINX_CONF_DIR=\"\/etc\/nginx\"<\/code> – The path to the directory containing the NGINX configuration and the primary configuration file, nginx.conf<\/strong>.<\/li>\nCERT_DIR=\"\/etc\/letsencrypt\/live\/${TLS_HOSTNAME}\"<\/code> – The path to the Let\u2019s Encrypt certificates for the WordPress site\u2019s hostname, derived from the TLS_HOSTNAME<\/code> variable.<\/li>\n<\/ul>\nAssigning the WordPress Site Hostname to the Compute Instance<\/h2>\n
<\/code><\/p>\nAdding the WordPress Site Hostname to \/etc\/hosts<\/strong><\/h2>\n
<\/code>> \/etc\/hosts
\n 73 fi –><\/p>\nInstalling Tools Needed for Later Steps<\/h2>\n
<\/code><\/p>\nAdding the NGINX Unit and NGINX Open Source Repositories<\/h2>\n
apt<\/code> configuration that defines the repository\u2019s location on the Internet. <\/p>\n<\/code> \/etc\/apt\/sources.list.d\/unit.list
\n 91 fi
\n 92
\n 93 # Install NGINX repository
\n 94 if [ ! -f \/etc\/apt\/sources.list.d\/nginx.list ]; then
\n 95 echo “\u25b6 Installing NGINX repository”
\n 96 curl -fsSL https:\/\/nginx.org\/keys\/nginx_signing.key | apt-key add –
\n 97 echo “deb https:\/\/nginx.org\/packages\/mainline\/ubuntu $(lsb_release -cs) nginx” > \/etc\/apt\/sources.list.d\/nginx.list
\n 98 fi –><\/p>\nInstalling NGINX, NGINX Unit, PHP MariaDB, Certbot (Let\u2019s Encrypt), and Dependencies<\/h2>\n
<\/code><\/p>\nConfiguring PHP for Use with NGINX Unit and WordPress<\/h2>\n
STDERR<\/code> (line 145) so that they get recorded in the NGINX Unit log, and restarts NGINX Unit (line 151).<\/p>\n<\/code> “\/etc\/php\/${PHP_MAJOR_MINOR_VERSION}\/embed\/conf.d\/30-wordpress-overrides.ini” <<\/p>\nInitializing the WordPress MariaDB Database<\/h2>\n
<\/code><\/p>\nInstalling the WordPress CLI Utility<\/h2>\n
<\/code> \/usr\/local\/bin\/wp
\n162 echo “$WORDPRESS_CLI_MD5 \/usr\/local\/bin\/wp” | md5sum -c –
\n163 chmod +x \/usr\/local\/bin\/wp
\n164 fi –><\/p>\nInstalling and Configuring WordPress<\/h2>\n
\n
<\/code> \/tmp\/wp_forwarded_for.php <<\/p>\nConfiguring NGINX Unit<\/h2>\n
\n
network<\/code> namespace is disabled (line 218). This is necessary to enable WordPress both to hit its own endpoints and call out to the Internet.<\/p>\n<\/li>\n<\/code> \/tmp\/wordpress.json <<\/p>\nConfiguring NGINX<\/h2>\n
\n
Configuring Core NGINX Parameters<\/h3>\n
<\/code> ${NGINX_CONF_DIR}\/nginx.conf <<\/p>\nConfiguring NGINX Compression Settings<\/h3>\n
<\/code> ${NGINX_CONF_DIR}\/gzip_compression.conf <<\/p>\nConfiguring NGINX Parameters for WordPress<\/h3>\n
\n
Access-Control-Allow-Origin<\/code> header<\/a><\/span> for font files (line 508)<\/li>\n<\/code> ${NGINX_CONF_DIR}\/conf.d\/default.conf <<\/p>\nConfiguring Certbot for Let\u2019s Encrypt Certificates and Auto Renewal<\/h2>\n
\n
<\/code>\/dev\/null; echo “24 3 * * * certbot renew –dry-run –nginx –post-hook ‘service nginx reload'”) | crontab –
\n594 fi –><\/p>\nCustomizing Your WordPress Site<\/h2>\n
bash<\/code> script configures NGINX Open Source and NGINX Unit to serve a production‑ready website with TLS\/SSL enabled. Depending on your needs, you might want to customize your site further:<\/p>\n\n
msmtp<\/code><\/a> so that WordPress can send outbound emails<\/li>\n