Perfect Setup: Ubuntu Hardy+Nginx+MySQL5+PHP5+Wordress

The Perfect Setup:

Ubuntu Server 8.04.1 LTS Hardy (supported to 2013) + EngineX (NGINX) Web Server built from sources + MySQL 5 + PHP 5.
(Or LEMP )

Tested on 256MB VPS slice at SliceHost. Should work for other hardware.

From baremetal/barebone/empty fresh install of Ubuntu Server to shiny, fast and SEO-friendly WordPress Portal propelled by WP Super Cache plugin.
All configured and powered by NGinx WEB Server.
Step by step copy/paste instructions – from "zero to hero" with everything on a single page (albeit long one) and in the right order. Just what your granma was asking for!

Every time I need to quickly utilize new product or technology it always made me wonder "why don’t someone came up with a simple step by step instructions on which buttons to press to make this thing work?". So instead of waiting for someone to do it this time I decided to make one myself.

After spending countless hours and days hunting for scripts, searching for clues, scrolling through misleading posts, extracting bits from articles, eliminating blubber and fluff, bugging busy geeky people for hints and getting all necessary pieces together in the right order I finally came up with this instructional post. It all boils down to step-by-step copy/paste instructions that should take you less than 1 hour to get from freshly installed Ubunty server to fully functioning, search engine optimized business-ready WordPress-powered website.

I tested it all on 256MB VPS image offered by SliceHost but the same instructions should work just just fine on any real hardware as well.
Most credits goes to excellent set of articles by PickedOnion at SliceHost plus to some more sources, acknowledged within this post.

This article assumes your username is ‘jsmith’ and your domain is ‘mydomain.com’.

Now it’s time to get our hands dirty!

Secure and tidy-up your fresh Ubuntu Server installation

  • Login as root.
  • Change root password:

    passwd
  • Add new username – yourself:
    adduser jsmith
    visudo
  • Append this line to end of file (to navigate within ‘vi’ editor to create next line – use these: L, $, a, <ENTER>):
    jsmith ALL=(ALL) ALL
    To save and exit do: <ESC>, :wq, <ENTER>

  • SSH configuration:
    nano /etc/ssh/sshd_config – Find
    Port 22 – and change number to something different (12345) to make hacking more difficult.
    – Set these to:
    PermitRootLogin no
    X11Forwarding no
    UsePAM no
    – Append these lines to the very end:

    UseDNS no

    AllowUsers jsmith

  • Secure slice with iptables

    iptables-save > /etc/iptables.up.rules
    nano /etc/iptables.test.rules
  • 1. Copy contents of this file -> and paste it into ‘iptables.test.rules’.
    2. Change port number to your port number on this line:

    -A INPUT -p tcp -m state –state NEW –dport 30000 -j ACCEPT

    3. Save and exit (Ctrl+O, Ctrl+X).

  • Apply new iptables rules:

    iptables-restore < /etc/iptables.test.rules
  • Save iptables rules permanently:

    iptables-save > /etc/iptables.up.rules
  • Make sure iptables rules will apply when server is rebooted as well:
    nano /etc/network/interfaces
  • Add new line after these 2:

    auto lo
    iface lo inet loopback
    pre-up iptables-restore < /etc/iptables.up.rules
    Save and exit.
  • Reload SSH to use new ports and configurations:

    /etc/init.d/ssh reload
  • Keep ‘root’ session running and open second session.
    SSH login to your slice to new port, with your new username and password:

    – Linux: ssh -p 12345 jsmith@123.45.6.78 – Windows: putty jsmith@123.45.6.78 12345
  • If you logged on successfully via your new username: ‘jsmith’ – you may close ‘root’ session now.
    If not – you still have ‘root’ session opened to fix problems. In the worst case – you can use web based console shell login from your manage.slicehost.com dashboard to fix issues.
    sudo aptitude -y install screen
  • Enter screen:
    screen Screen is the great little utility that allows your terminal session activity to keep running (say lengthy builds) even if you were cut off or disconnected. You may reenter your abandoned screen session at a later time to check progress and continue working.
    – Usage notes:

    new screen session: screen

    attach to existing screen session: screen -r
    list all existing screen sessions: screen -list (output: 12045.pts-0.MENSK (Detached), etc…)

    attach to existing screen session by number: screen -r 12045

    detach from screen session and back to main terminal: Ctrl+A, D
    – to rename screen session from inside of it: Ctrl+A, Shift+A – and enter it’s name.

    – to kill current screen session: exit or Ctrl+A

    – to kill all screen sessions: Ctrl+A,

  • Edit .bashrc file to make terminal window a bit more helpful:

    nano ~/.bashrc
  • Append these lines to the end of it:

    export PS1=”
    [e[32;1m]u[e[0m][e[32m]@h[e[36m]w [e[33m]$ [e[0m]”
    alias ll=”ls -la”
    alias a2r=”sudo /etc/init.d/apache2 stop && sleep 2 && sudo /etc/init.d/apache2 start”
    alias n2r="sudo /etc/init.d/nginx stop && sleep 2 && sudo /etc/init.d/nginx start"
    alias ver=”cat /etc/lsb-release”
    Save and exit.

  • Reload .bashrc to make changes active:

    source ~/.bashrc
  • Update sources: sudo aptitude update
  • Set system locale:

    sudo locale-gen en_US.UTF-8
    sudo /usr/sbin/update-locale LANG=en_US.UTF-8
  • Upgrade system now:
    sudo aptitude -y safe-upgrade
    sudo aptitude -y full-upgrade

Install PHP 5, Build Essentials and related libraries

  • Install Build essentials:
    sudo aptitude -y install build-essential
  • Install PHP with php client and without apache (one long line):
    sudo aptitude -y install php5-common php5-dev php5-mysql php5-sqlite php5-tidy php5-xmlrpc php5-xsl php5-cgi php5-mcrypt php5-curl php5-gd php5-memcache php5-mhash php5-pspell php5-snmp php5-sqlite libmagick9-dev php5-cli
  • Fix issues with imagick:
    sudo aptitude -y install make php-pear
    sudo pecl install imagick

    (Just press <ENTER> at prompt)

  • Adjust php.ini:
    sudo nano /etc/php5/cgi/php.ini Adjust memory limit to accomodate WordPress requirements:
    Find line:

    memory_limit = 16M and change it to: memory_limit = 48M

    Append to the end of this file this line:
    extension=imagick.so

  • Install MySQL server, secure it and create database for wordpress (or other dynamic web app you will be using)
    sudo aptitude -y install mysql-server mysql-client libmysqlclient15-devSecure MySQL server:
    mysql_secure_installation
  • Install subversion (best to install and upgrade wordpress is via subversion):
    sudo aptitude -y install subversion

Install Postfix to prepare e-mail capabilities for your web application

  • First – login into slicemanager at manage.slicehost.com, click "DNS" tab and "Reverse DNS".
    Replace record with: mail.mydomain.com.
  • sudo nano /etc/hostname Replace slicename with mail.mydomain.com
  • sudo nano /etc/hosts
    Replace 127.0.0.1 slicename with 127.0.0.1 mail.mydomain.com
  • Reboot slice:
    sudo reboot
  • When rebooted – check slice hostname (it must be mail.mydomain.com):
    hostname -f
  • Install dns utils and check RDNS (by using your slice’s IP address)
    sudo aptitude -y install dnsutils
  • Check if RDNS propagated already:
    dig -x 123.45.6.78
    If "ANSWER SECTION" still shows old name (or anytihng other than mail.mydomain.com) – you’ll have to wait until propagation will finish before proceeding.
  • sudo aptitude -y install postfix telnet mailx
    Select "Internet Site", and then for "System mail name:" -> "mail.mydomain.com".
  • Redirect all email destined to ‘root’ toward ‘jsmith’:
    sudo nano /etc/aliasesAppend this line to the end of file:
    root: jsmith
  • Refresh aliases database now:
    sudo newaliases
  • Edit main.cf file:
    sudo nano /etc/postfix/main.cf
    – Replace: myorigin = /etc/mailname
    – with this: myorigin = $mydomain

    – Replace this: mydestination = mail.mydomain.com, localhost.mydomain.com, , localhost
    – with this: mydestination = $mydomain, localhost.$mydomain, localhost

    – Replace this: mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
    – with this: mynetworks = 127.0.0.0/8

  • Restart postfix to make changes take effect: sudo /etc/init.d/postfix restart
  • Test email sending capabilities. Run little php console prog to do it. Check if you receive email message.
    php -a
    mail (‘your@email.com’, "Hello from slice!", "My email setup works!");
    exit ();
  • Follow this article if you want to setup postfix to receive emails as well (opening port 25 in firewall and configuring stuff):
    But what we’ve done already is enough to have hosted portal with full outgoing email capabilities.

Install and configure NGINX

  • Install NGINX. Dependencies first. Check sysoev.ru website first for newer versions though.
    sudo aptitude -y install libpcre3 libpcre3-dev libpcrecpp0 libssl-dev zlib1g-dev
    mkdir ~/sources
    cd ~/sources/
    wget http://sysoev.ru/nginx/nginx-0.6.32.tar.gz
    tar -zxvf nginx-0.6.32.tar.gz
    cd nginx-0.6.32
    ./configure –sbin-path=/usr/local/sbin –with-http_ssl_module
    make
    sudo make install
  • Start Nginx:
    sudo /usr/local/sbin/nginx
  • Navigate to your slice’s IP address to test that it works: http://123.45.6.78
  • Stop Nginx:
    sudo kill `cat /usr/local/nginx/logs/nginx.pid`
  • Create NGINX init script
    sudo nano /etc/init.d/nginx Copy/paste this text into it:

    #! /bin/sh
    
    ### BEGIN INIT INFO
    # Provides:          nginx
    # Required-Start:    $all
    # Required-Stop:     $all
    # Default-Start:     2 3 4 5
    # Default-Stop:      0 1 6
    # Short-Description: starts the nginx web server
    # Description:       starts nginx using start-stop-daemon
    ### END INIT INFO
    
    PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
    
    
    
    
    
    DAEMON=/usr/local/sbin/nginx
    NAME=nginx
    DESC=nginx
    
    test -x $DAEMON || exit 0
    
    # Include nginx defaults if available
    if [ -f /etc/default/nginx ] ; then
            . /etc/default/nginx
    fi
    
    set -e
    
    case "$1" in
      start)
            echo -n "Starting $DESC: "
            start-stop-daemon --start --quiet --pidfile /usr/local/nginx/logs/$NAME.pid 
                    --exec $DAEMON -- $DAEMON_OPTS
            echo "$NAME."
            ;;
      stop)
            echo -n "Stopping $DESC: "
            start-stop-daemon --stop --quiet --pidfile /usr/local/nginx/logs/$NAME.pid 
                    --exec $DAEMON
            echo "$NAME."
            ;;
    
      restart|force-reload)
            echo -n "Restarting $DESC: "
            start-stop-daemon --stop --quiet --pidfile 
                    /usr/local/nginx/logs/$NAME.pid --exec $DAEMON
            sleep 1
            start-stop-daemon --start --quiet --pidfile 
                    /usr/local/nginx/logs/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS
            echo "$NAME."
            ;;
      reload)
          echo -n "Reloading $DESC configuration: "
          start-stop-daemon --stop --signal HUP --quiet --pidfile /usr/local/nginx/logs/$NAME.pid 
              --exec $DAEMON
          echo "$NAME."
          ;;
      *)
            N=/etc/init.d/$NAME
            echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
            exit 1
            ;;
    esac
    
    exit 0
    
  • Set it executable:
    sudo chmod +x /etc/init.d/nginx
  • Add it to the default run levels:
    sudo /usr/sbin/update-rc.d -f nginx defaults
  • Create folder layout:
    sudo mkdir /usr/local/nginx/sites-available

    sudo mkdir /usr/local/nginx/sites-enabled
  • Adjust main NGINX configuration file to look in sites-enabled folder for vhosts: sudo nano /usr/local/nginx/conf/nginx.conf Delete all contents of this file and replace it with this:

    user www-data www-data;
    worker_processes  4;
    
    events {
        worker_connections  1024;
    }
    
    http {
        include       mime.types;
        default_type  application/octet-stream;
    
        sendfile        on;
        tcp_nopush      on;
        tcp_nodelay     off;
        keepalive_timeout  5;
    
        gzip  on;
        gzip_comp_level 2;
        gzip_proxied any;
        gzip_types      text/plain text/html text/css application/x-javascript text/xml application/xml
        application/xml+rss text/javascript;
    
        include /usr/local/nginx/sites-enabled/*;
    }
        

  • Create default vhost in ‘sites-available’ folder:
    sudo nano /usr/local/nginx/sites-available/defaultCopy/paste this text into it:

    server {
        listen       80;
        server_name  localhost;
    
        location / {
            root   html;
            index  index.php index.html index.htm;
        }
    
    
        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    
    }
    
  • Enable vhost by creating symlink:
    sudo ln -s /usr/local/nginx/sites-available/mydomain.com /usr/local/nginx/sites-enabled/mydomain.com
  • Start NGINX:
    sudo /etc/init.d/nginx start Make sure that navigating to slice IP will show "Welcome to nginx!" default page.

  • Create layouts for domains to be served.
    sudo mkdir /home/public_html
    sudo mkdir -p /home/public_html/mydomain.com/{public,private,log,backup}
  • Setup users and groups to manage portal:
    sudo -i
    addgroup webmasters
    usermod -G webmasters jsmith
    OPTIONAL: Do it for every user who will be allowed to manage files for the portal:
    usermod -G webmasters user_2
    usermod -G webmasters user_3
    Change ownership of main web files directory:
    chown -R jsmith.webmasters /home/public_html
    chmod -R g+w /home/public_html
    Set group id to ‘webmasters’ for all newly created files and dirs.
    find /home/public_html -type d -exec chmod g+s {} ;
    exit
  • Create initial index.html file for the domain:
    sudo nano /home/public_html/mydomain.com/public/index.phpPaste this into the file:

    <?php echo phpinfo(); ?>        

    First – create supporting wordpress-specific configuration files. ‘wordpress_params.regular’ – is basic wordpress config file that allows support for nice permalinks.
    sudo nano /usr/local/nginx/conf/wordpress_params.regular…And paste into it the following contents:

      # WordPress pretty URLs: (as per dominiek.com)
      if (-f $request_filename) {
      break;
      }
      if (-d $request_filename) {
      break;
      }
      rewrite ^(.+)$ /index.php?q=$1 last;
    
    
      # Enable nice permalinks for WordPress: (as per Yawn.it)
      error_page  404  = //index.php?q=$uri;
    
    

    Save and exit.
    Next – create second version of NGinx-specific WordPress config file that allows support for nice permalinks + WP Super Cache plugin. WP Super Caching gives you extra horse power and juice to handle intense traffic and getting your portal seriously ready to be DIGG-ed.
    sudo nano /usr/local/nginx/conf/wordpress_params.super_cache…And paste into it the following contents (Credits: Matt Stevens):

    # if the requested file exists, return it immediately
    if (-f $request_filename) {
    break;
    }
    
    set $supercache_file '';
    set $supercache_uri $request_uri;
    
    if ($request_method = POST) {
    set $supercache_uri '';
    }
    
    # Using pretty permalinks, so bypass the cache for any query string
    if ($query_string) {
    set $supercache_uri '';
    }
    
    if ($http_cookie ~* "comment_author_|wordpress|wp-postpass_" ) {
    set $supercache_uri '';
    }
    
    # if we haven't bypassed the cache, specify our supercache file
    if ($supercache_uri ~ ^(.+)$) {
    set $supercache_file /wp-content/cache/supercache/$http_host/$1index.html;
    }
    
    # only rewrite to the supercache file if it actually exists
    if (-f $document_root$supercache_file) {
    rewrite ^(.*)$ $supercache_file break;
    }
    
    # all other requests go to WordPress
    if (!-e $request_filename) {
    rewrite . /index.php last;
    }
    
    

    Create vhost for domain mydomain.com:
    sudo nano /usr/local/nginx/sites-available/mydomain.com…And paste into it the following contents:

    server {
    
                listen   80;
                server_name  mydomain.com;
                rewrite ^/(.*) http://www.mydomain.com/$1 permanent;
    
               }
    
    
    server {
    
                listen   80;
                server_name www.mydomain.com;
    
                access_log /home/public_html/mydomain.com/log/access.log;
                error_log /home/public_html/mydomain.com/log/error.log;
    
                location / {
    
                            root   /home/public_html/mydomain.com/public/;
                            index  index.php index.html;
    
                            # Basic version of WordPress parameters, supporting nice permalinks.
                            # include /usr/local/nginx/conf/wordpress_params.regular;
                            # Advanced version of WordPress parameters supporting nice permalinks and WP Super Cache plugin
                            include /usr/local/nginx/conf/wordpress_params.super_cache;
                            }
    
                # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
                #
                location ~ .php$ {
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_index index.php;
                include /usr/local/nginx/conf/fastcgi_params;
                fastcgi_param SCRIPT_FILENAME /home/public_html/mydomain.com/public/$fastcgi_script_name;
                }
          }
       
      

    Above will append ‘www’ to all non-www requests – all requests for http://mydomain.com/dir/page will be redirected to -> http://www.mydomain.com/dir/page.
    As you can also see above we enabled ‘wordpress_params.super_cache’ settings. If for some reason you’ll have problems – you may comment ‘ ….wordpress_params.super_cache’ line out, disable wordpress WP Super Cache plugin via WordPress admin panel and uncomment ‘…wordpress_params.regular’ settings (+restart Nginx). From my own test – they both works with or without WP Super Cache enabled and I’d definitely prefer WP Super Cache to be up and running.

  • Enable site:
    sudo ln -s /usr/local/nginx/sites-available/mydomain.com /usr/local/nginx/sites-enabled/mydomain.com
  • Making NGinx to serve PHP and make it all start automatically after system restart (Credits):
    sudo aptitude -y install libfcgi0
    cd /etc/default/
    sudo wget -O php-fastcgi https://www.mensk.com/uploads/php-fastcgi.txt
    cd /etc/init.d/
    sudo wget -O php-fastcgi https://www.mensk.com/uploads/php-fastcgi.rc.txt
    sudo chmod +x php-fastcgi
    sudo /usr/sbin/update-rc.d -f php-fastcgi defaults
    sudo /etc/init.d/php-fastcgi start
    Restart NGINX:
    n2r (or sudo /etc/init.d/nginx stop, sudo /etc/init.d/nginx start)

  • Navigate to your website: http://mydomain.com you should be redirected to http://www.mydomain.com and then see phpinfo() screen…
  • Reboot your slice and make sure that after restart everything still works (NGINX & Co restarts properly)

    sudo reboot

Install and configure WordPress + configure WP Super Cache WordPress plugin to work with NGINX

  • Install WordPress. Login to mysql console as mysql’s root user:
    mysql -u root -p
  • Issue this command to create new username for WordPress database (replace username, password and database name with your values):
    mysql> grant all privileges on *.* to wp_user@localhost identified by "wp_pa55w0rd";
    mysql> create database wp_dbase;
    mysql> quit
  • Get WordPress files directly from SVN repository. See this great article about using subversion to install and update WordPress.
    cd /home/public_html/mydomain.com/public
    sudo rm index.php
    svn co http://svn.automattic.com/wordpress/tags/2.6 .
    mv wp-config-sample.php wp-config.php
    sudo nano wp-config.php
    Set database name, DB user name and password, Change DB prefix to something different (good security measure), save and exit.

  • Adjust permissions:
    sudo chmod -R 777 /home/public_html/mydomain.com/public/wp-content
    sudo chmod 666 /home/public_html/mydomain.com/public/wp-config.php
  • Access your site: http://www.mydomain.com/
    – Enter blog name, remember the password that wordpress gave you.
    – Login as admin/password
    – Click Users tab at upper right in admin panel
    – Click on ‘admin’ user
    – Change password to something secure and you’d remember.
    – Logoff, Logon again with your new password.
    – Goto Settings->Permalinks
    – Set (x) "Custom Structure" -> /%category%/%postname%/, [Save Changes], ignore WordPress warning: "You should update your .htaccess now." – it cannot find .htaccess – we are not running apache.
    – Access your blog’s "About" page – and voila – it should work just fine as this: http://www.mydomain.com/about/ (instead of default ugly: http://www.mydomain.com/?p=123)
  • Download and unzip WP Super Cache plugin into ‘/home/public_html/mydomain.com/public/wp-content/plugins‘ directory. Activate it via Admin panel.
    For FTP-ing purposes I use FileZilla configured to use SFTP. (I don’t elaborate on specifics of installing and activating WordPress plugins in this document).
    – Goto Plugins, activate "WP Super Cache".
    – Goto Settings->WP Super Cache and set (x) WP Super Cache Status to "ON". [Update Status].
    You’ll see bunch of warnings on this page regarding "mod rewrite" rules and ".htaccess" file. Just ignore these – we are not using Apache so WP Super Cache cannot find apache specific places to write settings. We did it for WP Super Cache already inside of ‘wordpress_params.super_cache’ – which contains "translation" of caching rules from Apache to Nginx.
    Your WP Super Cache-ed blog should be up and running now at fullest speed.
  • Make ‘wp-content’ directory a bit more secure: sudo chmod -R 755 /home/public_html/mydomain.com/public/wp-content – Goto Manage->Categories. Create few categories with subcategories.
    – Goto Write->Post – create few posts and assign them to subcategory, publish, save.
    – Access your posts – and see that they all have nice SEO-friendly URLs, thanks to custom wordpress-specific setups we included in our ‘/usr/local/nginx/sites-available/mydomain.com‘ file.
    – This also works just fine with John Godley’s excellent redirection plugin that supports flexible custom redirects with regular expressions.
  • Customize your theme and go wild!

Done!