install wordpress nginx php-fpm

Install and Manage WordPress with Nginx and PHP-FPM on AWS EC2 Micro Instance

Table of Contents

Servers that are managed are sluggish. They use old PHP versions on old Apache versions, and they become slow with the sudden influx of traffic. In this tutorial, I'll take you through the process of creating a server and install wordpress nginx php-fpm that can withstand heavy traffic. This ensures that your company is visible online when it matters most—when everyone is looking.

In this post, we'll go through the steps of developing a bulletproof, super-fast custom web server for WordPress and the easy way to manage it by using the WordOps package. Ubuntu, Nginx, PHP-FPM, and MySQL would be our technology stack.

This guide assumes that you're familiar with the command line and editing system configuration files. It's for people who want a lot of influence over and information about their infrastructure. If you don't Google at any point, it will take about half an hour.

What is AWS?

AWS (Amazon Web Services) is a cloud hosting service that provides everything you need to run a WordPress blog. With a few variations, this is similar to a web hosting company service:

  • You have a lot of leverage over the infrastructure. You can, for example, change your php.ini file and set up a load balancer to spread load across several application servers.
  • Provisioning and resizing server resources are easy. Is it appropriate to increase the RAM on a server from 1GB to 30GB? It's not a problem.
  • You just have to pay for what you need. Don't lock yourself into a high-priced plan with additional services you might or may not need.

Creating and AWS account

Create an Amazon Web Services (AWS) account. A year of free AWS usage to a basic set of server resources is included in the Free Pricing Tier.

Logging into the AWS console

Access the AWS console, which is a browser-based administrative system for Amazon Web Services.

Create an IAM user account

The AWS programme IAM (Identity and Access Management) handles user access to other services and server resources.

If you use your main Amazon account to log into the AWS web console, you're in root user mode, which is good for our purposes.

We'll create an IAM user instead of using the root user's credentials to use the AWS command-line interface in this tutorial.

To access the IAM dashboard, go to the Administration & Security section of the AWS Console homepage and click Identity & Access Management.

Click Users to see a list of all the AWS account's registered IAM users, which should be empty. Create a user account for yourself and download the access key information by clicking Create New Users. To authenticate your device with AWS, you'll need access key credentials.

A collection of permissions is specified by an IAM Community. Users are allocated to classes, which gives them access to certain services.

While still in the IAM console, go to Groups to see a list of all the AWS account's registered IAM Groups, which should all be empty. Build a new “Administrators” IAM Community. Attach the AdministratorAccess policy to the community, which gives all resources full access.

Add your user account to the “Administrators” section in the Users list.

Install and configure the AWS command-line interface

The AWS command line interface (CLI) is a single tool for controlling services from the terminal on your device. The web console or the command line can be used to perform most AWS management tasks (for example, creating a new EC2 instance). Choosing one to use for any given task will be decided by your workflow preferences.

For your computer's terminal, instal the AWS command line interface.

Run aws configure with the access key credentials for the IAM user you just built. This helps you to log in to your computer using the user account.

During this setup, choose a default AWS zone. AWS regions are a list of data centres around the world where you can host services. Your default is most likely “us-west-2”; check the area dropdown in the web console's menu bar to confirm.

Creating an EC2 Key Pair

A cryptographic public and private key pair called an EC2 key pair is required to authorise ssh access to an EC2 case. An IAM consumer is associated with a key pair. A private key matching a public key associated with the instance exists on your device to authorise access to an EC instance.

Create the folder /.ssh if it does not already exist on your computer. The location of the ssh credential files.

mkdir ~/.ssh

Using the AWS CLI, build a key pair. Replace KEY NAME with the name of the key and the position of the private key register. “Aws-wp” was the name I gave to mine.

aws ec2 create-key-pair --key-name {{KEY_NAME}} --query 'KeyMaterial' --output text > ~/.ssh/{{KEY_NAME}}.pem

In the /.ssh directory, a new private key file is created.

Change the private key's file permissions so that only your user can read it.

chmod 400 ~/.ssh/{{KEY_NAME}}.pem

Creating an EC2 instance

EC2 (Elastic Compute Cloud) is a service for managing EC2 instances, which are generic-purpose virtual machines. We'll set up an EC2 instance to act as the web server install wordpress nginx php-fpm.

To access the EC2 console, go to the AWS console homepage and press EC2. To see a list of all EC2 instances for the account, select Instances, which should be empty.

Pick Launch Instance from the drop-down menu.

We need to select a disc image to launch an operating system onto the instance in “Step 1: Choose an AMI.” Choose the “Ubuntu 20.04 AMI” option.

Select “t2.micro” in “Step 2: Choose Instance Form.”

Using the defaults, proceed through the wizard.

Develop a new Security Group called “WordPressApplicationServer” in “Step 6: Configure Security Group.” A Protection Group is a form of firewall that controls traffic to and from a specific instance. Add a rule to allow SSH access, and only allow access from your IP address in the Source column. Build a rule that allows HTTP access from any venue. Build a rule that allows HTTPS access from any venue.

Check the instance before launching it. When prompted, select the previously generated key pair to grant access to the case. It will take a few moments to boot up. To check the state of the instance list table, go back to it.

SSH into the EC2 instance

To open an information window, select the newly launched instance in the instance list table. Login via ssh in a terminal using the Public DNS (i.e. the hostname) mentioned here.

ssh ec2-user@{{INSTANCE_PUBLIC_HOSTNAME}} -i ~/.ssh/{{PRIVATE_KEY_FILE_NAME}}

“ec2-user” is the default device user account for Amazon Linux, and it has sudo access.

Updating the system

Update any device packages in the distribution that might be out of date.

sudo apt-get update

Download WordPress on the server

The site's directory root, from which Nginx will serve files, will be located /var/www/{{SITE_DOMAIN}}.com/htdocs here. Make a folder for it using this command

sudo mkdir -p /var/www/{{SITE_DOMAIN}}.com/htdocs

Download the latest stable WordPress version into this folder.

cd /var/www/{{SITE_DOMAIN}}.com/htdocs 
sudo wget https://wordpress.org/latest.tar.gz 
sudo tar zxf latest.tar.gz 
cd wordpress 
sudo cp -rpf * ../ 
cd ../ 
sudo rm -rf wordpress/ latest.tar.gz

Installing WordOps package

We are going to use the WordOps package to manage all the behind technicalities of our WordPress website. I selected this package as its lightweight, well-maintained and easy to update.

It's both easy to install and unistall different versions of PHP version with WordOps and also much easier to update nginx and php. This is the best way in my recommendation to install wordpress nginx php-fpm on any server.

One step installation of WordOps

WordOps comes with an easy to install command which installs the required dependencies, before setting-up WordOps. It can be installed with the following command:

wget -qO wo wops.cc && sudo bash wo

you can check the wo installation by this command

wo info

This should return the details of WordOps installation on the system.

Now, if you look at the WordOps package, it comes with a defualt installation command to install WordPress package as well. But in my practice, I have found that to install WordPress nginx PHP-FPM website this way decreases the performance with the increase of traffic. I might be wrong too but so far most of the cases have been this way for me.

So we will be installing just Nginx and PHP7.4 and maintaining them with the WordOps package.

Installing Nginx and PHP7.4-FPM

First, lets install Nginx using the command:

wo stack install --nginx

This installs the latest version of nginx

Now, we will install PHP7.4-FPM stack with this command:

wo stack install --php74

Just these two commands will install the two major aspects of the WordPress website on our AWS EC2 instance.

There are other packages like phpmyadmin, redis, etc.. which can also be installed with WordOps which can be checked here.

Since we are using only the t2.micro instance of AWS EC2, we will try to keep this installation as minimal as possible.

Optimizing PHP7.4-FPM

As we are on t2.micro instance now, we need to change the default configuration of PHP-FPM. This can be done in the www.conf file.

sudo nano /etc/php/7.4/fpm/pool.d/www.conf

and put the respective values as shown below:

pm.max_children = 3
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 2

Rest everything comes already optimized with WordOps, so you dont have to worry about other details.

Setting up and optimizing Nginx


Nginx
 is a high-performance web server and reverse proxy. We have already installed it in our previous steps. Now its time to set its configurations right.

Create the Nginx configuration file for your domain:

sudo nano /etc/nginx/sites-available/{{SITE_DOMAIN}}.com

Input or copy these configurations in your newly created Nginx configuration file above:

server {
   listen [::]:80;
   listen 80;
 server_name starwheeler.com;
 # Include defaults for allowed SSL/TLS protocols and handshake caches.
   #include h5bp/directive-only/ssl.conf;
 # config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security
   # to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping
   #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
 #ssl_certificate_key /etc/sslmate/{{SITE_DOMAIN}}.com.key;
   #ssl_certificate /etc/sslmate/{{SITE_DOMAIN}}.com.chained.crt;
 # Path for static files
   root /var/www/starwheeler.com/htdocs;
 #Specify a charset
   charset utf-8;
 # Include the basic h5bp config set
   #include h5bp/basic.conf;
 location / {
     index index.php;
     try_files $uri $uri/ /index.php?$args;
   location ~ .php$ {
     fastcgi_cache  WORDPRESS;
     fastcgi_cache_key $scheme$host$request_method$request_uri;
     fastcgi_cache_valid 200 304 10m;
     fastcgi_cache_use_stale updating;
     fastcgi_max_temp_file_size 1M;
     fastcgi_pass   unix:/var/run/php/php74-fpm.sock;
     fastcgi_index  index.php;
     fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
     include        fastcgi_params;
 
# Local variables to track whether to serve a microcached page or not. 
set $no_cache_set 0; 
set $no_cache_get 0; 

# If a request comes in with a X-Nginx-Cache-Purge: 1 header, do not grab from cache 
# But note that we will still store to cache 
# We use this to proactively update items in the cache! 
if ( $http_x_nginx_cache_purge ) {   
set $no_cache_get 1; 
} 
# If the user has a user logged-in cookie, circumvent the microcache. 
if ( $http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) {   
set $no_cache_set 1;   set $no_cache_get 1; 
} 

# fastcgi_no_cache means "Do not store this proxy response in the cache" 
fastcgi_no_cache $no_cache_set; 
# fastcgi_cache_bypass means "Do not look in the cache for this request" 
fastcgi_cache_bypass $no_cache_get;
 }
 }
 }

To enable the site, symlink the configuration into the sites-enabled directory:

sudo ln -s /etc/nginx/sites-available/{{SITE_DOMAIN}}.com /etc/nginx/sites-enabled/{{SITE_DOMAIN}}.com

Testing the Nginx configuration before reloading:

sudo nginx -t

If the configurations passes, reload the stack by using the WordOps reload command:

sudo wo stack reload

Your website like RockinWordPress should be visible at {{SITE_DOMAIN}}.com now.

If any errors found, always check the logs:

tail -f /var/log/nginx/error.log

Final Words

I have tried to install the minimal stack to install WordPress Nginx PHP-FPM. This helps you to use fewer resources possible on a very small server like AWS EC2 “t2.micro” instances. You can always check the resources by using top command.

This same install can also be installed with Redis caching and WP-Rocket caching but I have found them resource hogging. So my recommendation is to use WP-Rocket plugin seperate manually inside the wordpress admin.

I have also not installed Letsencrypt SSL certificate for ease of this install as the SSL can be enabled from cloudflare and used on your website. Though, its not the recommended way, I have avoided in this tutorial to keep things simple and easy.

The MYSQL part is suggested to go with the setup on Amazon RDS which will further reduce the load on your server.

Hope this post helps you. If any questions, do comment below.

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: