nginx

  • Old permalink: https://wbxpress.net/2011/03/a-long-post-url.html

    New permalink: https://wbxpress.net/a-long-post-url/

    Add the following into the virtual host configuration file.

    rewrite "/([0-9]{4})/([0-9]{2})/(.*).html" https://wbxpress.net/$3 permanent;
  • ssh root@192.12.345.67
    
    apt-get update
    
    apt-get upgrade
    
    dpkg-reconfigure tzdata
    
    date
    
    hostnamectl set-hostname classic
    
    nano /etc/hosts
    
    	192.12.345.67	classic
    	2400:8904::f03c:92ff:fe6a:58cd/64	classic
    
    hostname
    
    adduser admin
    
    adduser admin sudo
    
    exit
    
    ssh-keygen -b 4096
    
    ssh-copy-id admin@192.12.345.67
    
    ssh admin@192.12.345.67
    
    sudo nano /etc/ssh/sshd_config
    
    	PermitRootLogin no
    	PasswordAuthentication no
    
    sudo service ssh restart
    
    sudo ufw app list
    
    sudo ufw allow OpenSSH
    
    sudo ufw enable
    
    sudo ufw status
    
    sudo apt install nginx
    
    sudo systemctl start nginx
    sudo systemctl enable nginx
    
    sudo nano /etc/nginx/nginx.conf
    
    	server_names_hash_bucket_size 128;
    	client_max_body_size 100m;
    	server_tokens off;
    
    
    sudo ufw app list
    sudo ufw allow 'Nginx Full'
    sudo ufw enable
    sudo ufw status
    
    sudo apt install mariadb-server
    
    sudo systemctl start mariadb
    sudo systemctl enable mariadb
    
    sudo mysql_secure_installation
    
    sudo apt install php-fpm php-mysql php-curl php-gd php-intl php-soap php-mbstring php-zip php-imagick php-xml php-xmlrpc
    
    sudo sed -i 's/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g' /etc/php/7.4/fpm/php.ini
    
    sudo nano /etc/php/7.4/fpm/php.ini
    
    	post_max_size = 100M
    	upload_max_filesize = 100M
    
    sudo service php7.4-fpm restart
    sudo service nginx restart
    
    sudo mkdir -p /var/www
    sudo rm -rf /var/www/html
    sudo wget https://wordpress.org/latest.zip
    sudo apt install unzip
    sudo unzip latest.zip
    sudo cp -R wordpress/* /var/www/
    sudo rm latest.zip
    sudo rm -rf wordpress
    
    sudo mysqldump -u root wbxpress > wbxpress.sql
    
    sudo scp -v -r admin@192.46.212.51:/home/admin/wbxpress.sql /home/admin/
    sudo scp -v -r admin@192.46.212.51:/var/www/wp-config.php /var/www/
    sudo scp -v -r admin@192.46.212.51:/var/www/ads.txt /var/www/
    sudo scp -v -r admin@192.46.212.51:/var/www/wp-content/* /var/www/wp-content/
    
    sudo chown -R www-data:www-data /var/www
    sudo find /var/www -type d -exec chmod 755 {} \;
    sudo find /var/www -type f -exec chmod 664 {} \;
    sudo chmod 444 /var/www/wp-config.php
    sudo chown admin:admin /var/www/wp-config.php
    
    sudo nano /etc/nginx/sites-available/default
    
    sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/wbxpress.net.conf
    
    sudo nano /etc/nginx/sites-available/wbxpress.net.conf
    
    	location / { try_files $uri $uri/ /index.php$is_args$args; }
    	location ~ \.php$ { include snippets/fastcgi-php.conf;
    	fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; }
    
    
    sudo ln -s /etc/nginx/sites-available/wbxpress.net.conf /etc/nginx/sites-enabled/
    
    sudo rm /etc/nginx/sites-enabled/default
    
    sudo service nginx restart
    
    sudo mysql -u root
    
    show databases;
    
    CREATE DATABASE wbxpress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
    GRANT ALL ON wbxpress.* TO 'wbUser1'@'localhost' IDENTIFIED BY 'wbPass2';
    flush privileges;
    
    
    
    sudo mysql -u root wbxpress < wbxpress.sql
    
    sudo nano /var/www/wp-config.php
    
    sudo apt install certbot python3-certbot-nginx
    
    sudo certbot --nginx -d wbxpress.net -d www.wbxpress.net
    
    sudo crontab -e
    
    	15 3 * * * /usr/bin/certbot renew --quiet
    
  • Host Multiple Sites with SSL in Ubuntu 20.04

    ·

    Prerequisite

    A VPS account which starts from $5 per month from any reputed company. (We prefer Linode)

    You can host as many websites you like in this account.

    We will show only the commands necessary for hosting website. We will also show how to use https i.e. SSL for the websites. Your website can be of any type. We are showing WordPress installation although the commands are almost same.

    Technology Used

    OS: Ubuntu 20.04
    Web Server: NginX
    Database: MariaDB
    PHP: PHP FPM 7.4
    Application: WordPress
    SSL: Lets’ Encrypt

    1. Install Ubuntu 20.04 LTS

    From the dash board of VPS the first thing is to install an operating system. We use Ubuntu 20.04 LTS. Set Root password.

    2. Access Root

    From the dashboard Copy the IP address of your VPS. From your own computer Run Putty to login as root user to the IP address.

    3. Set Timezone

    Execute:

    dpkg-reconfigure tzdata

    Check with:

    date

    It will show you exact current date and time.

    4. Create a Non-Root User

    Execute:

    adduser admin
    usermod -aG sudo admin

    Now logout from root account. Run putty again and login as admin.

    5. System Update

    sudo apt update
    sudo apt upgrade

    6. Secure with SSH Key Pair

    Open puTTYgen from your own computer. Generate a Public/ Private key pair. Save Private key in your PC.

    Copy Public key. Login to the VPS using Putty as admin.

    mkdir .ssh
    sudo nano .ssh/authorized_keys

    Paste the copied public key into this file.
    Save and Exit.

    sudo chown -R admin:admin .ssh
    sudo chmod 700 .ssh
    sudo chmod 600 .ssh/authorized_keys

    7. Disable root login

    sudo nano /etc/ssh/sshd_config

    Set:PasswordAuthentication no
    PermitRootLogin no

    Restart SSH

    sudo service ssh restart

    Now you can not login with root account or using password. You only need to the private key to login. This is a great way to secure the server.

    8. Setup a Firewall

    sudo ufw app list

    Output:
    Available applications:
    OpenSSH

    sudo ufw allow OpenSSH
    sudo ufw enable
    sudo ufw status

    Output:
    Status: active

    9. Install Nginx

    sudo apt install nginx
    sudo systemctl start nginx
    sudo systemctl enable nginx
    sudo nano /etc/nginx/nginx.conf

    Set: server_names_hash_bucket_size 128;
    Add: client_max_body_size 100m;
    Set: server_tokens off;

    If you would like to also install SSL, then also add:

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    Save and Exit.

    sudo ufw app list
    sudo ufw allow 'Nginx Full'
    sudo ufw enable
    sudo ufw status

    10. Install MariaDB

    sudo apt install mariadb-server
    sudo systemctl start mariadb
    sudo systemctl enable mariadb
    sudo mysql_secure_installation

    11. Install PHP-FPM

    sudo apt install php-fpm php-mysql php-curl php-gd php-intl php-mbstring php-soap php-xml php-xmlrpc php-zip php-bcmath php-imagick
    sudo systemctl restart php7.4-fpm
    sudo nano /etc/php/7.4/fpm/php.ini

    Set: post_max_size = 100M
    upload_max_filesize = 100M

    sudo service php7.4-fpm restart
    sudo service nginx restart

    12. Create directory for Websites

    sudo mkdir -p /var/www/website1
    sudo mkdir -p /var/www/website2

    etc.
    If you are installing a fresh WordPress site then:-

    sudo wget https://wordpress.org/latest.zip
    sudo apt install unzip
    sudo unzip latest.zip
    sudo cp -R wordpress/* /var/www/website1/
    sudo rm latest.zip
    sudo rm -rf wordpress

    If you are transferring existing website from other host to the new host the:-

    sudo scp -v -r admin@172.105.43.12:/var/www/oldhost/* /var/www/website1/

    Replace the IP address of your old host. Take similar action for website2.

    13. Set Proper File Permission

    sudo chown -R www-data:www-data /var/www/website1
    sudo find /var/www/website1 -type d -exec chmod 775 {} \;
    sudo find /var/www/website1 -type f -exec chmod 664 {} \;

    Similar action for website2.

    14. Create Virtual Hosts

    sudo rm /etc/nginx/sites-enabled/default
    sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/website1.com
    sudo cp /etc/nginx/sites-available/default
    sudo nano /etc/nginx/sites-available/website1.com

    Remove all except the following lines:-

    server {
    	root /var/www/website1;
    	index index.php index.html index.htm;
    	server_name website1.com www.website1.com;
    
    	location / {
    		try_files $uri $uri/ /index.php$is_args$args;
    	}
    
    	location ~ \.php$ {
    		include snippets/fastcgi-php.conf;
    		fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    	}
    
    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
    	expires max;
    	log_not_found off;
    }
    }
    

    Similarly, for second website create another virtual host.

    sudo cp /etc/nginx/sites-available/website1 /etc/nginx/sites-available/website2.com
    sudo nano /etc/nginx/sites-available/website2.com

    Change to:

    server {
    	root /var/www/website2;
    	index index.php index.html index.htm;
    	server_name website2.com www.website2.com;
    
    	location / {
    		try_files $uri $uri/ /index.php?args;
    	}
    
    	location ~ \.php$ {
    		include snippets/fastcgi-php.conf;
    		fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    	}
    
    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
    	expires max;
    	log_not_found off;
    }
    }
    

    15. Enable Virtual Hosts

    sudo ln -s /etc/nginx/sites-available/website1.com /etc/nginx/sites-enabled
    sudo ln -s /etc/nginx/sites-available/website2.com /etc/nginx/sites-enabled
    sudo service nginx restart

    16. Create Database

    CREATE DATABASE website1 DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
    GRANT ALL ON website1.* TO 'wp1User'@'localhost' IDENTIFIED BY 'wp1Pass';
    
    CREATE DATABASE website2 DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
    GRANT ALL ON website2.* TO 'wp2User'@'localhost' IDENTIFIED BY 'wp2Pass';
    

    If you are transferring your site from old host create a database backup from old host:

    sudo mysqldump -u root olddbsite1 > olddbsite1.sql
    

    Then copy the back up file to new host.

    sudo scp -v -r admin@172.105.43.12:/home/admin/olddbsite1.sql /home/admin/
    

    17. Update DNS Settings

    Set DNS of all the domains point to the correct IP address. You need to add A/AAAA records pointing to the IP address of the VPS.

    18. Test Run Websites

    Now that your site has both filesystem and database it should be viewable at this point. So try hitting the browser:-

    http://website1.com/

    Congrats, your website1 is live now. Now, we shall install SSL so that the site can be accessed securely as follows:-

    http://website1.com/

    19. Create SSL Certificates

    sudo apt update
    sudo apt upgrade
    sudo apt install certbot python3-certbot-nginx
    sudo certbot --nginx -d website1.com -d www.website1.com
    sudo certbot --nginx -d website2.com -d www.website2.com

    You can check all existing SSL certificates.

    sudo ls /etc/letsencrypt/live

    To delete any Execute:

    sudo certbot delete

    20. Automatic Renewal of SSL Certificates

    Execute:

    sudo crontab -e

    Add At the end:

    15 3 * * * /usr/bin/certbot renew --quiet

    That’s it. Hope you have successfully host websites in your own VPS. If you still have any query, you are free to ask. We surely get back to reply.

  • Redirect AMP url to Non-AMP url in Nginx

    ·

    AMP (Accelerated Mobile Pages) can be used for any site to load the content faster. We have shared a tutorial: How to Enable AMP in WordPress site. If you no longer wish to use the AMP functionality you can disable it. But there are many posts which have already been indexed by google search engine as AMP version will no longer work resulting a 404 error or “Page Not found” error. To solve the problem all you need is to redirect all those links to a non-amp version.

    Add the following code inside virtual server block in nginx:-

    location ~ /amp/$ {
    rewrite ^(.*/)amp/$ $1 permanent;
    }

    The above will redirect all urls having /amp/ at the end to the non amp version of the url e.g.

    https://wbxpress.net/display-post-modified-date-genesis-theme/amp/

    will be redirected to

    https://wbxpress.net/display-post-modified-date-genesis-theme/

    That’s it. Now your site will be free from 404 error.

  • Earlier we used to cache our wordpress sites using PHP-FPM technology. We have a tutorial for this: FastCGI Caching with Nginx on VPS for WordPress

    Now, we cache our sites in a simpler and better method. We use a wordpress plugin named Simple Cache. And we shall order Nginx server to serve the cached content bypassing the database query and PHP. Here are the steps:

    Step 1. Install and Activate the plugin Simple Cache.

    Step 2: Add the following into wp-config.php if the plugin can’t do it for you.

    define('WP_CACHE', TRUE);

    Step 3: Edit virtual host file. e.g.

    sudo nano /etc/nginx/sites-available/wbxpress.conf

    Replace the following line inside location / block:

    try_files $uri $uri/ /index.php?$args;

    By

    try_files "wp-content/cache/simple-cache/${http_host}${request_uri}index.html" $uri $uri/ /index.php?$args;

    Restart nginx server using the command.

    sudo service nginx restart;

    Step 4: Now turn on the caching.

    Turn On Caching

    That’s it. Now you have a fast loading site.

    before caching
    after caching
  • Install a Porkbun SSL on NGINX for WordPress

    ·

    Let’s Encrypt is a free SSL provider. Porkbun is very good domain registrar. We can download free SSL from porkbun dashboard. All we need is to upload it into our VPS server and need to add the path of the certificates into virtual host file.

    Download SSL from porkbun.
    You shall get a ZIP file containing the following 4 files:-

    1. domain.cert.pem
    2. intermediate.cert.pem
    3. private.key.pem
    4. public.key.pem

    Now Upload file no. 1 and 3 only (i.e. domain.cert.pem and private.key.pem) into your VPS home folder (i.e. /home/admin/).

    Create a Virtual Host for your domain (for example: wbxpress.net) as shown below:

    sudo nano /etc/nginx/sites-available/wbxpress.net.conf
    server {
    	server_name    wbxpress.com www.wbxpress.net;
    	root           /var/www/wbxpress;
    	index          index.html index.php;
    
    	location / {
    	  try_files $uri $uri/ /index.php?$args;
    	}
    
    	location ~* \.php$ {
    	  fastcgi_pass unix:/run/php/php7.2-fpm.sock;
    	  include         fastcgi_params;
    	  fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
    	  fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
    	}
    
    	listen 443 ssl http2;
    	listen [::]:443 ssl http2;
    	
    	ssl_certificate /home/admin/domain.cert.pem;
    	ssl_certificate_key /home/admin/private.key.pem;	
    }
    server {
    	if ($host = www.wbxpress.net) {
    	return 301 https://wbxpress.net$request_uri;
    	}
    	if ($host = wbxpress.net) {
    	return 301 https://wbxpress.net$request_uri;
    	}
    	listen 80;
    	listen [::]:80;
    	server_name wbxpress.net www.wbxpress.net;
    	return 404;
    }
    

    Also, we need to replace SSL settings as found from SSL Config File Generator at nginx.conf file.

    sudo nano /etc/nginx/nginx.conf
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    ssl_prefer_server_ciphers on;
    

    The above configuration works perfectly well in our case.