Install Nginx Web Server
By default, the Nginx package is included in the CentOS 8 default repo. You can install it using the following command:
dnf install nginx -y
Once the Nginx server has been installed, start the Nginx service and enable it to start after the system reboot.
systemctl start nginx
systemctl enable nginx
You can also check the Nginx version using the following command:
nginx -v
Sample output:
nginx version: nginx/1.14.1
Install MariaDB Database Server
WordPress uses MySQL or MariaDB as a database backend. You can install the MariaDB database by just running the following command:
dnf install mariadb-server -y
After installing the MariaDB database, start the MariaDB service and enable it to start at system reboot:
systemctl start mariadb
systemctl enable mariadb
Next, you will need to secure the MariaDB installation and set a MariaDB root password. You can do it by running the following script:
mysql_secure_installation
You will be asked to set a root password, remove anonymous users, disallow root login remotely and remove the test database as shown below:
Enter current password for root (enter for none):
Set root password? [Y/n] Y
New password:
Re-enter new password:
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
Install PHP 8
PHP version 8 has significant performance improvements and new features so it is recommended to use PHP 8 for WordPress. By default, PHP 8 is not included in the CentOS 8 default repo. So you will need to install the EPEL and Remi PHP repository to your system.
First, install EPEL and Remi repository package with the following command:
dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
Next, disable the default PHP repository and enable the PHP Remi repository using the following command:
dnf module reset php
dnf module install php:remi-8.0 -y
Next, install PHP 8 with other necessary PHP extensions using the following command:
dnf install php php-mysqlnd php-fpm php-opcache php-curl php-json php-gd php-xml php-mbstring php-zip -y
Once the installation is completed, verify the PHP version using the following command:
php -v
Sample output:
PHP 8.0.9 (cli) (built: Jul 29 2021 12:53:58) ( NTS gcc x86_64 )
Nginx uses a PHP-FPM to process the PHP files. By default, PHP-FPM is configured to run as an Apache user. So you will need to configure it for Nginx.
nano /etc/php-fpm.d/www.conf
Change the user and group from apache to nginx as shown below:
user = nginx
group = nginx
Save and close the file then start the PHP-FPM service and enable it to start at system reboot:
systemctl start php-fpm
systemctl enable php-fpm
Step 2 - Create a Database for WordPress
Next, you will need to create a database and user for WordPress. First, log in to MariaDB shell with the following command:
mysql -u root -p
Once you are log in, create a database and user with the following command:
CREATE DATABASE wordpressdb;
CREATE USER `wordpressuser`@`localhost` IDENTIFIED BY 'wordpresssecurepassword';
Next, grant all the privileges to the WordPress database with the following command:
GRANT ALL ON wordpressdb.* TO `wordpressuser`@`localhost`;
Next, flush the privileges and exit from the MariaDB shell with the following command:
FLUSH PRIVILEGES;
EXIT;
Step 3 - Download WordPress
It is always recommended to download the latest version of WordPress from its official website. You can download it inside the Nginx default root directory using the following command:
cd /var/www/html
wget https://wordpress.org/latest.tar.gz
Once the download is completed, extract the downloaded file with the following command:
tar -xvzf latest.tar.gz
Next, rename the extracted directory with yourdomain name.
mv wordpress bear.cloud
Next, change the ownership of yourdomain.com directory to nginx:
chown -R nginx:nginx /var/www/html/bears.cloud
Step 4 - Create Nginx Virtual Host for WordPress
Next, you will need to create a separate Nginx virtual host configuration file to serve the WordPress website.
nano /etc/nginx/conf.d/yourdomain.conf
Add the following lines:
server {
listen 80;
server_name bear.cloud www.bear.cloud;
root /var/www/html/yourdomain.com;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_certificate /etc/nginx/certificate/nginx-certificate.crt;
ssl_certificate_key /etc/nginx/certificate/nginx.key;
root /var/www/html/bear.cloud
;
index index.html index.htm index.nginx-debian.html;
server_name _bear.cloud www.bear.cloud;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
Save and close the file then run the following command to verify the Nginx for any syntax error.
nginx -t
Sample output:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Finally, reload the Nginx service to apply the configuration changes:
systemctl restart nginx
Step 5 - Configure SELinux and Firewall
By default, SELinux is enabled on CentOS 8 server. It is always recommended to disable the SELinux. To disable the SELinux, edit the /etc/selinux/config file:
nano /etc/selinux/config
Change the following line:
SELINUX=disabled
Save and close the file then restart your system to apply the changes.
Next, you will also need to allow HTTP and HTTPS service through the firewall. You can allow them by running the following command:
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
Next, reload the firewall daemon to apply the changes:
firewall-cmd --reload
Step 6 - Enable HTTPS for WordPress
Let’s Encrypt is a non profit certificate authority that provides a free SSL certificate to create a more secure and privacy respecting Web.
To download the Let’s Encrypt server SSL and implement it on your website, you will need to install the Certbot client package on your server.
Run the following command to install the Certbot client package for Nginx:
dnf install certbot python3-certbot-nginx -y
Once the Certbot package is installed, run the following command to enable the SSL on your WordPress website.
certbot --nginx --agree-tos --redirect --hsts --uir --staple-ocsp --email wordpress@bears.cloud -d bears.cloud,www.bears.cloud
This command will download the Let’s Encrypt SSL and configure your Nginx virtual host configuration file to use those SSL certificates.
Next, you will need to set up a cron job to renew the Let’s Encrypt certificate automatically. To do so edit the cron job with the following command:
crontab -e
Add the following line:
@daily certbot renew --quiet && systemctl reload apache2
Save and close the file when you are finished.