WordPress on Synology NAS VM: https://youtu.be/LDCd1MhoOyY https://youtu.be/bybtfeSxpo0
Add Certbot Repository
sudo add-apt-repository ppa:certbot/certbot
Update Server
sudo apt update && sudo apt upgrade
Install Packages
sudo apt install curl mysql-server nginx php-curl php-fpm php-gd php-intl php-mbstring php-mysql php-soap php-xml php-xmlrpc php-zip python-certbot-nginx
Setup MySQL
sudo mysql_secure_installation
Answer Y to all
Tune MySQL for Lower Memory
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
innodb_buffer_pool_size = 20M
innodb_buffer_pool_chunk_size = 16M
innodb_buffer_pool_size = 16M
key_buffer_size = 8M
query_cache_size = 8M
skip_name_resolve
Create Nginx Config
sudo nano /etc/nginx/sites-available/example.com
server {
listen 443 ssl http2 default_server;
root /var/www/example.com;
index index.php;
server_name example.com www.example.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_types text/plain text/css text/javascript image/svg+xml image/x-icon application/javascript application/x-javascript;
}
location ~ /\.ht {
deny all;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_types text/css text/javascript application/javascript;
gzip_static on;
}
}
server {
listen 80;
return 301 https://$host$request_uri;
server_name example.com www.example.com;
return 404;
}
Activate New Nginx Config
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
Remove Default Nginx Config
sudo rm /etc/nginx/sites-enabled/default
sudo rm /etc/nginx/sites-available/default
Download Certificate
sudo certbot --nginx -d example.com -d www.example.com
Test Certbot Renew
sudo certbot renew --dry-run
Setup Certbox Cron
sudo crontab -e
10 2 * * * /usr/bin/certbot renew --quiet --pre-hook "/bin/systemctl stop nginx" --post-hook "/bin/systemctl start nginx"
Turn Off Server Identifcation
sudo nano /etc/nginx/nginx.conf
server_tokens off;
Check nginx config
sudo nginx -t
Setup Database
sudo mysql
CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'wordpressuser'@'localhost' IDENTIFIED BY 'wordpresspass';
GRANT ALL ON wordpress.* TO 'wordpressuser'@'localhost';
FLUSH PRIVILEGES;
exit;
Restart Services
sudo systemctl restart php7.2-fpm
sudo systemctl reload nginx
sudo systemctl restart mysql
Install WordPress
cd
curl -LO https://wordpress.org/latest.tar.gz
tar zxvf latest.tar.gz
cp wordpress/wp-config-sample.php wordpress/wp-config.php
sudo cp -a wordpress/. /var/www/example.com
cd
rm -fR wordpress
sudo chown -R www-data:www-data /var/www/example.com
Configure WordPress
curl -s https://api.wordpress.org/secret-key/1.1/salt/
sudo nano /var/www/example.com/wp-config.php
Replace keys and salts
update db name, user, password
Add this:
define('FS_METHOD', 'direct');
Setup Firewall
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw enable
sudo ufw status
