Adding Swap to an AWS Lightsail Ubuntu Instance (running WordPress on NGINX)

Installing WordPress on AWS Lightsail Using NGINX (including Let’s Encrypt TLS/SSL): https://youtu.be/PqIQVbErHus

Getting an A+ Rating on Qualys SSL Test for WordPress Install Running on NGINX: https://youtu.be/rvaGJV3Twr8

Check Swap Status
sudo swapon --show
Check Drive Capacity
df -h
Allocate Swap File Space on Drive
sudo fallocate -l 1G /swapfile
Change Permissions of Swap File
sudo chmod 600 /swapfile
Check Swap File Size and Permissions
ls -lh /swapfile
Make Swap File
sudo mkswap /swapfile
Enable Swap
sudo swapon /swapfile
Open fstab for Editing
sudo nano /etc/fstab
/swapfile none swap defaults 0 0
Check Swap Parameters
cat /proc/sys/vm/swappiness
cat /proc/sys/vm/vfs_cache_pressure
Change Swap Parameters
sudo sysctl vm.swappiness=10
sudo sysctl vm.vfs_cache_pressure=50
Open sysctl.conf for Editing
sudo nano /etc/sysctl.conf
vm.swappiness=10
vm.vfs_cache_pressure=50
Check Swap File
sudo swapon --show

Getting an A+ Rating on Qualys SSL Test for WordPress Install Running on NGINX

Installing WordPress on AWS Lightsail Using NGINX (including Let’s Encrypt TLS/SSL): https://youtu.be/PqIQVbErHus

Qualys SSL Labs Server Test

https://www.ssllabs.com/ssltest/

NGINX Config Changes
sudo nano /etc/nginx/nginx.conf

	ssl_protocols TLSv1.2;
	ssl_session_timeout 10m;
	ssl_session_cache shared:SSL:10m;
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
Restart Nginx
sudo systemctl restart nginx

Installing WordPress on Amazon Lightsail

WordPress on Synology NAS VM: https://youtu.be/LDCd1MhoOyY
Windows 10 SSH Client Install: https://youtu.be/bybtfeSxpo0

Add Certbot Repository
sudo add-apt-repository ppa:certbot/certbot
Update Server
sudo apt update && sudo apt upgrade
Install Packages
sudo apt install curl mysql-server nginx php-curl php-fpm php-gd php-intl php-mbstring php-mysql php-soap php-xml php-xmlrpc php-zip python-certbot-nginx
Setup MySQL
sudo mysql_secure_installation

Answer Y to all

Tune MySQL for Lower Memory
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
innodb_buffer_pool_size = 20M
innodb_buffer_pool_chunk_size = 16M
innodb_buffer_pool_size = 16M
key_buffer_size = 8M
query_cache_size = 8M
skip_name_resolve   
Create Nginx Config
sudo nano /etc/nginx/sites-available/example.com
server {
    listen 443 ssl http2  default_server;
    root /var/www/example.com;
    index index.php;
    server_name example.com www.example.com;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        gzip on;
        gzip_disable "msie6";
        gzip_vary on;
        gzip_types text/plain text/css text/javascript image/svg+xml image/x-icon application/javascript application/x-javascript;
    }

    location ~ /\.ht {
        deny all;
    }

    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt { log_not_found off; access_log off; allow all; }
    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
        expires max;
        log_not_found off;
        gzip on;
        gzip_disable "msie6";
        gzip_vary on;
        gzip_types text/css text/javascript application/javascript;
        gzip_static on;
    }
}

server {
    listen 80;
    return 301 https://$host$request_uri;
    server_name example.com www.example.com;
    return 404;
}
Activate New Nginx Config
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
Remove Default Nginx Config
sudo rm /etc/nginx/sites-enabled/default
sudo rm /etc/nginx/sites-available/default
Download Certificate
sudo certbot --nginx -d example.com -d www.example.com
Test Certbot Renew
sudo certbot renew --dry-run
Setup Certbox Cron
sudo crontab -e
10 2 * * * /usr/bin/certbot renew --quiet --pre-hook "/bin/systemctl stop nginx" --post-hook "/bin/systemctl start nginx"
Turn Off Server Identifcation
sudo nano /etc/nginx/nginx.conf
server_tokens off;
Check nginx config
sudo nginx -t
Setup Database
sudo mysql
CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
CREATE USER 'wordpressuser'@'localhost' IDENTIFIED BY 'wordpresspass';
GRANT ALL ON wordpress.* TO 'wordpressuser'@'localhost';
FLUSH PRIVILEGES;
exit;
Restart Services
sudo systemctl restart php7.2-fpm
sudo systemctl reload nginx
sudo systemctl restart mysql
Install WordPress
cd
curl -LO https://wordpress.org/latest.tar.gz
tar zxvf latest.tar.gz
cp wordpress/wp-config-sample.php wordpress/wp-config.php
sudo cp -a wordpress/. /var/www/example.com
cd
rm -fR wordpress
sudo chown -R www-data:www-data /var/www/example.com
Configure WordPress
curl -s https://api.wordpress.org/secret-key/1.1/salt/
sudo nano /var/www/example.com/wp-config.php

Replace keys and salts

update db name, user, password

Add this:

define('FS_METHOD', 'direct');
Setup Firewall
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw enable
sudo ufw status