Students and new users who want to setup a new WordPress website with Nginx HTTP server and use Cloudflare for CDN and SSL protection, the steps below should help them get there.
This brief tutorial will show students and new user a step by step guide on how to setup WordPress websites and use Cloudflare’s CDN, free SSL and security features to help improve their website performance and protect their sites against malicious actors.
This setup might take a while to complete and the process below should work on other websites as well. It doesn’t have to be WordPress. This setup should work on other CMSs and plain HTML sites out of the box.
When you’re ready to setup your server and Cloudflare to use Origin Certificate, follow the steps below:
How to sign up for Cloudflare
The first step in this tutorial is to sign up for Cloudflare account. This post assumes that you already have registered a domain name. If you don’t, then go and get one before continuing further.
If you already have a Cloudflare account, then skip the registration below.
Type in your email address and click Create Account.
Once the account is created and you’ve verified your email address and logged back into Cloudflare account, click the button or link (Add a Site) to add a site to your account.
Next, type in the domain name you have registered. Cloudflare service will help speed up and protect the site you add.
Next, Cloudflare will begin to query your domain DNS provider for the records in the DNS table. If the domain is online, Cloudflare should find it and import the records into its DNS systems.
After that, select the plan you want to use for the site. For this tutorial, we’re going to be using Cloudflare free plan.
When you’re done, you should see two nameservers provided to you by Cloudflare. What you need to do is logon to your domain provider’s portal. where you have your domain, and replace the nameservers with the ones Cloudflare gives you.
For example, our example.com site is hosted with Google Domains. Logon to your Google Domains account and select to use custom nameservers.
You’ll have to option to enter the nameservers provided to you by Cloudflare. Save your changes when you’re done.
Once you’ve saved your custom nameservers changes, go back to your Cloudflare account and wait for Cloudflare to see the changes. Depending on your domain provider, it make take up to an hour for the DNS changes to be visible on Cloudflare.
Once all is ready, you’ll see your site status as Active.
When everything is done, you should also see your Cloudflare account with DNS entries as shown below. Your DNS records might have more entries then the two below. These two entries are the most important for running your website.
After that, click on Crypto tab and choose to enable Full (strict) SSL. This should turn on SSL for the site.
While still on Crypto tab, scroll down to Origin Certificates. Then click the button to create certificate.
Use the free TLS certificate signed by Cloudflare to install on your origin server. Origin Certificates are only valid for encryption between Cloudflare and your origin server.
Next, choose to Let Cloudflare generate a private key and a CSR for the domain. Click Next.
Then copy a paste these into a text file on onto your server.
On Ubuntu, run the commands below to create the Private key, Certificate and Origin pull files (3 files in total). Copy and paste each content into the respective file. and save.
For the Private key file. run this, then copy and paste the private key given to you into the file and save.
sudo nano /etc/ssl/private/cloudflare_key_example.com.pem
For the certificate file, run this and copy and paste the certificate content into the file and save.
sudo nano /etc/ssl/certs/cloudflare_example.com.pem
You’ll also want to download Cloudflare Origin Pull certificate. You can download that from the link below:
Set up authenticated origin pulls · Cloudflare SSL docs
Zone-Level — Cloudflare certificate
Under Zone-level certificate, expand the certificate button, the copy its content.
Next, run the commands below to create a origin-pull-ca.pem file, then paste the certificate content into the file below and save.
sudo nano /etc/ssl/certs/origin-pull-ca.pem
Once done, you should have three files. The cloudflare_key_example.com.pem, cloudflare_example.com.pem and origin-pull-ca.pem.
We will use these file in Nginx config below
After saving the key, certificate and origin pull certificates files. Continue below.
Still on the Crypto page in your Cloudflare account, enable Always use HTTPS and you may also change settings for HSTS but not necessary.
Next, turn on Authenticated Origin Pulls and Opportunistic Encryption, and continue.
Then, turn on Automatic HTTPS Rewrites and continue.
Next, move to the Page Rules tab. then create a new rule for the site. then type URL and choose Always Use HTTPS
example.com/*
Alwyas Use HTTPS
Save your settings and you’re done with setting up Cloudflare.
How to Install and Configure WordPress
Now that Cloudflare is configure, logon to your server and configure WordPress. First install Nginx HTTP server since we’re using Nginx for this post. To install Nginx server, run the commands below:
sudo apt update sudo apt install nginx
After installing Nginx, the commands below can be used to stop, start and enable Nginx service to always start up with the server boots.
sudo systemctl stop nginx.service sudo systemctl start nginx.service sudo systemctl enable nginx.service
Now that Nginx is installed. to test whether the web server is working, open your browser and browse to the URL below.
If you see the page above, then Nginx is successfully installed.
How to Install MariaDB Database Server
WordPress also requires a database server to store its content. If you’re looking for a truly open source database server, then MariaDB is a great place to start. To install MariaDB run the commands below:
sudo apt-get install mariadb-server mariadb-client
After installing MariaDB, the commands below can be used to stop, start and enable MariaDB service to always start up when the server boots.
Run these on Ubuntu 16.04 LTS
sudo systemctl stop mysql.service sudo systemctl start mysql.service sudo systemctl enable mysql.service
Run these on Ubuntu 19.04 and 18.04 LTS
sudo systemctl stop mariadb.service sudo systemctl start mariadb.service sudo systemctl enable mariadb.service
Next, run the commands below to secure the database server with a root password if you were not prompted to do so during the installation.
sudo mysql_secure_installation
When prompted, answer the questions below by following the guide.
- Enter current password for root (enter for none): Just press the Enter
- Set root password? [Y/n]: Y
- New password: Enter password
- Re-enter new password: Repeat password
- Remove anonymous users? [Y/n]: Y
- Disallow root login remotely? [Y/n]: Y
- Remove test database and access to it? [Y/n]: Y
- Reload privilege tables now? [Y/n]: Y
Now that MariaDB is installed, to test whether the database server was successfully installed, run the commands below.
sudo mysql -u root -p
type the root password when prompted.
If you see a similar screen as shown above, then the server was successfully installed.
How to Install PHP 7.2-FPM and Related Modules
WordPress CMS is a PHP based CMS and PHP is required. However, PHP 7.2-FPM may not be available in Ubuntu default repositories. To run PHP 7.2-FPM on Ubuntu 16.04 and previous, you may need to run the commands below:
sudo apt-get install software-properties-common sudo add-apt-repository ppa:ondrej/php
Then update and upgrade to PHP 7.2-FPM
sudo apt update
Next, run the commands below to install PHP 7.2-FPM and related modules.
sudo apt install php7.2-fpm php7.2-common php7.2-mysql php7.2-gmp php7.2-curl php7.2-intl php7.2-mbstring php7.2-xmlrpc php7.2-gd php7.2-xml php7.2-cli php7.2-zip
After installing PHP 7.2, run the commands below to open PHP default configuration file for Nginx.
sudo nano /etc/php/7.2/fpm/php.ini
The lines below is a good settings for most PHP based CMS. Update the configuration file with these and save.
file_uploads = On allow_url_fopen = On short_open_tag = On memory_limit = 256M cgi.fix_pathinfo = 0 upload_max_filesize = 100M max_execution_time = 360 date.timezone = America/Chicago
Everytime you make changes to PHP configuration file, you should also restart Nginx web server. To do so, run the commands below:
sudo systemctl restart nginx.service
Now that PHP is installed, to test whether it’s functioning, create a test file called phpinfo.php in Nginx default root directory. ( /var/www/html/)
sudo nano /var/www/html/phpinfo.php
Then type the content below and save the file.
<?php phpinfo( ); ?>
Next, open your browser and browse to the server’s hostname or IP address followed by phpinfo.php
You should see PHP default test page.
How to Create WordPress Database
Now that you’ve installed all the packages that are required for WordPress to function, continue below to start configuring the servers. First run the commands below to create a blank WordPress database.
To logon to MariaDB database server, run the commands below.
sudo mysql -u root -p
Then create a database called wpdatabase
CREATE DATABASE wpdatabase;
Create a database user called wpuser with a new password
CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'new_password_here';
Then grant the user full access to the database.
GRANT ALL ON wpdatabase.* TO 'wpuser'@'localhost' IDENTIFIED BY 'user_password_here' WITH GRANT OPTION;
Finally, save your changes and exit.
FLUSH PRIVILEGES; EXIT;
How to Download WordPress Latest Release
To get WordPress latest release you will need to go to its official download page and get it from there. The link below is where to find WordPress latest archive versions.
cd /tmp wget tar -xvzf latest.tar.gz sudo mv wordpress /var/www/html/example.com
Then run the commands below to set the correct permissions for WordPress root directory and give Nginx control.
sudo chown -R www-data:www-data /var/www/html/example.com/ sudo chmod -R 755 /var/www/html/example.com/
How to Configure Nginx for WordPress
Finally, configure Apahce2 site configuration file for WordPress. This file will control how users access WordPress content. Run the commands below to create a new configuration file called example.com
sudo nano /etc/nginx/sites-available/example.com
Then copy and paste the content below into the file and save it. Replace the highlighted line with your own domain name and directory root location.
Also make sure to reference the certificate files created above during Cloudflare setup.
server { listen 80; listen [::]:80; listen 443 ssl http2; listen [::]:443 ssl http2; server_name example.com www.example.com; root /var/www/html/example.com; index index.php; ssl_certificate /etc/ssl/certs/cloudflare_example.com.pem; ssl_certificate_key /etc/ssl/private/cloudflare_key_example.com.pem; ssl_client_certificate /etc/ssl/certs/origin-pull-ca.pem; ssl_verify_client on; client_max_body_size 100M; autoindex off; location / { try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/var/run/php/php7.2-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
Save the file and exit.
How to Enable the WordPress site
After configuring the VirtualHost above, enable it by running the commands below
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/ sudo systemctl restart nginx.service
Then open your browser and browse to the server domain name. You should see WordPress setup wizard to complete. Please follow the wizard carefully.
Then follow the on-screen instructions. Select the installation language then click Continue
You will need to know the following items before proceeding. Use the database connection info you created above.
- Database name
- Database username
- Database password
- Database host
- Table prefix (if you want to run more than one WordPress in a single database)
The wizard will use the database information to create a wp-config.php file in WordPress root folder.
If for any reason this automatic file creation doesn’t work, don’t worry. All this does is fill in the database information to a configuration file. You may also simply open wp-config-sample.php in a text editor, fill in your information, and save it as wp-config.php.
Next, type in the database connection info and click Submit
After that, click Run the installation button to have WordPress complete the setup.
Next, create the WordPress site name and the backend admin account. then click Install WordPress
When you’re done, WordPress should be installed and ready to use.
After setting up WordPress, go and install Cloudflare plugin and activate below:
Activate, configure and use it! After that, your WordPress should be ready to use with Cloudflare support
Congratulation! You have successfully installed WordPress with Cloudflare CDN on Ubuntu 16.04 | 18.04.
You may also like the post below: