Install WordPress with Nginx (LEMP) on Rocky or Alma Linux with SSL

Looking for the best setup to host your WordPress website? I have tested it personally. I have tried WordPress with LEMP on Ubuntu, Centos, and other Linux distros, and trust me, the best setup I found was LEMP with Rocky or Alma Linux. So, I thought to share how I managed to Install WordPress with Nginx (LEMP) on Rocky or Alma Linux with SSL.

The reason is that Rocky and Alma Linux are highly stable and reliable. There are timely updates for both, which ensures minimal bugs.

In this setup, we will install the latest version of MariaDB for the database and PHP for WordPress.

Prerequisite

• Rocky or Alma Linux installed
• Root or a user with sudo privileges

Since we will use “nano” as editor, let’s install nano first

$ sudo dnf install nano -y

Also, make sure to keep the server ready with the initial setup done. If you haven’t done it, follow our initial Rocky or Alma Linux server setup guide.

Step 1 – Update the server’s repository

First, let’s update the server repository

$ sudo dnf update -y

Step 2 – Install and enable the Nginx web server

The Nginx package is included with almost all Linux distributions, we just have to install it using

$ sudo dnf install nginx -y

As the installation completes, let’s start and enable the Nginx service

$ sudo systemctl start nginx

$ sudo systemctl enable nginx

Step 3 – Install, enable, and secure the MariaDB Database Server

WordPress uses MariaDB or MySQL as the database server for storing data. Let’s install it using

$ sudo dnf install mariadb-server -y

Once the installation is completed, let’s start and enable our database

$ sudo systemctl start mariadb

$ sudo systemctl enable mariadb

Let’s add some security to our database using

$ sudo mysql_secure_installation

You will be asked some questions, you can follow the steps below.

Enter current password for root (enter for none):
Set root password? [Y/n] Y
New password:
Re-enter new password:
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y

Step 4 – Installing PHP 8.3

While writing this tutorial, PHP 8.3 is the latest version so we will install the same on our server.

$ sudo dnf install epel-release -y

$ sudo dnf install https://rpms.remirepo.net/enterprise/remi-release-9.rpm -y

As both processes complete, let’s enable the PHP 8.3 module by

$ sudo dnf module enable php:remi-8.3 -y

After completion, let’s install PHP

$ sudo dnf install php php-intl php-mysqlnd php-fpm php-opcache php-curl php-json php-imagick php-xml php-mbstring php-zip -y

To enable PHP to work with Nginx we will have to map the “nginx” user and group in PHP

$ sudo nano /etc/php-fpm.d/www.conf

Find the directive

user = apache
group = apache

and change them to

user = nginx
group = nginx

Press “ctrl+x” then “y” and hit the “Enter” key to save the file.

Now, let’s start and enable PHP-FPM

$ sudo systemctl start php-fpm

$ sudo systemctl enable php-fpm

Step 5 – Create Database

Let’s create a database so that WordPress can use it

$ sudo mysql -u root -p

MariaDB [(none)]> CREATE DATABASE wordpress DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;

MariaDB [(none)]> GRANT ALL ON wordpress.* TO 'wordpressuser'@'localhost' IDENTIFIED BY 'password';

MariaDB [(none)]> FLUSH PRIVILEGES;

MariaDB [(none)]> EXIT;

Important Note: Make sure to change “wordpress”, “wordpressuser” and “password” as per your needs. Also, make sure to remember these because we will need them in later configurations.

Step 6 – Download and configure WordPress

Here we will download WordPress from the official site, so we are free from any malware or other security issues.

$ cd /var/www/html

$ sudo curl -LO https://wordpress.org/latest.tar.gz

$ sudo tar -xvzf latest.tar.gz

$ sudo mv wordpress yourdomain

Note:- Change “yourdomain” to your website domain name

To configure WordPress we need to set up the wp-config.php file

$ sudo cp wp-config-sample.php wp-config.php

$ sudo nano wp-config.php

Now, let’s configure wp-config.php to use our database by making changes to the given below fields

define('DB_NAME', 'wordpress');
/** MySQL database username */
define('DB_USER', 'wordpressuser');
/** MySQL database password */
define('DB_PASSWORD', 'password');
...

define('FS_METHOD', 'direct');

Press “ctrl+x” then “y” and hit the “Enter” key to save the file.

Note: Replace wordpress, wordpressuser and password in the fields given above as per step 5. Paste the “define(‘FS_METHOD’, ‘direct’);” below the last “define” directive

Step 7 – Configure Nginx Virtual host for WordPress

Now, we will have to configure Nginx virtual host so that Nginx can start using WordPress

$ sudo nano /etc/nginx/conf.d/yourdomain.conf

Note:- Change “yourdomain” in the above command to your website domain name

server {

    listen 80 default_server;
    listen [::]:80 default_server;

    server_name yourdomain.com www.yourdomain.com;
    root /var/www/html/yourdomain;
    index index.html index.htm index.nginx-debian.html index.php;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt { log_not_found off; access_log off; allow all; }
    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
        expires max;
        log_not_found off;
    }
    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php-fpm/www.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

Note:- Change “yourdomain” to your website domain name

Press “ctrl+x” then “y” and hit the “Enter” key to save the file.

As it completes, let’s test nginx for errors

$ sudo nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

$ sudo systemctl restart nginx

Step 8 – Configure SELinux

SELinux is enabled by default, let’s disable it.

$ sudo nano /etc/selinux/config

Change the following directive

SELINUX=disabled

Press “ctrl+x” then “y” and hit the “Enter” key to save the file.

Let’s assign folder permission to the “nginx” user to have control over /var/www/html/

$ sudo chown -R nginx:nginx /var/www/html

Now let’s reboot our server

$ sudo reboot

Step 9 – Install and configure the Firewall

Let’s configure the firewall but before that we need to install a firewall package. With Rocky or Alma Linux, Firewalld is the best firewall. So let’s install it

$ sudo dnf install firewalld -y

As the installation completes, let’s allow HTTP and HTTPS connections

$ sudo firewall-cmd --permanent --add-service=http
$ sudo firewall-cmd --permanent --add-service=https

Reloading the firewall will apply the changes

$ sudo firewall-cmd --reload

Step 10 – Install and configure LetsEncrypt SSL

As the server starts, let’s install SSL for our website

$ sudo dnf install certbot python3-certbot-nginx -y

After installation is completed, let’s obtain the SSL certificate

$ sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Note: Replace “yourdomain” with your real domain name

Enter the details asked and agree to the rest.

Let’s set up a cron job to auto-renew LetsEncrypt SSL.

$ sudo crontab -e

Copy and paste the following line

@daily certbot renew --quiet && systemctl reload nginx

Press “Shift+:”, now enter “wq” and hit enter to save

Now, reboot your server using

$ sudo reboot

As the server starts, open your domain on any browser and set up your WordPress website.