YouTube cover image

In the previous chapter we set up server monitoring and discussed ongoing maintenance for our Ubuntu server. In this final chapter I offer a complete Nginx configuration optimized for WordPress sites.

In addition to amalgamating all information from the previous 8 chapters, I will be drawing upon best practices from my experience and various sources I’ve come across over the years. The following example domains are included, each demonstrating a different scenario:

  • – WordPress on HTTPS
  • – WordPress on HTTPS with FastCGI page caching
  • – WordPress Multisite using subdomains
  • – WordPress Multisite using subdirectories

The configuration files contain inline documentation throughout and are structured in a way to reduce duplicate directives, which are common across multiple sites. This should allow you to quickly create new sites with sensible defaults out of the box, which can be customized as required.


You can use these configs as a reference for creating your own configuration, or directly by copying into your etc directory. Follow the steps below to replace your existing Nginx configuration.

Backup any existing config:

sudo mv /etc/nginx /etc/nginx.backup

Copy one of the example configurations from sites-available to sites-available/

sudo cp /etc/nginx/sites-available/ /etc/nginx/sites-available/`

Edit the config as necessary, paying close attention to the server name and server paths. You will also need to create any directories used within the configuration and ensure Nginx has read/write permissions.

To enable the site, symlink the configuration into the sites-enabled directory:

sudo ln -s /etc/nginx/sites-available/ /etc/nginx/sites-enabled/

Test the configuration:

sudo nginx -t

If the configuration passes, restart Nginx:

sudo /etc/init.d/nginx reload

Nginx Config Preview

The following is the Nginx configuration file that’s contained in the package. It should give you a good idea of what it’s like to use our configs.

Warning: The following Nginx config will not work on its own. You’ll notice there are several include statements which require files contained in the package. Download the Complete Nginx Config Package

server {
    # Ports to listen on, uncomment one.
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    # Server name to listen for

    # Path to document root
    root /sites/;

    # Paths to certificate files.
    ssl_certificate /etc/letsencrypt/live/;
    ssl_certificate_key /etc/letsencrypt/live/;

    # Don't use outdated SSLv3 protocol. Protects against BEAST and POODLE attacks.
    ssl_protocols TLSv1.2 TLSv1.3;

    # Use secure ciphers
    ssl_ciphers EECDH+CHACHA20:EECDH+AES;
    ssl_ecdh_curve X25519:prime256v1:secp521r1:secp384r1;
    ssl_prefer_server_ciphers on;

    # Define the size of the SSL session cache in MBs.
    ssl_session_cache shared:SSL:1m;

    # Define the time in minutes to cache SSL sessions.
    ssl_session_timeout 24h;

    # Tell browsers the site should only be accessed via https.
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

    # File to be used as index
    index index.php index.html;

    # Overrides logs defined in nginx.conf, allows per site logs.
    access_log /sites/;
    error_log /sites/;

    # Default server block rules
    include global/server/defaults.conf;

    # SSL rules - ssl_certificate, etc
    include global/server/ssl.conf;

    location / {
        try_files $uri $uri/ /index.php?$args;

    location ~ \.php$ {
        try_files $uri =404;
        include global/fastcgi-params.conf;

        # Use the php-fpm pool defined in the upstream variable.
        # See global/php-pool.conf for definition.
        fastcgi_pass   $upstream;

    # Rewrite robots.txt
    rewrite ^/robots.txt$ /index.php last;

# Redirect http to https
server {
    listen 80;
    listen [::]:80;

    return 301$request_uri;

# Redirect www to non-www
server {
    listen 443;
    listen [::]:443;

    return 301$request_uri;

That’s All Folks!

Job done! I encourage you to explore the config files further and read through the documented configuration to get a feel for what’s going on. It should feel familiar as it follows the same conventions used throughout this guide.

Over time I will improve the configuration and add new best practices as they emerge. If you have any improvements, please let me know.

That concludes this chapter and the guide as a whole. It’s been quite a journey, but hopefully you’ve learned a lot and are more confident managing a server than when you started. If you have any feedback, don’t hesitate to send us an email.

Subscribe to get the latest news, updates and optimizations in performance and security.

Thanks for subscribing 👍

To receive awesome stuff, you'll need to head to your inbox and click on the verification link we sent you.
Make sure to check your "spam" folder or your "promotions" tab (if you have Gmail).
If you're still having trouble, then message us at

You are already logged in

It looks like you are already logged in to SpinupWP.

Please log out of this account to continue.

Registration Successful

Thanks for registering for a new
SpinupWP account.

Before getting started, could you verify your email address by clicking on the link we just emailed to you?


Free Trial

Start Your 7-Day Free Trial

No credit card required. All features included.

By signing up to SpinupWP, you agree to our Terms and Conditions.
For privacy related information, view our Privacy Policy.