Hosting WordPress Yourself Part 8 – Complete Nginx Configuration

In the previous post of this series, I covered security enhancements, automatic server updates, WooCommerce caching and automated server tasks. In this final post I will demonstrate a complete Nginx configuration tuned for WordPress powered sites. In addition to amalgamating all information from the previous 7 articles, best practices from various sources, such as the WordPress Codex and H5BP are included. The following example domains are also included, which each demonstrate a different scenario:

  • – A basic WordPress install
  • – WordPress on HTTPS
  • – WordPress with FastCGI page caching
  • – WordPress on HTTPS with FastCGI page caching
  • – WordPress Multisite using subdomains
  • – WordPress Multisite using subdirectories

Although this article may appear relatively short compared to previous articles, I hope the accompanying GitHub repo will provide a wealth of information. The configuration files contain inline documentation throughout and are structured in a way to reduce duplicate directives, which are common across multiple sites. This should allow you to quickly create new sites with sensible defaults out of the box, which can be customized as required.


You can use the GitHub repo as a reference for creating your own configuration, or directly by cloning the repo into your etc directory. Follow the steps below to replace your existing Nginx configuration.

Backup any existing config:

sudo mv /etc/nginx /etc/nginx.backup

Clone the repo:

sudo git clone /etc/nginx

Copy one of the example configurations from sites-available to sites-available/

sudo cp /etc/nginx/sites-available/ /etc/nginx/sites-available/`

Edit the site accordingly, paying close attention to the server name and server paths. You will also need to create any directories used within the configuration and ensure Nginx has read/write permissions.

To enable the site, symlink the configuration into the sites-enabled directory:

sudo ln -s /etc/nginx/sites-available/ /etc/nginx/sites-enabled/

Test the configuration:

sudo nginx -t

If the configuration passes, restart Nginx:

sudo /etc/init.d/nginx reload

The following configuration will be loaded, which includes sensible defaults for security, SSL and static file caching:

server {
    # Ports to listen on, uncomment one.
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    # Server name to listen for

    # Path to document root
    root /sites/;

    # Paths to certificate files.
    ssl_certificate /etc/ssl/;
    ssl_certificate_key /etc/ssl/;

    # File to be used as index
    index index.php;

    # Overrides logs defined in nginx.conf, allows per site logs.
    access_log /sites/;
    error_log /sites/;

    # Default server block rules
    include global/server/defaults.conf;

    # SSL rules
    include global/server/ssl.conf;

    location / {
        try_files $uri $uri/ /index.php?$args;

    location ~ \.php$ {
        try_files $uri =404;
        include global/fastcgi-params.conf;

        # Change socket if using a different PHP version
        fastcgi_pass unix:/run/php/php7.1-fpm.sock;
        #fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        #fastcgi_pass unix:/var/run/php5-fpm.sock;

# Redirect http to https
server {
    listen 80;
    listen [::]:80;

    return 301$request_uri;

# Redirect www to non-www
server {
    listen 443;
    listen [::]:443;

    return 301$request_uri;

View on GitHub

Job done! I encourage you to explore the repo further and read through the documented configuration to get a feel for what’s going on. It should hopefully feel familiar as it follows the same conventions used throughout this series. Over time I hope to improve upon the configuration and add new best practices as they emerge. It’s also a public repo, so please open a pull request for any improvements you may have.

That concludes this article and the series as a whole. It’s been quite a journey, but one that I hope you’ve found enlightening. Please feel free to leave your questions below and any ideas you may have for future articles. Thanks for reading!


Ashley Rich

Ashley is a PHP and JavaScript developer with a fondness for hosting, server performance and security. Before joining Delicious Brains, Ashley served in the Royal Air Force as an ICT Technician.

100% No-Risk 30-Day Money Back Guarantee

If for any reason you are not happy with our product or service, simply let us know within 30 days of your purchase and we'll refund 100% of your money. No questions asked.