Updated June 12, 2018. First published March 25, 2015

Hosting WordPress Yourself Part 2 – Installing Nginx, PHP and MariaDB

In Part 1 of this series on Hosting WordPress Yourself, I took you through the initial steps to setting up and securing a virtual server. In this post I will guide you through the process of setting up Nginx, PHP-FPM and MariaDB, which will form the foundations of a working web server.

Before moving on, you will need to open a new SSH connection to the server, if you haven’t already:

SSH

Installing Nginx

Although the Ubuntu package manager (apt-get) has access to Nginx packages, they’re often outdated and only give you access to the stable branch. It’s recommended that most servers run the mainline version, which receives move regular updates (including minor bug fixes and new features). This article explains the difference between the two branches in more detail, but generally speaking, if you don’t plan on using any third party Nginx modules the mainline branch is the way to go.

First add the repository containing the mainline version and update the package lists:

sudo add-apt-repository ppa:nginx/development -y
sudo apt-get update

Then install the package:

sudo apt-get install nginx -y

Once complete, you can confirm that Nginx has been installed with the following command:

nginx -v

Additionally, when visiting your server’s Fully Qualified Domain Name (FQDN) in the browser, you should see an Nginx welcome page.

Welcome to nginx

Now that Nginx has successfully installed it’s time to perform some basic configuration. Out of the box Nginx is pretty well optimized, however there are a few basic adjustments to make. But, before opening the configuration file, you need to determine your server’s number of CPU cores and the open file limit.

Enter the following commands and make note of the return values:

grep processor /proc/cpuinfo | wc -l
ulimit -n

Next, open the Nginx configuration file, which can be found at /etc/nginx/nginx.conf:

sudo nano /etc/nginx/nginx.conf

nginx.conf

I’m not going to list every configuration directive but I am going to briefly mention those that you should change.

Start by setting the user to the username that you’re currently logged in with. This will make managing file permissions much easier in the future, but this is only acceptable security-wise when running a single user access server.

The worker_processes directive determines how many workers to spawn per server. The general rule of thumb is to set this to the amount of CPU cores your server has available. In my case, this is 1.

The events block contains 2 directives, the first worker_connections should be set to your server’s open file limit. This tells Nginx how many simultaneous connections can be opened by each worker_process. Therefore, if you have 2 CPU cores and an open file limit of 1024, your server can handle 2048 connections per second. However, the number of connections doesn’t directly equate to the number of users that can be handled by the server, as the majority of web browsers open at least 2 connections per request. The multi_accept directive should be uncommented and set to on, which informs each worker_process to accept all new connections at a time, opposed to accepting one new connection at a time.

Moving down the file you will see the http block. The first directive to change is the keepalive_timeout, which by default is set to 65. The keepalive_timeout determines how many seconds a connection to the client should be kept open before it’s closed by Nginx. This directive should be lowered as you don’t want idle connections sitting there for up to 65 seconds if they can be utilised by new clients. I have set mine to 15.

For security reasons you should uncomment the server_tokens directive and ensure it is set to off. This will disable emitting the Nginx version number in error messages and response headers.

Underneath server_tokens add the client_max_body_size directive and set this to the maximum upload size you require in the WordPress Media Library. I chose a value of 64m.

Further down the http block you will see a section dedicated to Gzip compression. By default, Gzip is enabled but is disabled for Microsoft Internet Explorer 6, however you should tweak these values further for better handling of static files. First, you should uncomment the gzip_proxied directive and set it to any, which will ensure all proxied request responses are gzipped. Secondly, you should uncomment the gzip_comp_level and set it to a value of 2. This controls the compression level of a response and can have a value in the range of 1 – 9. Be careful not to set this value too high as it can have a negative impact on CPU usage. Finally, you should uncomment the gzip_types directive, leaving the default values in place. This will ensure that JavaScript, CSS and other file types are gzipped in addition to the HTML file type.

In order for Nginx to correctly serve PHP you also need to ensure the fastcgi_param SCRIPT_FILENAME directive is set, otherwise you will receive a blank white screen when accessing any PHP scripts. Open the fastcgi_params file:

sudo nano /etc/nginx/fastcgi_params

Ensure the following directive exists, if not add it to the file:

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;

That’s the basic Nginx configuration dealt with, hit CTRL X followed by Y to save the changes. For the changes to take effect you must restart Nginx, however before doing so you should ensure that the configuration file contains no errors by issuing the following command:

sudo nginx -t

If everything looks ok, go ahead and restart Nginx:

sudo service nginx restart

Restart nginx

If everything worked out ok, you should still be able to see the Nginx welcome page when visiting the FQDN in the browser.

PHP-FPM

Just like Nginx, the apt-get repository does contain PHP packages, however, they are not the most up-to-date, so I like to use one maintained by Ondřej Surý. Add the repository and update the package lists like you did for Nginx:

sudo add-apt-repository ppa:ondrej/php -y
sudo apt-get update

Then install PHP:

sudo apt-get install php7.2-fpm php7.2-common php7.2-mysql php7.2-xml php7.2-xmlrpc php7.2-curl php7.2-gd php7.2-imagick php7.2-cli php7.2-dev php7.2-imap php7.2-mbstring php7.2-opcache php7.2-redis php7.2-soap php7.2-zip -y

After the installation has completed, confirm that PHP has installed correctly:

php-fpm7.2 -v

Now that PHP has installed you need to configure the user and group that the service will run under. Because the server isn’t designed for a shared hosting environment, it’s ok to run a single PHP pool under your user account. Open the default pool configuration file:

sudo nano /etc/php/7.2/fpm/pool.d/www.conf

Change the following lines, replacing www-data with your username:

user = www-data
group = www-data
listen.owner = www-data
listen.group = www-data

Next, you should adjust your php.ini file to increase the WordPress maximum upload size. Both this and the client_max_body_size directive within Nginx must be changed in order for the new maximum upload limit to take effect. Open your php.ini file:

sudo nano /etc/php/7.2/fpm/php.ini

Change the following lines to match the value you assigned to the client_max_body_size directive when configuring Nginx:

upload_max_filesize = 2M
post_max_size = 8M

Hit CTRL X and Y to save the configuration. Before restarting PHP, check that the configuration file syntax is correct:

sudo php-fpm7.2 -t

If the configuration test was successful, restart PHP using the following command:

sudo service php7.2-fpm restart

Now that Nginx and PHP have been installed, you can confirm that they are both running under the correct user by issuing the top command:

top

If you hit SHIFT M the output will be arranged by memory usage which should bring the nginx and php-fpm7.2 processes into view. You should notice a few occurrences of both nginx and php-fpm. Both processes will have one instance running under the root user (this is main process that spawns each worker) and the remainder should be running under the username you specified.

If not, go back and check the configuration, and ensure that you have restarted both the Nginx and PHP-FPM services.

MariaDB

The final package to install is MariaDB, which is a drop in replacement for MySQL. I choose MariaDB because it offers more features and speed improvements over MySQL. It’s also fully open source and has been adopted by a number of large companies. Again, the apt-get repository does contain a MariaDB package, but it’s not the most recent stable release.

Add the repository and update the package lists like you did for Nginx and PHP-FPM:

sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8
sudo add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://mirror.sax.uk.as61049.net/mariadb/repo/10.1/ubuntu xenial main' -y
sudo apt-get update

To install MariaDb, issue the following command:

sudo apt-get install mariadb-server -y

You’ll be prompted to enter a root password, which should be complex, as described at the end of the previous post.

Once MariaDB has installed, you need to setup the default system tables:

sudo mysql_install_db

The last step is to secure MariaDB. Luckily, there’s a built in script which will prompt you to change a few insecure defaults:

sudo mysql_secure_installation

You will be prompted to enter the root password you created in the previous step and will be given the option to change this password if you are not happy with it.

MySQL change root password

A number of additional prompts will appear, you should accept the default values by hitting ENTER.

MySQL security prompts

Catch All Server Block

The last thing to address in this post is to remove the default server block from Nginx. Currently, when you visit the server’s FQDN in a web browser you should see the Nginx welcome page. However, unless visiting a known host the server should return a 444 response.

Begin by removing the following two files:

sudo rm /etc/nginx/sites-available/default
sudo rm /etc/nginx/sites-enabled/default

Now you need to add a catch all block to the Nginx configuration. Using nano, open the nginx.conf file:

sudo nano /etc/nginx/nginx.conf

Towards the bottom of the file you’ll find a line that reads:

include /etc/nginx/sites-enabled/*;

Underneath add the following:

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return 444;
}

Hit CTRL X followed by Y to save the changes and then test the Nginx configuration:

sudo nginx -t

If everything looks good, restart Nginx:

sudo service nginx restart

Now when you visit the FQDN you should receive an error.

Browser error

Here’s my final nginx.conf file, after applying all of the above changes. I have removed the mail block, as this isn’t something I use. In part 8 we will customize the Nginx configuration further to improve both performance and security, but this should serve as a good starting point:

That’s all for this post, if you have any questions please feel free to ask them below. In the next post I will guide you through the process of setting up your first WordPress site and how to manage multiple WordPress installs.

Author

Ashley Rich

Ashley is a PHP and JavaScript developer with a fondness for hosting, server performance and security. Before joining Delicious Brains, Ashley served in the Royal Air Force as an ICT Technician.

.replybox-fallback, .replybox-fallback ul { list-style: none; }

Jared Cobb says:

March 25, 2015 at 3:45 pm

@perusio has a great nginx boilerplate specifically designed for WordPress that I’ve used with great success. https://github.com/perusio/wordpress-nginx I’d recommend forking the project and customizing it to your needs. I’ve also incorporated some of @A5hleyRich’s items! Thanks Ashley!

Mint Plugins says:

March 25, 2015 at 4:03 pm

Great post thanks Ashley! Very useful. On a security sidenote, if you are just setting up a new server, I recommend setting up a UFW firewall: https://www.digitalocean.com/community/tutorials/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server And then blocking SSH access from All IPs except the ones you trust: http://blog.bstpierre.org/ufw-firewall-limit-ssh?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheDailyBuild+(The+Daily+Build) This way people can’t try and brute force their way into your server using SSH – unless they are literally beside you 🙂

Ashley Rich says:

March 25, 2015 at 4:40 pm

Thanks for the comment. Part 1 deals with setting up UFW and Fail2Ban to mitigate the chances of someone gaining unauthorised access. Restricting SSH to allow only known IP addresses is certainly a solid way to secure your server, but it’s problematic when you don’t have a static IP address, like myself. As this series isn’t aimed at enterprise level security, the precautions we have detailed so far should suffice.

Reply
- Mint Plugins says:
  
  March 25, 2015 at 4:56 pm
  
  Ah great stuff. I obviously missed part one. reading it now 🙂
  
  Reply

Ashley Rich says:

March 26, 2015 at 1:15 pm

Stay tuned. It’s going to be a pretty long series.

Joe Fletcher says:

April 24, 2015 at 8:29 pm

Been following these tutorials to a T, and they’ve seriously simplified my server setup. Question to all: I’m looking at H5BP’s nginx configs. Any experience with these? Any WordPress gotchas? etc. https://github.com/h5bp/server-configs-nginx The @perusio commented on here is 3 yrs old.

Ashley Rich says:

April 25, 2015 at 9:01 am

I can’t say I’ve used either of those configs, but looking through, both have useful snippets. This series only outlines a very basic Nginx config, as it’s way beyond the scope to detail every directive. I’m going to create a new repo with an Nginx config geared towards how we’ve got things setup in this tutorial with annotated source for people to look through.

Reply

Mitesh Shah says:

May 4, 2015 at 10:45 am

@A5hleyRich:disqus As you are using rtcamp nginx repository for latest nginx build which support pagespeed then why not automate whole setup with rtcamp project called EasyEngine? Refer: https://github.com/rtCamp/easyengine http://docs.rtcamp.com/easyengine/

Ashley Rich says:

May 5, 2015 at 7:25 am

EasyEngine seems like a good project but heres’ why I don’t use it: 1. I like to control what software is installed 2. If things do go wrong, it’s harder to fix when you don’t know the existing structure or configuration. Building the system yourself helps you to understand the various components of a working web server which should make tracking down problems that much easier. That said, there’s nothing wrong with using EasyEngine, if you just want a quick solution.

Reply

Rommel Castro says:

June 10, 2015 at 11:59 pm

what changes i need to do or not to apply to make it work with user www-data? thanks for this amazing series

Ashley Rich says:

June 11, 2015 at 8:46 am

I believe the default user for Nginx and PHP5-FPM is the www-data user. Therefore just skip renaming them. Remember, if you are not uploading files as the www-data user you will often have to chown them, otherwise you’ll likely get forbidden errors.

Reply
- Rommel Castro says:
  
  June 11, 2015 at 8:41 pm
  
  you’re right, so i would have to chown the files from time to time, or everytime i create a new site… have you tried this installation with something like jenkins? thanks
  
  Reply
  - Ashley Rich says:
    
    June 12, 2015 at 7:46 am
    
    That’s correct. The only time you should need to chown is when uploading anything via SFTP, unless you connect with the www-data user. I haven’t used Jenkins personally, but I don’t see any reason why it wouldn’t work.
    
    Reply

O says:

July 1, 2015 at 12:35 am

You suggest, and say that you have it that way, in the beginning of the post to reduce the keepalive_timeout setting in the nginx.conf from 65 to 15. However on the last section on GitHub at the value is still 65. Simple mistake or does this mean that you changed your mind for some reason and now have it at 65 again?

Ashley Rich says:

July 1, 2015 at 7:11 am

Thanks for the heads up, the final nginx.conf has been updated.

Reply

Vinay Kachhara says:

August 7, 2015 at 7:55 pm

Just look at the last part of your nginx.conf file output: server { listen 80 default_server; server_name _; return 444; } Do we need to input the server name value or just let it be? Great series, really helpful. Thanks a lot.

Ashley Rich says:

August 12, 2015 at 7:59 am

You don’t need to change anything in that server block. It’s a catch-all server block, which ensures Nginx returns the correct response for unknown virtual hosts.

Reply
- Vinay Kachhara says:
  
  August 12, 2015 at 10:22 am
  
  Somehow it always gave an error at my end but when I entered the server name, I could sail through the nginx -t configuration test successfully. Probably I messed up with some settings somewhere.
  
  Reply

Kingsley Felix says:

September 20, 2015 at 6:37 am

Hello; any idea or post on how to install phpmyadmin or a way to manage database via workbench or toad?

Ashley Rich says:

September 22, 2015 at 7:53 am

phpMyAdmin https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-phpmyadmin-on-ubuntu-14-04

Reply
- Kingsley Felix says:
  
  September 23, 2015 at 6:24 am
  
  the tutorial is for apache
  
  Reply
  - Ashley Rich says:
    
    September 23, 2015 at 7:38 am
    
    Sorry, copied the wrong link. https://www.digitalocean.com/community/tutorials/how-to-install-and-secure-phpmyadmin-with-nginx-on-an-ubuntu-14-04-server
    
    Reply
    - Kingsley Felix says:
      
      September 23, 2015 at 8:40 am
      
      never works for me

Kingsley Felix says:

September 20, 2015 at 11:42 am

Neither host ‘buguma.healthable.org’ nor ‘localhost’ could be looked up with /usr/bin/resolveip Please configure the ‘hostname’ command to return a correct hostname. If you want to solve this at a later stage, restart this script

Ashley Rich says:

September 22, 2015 at 8:03 am

When are you receiving this error? Did you configure your hosts as per the previous article?

Reply
- Kingsley Felix says:
  
  September 28, 2015 at 11:32 am
  
  host name is configured…. still having this problem
  
  Reply

Kingsley Felix says:

September 27, 2015 at 11:14 pm

what if i use mysql5.6 or mariadb?

Filip Kuzmanovski says:

October 30, 2015 at 5:02 pm

I followed all directions, however after installing the WP Core, when I go to the domain I get a 400 Bad Request. I’ve tried looking for solutions on stack overflow and digital ocean, but I am not having any luck. Do you have any idea what might be causing this?

monoloops says:

December 3, 2015 at 2:14 pm

hello Ashley, Great tutorial series about nginx you helped me a lot with this. I am struggling with one thing now which is my fault! I started building my nginx server following tutorial on digital ocean but just later on, find your tutorial which was more in details..so I continues with you..Now am back on beginning of your series looking what I’ve miss. Slap in my face, right in the beginning you installed Nginx from different source with compiled fastcgi_cache_purge. And this is exactly what is not working with my setup, so I’ve just commented out that line.. Now, my noob question is: What to do now? 🙂 How to add this module to my current server? Can I just update my nginx from your source? If I need to reinstall my nginx should backup of my nginx.conf and my sites-available conf will be enough to continue where i left off after reinstalling? Thanks Ashley!

monoloops says:

December 3, 2015 at 9:00 pm

Ok solved. everything works flawlessly

Reply
- Henry Davila says:
  
  June 17, 2016 at 3:30 pm
  
  Hello how u solve that issue? because te only nginx i found it was the full version by ubuntu repositories, and nginx-costum was not able to found anywhere. soo i was to skip fastcgi_cache_purge…
  
  Reply
  - Scott Stawarz says:
    
    July 4, 2016 at 7:56 am
    
    Hey Henry, I don’t know if you saw, but you can get the custom nginx build fastcgi_cache_purge from this repo: http://download.opensuse.org/repositories/home:/rtCamp:/EasyEngine/xUbuntu_16.04/
    
    Reply

Matthew Fedak says:

January 24, 2016 at 11:55 am

But one important thing was missed. You need to add the following line: fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name; to the "/etc/nginx/fastcgi_params" config file. If not you will just get blank pages when accessing any php file.

German says:

March 25, 2016 at 3:38 pm

I can’t stress how important this comment was for me. I spent countless hours, searching for and looking at error logs, restarting server config from scratch several times, trying to figure out why I had a blank page in WordPress. I even had a blank page in a simple phpinfo() site. This small comment got me out of that problem.

Reply
Inspired Earth says:

September 24, 2017 at 9:16 pm

Thanks for pointing this out. Even with this now added, I am still getting a blank page for php files. It’s now two years since your comment… is there anything else that needs to be done or done differently?

Reply

Jeffrey says:

February 6, 2016 at 10:34 am

Thank you very much for very detailed articles! Any follow up post for upgrading to php7? Thanks!

Angel C?rdenas says:

June 20, 2016 at 5:13 pm

i would like to know if upgrade to php7 is possible

Reply

Ron Tal says:

May 23, 2016 at 6:44 pm

When installing all the php packages I got a "php-common deprecated" notice asking me to go through a few more steps. It also warned about most of these packages that they are not authenticated. Anything to worry about?

Carlos Augusto dos Santos says:

June 16, 2016 at 10:02 pm

This setting is very good, as I can configure nginx to support HTTP/2 ?

Jull Weber says:

June 30, 2016 at 5:57 pm

This php install you are giving is deprecated 🙁 https://launchpad.net/~ondrej/+archive/ubuntu/php5-5.6 You should provide a working one.

Ashley Rich says:

July 4, 2016 at 7:24 am

This article was written over 1 year ago. Instead, you should install PHP 7 for all new servers.

Reply
- Alex Poucher says:
  
  July 4, 2016 at 2:52 pm
  
  Please Help me Ashley. I have followed this tutorial step by step 100% and everything was working great. Then I got to the point of installing PHP. After I ran the following command: sudo apt-get install php5-fpm php5-common php5-mysqlnd php5-xmlrpc php5-curl php5-gd php5-imagick php5-cli php-pear php5-dev php5-imap php5-mcrypt The process started and I got a notification on screen that it was deprecated. Then it gave me commands I should run afterwards. The commands are: sudo LC_ALL=C.UTF-8 add-apt-repository ppa:ondrej/php sudo apt-get update sudo apt-get install php7.0 sudo apt-get install php-xdebug php-apcu I then hit Escape and the original command (sudo apt-get install php5-fpm php5-common php5-mysqlnd php5-xmlrpc php5-curl php5-gd php5-imagick php5-cli php-pear php5-dev php5-imap php5-mcrypt) continued until the end. When It was finished I then ran the following command php5-fpm -v It told me the current PHP version was PHP 5 I then ran the other commands it told me to do so afterwards to upgrade to PHP7 sudo LC_ALL=C.UTF-8 add-apt-repository ppa:ondrej/php sudo apt-get update sudo apt-get install php7.0 sudo apt-get install php-xdebug php-apcu After I did that I started getting Apache errors on the screen and now when I visit my FQDN instead of seeing NGINX has been installed I now see Apache, check it here -> http://pluto.alexpoucher.com/ How do I revert what just happened, get rid of apache and php7 and get back to the NGINX screen on the FQDN instead of Apache? My entire install is now at a stand still until you reply. I am willing to pay for your support and expertise. I now fear I have a bunch of things installed I do not need I fear and I have no idea how to remove them from issuing those commands that it told me to. sudo LC_ALL=C.UTF-8 add-apt-repository ppa:ondrej/php sudo apt-get update sudo apt-get install php7.0 sudo apt-get install php-xdebug php-apcu How do I remove everything that these commands installed and did? Please help asap.
  
  Reply

Samuel Lavoie says:

July 4, 2016 at 2:59 am

Ashley, love this tutorial series, this is what make it possible for me to setup my VPS with Digital Ocean 🙂 Quick question on this one, could you expand on why using fastcgi_cache_purge ?? thanks!

Samuel Lavoie says:

July 4, 2016 at 3:00 am

@A5hleyRich:disqus love this tutorial series, this is what make it possible for me to setup my VPS with Digital Ocean 🙂 Quick question on this one, could you expand on why using fastcgi_cache_purge ?? thanks!

Ashley Rich says:

July 4, 2016 at 7:37 am

fastcgi_cache_purge is a module which allows conditional purging of the fastcgi cache. For example, out of the box if you publish a new post you need to delete the entire cache, where as the module allows you to clear only those pages impacted. Since writing this series I no longer use the module, because the module is not actively maintained. Instead, I just use the Nginx mainline (https://launchpad.net/~nginx/+archive/ubuntu/development) build with this plugin: https://wordpress.org/plugins/nginx-cache/

Reply
- Scott Stawarz says:
  
  July 4, 2016 at 7:53 am
  
  Hi Ashley, I’m working on a new ansible set-up, and I’m researching, and I saw your recent comment. I’m wondering since you no longer use the fastcgi_cache_purge, do you still use the same nginx conf as listed in your github repo? https://github.com/A5hleyRich/wordpress-nginx you then use the ssl-fastcgi-cache.com and you just don’t uncomment out the fastcgi_cache_purge module ? or do you have a different base-one you use?
  
  Reply
  - Scott Stawarz says:
    
    July 4, 2016 at 7:54 am
    
    Also want to add that your articles have been very helpful. It’s interesting to see how one sets things up differently.
    
    Reply
    - Ashley Rich says:
      
      July 4, 2016 at 8:03 am
      
      Cheers Scott. Yeah, I still use those configs. The fastcgi_cache_purge section was just left in for completeness, but I no longer uncomment it.
    - Scott Stawarz says:
      
      July 4, 2016 at 10:22 am
      
      Great thanks. That’s what I thought.

Joe says:

September 6, 2016 at 10:57 pm

I had to find the php 7 commands to replace php 5 $ sudo php-fpm7.0 -t $ sudo systemctl restart php7.0-fpm

dimitri visser says:

November 14, 2016 at 3:52 pm

Installing nginx doesn’t work anymore… Reading package lists… Done W: The repository ‘http://ppa.launchpad.net/rtcamp/nginx/ubuntu xenial Release’ does not have a Release file. N: Data from such a repository can’t be authenticated and is therefore potentially dangerous to use. N: See apt-secure(8) manpage for repository creation and user configuration details. E: Failed to fetch http://ppa.launchpad.net/rtcamp/nginx/ubuntu/dists/xenial/main/binary-amd64/Packages 404 Not Found E: Some index files failed to download. They have been ignored, or old ones used instead. root@vps4-chicago:~# sudo apt-get install nginx-custom -y Reading package lists… Done Building dependency tree Reading state information… Done E: Unable to locate package nginx-custom

I-MmmK-I says:

November 20, 2016 at 3:46 pm

Same Problem :/

Reply
- dimitri visser says:
  
  November 23, 2016 at 10:21 pm
  
  Did you find a solution ? The only thing I could find was a long and boring story about compiling one myself…
  
  Reply
  - Ruben Dominguez says:
    
    December 12, 2016 at 8:32 pm
    
    Same as well….i have not found anything and i’ve spent 20+ hours researching.
    
    Reply
    - Ashley Rich says:
      
      December 13, 2016 at 9:11 am
      
      This post is over 18 months old now, so it’s likely some of the steps don’t work as described. Have you tried installing Nginx using the steps outlined under ‘Ubuntu PPA’: https://www.nginx.com/resources/wiki/start/topics/tutorials/install/
    - Ruben Dominguez says:
      
      December 14, 2016 at 4:56 pm
      
      Hey thanks Ashely! didnt expect a reply. I was trying to go off the custom -y install, I found a separate subforum but it only complicated matters even more. Your guide has been awesome, its given me a pretty good path to start from and i feel a lot better about it than before, hopefully i can wrap up the server by the end of the week. Thanks again!

Jose monagas says:

December 15, 2016 at 4:13 pm

I am getting lots of 502 errors for admin users that want to edit the page socket() failed (24: Too many open files) while connecting to upstream Do you have any idea why is this happening?

Eric Cholis says:

January 10, 2017 at 7:43 pm

As of this comment, there isn’t a release in the rtcamp/nginx repository for Ubuntu 16.04 (Xenial). Thus, fastcgi_cache_purge will not work.

Rahul Bansal says:

January 11, 2017 at 7:07 am

@ericcholis:disqus our nginx packages are shifted to OpenSuse build service – https://build.opensuse.org/project/show/home:rtCamp:EasyEngine and available for Ubuntu 16.04 (Xenial).

Reply

Nick Campbell says:

March 10, 2017 at 2:42 pm

Ashley, 1 detail you have in here I love the idea of, but I’m worried that in production it could have a security risk. You suggest to change the user of php-fpm to your own user account. I get that if you are on your own private server that nobody else has access to, you don’t pose a risk of another system user, but the thing I’m concerned about is that my user account is a sudo user. So potentially, if the website were to be hacked and its running as my user, could the hacker use the sudo permissions to cause major damage? Am I being overly cautious, or could that pose a security risk?

David says:

May 6, 2017 at 3:31 pm

Thanks so much for this tutorial series. I see that you have recently updated it for 2017. Going through this for the first time, I found that after installing MariaDB and trying to setup the default system tables using the "sudo mysql_install_db" command, it errors out. To get around this, I had to "service mysql stop", then run "sudo mysql_install_db", and then "service mysql start" before proceeding to the mysql_secure_installation step. Thanks!

Jhonis says:

August 27, 2017 at 5:27 pm

thanks for that tip! got same error.

Reply
Spencer Cloud says:

March 11, 2019 at 5:13 pm

People who write comments like this are saints. Thank you!

Reply

Luke Scammell says:

June 19, 2017 at 9:39 am

MariaDB 10.2 is now stable and it’s available on a DigitalOcean mirror now. Copied from: https://downloads.mariadb.org/mariadb/repositories/#distro=Ubuntu&distro_release=xenial–ubuntu_xenial&version=10.2&mirror=digitalocean-lon sudo apt-get install software-properties-common sudo apt-key adv –recv-keys –keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8 sudo add-apt-repository ‘deb [arch=amd64,i386,ppc64el] http://lon1.mirrors.digitalocean.com/mariadb/repo/10.2/ubuntu xenial main’

Luke Scammell says:

June 19, 2017 at 10:29 am

Also, at least with MariaDB 10.2 and Ubuntu Zesty, you no longer need to run mysql_install_db, I just skipped straight to mysql_secure_installation Thanks again for this amazing resource 🙂

Reply

Luke Scammell says:

June 19, 2017 at 10:21 am

Also, as a small quality of life improvement I also do this: sudo ln -s /lib/systemd/system/php7.1-fpm.service /lib/systemd/system/php.service That way I can restart php much more easily: sudo service php restart

Dimitri Gogelia says:

September 15, 2017 at 11:38 am

Hello, After sudo mysql_install_db I got this output: Installing MariaDB/MySQL system tables in ‘/var/lib/mysql’ … 2017-09-15 15:32:34 139765476002048 [Note] /usr/sbin/mysqld (mysqld 10.1.26-MariaDB-1~xenial) starting as process 6984 … 2017-09-15 15:32:35 139765476002048 [ERROR] mysqld: Can’t lock aria control file ‘/var/lib/mysql/aria_log_control’ for exclusive use, error: 11. Will retry for 30 seconds 2017-09-15 15:33:06 139765476002048 [ERROR] mysqld: Got error ‘Could not get an exclusive lock; file is probably in use by another process’ when trying to use aria control file ‘/var/lib/mysql/aria_log_control’ 2017-09-15 15:33:06 139765476002048 [ERROR] Plugin ‘Aria’ init function returned error. 2017-09-15 15:33:06 139765476002048 [ERROR] Plugin ‘Aria’ registration as a STORAGE ENGINE failed. 2017-09-15 15:33:06 139765476002048 [Note] InnoDB: Using mutexes to ref count buffer pool pages 2017-09-15 15:33:06 139765476002048 [Note] InnoDB: The InnoDB memory heap is disabled 2017-09-15 15:33:06 139765476002048 [Note] InnoDB: Mutexes and rw_locks use GCC atomic builtins 2017-09-15 15:33:06 139765476002048 [Note] InnoDB: GCC builtin __atomic_thread_fence() is used for memory barrier 2017-09-15 15:33:06 139765476002048 [Note] InnoDB: Compressed tables use zlib 1.2.8 2017-09-15 15:33:06 139765476002048 [Note] InnoDB: Using Linux native AIO 2017-09-15 15:33:06 139765476002048 [Note] InnoDB: Using SSE crc32 instructions 2017-09-15 15:33:06 139765476002048 [Note] InnoDB: Initializing buffer pool, size = 256.0M 2017-09-15 15:33:06 139765476002048 [Note] InnoDB: Completed initialization of buffer pool 2017-09-15 15:33:06 139765476002048 [ERROR] InnoDB: Unable to lock ./ibdata1, error: 11 2017-09-15 15:33:06 139765476002048 [Note] InnoDB: Check that you do not already have another mysqld process using the same InnoDB data or log files. 2017-09-15 15:33:06 139765476002048 [Note] InnoDB: Retrying to lock the first data file 2017-09-15 15:33:07 139765476002048 [ERROR] InnoDB: Unable to lock ./ibdata1, error: 11 2017-09-15 15:33:07 139765476002048 [Note] InnoDB: Check that you do not already have another mysqld process using the same InnoDB data or log files. 2017-09-15 15:33:08 139765476002048 [ERROR] InnoDB: Unable to lock ./ibdata1, error: 11 2017-09-15 15:33:08 139765476002048 [Note] InnoDB: Check that you do not already have another mysqld process using the same InnoDB data or log files. 2017-09-15 15:33:09 139765476002048 [ERROR] InnoDB: Unable to lock ./ibdata1, error: 11 2017-09-15 15:33:09 139765476002048 [Note] InnoDB: Check that you do not already have another mysqld process using the same InnoDB data or log files. 2017-09-15 15:33:10 139765476002048 [ERROR] InnoDB: Unable to lock ./ibdata1, error: 11 2017-09-15 15:33:10 139765476002048 [Note] InnoDB: Check that you do not already have another mysqld process using the same InnoDB data or log files. 2017-09-15 15:33:11 139765476002048 [ERROR] InnoDB: Unable to lock ./ibdata1, error: 11 2017-09-15 15:33:11 139765476002048 [Note] InnoDB: Check that you do not already have another mysqld process using the same InnoDB data or log files. 2017-09-15 15:33:12 139765476002048 [ERROR] InnoDB: Unable to lock ./ibdata1, error: 11 2017-09-15 15:33:12 139765476002048 [Note] InnoDB: Check that you do not already have another mysqld process using the same InnoDB data or log files. *** Many many times 2017-09-15 15:34:46 139765476002048 [ERROR] InnoDB: Unable to lock ./ibdata1, error: 11 2017-09-15 15:34:46 139765476002048 [Note] InnoDB: Check that you do not already have another mysqld process using the same InnoDB data or log files. 2017-09-15 15:34:46 139765476002048 [Note] InnoDB: Unable to open the first data file 2017-09-15 15:34:46 7f1daf8c8900 InnoDB: Operating system error number 11 in a file operation. InnoDB: Error number 11 means ‘Resource temporarily unavailable’. InnoDB: Some operating system error numbers are described at InnoDB: http://dev.mysql.com/doc/refman/5.6/en/operating-system-error-codes.html 2017-09-15 15:34:46 139765476002048 [ERROR] InnoDB: Can’t open ‘./ibdata1’ 2017-09-15 15:34:46 139765476002048 [ERROR] InnoDB: Could not open or create the system tablespace. If you tried to add new data files to the system tablespace, and it failed here, you should now edit innodb_data_file_path in my.cnf back to what it was, and remove the new ibdata files InnoDB created in this failed attempt. InnoDB only wrote those files full of zeros, but did not yet use them in any way. But be careful: do not remove old data files which contain your precious data! 2017-09-15 15:34:46 139765476002048 [ERROR] Plugin ‘InnoDB’ init function returned error. 2017-09-15 15:34:46 139765476002048 [ERROR] Plugin ‘InnoDB’ registration as a STORAGE ENGINE failed. 2017-09-15 15:34:46 139765476002048 [ERROR] Unknown/unsupported storage engine: InnoDB 2017-09-15 15:34:46 139765476002048 [ERROR] Aborting Installation of system tables failed! Examine the logs in /var/lib/mysql for more information. The problem could be conflicting information in an external my.cnf files. You can ignore these by doing: shell> /usr/scripts/scripts/mysql_install_db –defaults-file=~/.my.cnf You can also try to start the mysqld daemon with: shell> /usr/sbin/mysqld –skip-grant –general-log & and use the command line tool /usr/bin/mysql to connect to the mysql database and look at the grant tables: shell> /usr/bin/mysql -u root mysql mysql> show tables; Try ‘mysqld –help’ if you have problems with paths. Using –general-log gives you a log in /var/lib/mysql that may be helpful. The latest information about mysql_install_db is available at https://mariadb.com/kb/en/installing-system-tables-mysql_install_db MariaDB is hosted on launchpad; You can find the latest source and email lists at http://launchpad.net/maria Please check all of the above before submitting a bug report at http://mariadb.org/jira But MariaDB is working. Do I something wrong, or it is OK? Please, help!

Nathan Lenkowski says:

October 11, 2017 at 4:06 pm

Just ran into this problem as well on a clean install of Maria DB. I had to stop mysql before running mysql_install_db and then start it again. sudo service mysql stopsudo mysql_install_dbsudo service mysql start

Reply
- Dimitri Gogelia says:
  
  October 13, 2017 at 6:45 am
  
  Thank you very much, Nathan! I’ll try shortly 🙂
  
  Reply
  - Nathan Lenkowski says:
    
    October 14, 2017 at 8:27 am
    
    No problem. Hope it works for you. Hopefully this will be resolved in a future release of MariaDB, doesn’t seem like it should be necessary and it’s not mentioned in the post-install documentation.
    
    Reply

Inspired Earth says:

September 24, 2017 at 9:19 pm

Hi @Ashley Rich. Thanks for these great tutorials. I’ve so far followed to the letter. However, when I try to access php files (in browser) I get a blank page. I added both fastcgi_param PATH_TRANSLATED $document_root$fastcgi_script_name; (as suggested by @matthewfedak:disqus , and also fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; as suggested by you. But can’t get php to load. Any suggestions or updates since you last edited this article?

Ashley Rich says:

September 26, 2017 at 3:19 pm

SCRIPT_FILENAME is usually the culprit. Anything in the Nginx error logs?

Reply

Denver Prophit Jr. says:

December 26, 2017 at 12:33 pm

Remove TLS V1 and 1.1

Tech Engage says:

December 29, 2017 at 8:20 am

Hi can you tell me how can i access Phpmyadmin and file manager if i install WordPress without cpanel?

Gecko Mancer says:

April 10, 2018 at 11:48 am

Rather than adding the PATH_TRANSLATED AND SCRIPT_FILENAME, you can: edit /etc/php/7.2/fpm/php.ini (replace 7.2 with your version); uncomment the following line, and change the 1 to 0: cgi.fix_pathinfo=0 The file has a handy link for more information: http://php.net/cgi.fix-pathinfo Also, I believe mcrypt is depreciated as of php7.0. (And I think this means you don’t need php-pear.) Maybe better to hash passwords, rather than encrypt.

Vibhi says:

April 16, 2018 at 7:14 am

after catch all block and editing nginx config it showing and error when running cmd nginx -t

Vibhi says:

April 17, 2018 at 6:53 am

getting an permission error Please Help

Reply

John Smith says:

April 24, 2018 at 1:13 am

Is MariaDB still recommended now that MySQL 8.0 is now Generally Available?

MArco Neumann says:

July 2, 2018 at 8:43 am

Im getting error after command: sudo mysql_install_db Installing MariaDB/MySQL system tables in ‘/var/lib/mysql’ … 2018-07-02 14:40:50 140479717828864 [Note] /usr/sbin/mysqld (mysqld 10.1.34-MariaDB-1~xenial) starting as process 920 … 2018-07-02 14:40:50 140479717828864 [ERROR] mysqld: Can’t lock aria control file ‘/var/lib/mysql/aria_log_control’ for exclusive use, error: 11. Will retry for 30 seconds I log out eand then login. every works. What clould have make the error? Thanks Marco

Just For Fun says:

July 12, 2018 at 9:56 pm

After hours of looking for a culprit. This line somehow doesn’t work on google cloud platform wordpress server { listen 80 default_server; listen [::]:80 default_server; server_name _; return 444; } It shutdown the website entirely. I like the idea of this line, so is there any workaround?

H?ctor Varas says:

July 18, 2018 at 2:01 pm

remember stop service mysql before install mariabd and start after mysql_secure_installation

Andrzej Bednorz says:

September 16, 2018 at 8:03 am

Hi. Thanks for the detailed guide. I follow it step by step and I get the following error when I try to install PHP: The following packages have unmet dependencies: php7.2-imap : Depends: libc-client2007e but it is not installable php7.2-zip : Depends: libzip4 (>= 1.0) but it is not installable E: Unable to correct problems, you have held broken packages. I tried cleaning my repositories, and also installing lower versions of PHP both from Ondrejs and from other package repositories but I cannot install all of the packages like in your guide. Any solution to this? Thank you 🙂

Brian Layman says:

December 11, 2018 at 2:43 pm

This article recommends configuring the workers to run under a user that will have sudo access, if I read things correctly. I know you said this is suitable only for single user servers, however, I don’t see how that is an acceptable practice even then.. This seems to be a huge hole in this configuration. It would be much better to teach people how to create the www-data user and group. All that said, thank you for writing and maintaining this article.

Paul says:

December 21, 2018 at 2:02 pm

Hello Ashley, I was wondering if MySQL 8.0 (InnoDB) is faster, particularly for WordPress or is MariaDB 10.3.7 (MyRocks) is the way to go? I cant find much info comparing the two!

Alyson says:

June 13, 2019 at 2:12 pm

During the installation of MariaDB no password was asked and after ignoring that, quite obviously nothing in the next chapters will work. To set the password after the fact I found a working solution in the DO community: sudo mysqld_safe --skip-grant-tables&sudo mysql --user=root mysqlmysql> update user set authentication_string=PASSWORD('new-password') where user='root';flush privileges;quitsudo service mysql restartsudo mysql -u root -pexit

Hosting WordPress Yourself Part 2 – Installing Nginx, PHP and MariaDB

Installing Nginx

PHP-FPM

MariaDB

Catch All Server Block

Ashley Rich

100% No-Risk 30-Day Money Back Guarantee