It handles:
- Server setup (including SSH, security, and firewall configurations)
- WordPress installation and configuration
- SSL certificate installation and redirection to HTTPS
- Performance optimizations (e.g., Redis, PHP OPcache)
- Security hardening (e.g., fail2ban, ModSecurity, PHP hardening)
- Database optimization
- Automatic updates and backups
- Log monitoring with Logwatch
- SSH access hardening
- Fail2ban installation and configuration
- Automatic SSL certificate installation and renewal using Let's Encrypt
- Secure PHP settings and Nginx configurations
- Firewall configuration using UFW
- Automatic security updates for system and WordPress
Performance Optimization:
- Redis installation and configuration for object caching
- PHP OPcache for improved PHP performance
- GZIP compression and HTTP/2 enabled in Nginx
- Caching headers for static files
- Image optimization (e.g., OptiPNG, JPEGoptim)
Site Configuration:
- Nginx server blocks (virtual hosts) for each WordPress site
- Automatic database and WordPress installation for multiple sites
- Regular updates for WordPress core and plugins via cron jobs
Backup Automation:
- Automated backups of WordPress databases and files using `wp-cli` and cron jobs
Log Monitoring:
- Install Logwatch for log monitoring and daily summaries
- A fresh Ubuntu/Debian server - A domain name pointed to the server for SSL (Let's Encrypt)
- SSH access with root privileges
- Nginx, MariaDB, PHP, and Redis installed
You can either clone the GitHub repository or download the script.
git clone https://github.com/rkruk/Ubuntu-Nginx-PHP-Redis.git
cd Ubuntu-Nginx-PHP-Redis
- Update the Script (Optional)
If necessary, update the script to fit your server environment. You may want to adjust paths, usernames, or configurations for specific sites.
3. Make the Script Executable
Ensure that the script is executable by running:
chmod +x wordpress-setup.sh
- Run the Script
Execute the script with root privileges to begin the installation:
sudo ./wordpress-setup.sh
- Follow the Prompts
The script will ask you for the following information during the setup:
- WordPress Admin Username: The admin username for the WordPress sites.
- WordPress Admin Password: The admin password for WordPress.
- MySQL Root Password: The password for the MySQL root user.
- Number of Sites: How many WordPress sites you want to install.
- Database Password for Each Site: Each site’s database password.
- Site Domain Names: The domain names for each WordPress site (e.g., example.com).
6. Verify the Installation
Once the script completes, the following will be set up:
- Nginx virtual hosts for each WordPress site
- SSL certificates for each site with automatic HTTPS redirection
- Redis configured for object caching
- PHP OPcache enabled for better PHP performance
- Fail2ban set up to protect against brute-force attacks
- Firewall (UFW) configured to allow OpenSSH and Nginx traffic
- PHP security and hardening applied
- Automated backups and updates for WordPress
- Logwatch installed for log monitoring
7. Check the Logs and SSL Certificates
You can check the status of your SSL certificates and log monitoring:
# Check SSL Certificate Renewal
sudo certbot renew --dry-run
# Check Logwatch Reports
sudo logwatch --detail high --service http --range today --format text
Additional Configuration (Optional)
A. Install WordPress Security Plugins (e.g., Wordfence or Sucuri)
WordPress plugins like Wordfence or Sucuri can provide additional layers of protection. You can install them manually via the WordPress admin panel or use wp-cli:
wp plugin install wordfence --activate
B. Configure Database and WordPress Backup Automation
The script sets up basic database and file backup automation using cron jobs. If you want more frequent backups or custom schedules, you can modify the cron job schedules in /etc/crontab.
# Example cron job for daily backups (customize as needed)
0 0 * * * wp db export --path=/var/www/html --add-drop-table /backups/$(date +\%F).sql
C. Optimize the Database
You can set up a cron job to automatically optimize your WordPress database periodically:
# Example cron job for database optimization
0 2 * * * wp db optimize --path=/var/www/html
D. Performance Enhancements with Varnish (Optional)
For high-traffic sites, consider installing and configuring Varnish as a reverse proxy to further speed up your WordPress sites.
Troubleshooting
- SSL Not Working: Ensure your domain is correctly pointed to the server and you’ve configured Nginx to handle SSL.
- WordPress Not Accessible: Check Nginx logs (/var/log/nginx/access.log) and WordPress error logs (wp-content/debug.log) for issues.
- Redis Not Connecting: Make sure Redis is running (sudo systemctl status redis-server) and that WordPress is properly configured for Redis caching.
Security Considerations - Regularly check logs and monitor your server’s health.
- Use strong, unique passwords for WordPress admin and database accounts.
- Set up automatic security updates for your OS and WordPress.
- Ensure your SSL certificates are automatically renewed.
- Review your firewall settings periodically to block unnecessary traffic.
License
This script is open-sourced and can be freely modified for personal or commercial use.
Please contribute improvements and report issues via the repository's issue tracker.
Thank you for any tips, improvements, recommendations or questions.