Debian LXC + WordPress + Nginx for SSL
Recently, I just want to build up a WordPress site with my home lab Proxmox server and try avoid to pay WordPress service providers. Also, with self-host, you can get your own domain then link to your own server.
Here is the server system:
Debian 10 (don’t ask me why not to use 11…because Proxmox LXC templates are still 10)
MariaDB as SQL server
PHP to provide PHP support
Nginx everyone know it’s a great web server app, but need to learn more for reverse proxy/load balancer
Ok, for all the application installations are simply and straight forward…just write down the WordPress db user name/password for later WordPress setting. 🙂
We also need to trick some PHP settings as below:
PHP config file path: /etc/php/7.3/fpm/php.ini (depending version different, you might have different number for directory)
Change below settings:
post_max_size = 64M
memory_limit = 256M
max_execution_time = 300
upload_max_filesize = 32M
Now, download WordPress then config wp-config.php for fitting your own server.
Next, we need to get self signed SSL cert for SSL connections; as it’s barebone LXC server, we need install openssl to it. After installation is done, launch below command to generate SSL cert:
1. Create KEY for the server, save name as mydomain.key(you can change it to the file name you like):
genrsa -out mydomain.key 2048
2. Use the key you generated to create certification request csr file(in this step you need input a your personal information):
req -new -key mydomain.key -out mydomain.csr
3. Alright, we have the key and csr and we could generate our own self signed cert:
x509 -req -days 1825 -in mydomain.csr -signkey mydomain.key -out mydomain.crt
4. create PEM certificate from generated crt that can be used for Nginx:
cat mydomain.key mydomain.crt >> mylabs.com.pem
5. After pem file created, I suggest put both pem and key files to same directory and remember the path.
Let’s set up Nginx for SSL connection:
1. Create a config file for WordPress (I suggested to use existing Nginx directory):
nano /etc/nginx/sites-available/wordpress.conf
2. As we need redirect non-secure http(port 80) to https(port 443), so here is what my virtual block setting for WordPress(change www.example.com to your site):
server { #Redirect non-https to https - match both www and non-www
listen 80;
server_name www.example.com example.com;
return 301 https://www.example.com$request_uri;
}
server { #Main server block
listen 443 ssl spdy;
server_name www.example.com;
ssl_certificate /etc/ssl/certs/www.example.com.certchain.crt;
ssl_certificate_key /etc/ssl/private/www.example.com.key;
root /var/www/html/wordpress;
index index.php index.html index.htm;
access_log /var/log/nginx/wordpress_access.log;
error_log /var/log/nginx/wordpress_error.log;
client_max_body_size 64M;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_read_timeout 3600s;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 128k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
}
}
3. You need push virtual block setting to Nginx service:
ln -sf /etc/nginx/sites-available/wordpress.conf /etc/nginx/sites-enabled/
OK, all settings are done; you should either restart both Nginx/PHP services or reboot the server:
systemctl restart nginx
systemctl restart php7.3-fpm
Congratulation, WordPress with secure HTTPS connection is done and it ready for using!