If you plan to run high traffic wordpress blog(wordpress nginx), i would suggest to run it in virtual private server (VPS) or dedicated server together with NGINX FastCGI Caching.
Besides the low memory consumption when using Nginx as a web server, it has a fast performance. When you combine Nginx and FastCGI Caching module, you will further enhance the performance of your web application, including a WordPress site.
This can be an alternative to NGINX + Varnish setup that uses caching technology to accelerate the performance of wordpress site.
Nginx FastCGI module has instructions for caching dynamic content that is served through a PHP backend.
When a web page is cached, repeated requests for the same page with quickly returned to a customer by the nginx web server because it comes from the cache location.
The following tutorial will guide you to setup WordPress Nginx in CentOS 7 VPS. This setup has been tested in linode 4GB and ramnode 2GB VPS.
Prerequisites :
a) Assume that the linux CentOS 7 VPS has been setup properly with Mariadb as a database and Nginx as a web server run together with PHP-FPM.
b) You have domain name for your wordpress site and dns record pointing to your VPS ip address.
www.ehowstuff.local -> 10.9.8.7
1. To install Nginx in CentOS run the following commands to create Nginx repository file in CentOS.
vi /etc/yum.repos.d/nginx.repo
[nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=0 enabled=1
2. To install nginx, php, php-mysql MariaDB server, run the following command :
# yum install nginx php php-mysql php-fpm mariadb-server
3. Configure php-fpm :
Below are the configuration value for 4Gb ram VPS :
# vi /etc/php-fpm.d/www.conf
listen = 127.0.0.1:9000 listen.allowed_clients = 127.0.0.1 listen.mode = 0666 user = nginx group = nginx pm = dynamic pm.max_children = 20 pm.start_servers = 15 pm.min_spare_servers = 15 pm.max_spare_servers = 15 pm.max_requests = 500
4. Configure NGINX with FastCGI Caching :
This is the main configuration file for Nginx.
# vi /etc/nginx/nginx.conf
user nginx; worker_processes 2; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; log_format blocked '$time_local: Blocked request from $remote_addr $request'; access_log /var/log/nginx/access.log main; include /etc/nginx/conf.d/common.conf; include /etc/nginx/conf.d/gzip.conf; #FastCGI Cache and other configuration options include /etc/nginx/conf.d/option.conf; #Nginx for WordPress and security include /etc/nginx/conf.d/wordpress.conf; #Configure Nginx Fast-CGI Cache Exceptions include /etc/nginx/conf.d/fastcgi_no_cache.conf; #Multiple wordpress sites container include /etc/nginx/sites-available/*.conf; }
It is recommended to split a custom configuration of the original nginx.conf to make it easier to read and do modification.
# vi /etc/nginx/conf.d/common.conf
# Global configuration file. # ESSENTIAL : Configure Nginx Listening Port listen 80; # ESSENTIAL : Default file to serve. If the first file isn't found, index index.php index.html index.htm; # ESSENTIAL : no favicon logs location = /favicon.ico { log_not_found off; access_log off; } # ESSENTIAL : robots.txt location = /robots.txt { allow all; log_not_found off; access_log off; } # ESSENTIAL : Configure 404 Pages error_page 404 /404.html; # ESSENTIAL : Configure 50x Pages error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # SECURITY : Deny all attempts to access hidden files .abcde location ~ /\. { deny all; } # PERFORMANCE : Set expires headers for static files and turn off logging. location ~* ^.+\.(js|css|swf|xml|txt|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { access_log off; log_not_found off; expires 30d; # expires max; add_header Pragma no-cache; add_header Cache-Control "public"; }
vi /etc/nginx/conf.d/gzip.conf
gzip on; gzip_comp_level 6; gzip_proxied any; gzip_min_length 1100; gzip_buffers 16 8k; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; gzip_types text/css text/x-component application/ecmascript application/json application/pdf application/javascript application/x-javascript text/javascript application/postscript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon; gzip_http_version 1.1; gzip_vary on;
vi /etc/nginx/conf.d/option.conf
## FAST-CGI Configurations fastcgi_cache_path /etc/nginx/cache levels=1:2 keys_zone=WPCACHE:1024m inactive=60m; fastcgi_cache_key "$scheme$request_method$host$request_uri"; fastcgi_cache_use_stale error timeout invalid_header http_500; fastcgi_ignore_headers Cache-Control Expires Set-Cookie; add_header X-Fastcgi-Cache $upstream_cache_status; ## Other server option access_log off; sendfile on; tcp_nopush on; tcp_nodelay on; server_tokens off; keepalive_requests 100000; reset_timedout_connection on; port_in_redirect off; client_body_timeout 1460; client_header_timeout 1460; client_max_body_size 10m; send_timeout 1460; keepalive_timeout 1300;
vi /etc/nginx/conf.d/wordpress.conf
# WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact location / { try_files $uri $uri/ /index.php?q=$uri&$args; } # SECURITY : Deny all attempts to access PHP Files in the uploads directory location ~* /(?:uploads|files)/.*\.php$ { deny all; } # REQUIREMENTS : Enable PHP Support location ~ \.php$ { # SECURITY : Zero day Exploit Protection try_files $uri =404; # ENABLE : Enable PHP, listen fpm sock fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_send_timeout 300s; fastcgi_read_timeout 300s; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_buffer_size 128k; fastcgi_buffers 256 4k; fastcgi_busy_buffers_size 256k; fastcgi_temp_file_write_size 256k; fastcgi_intercept_errors on; ##Added below for fastcgi_cache fastcgi_cache_bypass $no_cache; fastcgi_no_cache $no_cache; fastcgi_cache WPCACHE; fastcgi_cache_valid 200 60m; fastcgi_cache_valid 404 60m; fastcgi_max_temp_file_size 4m; fastcgi_cache_use_stale updating; fastcgi_cache_methods GET HEAD; # Only GET and HEAD methods apply add_header X-Fastcgi-Cache $upstream_cache_status; } # Deny access to htaccess files location ~ /\. { deny all; } # Deny access to .php files in the /wp-content/ directory (including sub-folders) location ~* ^/wp-content/.*.(php|phps)$ { deny all; } ## Block SQL injections location ~* union.*select.*\( {access_log /var/log/nginx/*.*.log blocked; deny all;} location ~* union.*all.*select.* {access_log /var/log/nginx/*.*.log blocked; deny all;} location ~* concat.*\( {access_log /var/log/nginx/*.*.log blocked; deny all;} # ### Block common exploits location ~* (< |%3C).*script.*(>|%3E) {access_log /var/log/nginx/*.*.log blocked; deny all;} location ~* base64_(en|de)code\(.*\) {access_log /var/log/nginx/*.*.log blocked; deny all;} location ~* (%24&x) {access_log /var/log/nginx/*.*.log blocked; deny all;} location ~* (%0|%A|%B|%C|%D|%E|%F|127\.0) {access_log /var/log/nginx/*.*.log blocked; deny all;} location ~* \.\.\/ {access_log /var/log/nginx/*.*.log blocked; deny all;} location ~* ~$ {access_log /var/log/nginx/*.*.log blocked; deny all;} location ~* proc/self/environ {access_log /var/log/nginx/*.*.log blocked; deny all;} location ~* /\.(htaccess|htpasswd|svn) {access_log /var/log/nginx/*.*.log blocked; deny all;} # ### Block file injections location ~* [a-zA-Z0-9_]=(\.\.//?)+ {access_log /var/log/nginx/*.*.log blocked; deny all;} location ~* [a-zA-Z0-9_]=/([a-z0-9_.]//?)+ {access_log /var/log/nginx/*.*.log blocked; deny all;} # ### wordpress security location ~* wp-config.php {access_log /var/log/nginx/*.*.log blocked; deny all;} location ~* wp-admin/includes {access_log /var/log/nginx/*.*.log blocked; deny all;} location ~* wp-admin/setup-config.php {access_log /var/log/nginx/*.*.log blocked; deny all;} location ~* wp-app\.log {access_log /var/log/nginx/*.*.log blocked; deny all;} location ~* (licence|readme|license)\.(html|txt) {access_log /var/log/nginx/*.*.log blocked; deny all;} # PLUGINS : Enable Rewrite Rules for Yoast SEO SiteMap rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last; rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last; rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml$ "/index.php?xml_sitemap=params=$2" last; rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml\.gz$ "/index.php?xml_sitemap=params=$2;zip=true" last; rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html$ "/index.php?xml_sitemap=params=$2;html=true" last;
Configure Cache Exceptions :
vi /etc/nginx/conf.d/fastcgi_no_cache.conf
set $no_cache 0; # POST requests and URLs with a query string should always go to PHP if ($request_method = POST) { set $no_cache 1; } if ($query_string != "") { set $no_cache 1; } # Don't cache URIs containing the following segments if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php |sitemap(_index)?.xml") { set $no_cache 1; } # Don't use the cache for logged-in users or recent commenters if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass |wordpress_no_cache|wordpress_logged_in") { set $no_cache 1; }
# mkdir -p /etc/nginx/sites-available
vi /etc/nginx/sites-available/ehowstuff.local.conf
Add below information :
server { listen 80; server_name ehowstuff.local; rewrite ^/(.*)$ http://www.ehowstuff.local/$1 permanent; } server { server_name www.ehowstuff.local; root /var/www/html/ehowstuff; access_log /var/log/nginx/ehowstuff.local.access.log; error_log /var/log/nginx/ehowstuff.local.error.log;
3. Create a database for wordpress site with your prefered user and password :
MariaDB [wordpressdb]> CREATE DATABASE wordpressdb; MariaDB [wordpressdb]> CREATE USER 'wordpressuser'@'localhost' IDENTIFIED BY 'wordpresspassword'; MariaDB [wordpressdb]> GRANT ALL PRIVILEGES ON wordpressdb.* to wordpressuser@localhost;
Extract the wordpress file into web server root directory :
# cd /var/www/html/ # wget http://wordpress.org/latest.tar.gz # tar xzvf latest.tar.gz # mv wordpress /var/www/html/ehowstuff
You can follow this steps to install wordpress on CentOS.
4. Start the services and make it auto start at boot :
# systemctl restart nginx && systemctl restart php-fpm && systemctl restart mariadb # systemctl enable nginx && systemctl enable php-fpm && systemctl enable mariadb