WordPress in Debian 9 (nginx, MariaDB, PHP, Redis)

Last revision: 26 of April of 2020

Table of contents

Here we left a small manual you of installation from an installation of basic operating system of Debian 9.

Forming the Operating system

Once the operating system is installed, first that we will form will be the hour of the servant. In this case we will form the hour zone of Madrid.

timedatectl set-timezone €˜Europe/Madrid€™ timedatectl set-NTP on

The following thing that we will do is to verify the version of the operating system and, later, to make a complete update of the same.

update lsb_release - to apt - and && apt - and upgrade && apt - and dist-upgrade && apt - and autoremove

Once this all updated, we installed some tools and software base that can be useful to have in the system.

apt - and install software-properties-common curl vim unzip ufw dirmngr

Installation of MariaDB

The following step will be the installation of the data base. In this case we are going to use MariaDB 10.3. First that we will do will be to form the unloading, and later its installation.

apt-key adv --recv-keys --to keyserver hkp://keyserver.ubuntu.com:80 0xF1656F24C74CD1D8 add-apt-repository €˜deb [arch=amd64, arm64, ppc64el] http://tedeco.fi.upm.es/mirror/mariadb/repo/10.3/debian stretch main€™ apt - and update && apt - and upgrade && apt - and dist-upgrade && apt - and autoremove apt - and install mariadb-server mariadb-client

Now that is installed, we will come to the initial configuration. For it we will use the system safe installation, that it will do some questions to us.


To the question of if we want to change the password, following if we have put or not in the installation, we will change it. In case of not to have put no, is very recommendable to put a safe password to him.

Set root password? [Y/n]: And

The rest of questions, we will answer the following thing:

Remove anonymous users? [Y/n]: And Disallow root login remotely? [Y/n]: And Remove test database and Access to it? [Y/n]: And Reload privilege tables now? [Y/n]: And

At this moment already we will have the data base formed. Now we will cause that one executes in re homes of the system and we will initiate it.

systemctl stop mysql.service systemctl start mysql.service

Installation of nginx

At this moment we have the data base formed and are going to come to the installation from the Web server. In this case we are going to use nginx. In order to be, we will not use the version that comes with the operating system, but more updated and maintained.

apt - and update && apt - and upgrade && apt - and dist-upgrade && apt - and autoremove apt - and install nginx nginx-extras

Now that we have nginx installed, we are going it to form so that one automatically begins in re homes of the system.

systemctl stop nginx.service systemctl inable nginx.service systemctl start nginx.service

Installation of PHP

At this moment already we have the Web server, reason why we are going to install and to form PHP so that he correctly works with the Web server and data base. In this case we are going to install version PHP 7.3. First we will make the installation of the up-to-date packages more (than they are not those that come with the operating system) and that in case of needing it, in addition, would allow us to have several versions of PHP in parallel.

apt - and install apt-transport-https lsb-release CA-certificates wget - Or /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg sh - c €˜I throw €œdeb https://packages.sury.org/php/ $ (it lsb_release - sc) main€ > /etc/apt/sources.list.d/php.list€™ apt - and update && apt - and upgrade && apt - and dist-upgrade && apt - and autoremove apt - and install php7.3 php7.3-fpm php7.3-common php7.3-dev php7.3-cli php7.3-bcmath php7.3-curl php7.3-gd php7.3-imap php7.3-json php7.3-mbstring php7.3-mysql php7.3-opcache php7.3-soap php7.3-XML php7.3-xmlrpc php7.3-zip php-imagick php-libsodium php-ssh2 php-xdebug libgeoip-dev

In some cases, the Integra system Apache httpd of series, reason why we will make a cleaning, in case it is something of installed him.

apt - and purge apache2*

Now that already we have installed PHP correctly, we are going to activate it so that when it is reinitiated the system is executed automatically.

systemctl stop php7.3-fpm.service systemctl inable php7.3-fpm.service systemctl start php7.3-fpm.service

Installation of Redis

In order to work with some improvements in the yield of the cache of objects, we are going to let ready Redis as storage system.

apt - and update && apt - and upgrade && apt - and dist-upgrade && apt - and autoremove apt - and install redis-server php-redis

Later, and of the same form that the rest of elements, we are going it to form so that one begins automatically if the servant is reinitiated.

systemctl stop redis-server.service systemctl inable redis-server.service systemctl start redis-server.service

Configuration of the HTTPS

As we are going to mount our Web on a safe Web server (HTTPS), we will need to install the certificate generator of Let's Encrypt, previously so that we will prepare the systems for the creation of safe keys.

openssl dhparam - out /etc/ssl/certs/dhparam.pem 2048

And at this moment we will install the system of certificate creation certbot.

apt - and update && apt - and upgrade && apt - and dist-upgrade && apt - and autoremove apt - and install certbot python-certbot-nginx

So that the certificates are updated automatically, we will once activate a task programmed (cron) to the day that automatically renews certificates.

crontab - e

Once inside, we will form, for example, that executes to the 06:45 every morning.

45 6 * * * certbot renew --dry-run

Configuration of firewall

In order to finish, we are going to activate the Firewall and to later let only open to the ports of SSH (by which we are working at the moment) and the ports Web, leaving the inactive rest.

ufw app list ufw allow €˜smtp€™ ufw allow €˜OpenSSH€™ ufw allow €˜Nginx Full€™ ufw inable

As of this moment we can reinitiate the machine if we want, and we will already have it list to begin its use and to mount the websites.