This tutorial shows you how to install WordPress with WordOps (Enable Nginx FastCGI Cache)
The VPS used in this article: Vultr (1GB RAM, 1 vCore)
Get $100 of free Vultr credits if you sign up through this link!
Demo domain: blogwp.ovh
Please resolve the domain name to an IP address in advance
Please replace blogwp.ovh with your own domain name.
WordOps is an essential toolset that eases WordPress site and server administration.
WordOps Key Features:
- Easy to install: One step automated installer with migration from EasyEngine v3 support.
- Fast deployment: Fast and automated WordPress, Nginx, PHP, MySQL & Redis installation.
- Custom Nginx build: Nginx 1.18.0 – TLS v1.3, Cloudflare HTTP/2 HPACK & Brotli support.
- Up-to-date: PHP 7.2, 7.3 & 7.4, MariaDB 10.3 & Redis 5.0
- Secured: Hardened WordPress security with strict Nginx location directives
- Powerful: Optimized Nginx configurations with multiple cache backends support.
- SSL: Domain, Subdomain & Wildcard Let’s Encrypt SSL certificates with DNS API support.
- Modern: Strong ciphers_suite, modern TLS protocols and HSTS support (Grade A+ on ssllabs)
- Monitoring: Live Nginx vhost traffic with ngx_vts_module and server monitoring with Netdata.
- User Friendly: WordOps dashboard with server status/monitoring and tools.
WordOps can be installed on :
Ubuntu LTS (Long Term Service) releases (Ubuntu 20.04 LTS & Ubuntu 18.04 LTS)
Also compatible:
Ubuntu 16.04 LTS, Debian 9, Debian 10, Raspbian 9, Raspbian 10
Hardware requirements
Minimum: WordOps is very lightweight, it doesn’t require a lot of resources
~100MB of storage, 512MB RAM
Recommended: However, if you are going to use WordOps in production, some services like MySQL or Redis may need more resources, and running WordOps stacks without enough resources could impact your sites performance. Resources usage also highly depend on your site traffic.
Multi-core CPU, 20GB SSD storage, 2GB RAM
WordOps support VMware, XEN, OpenVZ, KVM, Hyper-V, LXC / LXD virtualization platforms.
The following part is the installation steps
1、Install WordOps
wget -qO wo wops.cc && sudo bash wo[email protected]:~# wget -qO wo wops.cc && sudo bash wo
Welcome to WordOps install/update script v3.12.3
Installing wo dependencies [OK]
Installing WordOps [OK]
Running post-install steps [OK]
WordOps (wo) require an username & and an email address to configure Git (used to save server configurations)
Your informations will ONLY be stored locally
Enter your name: blogwpwpblog
Enter your email: [email protected]
Synchronizing wo database, please wait...
WordOps (wo) installed successfully
To enable bash-completion, just use the command:
bash -l
To install WordOps recommended stacks, you can use the command:
wo stack install
To create a first WordPress site, you can use the command:
wo site create site.tld --wp
WordOps Documentation : https://docs.wordops.net
WordOps Community Forum : https://community.wordops.net
WordOps Community Chat : https://chat.wordops.net
Give WordOps a GitHub star : https://github.com/WordOps/WordOps/Note:
Please replace blogwpwpblog with your own name
Please replace [email protected] with your own email
2、Install WordPress + FastCGI Cache + PHP 7.4 + Let’s Encrypt SSL certificate
wo site create blogwp.ovh --wpfc --php74 --letsencrypt[email protected]:~# wo site create blogwp.ovh --wpfc --php74 --letsencrypt
Start : wo-kernel [OK]
Adding repository for MySQL, please wait...
Adding repository for NGINX, please wait...
Adding repository for PHP, please wait...
Updating apt-cache [OK]
Installing APT packages [OK]
Applying Nginx configuration templates
Testing Nginx configuration [OK]
Restarting Nginx [OK]
Testing Nginx configuration [OK]
Restarting Nginx [OK]
Configuring php7.4-fpm
Restarting php7.4-fpm [OK]
Tuning MariaDB configuration
Stop : mysql [OK]
Start : mysql [OK]
Running pre-update checks [OK]
Setting up NGINX configuration [Done]
Setting up webroot [Done]
Downloading WordPress [Done]
Setting up database [Done]
Configuring WordPress [OK]
Installing WordPress [OK]
Installing plugin nginx-helper [OK]
Setting plugin nginx-helper [OK]
Testing Nginx configuration [OK]
Reloading Nginx [OK]
HTTP Auth User Name: WordOps
HTTP Auth Password : Dh9i5b44i7pBSsU0Lp40LVih
WordOps backend is available on https://45.32.205.204:22222 or https://blogwp-test:22222
WordPress admin user : blogwpwpblog
WordPress admin password : nwd2kS8NzXtMcY1xT9BVD60l
Nginx-Helper configuration : http://blogwp.ovh/wp-admin/options-general.php?page=nginx
Successfully created site http://blogwp.ovh
Certificate type : domain
Validation mode : Webroot challenge
Issuing SSL cert with acme.sh [OK]
Deploying SSL cert [OK]
Securing WordOps backend with current cert
Adding HTTPS redirection [OK]
Updating site url with https [OK]
Testing Nginx configuration [OK]
Reloading Nginx [OK]
Congratulations! Successfully Configured SSL on https://blogwp.ovhAfter performing the above steps, you have installed WordPress, FastCGI Cache, PHP 7.4, and Let’s Encrypt SSL.
Log in to the WordPress Admin Dashboard: https://blogwp.ovh/wp-login.php
WordPress admin user : blogwpwpblog
WordPress admin password : nwd2kS8NzXtMcY1xT9BVD60lYou can update WordPress admin password with the following command:
wo site update blogwp.ovh --passwordThe Nginx Helper plugin also has been installed and activated. “Caching Method” choose “nginx Fastcgi cache”. “Purge Method” choose “Using a GET request to PURGE/url (Default option)”.
You can also clean NGINX FastCGI cache via:
wo clean --fastcgi[email protected]:~# wo clean --fastcgi
Cleaning NGINX FastCGI cache
Testing Nginx configuration [OK]
Restarting Nginx [OK]WordOps Nginx fastcgi_cache cache pages for 24 hours, as set in /etc/nginx/conf.d/fastcgi.conf: fastcgi_cache_valid 200 24h;
Testing WordOps Nginx fastcgi cache:
curl -Ik https://blogwp.ovh/sample-page/[email protected]:~# curl -Ik https://blogwp.ovh/sample-page/
HTTP/2 200
server: nginx
date: Wed, 14 Oct 2020 06:18:04 GMT
content-type: text/html; charset=UTF-8
x-pingback: https://blogwp.ovh/xmlrpc.php
link: <https://blogwp.ovh/wp-json/>; rel="https://api.w.org/"
link: <https://blogwp.ovh/wp-json/wp/v2/pages/2>; rel="alternate"; type="application/json"
link: <https://blogwp.ovh/?p=2>; rel=shortlink
x-powered-by: WordOps
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
x-fastcgi-cache: MISSOn the first request, Nginx returns x-fastcgi-cache: MISS
[email protected]:~# curl -Ik https://blogwp.ovh/sample-page/
HTTP/2 200
server: nginx
date: Wed, 14 Oct 2020 06:20:27 GMT
content-type: text/html; charset=UTF-8
x-pingback: https://blogwp.ovh/xmlrpc.php
link: <https://blogwp.ovh/wp-json/>; rel="https://api.w.org/"
link: <https://blogwp.ovh/wp-json/wp/v2/pages/2>; rel="alternate"; type="application/json"
link: <https://blogwp.ovh/?p=2>; rel=shortlink
x-powered-by: WordOps
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
referrer-policy: no-referrer, strict-origin-when-cross-origin
x-download-options: noopen
x-fastcgi-cache: HITOn the next request, Nginx returns x-fastcgi-cache: HIT
Note:
If you want to install WordPress + Redis Full-page cache + PHP 7.4 + Let’s Encrypt SSL certificate, please execute the following command:
wo site create blogwp.ovh --wpredis --php74 --letsencrypt[email protected]:~# wo site create blogwp.ovh --wpredis --php74 --letsencrypt
Start : wo-kernel [OK]
Adding repository for MySQL, please wait...
Adding repository for NGINX, please wait...
Adding repository for PHP, please wait...
Updating apt-cache [OK]
Installing APT packages [OK]
Applying Nginx configuration templates
Testing Nginx configuration [OK]
Restarting Nginx [OK]
Testing Nginx configuration [OK]
Restarting Nginx [OK]
Configuring php7.4-fpm
Restarting php7.4-fpm [OK]
Tuning MariaDB configuration
Stop : mysql [OK]
Start : mysql [OK]
Tuning Redis configuration [OK]
Restarting redis-server [OK]
Running pre-update checks [OK]
Setting up NGINX configuration [Done]
Setting up webroot [Done]
Downloading WordPress [Done]
Setting up database [Done]
Configuring WordPress [OK]
Installing WordPress [OK]
Installing plugin nginx-helper [OK]
Setting plugin nginx-helper [OK]
Installing plugin redis-cache [OK]
Testing Nginx configuration [OK]
Reloading Nginx [OK]
HTTP Auth User Name: WordOps
HTTP Auth Password : lIPGjYHxIpBqVpaNSkvfWEql
WordOps backend is available on https://45.32.205.204:22222 or https://blogwp-test:22222
WordPress admin user : blogwpwpblog
WordPress admin password : NtgW9eS5LHTsp6mivjw3ICql
Configure redis-cache: http://blogwp.ovh/wp-admin/options-general.php?page=redis-cache
Object Cache: Enable
Successfully created site http://blogwp.ovh
Certificate type : domain
Validation mode : Webroot challenge
Issuing SSL cert with acme.sh [OK]
Deploying SSL cert [OK]
Securing WordOps backend with current cert
Adding HTTPS redirection [OK]
Updating site url with https [OK]
Testing Nginx configuration [OK]
Reloading Nginx [OK]
Congratulations! Successfully Configured SSL on https://blogwp.ovhThe above command will automatically install and activate the “Nginx Helper” plugin and “Redis Object Cache” plugin. But when you remove “Redis Object Cache” plugin, your site will only use full-page cache in redis.
You need “Nginx Helper” plugin to automatically clear the redis full-page cache. After performing the above steps, if everything goes well, you have installed WordPress, Redis Full-page cache, PHP 7.4, Let’s Encrypt SSL certificate.
Note:
Issue an ssl certificate with WordOps and enable HSTS
For an existant site without SSL:
wo site update blogwp.ovh --letsencrypt --hstsFor an existant site already secured with Let’s Encrypt:
wo site update blogwp.ovh --hstsDelete site including webroot and database:
wo site delete blogwp.ovh
wo site delete blogwp.ovh --no-prompt delete website without confirmation prompt
wo site delete blogwp.ovh --files delete only website files
wo site delete blogwp.ovh --db delete only databaseMove into a site webroot directory:
wo site cd blogwp.ovhList all sites managed with WordOps:
wo site listDisplay site Nginx configuration:
wo site show blogwp.ovhDisable site Nginx vhost:
wo site disable blogwp.ovhEnable site Nginx vhost:
wo site enable blogwp.ovh3、Check SSL Installation
4、SSL Test
5、Install Redis Object Cache, In step 2, When you execute this command:
wo site create blogwp.ovh --wpfc --php74 --letsencryptFastCGI Cache has been installed, but if you want to do FastCGI for the Page Cache and Redis for Object Cache, You need to execute the following command:
wo stack install --redisAdditionally, you need to install “Redis Object Cache” plugin to automatically clear the object cache.
You can also clean Redis Object Cache via:
wo clean --redisNote: “Nginx Helper” plugin support for purging redis full-page cache and FastCGI Cache.“Nginx Helper” plugin does not support for purging Redis Object Cache.
6、Change backend credential and Change backend port
The user name and password of WordOps backend is showed when you create a first site. If you don’t remember and want to reset, please use below command:
wo secure --auth7、Install WordOps Dashboard, PHPmyAdmin, Adminer, Opcache, Netdata
wo stack install --adminIf you don’t like it, please do not perform this step. If it is installed, you can remove it via:
wo stack remove --admin(Remove stacks, without removing configurations or data for APT packages)
wo stack purge --admin(Remove and purge stacks, including configurations and data)
8、Get site information
wo site info blogwp.ovh[email protected]:~# wo site info blogwp.ovh
Information about blogwp.ovh (domain):
Nginx configuration wp wpfc (enabled)
PHP Version 7.4
SSL enabled
SSL PROVIDER Lets Encrypt
SSL EXPIRY DATE 89
access_log /var/www/blogwp.ovh/logs/access.log
error_log /var/www/blogwp.ovh/logs/error.log
Webroot /var/www/blogwp.ovh
DB_NAME blogwp_ovh_G1HeQUMj
DB_USER blogwpovhETMo
DB_PASS eJqcpiFI6YVm8L30BGaQvXAZThrough this command you can view the basic information of the website, such as the database user name and password. You can also find the database user name and password in the my.cnf file. my.cnf file is located in the path /etc/mysql/conf.d/my.cnf
Note: You need to use the database user name and password to log in to PHPmyAdmin or Adminer.
9、Access to phpMyAdmin and other tools, default port is 22222
https://45.32.205.204:22222
Access to phpMyAdmin:
https://45.32.205.204:22222/db/pma/
Access to Adminer:
https://45.32.205.204:22222/db/adminer/
phpMyAdmin and Adminer are database management tools.
For more security, the default port should be changed. Change backend port:
wo secure --port[email protected]:~# wo secure --port
WordOps admin port [22222]:25907
Testing Nginx configuration [OK]
Reloading Nginx [OK]
Successfully port changed 25907Now you can use the following links to access phpMyAdmin and other tools:
https://45.32.205.204:25907/
HTTP Auth User Name: WordOps
HTTP Auth Password : Dh9i5b44i7pBSsU0Lp40LVih
Note: Perform step 6 to get the username and password of WordOps backend, if you don’t remember.
10、Manage server stack operations
Stack upgrade
wo stack upgrade --admin Upgrade admin tools stack
wo stack upgrade --nginx Upgrade Nginx stack
wo stack upgrade --php74 Upgrade PHP 7.4 stack
wo stack upgrade --mysql Upgrade MySQL stack
wo stack upgrade --redis Upgrade Rediswo stack upgrade make sure packages repositories are properly added, then it upgrade packages and for main stacks (Nginx, PHP-FPM & MySQL, Redis), it also update configurations from the templates included in the current WordOps release and apply optimizations (especially for MySQL & Redis)
stack remove (without removing configurations or data for APT packages)
wo stack remove <stack> [options]
wo stack remove --all Remove all stacks at oncestack purge (Remove and purge stacks, including configurations and data)
wo stack purge <stack> [options]
wo stack purge --all Remove all stacks at oncestack restart
wo stack restart [options]stack reload
wo stack reload [options]stack start
wo stack start [options]stack stop
wo stack stop [options]stack status
wo stack status [options]11、Install Fail2Ban
wo stack install --fail2ban[email protected]:~# wo stack install --fail2ban
Updating apt-cache [OK]
Installing APT packages [OK]
Restarting fail2ban [OK]
Configuring Fail2Ban
Successfully installed packages12、Install UFW Firewall
wo stack install --ufw[email protected]:~# wo stack install --ufw
Updating apt-cache [OK]
Installing APT packages [OK]
Configuring UFW [OK]
Successfully installed packagesCheck UFW Firewall Status:
ufw status[email protected]:~# ufw status
Status: active
To Action From
-- ------ ----
22 LIMIT Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
123 ALLOW Anywhere
22222 LIMIT Anywhere
37269 LIMIT Anywhere
22 (v6) LIMIT Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
123 (v6) ALLOW Anywhere (v6)
22222 (v6) LIMIT Anywhere (v6)
37269 (v6) LIMIT Anywhere (v6)13、Install Ultimate Nginx bad bots blocker
wo stack install --ngxblocker[email protected]:~# wo stack install --ngxblocker
Downloading ngxblocker [Done]
Testing Nginx configuration [OK]
Restarting Nginx [OK]
Configuring packages [OK]
Successfully installed packages14、Enable Brotli and Disable Gzip
Enable Brotli
mv /etc/nginx/conf.d/brotli.conf.disabled /etc/nginx/conf.d/brotli.conf
Disable Gzip
mv /etc/nginx/conf.d/gzip.conf /etc/nginx/conf.d/gzip.conf.disabled
Restart Nginx to apply changes
wo stack restart --nginx[email protected]:~# wo stack restart --nginx
Testing Nginx configuration [OK]
Restarting Nginx [OK]Brotli Test:
15、HTTP/2 Test
16、Get configuration information related to Nginx, MySQL and PHP
Get Nginx configuration information:
wo info --nginx[email protected]:~# wo info --nginx
NGINX (1.18.0 ):
user www-data
worker_processes auto
worker_connections 50000
keepalive_timeout 8
fastcgi_read_timeout 300
client_max_body_size 100m
allow 127.0.0.1 ::1Get MySQL configuration information:
wo info --mysql[email protected]:~# wo info --mysql
MySQL (10.3.25-MariaDB) on localhost:
port 3306
wait_timeout 60
interactive_timeout 28800
max_used_connections 4
datadir /var/lib/mysql/
socket /var/run/mysqld/mysqld.sock
my.cnf [PATH] /etc/mysql/conf.d/my.cnfGet PHP 7.4 configuration information:
wo info --php74[email protected]:~# wo info --php74
PHP (7.4.11):
user
expose_php Off
memory_limit 128M
post_max_size 100M
upload_max_filesize 100M
max_execution_time 300
Information about www.conf
ping.path /ping
pm.status_path /status
process_manager ondemand
pm.max_requests 1500
pm.max_children 50
pm.start_servers 10
pm.min_spare_servers 5
pm.max_spare_servers 15
request_terminate_timeout 300
xdebug.profiler_enable_trigger off
listen php74-fpm.sock
Information about debug.conf
ping.path /ping
pm.status_path /status
process_manager ondemand
pm.max_requests 1500
pm.max_children 50
pm.start_servers 10
pm.min_spare_servers 5
pm.max_spare_servers 15
request_terminate_timeout 300
xdebug.profiler_enable_trigger on
listen 127.0.0.1:917417、Update WordOps
wo update18、Access the website files (website files are in the following path)
Site files /var/www/blogwp.ovh/htdocs
Perform steps 19, 20, 21 to strengthen VPS security
19、Set custom ssh port
wo secure --sshport 37269[email protected]:~# wo secure --sshport 37269
Restarting ssh [OK]
Successfully changed SSH port to 37269WordOps will automatically allow the new SSH port if UFW is enabled.
20、Setting Up SSH Key
https://blogelegant.com/ uses Hostwinds VPS, setting SSH Key is relatively simple. However, after setting to log in with SSH key, Hostwinds VPS can still log in with password at this time. The next step is to prohibit password login.
21、forbid root authentification with password
To harden SSH security you can use the command:
wo secure --sshAfter performing the above steps, you can only use SSH Key to log in to Putty at this time, and password login has been prohibited.
Additional informations:
Component Path
Site files /var/www/blogwp.ovh/htdocs
wp-config.php /var/www/blogwp.ovh/wp-config.php
Additional Nginx conf /var/www/blogwp.ovh/conf/nginx/
Site access/error logs /var/www/blogwp.ovh/logsNote: You can find MySQL database details in wp-config.php. Such as MySQL database username and MySQL database password.
22、Uninstall WordOps
If you need/want to uninstall WordOps, you can use the following commands :
make a backup of your databases before purging wordops packages
# Purge WordOps stacks (nginx, mysql, php etc..)
wo stack purge --all# Uninstall WordOps
wget -qO wo wops.cc && sudo bash wo --purge23、WordOps Backup
WordOps is easy to use, but it has no backup function, which is a pity. I use WPvivid Backup Plugin to backup my site. WPvivid Backup Plugin free features is enough for me.
Install WPvivid Backup Plugin, set default remote storage. I use Google Drive for my default remote storage.
Back Up Manually, Save Backups to Local or Send Backup to Remote Storage.
WPvivid Backup Plugin Schedule Settings:
Sources:
https://docs.wordops.net/how-to/microcaching-with-nginx/
https://docs.wordops.net/commands/stack/
https://docs.wordops.net/commands/site/