Hello everyone, this time I will discuss about installing wordpress with nginx and varnish.
So please take a look guys đ
Step 1: Install Important updates
apt update && apt upgrade -y Step 2: Install & Configure MySQL
apt install -y mysql-server mysql-client
mysql_secure_installation
While this command is running, youâll need to enter the following:
- Validate password component: answer y or n, but if you answer y, you will need to specify the complexity in a single digit form, 0 being LOW, and 2 being HIGH.
- Enter and renter a new password for the root user.
- Remove anonymous users?: y
- Disallow root login remotely?: y
- Remove test database and access to it?: y
- Reload privilege tables now?: y
Now, you will run the following command to login to MySQL as the root user:
Now, you will run the following command to login to MySQL as the root user:
mysql -u root Create user and db for wordpress.
CREATE DATABASE wordpress;
CREATE USER 'wpuser'@'localhost' IDENTIFIED BY 'passwordnyastrong';
GRANT ALL PRIVILEGES ON wordpress.* TO 'wpuser'@'localhost';
FLUSH PRIVILEGES; exitStep 3: Install & Configure Nginx and PHP
apt install -y nginx php-fpm php-mysql php-curl php-gd php-intl php-mbstring php-soap php-xml php-xmlrpc php-zip Konfig nginx menggunakan port 8080 dan sesuaikan path berikut.
nano /etc/nginx/sites-available/web.local
server
{ listen 8080;
index index.php index.html index.htm;
server_name web.local; root /var/www/html;
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ { expires max; log_not_found off; }
expires max;
log_not_found off;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}We can now enable our new configuration:
ln -s /etc/nginx/sites-available/web.local /etc/nginx/sites-enabled/ and disable the default configuration:
unlink /etc/nginx/sites-enabled/defaultand finally, to reload all the configurations, weâll restart Nginx:
systemctl restart nginx Step 4: Install & Configure WordPress
cd /var/www
wget http://wordpress.org/latest.tar.gz
tar -xzf latest.tar.gz
mv wordpress/* html/
rm -rf wordpress/ latest.tar.gz
chown -R www-data: html/
find html/ -type d -exec chmod 750 {} \;
find html/ -type f -exec chmod 640 {} \; Now, go to https://api.wordpress.org/secret-key/1.1/salt/ and save the contents in the webpage to the side for a moment.
nano /var/www/html/wp-config.php
<?php
define( 'DB_NAME', 'wordpress' );
define( 'DB_USER', 'wpuser' );
define( 'DB_PASSWORD', 'H62u=sxTk' );
define( 'DB_HOST', 'localhost' );
define( 'DB_CHARSET', 'utf8' );
define( 'DB_COLLATE', '' );
/** ADD SECRETS HERE */
define('AUTH_KEY', '7,jj[b9.SB=Q^;8IOVIisKm!ee]QR=k$Fa@SWAC]JF;I,}Zq4+/noQM$;uf T%2+');
define('SECURE_AUTH_KEY', 'D{U&6S$oi 3uZqN|?F&kLK?fKGI2~lxsW<AjL~,vgU-rhs.}5SZR)J|pZoOTl@{}');
define('LOGGED_IN_KEY', 'kH@+ZybL*t2l6oF1w~|RZ%V6Jho]9uzanHJuL8Uo%5HQ!){RJpl!sc1?Mt6@jShB');
define('NONCE_KEY', 'Yj-ZTMl7lbN4/cUxOkU>utm0PXf^Ssix>rQ5LIa=qFgUtb z>I`?456avhRv-qu+');
define('AUTH_SALT', 'jc8U+[/swAHBbSwwzjM~_*T4}+(x>zJ5x-4AsI!;Kp+0FgSZ}8RN<LM7UEN(>]Y5');
define('SECURE_AUTH_SALT', 'r3phrE9[96KCe_-UekIzK-&E~+!kv<D+V&p)XD#X~42V.5+BRr%C^0>Yjqa+,>8*');
define('LOGGED_IN_SALT', '.@ow{dr-{)JEzpQmWGf$,_qlK0H/w$ZA&YsXKM1Hz7.TYM&UGpBaNj[vcsktQ#HN');
define('NONCE_SALT', ']Xl7CmM2@)P.0O?r%_ Aw|)>[*#-Sl:&x| lCr[Zqk1-^0n?,B(B$0V| evp!(Ue');
/** WordPress database table prefix. */
$table_prefix = 'wp_';
/** WordPress debug mode */
define( 'WP_DEBUG', false );
/** Force SSL with varnish proxy */
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) {
$_SERVER['HTTPS']='on';
}
/************************************************* */
/** IMPORTANT: Do not add anything below this line */
/************************************************* */
/** Absolute path to the WordPress directory. */
if ( ! defined( 'ABSPATH' ) ) {
define( 'ABSPATH', __DIR__ . '/' );
}
/** Sets up WordPress vars and included files. */
require_once ABSPATH . 'wp-settings.php';
?>Now, Letâs set the owner and permission of the wp-config.php file:
chown www-data: /var/www/html/wp-config.php
chmod 600 /var/www/html/wp-config.php Part 2: Configuring the Cache Server
apt install -y varnishKonfigurasi varnish untuk wordpress
nano /etc/varnish/default.vcl
vcl 4.1;
# Default backend definition. Set this to point to your content server.
backend default {
.host = "127.0.0.1";
.port = "8080";
}
#purge request
acl purge {
"127.0.0.1";
}
sub vcl_recv {
# pass indexing robots
if (req.http.User-Agent) {
if (req.http.User-Agent ~ "^facebookexternalhit" || #bot
req.http.User-Agent ~ "Googlebot" || #bot
req.http.User-Agent ~ "bingbot" || #bot
req.http.User-Agent ~ "AhrefsBot" || #bot
req.http.User-Agent ~ "YandexBot" || #bot
req.http.User-Agent ~ "^Baiduspider") { #uptime monitor
return (pass);
}
}
# Pass logged in WordPress users and any console url's directly to backend with any modification.
# pass wp-admin urls
if (req.url ~ "(wp-login|wp-admin)" || req.url ~ "preview=true" || req.url ~ "xmlrpc.php") {
return (pass);
}
# pass wp-admin cookies
if (req.http.cookie) {
if (req.http.cookie ~ "(wordpress_|wp-settings-)") {
return(pass);
}
}
#catch any non-cacheable sessions and / or WP console pages.
if (req.http.Authorization ||
#req.http.Cookie ||
req.url ~ "wp-(login|admin|comments-post.php|cron.php)" ||
req.url ~ "preview=true" ||
req.url ~ "xmlrpc.php") {
return (pass);
}
# we probably caught all of the logged in WordPress users already, but just in case ...
if (req.http.User-Agent) {
if (req.http.User-Agent ~ "^Wordpress") {
return (pass);
}
}
# Do everything we can to make each remaining request cacheable.
if (req.url ~ "\.(gif|jpg|jpeg|svg|swf|ttf|css|js|flv|mp3|mp4|pdf|ico|png)(\?.*|)$") {
unset req.http.cookie;
set req.url = regsub(req.url, "\?.*$", "");
}
# drop tracking params
if (req.url ~ "\?(utm_(campaign|medium|source|term)|adParams|client|cx|eid|fbid|feed|ref(id|src)?|v(er|iew))=") {
set req.url = regsub(req.url, "\?.*$", "");
}
if (req.http.Accept-Encoding) {
if (req.url ~ "\.(jpg|png|gif|gz|tgz|bz2|tbz|mp3|ogg)$") {
# No point in compressing these
unset req.http.Accept-Encoding;
} elsif (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
# unkown algorithm
unset req.http.Accept-Encoding;
}
}
# handling purge requests
if (req.method == "PURGE") {
if (client.ip !~ purge) {
return (synth(405));
}
if (req.http.X-Purge-Method == "regex") {
ban("req.url ~ " + req.url + " && req.http.host ~ " + req.http.host);
return (synth(200, "Banned."));
} else {
return (purge);
}
}
}
sub vcl_backend_response {
# this will cache content for 24 hours, with a grace of 1h.
set beresp.ttl = 24h;
set beresp.grace = 1h;
}
sub vcl_deliver {
# Happens when we have all the pieces we need, and are about to send the
# response to the client.
#
# You can do accounting or modifying the final object here.
}Ganti port varnish menjadi 80.
nano /etc/systemd/system/multi-user.target.wants/varnish.service
[Unit]
Description=Varnish Cache, a high-performance HTTP accelerator
Documentation=https://www.varnish-cache.org/docs/ man:varnishd
[Service]
Type=simple
# Maximum number of open files (for ulimit -n)
LimitNOFILE=131072
# Locked shared memory - should suffice to lock the shared memory log
# (varnishd -l argument)
# Default log size is 80MB vsl + 1M vsm + header -> 82MB
# unit is bytes
LimitMEMLOCK=85983232
ExecStart=/usr/sbin/varnishd \
-j unix,user=vcache \
-F \
-a :80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,2g
ExecReload=/usr/share/varnish/varnishreload
ProtectSystem=full
ProtectHome=true
PrivateTmp=true
PrivateDevices=true
[Install]
WantedBy=multi-user.targetReload
Weâll now reload the varnish.service configuration:
systemctl daemon-reload
systemctl start varnishPart 3: Configuring WordPress for the Cache Server
Step 1: Finish Setting Up WordPress
http://10.10.10.133/wp-admin/install.php
Step 2: Setup Proxy Cache Purge Plugin
Once youâre logged in to the WordPress admin dashboard, in the left hand menu, hover over Plugins, and click on Add New.
Towards the top right, there is a search bar. Search for âProxy Cache Purgeâ. Install the Proxy Cache Plugin by Mika Epstein.
cek log varnish, sambil webnya di buka.http://10.10.10.133/2022/08/30/test-pic/
varnishlog -g rawroot@faat-varnish:~# varnishlog -g raw
0 CLI - Rd ping
0 CLI - Wr 200 19 PONG 1661832328 1.0
32790 Begin c sess 0 HTTP/1
32790 SessOpen c 192.168.2.5 2832 a0 10.10.10.133 80 1661832330.819729 24
32790 Link c req 32791 rxreq
20 Begin c sess 0 HTTP/1
20 SessOpen c 192.168.2.5 2833 a0 10.10.10.133 80 1661832330.823740 23
32791 Begin c req 32790 rxreq
32791 Timestamp c Start: 1661832330.819928 0.000000 0.000000
32791 Timestamp c Req: 1661832330.819928 0.000000 0.000000
32791 VCL_use c boot
32791 ReqStart c 192.168.2.5 2832 a0
32791 ReqMethod c GET
32791 ReqURL c /2022/08/30/test-pic/
32791 ReqProtocol c HTTP/1.1
32791 ReqHeader c Host: 10.10.10.133
32791 ReqHeader c Connection: keep-alive
32791 ReqHeader c Cache-Control: max-age=0
32791 ReqHeader c Upgrade-Insecure-Requests: 1
32791 ReqHeader c User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
32791 ReqHeader c Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
32791 ReqHeader c Referer: http://10.10.10.133/
32791 ReqHeader c Accept-Encoding: gzip, deflate
32791 ReqHeader c Accept-Language: en-US,en;q=0.9
32791 ReqHeader c Cookie: wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_0712d6dcb00c68e36bcb708659454562=ngadminwp%7C1661933833%7CpESOhwDYtU5LIV86kDi6HjabjkWJ3rtYVKALyklnoC9%7C17974c49c4fb1255b51102e43245f996888cf92f1ec73e799397e81d012d662b; wp-settings-t
32791 ReqHeader c X-Forwarded-For: 192.168.2.5
32791 VCL_call c RECV
32791 VCL_return c pass
32791 VCL_call c HASH
32791 VCL_return c lookup
32791 VCL_call c PASS
32791 VCL_return c fetch
32791 Link c bereq 32792 pass
32791 Timestamp c Fetch: 1661832331.186292 0.366363 0.366363
32791 RespProtocol c HTTP/1.1
32791 RespStatus c 200
32791 RespReason c OK
32791 RespHeader c Server: nginx/1.18.0 (Ubuntu)
32791 RespHeader c Date: Tue, 30 Aug 2022 04:05:31 GMT
32791 RespHeader c Content-Type: text/html; charset=UTF-8
32791 RespHeader c Expires: Wed, 11 Jan 1984 05:00:00 GMT
32791 RespHeader c Cache-Control: no-cache, must-revalidate, max-age=0
32791 RespHeader c X-Pingback: http://10.10.10.133/xmlrpc.php
32791 RespHeader c Link: <http://10.10.10.133/wp-json/>; rel="https://api.w.org/"
32791 RespHeader c Link: <http://10.10.10.133/wp-json/wp/v2/posts/9>; rel="alternate"; type="application/json"
32791 RespHeader c Link: <http://10.10.10.133/?p=9>; rel=shortlink
32791 RespHeader c Content-Encoding: gzip
32791 RespHeader c Vary: Accept-Encoding
32791 RespHeader c X-Varnish: 32791
32791 RespHeader c Age: 0
32791 RespHeader c Via: 1.1 varnish (Varnish/6.6)
32791 VCL_call c DELIVER
32791 VCL_return c deliver
32791 Timestamp c Process: 1661832331.186469 0.366540 0.000176
32791 Filters c
32791 RespHeader c Accept-Ranges: bytes
32791 RespHeader c Connection: keep-alive
32791 RespHeader c Transfer-Encoding: chunked
32791 Timestamp c Resp: 1661832331.187410 0.367481 0.000940
32791 ReqAcct c 815 0 815 649 15777 16426
32791 End c
32792 Begin b bereq 32791 pass
32792 VCL_use b boot
32792 Timestamp b Start: 1661832330.821948 0.000000 0.000000
32792 BereqMethod b GET
32792 BereqURL b /2022/08/30/test-pic/
32792 BereqProtocol b HTTP/1.1
32792 BereqHeader b Host: 10.10.10.133
32792 BereqHeader b Cache-Control: max-age=0
32792 BereqHeader b Upgrade-Insecure-Requests: 1
32792 BereqHeader b User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36
32792 BereqHeader b Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
32792 BereqHeader b Referer: http://10.10.10.133/
32792 BereqHeader b Accept-Encoding: gzip, deflate
32792 BereqHeader b Accept-Language: en-US,en;q=0.9
32792 BereqHeader b Cookie: wordpress_test_cookie=WP%20Cookie%20check; wordpress_logged_in_0712d6dcb00c68e36bcb708659454562=ngadminwp%7C1661933833%7CpESOhwDYtU5LIV86kDi6HjabjkWJ3rtYVKALyklnoC9%7C17974c49c4fb1255b51102e43245f996888cf92f1ec73e799397e81d012d662b; wp-settings-t
32792 BereqHeader b X-Forwarded-For: 192.168.2.5
32792 BereqHeader b X-Varnish: 32792
32792 VCL_call b BACKEND_FETCH
32792 VCL_return b fetch
32792 Timestamp b Fetch: 1661832330.822042 0.000093 0.000093
32792 Timestamp b Connected: 1661832330.822905 0.000956 0.000862
32792 BackendOpen b 27 default 127.0.0.1 8080 127.0.0.1 37270 connect
32792 Timestamp b Bereq: 1661832330.824031 0.002082 0.001125
32792 Timestamp b Beresp: 1661832331.181261 0.359312 0.357230
32792 BerespProtocol b HTTP/1.1
32792 BerespStatus b 200
32792 BerespReason b OK
32792 BerespHeader b Server: nginx/1.18.0 (Ubuntu)
32792 BerespHeader b Date: Tue, 30 Aug 2022 04:05:31 GMT
32792 BerespHeader b Content-Type: text/html; charset=UTF-8
32792 BerespHeader b Transfer-Encoding: chunked
32792 BerespHeader b Connection: keep-alive
32792 BerespHeader b Expires: Wed, 11 Jan 1984 05:00:00 GMT
32792 BerespHeader b Cache-Control: no-cache, must-revalidate, max-age=0
32792 BerespHeader b X-Pingback: http://10.10.10.133/xmlrpc.php
32792 BerespHeader b Link: <http://10.10.10.133/wp-json/>; rel="https://api.w.org/"
32792 BerespHeader b Link: <http://10.10.10.133/wp-json/wp/v2/posts/9>; rel="alternate"; type="application/json"
32792 BerespHeader b Link: <http://10.10.10.133/?p=9>; rel=shortlink
32792 BerespHeader b Content-Encoding: gzip
32792 VCL_call b BACKEND_RESPONSE
32792 TTL b VCL 86400 0 0 1661832331 uncacheable
32792 TTL b VCL 86400 3600 0 1661832331 uncacheable
32792 VCL_return b deliver
32792 Timestamp b Process: 1661832331.181398 0.359449 0.000136
32792 Filters b testgunzip
32792 BerespHeader b Vary: Accept-Encoding
32792 Storage b malloc Transient
32792 Fetch_Body b 2 chunked stream
32792 Gzip b u F - 15777 70646 80 80 126145
32792 BackendClose b 27 default recycle
32792 Timestamp b BerespBody: 1661832331.187553 0.365604 0.006155
32792 Length b 15777
32792 BereqAcct b 839 0 839 546 15777 16323
32792 End b
0 CLI - Rd ping
0 CLI - Wr 200 19 PONG 1661832331 1.0
0 CLI - Rd ping
0 CLI - Wr 200 19 PONG 1661832334 1.0
20 SessClose c RX_CLOSE_IDLE 5.003
20 End c
32790 SessClose c RX_CLOSE_IDLE 5.37