WordPress with Nginx and PHP7 on AWS EC2 and RDS

Posted on

I recently installed wordpress on my EC2 host. Regret a lot that I didn’t note down the steps right away. Now I have to rely on my poor goldfish memory.

Install Packages

Note:

  • I use Amazon Linux.
  • I didn’t install mysql on localhost because I have an RDS instance.
  • My host already has nginx installed.
sudo yum install -y php70 php70-fpm php70-gd
sudo chkconfig php-fpm-7.0 on

Configure PHP-FPM

vim /etc/php-fpm-7.0.d/www.conf

Make sure these are present and uncommented:

user = nginx
group = nginx
listen = 127.0.0.1:9000

Download WordPress

cd /var/www
wget https://wordpress.org/latest.tar.gz
tar xvf latest.tar.gz

Modify permissions. Grant folders 755 and files 644.

sudo chown nginx:nginx -R /var/www/wordpress
sudo find /var/www/wordpress -type d -exec chmod 755 {} \;
sudo find /var/www/wordpress -type f -exec chmod 644 {} \;

Configure Nginx

Create a new nginx site configuration.

vim /etc/nginx/sites-available/blog.otakism.com

With the following content.

server {
    listen 80;
    listen [::]:80;
    listen 443 ssl;
    listen [::]:443 ssl;
    
    server_name blog.otakism.com;
    root /var/www/wordpress;
    charset utf-8;
    
    index index.php index.html;
    
    location / {
        try_files $uri $uri/ /index.php?$args;
    }
    
    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }
    
    location ~ \.php$ {
        fastcgi_intercept_errors on;
        fastcgi_index index.php;
        fastcgi_pass 127.0.0.1:9000;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
    
    location ~ /\. {
        deny all;
    }
    
    location ~* /(?:uploads|files)/.*\.php$ {
        deny all;
    }
    
    ssh_client_certificate /etc/nginx/ssl/cloudflare.pem;
    ssl_verify_client on;
    
    ssl on;
    ssl_certificate /etc/nginx/ssl/otakism.crt.pem;
    ssl_certificate_key /etc/nginx/ssh/otakism.key.pem;
}

Simlink the configuration file to sites-enabled.

ln -s /etc/nginx/sites-available/blog.otakism.com /etc/nginx/sites-enabled/blog.otakism.com

Restart nginx.

sudo service nginx restart

Gotchas

Make sure EC2 can talk to RDS. Set up the RDS security group to allow inbound TCP request to the db port from the EC2 host.

AWSNginxPHPWordpress