Sign In
Sign In

How to Install Caddy Web Server on Ubuntu 22.04

How to Install Caddy Web Server on Ubuntu 22.04
Umair Khurshid
Technical writer
Ubuntu
07.02.2025
Reading time: 7 min

Caddy is a cross-platform web server built in the Go and uses HTTPS by default. It stands out for its ease of use and simple configuration. It is known for being easy to configure, especially for users who do not have much experience with web server administration. 

Unlike other web servers, Caddy is designed to work with HTTPS out of the box and has integration with Let's Encrypt, allowing you to automatically receive and renew certificates.

Below, we will explain how to install Caddy on Ubuntu 22.04 and how to configure it.

Why Use Caddy?

Why do you need Caddy and what does it offer compared to Apache or Nginx? As we said above: simplicity and security. You do not need to configure encryption parameters and protocol usage, Caddy will do everything out of the box, and in the best possible way, using the most modern technologies. It has the latest features such as HTTP/2, IPv6, Markdown, WebSockets, CreateCGI, templates, and other standard features.

The configuration itself is extremely simple, you need to set a minimum of options to get a working server, but at the same time you can manage it quite flexibly, redefining the necessary parameters. The only downside is compatibility with old systems, as Caddy automatically disables outdated protocols and ciphers.

Installing the Caddy Web Server via Cloudsmith 

There are four different methods to install Caddy. We can do it by simply downloading the executable binary, by compiling the source code, using docker image, or installing it from the repository. In this article, we will do the latter.

Before we start installing the Caddy web server, it is recommended that we first update the Ubuntu host system and at the same time update the package sources. We always want to benefit from the most recent releases and prefer to avoid outdated software packages.

Perform updates and upgrades:

sudo apt update && sudo apt upgrade -y

Installing Caddy requires appropriate sudo permissions on the host system. To install Caddy on Linux Ubuntu 22.04, we first start by setting up the necessary dependencies:

apt install gnupg curl apt-transport-https debian-keyring debian-archive-keyring -y

Once the installation of all dependencies for the web server has been successfully completed, we need to add the GPG key using the following command:

curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg

Next we have to add the Caddy repository to the APT sources list, allowing Caddy to be installed from this repository:

curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list

Update the package sources:

sudo apt update -y

Finally, the Caddy can be installed via the command line. At this point, all prerequisites, and preparations for the installation have been successfully completed. Run the command below to install.

sudo apt install caddy -y

Now that the web server has been installed on the Linux host system, the service just needs to be activated. We do this with the following command.

sudo systemctl enable --now caddy

The version you just installed can be validated with the following command:

caddy version

Is a version number displayed? Then Caddy has been successfully installed on the system.

Caddy Configuration

The internal format of the caddy configuration is stored in JSON format and can be managed online via REST API, a more classic format of setting via a configuration file is also available, for this purpose the configuration file /etc/caddy/Caddyfile is used. 

It already contains an example of the configuration, and we only need to correct it. Please note that the indents in the file are formed strictly using tabulation and two, four, six, etc. indents should be used, otherwise you will receive a warning about incorrect formatting of the configuration file.

Set up a Static Site

If we want to set a website with Caddy over the local network or over the Internet, we have to save the files and subdirectories associated with the website in the www directory.

To do this, we first create a new directory for the output of a web page:

sudo mkdir -p /var/www/html
cd /var/www/html

Create a website index with the editor:

sudo nano index.html

Copy the following content and paste this example page into the index.html:

<!DOCTYPE html> 
<html> 
<head> 
  <meta charset="UTF-8"> 
  <title>Hello, I'm Caddy, your reliable web server!</title> 
</head> 
<body> 
<p>Great projects can be created here! All that is needed is HTML and CSS knowledge, rounded off with a little JavaScript.</p> 
</body> 
</html>

Now we need to edit the Caddy configuration file so that the web page can be displayed. To do this, execute the following commands from your system.

sudo nano /etc/caddy/Caddyfile 

Edit:

:80 { 
# Path of the website 
root * /var/www/html/

The website should now be accessible via the IP address from the local network.

Image1

If you want to make the website accessible via the Internet, the web ports (80/443) must be released for the server IP address within the NAT settings in the router/firewall.

Set up a Domain

To set up a domain, you first need to specify the domain's A/AAAA DNS records on this server in the DNS control panel. Then create a document root directory for the website in the /var/www/html folder:

mkdir /var/www/html/example.com

Replace example.com with your domain.

When using SELinux, we will change the file security context for web content:

# chcon -t httpd_sys_content_t /var/www/html/example.com -R
# chcon -t httpd_sys_rw_content_t /var/www/html/example.com -R

To configure a domain in this configuration, we will only have to replace <name> :80 with our domain. Also, if we want to change the path of our website, we will have to modify the parameter root.

example.com {
        root * /var/www/html/example
        file_server
}

To reload the configuration, we have to restart the service:

systemctl reload caddy

Also, if we want, we can configure the logs for access:

example.com {
        root * /var/www/html/example
        file_server
        log {
        output file /var/log/caddy/access.log
        format console
        }
}

Configure a Dynamic Site 

To work with dynamic content, we will need support for PHP, the scripting language in which most CMS are written. Caddy does not have its own process manager, so we will use PHP-FPM for this purpose:

sudo apt install php-fpm

Then we go to /etc/php/8.3/fpm/php.ini and adjust some parameters. First, we find, uncomment and change the option to the following:

cgi.fix_pathinfo=0

Then we set the maximum size of the request being sent:

post_max_size = 32M

And the maximum size of the uploaded file, it must be less than or equal to the size of the request sent:

upload_max_filesize = 30M

Save the changes and restart the fpm service:

sudo systemctl restart php8.3-fpm

Now, after adding the fpm directive, configuration will look like this:

example.com {
	root * /var/www/html/example
	file_server
	encode zstd gzip
	php_fastcgi unix//run/php/php8.3-fpm.sock # Uses PHP-FPM to serve PHP files (through a Unix socket)  
	
	log {
        output file /var/log/caddy/access.log
        format console
	}
}

Set up Caddy as Reverse Proxy

To set up a reverse proxy, add a new site block with the following structure:

example.com {
    encode zstd gzip
    handle_path /static/* {
        root * /var/www/html/example
        file_server
    }
    reverse_proxy localhost:3000
    log {
        output file /var/log/caddy/access.log
        format console
    }
}

This Caddyfile sets up a reverse proxy where requests to hostman.com are forwarded to localhost:3000, except for requests starting with /static/, which are served directly from /var/www/html/example. The reverse_proxy directive ensures all non-static requests are proxied to the backend server at localhost:3000.

Wrapping Up

If you are a beginner and want to set up a web server without the hassle of long configuration, Caddy is perfect for you. Even if you are an experienced user who needs an instant and simple web server, then you should pay attention to Caddy. 

If you require a more sophisticated server with advanced features, then with minimal configurations you can set folder permissions, manage authentication, error pages, archiving, HTTP request redirection, and other settings.

Ubuntu
07.02.2025
Reading time: 7 min

Similar

Ubuntu

Installing and Configuring Samba on Ubuntu 22.04

Let’s look at the process of installing Samba software on a cloud server with the Ubuntu 22.04 operating system. This guide is also suitable for installing Samba on Debian. Let’s start with a brief description of this software. What is Samba Samba is a software package developed to provide compatibility and interaction between UNIX-like systems and Windows. The software has been distributed under a free license for over 30 years. Samba ensures seamless integration of servers and PCs running UNIX into an AD (Active Directory) system. This software can be used as a controller and as a standard component of a domain. Thus, users can flexibly configure cloud file storages. Samba provides extensive functionality for managing file and database access rights by assigning specific user groups. Creating a New Server Go to the control panel and create a new server.  Select the Ubuntu 22.04 image and then the minimum server configuration.  After creating the server, connect to it via SSH, and you can begin configuration. Adding a User This is simple — enter the command: sudo useradd -p new_server_pass new_server_user Instead of new_server_pass and new_server_user, you can use any password and any username. Enter your own data instead of the example ones. Note that we immediately set the password, which was possible thanks to the -p command. Installing Samba on Ubuntu For convenience, we have broken the installation process into separate steps. Step 1. Preparation To start the installation process, use the following command: sudo apt install samba -y Now you need to remember the system name of the service. In most cases, it is smbd. Therefore, if you want to call the service, use this name. First, let’s configure autostart, which is done with the command: sudo systemctl enable smbd Now start it using the familiar command: sudo systemctl start smbd Then check the system status using: sudo systemctl status smbd To stop Samba, use: sudo systemctl stop smbd To restart the service, enter: sudo systemctl restart smbd If you want Samba to no longer start automatically, use the command: sudo systemctl disable smbd The reload command is used to refresh the configuration. The following command will forcibly open port 445, as well as 137–139. To allow them in the ufw firewall, use: sudo ufw allow Samba Step 2. Configuring Anonymous Access Suppose you have some remote server located outside your cloud. Network security rules require that you never open direct access to it through its IP. You can only do this through a tunnel, which is already set up. Typically, servers with granted access have the address 10.8.0.1, and this is the address we will use further. To share data and grant anonymous access to it, first open the configuration file. It is located here: /etc/samba/smb.conf. We recommend making a backup of the clean file — this will help you quickly restore the original program state without needing to reinstall. Now remove all comments, leaving only the code, and enter the command testparm to ensure the program works properly. In the shared folder settings, enter the following parameters: [share]     comment = share     path = /data/public_share     public = yes     writable = yes     read only = no     guest ok = yes Also, make sure that the following four fields (mask and mode) have matching numeric values (for example, 0777). Regarding the specific lines: [share] — the name of the shared folder, which will be visible to everyone connecting to your server; comment — a comment that can be anything; path — the path to the data storage folder; public — gives permission for public access: if you do not want users to view the folder contents, set this to no; writable — determines whether data can be written to the folder; read only — specifies that the folder is read-only: to allow users to create new files, set it to no; guest ok — determines whether guests can access the folder. Thus, the folder name and path may differ depending on what values you specify for the shared folder. The comment can also be anything, and for the last four parameters, values are set as yes or no. Now restart the program and check if you can connect to the server from Windows. Step 3. Configuring Access by User Credentials To create access by login and password, you first need to create a new directory and configure permissions. In the configuration file, set all parameters to no (see above), except writable: in this line, the value should be yes, meaning that writing in the folder should be enabled. Use the mkdir command to create a new directory, then create a user with useradd someone (where someone can be any username) and set a password for them with the command passwd. For example: passwd something Now, with the command below, add the new user and try to log in: if everything is configured correctly, you will have access to the folder. sudo smbpasswd -a someone Step 4. Configuring Group Access Configuring group access is necessary when you need to create restricted access for specific user groups. In smb.conf, after the line guest ok, additionally specify the following lines (all usernames here are generated simply for example): valid users = admin, mary_smith, jane_jameson, maria ortega, nathalie_brown write list = admin, nathalie_brown In the valid users line, list the users who are granted access to the directory. And in the write list, list those who can modify data in the folder. In addition, after the force directory mode line, add another line with the following value: inherit owner = yes This enables inheritance of created objects. Now save the settings and restart the service, after which the new settings should take effect. Step 5. Connecting to Samba from Windows and Linux For quick connection to Samba from Windows, press Ctrl+E and enter the path. Note that you need to use \\ to indicate the network path to the resource. And to avoid reconnecting to the server each time, you can choose the option to connect the resource as a drive, if your security policy allows it. In the new window, specify the drive letter and fill in the required data. For connecting to Samba from Linux, you use the cifs utilities, which are installed with the command: sudo apt install cifs-utils -y Next, the resource is mounted and connected. This is done with: sudo mount.cifs //10.8.0.1/our_share /share The path and resource name can be anything. You can also perform automatic mounting using the configuration file fstab with its own settings. Step 6. Configuring the Network Trash Bin This operation is needed to avoid accidental permanent deletion of files. For this, create the following directory: [Recycle]     comment = Trash for temporary file storage     path = /directory/recycle     public = yes     browseable = yes     writable = yes     vfs objects = recycle     recycle:repository = .recycle/%U     recycle:keeptree = Yes     recycle:touch = Yes     recycle:versions = Yes     recycle:maxsize = 0     recycle:exclude = *.tmp, ~$*     recycle:exclude_dir = /tmp Now, let’s review line by line what these parameters mean: vfs objects = recycle — indicates use of the corresponding subsystem; repository — the path for storing deleted data; keeptree — whether to keep the directory tree after deletion; touch — whether to change the timestamps of files when they are moved to the trash; versions — whether to assign a version number if files with identical names are deleted; maxsize — the maximum size of a file placed in the trash. A value of 0 disables limits; exclude — which file types to exclude; exclude_dir — which directories to exclude. Conclusion That’s it — now you know how to install Samba on an Ubuntu cloud server and configure it for your own needs.
04 July 2025 · 7 min to read
Ubuntu

Deleting a User in Ubuntu 22.04

A server administrator often has to work with user accounts — adding, deleting, and configuring access modes. Removing outdated user accounts is one security measure that can significantly reduce the number of vulnerabilities in the system. The Linux utilities deluser and userdel are used for deletion. However, before proceeding directly to deleting a user, we must take certain steps. In this article, we will explore how to delete a user in Ubuntu without compromising the system. At the same time, we will preserve the ability to access the user’s home directory files after deletion. In this article, we will work with the user hostman, which was created beforehand. This article will primarily focus on removing an Ubuntu user via the terminal, but we will also provide instructions for deleting a user account through the graphical interface. Please note that you will need superuser privileges to work with user accounts. The instructions will be suitable for any cloud server running Ubuntu OS. Checking the User Account First, you need to check whether the user is currently logged into the system. This will affect further steps: if the user is currently authorized on the server, you will need to terminate their connection and change the password. Check the list of users authorized in the system using the who utility or its alias w: who If you see that the user hostman is authorized, you need to check which processes are running under this user. This is a necessary step because if background operations are being performed, Ubuntu 22.04 will not allow us to delete the user. Check with the ps utility: sudo ps -u hostman As a result, you might see a response like this:    PID TTY          TIME CMD 1297129 pts/2    00:00:00 bash 1297443 pts/2    00:00:00 htop For testing purposes, we launched the htop utility under the hostman account, which is running in the background. Blocking Access Before stopping the user’s processes, you need to block their access to the system. You can do this by changing their password. User passwords are stored in the system in encrypted form in the /etc/shadow file. This file is readable only by the root user, and in addition to password hashes, it contains their expiration information. There is a special utility that allows you to remove a user’s password in Ubuntu — passwd. To restrict access, we will use the passwd utility with the -l (or --lock) flag, which puts the utility into lock mode: sudo passwd -l hostman As a result, the utility will add an exclamation mark at the beginning of the encrypted password string. That is all that is needed to prevent the user from logging in again since the hashes will no longer match. Killing Processes In Ubuntu, you cannot delete a user via the console if any processes are running under their name. To terminate a process, you can use one of the following commands: kill — deletes a process by its identifier. You can determine the IDs of the hostman user processes with: top -U hostman or ps -u hostman pkill — deletes a process by its name. For example, if the user hostman has launched the top process, you can terminate it with: sudo pkill top killall — deletes all processes, including child processes. Often, a process will launch many so-called subprocesses; stopping them by name or identifier can be complex and time-consuming. We will use the last command to reliably kill all user processes: sudo killall -9 -u hostman The -9 flag means the processes will receive a SIGKILL signal. This means the process will be forcibly terminated, since this signal cannot be ignored or blocked. Essentially, it is equivalent to a “force quit” of a non-responding program in graphical operating systems. After completing the user’s processes, they will no longer be authorized in the system. You can verify this using the who command. Since we locked the login in the previous step, the hostman user will not be able to log in again. Optional — Archiving the Home Directory Quite often, when deleting a Linux user account, you may need to keep its home directory, which might contain important files required either by the user or by the organization you are serving as an administrator. The built-in Ubuntu utilities allow you to remove a user while keeping their home directory. However, this is not recommended for two reasons: Disk Space — the user’s home directory may contain a large amount of data. It is irrational and excessive to store data from all outdated accounts on the main work disk. Over time, you might run out of space for new users. Data Relevance — it is good practice to keep the /home directory containing only the directories corresponding to active user accounts. Keeping this list in order helps with administration. We will use the tar utility to archive the home directory of the hostman user: sudo tar -cvjf /mnt/nobackup/hostman.homedir.tar.gz /home/hostman Let’s go over the arguments and flags: -c — creates the resulting .tar archive file -v — enables verbose mode, showing debugging information and listing archived files -z — creates a compressed .gz archive -f — indicates that the first argument will be used as the archive name The first argument is the final location of the archive. In our example, we place the archive with the user’s home directory on the nobackup disk, which, as the name implies, is not subject to backup. The second argument is the path to the directory from which the archive is created. Stopping Scheduled Jobs Before deleting a user in Ubuntu, it is recommended to stop all cron scheduler tasks launched by that user. You can do this with the crontab command. We will launch it under the hostman user with the -u flag and switch it to delete mode with the -r flag: sudo crontab -r -u hostman Now you can be sure that after deleting the user account, no unknown scripts will be executed for which no one is responsible. Deleting the User Once all the previous steps have been completed, it is time to proceed with the main task: deleting the Ubuntu user. There are two ways to do this: the deluser and userdel utilities. To delete the user account, we will use the deluser utility. Running it without parameters will delete the user account but leave their home directory and other user files intact. You can use the following flags: --remove-home — as the name suggests, deletes the user’s home directory --remove-all-files — deletes all system files belonging to the user, including the home directory --backup — creates an archive of the home directory and mail files and places it in the root directory. To specify a folder for saving the archive, use the --backup-to flag. As you can see from the parameter descriptions above, manually archiving the user’s home directory is not strictly necessary — deluser can do everything for you. In addition, with deluser you can remove a user from a group in Ubuntu or delete the group itself: sudo deluser hostman administrators The command above removes the user hostman from the administrators group. Let’s proceed with the complete deletion of the user and the hostman group without preserving the home directory: sudo deluser --remove-home hostman Deleting the User via Graphical Interface The entire article above is about how to delete a user in the Ubuntu terminal. But if you have a system with a graphical interface, you can delete a user in just a few simple steps. Open the Users section in System Settings. To switch to superuser mode, click the Unlock button. After that, the Delete User button will become active. When you click it, a dialog box will appear, offering to delete the user’s files, specifically those in the home directory. Conclusion Deleting a user in Ubuntu is not difficult; you just need to use the deluser utility with the required parameters. However, in this article, we described several steps that will help you safely delete a user account while preserving the system’s stability.
04 July 2025 · 7 min to read
Wordpress

How to Install WordPress with Nginx and Let’s Encrypt SSL on Ubuntu

WordPress is a simple, popular, open-source, and free CMS (content management system) for creating modern websites. Today, WordPress powers nearly half of the websites worldwide. Hostman offers Wordpress cloud hosting with quick load times, robust security, and simplified management.  However, having just a content management system is not enough. Modern websites require an SSL certificate, which provides encryption and allows using a secure HTTPS connection. This short guide will show how to install WordPress on a cloud server, perform initial CMS configuration, and add an SSL certificate to the completed site, enabling users to access the website via HTTPS. The Nginx web server will receive user requests and then proxied to WordPress for processing and generating response content. A few additional components are also needed: a MySQL database, which serves as the primary data storage in WordPress, and PHP, which WordPress is written in. This technology stack is known as LEMP: Linux, Nginx, MySQL, PHP. Step 1. Creating the Server First, you will need a cloud server with Ubuntu 22.04 installed. Go to the Hostman control panel. Select the Cloud servers tab on the left side of the control panel. Click the Create button. You’ll need to configure a range of parameters that ultimately determine the server rental cost. The most important of these parameters are: The operating system distribution and its version (in our case, Ubuntu 22.04). Data center location. Physical configuration. Server information. Once all the data is filled in, click the Order button. Upon completion of the server setup, you can view the IP address of the cloud server in the Dashboard tab, and also copy the command for connecting to the server via SSH along with the root password: Next, open a terminal in your local operating system and connect via SSH with password authentication: ssh root@server_ip Replace server_ip with the IP address of your cloud server. You will then be prompted to enter the password, which you can either type manually or paste from the clipboard. After connecting, the terminal will display information about the operating system. Now you can create a user with sudo priviliges or keep using root. Step 2. Updating the System Before beginning the WordPress installation, it’s important to update the list of repositories available through the APT package manager: sudo apt update -y It’s also a good idea to upgrade already installed packages to their latest versions: sudo apt upgrade -y Now, we can move on to downloading and installing the technology stack components required for running WordPress. Step 3. Installing PHP Let's download and install the PHP interpreter. First, add a specialized repository that provides up-to-date versions of PHP: sudo add-apt-repository ppa:ondrej/php In this guide, we are using PHP version 8.3 in FPM mode (FastCGI Process Manager), along with an additional module to enable PHP’s interaction with MySQL: sudo apt install php8.3-fpm php-mysql -y The -y flag automatically answers “yes” to any prompts during the installation process. To verify that PHP is now installed on the system, you can check its version: php -v The console output should look like this: PHP 8.3.13 (cli) (built: Oct 30 2024 11:27:41) (NTS)Copyright (c) The PHP GroupZend Engine v4.3.13, Copyright (c) Zend Technologies    with Zend OPcache v8.3.13, Copyright (c), by Zend Technologies You can also check the status of the FPM service: sudo systemctl status php8.3-fpm In the console output, you should see a green status indicator: Active: active (running) Step 4. Installing MySQL The MySQL database is an essential component of WordPress, as it stores all site and user information for the CMS. Installation We’ll install the MySQL server package: sudo apt install mysql-server -y To verify the installation, check the database version: mysql --version If successful, the console output will look something like this: mysql  Ver 8.0.39-0ubuntu0.22.04.1 for Linux on x86_64 ((Ubuntu)) Also, ensure that the MySQL server is currently running by checking the database service status: sudo systemctl status mysql The console output should display a green status indicator: Active: active (running) MySQL Security This step is optional in this guide, but it’s worth mentioning. After installing MySQL, you can configure the database’s security settings: mysql_secure_installation This command will prompt a series of questions in the terminal to help you configure the appropriate level of MySQL security. Creating a Database Next, prepare a dedicated database specifically for WordPress. First, log in to MySQL: mysql Then, execute the following SQL command to create a database: CREATE DATABASE wordpress_database; You’ll also need a dedicated user for accessing this database: CREATE USER 'wordpress_user'@'localhost' IDENTIFIED BY 'wordpress_password'; Grant this user the necessary access permissions: GRANT ALL PRIVILEGES ON wordpress_database.* TO 'wordpress_user'@'localhost'; Finally, exit MySQL: quit Step 5. Downloading and Configuring Nginx The Nginx web server will handle incoming HTTP requests from users and proxy them to PHP via the FastCGI interface. Download and Installation We’ll download and install the Nginx web server using APT: sudo apt install nginx -y Next, verify that Nginx is indeed running as a service: systemctl status nginx In the console output, you should see a green status indicator: Active: active (running) You can also check if the web server is functioning correctly by making an HTTP request through a browser. Enter the IP address of the remote server in the address bar, where you are installing Nginx. For example: http://166.1.227.189 If everything is set up correctly, Nginx will display its default welcome page. For good measure, let’s add Nginx to the system’s startup list (though this is typically done automatically during installation): sudo systemctl enable nginx Now, you can proceed to make adjustments to the web server configuration. Configuration In this example, we’ll slightly modify the default Nginx configuration. For this, we need a text editor. We will use nano. sudo apt install nano Now open the configuration file: sudo nano /etc/nginx/sites-enabled/default If you remove all the comments, the basic configuration will look like this: server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; location / { try_files $uri $uri/ =404; } } To this configuration, we’ll add the ability to proxy requests to PHP through FastCGI: server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; # added index.php to index files index index.html index.htm index.nginx-debian.html index.php; # specify the domain name to obtain an SSL certificate later server_name mydomain.com www.mydomain.com; location / { # try_files $uri $uri/ =404; # direct root requests to /index.php try_files $uri $uri/ /index.php?$args; } # forward all .php requests to PHP via FastCGI location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php8.3-fpm.sock; } } Note that the server_name parameter should contain the domain name, with DNS settings including an A record that directs to the configured server with Nginx. Now, let’s check the configuration syntax for errors: sudo nginx -t If everything is correct, you’ll see a confirmation message in the console: nginx: the configuration file /etc/nginx/nginx.conf syntax is oknginx: configuration file /etc/nginx/nginx.conf test is successful Then, reload the Nginx service to apply the new configuration: sudo systemctl reload nginx Step 6. Installing an SSL Certificate To obtain an SSL certificate from Let’s Encrypt, we’ll use a special utility called Certbot. In this guide, Certbot will automate several tasks: Request the SSL certificate. Create an additional Nginx configuration file. Edit the existing Nginx configuration file (which currently describes the HTTP server setup). Restart Nginx to apply the changes. Obtaining the Certificate Like other packages, install Certbot via APT: sudo apt install certbotsudo apt install python3-certbot-nginx The first command installs Certbot, and the second adds a Python module for Certbot’s integration with Nginx. Alternatively, you can install python3-certbot-nginx directly, which will automatically include Certbot as a dependency: sudo apt install python3-certbot-nginx -y Now, let’s initiate the process to obtain and install the SSL certificate: sudo certbot --nginx First, Certbot will prompt you to register with Let’s Encrypt. You’ll need to provide an email address, agree to the Terms of Service, and optionally opt-in for email updates (you may decline this if desired). Then, enter the list of domain names, separated by commas or spaces, for which the certificate should be issued. Specify the exact domain names that are listed in the Nginx configuration file under the server_name directive: mydomain.com www.mydomain.com After the certificate is issued, Certbot will automatically configure it by adding the necessary SSL settings to the Nginx configuration file: listen 443 ssl; # managed by Certbot # RSA certificate ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot # Redirect non-https traffic to https if ($scheme != "https") { return 301 https://$host$request_uri; } # managed by Certbot So, the complete Nginx configuration file will look as follows: server { listen 80 default_server; listen [::]:80 default_server; listen 443 ssl; # managed by Certbot # RSA certificate ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot root /var/www/html; index index.html index.htm index.nginx-debian.html index.php; server_name domain.com www.domain.com; # Redirect non-https traffic to https if ($scheme != "https") { return 301 https://$host$request_uri; } # managed by Certbot location / { # try_files $uri $uri/ =404; # direct root requests to /index.php try_files $uri $uri/ /index.php?$args; } # forward all .php requests to PHP via FastCGI location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php8.3-fpm.sock; } } Automatic Certificate Renewal Let’s Encrypt certificates expire every 90 days, so they need to be renewed regularly. Instead of manually renewing them, you can set up an automated task. For this purpose, we’ll use Crontab, a scheduling tool in Unix-based systems that uses a specific syntax to define when commands should run. Install Crontab: sudo apt install cron And enable it: sudo systemctl enable cron Now open the Crontab file: crontab -e Add the following line to schedule the Certbot renewal command: 0 12 * * * /usr/bin/certbot renew --quiet In this configuration: The command runs at noon (12:00) every day. Certbot will check the certificate’s expiration status and renew it if necessary. The --quiet flag ensures that Certbot runs silently without generating output. Step 7. Downloading WordPress In this guide, we’ll use WordPress version 6.5.3, which can be downloaded from the official website: wget https://wordpress.org/wordpress-6.5.3.tar.gz Once downloaded, unpack the WordPress archive: tar -xvf wordpress-*.tar.gz After unpacking, you can delete the archive file: rm wordpress-*.tar.gz This will create a wordpress folder containing the WordPress files. Most core files are organized in the wp-content, wp-includes, and wp-admin directories. The main entry point for WordPress is index.php. Moving WordPress Files to the Web Server Directory You need to copy all files from the wordpress folder to the web server’s root directory (/var/www/html/) so that Nginx can serve the PHP-generated content based on user HTTP requests. Clear the existing web server directory (as it currently contains only the default Nginx welcome page, which we no longer need): rm /var/www/html/* Copy WordPress files to the web server directory: cp -R wordpress/* /var/www/html/ The -R flag enables recursive copying of files and folders. Set ownership and permissions. Ensure that Nginx can access and modify these files by setting the www-data user and group ownership, as well as appropriate permissions, for the WordPress directory: sudo chown -R www-data:www-data /var/www/html/sudo chmod -R 755 /var/www/html/ This allows Nginx to read, write, and modify WordPress files as needed, avoiding permission errors during the WordPress installation process. Step 8. Configuring WordPress WordPress configuration is managed through an intuitive web-based admin panel. No programming knowledge is necessary, though familiarity with languages like JavaScript, PHP, HTML, and CSS can be helpful for creating or customizing themes and plugins. Accessing the Admin Panel Open a web browser and go to the website using the domain specified in the Nginx configuration, such as: https://mydomain.com If all components were correctly set up, you should be redirected to WordPress’s initial configuration page: https://mydomain.com/wp-admin/setup-config.php Select Language: Choose your preferred language and click Continue. Database Configuration: WordPress will prompt you to enter database details. Click Let’s go! and provide the following information: Database Name: wordpress_database (from the previous setup) Database Username: wordpress_user Database Password: wordpress_password Database Host: localhost Table Prefix: wp_ (or leave as default) Click Submit. If the credentials are correct, WordPress will confirm access to the database. Run Installation: Click Run the installation. WordPress will then guide you to enter site and admin details: Site Title Admin Username Admin Password Admin Email Option to discourage search engine indexing (recommended for development/testing sites) Install WordPress: Click Install WordPress. After installation, you’ll be prompted to log in with the admin username and password you created. Accessing the Dashboard Once logged in, you'll see the WordPress Dashboard, which contains customizable widgets. The main menu on the left allows access to core WordPress functions, including: Posts and Pages for content creation Comments for moderating discussions Media for managing images and files Themes and Plugins for design and functionality Users for managing site members and roles Your WordPress site is now fully configured, and you can begin customizing and adding content as needed. Conclusion This guide showed how to install WordPress along with all its dependencies and how to connect a domain and add a SSL certificate from Let’s Encrypt to an already functioning website, enabling secure HTTPS connections with the remote server. The key dependencies required for WordPress to function include: PHP: The scripting language WordPress is written in. MySQL: The database system used by WordPress to store content and user data. Nginx (or Apache in other implementations): The web server that processes user requests initially. For more detailed information on managing site content through the WordPress admin panel, as well as creating custom themes and plugins, refer to the official WordPress documentation. Frequently Asked Questions How do I install WordPress on Ubuntu? First set up Nginx, PHP, and MySQL. Then either download WordPress manually or use a deployment script. How do I enable HTTPS with Let’s Encrypt? Use Certbot to generate a certificate, then automate renewal with a simple cron job. Is Nginx better than Apache for WordPress? For performance and memory efficiency, yes. Nginx handles high traffic with fewer resources.
16 June 2025 · 13 min to read

Do you have questions,
comments, or concerns?

Our professionals are available to assist you at any moment,
whether you need help or are just unsure of where to start.
Email us
Hostman's Support