Installing WordPress on Amazon Lightsail

WordPress on Synology NAS VM:
Windows 10 SSH Client Install:

Add Certbot Repository
sudo add-apt-repository ppa:certbot/certbot
Update Server
sudo apt update && sudo apt upgrade
Install Packages
sudo apt install curl mysql-server nginx php-curl php-fpm php-gd php-intl php-mbstring php-mysql php-soap php-xml php-xmlrpc php-zip python-certbot-nginx
Setup MySQL
sudo mysql_secure_installation

Answer Y to all

Tune MySQL for Lower Memory
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
innodb_buffer_pool_size = 20M
innodb_buffer_pool_chunk_size = 16M
innodb_buffer_pool_size = 16M
key_buffer_size = 8M
query_cache_size = 8M
Create Nginx Config
sudo nano /etc/nginx/sites-available/
server {
    listen 443 ssl http2  default_server;
    root /var/www/;
    index index.php;

    location / {
        try_files $uri $uri/ /index.php?$args;

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
        gzip on;
        gzip_disable "msie6";
        gzip_vary on;
        gzip_types text/plain text/css text/javascript image/svg+xml image/x-icon application/javascript application/x-javascript;

    location ~ /\.ht {
        deny all;

    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt { log_not_found off; access_log off; allow all; }
    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
        expires max;
        log_not_found off;
        gzip on;
        gzip_disable "msie6";
        gzip_vary on;
        gzip_types text/css text/javascript application/javascript;
        gzip_static on;

server {
    listen 80;
    return 301 https://$host$request_uri;
    return 404;
Activate New Nginx Config
sudo ln -s /etc/nginx/sites-available/ /etc/nginx/sites-enabled/
Remove Default Nginx Config
sudo rm /etc/nginx/sites-enabled/default
sudo rm /etc/nginx/sites-available/default
Download Certificate
sudo certbot --nginx -d -d
Test Certbot Renew
sudo certbot renew --dry-run
Setup Certbox Cron
sudo crontab -e
10 2 * * * /usr/bin/certbot renew --quiet --pre-hook "/bin/systemctl stop nginx" --post-hook "/bin/systemctl start nginx"
Turn Off Server Identifcation
sudo nano /etc/nginx/nginx.conf
server_tokens off;
Check nginx config
sudo nginx -t
Setup Database
sudo mysql
CREATE USER 'wordpressuser'@'localhost' IDENTIFIED BY 'wordpresspass';
GRANT ALL ON wordpress.* TO 'wordpressuser'@'localhost';
Restart Services
sudo systemctl restart php7.2-fpm
sudo systemctl reload nginx
sudo systemctl restart mysql
Install WordPress
curl -LO
tar zxvf latest.tar.gz
cp wordpress/wp-config-sample.php wordpress/wp-config.php
sudo cp -a wordpress/. /var/www/
rm -fR wordpress
sudo chown -R www-data:www-data /var/www/
Configure WordPress
curl -s
sudo nano /var/www/

Replace keys and salts

update db name, user, password

Add this:

define('FS_METHOD', 'direct');
Setup Firewall
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw enable
sudo ufw status

Join the Conversation


  1. Rick, first of all, your tutorial is perfect. The best you have on the internet. I have already recommended your video to others. It works perfectly. But I have a question. I’m trying to bring a wordpress installation to an instance of lightsail, however when I enter FTP I can’t copy anything at the root of the domain installation. For example: I was trying to create a temporary folder to upload a zipped file. I try to fix the permissions, but it is not correct. Do you have a tutorial to correct wordpress permissions?

    1. I usually set the permissions with this: sudo chown -R www-data:www-data /var/www/wordpess I would probably first transfer the files to you home directory and then copy them to the web root.

Leave a comment

Your email address will not be published. Required fields are marked *