TurnKey Linux Virtual Appliance Library

Wordpress on LEMP Stack

According to Netcrafts' report , Nginx in powering wordpress.com 


admin username : admin ; admin password  : admin

The wp-config.php file is tweaked in such a way that , even if the url of the site or ip of the machine changes , the site will be served.

base : Turnkey core lucid

Liraz Siri's picture

Not sure about an Nginx based Wordpress appliance

Nginx may be running wordpress.com but wordpress.com hosts millions of blogs and is maintained by a highly skilled crew of experts. It's not a "typical" appliance usage scenario. It might be right for them but it doesn't mean it's right for our users.

The trouble with Nginx is that it's harder to configure than Apache. For example, there's no Webmin support for Nginx so any tweaks to the configuration would need to be done by hand.

By comparison, Apache has excellent support in Webmin, there's a ton of excellent documentation and the skills to configure it are wider spread.

ann's picture

Nginx may be running

Nginx may be running WordPress Themes but wordpress.com hosts millions of blogs and is maintained by a highly skilled crew of experts. It's not a "typical" appliance usage scenario. It might be right for them but it doesn't mean it's right for our users.

leeand00's picture

Webmin nginx module

They have a webmin module for nginx now:



Jeremy Davis's picture

Thanks for the info

Thanks heaps for the info, it's good to know.

However, my concern is that as it is a "third party module" (so not maintained by Jamie Cameron; the Webmin core dev) there may be security issues. Especially if you pair that with the fact that it hasn't been updated in over 2 years.

So I've reached out to Justin Hoffman (the Nginx module developer) to get some clarification on it's status. I essentially asked him whether it is "unmaintained" or if it's just so awesome it hasn't needed update! :)


What i considered earlier was , there may be some advantages in running Wordpress on NginX , than running on Apache that made the Wordpress people move to Nginx (unless they have some hatred towards Apache laugh )

Liraz Siri's picture

They're probably using nginx as a load balancer

WordPress.com is a frigging huge site. Configurations like that can't be run on a single server. They have to be clustered. Nginx performs very well as a load balancer so they might be using it for that.

In general Nginx is one of the highest performance web servers out there. For performance you trade off flexibility and ease of use. When you're serving billions of page views squeezing every last bit of performances makes sense.

For smaller sites, it might not...

Dan Robertson's picture

Insecure Configuration

It looks like the configuration file for the default site has a security risk.  The php location block will allow an uploaded file such as /uploads/sample.jpg to be parsed by php.  This could result in arbitrary php code execution on the server.  The configuration file sample at Wordpress Codex page mentions it and is using `try_files $uri =404;` within the location block as a workaround.

For more information about the vulnerability, you can see these blog posts:

Thanks a lot for the information

Let me go through the configuration files. I was unaware of the security risk

lulo lulito's picture

Any updates on nGinx running on turnkey?

I guess I am too impatent, I hear too many good things about nGinx, faster, less RAM, CPU, but there is no control panel for it. it would be nice mr Basil could continue working on this.

Jeremy Davis's picture

I suspect that v12 TKL release will include LEMP appliance

But whether other appliances will also be released running on the LEMP stack I don't know.

BTW I have read that the latest version of Apache is much better - faster, uses less RAM and CPU etc (Apache dev is being pushed to get it to run more efficently by the performance benefits of nGinX from what I gather). Also v12 TKL appliances should be 64 bit I reckon and 64 bit Apache already is much more efficent that 32 bit (acording to performance stats I have seen anyway).

Post new comment

The content of this field is kept private and will not be shown publicly. If you have a Gravatar account, used to display your avatar.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <p> <span> <div> <h1> <h2> <h3> <h4> <h5> <h6> <img> <map> <area> <hr> <br> <br /> <ul> <ol> <li> <dl> <dt> <dd> <table> <tr> <td> <em> <b> <u> <i> <strong> <font> <del> <ins> <sub> <sup> <quote> <blockquote> <pre> <address> <code> <cite> <strike> <caption>

More information about formatting options

Leave this field empty. It's part of a security mechanism.
(Dear spammers: moderators are notified of all new posts. Spam is deleted immediately)