Community Blog How I Built My Personal Website with Alibaba Cloud

How I Built My Personal Website with Alibaba Cloud

In this article, I will be sharing my experience of building a high-performance LEMP stack on Alibaba Cloud for my personal website.

By Partha Sarathy, Alibaba Cloud Tech Share Author. Tech Share is Alibaba Cloud's incentive program to encourage the sharing of technical knowledge and best practices within the cloud community.

In today's post, I'm going to show you how I deployed my website, sarathy.tech, on Alibaba Cloud.

I built my website using WordPress on Alibaba Cloud Elastic Compute Service (ECS) instance with Nginx, PHP 7.2, FastCGI, MariaDB, and Redis caching for maximum performance.

Before you get started, I'm assuming that you already have a basic understanding of the cloud, networking, and knowledge of Linux command line.

You also need a functional domain name for your website.

Step #1: Create a New Account

If you don't have an account already, you can sign up here. New users can enjoy $300-$1200 worth in free trial, valid for 2 months. If you are not sure how to do this, refer to this tutorial.

After setting up an account, you're ready to deploy a high performance WordPress website!

Step #2: Create a New ECS Instance

Log In into Alibaba Cloud Console by entering your Email and Password. You may need to enter a security code for security purposes.

In the Alibaba Cloud Console, click Products and select Elastic Compute Service from the list.

Click Instances, and choose your Region from top left drop-down menu. A list of available regions will be displayed.

Click Create Instance. For my instance, I have selected the following configurations.

  • Billing method: Subscription
  • Instance Type: IO Optimized
  • vCPU: 1
  • RAM: 4GB
  • Family: Balanced Type mn4
  • Quantity: 1 Units

I have selected an IO Optimized instance with 4GB of physical memory (RAM) and 1 virtual CPU. If your website will be hosting more dynamic content, consider purchasing a higher-spec instance.

Now you have to select an appropriate Image for your instance. I have chosen an Ubuntu 16.04 image for my server.

  • Image Type: Public Image
  • Operating System (OS): Ubuntu
  • OS Version: 16.04 64bit
  • Enable Security Enhancements. This feature will add some security features like backdoor detection, remote login alerts, etc.

There are a few other configurations to consider, I have chosen the default settings for the rest.

Step #3: Setup Alibaba Cloud DNS

Alibaba Cloud DNS is an authoritative highly available and highly scalable domain name resolution and management service. DNS stands for Domain Name System, which helps us to map our IP address to a domain name. To use Alibaba Cloud's DNS service, you need to update the nameservers in your Domain's control panel. The name servers will be provided by Alibaba Cloud.

Before you start, you need to get the public IP of our Instance. Follow the steps below to proceed:

  • Log In to ECS Management Console
  • Click Instances
  • Note down the public IP of the instance
  • Log In to Alibaba Cloud Console
  • Click CloudDNS from the Products list
  • Click BasicDNS
  • Click Add Domain Name
  • Enter your Domain name and click Confirm

A couple of Name Servers will be displayed. Update them in your Domain's control panel. DNS migration may take up to 48 hours, so you'll have to be patient!

Now, you have to add two "A" records.

Enter the following details for the first "A" record.

  • Record Type: A
  • Host: @
  • ISP Line: Default
  • Value: Your instance's IP address
  • TTL: 10 minutes

Enter the following details for the other "A" record.

  • Record Type: A
  • Host: *
  • ISP Line: Default
  • Value: Your instance's IP address
  • TTL: 10 minutes

Step #4: Connecting to Our Instance

You can connect to your instance via VNC or SSH. VNC requires high-speed internet connection whereas SSH works fine even in slow connections. So, I prefer using SSH over VNC.

Connecting through Linux / Mac
Open your command line and enter the following code:

ssh root@your-instance-ip

Type yes and enter the root password. If the password is correct, you'll successfully logged in.

Connecting through Windows
If you're using Windows machine, you'll need to use a third party program such as PuTTY. Connect to the server using PuTTY. Enter your instance's username and password to log in

Step #5: Checking for Driver Errors

When you boot your instance for the first time, it's a good practice to check for driver-related error messages and warnings. In Linux, the dmesg command is used for viewing driver messages.

The Intel RAPL driver displayed an error message. If you face the same problem, you can safely blacklist the driver by running the following command.

echo "blacklist intel_rapl" >> /etc/modprobe.d/blacklist.conf

The kernel won't load this driver during next boot. Reboot the server by typing the reboot command.

Step #6: Update the System

Ubuntu is based on Debian. The APT package manager is used in all Debian based distros including Ubuntu.

apt update && apt full-upgrade -y

This will update all packages and the kernel to the latest version. A reboot is recommended after a distribution upgrade.

Let's clean up the system and remove all packages that are no longer required.

apt clean -y && apt remove -y

Step #7: Set the Default Time Zone

Run the following command:

dpkg-reconfigure tzdata

Choose your geographic area and choose your city.

Step #8: Install Nginx

Nginx is a high-performance web server capable of handling thousands of concurrent connections. It's a great alternative to the Apache web server.

Before installing, let's install the required packages:

apt install software-properties-common zip sendmail vim nano -y

You're going to install the latest version of Nginx, which is not available in the official Ubuntu repository.

Add Nginx repository:

echo "deb http://nginx.org/packages/ubuntu/ xenial nginx" >> /etc/apt/sources.list.d/nginx.list

Add Nginx's signing key:

curl -O https://nginx.org/keys/nginx_signing.key && apt-key add ./nginx_signing.key

Update the package list:

apt update

Install NGINX:

apt install nginx -y 

Verify whether Nginx is successfully installed or not:

nginx -v

Remove the default configurations:

rm /etc/nginx/sites-enabled/default
rm /etc/nginx/sites-available/default

Remove the default webpage:

rm /var/www/html/index.nginx-debian.html

Start Nginx during boot:

systemctl enable nginx

Step #9: Install PHP-FPM

Add PHP 7.2 PPA:

add-apt-repository ppa:ondrej/php -y

Update the package list:

apt update

Install PHP:

apt install php7.2-fpm -y

Verify whether PHP is successfully installed or not:

php -v

Install required PHP extensions:

apt install php7.2-redis php7.2-imap php7.2-xmlrpc php7.2-mysqlnd php7.2-imagick php7.2-gd php7.2-mbstring php7.2-common php7.2-zip php7.2-curl -y

Start PHP during boot:

systemctl enable php7.2-fpm

Step #10: Install MariaDB

Add MariaDB PPA:

add-apt-repository 'deb [arch=amd64,i386,ppc64el] http://mirror.sax.uk.as61049.net/mariadb/repo/10.1/ubuntu xenial main' -y

Update the package list:

apt update

Install MariaDB server:

apt install mariadb-server -y

During the installation, you will be prompted to enter a root password. Re-enter the same password & hit Enter.

Note that the default installation is not secure. You can secure the installation by running the following command:


You'll be asked to enter your root password. You will then be prompted with some questions. I have used the following settings (Press Y for Yes, N for No):

  • Change the root password? No
  • Remove anonymous users? Yes
  • Disallow root login remotely? Yes
  • Remove test database and access to it? Yes
  • Reload privilege tables now? Yes

Start MariaDB during boot:

systemctl enable mysql

Step #11: Create a Database & a DB user

Login as root:

mysql -u root -p

Enter your root password. You'll be logged in to MariaDB console.

Create a new user:

CREATE USER "example-user"@"localhost" IDENTIFIED BY "password";

Replace "example-user" and " password" with you own username and password.

Create a new database:


Grant all permissions to newly created user:

GRANT ALL PRIVILEGES ON . to "example-user"@"localhost";

Reload the privilege table:


Exit the console:


Step #12: Configure Nginx

Open Nginx configuration file:

nano /etc/nginx/nginx.conf

Don't forget to replace example.com with your actual domain name.

Paste the following:

user www-data;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 10240;
multi_accept on;
use epoll;
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
fastcgi_cache_path /var/www/cache levels=1:2 keys_zone=example.com:200m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
server_tokens off;
keepalive_timeout 15;
client_max_body_size 512M;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header X-FastCGI-Cache $upstream_cache_status;
gzip_vary on;
gzip_comp_level 5;
gzip_min_length 1024;
gzip_proxied any;
gzip_buffers 16 8k;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js;
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
limit_req_status 444;
gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 444;

This is our global Nginx configuration. To exit nano, press Ctrl+O then hit Enter.

You have to create another one for your domain:

nano /etc/nginx/sites-enabled/example.com

Paste the following:

server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
root /var/www/html;
index index.php;
set $skip_cache 0;
if ($request_method = POST) {
set $skip_cache 1;
if ($query_string != "") {
set $skip_cache 1;
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|/feed/|index.php|sitemap(_index)?.xml") {
set $skip_cache 1;
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $skip_cache 1;
if ($request_uri ~* "/cart/*$|/checkout/*$|/my-account/*$") {
set $skip_cache 1;
location / {
try_files $uri $uri/ /index.php?$args;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_cache example.com;
include fastcgi.conf;
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
fastcgi_cache_valid 10m;
location ~* \.(jpg|jpeg|gif|png)$ {
expires 365d;
location ~* \.(pdf|css|ico|js|swf)$ {
expires 10d;

Test Nginx configuration:

nginx -t

If the test is successful, restart nginx by typing:

systemctl restart nginx

Step #13: Configure Redis Server for Object Caching

Install Redis server:

apt install redis-server -y

Start Redis server during boot:

systemctl enable redis-server

Configure Redis server's memory limit:

echo "maxmemory 256mb" >> /etc/redis/redis.conf

Restart Redis server:

systemctl restart redis-server

Restart PHP:

systemctl restart php7.2-fpm

Step #14: Configure PHP

Open PHP 7.2 configuration file:

nano /etc/php/7.2/fpm/php.ini

Change the following values:

max_execution_time = 60
max_input_time = 60
memory_limit = 512M
max_input_vars = 6000
upload_max_filesize = 512M
post_max_size = 512M

Step #15: Install FREE SSL Certificate By Let's Encrypt

Add Let's Encrypt PPA:

add-apt-repository ppa:certbot/certbot

Update the package list :

apt update

Install certbot for Nginx:

apt-get install python-certbot-nginx -y

Obtain SSL:

certbot --nginx -d example.com -d www.example.com

Press 2 & hit Enter.

You'll obtain your SSL certificate & certbot will automatically configure it for you.

Keep in mind that the SSL certificate will expire in 90 days. Run the following command to manually renew the certificate:

certbot renew

Step #16: Install WordPress

Move to Nginx root directory:

cd /var/www/html

Download WordPress:

wget wget https://wordpress.org/latest.zip

Unzip the package

unzip latest.zip

Move all files to the Nginx's root directory:

mv wordpress/* ./ && rmdir wordpress

Create a directory for storing caches:

mkdir -p /var/www/cache

Change ownership of the Nginx's root directory:

chown -R www-data:www-data /var/www/

Now type the URL of your website in your browser's address bar.

Complete the installation by following the instructions on the screen. You will need to enter the DB details from step 10.

Also, don't forgot to install Nginx Cache and Redis Cache plugins.


I hope you enjoyed this guide. This is how I deployed my blog on Alibaba Cloud using WordPress and an Elastic Compute Service (ECS) instance. If you are experiencing any issues do let me know in the comments section!

1 1 0
Share on

Alibaba Clouder

878 posts | 132 followers

You may also like


Sanjay August 15, 2018 at 5:54 am

what is the total cost for above project (cost for domin, ecs and everything...)