How to Install Joomla with Nginx and Cloudflare on Ubuntu Linux

Joomla — a free, mobile-ready, open-source content management system (CMS), is a great way to build beautiful websites. However, to add an extra layer of security and improve your user experience, you may want to add Cloudflare, CDN / SSL, and security features.

For students or new users who want to take advantage of all the great features Cloudflare offers, the steps below should help you get there.

This setup might take a while to complete, and the process below should also work on other websites. It doesn’t have to be Joomla. This setup should work on other CMSs and plain HTML sites out of the box.

When you’re ready to set up your server and Cloudflare to use Origin Certificate, follow the steps below:

How to sign up for Cloudflare

The first step in this tutorial is to sign up for a Cloudflare account. This post assumes that you already have registered a domain name. If you don’t, then go and get one before continuing further.

If you already have a Cloudflare account, then skip the registration below.

Type in your email address and click Create Account.

Cloudflare WordPress setup

Once the account is created and you’ve verified your email address and logged back into the Cloudflare account, click the button or link (Add a Site) to add a site to your account.

Cloudflare WordPress setup

Next, type in the domain name you have registered. Again, Cloudflare service will help speed up and protect the site you add.

Cloudflare WordPress setup

Next, Cloudflare will query your domain DNS provider for the records in the DNS table. Cloudflare should find the domain and import the records into its DNS systems if it is online.

Cloudflare WordPress setup

After that, select the plan you want to use for the site. For this tutorial, we’re going to be using Cloudflare free plan.

Cloudflare WordPress setup

You should see two nameservers provided to you by Cloudflare when you’re done. What you need to do is log on to your domain provider’s portal. Then, where you have your domain, replace the nameservers with the ones Cloudflare gives you.

This image has an empty alt attribute; its file name is cloudflare-setup-name-servers.png

For example, our site is hosted with Google Domains. Log on to your Google Domains account and select use custom nameservers.

You’ll have the option to enter the nameservers provided by Cloudflare. Save your changes when you’re done.

Cloudflare WordPress Setup

Once you’ve saved your custom nameservers changes,  go back to your Cloudflare account and wait for Cloudflare to see the changes. Depending on your domain provider, it takes up to an hour for the DNS changes to be visible on Cloudflare.

This image has an empty alt attribute; its file name is cloudflare-overview-active.png

Once all is ready, you’ll see your site status as Active.

When everything is done, you should also see your Cloudflare account with DNS entries, as shown below. Your DNS records might have more entries than the two below. However, these two entries are the most important for running your website.

Cloudflare WordPress Setup

After that, click on the Crypto tab and choose to enable Full (strict) SSL. This should turn on SSL for the site.

Cloudflare WordPress Setup

While still on the Crypto tab, scroll down to Origin Certificates. Then click the button to create the Certificate.

Use the free TLS certificate signed by Cloudflare to install it on your origin server. Origin Certificates are only valid for encryption between Cloudflare and your origin server.

This image has an empty alt attribute; its file name is cloudflare_wordpress_setup_8.png

Next, let Cloudflare generate a private key and a CSR for the domain. Click Next.

WordPress Cloudflare

Then copy a paste these into a text file onto your server.

On Ubuntu, run the commands below to create the Private key, Certificate, and Origin pull files (3 files). Then, copy and paste each content into the respective file. And save.

For the Private key file. Run this, copy and paste the private key given to you into the file and save.

sudo nano /etc/ssl/private/

For the certificate file, run this and copy and paste the certificate content into the file and save.

sudo nano /etc/ssl/certs/

You’ll also want to download the Cloudflare Origin Pull certificate. You can download that from the link below:

Set up authenticated Origin pulls · Cloudflare SSL docs

Zone-Level — Cloudflare certificate

Under Zone-level certificate, expand the certificate button, the copy its content.

Next, run the commands below to create an origin-pull-ca.pem file, paste the certificate content into the file below, and save.

sudo nano /etc/ssl/certs/origin-pull-ca.pem

Once done, you should have three files. The, and origin-pull-ca.pem.

We will use these files in the Nginx config below.

This image has an empty alt attribute; its file name is cloudflare_wordpress_setup_10.png

After saving the key, Certificate, and Origin, pull the certificate files. Continue below.

Still, on the Crypto page in your Cloudflare account, enable Always use HTTPS, and you may also change settings for HSTS but not necessary.

This image has an empty alt attribute; its file name is cloudflare_wordpress_setup_11.png

Next, turn on Authenticated Origin Pulls and Opportunistic Encryption, and continue.

This image has an empty alt attribute; its file name is cloudflare_wordpress_setup_12.png

Then, turn on Automatic HTTPS Rewrites and continue.

This image has an empty alt attribute; its file name is cloudflare_wordpress_setup_13.png

Next, move to the Page Rules tab. Then create a new rule for the site. then type URL and choose Always Use HTTPS


Always Use HTTPS

This image has an empty alt attribute; its file name is cloudflare_wordpress_setup_15.png

Save your settings, and you’re done with setting up Cloudflare.

Install and Configure Joomla

Now that Cloudflare is configured log on to your server and configure Joomla. First, install the Nginx HTTP server since we’re using Nginx for this post. To install the Nginx server, run the commands below:

sudo apt update
sudo apt install nginx

After installing Nginx, the commands below can be used to stop, start and enable the Nginx service to always start up with the server boots.

sudo systemctl stop nginx.service
sudo systemctl start nginx.service
sudo systemctl enable nginx.service

Now that Nginx is installed open your browser and browse to the URL below to test whether the web server is working.


nginx default home page test

If you see the page above, then Nginx is successfully installed.

How to Install MariaDB Database Server

Joomla also requires a database server to store its content. MariaDB is a great place to start if you’re looking for a genuinely open-source database server. To install MariaDB run the commands below:

sudo apt-get install mariadb-server mariadb-client

After installing MariaDB, the commands below can stop, start and enable the MariaDB service to start up when the server boots.

Run these on Ubuntu 16.04 LTS

sudo systemctl stop mysql.service
sudo systemctl start mysql.service
sudo systemctl enable mysql.service

Run these on Ubuntu 19.04 and 18.04 LTS

sudo systemctl stop mariadb.service
sudo systemctl start mariadb.service
sudo systemctl enable mariadb.service

Next, run the commands below to secure the database server with a root password if you were not prompted to do so during the installation.

sudo mysql_secure_installation

When prompted, answer the questions below by following the guide.

  • Enter current password for root (enter for none): Press the Enter
  • Set root password? [Y/n]: Y
  • New password: Enter password
  • Re-enter new password: Repeat password
  • Remove anonymous users? [Y/n]: Y
  • Disallow root login remotely? [Y/n]: Y
  • Remove test database and access to it? [Y/n]:  Y
  • Reload privilege tables now? [Y/n]:  Y

Once MariaDB is installed, run the commands below to test whether the database server was successfully installed.

sudo mysql -u root -p

Type the root password when prompted.

mariadb welcome

The server was successfully installed if you see a similar screen as shown above.

How to Install PHP 7.2-FPM and Related Modules

Joomla CMS is a PHP-based CMS, and PHP is required. However, PHP 7.2-FPM may not be available in Ubuntu default repositories. To run PHP 7.2-FPM on Ubuntu 16.04 and previous, you may need to run the commands below:

sudo apt-get install software-properties-common
sudo add-apt-repository ppa:ondrej/php

Then update and upgrade to PHP 7.2-FPM

sudo apt update

Next, run the commands below to install PHP 7.2-FPM and related modules.

sudo apt install php7.2-fpm php7.2-common php7.2-gmp php7.2-curl php7.2-intl php7.2-mbstring php7.2-xmlrpc php7.2-mysql php7.2-gd php7.2-xml php7.2-cli php7.2-zip

After installing PHP 7.2, run the commands below to open Nginx’s PHP default configuration file.

sudo nano /etc/php/7.2/fpm/php.ini

The lines below are a good setting for most PHP-based CMS. Update the configuration file with these and save.

file_uploads = On
allow_url_fopen = On
short_open_tag = On
memory_limit = 256M
cgi.fix_pathinfo = 0
upload_max_filesize = 100M
max_execution_time = 360
date.timezone = America/Chicago

You should restart the Nginx web server whenever you change the PHP configuration file. To do so, run the commands below:

sudo systemctl restart nginx.service

Once PHP is installed, create a test file called phpinfo.php in the Nginx default root directory. ( /var/www/html/)

sudo nano /var/www/html/phpinfo.php

Then type the content below and save the file.

<?php phpinfo( ); ?>

Next, open your browser and browse to the server’s hostname or IP address followed by phpinfo.php


You should see the PHP default test page.

PHP Test Page

How to Create Joomla Database

Once you’ve installed all the packages required for Joomla to function, continue below to start configuring the servers. First, run the commands below to create a blank Joomla database.

To log on to the MariaDB database server, run the commands below.

sudo mysql -u root -p

Then create a database called joomla


Create a database user called joomlauser with a new password

CREATE USER 'joomlauser'@'localhost' IDENTIFIED BY 'new_password_here';

Then grant the user full access to the database.

GRANT ALL ON joomla.* TO 'joomlauser'@'localhost' IDENTIFIED BY 'user_password_here' WITH GRANT OPTION;

Finally, save your changes and exit.


How to Download Joomla Latest Release

To get Joomla’s latest release, you will need to go to its official download page and get it from there. The link below is where to find Joomla’s latest archive versions.

At the time of this writing, the latest version is 3.9.5. A future version will have different links to download from.

Run the commands below to download and extract Joomla version 3.9.5

cd /tmp
sudo unzip -d /var/www/html/ /tmp/joomla_3-9-5-stable-full_package-zip

Then run the commands below to set the correct permissions for the Joomla root directory and give Nginx control.

sudo chown -R www-data:www-data /var/www/html/
sudo chmod -R 755 /var/www/html/

How to Configure Nginx for Joomla

Finally, configure the Nginx site configuration file for Joomla. This file will control how users access Joomla content. Run the commands below to create a new configuration file called

sudo nano /etc/nginx/sites-available/

Then copy and paste the content below into the file and save it. Replace the highlighted line with your domain name and directory root location.

Also, reference the certificate files created above during Cloudflare setup.

server {
    listen 80;
    listen [::]:80;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    root   /var/www/html/;
    index  index.php;

    ssl_certificate /etc/ssl/certs/;
    ssl_certificate_key /etc/ssl/private/;
    ssl_client_certificate /etc/ssl/certs/origin-pull-ca.pem;
    ssl_verify_client on;

     client_max_body_size 100M;

     autoindex off;
     location / {
        try_files $uri $uri/ /index.php?$args;

    location ~ \.php$ {
         include snippets/fastcgi-php.conf;
         fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
         fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         include fastcgi_params;

Save the file and exit.

How to Enable the Joomla site

After configuring the VirtualHost above, please enable it by running the commands below.

sudo ln -s /etc/nginx/sites-available/ /etc/nginx/sites-enabled/
sudo systemctl restart nginx.service

Then open your browser and browse to the server domain name. Next, you should see the Joomla setup wizard to complete. Please follow the wizard carefully.

Then follow the on-screen instructions. Select the installation language, main site configuration, and the backend admin account, then click Next to continue.

Joomla installation on Ubuntu

Next, type in the database info you created above and click Next to continue.

Joomla installation on Ubuntu

Confirm that the site info is correct, and ensure that recommended settings are all marked green. Then click Install to begin the installation.

Joomla installation on Ubuntu

After a brief moment, your site should be installed and ready to use. Click the Remove installation folder to secure your site.

Joomla installation on Ubuntu

Next, log on to the backend dashboard with the super admin account you created above.

Joomla installation on Ubuntu


Joomla Ubuntu install

Don’t forget the delete the installer directory if you didn’t do it above.

sudo rm -rf /var/www/html/joomla/installation

You may also like the post below:

Congratulations! You have successfully installed Joomla CMS with Cloudflare support on Ubuntu 16.04 | 18.04

You may also like the post below: