How to set up a WordPress site with letsencrypt/swag and MariaDB on Unraid

I thought I’d make a quick guide on how to setup a WordPress site with MariaDB and swag on Unraid.



Installing MariaDB is pretty straight forward. Im using the linuxserver container. Choose your host port and your MYSQL Root password. I changed the default name and the host port as I already have a MariaDB container running and this container will only be for demonstration purposes.

Create the WordPress database

This is pretty much copy paste from the guide. No reason to invent the wheel again.

  1. Open terminal and exec into the container with docker exec -it mariadb bash
  2. Log into mysql with user root and the password you chose. mysql -uroot -p enter your password.

The output will look like this:

[email protected]:~# docker exec -it mariadb bash
[email protected]:/# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 10.1.30-MariaDB-1~xenial binary distribution

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]

Next up is creating the database.

  1. Start with creating a user for the database. CREATE USER 'user' IDENTIFIED by 'password'; Where ‘user’ is your username and ‘password’ is the password you want for the new user. The ouput will be like this.
    MariaDB [(none)]> CREATE USER 'weyland' IDENTIFIED by 'password';
    Query OK, 0 rows affected (0.01 sec)
  2. Create the database with CREATE DATABASE IF NOT EXISTS wordpress;
    MariaDB [(none)]> CREATE DATABASE IF NOT EXISTS wordpress;
    Query OK, 1 row affected (0.00 sec)
  3. Give the user permissions to the database with GRANT ALL PRIVILEGES ON wordpress.* TO 'user' IDENTIFIED BY 'password';
    MariaDB [(none)]> GRANT ALL PRIVILEGES ON wordpress.* TO 'weyland' IDENTIFIED BY 'password';
    Query OK, 0 rows affected (0.00 sec)

Then quit mysql with quit and exit from the container by issuing the command exit



Forward your domain to your public IP address. After you’ve done that add your different ANAME/CNAME records e.g or

  1. Container Port: 80 – Choose your desired host port. e.g 81 (You can’t set this to 80 as the unRAID web GUI uses that. )
  2. Container Port: 443 – Set this to 444 or something else (On update 6.4 unraid will use port 443 and it’s better to be ahead of time so it won’t cause any issues)
  3. Enter you email
  4. Add you domain e.g
  5. Add your different sub domains e.g www,blog,plex ect
  6. Container Path: /config Install the container config to your desired location.

Next is portforwarding. This is done on your router and you need to forward port 80 to the port you chose in step 1. You also need to forward port 443 to 444 or the one you chose. So if your servers ip is and you have chosen that the container is on port 81, you need to forward all traffic on port 80 to port 81 on ip And do the same for port 443. If you’re unsure how to do this on your router check out: Next go to https://yourserverip:444 or http://yourserverip:81 If you now see the Nginx welcome page, it works. Also test if redirects you to the nginx welcome page. [eckosc_quote quote=”Note: TTL differs from each provider, some has a minimum 60 minutes before DNS propagates and others have 1 minute. So it might take a while before works.” source=”” url=”” pull=”false”] If you already have swag setup and working with a domain and want to use another domain for your wordpress site you can do that by using the EXTRA_DOMAINS variable.

  1. Click on + Add another Path, Port or Variable
  2. Add these values. Config Type: Variable Name: Extra domain Key: EXTRA_DOMAINS Value:,


Go to the swag appdata location. Find the nginx folder and then edit the file called “default” in the “site-conf” folder. I recommend using notepad++ Below is my server block that I use for
If you want to Geo block your site read more here Replace/add the contents of the default file with the server block below. Modifying it to use your domain of course.

If you are already using the default file I recommend creating another file in the site-confs folder. It’s much easier to work with separate config files than one huge one. You can call it blog.conf or domain.conf etc. your choice.

# REDIRECT WWW TO https://[]
server {
 listen 80;
 listen 443 ssl http2;
 return 301$request_uri;

server {
    listen 80;
    return 301$request_uri;

server {
 listen 443 ssl http2;

## Source:
## READ THE COMMENT ON add_header X-Frame-Options AND add_header Content-Security-Policy IF YOU USE THIS ON A SUBDOMAIN YOU WANT TO IFRAME!

## Certificates from LE container placement
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

## Strong Security recommended settings per
ssl_dhparam /config/nginx/dhparams.pem; # Bit value: 4096
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout  10m;

## NOTE: The add_header Content-Security-Policy won't work with duckdns since you don't own the root domain. Just buy a domain. It's cheap
## Settings to add strong security profile (A+ on

add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; #SET THIS TO index IF YOU WANT GOOGLE TO INDEX YOU SITE!
add_header Content-Security-Policy "frame-ancestors https://*.$server_name https://$server_name"; ## Use *, not * (*.$server_name) when using this on a sub-domain that you want to iframe!
add_header X-Frame-Options "ALLOW-FROM https://*.$server_name" always; ## Use *, not * (*.$server_name) when using this on a sub-domain that you want to iframe!
add_header Referrer-Policy "strict-origin-when-cross-origin";

add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;";

proxy_cookie_path / "/; HTTPOnly; Secure"; ##NOTE: This may cause issues with unifi. Remove HTTPOnly; or create another ssl config for unifi.
more_set_headers "Server: Classified";
more_clear_headers 'X-Powered-By';
 client_max_body_size 0; 
 root /config/www/wordpress/;
 index index.html index.php;
location ~ /\. {
deny all;
location / {
try_files $uri $uri/ /index.php?_url=$uri&$query_string; 

 location ~ \.php$ {
 fastcgi_split_path_info ^(.+\.php)(/.+)$;
 # With php7-cgi alone:
 # With php7-fpm:
 #fastcgi_pass unix:/var/run/php7-fpm.sock;
 fastcgi_index index.php;
 include /etc/nginx/fastcgi_params;
 fastcgi_buffer_size 4K;
 fastcgi_buffers 64 4k; 

If you want to block people from accessing the admin page you can add basic auth to the locations. Read more here: Banning with basic auth and Fail2Ban

  location /wp-admin {
        auth_basic "Restricted";
        auth_basic_user_file /config/nginx/.htpasswd;
    location /wp-login.php {
        auth_basic "Restricted";
        auth_basic_user_file /config/nginx/.htpasswd;   
    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        # With php7-cgi alone:
        # With php7-fpm:
        #fastcgi_pass unix:/var/run/php7-fpm.sock;
        fastcgi_index index.php;
        include /etc/nginx/fastcgi_params;


Modifying the nginx.conf file

You also need to make some changes to the nginx.conf file in the nginx folder. Especially if you want google to index your site. For letting a search engine be able to index your site you need to comment the add_header X-Robots-Tag none; line by adding # infront

# add_header X-Robots-Tag none; 

Another tip is to uncomment the Gzip Settings. This will help with page loading times. And make sure you have all the gzip_types you need. I have also added caching below the gzip lines.

 # Gzip Settings

gzip on;
 gzip_disable "msie6";

gzip_vary on;
 gzip_proxied any;
 gzip_comp_level 6;
 gzip_buffers 16 8k;
 gzip_http_version 1.1;
 gzip_min_length 256;
 gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript application/ application/x-font-ttf font/opentype image/svg+xml image/x-icon;

# Expires map
map $sent_http_content_type $expires {
    default                    off;
    text/html                  epoch;
    text/css                   max;
    application/javascript     max;
    ~image/                    max;

# Enable browser caching
 expires $expires;

Max upload size

You can set the max upload size in the php-local.ini file. The file is located at appdata/swag/php/php-local.ini
add the following line:

upload_max_filesize = 25M
post_max_size = 25M

This will set the maximum upload size to 25MB. Adjust the value to suit your needs. Remember to restart the container after you have made any changes to any config files.


Download the latest stable release of WordPress here: Go to your swag appdata location and copy the wordpress folder into the /www folder e.g appdata/letsencrypt/www/wordpress if you choose another name for the wordpress folder you need to remember to edit the root location in the server block: root /config/www/wordpress/;

First time setup

By going to you should be greeted with the WordPress setup page.

  1. Choose your language
  2. Read through the next prompt. Click Let's go!
  3. Enter your database connection details Database Name: wordpress Username: weyland Password: password Database Host: (This is your Unraid-IP and port to MariaDB) Table Prefix: wp_ (Leave it as is)
  4. Click Submit
  5. Click run installer Enter your Site Title, username, password and email.
  6. Click Install WordPress
  7. Login with your credentials and you should now see the WordPress Admin dashboard 🙂


The plugins I use are:

  • Disqus Comment System
  • Jetpack by
  • UpdraftPlus – Backup/Restore
  • WP Code Highlight.js
  • WP Featherlight
  • WP Robots Txt
  • WP Super Cache
  • Yoast SEO
  • Featured Images in RSS w/ Size and Position
  • Hummingbird
  • Remove Query Strings From Static Resources
  • Smush
  • Theme: Onyx By EckoThemes

For any questions you can find me here:



Spice up your homepage Part II Setting up Grafana and InfluxDB for UPS monitoring on unRAID How to setup a Ghost blog with swag/letsencrypt and MariaDB on Unraid