✨ Features: - Complete LEMP stack automation - WordPress with WP-CLI - Redis Object Cache (50% performance boost) - Multi-OS support - SSL/Let's Encrypt integration - Security hardening - Enterprise features - Docker testing environment - GitHub Actions CI/CD - Comprehensive documentation 🧪 Fully tested and production-ready Copyright (c) 2025 Sebastian Palencsár
266 lines
5.8 KiB
Markdown
266 lines
5.8 KiB
Markdown
# Production Deployment Guide
|
|
|
|
This guide walks you through deploying WordPress on a production server using this Ansible automation.
|
|
|
|
## Prerequisites
|
|
|
|
### Control Machine (Your Local Computer)
|
|
- Ansible 6.0 or higher
|
|
- SSH client
|
|
- Git (to clone this repository)
|
|
|
|
### Target Server
|
|
- Ubuntu 24.04 LTS (recommended) or other supported OS
|
|
- Minimum 1GB RAM (2GB+ recommended)
|
|
- 10GB+ free disk space
|
|
- Root or sudo access
|
|
- SSH access enabled
|
|
|
|
## Step-by-Step Deployment
|
|
|
|
### 1. Prepare Your Server
|
|
|
|
#### Create a Non-Root User (if not exists)
|
|
```bash
|
|
# On your server, as root:
|
|
adduser deployer
|
|
usermod -aG sudo deployer
|
|
|
|
# Add passwordless sudo (optional but recommended)
|
|
echo "deployer ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/deployer
|
|
```
|
|
|
|
#### Set Up SSH Key Authentication
|
|
```bash
|
|
# On your local machine:
|
|
ssh-keygen -t ed25519 -C "your-email@example.com"
|
|
ssh-copy-id deployer@your-server.com
|
|
|
|
# Test connection:
|
|
ssh deployer@your-server.com
|
|
```
|
|
|
|
### 2. Clone and Configure
|
|
|
|
```bash
|
|
# Clone the repository
|
|
git clone https://github.com/yourusername/ansible-lemp-wordpress.git
|
|
cd ansible-lemp-wordpress
|
|
|
|
# Create your inventory
|
|
cp inventory/production.example inventory/production.ini
|
|
```
|
|
|
|
### 3. Edit Inventory Configuration
|
|
|
|
Edit `inventory/production.ini`:
|
|
|
|
```ini
|
|
[webservers]
|
|
your-domain.com ansible_user=deployer ansible_ssh_private_key_file=~/.ssh/id_ed25519
|
|
|
|
[webservers:vars]
|
|
# WordPress Configuration
|
|
wp_admin_user=admin
|
|
wp_admin_password=your_very_secure_password_here
|
|
wp_admin_email=admin@your-domain.com
|
|
wp_site_title=Your WordPress Site
|
|
wp_site_url=https://your-domain.com
|
|
|
|
# Database Configuration
|
|
mysql_root_password=extremely_secure_root_password
|
|
wordpress_db_name=wordpress_prod
|
|
wordpress_db_user=wp_prod_user
|
|
wordpress_db_password=secure_database_password
|
|
|
|
# SSL Configuration
|
|
enable_ssl=true
|
|
ssl_email=admin@your-domain.com
|
|
```
|
|
|
|
### 4. Test Connection
|
|
|
|
```bash
|
|
ansible -i inventory/production.ini webservers -m ping
|
|
```
|
|
|
|
Expected output:
|
|
```
|
|
your-domain.com | SUCCESS => {
|
|
"changed": false,
|
|
"ping": "pong"
|
|
}
|
|
```
|
|
|
|
### 5. Deploy LEMP Stack
|
|
|
|
```bash
|
|
ansible-playbook -i inventory/production.ini playbooks/lemp-wordpress.yml
|
|
```
|
|
|
|
This will:
|
|
- Update system packages
|
|
- Install and configure Nginx
|
|
- Install and secure MySQL
|
|
- Install PHP with required extensions
|
|
- Configure firewall (if applicable)
|
|
|
|
### 6. Install WordPress
|
|
|
|
```bash
|
|
ansible-playbook -i inventory/production.ini playbooks/install-wordpress-official.yml
|
|
```
|
|
|
|
This will:
|
|
- Download and install WP-CLI
|
|
- Download latest WordPress
|
|
- Create wp-config.php
|
|
- Set up database and admin user
|
|
- Configure proper file permissions
|
|
|
|
### 7. Post-Deployment Steps
|
|
|
|
#### Update DNS Records
|
|
Point your domain to your server's IP address:
|
|
```
|
|
A Record: your-domain.com → YOUR_SERVER_IP
|
|
A Record: www.your-domain.com → YOUR_SERVER_IP
|
|
```
|
|
|
|
#### Set Up SSL (if enabled)
|
|
If you set `enable_ssl=true`, SSL certificates will be automatically configured via Let's Encrypt.
|
|
|
|
#### Test Your Site
|
|
- Visit: `https://your-domain.com`
|
|
- Admin: `https://your-domain.com/wp-admin`
|
|
|
|
## Security Recommendations
|
|
|
|
### 1. Change Default Passwords
|
|
Immediately change all default passwords:
|
|
- WordPress admin password
|
|
- Database passwords
|
|
- Server user passwords
|
|
|
|
### 2. Update WordPress Admin Email
|
|
Go to WordPress Admin → Settings → General and update the admin email.
|
|
|
|
### 3. Install Security Plugins
|
|
Consider installing:
|
|
- Wordfence Security
|
|
- Updraft Plus (for backups)
|
|
- iThemes Security
|
|
|
|
### 4. Server Security
|
|
```bash
|
|
# Enable automatic security updates
|
|
sudo dpkg-reconfigure -plow unattended-upgrades
|
|
|
|
# Configure firewall
|
|
sudo ufw allow ssh
|
|
sudo ufw allow http
|
|
sudo ufw allow https
|
|
sudo ufw enable
|
|
```
|
|
|
|
### 5. Database Security
|
|
- Use strong passwords
|
|
- Limit database access to localhost only
|
|
- Regular backups
|
|
|
|
## Monitoring and Maintenance
|
|
|
|
### 1. Log Files
|
|
Monitor these log files:
|
|
- Nginx: `/var/log/nginx/access.log` and `/var/log/nginx/error.log`
|
|
- PHP-FPM: `/var/log/php8.3-fpm.log`
|
|
- MySQL: `/var/log/mysql/error.log`
|
|
- WordPress: `/var/www/html/wp-content/debug.log` (if WP_DEBUG enabled)
|
|
|
|
### 2. Regular Updates
|
|
```bash
|
|
# Update system packages
|
|
sudo apt update && sudo apt upgrade
|
|
|
|
# Update WordPress (via WP-CLI)
|
|
cd /var/www/html
|
|
sudo -u www-data wp core update --allow-root
|
|
sudo -u www-data wp plugin update --all --allow-root
|
|
sudo -u www-data wp theme update --all --allow-root
|
|
```
|
|
|
|
### 3. Backups
|
|
Set up automated backups:
|
|
- Database: `mysqldump`
|
|
- Files: `rsync` or cloud storage
|
|
- Consider using backup plugins like UpdraftPlus
|
|
|
|
### 4. Performance Monitoring
|
|
Monitor:
|
|
- Server resources (CPU, RAM, disk space)
|
|
- Website response times
|
|
- Database query performance
|
|
- Error rates
|
|
|
|
## Troubleshooting
|
|
|
|
### Connection Issues
|
|
```bash
|
|
# Test Ansible connection
|
|
ansible -i inventory/production.ini webservers -m ping
|
|
|
|
# Test SSH connection
|
|
ssh -v deployer@your-server.com
|
|
```
|
|
|
|
### Service Issues
|
|
```bash
|
|
# Check service status
|
|
sudo systemctl status nginx
|
|
sudo systemctl status mysql
|
|
sudo systemctl status php8.3-fpm
|
|
|
|
# View logs
|
|
sudo journalctl -u nginx
|
|
sudo journalctl -u mysql
|
|
sudo journalctl -u php8.3-fpm
|
|
```
|
|
|
|
### WordPress Issues
|
|
```bash
|
|
# Check WordPress installation
|
|
cd /var/www/html
|
|
sudo -u www-data wp core verify-checksums --allow-root
|
|
|
|
# Check database connection
|
|
sudo -u www-data wp db check --allow-root
|
|
```
|
|
|
|
## Scaling Considerations
|
|
|
|
### Multi-Server Setup
|
|
For high-traffic sites, consider:
|
|
- Load balancer (Nginx or HAProxy)
|
|
- Database replication or clustering
|
|
- Redis/Memcached for object caching
|
|
- CDN for static assets
|
|
|
|
### Performance Optimization
|
|
- PHP OPcache configuration
|
|
- Nginx caching
|
|
- Database query optimization
|
|
- Image optimization
|
|
- Content compression
|
|
|
|
## Support
|
|
|
|
If you encounter issues:
|
|
1. Check the [Troubleshooting Guide](troubleshooting.md)
|
|
2. Review server logs
|
|
3. Open an issue on GitHub
|
|
4. Check existing discussions
|
|
|
|
---
|
|
|
|
**Next Steps**: [SSL Setup Guide](ssl-setup.md)
|