✨ Features: - Complete LEMP stack automation - WordPress with WP-CLI - Redis Object Cache (50% performance boost) - Multi-OS support - SSL/Let's Encrypt integration - Security hardening - Enterprise features - Docker testing environment - GitHub Actions CI/CD - Comprehensive documentation 🧪 Fully tested and production-ready Copyright (c) 2025 Sebastian Palencsár
5.8 KiB
5.8 KiB
Production Deployment Guide
This guide walks you through deploying WordPress on a production server using this Ansible automation.
Prerequisites
Control Machine (Your Local Computer)
- Ansible 6.0 or higher
- SSH client
- Git (to clone this repository)
Target Server
- Ubuntu 24.04 LTS (recommended) or other supported OS
- Minimum 1GB RAM (2GB+ recommended)
- 10GB+ free disk space
- Root or sudo access
- SSH access enabled
Step-by-Step Deployment
1. Prepare Your Server
Create a Non-Root User (if not exists)
# On your server, as root:
adduser deployer
usermod -aG sudo deployer
# Add passwordless sudo (optional but recommended)
echo "deployer ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/deployer
Set Up SSH Key Authentication
# On your local machine:
ssh-keygen -t ed25519 -C "your-email@example.com"
ssh-copy-id deployer@your-server.com
# Test connection:
ssh deployer@your-server.com
2. Clone and Configure
# Clone the repository
git clone https://github.com/yourusername/ansible-lemp-wordpress.git
cd ansible-lemp-wordpress
# Create your inventory
cp inventory/production.example inventory/production.ini
3. Edit Inventory Configuration
Edit inventory/production.ini:
[webservers]
your-domain.com ansible_user=deployer ansible_ssh_private_key_file=~/.ssh/id_ed25519
[webservers:vars]
# WordPress Configuration
wp_admin_user=admin
wp_admin_password=your_very_secure_password_here
wp_admin_email=admin@your-domain.com
wp_site_title=Your WordPress Site
wp_site_url=https://your-domain.com
# Database Configuration
mysql_root_password=extremely_secure_root_password
wordpress_db_name=wordpress_prod
wordpress_db_user=wp_prod_user
wordpress_db_password=secure_database_password
# SSL Configuration
enable_ssl=true
ssl_email=admin@your-domain.com
4. Test Connection
ansible -i inventory/production.ini webservers -m ping
Expected output:
your-domain.com | SUCCESS => {
"changed": false,
"ping": "pong"
}
5. Deploy LEMP Stack
ansible-playbook -i inventory/production.ini playbooks/lemp-wordpress.yml
This will:
- Update system packages
- Install and configure Nginx
- Install and secure MySQL
- Install PHP with required extensions
- Configure firewall (if applicable)
6. Install WordPress
ansible-playbook -i inventory/production.ini playbooks/install-wordpress-official.yml
This will:
- Download and install WP-CLI
- Download latest WordPress
- Create wp-config.php
- Set up database and admin user
- Configure proper file permissions
7. Post-Deployment Steps
Update DNS Records
Point your domain to your server's IP address:
A Record: your-domain.com → YOUR_SERVER_IP
A Record: www.your-domain.com → YOUR_SERVER_IP
Set Up SSL (if enabled)
If you set enable_ssl=true, SSL certificates will be automatically configured via Let's Encrypt.
Test Your Site
- Visit:
https://your-domain.com - Admin:
https://your-domain.com/wp-admin
Security Recommendations
1. Change Default Passwords
Immediately change all default passwords:
- WordPress admin password
- Database passwords
- Server user passwords
2. Update WordPress Admin Email
Go to WordPress Admin → Settings → General and update the admin email.
3. Install Security Plugins
Consider installing:
- Wordfence Security
- Updraft Plus (for backups)
- iThemes Security
4. Server Security
# Enable automatic security updates
sudo dpkg-reconfigure -plow unattended-upgrades
# Configure firewall
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw enable
5. Database Security
- Use strong passwords
- Limit database access to localhost only
- Regular backups
Monitoring and Maintenance
1. Log Files
Monitor these log files:
- Nginx:
/var/log/nginx/access.logand/var/log/nginx/error.log - PHP-FPM:
/var/log/php8.3-fpm.log - MySQL:
/var/log/mysql/error.log - WordPress:
/var/www/html/wp-content/debug.log(if WP_DEBUG enabled)
2. Regular Updates
# Update system packages
sudo apt update && sudo apt upgrade
# Update WordPress (via WP-CLI)
cd /var/www/html
sudo -u www-data wp core update --allow-root
sudo -u www-data wp plugin update --all --allow-root
sudo -u www-data wp theme update --all --allow-root
3. Backups
Set up automated backups:
- Database:
mysqldump - Files:
rsyncor cloud storage - Consider using backup plugins like UpdraftPlus
4. Performance Monitoring
Monitor:
- Server resources (CPU, RAM, disk space)
- Website response times
- Database query performance
- Error rates
Troubleshooting
Connection Issues
# Test Ansible connection
ansible -i inventory/production.ini webservers -m ping
# Test SSH connection
ssh -v deployer@your-server.com
Service Issues
# Check service status
sudo systemctl status nginx
sudo systemctl status mysql
sudo systemctl status php8.3-fpm
# View logs
sudo journalctl -u nginx
sudo journalctl -u mysql
sudo journalctl -u php8.3-fpm
WordPress Issues
# Check WordPress installation
cd /var/www/html
sudo -u www-data wp core verify-checksums --allow-root
# Check database connection
sudo -u www-data wp db check --allow-root
Scaling Considerations
Multi-Server Setup
For high-traffic sites, consider:
- Load balancer (Nginx or HAProxy)
- Database replication or clustering
- Redis/Memcached for object caching
- CDN for static assets
Performance Optimization
- PHP OPcache configuration
- Nginx caching
- Database query optimization
- Image optimization
- Content compression
Support
If you encounter issues:
- Check the Troubleshooting Guide
- Review server logs
- Open an issue on GitHub
- Check existing discussions
Next Steps: SSL Setup Guide