Files
ansible-lemp-wordpress/docs/production-deployment.md
Sebastian Palencsár 573224a36b 🚀 Initial release: Complete Ansible LEMP WordPress automation
 Features:
- Complete LEMP stack automation
- WordPress with WP-CLI
- Redis Object Cache (50% performance boost)
- Multi-OS support
- SSL/Let's Encrypt integration
- Security hardening
- Enterprise features
- Docker testing environment
- GitHub Actions CI/CD
- Comprehensive documentation

🧪 Fully tested and production-ready

Copyright (c) 2025 Sebastian Palencsár
2025-06-18 18:24:55 +02:00

5.8 KiB

Production Deployment Guide

This guide walks you through deploying WordPress on a production server using this Ansible automation.

Prerequisites

Control Machine (Your Local Computer)

  • Ansible 6.0 or higher
  • SSH client
  • Git (to clone this repository)

Target Server

  • Ubuntu 24.04 LTS (recommended) or other supported OS
  • Minimum 1GB RAM (2GB+ recommended)
  • 10GB+ free disk space
  • Root or sudo access
  • SSH access enabled

Step-by-Step Deployment

1. Prepare Your Server

Create a Non-Root User (if not exists)

# On your server, as root:
adduser deployer
usermod -aG sudo deployer

# Add passwordless sudo (optional but recommended)
echo "deployer ALL=(ALL) NOPASSWD:ALL" | sudo tee /etc/sudoers.d/deployer

Set Up SSH Key Authentication

# On your local machine:
ssh-keygen -t ed25519 -C "your-email@example.com"
ssh-copy-id deployer@your-server.com

# Test connection:
ssh deployer@your-server.com

2. Clone and Configure

# Clone the repository
git clone https://github.com/yourusername/ansible-lemp-wordpress.git
cd ansible-lemp-wordpress

# Create your inventory
cp inventory/production.example inventory/production.ini

3. Edit Inventory Configuration

Edit inventory/production.ini:

[webservers]
your-domain.com ansible_user=deployer ansible_ssh_private_key_file=~/.ssh/id_ed25519

[webservers:vars]
# WordPress Configuration
wp_admin_user=admin
wp_admin_password=your_very_secure_password_here
wp_admin_email=admin@your-domain.com
wp_site_title=Your WordPress Site
wp_site_url=https://your-domain.com

# Database Configuration  
mysql_root_password=extremely_secure_root_password
wordpress_db_name=wordpress_prod
wordpress_db_user=wp_prod_user
wordpress_db_password=secure_database_password

# SSL Configuration
enable_ssl=true
ssl_email=admin@your-domain.com

4. Test Connection

ansible -i inventory/production.ini webservers -m ping

Expected output:

your-domain.com | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

5. Deploy LEMP Stack

ansible-playbook -i inventory/production.ini playbooks/lemp-wordpress.yml

This will:

  • Update system packages
  • Install and configure Nginx
  • Install and secure MySQL
  • Install PHP with required extensions
  • Configure firewall (if applicable)

6. Install WordPress

ansible-playbook -i inventory/production.ini playbooks/install-wordpress-official.yml

This will:

  • Download and install WP-CLI
  • Download latest WordPress
  • Create wp-config.php
  • Set up database and admin user
  • Configure proper file permissions

7. Post-Deployment Steps

Update DNS Records

Point your domain to your server's IP address:

A Record: your-domain.com → YOUR_SERVER_IP
A Record: www.your-domain.com → YOUR_SERVER_IP

Set Up SSL (if enabled)

If you set enable_ssl=true, SSL certificates will be automatically configured via Let's Encrypt.

Test Your Site

  • Visit: https://your-domain.com
  • Admin: https://your-domain.com/wp-admin

Security Recommendations

1. Change Default Passwords

Immediately change all default passwords:

  • WordPress admin password
  • Database passwords
  • Server user passwords

2. Update WordPress Admin Email

Go to WordPress Admin → Settings → General and update the admin email.

3. Install Security Plugins

Consider installing:

  • Wordfence Security
  • Updraft Plus (for backups)
  • iThemes Security

4. Server Security

# Enable automatic security updates
sudo dpkg-reconfigure -plow unattended-upgrades

# Configure firewall
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw enable

5. Database Security

  • Use strong passwords
  • Limit database access to localhost only
  • Regular backups

Monitoring and Maintenance

1. Log Files

Monitor these log files:

  • Nginx: /var/log/nginx/access.log and /var/log/nginx/error.log
  • PHP-FPM: /var/log/php8.3-fpm.log
  • MySQL: /var/log/mysql/error.log
  • WordPress: /var/www/html/wp-content/debug.log (if WP_DEBUG enabled)

2. Regular Updates

# Update system packages
sudo apt update && sudo apt upgrade

# Update WordPress (via WP-CLI)
cd /var/www/html
sudo -u www-data wp core update --allow-root
sudo -u www-data wp plugin update --all --allow-root
sudo -u www-data wp theme update --all --allow-root

3. Backups

Set up automated backups:

  • Database: mysqldump
  • Files: rsync or cloud storage
  • Consider using backup plugins like UpdraftPlus

4. Performance Monitoring

Monitor:

  • Server resources (CPU, RAM, disk space)
  • Website response times
  • Database query performance
  • Error rates

Troubleshooting

Connection Issues

# Test Ansible connection
ansible -i inventory/production.ini webservers -m ping

# Test SSH connection
ssh -v deployer@your-server.com

Service Issues

# Check service status
sudo systemctl status nginx
sudo systemctl status mysql
sudo systemctl status php8.3-fpm

# View logs
sudo journalctl -u nginx
sudo journalctl -u mysql
sudo journalctl -u php8.3-fpm

WordPress Issues

# Check WordPress installation
cd /var/www/html
sudo -u www-data wp core verify-checksums --allow-root

# Check database connection
sudo -u www-data wp db check --allow-root

Scaling Considerations

Multi-Server Setup

For high-traffic sites, consider:

  • Load balancer (Nginx or HAProxy)
  • Database replication or clustering
  • Redis/Memcached for object caching
  • CDN for static assets

Performance Optimization

  • PHP OPcache configuration
  • Nginx caching
  • Database query optimization
  • Image optimization
  • Content compression

Support

If you encounter issues:

  1. Check the Troubleshooting Guide
  2. Review server logs
  3. Open an issue on GitHub
  4. Check existing discussions

Next Steps: SSL Setup Guide