Deployment Overview of WordPress on Server¶

Prerequisites and Basic Requirements¶

To successfully deploy and manage the WordPress application, the following system requirements must be met:

• Operating System: Linux distribution compatible with Docker Engine.

• Privileges: Root or sudo access is required to manage Docker services and file permissions.

• Domain: A valid DNS entry pointing to the server IP is required for the domain wp<Server ID>.hostkey.in.

• Ports: The server must allow incoming traffic on port 443 for HTTPS and port 80 for HTTP (required for SSL certificate issuance).

FQDN of the Final Panel¶

The application is accessible via the following Fully Qualified Domain Name (FQDN) format:

• wp<Server ID>.hostkey.in

Replace <Server ID> with the specific identifier assigned to the deployment. The service listens on port 443 for secure connections and port 80 for initial SSL negotiation.

File and Directory Structure¶

The deployment utilizes the following directory structure on the host system to store configurations, data, and certificates:

• /root/wordpress/: Contains the compose.yml file used to orchestrate the Docker containers.

• /data/: Root directory for persistent data storage.

• /data/nginx/: Stores Nginx environment variables and configuration files.

• /data/nginx/user_conf.d/: Holds the custom Nginx server block configuration files.

• /data/wordpress/: Mount point for the WordPress web root files.

Application Installation Process¶

The application is deployed using Docker Compose. The deployment process involves the following steps:

1. Ensure the compose.yml file is located in the /root/wordpress/ directory.

2. Execute the Docker Compose command to start the services in detached mode:

   cd /root/wordpress
   docker compose up -d
   

3. The system will pull the necessary container images:

   • bitnami/mariadb:latest for the database.

   • wordpress:php8.2-fpm for the application runtime.

   • jonasal/nginx-certbot:latest for the web server and SSL management.

Docker Containers and Their Deployment¶

The deployment consists of three primary containers defined in the compose.yml file:

• mariadb:

  • Image: docker.io/bitnami/mariadb:latest

  • Purpose: Provides the MySQL-compatible database for WordPress.

  • Persistence: Uses a named volume mariadb_data to store database files at /bitnami/mariadb inside the container.

• wordpress:

  • Image: docker.io/wordpress:php8.2-fpm

  • Purpose: Runs the PHP-FPM application.

  • Networking: Binds the internal port 9000 to 127.0.0.1:9000 on the host.

  • Persistence: Mounts the host directory /data/wordpress to /var/www/html inside the container.

• nginx:

  • Image: jonasal/nginx-certbot:latest

  • Purpose: Acts as the reverse proxy, handles SSL termination, and manages Let's Encrypt certificates.

  • Networking: Runs in host network mode.

  • Persistence:

    • Mounts nginx_secrets volume for Let's Encrypt certificates.

    • Mounts /data/nginx/user_conf.d to /etc/nginx/user_conf.d for custom configurations.

    • Mounts /data/wordpress to /var/www/html to serve web content.

Databases¶

The database configuration is handled within the mariadb container. The following parameters define the connection settings:

The database credentials are injected via environment variables. The MYSQL_ROOT_PASSWORD and MARIADB_PASSWORD are configured to match the system's SSH password configuration (ansible_ssh_pass) during the initial setup.

Proxy Servers¶

The jonasal/nginx-certbot container functions as the reverse proxy and SSL manager. It handles all incoming web traffic for the domain.

• Configuration: The custom Nginx server block is stored at /data/nginx/user_conf.d/wp<Server ID>.hostkey.in.conf.

• SSL/TLS: The container automatically manages SSL certificates using Let's Encrypt (Certbot).

  • Certificate Path: /etc/letsencrypt/live/wp<Server ID>.hostkey.in/

  • Certificate Email: [email protected]

• Routing:

  • Port 80 is used for HTTP requests and ACME challenge validation (/.well-known/acme-challenge/).

  • Port 443 handles HTTPS traffic with HTTP/2 support.

  • PHP requests are proxied to the internal WordPress container at 127.0.0.1:9000.

Permission Settings¶

The host directories are initialized with specific ownership and permissions to ensure secure operation:

• /data, /data/nginx, /data/nginx/user_conf.d, and /root/wordpress:

  • Owner: root

  • Group: root

  • Mode: 0755 (Directories) or 0640 (Configuration files)

The Docker containers run with default permissions as defined by their respective images. The nginx container mounts host directories, allowing it to read and write configuration and web files as required by the service.

Location of Configuration Files and Data¶

The following paths contain the critical configuration and data files for the deployment:

• Docker Compose File: /root/wordpress/compose.yml

• Nginx Environment File: /data/nginx/nginx-certbot.env

• Nginx Server Block: /data/nginx/user_conf.d/wp<Server ID>.hostkey.in.conf

• Web Root: /data/wordpress (serves as /var/www/html inside containers)

• SSL Certificates: Managed internally within the nginx_secrets volume, mounted at /etc/letsencrypt.

Available Ports for Connection¶

The following ports are exposed and utilized by the deployment:

• 443 (TCP): HTTPS traffic for the wp<Server ID>.hostkey.in domain.

• 80 (TCP): HTTP traffic for SSL certificate renewal and redirection.

• 9000 (TCP): PHP-FPM internal communication, bound to 127.0.0.1 only (not exposed externally).

Starting, Stopping, and Updating¶

Service management is performed using Docker Compose commands executed from the /root/wordpress directory.

• Start Services:

  cd /root/wordpress
  docker compose up -d
  

• Stop Services:

  cd /root/wordpress
  docker compose down
  

• Restart Services:

  cd /root/wordpress
  docker compose restart
  

• Update Images: To update the container images to the latest versions and restart the services:

  cd /root/wordpress
  docker compose pull
  docker compose up -d
  

Logs can be viewed using:

docker compose logs -f