This is the example of building high available wordpress with SLB and ECS, RDS and so on. Architecture overview is here.
- Create VPC
- Create Vswitch
- Create Security Group and set some rules
- Create two ECS instances for wordpress application in Vswitch
- Create one ECS instance for bastion server in Vswitch
- Create EIP and bind it to bastion ECS instance
- Create NAT Gateway and add it to route table of VRouter
- Create a RDS instance in Vswitch and create database, db user
- Set ECS private ip address to RDS white list
You can build wordpress by following process. But if you want to operate wordpress in production environment, you need to configure more.
$ cp terraform.tfvars.sample terraform.tfvars
$ vim terraform.tfvars
=> Edit variables with your favorite editor.
// Deploy to Alibaba Cloud
$ terraform apply
...
Apply complete! Resources: 26 added, 0 changed, 0 destroyed.
Outputs:
bastion_eip = <bastion_ip>
ecs_private_ip = <wordpress_private_ip_1>,<wordpress_private_ip_2>
rds_connection_string = <rds_connection_address>
slb_ip = <slb_ip>
// Connect to bastion ECS instance
$ ssh ecs-user@<bastion_ip>
// Then connect to wordpress ECS instance
// You need to do this process two times, because you have two wordpress servers.
$ ssh ecs-user@<wordpress_private_ip_1/2>
-> Default ecs-user password is "Test1234"
// Configure wordpress
$ cd /var/www/html/wordpress
$ sudo cp wp-config-sample.php wp-config.php
$ sudo vim wp-config.php
define('DB_NAME', 'database_name_here');
define('DB_USER', 'username_here');
define('DB_PASSWORD', 'password_here');
define('DB_HOST', 'localhost');
After deploy and configuration to wp-config.php
, let's access to your slb ip address.
You will find wordpress installation screen.
http://<your slb ip address>/wordpress
Wordpress ECS will be provisioned to following settings by Ansible.
- Install Apache
- Install PHP
- Deploy WordPress source code
- Create
ecs-user
- Add
ecs-user
to sudoers - Add your public key to
/home/ecs-user/.ssh/authorized_keys
- Add
- Disable root account login
Bastion ECS will be provisioned to following settings by Ansible.
- Create
ecs-user
- Add
ecs-user
to sudoers - Add your public key to
/home/ecs-user/.ssh/authorized_keys
- Add
- Disable password authentication and root account login