91 lines
3.1 KiB
Markdown
Raw Normal View History

2023-08-17 22:39:07 +02:00
# Hetzner HA WordPress
This repository contains scripts and configuration files to set up a highly
available (HA) WordPress instance on Hetzner Cloud infrastructure. The aim of this
project is to provide a robust and scalable solution for hosting a WordPress
website with high availability.
## Table of Contents
- [Features](#features)
- [Requirements](#requirements)
- [Deployment](#deployment)
- [Testing](#testing)
- [Open Tasks](#open-tasks)
- [License](#license)
## Features
- Automated deployment of cloud infrastructure via [terraform](https://www.terraform.io/)
- Automated provisioning of the servers with [ansible](https://www.ansible.com/)
2023-09-17 12:54:18 +02:00
- A Hetzner TCP Loadbalancer forwards to the loadbalancer server
- The loadbalancer server terminates TLS, automatically renews the Let's encrypt certificates and loadbalances requests between application servers using [Caddy](https://caddyserver.com/)
- The replication of wordpress files between machines is done with [GlusterFS](https://www.gluster.org/)
- The MySQL database is running on the loadbalancer for now, since this is the only server allowed to fail
2023-08-17 22:39:07 +02:00
## Requirements
Before you begin, ensure you have the following:
- A Hetzner Cloud account and API token
- A recent installation of [ansible](https://www.ansible.com/)
2023-09-17 12:54:18 +02:00
- Installed the latest version of the ansible community collection `ansible-galaxy collection install community.general`
2023-08-17 22:39:07 +02:00
- A recent installation of [terraform](https://developer.hashicorp.com/terraform/downloads)
## Deployment
2023-09-17 12:54:18 +02:00
The whole deployment is done from one ansible playbook. The playbook deploys the cloud
infrastructure with terraform and provisions the different servers. In the end the public
IPs are removed with terraform.
Change into the ansible folder
2023-08-17 22:39:07 +02:00
```bash
2023-09-17 12:54:18 +02:00
cd ansible
2023-08-17 22:39:07 +02:00
```
Export the hcloud token as environment variable
```bash
export HCLOUD_TOKEN="<your-hcloud-token>"
```
2023-09-17 12:54:18 +02:00
Write the terraform vault password to a file, to not always having to type the password
```bash
echo "<ansible-vault-pass>" > vault_pass
```
Deploy the infrastructure. This can take several minutes on the first run.
2023-08-17 22:39:07 +02:00
```bash
2023-09-17 12:54:18 +02:00
ansible-playbook playbook.yaml --vault-password-file vault_pass
2023-08-17 22:39:07 +02:00
```
2023-09-17 12:54:18 +02:00
To verify that everything is setup you can use the [hcloud CLI](https://github.com/hetznercloud/cli).
2023-08-17 22:39:07 +02:00
```bash
2023-09-17 12:54:18 +02:00
hcloud server list
2023-08-17 22:39:07 +02:00
```
2023-09-17 12:54:18 +02:00
You should see three running webservers and one loadbalancer.
2023-08-17 22:39:07 +02:00
## Testing
To test the provisioning with ansible, vagrant is used.
The secrets are stored in an [ansible vault](https://docs.ansible.com/ansible/latest/cli/ansible-vault.html).
Vagrant expects them in a password file `vault_pass` in the root of the repo.
This file is not included for obvious reasons.
Please ask the project maintainer if you need the vault password.
Launch the virtualboxes inside the repository root folder
```bash
vagrant up
```
For subsequent tests of the playbook run
```bash
vagrant provision
```
To connect to a specific machine run
```bash
vagrant ssh web1
```
2023-09-17 12:54:18 +02:00
## Future work
2023-08-17 22:39:07 +02:00
- Use an external secret provider
2023-09-17 12:54:18 +02:00
- Store the terraform state remotely
- Monitoring and alerting
2023-08-17 22:39:07 +02:00
## License
Hetzner HA WordPress is licensed under the [MIT License](https://opensource.org/license/MIT/).