90 lines
3.1 KiB
Markdown
Raw Normal View History

2023-08-17 22:39:07 +02:00
# Hetzner HA WordPress
This repository contains scripts and configuration files to set up a highly
available (HA) WordPress instance on Hetzner Cloud infrastructure. The aim of this
project is to provide a robust and scalable solution for hosting a WordPress
website with high availability.
## Table of Contents
- [Features](#features)
- [Requirements](#requirements)
- [Deployment](#deployment)
- [Testing](#testing)
- [Open Tasks](#open-tasks)
- [License](#license)
## Features
- High availability setup for WordPress using [Hetzner Cloud](https://www.hetzner.com/de/cloud)
- Automated deployment of cloud infrastructure via [terraform](https://www.terraform.io/)
- Automated provisioning of the servers with [ansible](https://www.ansible.com/)
- Test environment with [vagrant](https://www.vagrantup.com/)
## Requirements
Before you begin, ensure you have the following:
- A Hetzner Cloud account and API token
- A recent installation of [ansible](https://www.ansible.com/)
- A recent installation of [terraform](https://developer.hashicorp.com/terraform/downloads)
If you would like to test the ansible provisioning locally, ensure you have the following:
- A recent installation of [vagrant](https://developer.hashicorp.com/vagrant/downloads)
- A recent installation of [virtualbox](https://www.virtualbox.org/wiki/Downloads)
## Deployment
To deploy the cloud infrastructure with terraform, switch into the terraform folder
```bash
cd terraform
```
Export the hcloud token as environment variable
```bash
export HCLOUD_TOKEN="<your-hcloud-token>"
```
Initialize terraform
```bash
terraform init
```
And apply the changes using the production variables
```bash
terraform apply -var-file="prod.tfvars"
```
## Testing
To test the provisioning with ansible, vagrant is used.
The secrets are stored in an [ansible vault](https://docs.ansible.com/ansible/latest/cli/ansible-vault.html).
Vagrant expects them in a password file `vault_pass` in the root of the repo.
This file is not included for obvious reasons.
Please ask the project maintainer if you need the vault password.
Launch the virtualboxes inside the repository root folder
```bash
vagrant up
```
For subsequent tests of the playbook run
```bash
vagrant provision
```
To connect to a specific machine run
```bash
vagrant ssh web1
```
## Open Tasks
- [ ] Replication of the file system between machines: [GlusterFS](https://www.gluster.org/)
- [ ] Replication of the database between machine: Using [mysql replication](https://mariadb.com/kb/en/setting-up-replication/)
- [ ] Provision hcloud server with the [cloud init ansible module](https://cloudinit.readthedocs.io/en/latest/reference/modules.html#ansible)
- [ ] Setup Hetzner Managed certificate for the loadbalancer and set type to https
- [ ] Assign the correct static external IP to the loadbalancer
- [ ] Add required SSH keys
- [ ] Document terraform modules with [terraform-docs](https://terraform-docs.io/)
Shortcomings which should be addressed in future versions
- Use an external secret provider
- Store the terraform state remote
## License
Hetzner HA WordPress is licensed under the [MIT License](https://opensource.org/license/MIT/).