2023-09-17 13:01:37 +02:00

3.1 KiB

Hetzner HA WordPress

This repository contains scripts and configuration files to set up a highly available (HA) WordPress instance on Hetzner Cloud infrastructure. The aim of this project is to provide a robust and scalable solution for hosting a WordPress website with high availability.

Table of Contents

Features

  • Automated deployment of cloud infrastructure via terraform
  • Automated provisioning of the servers with ansible
  • A Hetzner TCP Loadbalancer forwards to the loadbalancer server
  • The loadbalancer server terminates TLS, automatically renews the Let's encrypt certificates and loadbalances requests between application servers using Caddy
  • The replication of wordpress files between machines is done with GlusterFS
  • The MySQL database is running on the loadbalancer for now, since this is the only server allowed to fail

Requirements

Before you begin, ensure you have the following:

  • A Hetzner Cloud account and API token
  • A recent installation of ansible
  • Installed the latest version of the ansible community collection ansible-galaxy collection install community.general
  • A recent installation of terraform

Deployment

The whole deployment is done from one ansible playbook. The playbook deploys the cloud infrastructure with terraform and provisions the different servers. In the end the public IPs are removed with terraform.

Change into the ansible folder

cd ansible

Export the hcloud token as environment variable

export HCLOUD_TOKEN="<your-hcloud-token>"

Write the terraform vault password to a file, to not always having to type the password

echo "<ansible-vault-pass>" > vault_pass

Deploy the infrastructure. This can take several minutes on the first run.

ansible-playbook playbook.yaml --vault-password-file vault_pass

To verify that everything is setup you can use the hcloud CLI.

hcloud server list

You should see three running webservers and one loadbalancer.

Testing

To test the provisioning with ansible, vagrant is used. The secrets are stored in an ansible vault. Vagrant expects them in a password file vault_pass in the root of the repo. This file is not included for obvious reasons. Please ask the project maintainer if you need the vault password.

Launch the virtualboxes inside the repository root folder

vagrant up

For subsequent tests of the playbook run

vagrant provision

To connect to a specific machine run

vagrant ssh web1

Future work

  • Use an external secret provider
  • Store the terraform state remotely
  • Monitoring and alerting

License

Hetzner HA WordPress is licensed under the MIT License.