Modern and secure WordPress (LEMP) development and deployment workflow. (See features and back story)
Before you start, You should have:
- Python3 and Git.
- Ansible - You can install it with
pip install ansible
. Make sure Ansible is in$PATH
or runexport PATH=$PATH:~/.local/bin
- Trellis-CLI - You can install it with
curl -sL https://roots.io/trellis/cli/get | sudo bash
- A DigitalOcean token - You can create one from the DigitalOcean dashboard.
- An SSH key pair (
~/.ssh/id_rsa
and~/.ssh/id_rsa.pub
) - You can generate one withssh-keygen -t rsa -b 4096
. - A domain or subdomain pointing at the droplet/server IP (which we will provision in the next step)
To get started, follow these steps:
- Clone this project with
git clone https://github.com/sam5epi0l/brainstorm-force.git
- Get vault password from the project owner. Add the vault password in
trellis/.vault_pass
file. - Use
trellis init
to initialize the project and create a virtual environment for Python and Ansible dependencies.
- Run
trellis droplet create production
to provision (to Digitalocean) a Ubuntu server. You will be prompted to enter your DigitalOcean token, droplet name, type, and location. - If your code repository is private, you can either use SSH agent forwarding or manually add
~/.ssh/id_rsa
(GitHub key) to theweb
user on the server (optional). - Run
gh secret set ANSIBLE_VAULT_PASSWORD -b $(cat trellis/.vault_pass)
to set the Vault password as a GitHub secret. - Run
trellis key generate
to generate a deploy key for GitHub and add it to your repository automatically. This will also create two new repository secrets: TRELLIS_DEPLOY_SSH_KNOWN_HOSTS and TRELLIS_DEPLOY_SSH_PRIVATE_KEY. - Run
trellis deploy production
to deploy your code to the server.
You can deploy your code to the server in two ways:
- Manually, by running
trellis deploy production
from your local machine. - Automatically, by using GitHub Actions to trigger a deployment on every code push. You can configure this by following the instructions in this guide.
For more information the workflow and technologies used, please refer to these official documentation:
- Trellis-CLI Docs
- Features
- Community discussions and help:
- Issue: SSH issue
- Issue: Subtree path error
- Trellis Wordpress docs
Before I decided to use Trellis, I tried starting from scratch but it was a vast project. So, I tried some options for provisioning and deploying the application website. Here is what I did and why I finally chose Trellis:
- AnsiPress and WordPress Ansible Playbook
- I then discovered two projects by rtCamp, WordPress-Skeleton and Action-Deploy-WordPress, that used best practices and standards for WordPress development and deployment.
- Finally, I found Trellis. It has Trellis-CLI, a command-line interface that made it easy to provision and deploy servers. It also have many features, such as Nginx, PHP-FPM, MariaDB, Redis, Let’s Encrypt, Fail2ban, Composer, WP-CLI, MailHog, and more. With great documentation and community support.
Trellis is the most complete, robust and community powered solution available.