My Projects
Deploy a WordPress Website on AWS

Deploy a WordPress Website on AWS

This Project focuses on hosting a highly available WordPress website in AWS.

Chinedu Ejim's photo
Chinedu Ejim
ยท

6 min read

Overview

The deployment of this highly available WordPress website in AWS involves provisioning and configuring a highly secured VPC, setting up an RDS instance, creating an Elastic File System (EFS) for shared data, launching and configuring EC2 instances in different Availability zones to host our website, deploying a Bastion Host to securely access the webservers, installing WordPress, , creating Application Load Balancer (ALB), Domain name registration to access the website using Route 53, securing communications to our website using SSL.

Architecture

The Architecture for this project includes the following AWS Services:

  • VPC (3-Tier-VPC with Security Groups)

  • Amazon RDS (MySQL 5.7)

  • Amazon EFS

  • Application Load Balancer

  • Route 53

  • SSL

VPC-Provisioning

Following the same steps we used in Project 1, we will provision our VPC. The only additions that would be made is updating the Security Groups (SG). In Project 1, we had the ALB SG, SSH SG and the Webserver SG. In this project we will add two more SG.

  • Database SG

    The protocol is MySQL and will listen on port 3306. Its source will be from the Webserver SG.

  • EFS SG

    The protocol is NFS and will listen 2049. Its source will be from the Webserver SG, SSH SG and EFS SG itself.

RDS-Deployment

The engine for this database is MySQL and is deployed in the Private Data Subnets.

Steps to Deploy an RDS

  • The first step in deploying an RDS, is to Create a Subnet Group. In creating this subnet Group, you specify the Availability Zones and subnets you want to deploy the RDS on. In this case, the Availability Zones are (AZ1 & AZ2) and the subnets are Private Data Subnet AZ1 & AZ2.

  • After creating the Subnet Group, next is to create the Database itself. The database engine I chose for my database is MySQL 5.7.44. I created username, password and database name (these are necessary information when creating the website).

  • Next is setting the configuration of the database. The Subnet Group we created was selected and the security Group we assigned to this database is the Database SG we created earlier. And then launch the RDS.

EFS-Deployment

An Elastic File System (EFS) is a file storage system that allows management and sharing of files across multiple the webserver.

  • To create an EFS, click on create file system and give the EFS a name.

  • Configure the Network of the EFS by selecting the VPC to deploy this EFS on and the Mount Targets, and Security groups.

    Under the Mount Targets, I chose to mount the targets in Private Data Subnet AZ1 &AZ2. And the Security Group I assigned to this EFS is the EFS SG we also created earlier.

EC2 Deployment

We will deploy our Ec2 instances in our Private APP Subnets in the different Availability zones and a Bastion Host in the Public Subnet to securely access the EC2 in the Privates subnets. This is where we will install the Apache, PHP, MySQL and WordPress.

We will deploy EC2 instances in the Private App Subnet AZ1 & AZ2 and name them Webserver AZ1 and Webserver AZ2, follow the steps in Project 2 in deploying the instances. To deploy Bastion Host, follow the same steps to deploy EC2, and make sure its deployed in the Public Subnet.

Application Load Balancer (ALB)

We will create an Application load Balancer in the Public Subnets to route traffic to the webservers in the Private Subnets. See steps to create an ALB here. The Security Group will be ALB SG and ALB to route traffic to Target Group (Webserver AZ1 & AZ2) using HTTP protocol on port 80.

After creating the ALB, copy the DNS name to be used to access the website.

WordPress website Set up

After creating the EC2 instances and the Bastion, we will SSH into the Bastion Host, we will need the MobaXterm software, keypair, username and IP Address.

We have successfully, ssh into our Bastion Host.

From the Bastion Host, we will ssh into the Webserver in the Private App Subnets using the same commands we ran earlier but with the Webservers IP Address. After we have successfully ssh into the Webserver in the Private Subnet from the Bastion Host, We will run the following commands.

#Install apache, apache utility tool and apache module that provides support for SSL/TLS encryption.
sudo yum install -y httpd httpd-tools mod_ssl
sudo systemctl enable httpd 
sudo systemctl start httpd

#Install php on Amazon Linux 2023
sudo yum install -y php php-common php-pear
sudo yum install -y php-{cgi,curl,mbstring,gd,mysqlnd,gettext,json,xml,fpm,intl,zip}

#Install mysql5.7
sudo rpm -Uvh https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm
sudo rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
sudo yum install mysql-community-server -y
sudo systemctl enable mysqld
sudo systemctl start mysqld

#Download and Install wordpress files
wget https://wordpress.org/latest.tar.gz
tar -xzf latest.tar.gz
sudo mv -r wordpress/* /var/www/html/

#Rename the wp-config.php file
sudo mv /var/www/html/wp-config-sample.php /var/www/html/wp-config.php
vi wp-config.php 
<<comment
Edit this with your Database information
define( 'DB_NAME', 'Ejim_Database' );
define( 'DB_USER', 'Ejimzz' );
define( 'DB_PASSWORD', 'ejim1234' );
define( 'DB_HOST', 'mydb.adcem8cumi94.us-east-1.rds.amazonaws.com' );
<<comment

#Set Permissions
sudo chown apache:apache -R /var/www/html
sudo chmod -R 755 /var/www/html

#Mount the EFS
#replace "my_efs_dns" with the DNS of the EFS "fs-0e64746745e1f0.efs.us-east-1.amazonaws.com."
sudo echo "my_efs_dns:/ /var/www/html nfs4 nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 0 0" >> /etc/fstab
sudo mount -a

#Restart the webserver
sudo service httpd restart

After the commands has been executed successfully, copy the DNS name of the ALB into a web browser, to access and complete Installation of WordPress.

Setting Domain Name for our Website.

After we have successfully installed WordPress and can access the website using the DNS name of our ALB, we will set A Domain Name to point to our ALB.

  • Firstly, in Route 53, we will check for the availability of any Domain name of our choice, and if available, we will proceed to making payments and register the Domain name.

  • Secondly, we will create a Record set in Route 53 to point this Domain name we just registered to our ALB.

    After this record has been set, we can now access the website using the Domain name. (ejimz.com)

Encrypt and Secure Communications to our Website.

Ensuring communication privacy and security between the web browser and website is necessary.

Firstly, we will register for SSL Certificate under the Certificate Manager tab. Then in the ALB, using the HTTPS protocol on port 443, we will forward traffic to our Target Group (webservers) using our SSL certificate that was issued. And then redirect traffic from the HTTP on port 80 to HTTPS.

Now, access to our website is now secured, with the URL as ejimz.com

We have successfully created our website. we can install preferred themes to customize our WordPress website for looks and appearances.

Acknowledgements

Credits to AOSNOTE for the project guidance.

AWSWordPressrds instanceMySQLAmazon EFS
ย