Author: Quan Hua
Last Updated: Fri, Apr 8, 2022WordOps is a command-line WordPress management tool for Linux servers with Nginx, MySQL, and PHP (LEMP). WordOps usually configures WordPress on a single server, but you can also use it to install the website and database on different servers when you need to scale your WordPress site. This article explains how to install WordPress on one server and MySQL on a different server. The servers communicate over a private Vultr VPC. You could also use this same approach to scale further with Vultr Load Balancers.
Deploy two Ubuntu 20.04 cloud servers in the same location.
Make note of the private IP addresses for each server. This article assumes those are:
Install WordOps.
$ wget -qO wo wops.cc && sudo bash wo
Install MySQL.
$ wo stack install --mysql
Verify MySQL is running.
$ service mysql status
Configure the UFW firewall with the commands below. Replace 10.0.0.1 with the web-server's IP address. This allows SSH from anywhere and access to MySQL only from web-server.
$ sudo ufw default allow outgoing
$ sudo ufw default deny incoming
$ sudo ufw allow 22 comment 'SSH'
$ sudo ufw allow from 10.0.0.1 to any port 3306 comment 'MySQL'
$ sudo ufw enable
Secure db-server with fail2ban.
$ wo stack install --fail2ban
Configure MySQL to allow remote access by editing /etc/mysql/my.cnf
.
$ sudo nano /etc/mysql/my.cnf
Add the following to the end of the file:
[mysqld]
bind-address = 0.0.0.0
When finished, /etc/mysql/my.cnf
should look like this:
[client-server]
# Port or socket location where to connect
# port = 3306
socket = /run/mysqld/mysqld.sock
# Import all .cnf files from configuration directory
!includedir /etc/mysql/conf.d/
!includedir /etc/mysql/mariadb.conf.d/
[mysqld]
bind-address = 0.0.0.0
Restart the MySQL service.
$ service mysql restart
Verify the port is open.
$ lsof -i -P -n | grep 3306
The result should look like this:
mariadbd 35985 mysql 16u IPv4 92217 0t0 TCP *:3306 (LISTEN)
View my.cnf
to find the database password.
$ cat /etc/mysql/conf.d/my.cnf
The result should look like this:
[client]
user = root
password = xxxx_example_password_xxxx
socket = /run/mysqld/mysqld.sock
Grant privileges to access the database from web-server.
Replace the IP 10.0.0.1
with your web server's IP address and xxxx_example_password_xxxx
with the password from the previous step.
$ mysql -e "grant all privileges on *.* to 'root'@'10.0.0.1' IDENTIFIED BY 'xxxx_example_password_xxxx' with grant option;"
$ mysql -u root -p -e "flush privileges;"
Install WordOps.
$ wget -qO wo wops.cc && sudo bash wo
Install the WordOps main stacks.
$ wo stack install
The MySQL server isn't required on web-server, so remove it.
$ wo stack remove --mysql
Install the MySQL client on web-server.
$ wo stack install --mysqlclient
Verify you can connect to the MySQL database. Replace 10.0.0.2
with db-server's IP address.
$ mysql -uroot -h10.0.0.2 -p
Create a new /etc/mysql/conf.d/my.cnf
file.
$ sudo nano /etc/mysql/conf.d/my.cnf
Paste the following content.
10.0.0.2
with db-server's IP address.Replace xxxx_example_password_xxxx
with the MySQL password from the previous section.
[client]
host = 10.0.0.2
user = root
password = xxxx_example_password_xxxx
Save and close the file.
Edit the /etc/wo/wo.conf
file.
$ sudo nano /etc/wo/wo.conf
Find the following line:
grant-host = localhost
and replace it with:
grant-host = %
Save and close the file.
Up to this point, you've only worked with the private IP addresses of the servers. In fact, db-server only needs to be available to web-server, and can be blocked entirely from the public Internet. Obviously, web-server does need to be accessible from the Internet to be useful. For the next step, locate the public IP address of web-server in your Vultr customer portal.
Create firewall rules for web-server. This allows access to SSH, HTTP, HTTPS, NTP, and the WordOps Dashboard port.
$ sudo ufw default allow outgoing
$ sudo ufw default deny incoming
$ sudo ufw allow 22 comment 'SSH'
$ sudo ufw allow http comment 'HTTP'
$ sudo ufw allow https comment 'HTTPS'
$ sudo ufw allow 123 comment 'NTP'
$ sudo ufw allow 22222 comment 'WordOps'
$ sudo ufw enable
Create a WordPress website with Nginx fastcgi_cache
and secure the site with Let's Encrypt SSL certificate. Replace web-server.example.com
with your FQDN. Save the admin credentials reported by WordOps.
$ wo site create web-server.example.com --wpfc -le
Your website is now ready to use.