The Talent500 Blog
Automatic WordPress Deployment + Free SSL: Trellis How-To 1

Automatic WordPress Deployment + Free SSL: Trellis How-To

Trellis is all about production and development parity. What exactly does this mean? Your development virtual machine and production virtual machine are as identical as feasible.
Trellis uses atomic deployments, which require the server to git clone the most recent codebase, create a new timestamped release folder, perform composer install, and then change the existing symlink to the most recent release. With each deployment, your web server will always provide the most recent code.

Prerequisites:

  • A private server — Trellis cannot run on a shared host, so this isn’t optional.
  • Homebrew
    # Install Homebrew.
        ruby -e “$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)”
  • Git
    #Install Git with Homebrew
       brew install git
  • Ansible
    # Install Ansible with Homebrew
    brew install ansible
  • Composer
    # Install Composer with Homebrew
    brew install composer

Part 1: To install Trellis

To get started, we’ll need to download Trellis from GitHub.

Step 1: For the site, create a new directory.

# Move into the directory where where you keep dev projects.
cd ~/dev/code.lengstorf.com/projects/
# Create a new directory for this project
mkdir learn-trellis
# Move into the new directory.
cd learn-trellis/

Step 2: Get a copy of Trellis to manage environments and deployment.

We don’t need the Trellis repo information since we wish to monitor our copy of Trellis as its own project. We can acquire only the most recently committed version by adding —depth=1 to the clone command (avoiding a lot of wasted bandwidth downloading the commit history). Next, in order to have our own Git project, we remove the.git directory.

# Clone Trellis, but without all the Git history.
git clone –depth=1 git@github.com:roots/trellis.git
# Delete the `.git` file so we can have our own Git repo.
rm -rf trellis/.git

Step 3: Installation of Ansible dependencies.

Galaxy is a collection of community roles that houses thousands of roles. Trellis need several of them to configure a WordPress server, therefore we must install them.

# Move into the Trellis directory
cd trellis/
# Install the Ansible dependencies for Trellis.
ansible-galaxy install -r requirements.yml

Part 2: Install Bedrock

Step 1: Download a copy of Bedrock to restructure WordPress’s file structure.

We want to acquire a copy of Bedrock without the Git repository, much like we did with Trellis. So we clone shallowly and then delete the.git folder.

# Move back into the project root.
cd ..
# Clone Bedrock to the `site` directory.
git clone –depth=1 git@github.com:roots/bedrock.git site
# Remove the `.git` file so we can have our own Git repo.
rm -rf site/.git

Part 3: Configuration of Development Site

When we have installed all of the necessary components, we can begin setting our development site, which will operate on our PC.

Step 1: Add site details to wordpress_sites.yml.

In your editor, Open trellis/group_vars/development/wordpress_sites.yml:
# Documentation: https://roots.io/trellis/docs/local-development-setup/
# `wordpress_sites` options: https://roots.io/trellis/docs/wordpress-sites
# Define accompanying passwords/secrets in group_vars/development/vault.yml
wordpress_sites:
example.com:
site_hosts:
– canonical: example.dev
redirects:
– www.example.dev
local_path: ../site # path targeting local Bedrock site directory (relative to Ansible root)
admin_email: admin@example.dev
multisite:
enabled: false
ssl:
enabled: false
provider: self-signed
cache:
enabled: false
If you’re unfamiliar with YAML, it’s a popular approach to describe data, since it is indentation-based, the default file produces a wordpress sites object, which has an example.com object that stores configuration properties (for example, site hosts).
As a general guideline, use the production domain name as a key.
With that in mind, let’s get started by editing wordpress sites.yml as follows:
wordpress_sites:
+ roots.code.lengstorf.com:
site_hosts:
+ – canonical: roots.dev
– redirects:
– – www.example.dev
local_path: ../site # path targeting local Bedrock site directory (relative to Ansible root)
+ admin_email: jason@lengstorf.com
multisite:
enabled: false
ssl:
enabled: false
provider: self-signed
cache:
enabled: false
I’ll be deploying the site to the roots.code.lengstorf.com production domain, so that’s my site key. We’ll use roots.dev as the URL for local development, and we don’t need the redirects here, so we may delete them.
Eventually, the admin email was adjusted.
We’re ready to go now that we’ve saved the adjustments.

Step 2: Adding credentials to vault.yml.

Next, we’ll open trellis/group_vars/development/vault.yml:
# Documentation: https://roots.io/trellis/docs/vault/
vault_mysql_root_password: devpw
# Variables to accompany `group_vars/development/wordpress_sites.yml`
# Note: the site name (`example.com`) must match up with the site name in the above file.
vault_wordpress_sites:
example.com:
admin_password: admin
env:
db_password: example_dbpassword

We can see that the site key is example.com, which has to be updated.
We must also edit admin password, which is the password we will use to access the WordPress dashboard.
Next, we’ll create strong passwords for the MySQL root user and database access for the site.
Change the following in vault.yml:
# Documentation: https://roots.io/trellis/docs/vault/
+ vault_mysql_root_password: “xy&G6o2kKH$#AFz247N.”

# Variables to accompany `group_vars/development/wordpress_sites.yml`
# Note: the site name (`example.com`) must match up with the site name in the above file.
vault_wordpress_sites:
+ roots.code.lengstorf.com:
+ admin_password: “DM93zj,o29KjT/bh$8G$”
env:
+ db_password: “qP42q2*?hjt.P+x7Bzc6”
Save these changes
We are ready to fire up a local development box.

Part 4: Using Vagrant, Start a Local Instance of the WordPress Site

Step 1: Start with the development site.

To start the development site, it’s one simple command:
vagrant up
It will take 5-10 minutes the first time you run this. This is because Vagrant needs to download and configure all of the components needed to get the system up and running. After the first run, many dependencies will be cached, making subsequent vagrant up calls substantially faster.

Step 2: On your local machine, Check the development site.

After Vagrant is finished, we can access the dev site by going to http://roots.dev/ in our browser.
Our WordPress site’s local instance.

Step 3: Logging into the WordPress dashboard.

To access the WordPress dashboard, navigate to http://roots.dev/wp/wp-admin/ in your browser and enter the admin password you created previously in vault.yml.
After signing in, the WordPress dashboard appears.

Part 5: Configure a Production Server

Step 1: Update hosts/production.

We need to add the IP address of the production server to trellis/hosts/production to inform Trellis where it is.

# Add each host to the [production] group and to a “type” group such as [web] or [db].
# List each machine only once per [group], even if it will host multiple sites.
[production]
your_server_hostname
[web]
your_server_hostname
Make the following edits:
# Add each host to the [production] group and to a “type” group such as [web] or [db].
# List each machine only once per [group], even if it will host multiple sites.
[production]
+ 162.243.171.188
[web]
+ 162.243.171.188

Step 2: Enable free SSL and caching for production.

Setting up the production site setup is very identical to setting up the development site, with the exception of a few extra security options. They may be added by changing trellis/group vars/production/wordpress sites.yml:
# Documentation: https://roots.io/trellis/docs/remote-server-setup/
# `wordpress_sites` options: https://roots.io/trellis/docs/wordpress-sites
# Define accompanying passwords/secrets in group_vars/production/vault.yml
wordpress_sites:
example.com:
site_hosts:
– canonical: example.com
redirects:
– www.example.com
local_path: ../site # path targeting local Bedrock site directory (relative to Ansible root)
repo: git@github.com:example/example.com.git # replace with your Git repo URL
repo_subtree_path: site # relative path to your Bedrock/WP directory in your repo
branch: master
multisite:
enabled: false
ssl:
enabled: false
provider: letsencrypt
cache:
enabled: false
Inside, make the following edits:

# Documentation: https://roots.io/trellis/docs/remote-server-setup/
# `wordpress_sites` options: https://roots.io/trellis/docs/wordpress-sites
# Define accompanying passwords/secrets in group_vars/production/vault.yml
wordpress_sites:
+ roots.code.lengstorf.com:
site_hosts:
+ – canonical: roots.code.lengstorf.com
– redirects:
– – www.example.com
local_path: ../site # path targeting local Bedrock site directory (relative to Ansible root)
+ repo: git@github.com:jlengstorf/roots.code.lengstorf.com.git # replace with your Git repo URL
repo_subtree_path: site # relative path to your Bedrock/WP directory in your repo
branch: master
multisite:
enabled: false
ssl:
+ enabled: true
provider: letsencrypt
cache:
+ enabled: true
In addition to the URL, we tell Trellis where to get the source code with the repo option, and we enable SSL and caching for a quicker, more secure site.

Step 3: Adding security settings to vault.yml.

In addition to the URL, we use the repo option to tell Trellis where to acquire the source code, and we set SSL and caching for a faster, more secure site.
# Documentation: https://roots.io/trellis/docs/vault/
vault_mysql_root_password: productionpw
# Documentation: https://roots.io/trellis/docs/security/
vault_users:
– name: ‘{{ admin_user }}’
password: example_password
salt: ‘generateme’
# Variables to accompany `group_vars/production/wordpress_sites.yml`
# Note: the site name (`example.com`) must match up with the site name in the above file.
vault_wordpress_sites:
example.com:
env:
db_password: example_dbpassword
# Generate your keys here: https://roots.io/salts.html
auth_key: ‘generateme’
secure_auth_key: ‘generateme’
logged_in_key: ‘generateme’
nonce_key: ‘generateme’
auth_salt: ‘generateme’
secure_auth_salt: ‘generateme’
logged_in_salt: ‘generateme’
nonce_salt: ‘generateme’
Changes need to be done as mentioned below:
# Documentation: https://roots.io/trellis/docs/vault/
+ vault_mysql_root_password: “z3Q6m3x8y?j@k&3+xuBq”
# Documentation: https://roots.io/trellis/docs/security/
vault_users:
– name: “{{ admin_user }}”
+ password: “vH.827WQ2,t9?vyZyuB@”
+ salt: “jRMB764/EpB+,j(hvL98”
# Variables to accompany `group_vars/production/wordpress_sites.yml`
# Note: the site name (`example.com`) must match up with the site name in the above file.
vault_wordpress_sites:
+ roots.code.lengstorf.com:
env:
+ db_password: “#RLLE3)h9z9RDMT6d/4%”
# Generate your keys here: https://roots.io/salts.html
+ auth_key: “&/qSrw23*@HeP2Kk#{^Ntx[!N>7#IdA=pCtI5gkpfgnn8{gDQ]2PQye]OkI.-p9f”
+ secure_auth_key: “LwX}3v}-P72LyH<o+kK&&M]^F3/#*&[um5$OiV@v:b!052Kaq%b]OQy=$@7F>=fF”
+ logged_in_key: “k+;dLHoBtR)5Y4VfyxMmm(fKp+Z<Uy]1PZvS_f#o`xGy7e=GNN1BEkd11s035t1:”
+ nonce_key: “!7#7ow=)d17Y[RlzSVA)_?GH<.e7-|SvD*&|;_5Y7)J@w]Dl,Q9_o!hUP8]G]n.k”
+ auth_salt: “G)0!0Z?MGKS?K,s$03=4e5Xu+[l:hw|X5Llr^H.e#[^Yd*m[)uOBYLh9/Zdwp{ir”
+ secure_auth_salt: “<tXa0,1PN;4}]VkkY|-[B$`AGi]KT{z5H:F/0EtFCBJ,KE/j%(5[.$pZ<1WP8y<I”
+ logged_in_salt: “lT*P7xsVeh=f}u9?b#F>4h8dY?]?>t{5cXby=jziz:1!o,gGO#z*lIw|[#y%,/SN”
+ nonce_salt: “BZqsYn4aC}?z@`HSi22n]z$qw>?2Y^$>M:PZ1eMHj*ucI)rnYi1jKld3):n/|1(5”

Step 4: Encrypt sensitive data with Ansible Vault.

While committing plain text credentials in a repo is usually a poor idea, we’ll utilise Ansible’s built-in encryption to protect passwords and other sensitive data.
To do this, we generate a password that will only be saved on our computer and will be used by Ansible to decrypt the files. Trellis is already set to disregard passwords, so someone would need to physically enter our machine to obtain the credentials.

Step 5: Creating a password for encrypting and decrypting files.

Firstly we need to create a new file at trellis/.vault_pass:
# Make sure we’re in the `trellis/` directory
pwd
# Output => /Users/jlengstorf/dev/code.lengstorf.com/projects/learn-trellis/trellis
# Create a new file called `.vault_pass`
touch .vault_pass
add a strong password after opening trellis/.vault_pass for editing, then:
Z+6Cm>TaofG=[379sED6

Save the file and close.

Step 6: To use the vault password, Update the Ansible config.

Add the highlighted line after opening trellis/ansible.cfg for editing:
[defaults]
callback_plugins = ~/.ansible/plugins/callback_plugins/:/usr/share/ansible_plugins/callback_plugins:lib/trellis/plugins/callback
stdout_callback = output
filter_plugins = ~/.ansible/plugins/filter_plugins/:/usr/share/ansible_plugins/filter_plugins:lib/trellis/plugins/filter
force_color = True
force_handlers = True
inventory = hosts
nocows = 1
roles_path = vendor/roles
vars_plugins = ~/.ansible/plugins/vars_plugins/:/usr/share/ansible_plugins/vars_plugins:lib/trellis/plugins/vars
+ vault_password_file = .vault_pass

[ssh_connection]
ssh_args = -o ForwardAgent=yes -o ControlMaster=auto -o ControlPersist=60s
Rather than prompting for the vault password, this instructs Ansible where to search for it.

Step 7: Use ansible-vault for encrypting the files.

To encrypt the files, use the following command:
The output is a garbled mass of shit. This is a good thing — it means it’s encrypted. Here’s a snippet of what the encrypted file looks like:
$ANSIBLE_VAULT;1.1;AES256
62343434643862366430393366333661306366363937623561323637363033353366636134336230
3765633530336234393636306130346434333239636532650a336235356564303133303562626462
35363437383263653830313766646463646164303338626666366130396161383930373963613066
3366313862333134620a356563656432306335636331633063653163626638306532666335306239

Conclusion:

Thanks to the power of Trellis and its automated WordPress deployment process, we can now easily and quickly deploy WordPress websites while providing secure and free SSL certificates. Trellis offers a reliable, secure, and automated solution for any and all WordPress website needs.
From the initial setup process to the automated deployment of WordPress websites and their secure SSL certificates, In addition to being a straightforward and automated solution, Trellis also offers a secure and free SSL certificate for each of your WordPress websites. This feature is especially beneficial for those who want to keep their website and its data safe, while still ensuring that it is accessible to anyone who visits it.
Overall, Trellis provides an excellent way to quickly and securely deploy WordPress websites, while providing a secure and free SSL certificate. This makes it the perfect solution for anyone who needs an automated, secure, and reliable deployment process for their WordPress websites.

0
Afreen Khalfe

Afreen Khalfe

A professional writer and graphic design expert. She loves writing about technology trends, web development, coding, and much more. A strong lady who loves to sit around nature and hear nature’s sound.

Add comment