This repository is all you need to have your own Wordpress site (or sites) running behind Traefik proxy with free autorenewal wildcard certificate from Let's Encrypt. And all of it with the power of Docker and the scalability provided by Docker Swarm.
- ONE server, i.e. an EC2 instance on AWS.
- ONE MySQL database, i.e. an RDS instance on AWS. However, this is not really mandatory as you can have another container that runs MySQL. See the official Worpress Docker Hub image for instructions.
- Docker installed on the server.
- A domain registered, i.e. Route53.
Clone this repository and change the files accordingly with the appropriate values, like:
- Domain.
- Passwords.
- Docker network, volumes and secrets.
- Wordpress configuration values: database host, name, username, etc.
- Traefik labels.
The Traefik proxy and the Worpress (or any other webapp) must be under the same virtual network. So, before running the containers create the network by running:
# For local development
docker network create <YOUR_NETWORK>
# For production (Swarm mode)
docker network create --driver overlay <YOUR_NETWORK>
This is the Traefik configuration file and it contains self-explanatory comments for each section.
For local development, the Staging CA Server from Let's Encrypt can be used. To do so, add the following line under [acme]
section:
[acme]
...
caServer="https://acme-staging-v02.api.letsencrypt.org/directory"
For more information visit:
- https://docs.traefik.io/v1.0/toml/
- Examples: https://docs.traefik.io/user-guide/examples/
- Let's Encrypt configuration: https://docs.traefik.io/configuration/acme/
This Compose file creates a container (or stack/service if using Swarm) with Traefik proxy running and listening on ports 80 and 443 - although all traffic on port 80 is redirected to port 443. Then, in turns, the traffic is redirected to the appropriate containers with the applications using the labels
.
Before running this file, update the values for:
- Docker network.
- Traefik labels.
This file makes the monitoring UI available at the URL defined in the traefik.frontend.rule
label via HTTPS.
This Compose file contains all the configuration required to create a container (or stack/service if using Swarm) with the selected version of Worpress.
Before running this file, update the values for:
- Version of Worpress.
- Wordpress environment.
- Docker network, volumes and secrets.
- Traefik labels.
This empty file will contain the certificates generated from Let's Encrypt once the containers have started. It needs specific file permissions for security so, once cloned, run:
sudo chmod 600 acme.json
Once the Traefik configuration file and the Compose files have been modified accordingly, start the containers by running the following commands:
# ----- For local development -----
# Start Traefik container
docker-compose -f traefik-docker-compose.yml up
# Start your Wordpress container
docker-compose -f yourwp-docker-compose.yml up
# ----- For production (Swarm mode) -----
# Enable Swarm
docker swarm init
# Start Traefik container
docker stack deploy -c traefik-docker-compose.yml proxy
# Start your Wordpress container
docker stack deploy -c yourwp-docker-compose.yml yourwp
Note that you can start as many Wordpress (or other webapps) as you want by cloning the Compose file and modifying accordingly.
You can also use the power of Docker Swarm to create replicas of the Wordpress containers across multiple hosts to scale out.
Once the containers have started you can visit both the monitoring built-in Traefik dashboard and the Wordpress site.
The following blogs are have been powered as described above:
You need to make sure that your DNS provider, i.e. Route53, has a CAA record to allow Let's Encrypt to issue a certificate. In this case, as we are using a wildcard certificate, make sure to create CAA record with the following value.
0 issuewild letsencrypt.org
For full info visit https://letsencrypt.org/docs/caa/
Code copyright 2018. Code released under the MIT License.