Creating a WordPress website with a MySQL® database cluster using Terraform
To create an infrastructure for a WordPress website with a MySQL® database cluster using Terraform:
To set up a WordPress website with a MySQL® cluster:
- Prepare your cloud.
- Create an infrastructure.
- Configure Nginx web server.
- Install WordPress and additional components.
- Complete WordPress configuration.
- Test the website.
If you no longer need the resources you created, delete them.
Prepare your cloud
Sign up for Yandex Cloud and create a billing account:
- Go to the management console
and log in to Yandex Cloud or create an account if you do not have one yet. - On the Yandex Cloud Billing
page, make sure you have a billing account linked and it has theACTIVE
orTRIAL_ACTIVE
status. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page
Learn more about clouds and folders.
Required paid resources
The cost of hosting your WordPress website with a MySQL® cluster includes:
- Fee for a continuously running VM (see Yandex Compute Cloud pricing).
- Fee for a MySQL® DB cluster (see Yandex Managed Service for MySQL® pricing).
- Fee for using a dynamic or static external IP address (see Yandex Virtual Private Cloud pricing).
- Fee for public DNS queries and DNS zones (see Yandex Cloud DNS pricing).
Create an infrastructure
Terraform
For more information about the provider resources, see the documentation on the Terraform
If you change the configuration files, Terraform automatically detects which part of your configuration is already deployed, and what should be added or removed.
To create an infrastructure using Terraform:
-
Install Terraform, get the authentication credentials, and specify the source for installing the Yandex Cloud provider (see Configure a provider, step 1).
-
Prepare files with the infrastructure description:
Ready-made archiveManually- Create a directory for files.
- Download the archive
(1 KB). - Unpack the archive to the directory. The
wordpress-mysql.tf
file should be added to the directory.
-
Create a directory for files.
-
Create the
wordpress.tf
configuration file in the directory:wordpress-mysql.tf
terraform { required_providers { yandex = { source = "yandex-cloud/yandex" version = ">= 0.47.0" } } } provider "yandex" { zone = "ru-central1-a" } resource "yandex_compute_disk" "boot-disk" { name = "bootvmdisk" type = "network-hdd" zone = "ru-central1-a" size = "20" image_id = "<image_ID>" } resource "yandex_compute_instance" "vm-wordpress-mysql" { name = "wp-mysql-tutorial-web" platform_id = "standard-v3" zone = "ru-central1-a" resources { core_fraction = 20 cores = 2 memory = 2 } boot_disk { disk_id = yandex_compute_disk.boot-disk.id } network_interface { subnet_id = yandex_vpc_subnet.subnet-1.id security_group_ids = ["${yandex_vpc_security_group.sg-1.id}"] nat = true } metadata = { ssh-keys = "<username>:<SSH_key_contents>" } } resource "yandex_mdb_mysql_cluster" "wp-cluster" { name = "wp-mysql-tutorial-db-cluster" environment = "PRESTABLE" network_id = yandex_vpc_network.network-1.id version = "8.0" security_group_ids = ["${yandex_vpc_security_group.sg-1.id}"] resources { resource_preset_id = "s2.small" disk_type_id = "network-ssd" disk_size = "10" } host { zone = "ru-central1-a" subnet_id = yandex_vpc_subnet.subnet-1.id assign_public_ip = false } host { zone = "ru-central1-b" subnet_id = yandex_vpc_subnet.subnet-2.id assign_public_ip = false } host { zone = "ru-central1-d" subnet_id = yandex_vpc_subnet.subnet-3.id assign_public_ip = false } } resource "yandex_mdb_mysql_database" "wp-db" { cluster_id = yandex_mdb_mysql_cluster.wp-cluster.id name = "wp-mysql-tutorial-db" } resource "yandex_mdb_mysql_user" "wp-user" { cluster_id = yandex_mdb_mysql_cluster.wp-cluster.id name = "wordpress" password = "password" authentication_plugin = "MYSQL_NATIVE_PASSWORD" permission { database_name = yandex_mdb_mysql_database.wp-db.name roles = ["ALL"] } } resource "yandex_vpc_security_group" "sg-1" { name = "wordpress" description = "Description for security group" network_id = yandex_vpc_network.network-1.id ingress { protocol = "TCP" description = "ext-http" v4_cidr_blocks = ["0.0.0.0/0"] port = 80 } ingress { protocol = "TCP" description = "ext-ssh" v4_cidr_blocks = ["0.0.0.0/0"] port = 22 } ingress { protocol = "TCP" description = "ext-msql" v4_cidr_blocks = ["0.0.0.0/0"] port = 3306 } ingress { protocol = "TCP" description = "ext-https" v4_cidr_blocks = ["0.0.0.0/0"] port = 443 } egress { protocol = "ANY" description = "any" v4_cidr_blocks = ["0.0.0.0/0"] } } resource "yandex_vpc_network" "network-1" { name = "network1" } resource "yandex_vpc_subnet" "subnet-1" { name = "subnet1" zone = "ru-central1-a" network_id = yandex_vpc_network.network-1.id v4_cidr_blocks = ["192.168.1.0/24"] } resource "yandex_vpc_subnet" "subnet-2" { name = "subnet2" zone = "ru-central1-b" network_id = yandex_vpc_network.network-1.id v4_cidr_blocks = ["192.168.2.0/24"] } resource "yandex_vpc_subnet" "subnet-3" { name = "subnet3" zone = "ru-central1-d" network_id = yandex_vpc_network.network-1.id v4_cidr_blocks = ["192.168.3.0/24"] } resource "yandex_dns_zone" "zone-1" { name = "example-zone-1" description = "Public zone" zone = "example.com." public = true } resource "yandex_dns_recordset" "rs-1" { zone_id = yandex_dns_zone.zone-1.id name = "example.com." ttl = 600 type = "A" data = ["${yandex_compute_instance.vm-wordpress-mysql.network_interface.0.nat_ip_address}"] } resource "yandex_dns_recordset" "rs-2" { zone_id = yandex_dns_zone.zone-1.id name = "www" ttl = 600 type = "CNAME" data = ["example.com"] }
For more information about the parameters of resources used in Terraform, see the provider documentation:
- Network: yandex_vpc_network
- Subnets: yandex_vpc_subnet
- Security groups: yandex_vpc_security_group
- VM instance: yandex_compute_instance
- MySQL® cluster: yandex_mdb_mysql_cluster
- PostgreSQL DB: yandex_mdb_mysql_database
- DB user — yandex_mdb_mysql_user
- DNS zone: yandex_dns_zone
- DNS resource record: yandex_dns_recordset
-
Under
metadata
, enter the metadata for creating a VM instance:<username>:<SSH_key_contents>
. Regardless of the username specified, the key is assigned to the user set in the image configuration. Such users vary depending on an image. For more information, see Keys processed in public images. -
Under
boot_disk
, specify the ID of a VM image with a relevant set of components: -
Create resources:
-
In the terminal, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using the command:
terraform validate
If the configuration is correct, the following message is returned:
Success! The configuration is valid.
-
Run the command:
terraform plan
The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
in the terminal and press Enter.
-
After creating the infrastructure, configure the Nginx web server.
Configure the Nginx web server
After the wp-mysql-tutorial-web
VM's status changes to RUNNING
:
-
Under Network on the VM page in the management console
, find the VM's public IP address. -
Connect to the VM via SSH. You can use the
ssh
utility in Linux or macOS, or PuTTY in Windows.The recommended authentication method when connecting over SSH is using a key pair. Make sure to configure the generated key pair so that the private key matches the public key sent to the VM.
-
Install Nginx, PHP-FPM process manager, and additional packages:
Debian/UbuntuCentOSsudo apt-get update sudo apt-get install -y nginx-full php-fpm php-mysql sudo systemctl enable nginx
sudo yum -y install epel-release sudo yum -y install nginx sudo rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm sudo yum -y --enablerepo=remi-php74 install php php-mysql php-xml php-soap php-xmlrpc php-mbstring php-json php-gd php-mcrypt sudo yum -y --enablerepo=remi-php74 install php-fpm sudo systemctl enable nginx sudo systemctl enable php-fpm
-
Use the Nginx configuration files to configure the web server:
Debian/UbuntuCentOS-
You can edit files in the
nano
editor:sudo nano /etc/nginx/sites-available/wordpress
-
Edit the file as follows:
server { listen 80 default_server; root /var/www/wordpress; index index.php; server_name <DNS-server_name>; location / { try_files $uri $uri/ =404; } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
-
Allow launching your site:
sudo rm /etc/nginx/sites-enabled/default sudo ln -s /etc/nginx/sites-available/wordpress /etc/nginx/sites-enabled/
You can edit the files
nginx.conf
andwordpress.conf
in thenano
editor:-
Open
nginx.conf
:sudo nano /etc/nginx/nginx.conf
-
Edit the file as follows:
user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; include /etc/nginx/mime.types; default_type application/octet-stream; include /etc/nginx/conf.d/*.conf; }
-
Open
wordpress.conf
:sudo nano /etc/nginx/conf.d/wordpress.conf
-
Edit the file as follows:
server { listen 80 default_server; root /usr/share/nginx/wordpress/; index index.php; server_name <DNS-server_name>; location / { try_files $uri $uri/ =404; } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
-
Install WordPress and additional components
-
Download and unpack the latest WordPress version:
Debian/UbuntuCentOSwget https://wordpress.org/latest.tar.gz tar -xzf latest.tar.gz mv wordpress/wp-config-sample.php wordpress/wp-config.php sudo mv wordpress /var/www/wordpress sudo chown -R www-data:www-data /var/www/wordpress
curl https://wordpress.org/latest.tar.gz --output latest.tar.gz tar -xzf latest.tar.gz mv wordpress/wp-config-sample.php wordpress/wp-config.php sudo mv wordpress /usr/share/nginx/wordpress sudo chown -R nginx:nginx /usr/share/nginx/wordpress/
Change the SELinux settings:
sudo semanage fcontext -a -t httpd_sys_content_t "/usr/share/nginx/wordpress(/.*)?" sudo semanage fcontext -a -t httpd_sys_rw_content_t "/usr/share/nginx/wordpress(/.*)?" sudo restorecon -R /usr/share/nginx/wordpress sudo setsebool -P httpd_can_network_connect 1
-
Get WordPress security keys:
curl -s https://api.wordpress.org/secret-key/1.1/salt/
Save the command output. You will need the keys in the next step.
-
Add the security keys to the WordPress configuration file
wp-config.php
. You can edit files in thenano
editor:Debian/UbuntuCentOSsudo nano /var/www/wordpress/wp-config.php
sudo nano /usr/share/nginx/wordpress/wp-config.php
Replace the configuration section for the values from the previous step:
define('AUTH_KEY', 't vz,|............R lZ5]'); define('SECURE_AUTH_KEY', '@r&pPD............dK-A%='); define('LOGGED_IN_KEY', '%6TuLl............9>/dNE'); define('NONCE_KEY', 'DO(u.H............$?ja-e'); define('AUTH_SALT', '|G Vo<............Xeb.~y'); define('SECURE_AUTH_SALT', 'Y5tIYA............7Lxf8J'); define('LOGGED_IN_SALT', 'gR]>WZ............<>|;YY'); define('NONCE_SALT', '=]nQIb............HLT2:9');
-
Go to the cluster connection configuration section
wp-mysql-tutorial-db-cluster
:// ** MySQL® settings - You can get this info from your web host. ** // /** The name of the database for WordPress. */ define( 'DB_NAME', '<DB_NAME>' ); /** MySQL® database username. */ define( 'DB_USER', '<DB_USER>' ); /** MySQL® database password. */ define( 'DB_PASSWORD', '<DB_PASSWORD>' ); /** MySQL® hostname. */ define( 'DB_HOST', '<DB_HOST>' );
Replace the placeholders in the file:
-
<DB_NAME>
: DB name,wp-mysql-tutorial-db
. -
<DB_USER>
:wordpress
username. -
<DB_PASSWORD>
: Password you set when creating a database cluster. -
<DB_HOST>
: MySQL® host name inXXXX-XXXXXXXXXX.mdb.yandexcloud.net
format.To find out the FQDN of your MySQL® host:
Management consoleCLI- Go to the MySQL® cluster page in the management console
. - On the Databases tab next to the DB, click
→ Connect. - Locate the
mysql --host=ХХХХ-ХХХХХХХХХХ.mdb.yandexcloud.net
line, whereХХХХ-ХХХХХХХХХХ.mdb.yandexcloud.net
is the FQDN of theMASTER
host.
Get a host list and copy the
NAME
of theMASTER
host:yc managed-mysql host list --cluster-name <MySQL®_cluster_name>
+------------------------+----------------------+---------+--------+-------------------+-----------+ | NAME | CLUSTER ID | ROLE | HEALTH | ZONE ID | PUBLIC IP | +------------------------+----------------------+---------+--------+-------------------+-----------+ | rc1a-...mdb.yandexcloud.net | c9quhb1l32unm1sdn0in | MASTER | ALIVE | ru-central1-a | false | | rc1b-...mdb.yandexcloud.net | c9quhb1l32unm1sdn0in | REPLICA | ALIVE | ru-central1-b | false | +------------------------+----------------------+---------+--------+-------------------+-----------+
- Go to the MySQL® cluster page in the management console
-
-
Restart Nginx and PHP-FPM:
Debian/UbuntuCentOSsudo systemctl restart nginx.service sudo systemctl restart php7.4-fpm.service
sudo systemctl restart nginx.service sudo systemctl restart php-fpm.service
Complete WordPress configuration
- Under Network on the VM page in the management console
, find the VM's public IP address. - Open the VM by entering its address in your browser.
- Select the language and click Continue.
- Fill out information to access the website:
- Enter any website name, for example,
wp-your-project
. - Specify the username to be used to log in to the admin panel (for example,
admin
). - Enter the password to be used to log in to the admin panel.
- Enter your email address.
- Enter any website name, for example,
- Click Install WordPress.
- If the installation is successful, click Log in.
- Log in to the website with the username and password specified in the previous steps. This will open the admin panel where you can start working with your website.
Test the website
To test the site, enter its IP address or domain name in your browser:
http://<public_IP_of_VM>
http://www.example.com
To access the WordPress control panel, use http://www.example.com/wp-admin/
.
How to delete the resources you created
To stop paying for the resources you created:
-
Open the
single-node-file-server.tf
configuration file and delete from it the description of the infrastructure you created. -
Apply the changes:
-
In the terminal, change to the folder where you edited the configuration file.
-
Make sure the configuration file is correct using the command:
terraform validate
If the configuration is correct, the following message is returned:
Success! The configuration is valid.
-
Run the command:
terraform plan
The terminal will display a list of resources with parameters. No changes are made at this step. If the configuration contains errors, Terraform will point them out.
-
Apply the configuration changes:
terraform apply
-
Confirm the changes: type
yes
in the terminal and press Enter.
-