This presentation will discuss how we use Docker to improve our development and deployment of WordPress sites. The presentation describes how themes and plugins can be developed locally and then packaged into a Docker container. A Jenkins pipeline is used with Git to automatically run a build and deploy the new WordPress container onto a test server where automated Selenium scripts are executed. Based on the results of the tests the container is tagged as a production candidate. A deployment pipeline is then used to execute a Blue-Green deployment on the latest update to production. Once the deployment is proven to work through automated testing the router is switched to the new deployment. The overall process helps reduce the risk of production updates to WordPress, themes, and plugins as well as reduce security concerns caused by randomly installing plugins by users. The presentation will also discuss strategies for running a WordPress database both outside and inside of a Docker container. It will discuss the pros and cons of each approach.
Presentation given at Salt Lake City WordCamp 2019, Oct 12, 2019. (https://2019.slc.wordcamp.org/).
3. Career Background
• Independent Software Developer & Entrepreneur
• Promoting open source and technology
• Currently: Contractor for State of Utah - DTS/DWS
• Helping Migrate to Open Source Eligibility System
• WordPress Development last 7 years
• Organizer for SLC DevOps Days and DevOpsUT Meetup
3
4. Development Interests
• Enterprise Java Development - Spring Cloud
• Mobile Development
• Ionic Mobile Framework
• Chatbots for Alexa, Google Home, FB Messenger
• WordPress REST API integration
• WordPress Hosting and Deployments
4
5. Current Tech Interests
• Entrepreneur helping small businesses
• Mobile business apps
• Website hosting
• Software Recruiter
• Helping developers gain their independence
• Development training
• Programming, DevOps, Testing
5
13. Docker Containers Intro
• Standard unit of software
• Packages code and dependencies together
• Minimal amount necessary to run
• Run quickly and reliably
• Containers are ephemeral (disposable)
• Pets vs Cattle
16. How Containers Can Help
• WordPress updates are easier and more frequent
• Consistent deployments to Dev, Test, and Prod
• Lock down plugins and themes
• Containers are ephemeral (short lasting) - any changes
to running container are temporary.
16
18. The Approach
• Create consistent WordPress environment
• Dev, Test, and Prod
• Started 2 years ago and evolved as needed
• Many ways to solve the same problem
• More WP containers available today
18
19. Technologies Used
• Docker: creates WordPress containers
• Docker Compose: integrates dependent services
• Nginx: Reverse proxy and TLS/SSL certificates hosting
• WordPress Site Container (Primary)
• WP Offload Media Light Amazon S3 and Cloudfront
• MySQL Database
• PhpMyAdmin container (development only)
• Kubernetes (future deployments)
19
20. Solution: Three Containers
• WordPress Base Container
• WordPress CLI Container
• Nginx container
• WordPress Site Container (Primary)
20
21. Layered Diagram Here
Php:fpm Image
wp-base
wp-cli
wp-nginx
wp-site
Each layer inherits
from the image above
Primary container
Smaller layers == faster
deployments
22. WordPress Base Container
• Depends on php:fpm (FastCGI Process Manage)
• Installs PHP extensions and makes php settings
• Downloads WordPress version (e.g. 5.2.x)
• Unpacks WordPress and sets file permission
• Sets up Docker env variables
• WORDPRESS_DB_NAME, USER, PASSWORD, HOST
• WP_DEBUG settings
22
23. Dockerfile: Base Container
ENV WORDPRESS_VERSION 5.2.3
ENV WORDPRESS_SHA1 5efd37148788f3b14b295b2a9bf48a1a467aa303
# upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress
RUN curl -o wordpress.tar.gz -SL https://wordpress.org/wordpress-$
{WORDPRESS_VERSION}.tar.gz
&& echo "$WORDPRESS_SHA1 *wordpress.tar.gz" | sha1sum -c -
&& tar -xzf wordpress.tar.gz -C /usr/src/
&& rm wordpress.tar.gz
&& chown -R www-data:www-data /usr/src/wordpress
# extract wordpress on build
RUN tar cf - --one-file-system -C /usr/src/wordpress . | tar xf -
23
24. WordPress CLI Container
• Depends on WordPress base container
• Downloads current wpcli tool
• Sets file permissions for utility
24
25. WordPress Nginx Container
• Depends on wp-stateless-cli image
• Downloads nginx libraries
• Sets configurations for nginx
• Sets permissions to run nginx
25
27. WordPress Site Container
• Depends on wp-stateless-nginx image
• Sets memory, upload_max_filesize, etc
• Adds default and custom plugins to image
• Adds custom theme to image
27
28. Dockerfile: Site Container
RUN /plugins.sh /plugins/base
RUN /plugins.sh /plugins/security
# Delete Plugins script and plugin installation folder
RUN rm /plugins.sh && rm /plugins -r
# ADD OWN CUSTOM PLUGINS
ADD ./plugins/my-plugin /var/www/html/wp-content/plugins/my-plugin
##############################################################################################
# WORDPRESS Divid Theme Setup
##############################################################################################
COPY ./themes/Divi.zip /var/www/html/wp-content/themes
RUN unzip /var/www/html/wp-content/themes/Divi.zip -d /var/www/html/wp-content/themes
&& chown -R www-data:www-data /var/www/html/wp-content/themes
&& rm /var/www/html/wp-content/themes/Divi.zip
28
29. Developer Process
• Works with local wp-stateless-site repo
• Mounts local volume for development
• my-plugin directory
• my-theme directory
• Tests locally
• Commits changes into develop branch
• Push changes to remote Git server
29
30. Build Process
• Jenkins polls for repo changes
• Runs the build for wp-stateless-site
• Adds plugins
• Adds themes
• Pushes images to docker hub
• Pipeline runs script to deploy to test environment
• Runs automated selenium tests
30
37. Deployment Pipeline
• Jenkins polls for repo changes
• Runs the build for wp-stateless-site
• Adds plugins
• Adds themes
• Pushes images to docker hub
• Pipeline runs script to deploy to test environment
• Runs automated selenium tests
37
38.
39. Blue/Green Deployments
• Blue environment is live
• Push new deployment to Green env
• Test Green environment
• Deployment verified switch to Green
• No downtime for customers
42. Stateless Vs Traditional
1. Image is ephemeral/immutable
(doesn’t change)
2. Software is built and deployed
3. All environments have exactly
same software
4. Production is not a testing
environment
42
1. Setup repeated for each
environment
2. Differences between
environments
3. Production is a testing
environment
Stateless WP Traditional WP
43. WordPress Development Evolution
• WordPress Headless CMS
• Gutenberg Blocks
• ReactJS
• More integration requires standardized
build and deployments
44. Database Persistence
• Containers should be ephemeral
• Databases are persistent and changing
• Docker volumes can work
• Recommended: Use DB services outside
of containers
47. Containers: Pros and Cons
• Pros
• Docker can improve WordPress Development and
Deployments
• Docker can help improve security
• Cons
• Lose some production flexibility
• Solution is not trivial
48. References
• WordPress Security Concerns
• https://sucuri.net/reports/2018-hacked-website-report/
• Docker Images
• https://cloud.docker.com/u/brettgpalmer/repository/
list
• Original Idea from Michael Haessig (2017)
• https://github.com/michaelhaessig/wordpress-
stateless