This presentation will discuss how we use Docker to improve our development and deployment of WordPress sites. The presentation describes how themes and plugins can be developed locally and then packaged into a Docker container. A Jenkins pipeline is used with Git to automatically run a build and deploy the new WordPress container onto a test server where automated Selenium scripts are executed. Based on the results of the tests the container is tagged as a production candidate. A deployment pipeline is then used to execute a Blue-Green deployment on the latest update to production. Once the deployment is proven to work through automated testing the router is switched to the new deployment. The overall process helps reduce the risk of production updates to WordPress, themes, and plugins as well as reduce security concerns caused by randomly installing plugins by users. The presentation will also discuss strategies for running a WordPress database both outside and inside of a Docker container. It will discuss the pros and cons of each approach. Presentation given at Salt Lake City WordCamp 2019, Oct 12, 2019. (https://2019.slc.wordcamp.org/).

1. IMPROVING WORDPRESS DEVELOPMENT AND
DEPLOYMENTS WITH DOCKER AND CI/CD
Brett G. Palmer
Twitter: @brettgpalmer
LinkedIn: brettgpalmer

2. Introductions

3. Career Background
• Independent Software Developer & Entrepreneur
• Promoting open source and technology
• Currently: Contractor for State of Utah - DTS/DWS
• Helping Migrate to Open Source Eligibility System
• WordPress Development last 7 years
• Organizer for SLC DevOps Days and DevOpsUT Meetup
3

4. Development Interests
• Enterprise Java Development - Spring Cloud
• Mobile Development
• Ionic Mobile Framework
• Chatbots for Alexa, Google Home, FB Messenger
• WordPress REST API integration
• WordPress Hosting and Deployments
4

5. Current Tech Interests
• Entrepreneur helping small businesses
• Mobile business apps
• Website hosting
• Software Recruiter
• Helping developers gain their independence
• Development training
• Programming, DevOps, Testing
5

6. Favorite Job

7. My Pets

8. What’s the
Problem?

9. WordPress Security Concerns
• Sucuri 2018 Reports
• 90% CMS sites were WordPress
• Under 5% for Magento, Joomla, Drupal, etc
• Enterprises avoid adopting WordPress
• Frequently affects small businesses
9

10. Common Reasons for Hacks
• Outdated WordPress Installs
• Unprotected Access to WordPress Admin
• Insecure/outdated plugins or themes
• Incorrect File Permissions
10

11. WordPress Deployment Errors
• Manual steps from testing to production
• Frequent errors with deployments
• “Works on my machine” syndrome
11

12. Intro Docker
and
Containers

13. Docker Containers Intro
• Standard unit of software
• Packages code and dependencies together
• Minimal amount necessary to run
• Run quickly and reliably
• Containers are ephemeral (disposable)
• Pets vs Cattle

15. How
Containers
are Helpful

16. How Containers Can Help
• WordPress updates are easier and more frequent
• Consistent deployments to Dev, Test, and Prod
• Lock down plugins and themes
• Containers are ephemeral (short lasting) - any changes
to running container are temporary.
16

17. Stateless Containers
for WordPress
Approach

18. The Approach
• Create consistent WordPress environment
• Dev, Test, and Prod
• Started 2 years ago and evolved as needed
• Many ways to solve the same problem
• More WP containers available today
18

19. Technologies Used
• Docker: creates WordPress containers
• Docker Compose: integrates dependent services
• Nginx: Reverse proxy and TLS/SSL certificates hosting
• WordPress Site Container (Primary)
• WP Offload Media Light Amazon S3 and Cloudfront
• MySQL Database
• PhpMyAdmin container (development only)
• Kubernetes (future deployments)
19

20. Solution: Three Containers
• WordPress Base Container
• WordPress CLI Container
• Nginx container
• WordPress Site Container (Primary)
20

21. Layered Diagram Here
Php:fpm Image
wp-base
wp-cli
wp-nginx
wp-site
Each layer inherits
from the image above
Primary container
Smaller layers == faster
deployments

22. WordPress Base Container
• Depends on php:fpm (FastCGI Process Manage)
• Installs PHP extensions and makes php settings
• Downloads WordPress version (e.g. 5.2.x)
• Unpacks WordPress and sets file permission
• Sets up Docker env variables
• WORDPRESS_DB_NAME, USER, PASSWORD, HOST
• WP_DEBUG settings
22

23. Dockerfile: Base Container
ENV WORDPRESS_VERSION 5.2.3
ENV WORDPRESS_SHA1 5efd37148788f3b14b295b2a9bf48a1a467aa303
# upstream tarballs include ./wordpress/ so this gives us /usr/src/wordpress
RUN curl -o wordpress.tar.gz -SL https://wordpress.org/wordpress-$
{WORDPRESS_VERSION}.tar.gz
&& echo "$WORDPRESS_SHA1 *wordpress.tar.gz" | sha1sum -c -
&& tar -xzf wordpress.tar.gz -C /usr/src/
&& rm wordpress.tar.gz
&& chown -R www-data:www-data /usr/src/wordpress
# extract wordpress on build
RUN tar cf - --one-file-system -C /usr/src/wordpress . | tar xf -
23

24. WordPress CLI Container
• Depends on WordPress base container
• Downloads current wpcli tool
• Sets file permissions for utility
24

25. WordPress Nginx Container
• Depends on wp-stateless-cli image
• Downloads nginx libraries
• Sets configurations for nginx
• Sets permissions to run nginx
25

26. Dockerfile: Nginx Container
# install nginx
RUN apt-get update && apt-get install -y nginx && rm -rf /var/lib/apt/lists/*
#########################################################################
#####################
# NGINX SETUP
#########################################################################
#####################
RUN rm -r /etc/nginx/sites-enabled/*
ADD default.conf /etc/nginx/sites-enabled/default.conf
ADD wordpress.conf /etc/nginx/global/wordpress.conf
ADD restrictions.conf /etc/nginx/global/restrictions.conf
26

27. WordPress Site Container
• Depends on wp-stateless-nginx image
• Sets memory, upload_max_filesize, etc
• Adds default and custom plugins to image
• Adds custom theme to image
27

28. Dockerfile: Site Container
RUN /plugins.sh /plugins/base
RUN /plugins.sh /plugins/security
# Delete Plugins script and plugin installation folder
RUN rm /plugins.sh && rm /plugins -r
# ADD OWN CUSTOM PLUGINS
ADD ./plugins/my-plugin /var/www/html/wp-content/plugins/my-plugin
##############################################################################################
# WORDPRESS Divid Theme Setup
##############################################################################################
COPY ./themes/Divi.zip /var/www/html/wp-content/themes
RUN unzip /var/www/html/wp-content/themes/Divi.zip -d /var/www/html/wp-content/themes
&& chown -R www-data:www-data /var/www/html/wp-content/themes
&& rm /var/www/html/wp-content/themes/Divi.zip
28

29. Developer Process
• Works with local wp-stateless-site repo
• Mounts local volume for development
• my-plugin directory
• my-theme directory
• Tests locally
• Commits changes into develop branch
• Push changes to remote Git server
29

30. Build Process
• Jenkins polls for repo changes
• Runs the build for wp-stateless-site
• Adds plugins
• Adds themes
• Pushes images to docker hub
• Pipeline runs script to deploy to test environment
• Runs automated selenium tests
30

31. Developer/Designer Workflow

32. Team Workflow

33. Docker Compose Deployment

34. Continuous
Integration/
Delivery/
Deployment

35. CI/CD Definitions
• Continuous Integration:
• Executes Build
• Runs unit and integration tests
• Continuous Delivery
• Insure software ready for deployment
• Tags artifacts
• Pushes to artifact repository (e.g. docker hub)
• Continuous Deployment (after all tests pass)
• Automated deployment of software to production
35

36. Continuous Integration and Continuous Delivery

37. Deployment Pipeline
• Jenkins polls for repo changes
• Runs the build for wp-stateless-site
• Adds plugins
• Adds themes
• Pushes images to docker hub
• Pipeline runs script to deploy to test environment
• Runs automated selenium tests
37

39. Blue/Green Deployments
• Blue environment is live
• Push new deployment to Green env
• Test Green environment
• Deployment verified switch to Green
• No downtime for customers

40. Blue/Green Deployment with No Downtime

41. Challenges

42. Stateless Vs Traditional
1. Image is ephemeral/immutable
(doesn’t change)
2. Software is built and deployed
3. All environments have exactly
same software
4. Production is not a testing
environment
42
1. Setup repeated for each
environment
2. Differences between
environments
3. Production is a testing
environment
Stateless WP Traditional WP

43. WordPress Development Evolution
• WordPress Headless CMS
• Gutenberg Blocks
• ReactJS
• More integration requires standardized
build and deployments

44. Database Persistence
• Containers should be ephemeral
• Databases are persistent and changing
• Docker volumes can work
• Recommended: Use DB services outside
of containers

45. K8s Deployment (Future)

46. Summary

47. Containers: Pros and Cons
• Pros
• Docker can improve WordPress Development and
Deployments
• Docker can help improve security
• Cons
• Lose some production flexibility
• Solution is not trivial

48. References
• WordPress Security Concerns
• https://sucuri.net/reports/2018-hacked-website-report/
• Docker Images
• https://cloud.docker.com/u/brettgpalmer/repository/
list
• Original Idea from Michael Haessig (2017)
• https://github.com/michaelhaessig/wordpress-
stateless

49. Technology References
• Jenkins CI
• https://hub.docker.com/_/jenkins/
• https://jenkins.io/
• CircleCI: https://circleci.com
• Travis CI: https://travis-ci.com/

50. Technology References
• Docker/Docker Compose
• Kubernetes: https://kubernetes.io/docs/
home/
• php-fpm: https://php-fpm.org/
• Book: Continuous Delivery by Jez Humble &
David Farley

51. Q&A

52. CONTACT INFO
Brett G. Palmer
Email: bpalmer@palmersoftware.com
Twitter: @brettgpalmer
LinkedIn: brettgpalmer
• Meetups: DevOpsUT, Ionic, Tech Startups
• Skiing Favorites: Solitude, Snowbird,
anywhere
• Downtown SLC (M-Th) or Utah County