Scalable, HA, Secure WordPress on Azure – 7: Configuring Install Scripts

Jun 1
Ninad Kanthi

Welcome to the next stage of our famous -Scalable, Highly Available, Secure WordPress on Azure series.

So far I’ve created the infrastructure components needed for our solution. What I mean by that is that I’ve created all the network, security, VM, public IP and rest of components needed for our target architecture has been added and configured. I am repeating our reference network architecture below –

Final Network Topology with Temp Public IPs attached

Another way of thinking is that we’ve now finished with the Azure infrastructure Cmdlets. Now its time to shift focus on installing the AMP + WordPress software stack and configuring it.

As with the previous steps, I’ll be doing everything in scripts. And the scripts now will take the form of Linux shell scripts and Windows .bat-scripts.

Lets me first describe what I am trying to achieve. As a next step, I will be installing AMP stack on the two Linux front-end servers and MySQL on the Linux backend server. The front-end servers (frontendserver1, frontendserver2) are attached to the back-end pool of the load balancer (see diagram above) and would be configured as mirror-image of each other. On the front-end servers, I would be installing the following software stack

  • Apache 2
  • PHP
  • WordPress
  • SSL Keys

On the database server, backend-databaseserver-v2, I will install and configure following

  • MySQL database server
    • Harden the database server by removing any extraneous foot print.
    • Configure MySQL Database by installing WordPress related database and user profile to access it from remote machine
    • Configure MySQL to allow access from outside machine.

Script Locations

The scripts to install MySQL components and configure the database server is located @ ‘dbserver‘ folder. The script to install software components on front-end server can be found under the folder ‘webuser‘.

File Description

Let me spend couple of minutes to describe the files copied under both these folders

LocationFile NameDescription

webuser		install-ssl.shShell script to install SSL components and
make appropriate configuration and replacements
to Apache2 site

webuser		install.shShell script to install Apache2, PHP and WordPress.
This script also configures Apache2 config files to specify
WordPress installation folder and modifies
WordPress configuration files to indicate MySQL
database connectivity

webuser,
dbserver		py_file_replace_str.pyPython string replacement. Takes a file name,
string to substitute and replacemement string as
parameters

webuser		py_file_sub_str.pyPython script to replace strings in a particular file
‘/etc/apache2/sites-available/wordpress.conf’

webuser		replace_str.shShell script to replace string in a particular file –
‘/etc/apache2/apache2.conf’

webuser		scopy.batBatch file which establishes connectivity with
the front-end web server VMs and installs software by
invoking scripts ‘install.sh‘, followed by ‘install-ssl.sh’
dbserverinstall.shInstall script to install MySQL and configure
it for remote access, users configuration and port
opening
dbserverscopy.batCopies the installation files to database server
File are copied to the default folder of user ‘webuser’
dbserversqlCommands.sqlContains SQL commands to create
WordPress database, create and configure users
dbserveruninstall-mysql.shIf anything were to go wrong, script to completely
remove MySQL installation.

Substituting Public IP Addresses

Inside each of the above script locations, the file that copies the installation scripts, string substitution programs and SSL keys is called ‘scopy.bat‘. For the front-end web server, this file is located here and for the back-end database server, this file is located here.

Before I can execute these scripts, both of these files need to be updated with the latest public IP address that I created in the last step. This is achieved by executing the script – ‘7-configuring-linux-scripts.ps1‘- script is self explanatory.

SSL Configurations

For the end-users to have the confidence that they are accessing a secure site, I need to install the SSL certificates to our web servers. I need to ensure that the end-user is not shown this warning –

SSL Not Secure Warning

NOTE: It also means that our SSLs are terminated at the web server level and not at the load-balancer level.

The process of obtaining these SSL files will vary and for me I obtain these SSL certificates from letsencrypt. The process is to get the certificate for one machine and copy the relevant SSL files from that machine on-to another machine. This process is automated in scopy.bat.


Database Access Passwords

During my installation of MySQL server, I created a user – remotewpuser and assign it permissions to access the WordPress database from the remote machines. The password for this user is specified in two files and you’ll need to change the password in both the files during the installation

The two files which need to be update are

  1. webuser\install.sh
  2. dbserver\sqlCommands.sql

Search for the text ‘<<InstallPasswordHere>>‘ and substitute it with the password that you want to use it for the remoteuser.

Next Step

I am now ready to install and configure our database server. Lets do it.

Leave a Reply

Your email address will not be published. Required fields are marked *