Deploy Wordpress site using Three-Tier AWS Network
Build Three-Tier VPC from scratch
First, we are going to follow the architecture diagram from above.
Create a VPC in us-east-1 region with IPv4 CIDR 10.0.0.0/16
Enable Hostname configuration for your VPC
Create an Internet Gateway and attach it to Dev VPC that we created.
Internet Gateway is used to communicate all outside internet traffic to our VPC.
Attach the Internet Gateway to the Dev VPC that you created. You can attach and detach the VPC from action tab.
Create subnets in 2 Availability Zones in our VPC for high availability and fault tolerance architecture
Create a subnet and make sure you select your VPC with correct zone and IPv4 address. You will find those details on architecture photo
Create route table who linked our public subnets to our Dev Internet Gateway
Edit routes:
Attach the Dev Internet Gateway with IP 0.0.0.0/0 which means from everywhere:
Edit subnet associations:
Attach your public subnets to it:
Create Nate Gateways
Nate gateway is being used to communicate traffic of our private subnet to Internet gateway.
As you can see in above diagram, 2 Nate gateways are created in public subnets and it is being attached to new private route table that has private subnets attached to it respectively.
- Nate Gateway -> Private Route Table AZ1 -> Private Data Subnet AZ1 and Private App Subnet AZ1
- Nate Gateway -> Private Route Table AZ2 -> Private Data Subnet AZ2 and Private App Subnet AZ2
Create a new Nate gateway named Nate Gateway AZ1 in Public Subnet AZ1 and Nate Gateway AZ2 in Public Subnet AZ2
Create 2 new routes tables named Private Route Table AZ1 and Private Route Table AZ2 under Dev VPC
Go to Private Route Table AZ1 and edit routes:
Allow all Internet traffic to Nate Gateway AZ1
Add both Private App Subnet AZ1 and Private Data Subnet AZ2 in the Route table
Follow same steps for Private Route table AZ2 and add Nate Gateway AZ2 and Private App Subnet AZ2 and Private Data Subnet AZ2
Create Security Groups
ALB Security Group
SSH Security Group
Webserver Security Group
Database Security Group
EFS Security Group Once you create EFS Security Group, click on Edit Inbound Rules: Add EFS Security Group
Create RDS Database
Go to Amazon RDS
First, we will create a subnet group to group together our private database subnets in us-east-1a and us-east-1b
Now, create a new RDS DB using following details. Make sure you'll create a RDS in our DEV VPC
![Screen Shot 2022-11-11 at 3.57.29 PM.png](cdn.hashno
Create Elastic File System (EFS)
Go to EFS
Create a new EFS
Install Wordpress
Let's first create on EC2 instance for test purpose in Public Subnet AZ1
Now SSH into the instance and run the following commands
#1. create the html directory and mount the efs to it
sudo su
yum update -y
mkdir -p /var/www/html
#Go to EFS system and find DNS nameme
sudo mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2,noresvport FILE_SYSTEM_NAME:/ /var/www/html
#2. install apache
sudo yum install -y httpd httpd-tools mod_ssl
sudo systemctl enable httpd
sudo systemctl start httpd
#3. install php 7.4
sudo amazon-linux-extras enable php7.4
sudo yum clean metadata
sudo yum install php php-common php-pear -y
sudo yum install php-{cgi,curl,mbstring,gd,mysqlnd,gettext,json,xml,fpm,intl,zip} -y
#4. install mysql5.7
sudo rpm -Uvh https://dev.mysql.com/get/mysql57-community-release-el7-11.noarch.rpm
sudo rpm --import https://repo.mysql.com/RPM-GPG-KEY-mysql-2022
sudo yum install mysql-community-server -y
sudo systemctl enable mysqld
sudo systemctl start mysqld
#5. set permissions
sudo usermod -a -G apache ec2-user
sudo chown -R ec2-user:apache /var/www
sudo chmod 2775 /var/www && find /var/www -type d -exec sudo chmod 2775 {} \;
sudo find /var/www -type f -exec sudo chmod 0664 {} \;
chown apache:apache -R /var/www/html
#6. download wordpress files
wget https://wordpress.org/latest.tar.gz
tar -xzf latest.tar.gz
cp -r wordpress/* /var/www/html/
#7. create the wp-config.php file
cp /var/www/html/wp-config-sample.php /var/www/html/wp-config.php
#8. edit the wp-config.php file
nano /var/www/html/wp-config.php
#you need to edit the config file to attach RDS DB and SSL certificate
/* SSL Settings */
define('FORCE_SSL_ADMIN', true);
// Get true SSL status from AWS load balancer
if(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https') {
$_SERVER['HTTPS'] = '1';
}
#9. restart the webserver
service httpd restart