This is the third in a series of screencasts that will document the process of moving a WordPress website from a shared hosting provider to a Digital Ocean droplet with Trellis, Bedrock, and Sage, with an SSL from Let’s Encrypt.
In the first screen-cast I setup Trellis & Bedrock.
In the second screen-cast I used Composer to get my theme & plugins installed, dealt with a couple of premium plugins, and migrated my data into my development environment.
In this screencast I setup my Digital Ocean droplet, prepare my project, provision the server and deploy the site. Yay! Thoughts and such below.
Read the docs carefully.
This is the best suggestion I have to offer. I read the docs carefuly and when my first deploy failed I realized I hadn’t read the docs carefully enough. The documentation is comprehensive, it’s your friend.
Make sure site keys have been added correctly
This tripped me up a couple of times but sure enough upon closer inspection of each failed deploy there was a stray ‘example.com’ in place of ‘smutek.net’. Generally if provisioning fails early on a missed site key is likely the culprit.
Do a couple dry runs with a spare domain
Unless you’re super comfortable with this I wouldn’t suggest your first deploy be on a mission critical or time sensitive site. It pays to be patient, not get frustrated, and go through it a couple of times until the process and concepts sink in. If things aren’t working out just destroy the DO box and try again. I’d say that I’ve done 5 or 6 deploys over the course of recording this screen-cast and at this point I’m comfortable enough with the process.
Here’s the order I did things:
Digital Ocean Setup
- Point DNS to DO
- Choose droplet : Ubuntu 14.0.4
- Add SSH Keys
- Create droplet
- Add domain to droplet (regular & www)
Provision & Deploy
- Make sure the project is added to github
- Set up variables in group_vars/production/wordpress_sites.yml
- Add the necessary settings for remote servers to group_vars/production/vault.yml
- Generate password for vault_mysql_root_password
- Generate crypted password for vault_sudoer_passwords
- Generate db_password
- Generate salts (be sure to use the Yaml, if using Trellis)
- Generate password for group_vars/all/vault.yml
- Set variables in group_vars/all/mail
- Set ‘sshd_permit_root_login: false’ ingroup_vars/all/security.yml
- Create a file called .vault_pass in /trellis. Generate a random password and save it in this file.
This is your vault password. Make sure it’s being git-ignored (it is, but double check .gitignore anyway)
- Inform Ansible of the vault password by adding vault_password_file = .vault_pass to trellis/ansible.cfg
- Encrypt vault.yml files. Use as needed, or encrypt all with:
ansible-vault encrypt group_vars/all/vault.yml group_vars/development/vault.yml group_vars/staging/vault.yml group_vars/production/vault.yml
- Add server hostname to hosts/production
- Add public SSH keys for web & admin_user groups in group_vars/all/users.yml
Note, make sure your public key has been added to github, or wherever. In the case of github,
- If using deploy hooks, uncomment the buildhooks in ‘deploy-hooks/build-before.ym’ and replace ‘sage’ with the name of your theme directory
- Turn on caching if using it
- Verify you can ssh to your box
- Make sure all changes have been saved, committed, and pushed to VC
ansible-playbook sever.yml -e env=production
./deploy.sh production yoursite.com
- Go to your site & run through the WP Installer.
- Migrate database (I used DB Migrate Pro)