Setting up a WordPress cluster

I asked Google Gemini to give me a recommended setup for the cluster and this is what it gave me. I imagine I will be refining this in the future.

Building a high availability WordPress cluster with at least two hosts, shared NFS storage, a shared MySQL database, and Sucuri WAF is a solid plan. Here's a breakdown of how you would configure your hosts:

I. Operating System and Base Configuration (for each host):

1. Choose a Linux Distribution: Select a stable and well-supported Linux distribution like Ubuntu Server, CentOS/Rocky Linux, or Debian.

2. Install Necessary Packages:

   • nginx or httpd (Apache): Your web server.
   • php-fpm: For processing PHP. Ensure you install the necessary PHP modules that WordPress requires (e.g., php-mysql, php-gd, php-xml, php-curl, php-mbstring, php-zip).
   • nfs-common: To mount the shared NFS storage.
   • Any other utilities you might need (e.g., vim, wget, curl, unzip).

3. Secure Your Hosts:

   • SSH Hardening: Disable root login via SSH, use strong passwords or SSH keys, and consider changing the default SSH port.
   • Firewall: Configure a local firewall (like ufw on Ubuntu or firewalld on CentOS/Rocky Linux) to only allow necessary inbound connections (e.g., SSH from your management IP, potentially HTTP/HTTPS if you need to access the hosts directly for debugging). Remember that Sucuri WAF will handle public-facing HTTP/HTTPS traffic.
   • Keep Software Updated: Regularly update your operating system and installed packages.

4. Time Synchronization: Ensure all hosts have accurate and synchronized time using NTP (Network Time Protocol).

II. Shared NFS Storage Configuration:

1. NFS Server Setup (on a dedicated server or one of the hosts - ideally a separate, highly available storage solution):

   • Install the NFS server software (nfs-kernel-server on Debian/Ubuntu, nfs-utils on CentOS/Rocky Linux).
   • Configure the /etc/exports file to share the WordPress files directory. Ensure you set appropriate permissions and options for your WordPress hosts (e.g., rw, sync, no_subtree_check, no_root_squash or root_squash depending on your security needs). Be mindful of security implications when using no_root_squash.
   • Start and enable the NFS server service.
   • Open necessary firewall ports on the NFS server (typically port 2049 for NFS, and potentially others for related services like mountd and nlockmgr).

2. NFS Client Configuration (on each WordPress host):

   • Install the NFS client software (nfs-common on Debian/Ubuntu, nfs-utils on CentOS/Rocky Linux).
   • Create a mount point for your WordPress files (e.g., /var/www/html).
   • Mount the NFS share to this mount point using the mount command and add an entry to /etc/fstab for persistent mounting on boot. Use appropriate mount options (e.g., defaults, nolock).

3. WordPress Files:

   • Install WordPress only once into the shared NFS mount point. Both hosts will access the same codebase.
   • Ensure the web server user (e.g., www-data on Debian/Ubuntu, apache on CentOS/Rocky Linux) has the correct read and write permissions to the WordPress files and directories on the NFS share.

III. Shared MySQL Database Configuration:

1. MySQL Server Setup (on a dedicated, highly available MySQL server or cluster):

   • Install the MySQL server software.
   • Secure your MySQL installation (set a strong root password, remove anonymous users, disallow remote root login, remove test database).
   • Create a dedicated database and user for WordPress with appropriate privileges.
   • Ensure MySQL is configured to listen on the network interface accessible by your WordPress hosts.
   • Consider implementing MySQL replication or clustering for high availability at the database level.

2. MySQL Client Configuration (on each WordPress host):

   • Install the necessary MySQL client libraries for PHP (php-mysql).
   • During the WordPress installation (done once on the shared NFS), configure WordPress to connect to the shared MySQL database using the database name, username, password, and the IP address or hostname of your MySQL server.
   • Update the wp-config.php file on the shared NFS with the correct database connection details.

IV. Web Server Configuration (on each WordPress host):

1. Install and Configure Web Server: Install either Nginx or Apache.

2. Virtual Host Configuration: Configure a virtual host for your WordPress site. The root directive in your web server configuration should point to the shared NFS mount point where your WordPress files are located (e.g., /var/www/html).

3. PHP-FPM Configuration (if using Nginx): Configure PHP-FPM to listen on a specific socket or port and configure your Nginx virtual host to forward PHP requests to PHP-FPM.

4. File Permissions: Ensure the web server user has the necessary read permissions on the WordPress files in the shared NFS. Write permissions might be needed for certain directories (e.g., wp-content/uploads) depending on your setup.

V. Sucuri WAF Integration:

1. DNS Configuration: Point your website's DNS records (A or CNAME) to the Sucuri WAF IP addresses provided by Sucuri.

2. Sucuri Backend Configuration: In your Sucuri dashboard, you will configure the backend origin servers (the public IP addresses of your WordPress hosts). Sucuri will then forward legitimate traffic to these hosts.

3. Health Checks (Optional but Recommended): Configure health checks within Sucuri to monitor the availability of your WordPress hosts. If a host becomes unresponsive, Sucuri can temporarily stop sending traffic to it.

4. Sucuri WordPress Plugin: Install and configure the Sucuri WordPress plugin on your WordPress installation (located on the shared NFS). This plugin helps with hardening, malware scanning, and communicating with the Sucuri WAF.

VI. Load Balancing (Implicit with Sucuri):

• Sucuri WAF acts as a reverse proxy and will distribute traffic across your configured backend servers. This provides basic load balancing. You might not need a separate load balancer in this initial setup.

VII. Important Considerations and Best Practices:

• Session Management: With multiple hosts, you need a way to handle user sessions consistently. Consider using:
  • Database-backed sessions: Store session data in the shared MySQL database (requires a WordPress plugin).
  • Memcached or Redis: Install and configure a shared caching system like Memcached or Redis and use a WordPress plugin to store sessions there.
• Object Caching: Implement a persistent object cache (like Memcached or Redis) to reduce database load and improve performance. Configure WordPress to use it (often via a plugin).
• File Uploads: Ensure the wp-content/uploads directory on the shared NFS has the correct write permissions for the web server user.
• Plugin and Theme Updates: Perform plugin and theme updates carefully, ideally on a non-production environment first. Ensure the update process works correctly with the shared file system.
• Security: Regularly review security configurations, keep all software updated, and monitor logs.
• Testing: Thoroughly test the failover capabilities of your setup by simulating a host failure.
• Scalability: While you're starting with two hosts, consider how you might scale this in the future (adding more hosts).

In summary, you will configure each WordPress host to:

• Have the necessary operating system and software packages.
• Mount the shared WordPress files from the NFS server.
• Connect to the shared MySQL database.
• Run your web server (Nginx or Apache) configured to serve the WordPress site from the shared NFS mount.
• Have the Sucuri WordPress plugin installed and configured.
• Rely on Sucuri WAF to handle incoming traffic and distribute it across the hosts.

This setup provides redundancy at the web server level (if one host fails, Sucuri can direct traffic to the other) and ensures that all hosts serve the same content and use the same database. Remember to focus on the shared components (NFS and MySQL) for overall stability and consider their own high availability in the long run.