How to Use a Remote Database with WordOps

Introduction

WordOps is a command-line WordPress management tool for Linux servers with Nginx, MySQL, and PHP (LEMP). WordOps usually configures WordPress on a single server, but you can also use it to install the website and database on different servers when you need to scale your WordPress site. This article explains how to install WordPress on one server and MySQL on a different server. The servers communicate over a private Vultr VPC. You could also use this same approach to scale further with Vultr Load Balancers.

1. Create Vultr Instances

1. Deploy two Ubuntu 20.04 cloud servers in the same location.

   • Give them hostnames web-server and db-server.
   • Connect them to the same VPC.
   • Create a sudo user on both servers.
   • Update the servers.

2. Make note of the private IP addresses for each server. This article assumes those are:

   • web-server: 10.0.0.1
   • db-server: 10.0.0.2

2. Install MySQL on db-server

1. Connect to db-server as your sudo user through SSH.

2. Install WordOps.

    $ wget -qO wo wops.cc && sudo bash wo

3. Install MySQL.

    $ wo stack install --mysql

4. Verify MySQL is running.

    $ service mysql status

3. Configure db-server

1. Configure the UFW firewall with the commands below. Replace 10.0.0.1 with the web-server's IP address. This allows SSH from anywhere and access to MySQL only from web-server.

    $ sudo ufw default allow outgoing
    $ sudo ufw default deny incoming
    $ sudo ufw allow 22 comment 'SSH'
    $ sudo ufw allow from 10.0.0.1 to any port 3306 comment 'MySQL'
    $ sudo ufw enable

2. Secure db-server with fail2ban.

    $ wo stack install --fail2ban

3. Configure MySQL to allow remote access by editing /etc/mysql/my.cnf.

    $ sudo nano /etc/mysql/my.cnf

4. Add the following to the end of the file:

    [mysqld]
    bind-address = 0.0.0.0

   When finished, /etc/mysql/my.cnf should look like this:

    [client-server]
    # Port or socket location where to connect
    # port = 3306
    socket = /run/mysqld/mysqld.sock
   
    # Import all .cnf files from configuration directory
    !includedir /etc/mysql/conf.d/
    !includedir /etc/mysql/mariadb.conf.d/
   
    [mysqld]
    bind-address = 0.0.0.0

5. Restart the MySQL service.

    $ service mysql restart

6. Verify the port is open.

    $ lsof -i -P -n | grep 3306

   The result should look like this:

    mariadbd  35985           mysql   16u  IPv4  92217      0t0  TCP *:3306 (LISTEN)

7. View my.cnf to find the database password.

    $ cat /etc/mysql/conf.d/my.cnf

   The result should look like this:

    [client]
    user = root
    password = xxxx_example_password_xxxx
    socket = /run/mysqld/mysqld.sock

8. Grant privileges to access the database from web-server.

   Replace the IP 10.0.0.1 with your web server's IP address and xxxx_example_password_xxxx with the password from the previous step.

    $ mysql -e "grant all privileges on *.* to 'root'@'10.0.0.1' IDENTIFIED BY 'xxxx_example_password_xxxx' with grant option;"
    $ mysql -u root -p -e "flush privileges;"

4. Configure web-server with WordOps

1. Connect to web-server as your sudo user through SSH.

2. Install WordOps.

    $ wget -qO wo wops.cc && sudo bash wo

3. Install the WordOps main stacks.

    $ wo stack install        

4. The MySQL server isn't required on web-server, so remove it.

    $ wo stack remove --mysql

5. Install the MySQL client on web-server.

    $ wo stack install --mysqlclient

6. Verify you can connect to the MySQL database. Replace 10.0.0.2 with db-server's IP address.

    $ mysql -uroot -h10.0.0.2 -p

7. Create a new /etc/mysql/conf.d/my.cnf file.

    $ sudo nano /etc/mysql/conf.d/my.cnf

8. Paste the following content.

   • Replace 10.0.0.2 with db-server's IP address.

   • Replace xxxx_example_password_xxxx with the MySQL password from the previous section.

       [client]
       host = 10.0.0.2
       user = root
       password = xxxx_example_password_xxxx

9. Save and close the file.

10. Edit the /etc/wo/wo.conf file.

     $ sudo nano /etc/wo/wo.conf

11. Find the following line:

     grant-host = localhost

    and replace it with:

     grant-host = %

12. Save and close the file.

5. Create a WordPress Website

Up to this point, you've only worked with the private IP addresses of the servers. In fact, db-server only needs to be available to web-server, and can be blocked entirely from the public Internet. Obviously, web-server does need to be accessible from the Internet to be useful. For the next step, locate the public IP address of web-server in your Vultr customer portal.

1. Create an A Record for web-server at your domain registrar or DNS host. For example, assign 192.0.2.123 to the A record for web-server.example.com. This is also known as a Fully-Qualified Domain Name (FQDN).

2. Create firewall rules for web-server. This allows access to SSH, HTTP, HTTPS, NTP, and the WordOps Dashboard port.

    $ sudo ufw default allow outgoing
    $ sudo ufw default deny incoming
    $ sudo ufw allow 22 comment 'SSH'
    $ sudo ufw allow http comment 'HTTP'
    $ sudo ufw allow https comment 'HTTPS'
    $ sudo ufw allow 123 comment 'NTP'
    $ sudo ufw allow 22222 comment 'WordOps'
    $ sudo ufw enable

3. Create a WordPress website with Nginx fastcgi_cache and secure the site with Let's Encrypt SSL certificate. Replace web-server.example.com with your FQDN. Save the admin credentials reported by WordOps.

    $ wo site create web-server.example.com --wpfc -le

Your website is now ready to use.

• Access your website at https://example.com
• Access the WordOps Dashboard at https://example.com:22222

More Information

• WordOps Documentation
• How to Create a Vultr Virtual Private Cloud (VPC)