https://github.com/ar-rostami/wordpress-high-performance-dockerized-stack

A scalable, secure, and optimized Docker-based stack for WordPress. Featuring Nginx with FastCGI caching, PostgreSQL, Redis, Kafka, ClickHouse, and Prometheus/Grafana for monitoring. Includes built-in WAF (ModSecurity) and Fail2Ban for advanced security. Perfect for high-traffic and production environments.
https://github.com/ar-rostami/wordpress-high-performance-dockerized-stack

clickhouse docker docker-compose fail2ban fastcgi grafana high-performance kafka modsecurity modsecurity-nginx nginx-proxy pgsql postgresql prometheus redis waf wordpress wp

Last synced: 3 days ago
JSON representation

A scalable, secure, and optimized Docker-based stack for WordPress. Featuring Nginx with FastCGI caching, PostgreSQL, Redis, Kafka, ClickHouse, and Prometheus/Grafana for monitoring. Includes built-in WAF (ModSecurity) and Fail2Ban for advanced security. Perfect for high-traffic and production environments.

• Host: GitHub
• URL: https://github.com/ar-rostami/wordpress-high-performance-dockerized-stack
• Owner: ar-rostami
• License: mit
• Created: 2024-11-28T16:19:02.000Z (2 months ago)
• Default Branch: main
• Last Pushed: 2024-11-28T17:24:20.000Z (2 months ago)
• Last Synced: 2024-11-28T17:25:05.722Z (2 months ago)
• Topics: clickhouse, docker, docker-compose, fail2ban, fastcgi, grafana, high-performance, kafka, modsecurity, modsecurity-nginx, nginx-proxy, pgsql, postgresql, prometheus, redis, waf, wordpress, wp
• Homepage:
• Size: 1.26 MB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: readme.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# WordPress High-Performance Dockerized Stack 🚀






  




This repository provides a **high-performance**, **scalable**, and **secure** Docker stack for deploying **WordPress**. It leverages various cutting-edge technologies and optimization techniques to ensure excellent performance, high traffic handling, and strong security.

---

## Key Features 🌟

- **Nginx** as a reverse proxy and web server with **FastCGI** caching for ultra-fast content delivery.

- **PostgreSQL** database for WordPress, providing better scalability and performance over MySQL.

- **Redis** for object caching, improving page load times by reducing database queries.

- **ClickHouse** for real-time data analytics and high-performance querying.

- **Kafka** for efficient real-time event processing and message queue management.

- **Prometheus** for system monitoring and **Grafana** for powerful visual metrics and dashboards.

- **ModSecurity** Web Application Firewall (WAF) for protection against attacks like SQL Injection, XSS, and more.

- **Fail2Ban** to protect against brute-force login attempts and automated attacks.

---

## Architecture Overview 🏗️

The stack uses the following architecture:

Client -> Nginx (Reverse Proxy) -> PHP-FPM -> WordPress | -> PostgreSQL -> Redis -> Kafka -> Zookeeper -> ClickHouse

---

## Installation & Setup 🚀

### Prerequisites 🧰

Make sure you have the following tools installed:

- **Docker**: [Install Docker](https://docs.docker.com/get-docker/)

- **Docker Compose**: [Install Docker Compose](https://docs.docker.com/compose/install/)

---

### 1. Clone the Repository 💻

Clone the project to your local machine:

```bash

git clone https://github.com/ar-rostami/WordPress-High-Performance-Dockerized-Stack.git

cd WordPress-High-Performance-Dockerized-Stack

```

------------

### 2. Project Directory Structure 📂

Here’s how the project is organized:

    ├── docker-compose.yml

    ├── nginx/

    │   └── nginx.conf

    ├── php/

    │   └── php.ini

    ├── prometheus/

    │   └── prometheus.yml

    ├── wordpress/

    │   └── wp-config.php (generated automatically)

    ├── certs/ (SSL certificates)

    ├── fail2ban/

    │   └── fail2ban.conf

    ├── modsec/

    │   └── modsec.conf

    ├── wp-content/ (bind-mounted for uploads)

    └── README.md

    

------------

### 3. Configure Environment Variables ⚙️

Create a .env file in the root directory with the following contents:

```

POSTGRES_USER=wp_user

POSTGRES_PASSWORD=wp_password

POSTGRES_DB=wp_database

REDIS_MAXMEMORY=256mb

```

You can adjust the environment variables according to your setup.

------------

### 4. Start the Docker Stack 🚢

Run the following command to start all the services in detached mode:

```bash

docker-compose up -d

```

> **This will start:**

- Nginx (reverse proxy and web server)

- PHP-FPM (for WordPress PHP processing)

- PostgreSQL (as the database)

- Redis (for caching)

- Prometheus (for monitoring)

------------

### 5. Access WordPress 🎉

Once the stack is running, navigate to your browser and access your WordPress site at:

- **[http://localhost](`http://localhost` "http://localhost")**

Follow the WordPress setup wizard to complete the installation.

------------

### 6. Monitoring and Metrics 📊

Prometheus will be available at http://localhost:9090 for system monitoring.

Grafana dashboards will be available at http://localhost:3000. Default login: admin/admin.

Customization 🔧

Nginx Configuration 🌐

Modify the nginx/nginx.conf file to configure caching, SSL, security headers, and other performance settings.

##### PHP Configuration 🖥️

Customize the php/php.ini file to adjust PHP settings like memory limits, max execution time, and OPcache settings.

##### Prometheus Configuration 📈

You can modify the prometheus/prometheus.yml file to add additional services or adjust monitoring settings.

------------

### 7. Security Considerations 🔒

##### 1. Protection Against DDoS 🌐

Cloudflare or similar services can help mitigate DDoS attacks.

Rate limiting is configured in Nginx to block excessive requests.

##### 2. Web Application Firewall (WAF) 🔐

ModSecurity is enabled to block common attack vectors like SQL Injection, Cross-Site Scripting (XSS), and Command Injection.

##### 3. Fail2Ban Protection 🚫

Fail2Ban is configured to block IP addresses after multiple failed login attempts, mitigating brute-force attacks.

Scalability and High Availability 📈

Scaling with Docker Compose ⚡

To scale the PHP-FPM service, simply run:

```bash

docker-compose up -d --scale php=3

```

> This will spin up multiple instances of PHP to handle increased traffic.

------------

### 8.  Kubernetes Support ☸️

For larger production environments, the architecture is ready to be deployed to Kubernetes. You can create Kubernetes manifests to deploy the stack to a Kubernetes cluster for horizontal scaling and high availability.

------------

### 9. Troubleshooting 🔧

Useful Docker Commands 🐳

Check logs of a specific service:

```bash

docker-compose logs -f 

```

Restart a specific service:

```bash

docker-compose restart 

```

------------

### 10.  Ensure Volumes Are Correctly Mounted 📁

Make sure the following directories are writable and correctly mounted:

-     wordpress/

-     wp-content/

-     postgres-data/

-     clickhouse-data/

------------

### 11.  Future Improvements 🚀

- Horizontal Scaling: Support scaling PostgreSQL with read replicas for better availability and performance.

- SSL Automation: Set up automatic SSL certificate renewal using Let’s Encrypt.

- Background Processing: Integrate more Kafka consumers for background task processing.

------------

### 12.  Contributors 👥

**Contributions are welcome! Feel free to submit pull requests.**