• February 20, 2024
  • nitesh taliyan
  • 0

In the realm of cloud hosting, configuring robust infrastructure on AWS demands meticulous planning and adept problem-solving. In this comprehensive blog post, we unravel the intricacies of setting up WordPress hosting in the Region, delving into the architecture, security measures, and innovative solutions devised to overcome encountered challenges.

Infrastructure Overview

Our hosting environment is segregated into two Virtual Private Clouds (VPCs): Staging and Production, each meticulously architected to meet specific requirements.

Staging VPC Configuration

  • 2 Public Subnets: One houses the Staging Application Load Balancer (ALB), while the other accommodates the Central Bastion Host for secure access.
  • 2 Private Subnets: Segmented to host two websites each, facilitating efficient management and isolation.
  • All websites run on EC2 instances, ensuring scalability and flexibility.

Production VPC Configuration

  • 1 Public Subnet: Hosts the Production ALB, serving as the entry point for users accessing the production websites. Within the Production ALB, we’ve employed Host-Based Routing to efficiently route traffic to the appropriate backend servers based on the host header in the HTTP request. This enables granular control over traffic distribution, enhancing the overall performance and reliability of our hosting environment.
  • 4 Private Subnets: Dedicated to hosting the production websites, ensuring segregation and minimizing potential points of failure.
  • Production RDS: Situated in a separate Private Subnet, enhancing security and facilitating centralised management.
  • CloudFront: To optimise content delivery and minimize latency, we’ve configured CloudFront to point to the Production ALB as the origin server. Leveraging caching policies and behaviors, we’ve fine-tuned content delivery to ensure rapid response times and efficient resource utilisation.

Security Measures

  • Well-Architected Framework (WAF): Adhering to AWS’s best practices, we prioritise operational excellence, security, reliability, performance efficiency, cost optimization, and sustainability.
  • Bastion Host: Acts as the single point of access for managing both Staging and Production servers, enforcing strict access controls and enhancing security.
  • VPC Peering: Our implementation of VPC peering serves a crucial role in facilitating communication between the Staging and Production VPCs. In our architecture, the Central Bastion Host located within the Staging VPC acts as the primary gateway for accessing both staging and production environments. Through VPC peering, we’ve established a secure and direct connection that enables the Bastion Host to communicate with the production servers running in the Production VPC. This streamlined communication pathway ensures efficient management and monitoring of resources across environments while upholding stringent security measures.
  • ACM: we’ve implemented SSL encryption at the Load Balancer level using AWS Certificate Manager. This ensures end-to-end encryption of data transmitted between clients and our infrastructure, bolstering data security and confidentiality.

Architecture Diagram

Challenges Faced

Our journey wasn’t without its hurdles. The primary challenge arose when we encountered limitations with Godaddy’s DNS setup, particularly regarding addition of  CNAME records on the base domain. Additionally, implementing HTTPS redirection for production websites posed another significant obstacle, as traditional methods proved ineffective within our setup.

Solutions Implemented

  1. pizza.redirect: Faced with the DNS limitation, we innovated with a solution dubbed pizza.redirect. This inventive approach involved routing users through a series of redirects—from Godaddy to CloudFront and finally to the Production ALB—circumventing the CNAME restriction and ensuring seamless domain resolution.
  2. Cost-Optimised: Initially considering Global Accelerator for A-NAME record which we will later put on Godaddy has pivoted to be  more costly than  pizza.redirect solution. By prioritising cost optimization without compromising performance, we achieved the desired outcome while maintaining affordability for our customers.

Conclusion

Our journey of setting up WordPress hosting on AWS underscores the importance of adaptability, creativity, and strategic decision-making. By meticulously crafting our infrastructure, leveraging innovative solutions, and prioritising customer requirements, we’ve established a robust hosting environment that excels in security, performance, and cost efficiency. As technology continues to evolve, we remain committed to staying at the forefront of innovation, delivering exceptional solutions that exceed customer expectations.

References: