Table of Contents

  1. Introduction
  2. Architecture Overview
  3. Technology Stack: Docker Compose, Nginx, Cloudflare SSL, DigitalOcean Spaces CDN
  4. Prerequisites
  5. Step 1: Creating a Secure DigitalOcean Droplet
  6. Step 2: Initial Server Setup and Hardening
  7. Step 3: Installing Docker and Docker Compose
  8. Step 4: Configuring DigitalOcean Spaces with CDN for Media Storage
  9. Step 5: Configuring the WordPress Docker Compose Stack
  10. Step 6: Setting Up Nginx as a Reverse Proxy
  11. Step 7: Implementing Cloudflare SSL and Security
  12. Step 8: Finalizing WordPress Installation with Spaces Integration
  13. Maintenance and Best Practices
  14. Troubleshooting Common Issues
  15. Conclusion

Introduction

Deploying WordPress can be as simple as a one-click install, but for a production-grade, secure, and scalable application, a modern technology stack is essential. This comprehensive guide will walk you through deploying WordPress using a powerful combination of Docker Compose for containerization, Nginx as a high-performance reverse proxy, Cloudflare SSL for enhanced security and CDN, and DigitalOcean Spaces with CDN for scalable, off-server media storage.

Architecture Overview

Understanding the complete data flow of our technology stack:

  1. End User: Visits your domain, which is routed through Cloudflare’s global network.
  2. Cloudflare SSL/CDN: Terminates SSL connections, filters malicious traffic, serves cached static content, and provides DDoS protection.
  3. Nginx Reverse Proxy: Receives legitimate requests from Cloudflare, handles SSL termination, and proxies requests to the WordPress container.
  4. Docker Compose Stack: Manages the WordPress application and MySQL database in isolated containers.
  5. DigitalOcean Spaces CDN: Stores and serves all media uploads (images, documents) via a global CDN, reducing server load.

This multi-layered approach ensures optimal performance, security, and scalability.

Technology Stack: Docker Compose, Nginx, Cloudflare SSL, DigitalOcean Spaces CDN

  • Docker Compose: Orchestrates multi-container WordPress application (WordPress + MySQL)
  • Nginx: High-performance web server and reverse proxy with SSL termination
  • Cloudflare SSL: Free SSL certificates, global CDN, and enterprise-level security features
  • DigitalOcean Spaces: S3-compatible object storage with built-in CDN for media files
  • Ubuntu Server: Stable, secure operating system for the Docker host

Prerequisites

  • DigitalOcean account with billing configured
  • registered domain name pointed to Cloudflare’s nameservers
  • Cloudflare account with your domain added
  • Basic familiarity with Linux command line, SSH, and Docker concepts

Step 1: Creating a Secure DigitalOcean Droplet

  1. Log in to your DigitalOcean control panel and click “Create” → “Droplets”
  2. Choose Image: Select “Ubuntu 22.04 LTS” (or latest LTS version)
  3. Plan Selection: Start with “Basic” plan (1GB/1CPU) – scalable as needed
  4. Datacenter Region: Choose region closest to your primary audience
  5. Authentication: Add your SSH public key for secure passwordless access
  6. Finalize: Name your droplet (e.g., wordpress-docker-stack) and create

Step 2: Initial Server Setup and Hardening

bash

# Connect to your droplet
ssh root@your_droplet_ip

# Create deployment user with sudo privileges
adduser deployer
usermod -aG sudo deployer

# Copy SSH keys for secure access
rsync --archive --chown=deployer:deployer ~/.ssh /home/deployer

# Configure UFW firewall
ufw allow OpenSSH
ufw allow 80    # HTTP for initial setup
ufw allow 443   # HTTPS
ufw enable

Step 3: Installing Docker and Docker Compose

bash

# Install Docker using official script
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh get-docker.sh

# Add user to docker group
sudo usermod -aG docker $USER

# Install Docker Compose plugin
sudo apt install docker-compose-plugin -y

# Verify installation
docker --version && docker compose version

Step 4: Configuring DigitalOcean Spaces with CDN for Media Storage

  1. Navigate to Spaces in DigitalOcean control panel
  2. Create new Space with unique name (e.g., my-wp-media-cdn)
  3. Enable CDN: Check “Add a CDN” for global content delivery
  4. Choose datacenter region matching your droplet
  5. Generate Access Keys: Create API key with read/write permissions
  6. Note Credentials: Save Space name, region, access key, and secret

Step 5: Configuring the WordPress Docker Compose Stack

Create project directory and docker-compose.yml:

yaml

version: '3.8'

services:
  db:
    image: mysql:8.0
    container_name: wordpress_db
    restart: unless-stopped
    environment:
      MYSQL_ROOT_PASSWORD: ${DB_ROOT_PASSWORD}
      MYSQL_DATABASE: wordpress
      MYSQL_USER: wordpress_user
      MYSQL_PASSWORD: ${DB_USER_PASSWORD}
    volumes:
      - db_data:/var/lib/mysql
    networks:
      - wordpress_network

  wordpress:
    image: wordpress:php8.2-apache
    container_name: wordpress_app
    restart: unless-stopped
    depends_on:
      - db
    environment:
      WORDPRESS_DB_HOST: db:3306
      WORDPRESS_DB_USER: wordpress_user
      WORDPRESS_DB_PASSWORD: ${DB_USER_PASSWORD}
      WORDPRESS_DB_NAME: wordpress
      UPLOAD_MAX_FILESIZE: 64M
    volumes:
      - wordpress_data:/var/www/html
      - ./uploads.ini:/usr/local/etc/php/conf.d/uploads.ini
    networks:
      - wordpress_network

volumes:
  db_data:
  wordpress_data:

networks:
  wordpress_network:
    driver: bridge

Create environment file (.env):

bash

DB_ROOT_PASSWORD=your_secure_root_password
DB_USER_PASSWORD=your_secure_user_password

Deploy the stack:

bash

docker compose up -d

Step 6: Setting Up Nginx as a Reverse Proxy

Install and configure Nginx:

bash

sudo apt update && sudo apt install nginx -y

Create Nginx configuration (/etc/nginx/sites-available/yourdomain.com):

nginx

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    
    # Security headers
    server_tokens off;
    
    # Proxy settings
    location / {
        proxy_pass http://127.0.0.1:80;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
    }
    
    # Static content caching
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
    }
}

Enable site and test configuration:

bash

sudo ln -s /etc/nginx/sites-available/yourdomain.com /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx

Step 7: Implementing Cloudflare SSL and Security

Cloudflare DNS Configuration:

  1. Add DNS Records: Create A records pointing to your droplet IP
  2. SSL/TLS Settings: Set to “Full” or “Full (strict)” mode
  3. Always Use HTTPS: Enable redirect from HTTP to HTTPS
  4. Minimum TLS Version: Set to TLS 1.2 or higher

Server-Side SSL Configuration:

bash

# Install Certbot for SSL certificates
sudo apt install certbot python3-certbot-nginx -y

# Obtain SSL certificate
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

# Set up auto-renewal
sudo crontab -e
# Add line: 0 12 * * * /usr/bin/certbot renew --quiet

Step 8: Finalizing WordPress Installation with Spaces Integration

WordPress Setup:

  1. Access https://yourdomain.com/wp-admin/install.php
  2. Complete installation with secure credentials
  3. Important: Use strong username/password (not “admin”)

DigitalOcean Spaces Integration:

  1. Install “WP Offload Media Lite” plugin
  2. Configure settings with Spaces credentials:
  • Space Name: Your DigitalOcean Spaces name
  • Access Key: Spaces access key
  • Secret Key: Spaces secret key
  • Region: Spaces region endpoint
  1. Test upload functionality – files should now serve via CDN

Security Hardening:

  • Install Wordfence security plugin
  • Configure two-factor authentication
  • Limit login attempts
  • Regular security scanning

Maintenance and Best Practices

Automated Backups:

bash

# Database backups using cron
0 2 * * * docker exec wordpress_db mysqldump -u root -p${DB_ROOT_PASSWORD} wordpress > /backups/wordpress-$(date +\%Y\%m\%d).sql

Update Procedures:

bash

# Update Docker images
docker compose pull
docker compose up -d

# System updates
sudo apt update && sudo apt upgrade -y

# Nginx configuration testing
sudo nginx -t && sudo systemctl reload nginx

Monitoring:

  • Set up DigitalOcean monitoring alerts
  • Configure Cloudflare analytics
  • Monitor Docker container logs: docker compose logs -f

Troubleshooting Common Issues

  1. SSL Certificate Errors: Verify Cloudflare SSL mode and certificate validity
  2. Media Upload Failures: Check Spaces permissions and CDN configuration
  3. Database Connection Issues: Verify Docker Compose network configuration
  4. Nginx 502 Errors: Ensure WordPress container is running and ports are exposed

Conclusion

You have successfully deployed a production-ready WordPress application using a modern, secure technology stack. The combination of Docker Compose for application management, Nginx for high-performance serving, Cloudflare SSL for security and CDN, and DigitalOcean Spaces with CDN for media storage creates a robust, scalable foundation for your website.

This architecture provides enterprise-level features while maintaining cost-effectiveness and ease of management. Regular maintenance and monitoring will ensure your WordPress site remains secure, fast, and reliable for your users.

Categorized in:

devops, Home,

Last Update: 2025-09-30