Lightsail distribution wordpress

It's not very hard to add CDN Distribution to a WordPress app hosted on Amazon Lightsail. But if you are new, it can be cumbersome. This article is to demonstrate how to do it easily.

Why Should I use CDN distribution?

You might hear about Content Delivery Network (CDN). If not, here is an article explaining "what is CDN?".

If you are not interested to read a long article, here is TL;DR: In CDN, Lots of small servers run closer to your customer. Content gets cached there and served from the closer server(s) of your customer. In that way, ease the pressure from the main servers.

What is CDN Distribution?

It is the Amazon Lightsail CDN service. Under the hood, it uses Amazon Cloudfront. It has 300+ points of presence to deliver content closer to your customers. On top of that, it comes with AWS Shield, which protects infrastructure from DDoS attacks.

Are you excited to create your first CDN Distribution? Let's go 🏃‍♂️

Prerequisites

WordPress Application

You need to have an existing WordPress application for this tutorial. Don't worry if you don't have one. I covered How to Deploy WordPress Application to Amazon Lightsail in the first part of this series.

Attach a Static IP to WordPress Instance

1. Go to the Networking tab and then click on Create static IP

   

2. (A) Select the WP App instance. (B) Give it a meaningful name and (C) Hit Create.

   

Now we are ready to create our first distributions.

Create CDN Distribution

1. Go to home page of Lightsail. Go to Network tab again. This time hit the Create distribution button.

   

2. Select the WordPress Instance as Origin

   

3. Hit Yes, apply to apply the predefined WordPress settings

   

4. Now, (A) choose a plan. (B) Give it a name and (C) Hit Create Distribution button

   

Woohoo 🎉 Your first distribution is created. Wait for a while to be available. After getting done, you will see this 👇

Domain

Update the Domain in DB

Login to your WordPress application's database, you may follow . Update the siteurl and home to your wp_options table to your distribution domain.

Bonus

1. You can use a custom domain instead of CloudFront's sub-domain. You may follow this tutorial.

2. You can add Object Storage to your WordPress app with a CDN distribution by following this tutorial.

Conclusion

Hope you enjoyed this simple article and created your first CDN distribution. Ask your questions in the comment. Subscribe to get the next blog post. Thanks 🙏

In this tutorial, we are going to set up a WordPress site with LightSail using CloudFront and Route 53.

BTW if you are a cloud engineer you may be interested to join the topcloudops.com network. Great customers, great projects, and great pay.

Working with Lightsail is great if you only want to do a WordPress website in isolation. You can configure a domain and point it to your website, add a load balancer to distribute the load, and add distribution to efficiently cache the content using the AWS edges network. It looks great! But is not.

The problem is when you use Lightsail and you already have an AWS account that has a route 53 to manage your domains and a CloudFront to handle your distributions. In this case, using both in combination is quite hard to set up.

In this tutorial, I going to show you how to configure both Route 53 and Cloudfront using the mydomain.com domain as an example.

So let's go down to business.

1. Create a Lighsail WordPress instance
   Go to Lightsail, click on create instance, choose the right location(the same as the rest of your existing stack) an operating system (Linux seems to me like a no brainer), and the Bitnami WordPress image.

Choose your plan, I will choose the cheapest one, taking in account that most of the content will be delivered by CloudFront CDN and only login and admin will have no cache.

After that choose the number of instances and we are done.

For this tutorial, I will choose only one as we will use a Static IP to point origin.mydomain.com, If we decide to have more than one we will need to use a load balancer to distribute the load or a weighted, latency Route53 policy. If you use a load balancer it has an additional cost of 18$USD per month

Ok now click on create and wait till the instance is up and running.

2. Create static Ip:

As I was mentioning before now it is time to assign a static Ip to our LightSail instance so we can point origin.mydomain.com to it. If we don’t do this the IP can change due to different events and our routing will not be valid anymore. To do so we need to click in our new instance-> go to the Network tab and click on create static IP.

3. Create A Record to point to origin.mydomain.com:

Now that we have a Static IP we will go to route 53 and create an A record to point origin.mydomain.com to our Static IP.

For that go to Route53->Open your hosted zone -> create an A record with this configuration:

Record name origin.mydomain.com
Record Type A Record
Value the Static IP of our LightSail instance.

If we let the DNS propagate the changes for 5 minutes, typing origin.mydomain.com will direct us to our instance. But only HTTP will be supported.

4. LightSail Instance SSL Certificates.

Now that we have Route 53 configuration done for the LightSail instance, we need to install the SSL certificates to be able to have an SSL connection between our instance and Cloudfront. Step 3 is needed before we can generate certificates.

To do so, Go to LightSail-> Open your instance ->Click on the button Connect using SSH.

This will open a terminal, what we do next is execute this script from Bitnami to generate the SSL Certificates using Letsencrypt.

sudo /opt/bitnami/bncert-tool

once we execute it will ask us for the domains we want to generate a certificate on: We will type on a space-separated list the following

origin.mydomain.com www.mydomain.com mydomain.com

After the will ask if we want to include in the certificate www.origin.mydomain.com and we will type (n)

After it will ask if we want to set redirections from www-> origin and we will type (n) for all redirection questions.

We will answer yes to the last question.

We let the script do it job and we will have done the SSL certificate configuration for the Lighsail instance.

Now we should be able to type https://origin.mydomain.com

5. Create SSL certificates to be used with CloudFront.

Ok to do this part we need to go to Certificate Manage on the AWS console:

Once there we will click on the request for a new certificate.

Choose Request a public type certificate.

On the fully qualified domain, we will type mydomain.com and we will click on the button “Add another name to this certificate” and add www.mydomain.com. We need a certificate that supports multiple subdomains because CloudFront only accepts one certificate and we want our distribution to serve both https://mydomain.com and https://www.mydomain.com

On the validation, method select DNS validation.

We will click on the request button and we will go to the certificate List windows. Click on the refresh button and you will see your request with the pending state.

To be able to validate, click on the certificate ID link to go to the details page.
You will see a page like this.

On this page, we need to click on the Create records in Route 53 button, so the validation of ownership of the domain can be performed.

If you click on the button, you will go to this page:

Click on create. Wait a couple of minutes and refresh your certificate list page.

You should see the status of your certificate change from pending to Issued.

6. Create a CloudFront distribution with origin.mydomain.com as the origin.

To create your CloudFront distribution, you will need to go to the AWS console and search for CloudFront. The main page looks like this.

Click on create distribution:

On the origin, domain type your origin domain (in our case is origin.mydomain.com) and leave the rest with the default. Go to the Setting section of the page.
First, in the alternative domains add the www.mydomain.com so the distribution will work with the www subdomain.
Second, add the custom SSL certificate that we created in the previous section, which should be available in one of the options of the Combobox. This will allow the distribution to work with HTTPS.

Click on create. This should create a distribution with an origin and default behavior.

7. Add the WordPress recommended behaviors to our distribution.

To make the most of Cloudfront cache and make sure that all the site functions work properly we need to customize the behaviors of our distribution using the best practices recommended by AWS( Read more at https://docs.aws.amazon.com/whitepapers/latest/best-practices-wordpress/cloudfront-distribution-creation.html)

So we will proceed as follow:

a. Add Behaviors for static content

Static content is served in WordPress by these two paths :
wp-content/* and wp-includes/*
What we want is to allow Cloudfront to cache all of this content for us. To do so go to the detail page of your distribution, and click on the behavior tab. Once there you will see a Create Behavior Button.

Once click you will see the behavior setup page, where we need to configure it as follow:

First set up the path to wp-content/*.

Second set up the allow method, that in this case is just GET and HEAD and we allow HTTP and HTTPS.

Third set up cache headers, cookies, and query strings using the Legacy cache settings.

Click on save and we need to do the same for wp-includes/*

b.Add Behaviors for Dynamic Administrator pages

For the administrative pages, WordPress serves the content using these two paths: wp-admin/* and wp-login.php

So let's create a behavior for each one of these two paths with the following configuration.

First set up the path to wp-admin/*

Second set up the allow method, that in this case are all of the methods and we need to redirect all traffic to HTTPS to force the encryption.

Third Configure the cache for dynamic content using the Legacy cache settings and allowing all Headers, Query string, and cookies.

We need to do the same for the wp-login.php path.

c. Add Behavior for Dynamic Frontend

This is managed by the default behavior of the distribution. To config select the default behavior and click on edit.

First set up the allow method, that in this case are all of the methods and we need to redirect all traffic to HTTPS to force the encryption.

For the cache, these are the setting using the Legacy cache settings.
Headers : Host,CloudFront-Forwarded-Proto,CloudFront-Is-Mobile-Viewer,CloudFront-Is-Tablet-Viewer,CloudFront-Is-Desktop-Viewer
Query: All
Cookies: comment_*,wordpress_*,wp-settings-*

Now we are done with the distribution.

This table is a summary of the behaviors needed to get the WordPress distribution working correctly.

8. Set up Route 53 naked domain and www subdomain.

The last part is to configure Route 53 naked domain to point to the CloudFront distribution and create a CNAME entry for the subdomain www to forward traffic to the naked domain.

What is AWS Lightsail distribution?

How do I transfer my WordPress to Lightsail?

Can I host multiple websites on Lightsail?

Is Lightsail good for Web Hosting?