I Spun Up A Scalable WordPress Server Environment With Trellis And You Can Too

What Trellis Brings to WordPress Development

Trellis is a tool specifically designed to create WordPress web servers and deploy WordPress sites, developed by the same team behind Bedrock and Sage. The tool operates on the principle of infrastructure as code, using Ansible for configuration management to provision servers with everything needed for a production-ready WordPress installation.

Key Capabilities

• Automated Server Provisioning: Installs and configures PHP 8.3+, Nginx, MariaDB, and all required dependencies
• SSL Certificate Management: Automatic Let's Encrypt certificates with renewal handling
• Security Hardening: Configures fail2ban, ferm, and follows security best practices
• Zero-Downtime Deployments: Atomic deployment with instant rollback capability
• Environment Parity: Development, staging, and production use identical configurations

According to the official Trellis documentation, this approach eliminates the need for brittle Bash scripts and provides a structured, documented way to configure your server environment.

When your infrastructure is properly configured, you'll see measurable improvements in core web vitals that directly impact search rankings and user experience.

Prerequisites and System Requirements

Server Requirements

Trellis requires a bare Ubuntu 24.04 LTS server from a VPS or cloud provider. Shared or managed hosting environments are not compatible.

Minimum Specifications:

• Ubuntu 24.04 LTS (required)
• 1GB RAM minimum (2GB+ recommended)
• SSH access with public key authentication
• Root or sudo access

Compatible Providers:

• DigitalOcean
• AWS EC2
• Linode
• Vultr
• Any provider offering Ubuntu 24.04

As documented in the remote server setup guide, the minimum server specifications for a production WordPress site start with 1GB of RAM for basic sites, though 2GB or more provides better performance and headroom for traffic spikes.

Local Development Setup

The Trellis CLI provides Lima support for local development environments, ensuring your local setup mirrors production configuration without polluting your host operating system with dependencies. Our backend development team specializes in setting up these modern development workflows for clients requiring scalable WordPress solutions.

Configuration Deep Dive

Project Structure

A Trellis project organizes configuration into environments. The directory structure separates server configuration from application code while keeping them version-controlled together.

example.com/
├── trellis/ # Server configuration
│ ├── hosts/ # Environment inventory files
│ ├── group_vars/ # Environment-specific settings
│ └── ansible.cfg # Ansible configuration
└── site/ # Bedrock WordPress site
 └── web/
 ├── app/ # WordPress content (themes, plugins)
 └── wp/ # WordPress core

WordPress Site Configuration

Configure your WordPress installations in group_vars/<environment>/wordpress_sites.yml:

wordpress_sites:
 example.com:
 site_hosts:
 - canonical: example.com
 local_path: ../site
 repo: [email protected]:username/example.com.git
 branch: main
 ssl:
 enabled: true
 provider: letsencrypt
 cache:
 enabled: true

For a production site, you'll typically configure the canonical URL, optionally specify www redirects, define the git branch or tag to deploy from, and configure SSL with Let's Encrypt for automatic certificate management. As practitioners have documented in their implementation guides, this configuration format is declarative, describing the desired state of your site rather than imperative steps.

Security Configuration

SSH Key Management

Trellis relies on SSH keys for secure server access. Define authorized keys in group_vars/all/users.yml:

users:
 - name: web
 groups:
 - www-data
 keys:
 - https://github.com/username.keys
 - name: admin
 groups:
 - sudo
 keys:
 - https://github.com/username.keys

This centralized key management means key changes propagate to all servers when you re-provision, maintaining consistency across your infrastructure. As outlined in the remote server documentation, SSH public key authentication eliminates the risk of password brute-force attacks and simplifies the deployment process.

Ansible Vault for Sensitive Data

Encrypt sensitive configuration with Ansible Vault:

# Create encrypted vault file
ansible-vault create group_vars/production/vault.yml

# Edit encrypted vault
ansible-vault edit group_vars/production/vault.yml

# Deploy with vault password
ansible-playbook deploy.yml --ask-vault-pass

Vault contents include:

• Database passwords
• WordPress security salts
• SMTP credentials
• Any API keys needed by your site

By encrypting your vault files, you can safely version control sensitive data while maintaining security. Each environment should use unique passwords and salts to ensure that a compromise in one environment doesn't propagate to others. Implementing proper security configuration is essential for maintaining SEO performance as search engines increasingly prioritize secure sites.

Server Provisioning Process

Initial Server Setup

Before provisioning, ensure your server meets basic requirements:

1. Ubuntu 24.04 LTS installed
2. SSH access with public key authentication
3. Server hostname added to Trellis hosts file

Provisioning Command

# Provision production server
trellis provision production

# Re-provision after configuration changes
trellis provision production

# Provision with specific tags for faster execution
trellis provision production --tags users

What Trellis Installs

The provisioning process configures your server with:

• LEMP Stack: Linux, Nginx, MySQL (MariaDB), PHP 8.3+
• SSL/TLS: Let's Encrypt certificates with auto-renewal
• Caching: Memcached for object caching
• Security: fail2ban, ferm firewall rules
• Tools: Composer, WP-CLI, sSMTP

According to the Trellis documentation, provisioning is idempotent--it will only make changes necessary to bring the server to the desired state, making it safe to run multiple times.

Re-provisioning

As your needs evolve, you'll modify server configuration and apply those changes to running servers. Re-provisioning brings your server in line with your updated configuration without causing disruption. For efficiency, you can provision with specific tags to run only relevant roles. Teams implementing Trellis often find they can reduce their web development timeline significantly by eliminating manual server configuration.

Deployment Workflow

Zero-Downtime Deployments

Trellis implements atomic deployments that eliminate downtime:

1. Create Release Directory: New release directory is created
2. Clone Code: Specified git branch/tag is checked out
3. Install Dependencies: Composer and npm packages installed
4. Symlink Update: Current symlink points to new release
5. Cleanup: Old releases are cleaned up (kept by default)

This atomic switchover means visitors see either the old or new version, never an incomplete deployment. According to the official Trellis documentation, this approach ensures your site remains available throughout the deployment process.

Deployment Commands

# Deploy to staging
trellis deploy staging example.com

# Deploy to production
trellis deploy production example.com

# Rollback to previous release
trellis rollback production example.com

Rollback Capability

If a deployment introduces issues, instant rollback is available:

# Check deployment history
trellis rollback production example.com --list

# Rollback to previous version
trellis rollback production example.com

This rollback capability provides a safety net that encourages frequent, small deployments rather than large, risky changes. When combined with automated testing and continuous integration, this deployment workflow enables rapid iteration without sacrificing stability.

Sources

1. Roots.io: Installing Trellis for WordPress
2. Roots.io: Remote Server Setup for WordPress with Trellis
3. CSS-Tricks: I Spun up a Scalable WordPress Server Environment with Trellis
4. Kinsta: WordPress Development with Bedrock and Trellis