intel/intel-optimized-wordpress

Verified Publisher

By Intel Corporation

Updated almost 2 years ago

Image
Content Management System
Security

5.5K

Introduction

WordPress is the worldwide most popular and powerful open-source CMS for years, which is widely used by individual user as personal blog or small/medium corporation as full-fledged website building platform. The WordPress service software stack uses WordPress for content, PHP-FPM as server processes, Nginx as the web server, MariaDB* as the database.

The workpress service software stack is optimized with qat sw features which are only supported in the platforms starting with 3rd Generation Intel® Xeon® Scalable Processors family.

Docker Image

The workpress service software stack provides the following docker images:

  • wordpress5mt-wordpress-base: The image inherits from wordpress:php7.4-fpm which is the prebuilt image of the wordpress server software stack.
  • wordpress5mt-nginx-base: The image runs the NGINX reverse proxy, optimized with QAT.
  • wordpress5mt-maria-base: The image runs the Maria database, with pre-populated user blogging data.

Since this is a multi-container workpress service software stack, we must use Kubernetes to schedule the workpress service software stack execution. The helm scripts take the following configurations:

  • SYNC: Specify sync or async.
  • HTTPMODE: Specify http or https.
  • NSERVERS: Specify the number of server workers(FCGI processes for PHP) to spawn. This is optional. Default to the number of vCPUs available.
  • NGINX_WORKER_PROCESSES: Specify the Nginx worker number. Default to auto.
  • PROTOCOL: Specify the TLS version. This is optional. Default to TLSv1.2.
  • CIPHER: Specify the cipher. Default to ECDHE-RSA-AES128-GCM-SHA256.
  • CURVE: Specify the curve to be used by the server when doing key exchanges. Supported values are secp384r1, prime256v1, X25519. This optional. Default to X25519.
  • CERT: Specify the cert. It represents the authentication mechanism specifying how the certificate presented by the server to the client is signed. Supported values are secp384r1, prime256v1, rsa2048, rsa3072, rsa4096. For RSA cipher, the user is required to overwrite default value by a value containing rsa. Default to rsa2048.
  • MARIADB_CONFIG: Specify the configuration used by MariaDB. Supported values are my.cnf, bkm1.cnf and bkm2.cnf. If nothing is specified, it will be chosen automatically based on the numa node count.
  • QUERY_CACHE_TYPE: Specify 0 or OFF, 1 or ON, 2 or DEMAND, This is optional mariaDB tunable parameter. If not specified, use the default value in the maria config file.
  • QUERY_CACHE_SIZE: Specify the query cache size, such as 64M, This is optional. If not specified, use the default value in the maria config file.
  • QUERY_CACHE_LIMIT:Specify the query cache limit, such as 128k, This is optional. If not specified, use the default value in the maria config file.
  • TABLE_OPEN_CACHE: Specify the table cache limit in integer. This is optional. Default to 512.
  • KEY_BUFFER_SIZE: Specify the key buffer size. This is optional. Default to 384M.
  • THREAD_STACK: Specify the thread stack. This is optional. Default to 192K.
  • INNODB_BUFFER_POOL_INSTANCES: Specify the innodb buffer pool instances in integer, This is optional. If not specified, use the default value in the maria config file.
  • INNODB_THREAD_CONCURRENCY: Specify the innodb thread concurrency in interger. This is is optional. If not specified, use the default value in the maria config file.
Docker Build Images
  • Wordpress Image
docker build --build-arg http_proxy=$http_proxy --build-arg https_proxy=$https_proxy --build-arg no_proxy=$no_proxy -f Dockerfile.2.wordpress -t wordpress5mt-wordpress-base .
  • Nginx Image
docker build --build-arg http_proxy=$http_proxy --build-arg https_proxy=$https_proxy --build-arg no_proxy=$no_proxy -f Dockerfile.2.nginx -t wordpress-nginx-base .
  • Mariadb Image
docker build --build-arg http_proxy=$http_proxy --build-arg https_proxy=$https_proxy --build-arg no_proxy=$no_proxy -f Dockerfile.2.maria -t wordpress5mt-maria-base .
How to Use the Image

Prepare the accesable

  • Mariadb Image
sudo docker run --privileged --cap-add=ALL --net host -e MARIADB_ALLOW_EMPTY_ROOT_PASSWORD="yes" -e MYSQL_DATABASE="wp_bench" -e MYSQL_USER="wp_bench" -e MYSQL_PASSWORD="wp_bench" -e MYSQL_ALLOW_EMPTY_PASSWORD="yes" wordpress5mt-maria-base:latest
  • Wordpress Image
sudo docker run --privileged --cap-add=ALL --net host -v /var/www/html:/var/www/html -e WORDPRESS_DB_HOST="127.0.0.1" -e WORDPRESS_DB_USER="wp_bench" -e WORDPRESS_DB_PASSWORD="wp_bench" -e WORDPRESS_DB_NAME="wp_bench" -e WORDPRESS_DEBUG="true" -e DISABLE_WP_CRON="true" wordpress5mt-wordpress-base:latest
  • Nginx Image
sudo docker run --privileged --cap-add=ALL --net host -v /var/www/html:/var/www/html -e SYNC="async" -e PROTOCOL="TLSv1.3" -e CIPHER="TLS_AES_256_GCM_SHA384" -e CURVE="X25519" -e NGINX_WORKER_PROCESSES="auto" wordpress-nginx-base:latest

Open the browser on the local machine with https://127.0.0.1 to access the example web site. Change the web site content and configuration parameters under foler /var/www/html. Refer to WordPress official web site and get the manual of the configuration and administrator guidence.

Hugepage Setup

Workpress service software stack require to use hugepages must specify a HUGEPAGES for the docker images. The hugepage sizes supported under /sys/kernel/mm/hugepages.

System Setup

Setup hugepages through the kernel boot parameters, as follows:

Then reboot the machine for the hugepages to take effect.

For Ubuntu, you need to edit sudo vi /etc/default/grub by adding the number of huge pages to GRUB_CMDLINE_LINUX, like this:

GRUB_CMDLINE_LINUX="hugepagesz=1G hugepages=2"

Then you need to do sudo update-grub and reboot.

To verify changes you can use this cat /proc/meminfo | grep Huge.


Kubernetes only recognizes hugepages if they are preallocated through boot parameters.


Docker Pull Command

docker pull intel/intel-optimized-wordpress