Seperate Web users for each Wordpress site on Trellis

We often host multiple wordpress sites on the one trellis box which generally works well and means that we can have a box with more resources for them to share rather then each site having it’s own smaller instance.

The downside of this approach is that there is no isolation of users from one wordpress site to another.

I’m wondering if anyone has set trellis so it creates a seperate user and pool for each site. If not, does anyone see any downsides to doing this?

Here is a tutorial to do it manually from Digital Ocean: https://www.digitalocean.com/community/tutorials/how-to-host-multiple-websites-securely-with-nginx-and-php-fpm-on-ubuntu-14-04

If no one has done this with Ansible and Trellis then I’ll give it a go … unless there is some reason why it is a terrible idea :slight_smile:

No reason it can’t be done. The biggest change would be generate a new PHP-FPM pool for each site. We actually used to do that but stopped it when we also had HHVM.

You could dynamically create users based on each wordpress_sites key. You’ll want to take advantage of iterating over wordpress_sites like we do a lot of places.

Example: https://github.com/roots/trellis/blob/4a972f2351532338ce6803107904eb62732f558d/roles/wordpress-setup/tasks/main.yml#L9-L16

So you could either add a user variable to a wp site, or just create them based on the key/site name.