๐ชฃ Bucket Structure
Single shared bucket: everydaytech-wordpress (Sydney region: syd1)
URL: https://everydaytech-wordpress.syd1.digitaloceanspaces.com
Directory Layout
everydaytech-wordpress/
โโโ performwritecom/
โ โโโ wp-content/
โ โโโ themes/
โ โโโ plugins/
โ โโโ uploads/
โโโ sfnm/
โ โโโ wp-content/
โโโ redheale/
โ โโโ wp-content/
โโโ path2ucom/
โ โโโ wp-content/
โโโ outdoor1/
โ โโโ wp-content/
โโโ murwillu/
โ โโโ wp-content/
โโโ murbahmowers/
โ โโโ wp-content/
โโโ laserxperts/
โ โโโ wp-content/
โโโ kandudeliveriesc/
โ โโโ wp-content/
โโโ corne582/
โโโ wp-content/
โ
Benefits
vs. 10 Separate Buckets
- Simplified Management
- One bucket to monitor
- One CDN configuration
- Centralized access control
- Cost Effective
- No per-bucket overhead
- Easier to track total usage
- Single billing line item
- Easier Security
- One set of access keys (or separate keys with folder-level permissions)
- Centralized bucket policies
- Simpler auditing
- Better Organization
- All WordPress sites in one place
- Easy to see total storage usage
- Consistent naming structure
๐ง Configuration
Environment Variables (Per Site)
Each App Platform app needs these variables:
# Shared bucket configuration
BUCKET_SITE_PATH=performwritecom # Site subdirectory name
BUCKET_ACCESS_KEY=DO003JUHBJDDCCF9D6MU # Shared or per-site key
BUCKET_SECRET_KEY=your_secret_key # Corresponding secret
# Database (already configured)
DB_HOST=wordpress-mysql-cluster-do-user-28531160-0.i.db.ondigitalocean.com
DB_PORT=25060
DB_NAME=performwritecom
DB_USER=performwritecom_user
DB_PASSWORD=xxxxx
BUCKET_SITE_PATH Values
performwritecom โ everydaytech-wordpress/performwritecom/
sfnm โ everydaytech-wordpress/sfnm/
redheale โ everydaytech-wordpress/redheale/
path2ucom โ everydaytech-wordpress/path2ucom/
outdoor1 โ everydaytech-wordpress/outdoor1/
murwillu โ everydaytech-wordpress/murwillu/
murbahmowers โ everydaytech-wordpress/murbahmowers/
laserxperts โ everydaytech-wordpress/laserxperts/
kandudeliveriesc โ everydaytech-wordpress/kandudeliveriesc/
corne582 โ everydaytech-wordpress/corne582/
๐ Deployment Flow
- Container starts โ Runs docker-init-v2.sh
- Download WordPress โ Fresh core from wordpress.org/latest.tar.gz
- Generate config โ wp-config.php from environment variables
- Sync to bucket โ Upload wp-content/ to everydaytech-wordpress/{BUCKET_SITE_PATH}/
- Start server โ Apache serves the site
๐ค Manual Upload Script
Upload all 10 sites to the shared bucket:
#!/bin/bash
# Upload all WordPress sites to shared bucket
export BUCKET_ACCESS_KEY="DO003JUHBJDDCCF9D6MU"
export BUCKET_SECRET_KEY="your_secret_key"
cd /tmp/wordpress-repos
SITES=(
"performwritecom"
"sfnm"
"redheale"
"path2ucom"
"outdoor1"
"murwillu"
"murbahmowers"
"laserxperts"
"kandudeliveriesc"
"corne582"
)
for site in "${SITES[@]}"; do
echo "Uploading $site..."
export BUCKET_SITE_PATH="$site"
cd "wordpress-${site}"
../wordpress-templates/sync-to-shared-bucket.sh upload
cd ..
echo "โ $site uploaded"
echo ""
done
echo "๐ All sites uploaded to everydaytech-wordpress bucket!"
๐ Security Options
Option 1: Shared Access Key (Current)
Simplest: One access key for all sites
- Access Key: DO003JUHBJDDCCF9D6MU
- All sites use same credentials
- Good for: Development, testing, trusted environments
Option 2: Separate Keys with Folder Permissions
More secure: One key per site with folder-level restrictions
DO Spaces supports bucket policies (S3-compatible):
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::ACCOUNT_ID:user/performwritecom-key"
},
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::everydaytech-wordpress/performwritecom/*"
}
]
}
Steps to implement:
- Create separate access keys for each site
- Apply bucket policy restricting each key to its folder
- Update App Platform env vars with site-specific keys
Option 3: CDN with Signed URLs
Most secure: Serve content through CDN with time-limited signed URLs
- Enable DigitalOcean CDN on bucket
- Generate signed URLs in WordPress (plugin or custom code)
- URLs expire after configured time
- Prevents direct linking/hotlinking
๐งช Testing
Test bucket access
export BUCKET_ACCESS_KEY="DO003JUHBJDDCCF9D6MU"
export BUCKET_SECRET_KEY="your_secret_key"
# Test connection
BUCKET_SITE_PATH=performwritecom ./sync-to-shared-bucket.sh test
# List files
BUCKET_SITE_PATH=performwritecom ./sync-to-shared-bucket.sh list
# Check size
BUCKET_SITE_PATH=performwritecom ./sync-to-shared-bucket.sh size
Test CDN delivery
# Direct URL (works if bucket is public)
curl -I https://everydaytech-wordpress.syd1.digitaloceanspaces.com/performwritecom/wp-content/themes/
# Should return: HTTP/1.1 200 OK
Test site loads wp-content from bucket
After deployment, check site source:
curl https://wordpress-performwritecom-7alzt.ondigitalocean.app | grep -o 'everydaytech-wordpress'
If configured for CDN delivery, theme/plugin URLs should point to bucket.
๐ Monitoring
View bucket contents
s3cmd ls s3://everydaytech-wordpress/ \
--host=syd1.digitaloceanspaces.com \
--host-bucket='%(bucket)s.syd1.digitaloceanspaces.com'
Check total bucket size
s3cmd du s3://everydaytech-wordpress/ \
--host=syd1.digitaloceanspaces.com
View per-site usage
for site in performwritecom sfnm redheale path2ucom outdoor1 murwillu murbahmowers laserxperts kandudeliveriesc corne582; do
echo "$site:"
s3cmd du s3://everydaytech-wordpress/$site/ --host=syd1.digitaloceanspaces.com
done
๐ Migration Steps
1. Upload wp-content to shared bucket
cd /home/cw/Documents/IBG_HUB/rmm-psa-devops/wordpress-templates
chmod +x sync-to-shared-bucket.sh
export BUCKET_ACCESS_KEY="DO003JUHBJDDCCF9D6MU"
export BUCKET_SECRET_KEY="your_secret_key"
cd /tmp/wordpress-repos
for site in performwritecom sfnm redheale path2ucom outdoor1 murwillu murbahmowers laserxperts kandudeliveriesc corne582; do
echo "Uploading $site..."
BUCKET_SITE_PATH="$site" ../rmm-psa-devops/wordpress-templates/sync-to-shared-bucket.sh upload
done
2. Update deployment scripts in repos
Copy new scripts to each repo:
cd /tmp/wordpress-repos
for repo in wordpress-*/; do
cp /home/cw/Documents/IBG_HUB/rmm-psa-devops/wordpress-templates/docker-init-v2.sh "$repo/.do/deploy.sh"
cp /home/cw/Documents/IBG_HUB/rmm-psa-devops/wordpress-templates/sync-to-shared-bucket.sh "$repo/"
chmod +x "$repo/.do/deploy.sh" "$repo/sync-to-shared-bucket.sh"
done
3. Update App Platform environment variables
For each app, add:
BUCKET_SITE_PATH=performwritecom
BUCKET_ACCESS_KEY=DO003JUHBJDDCCF9D6MU
BUCKET_SECRET_KEY=your_secret_key
4. Push repo changes and redeploy
cd /tmp/wordpress-repos
for repo in wordpress-*/; do
cd "$repo"
git add -A
git commit -m "Update to shared bucket architecture (everydaytech-wordpress)"
git push origin main
cd ..
done
5. Monitor deployments
doctl apps list
# Check each app deploys successfully
๐ CDN Configuration (Optional)
Enable CDN on the bucket for faster global delivery:
- Go to https://cloud.digitalocean.com/spaces
- Select everydaytech-wordpress
- Settings โ CDN
- Enable CDN
- Note the CDN URL (e.g., everydaytech-wordpress.syd1.cdn.digitaloceanspaces.com)
Update WordPress to serve assets from CDN:
- Install WP Offload Media plugin
- Or add custom WP_CONTENT_URL in wp-config.php
๐ Summary
Old architecture:
- 10 separate buckets: wordpress-{sitename}-content
- 10 bucket policies to manage
- 10 CDN configurations
- Higher complexity
New architecture:
- 1 shared bucket: everydaytech-wordpress
- Subdirectories per site: {sitename}/wp-content/
- Single bucket policy
- Simpler management
- Same security (folder-level permissions available)
- Already exists!
Next steps:
- Upload wp-content for all 10 sites
- Update env vars (BUCKET_SITE_PATH only!)
- Redeploy apps
- Test sites load correctly
1.14.0