Posted on

How to configure Trellis for the production server

Once you have finished setting up a Trellis production server, let’s configure Trellis. These are recommended articles to refer.

We are going to manage entire configurations with git. This is probably one of the most useful aspects of Trellis. You can track all the changes on your website and easily upgrade, revert, and re-create the environments.
Since the repository contains sensitive server configurations, it should be stored in a private repository.
This example assumes that you create a private repo (REPO_NAME) on YOUR_GITHUB_USER_NAME account. To access the private repo, you may need to do this if you are on OXS:

Created your repository on Github then:

Now let’s start the configuration.
First, add the production address to the trellis. I specified IP address of the production server (PRODUCTION_IP_ADDRESS should be replaced by your own IP address). The official document says that you can also use the hostname.

Edit : /trellis/hosts/production

Next, the WordPress configurations.

Edit : trellis/group_vars/production/wordpress_sites.yml

In this example, I added one redirect rule which routes access to to Remove it if you don’t need it.

Then configure: trellis/group_vars/all/users.yml

Replace USER_NAME by the production user name which you created previously, and YOUR_GITHUB_USER_NAME by your github account.

Next, let’s configure passwords by following the official doc.

Basically you need to modify settings in these files:

  • trellis/group_vars/all/vault.yml
  • trellis/group_vars/development/vault.yml
  • trellis/group_vars/staging/vault.yml
  • trellis/group_vars/production/vault.yml

Change all the passwords, and also not to forget to change of each files to match to the domain name you specified in the corresponding wordpress_sites.yml

To protect the sensitive values, Trellis provides an encryption method called vault.

Here is the breakdown of the steps:

Hard-code the password in the .vault_pass file, save and exit, then:

also add the file to .gitignore NOT to commit to the repository.

Edit : /trellis/ansible.cfg

and finally encrypt the vault files.

Commit the changes, and merge to the master on the github.

Now you are almost ready to provision the production server. Just to final check that CNAME “www” of your domain ( is reachable. It is required to issue “Let’s Encrypt SSL” cert during the server provisioning process.

If everything is ready, go for it!

If all succeed, you will be able to access your production server.

Leave a Reply

Your email address will not be published. Required fields are marked *