While looking for personal projects to work on, I turned back to my blog. I’d been using WordPress for almost 20 years, but felt like it was time for something more modern, and more cost effective. After having played with Hugo in the past, I decided to give it a try. Back in 02019 I had migrated my site from a VPS to AWS LightSail. It was an interesting project, and I learned a lot while also lowering my monthly costs from about $10 to $5.
Initial Woes
I had my WordPress set to auto-update, but when I logged into the admin dashboard, I was greeted with a message that my site was out of date. The update WordPress to 6.7.1 had failed. After digging into this, I found out that the issue was an outdated version of PHP. I figured I would log into the server, update PHP, and then upgrade WordPress.
I logged into the server and was immediately greeted with a welcome to Ubuntu 16.04… I knew at that point I may be in trouble. I figured that the newer PHP version wasn’t available in such an older version of Ubuntu, so I upgraded to 18.04. However in doing so, my sshd config got corrupt and I was unable to login to my instance over SSH. It was still serving traffic over HTTP and HTTPS though, so my site was still up and I still had access to the admin functions.
Migrate to Hugo?
Looking at my options for migration, I found there were a few plugins that could handle the migration from WordPress to markdown. I tried a few, but each of them failed. I then found a few repositories that claimed to have a script that would migrate from WordPress to Hugo/Markdown, however when I tried them, they failed to handle the migration.
I figured at this point, it may be due to a WordPress version issue, so I took a snapshot of my LightSail instance, exported it to EC2, detatched the volume, and mounted it to a new instance. I fixed the sshd config, and was able to login again, however, I learned that given it was using a Bitnami WordPress image, it was not easy (or maybe even possible) to upgrade PHP. I ended up lauching a new LightSail instance and doing a WordPress AllInOne Migration from my old instance to the new.
After the migration, my export was able to be converted to Markdown using wordpress-export-to-markdown. I then tested locally using Hugo and found that the migration was successful, minus some minor formatting issues.
Infrastructure Buildout
It had been a while since I used Terraform, but have always enjoyed using it. I created a repo that built out the following:
Core AWS Services
S3 Buckets
Website Bucket
- Versioning enabled
- Lifecycle policy (180-day retention for old versions)
- Private access only
- Static website hosting configuration
Logs Bucket
- 180-day log retention
- CloudFront log delivery permissions
- Private access only
CloudFront
- Distribution with:
- HTTPS enforcement
- IPv6 enabled
- Custom domain support
- Price Class 100 (NA and Europe)
- URL rewriting for Hugo compatibility
- Security headers injection
- Custom error handling
WAF (Web Application Firewall)
- AWS Managed Rules Common Rule Set
- CloudWatch metrics enabled
- Customizable rule configuration
ACM (Certificate Manager)
- SSL/TLS certificate for custom domain
- DNS validation via Cloudflare
- Auto-renewal enabled
DNS & Security
Cloudflare Integration
- DNS records for:
- Website CNAME (CloudFront)
- ACM certificate validation
- Proxy disabled for direct CloudFront access
Security Features
- Security headers via CloudFront Functions:
- HSTS
- Content Security Policy
- XSS Protection
- Frame Options
- Referrer Policy
CI/CD Components
IAM Configuration
- GitHub Actions OIDC role
- S3 deployment permissions
- Specific repository access control
State Management
Backend Infrastructure
S3 bucket for state storage
- Versioning enabled
- Encryption enabled
- Public access blocked
DynamoDB table for state locking
- PAY_PER_REQUEST billing
- LockID primary key
Monitoring & Logging
- CloudFront access logs
- WAF metrics in CloudWatch
- S3 versioning for content tracking
Hugo deployment
I had created my infrastructure to test on a dev site in order to make sure everything was functional and that the original pages were formatted correctly. I then switched the original infra repo over to using my main site (https://kylemca.uliffe.com) and then updaed the Hugo repo as well.
The deployment is handled via GitHub Actions. The workflow is triggered by a push to the main branch. The workflow builds the Hugo site, and then uploads the site to the S3 bucket. The CloudFront distribution is then invalidated to ensure the new content is served.
Next Steps
I would like to dig more into things like SEO, analytics, and comments sections, as well as other things I stumble upon along the way. There are also a few static pages I’d like to add as well.
Conclusion
This was a fun project that allowed me to learn a lot about AWS, Hugo, and Terraform. I’m happy with the results and the cost savings (will update later on this, but given I don’t get much traffic, I am expecting it to be pretty significant).