Sail Knowledgebase

Working with Blueprints in Sail CLI

In this article you will learn what blueprints are in Sail CLI, how to apply them and how to write your own.

If you like Sail, don't forget to give us a star on GitHub!


Blueprints in Sail are YAML files, which define the environment, where the WordPress application is provisioned. This can include things like non-default plugins, themes, options, constants, as well as additional server software and configuration.

To apply a blueprint, run:

sail blueprint path/to/blueprint.yaml

You can apply a blueprint during init as well:

sail init --blueprint path/to/blueprint.yaml


Blueprints allow developers to define custom variables. Sail will either prompt for these variables, or look for them on the command line interface. For example:

  blogname: ${{ blogname }}

  name: blogname
  prompt: What is your site name
  option: --blogname
  default: Just another WordPress site

This will cause an interactive prompt when applying the blueprint, unless the value for that variable is passed in using the --blogname option on the command line:

sail blueprint path/to/blueprint.yaml --blogname="My New Blog"

Note: Some blueprints will create files and directories on your production server. It is highly recommend to sail download to make sure your working copy is in sync.

Writing a blueprint

As mentioned above, a blueprint is a YAML file, which can consist of one or more of the following sections:

  • plugins: install and activate plugins
  • themes: install and activate themes
  • options: define WordPress options
  • define: set constants in wp-config.php
  • fail2ban: install and configure bruteforce protection with fail2ban
  • postfix: install and configure an SMTP relay
  • dns: add DNS records for your domain
  • apt: add server software packages
  • vars: define variables to be used inside blueprints

Use the sample.yaml to learn about each of these sections.

Default blueprints

Sail ships with some sample and common blueprints, available in the blueprints directory:

  • fail2ban.yaml: This installs and configures fail2ban with the default sshd jail, as well as a few custom WordPress jails to protect against password bruteforce attacks and XML-RPC pingback flood attacks. It also includes a WordPress mu-plugin that logs auth and XML-RPC attempts to syslog.
  • postfix.yaml: Installs and configures a Postfix server to queue messages locally and relay them to an external SMTP service. Great for Mailgun, Gmail SMTP and other mail delivery services.
  • mailgun.yaml: A full Postifx configuration for Mailgun transactional e-mail service.
  • mailgun-dns.yaml: DNS validation for Mailgun.
  • gmail-dns.yaml: Add DNS records for Google Mail.
  • site-verification.yaml Add a TXT record for site verification in Google Search Console and other services.

If you need help applying an existing blueprint or writing your own, please visit our getting help section.