moktar
9/27/2019 - 5:48 PM
Deployment Guide for Ubuntu Server from Scratch with Laravel
Deployment Guide for Ubuntu Server from Scratch with Laravel
title: Setting Up Laravel in Ubuntu / DigitalOcean keywords: servers, laravel, coderstape, coder's tape description: Let's take a look at settting up a server from scratch for Laravel. date: April 1, 2019 tags: servers, laravel permalink: setting-up-laravel-in-ubuntu-digitalocean img: https://coderstape.com/storage/uploads/GZTXUbyGum2xeUZM9qBD5aPv8EKLwG3C8RGcRon4.jpeg author: Victor Gonzalez authorlink: https://github.com/vicgonvt
In this post, we are looking at the steps necessary to create an Ubuntu droplet in DigitalOcean from scratch. This is the companion guide to the video series in Laravel 5.8 from scrath. Follow along with those to get the video guide.
Part 1 https://coderstape.com/lesson/112-deployment-basic-server-setup-part-1
Part 2 https://coderstape.com/lesson/113-deployment-basic-server-setup-part-2
Part 3 https://coderstape.com/lesson/114-deployment-basic-server-setup-part-3
Getting Started
- Create droplet with Ubuntu 18.10
ssh root@[DROPLET IP ADDRESS]- Get password from your email
- Change password on first login
adduser laravel- Enter password and other information
usermod -aG sudo laravel
Locking Down to SSH Key only (Extremely Important)
- In your local machine,
ssh-keygen - Generate a key, if you leave passphrase blank, no need for password
ls ~/.sshto show files in local machine- Get the public key,
cat ~/.ssh/id_rsa.pub - Copy it
cd ~/.sshandvim authorized_keys- Paste key
- Repeat steps for laravel user
su laravelthenmkdir ~/.sshfix permissionschmod 700 ~/.sshvim ~/.ssh/authorized_keysand paste keychmod 600 ~/.ssh/authorized_keysto restrict this from being modifiedexitto return to root user
Disable Password from Server
sudo vim /etc/ssh/sshd_config- Find PasswordAuthentication and set that to
no - Turn on
PubkeyAuthentication yes - Turn off
ChallengeResponseAuthentication no - Reload the SSH service
sudo systemctl reload sshd - Test new user in a new tab to prevent getting locked out
Setting Up Firewall
- View all available firewall settings
sudo ufw app list- Allow on OpenSSH so we don't get locked out
sudo ufw allow OpenSSH- Enable Firewall
sudo ufw enable- Check the status
sudo ufw status
Install Linux, Nginx, MySQL, PHP
Nginx
sudo apt updateenter root passwordsudo apt install nginxenter Y to installsudo ufw app listFor firewallsudo ufw allow 'Nginx HTTP'to add NGINXsudo ufw statusto verify change- Visit server in browser
MySQL
sudo apt install mysql-serverenter Y to installsudo mysql_secure_installationto run automated securing script- Press N for VALIDATE PASSWORD plugin
- Set root password
- Remove anonymous users?
Y - Disallow root login remotely?
N - Remove test database and access to it?
Y - Reload privilege tables now?
Y sudo mysqlto enter MySQL CLISELECT user,authentication_string,plugin,host FROM mysql.user;to verify root user's auth methodALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'STRONG_PASSWORD_HERE';to set a root passwordSELECT user,authentication_string,plugin,host FROM mysql.user;to verify root user's auth methodFLUSH PRIVILEGES;to apply all changesmysql -u root -pto access db from now on, enter passwordSTRONG_PASSWORD_HERE
PHP & Basic Nginx
sudo add-apt-repository universeto add software reposudo apt install php-fpm php-mysqlto install the basic PHP softwaresudo vim /etc/nginx/sites-available/YOUR.DOMAIN.COM
server {
listen 80;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name YOUR.DOMAIN.COM;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
sudo ln -s /etc/nginx/sites-available/YOUR.DOMAIN.COM /etc/nginx/sites-enabled/to create symlink to enabled sitessudo unlink /etc/nginx/sites-enabled/defaultto remove default linksudo nginx -ttest the whole configsudo systemctl reload nginxto apply all changessudo vim /var/www/html/info.phpto start a new PHP file, fill it with <?php phpinfo();sudo rm /var/www/html/info.phpoptional command to get rid of test file
Let's Dial in The Laravel Ecosystem
sudo apt-get install php7.2-mbstring php7.2-xml composer unzipmysql -u root -pLogin to create the Laravel DBCREATE DATABASE laravel DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;GRANT ALL ON laravel.* TO 'laraveluser'@'localhost' IDENTIFIED BY 'password';FLUSH PRIVILEGES;exitcd /var/www/html,sudo mkdir -p first-projectsudo chown laravel:laravel first-projectgit clone https://github.com/coderstape/laravel-58-from-scratch.git .composer installcp .env.example .env, and thenvim .env
APP_NAME=Laravel
APP_ENV=production
APP_KEY=
APP_DEBUG=false
APP_URL=http://YOUR.DOMAIN.COM
LOG_CHANNEL=stack
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=root
DB_USERNAME=laravel
DB_PASSWORD=STRONG_PASSWORD_HERE
php artisan migratephp artisan key:generateto generate the keysudo chgrp -R www-data storage bootstrap/cachefix permissionssudo chmod -R ug+rwx storage bootstrap/cachefix permissionssudo chmod -R 755 /var/www/html/first-projectfix permissionschmod -R o+w /var/www/html/first-project/storage/fix permission
Modify Nginx
sudo vim /etc/nginx/sites-available/YOUR.DOMAIN.COM
server {
listen 80;
listen [::]:80;
root /var/www/html/first-project/public;
index index.php index.html index.htm index.nginx-debian.html;
server_name YOUR.DOMAIN.COM;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
sudo nginx -tsudo systemctl reload nginxreload Nginx
Let's Encrypt
sudo add-apt-repository ppa:certbot/certbotto get reposudo apt install python-certbot-nginxto installsudo certbot certonly --webroot --webroot-path=/var/www/html/quickstart/public -d example.com -d www.example.comsudo certbot certonly --webroot --webroot-path=/var/www/html/first-project/public -d YOUR.DOMAIN.COM
Final mod for Nginx
sudo vim /etc/nginx/sites-available/YOUR.DOMAIN.COM
server {
listen 80;
listen [::]:80;
server_name YOUR.DOMAIN.COM;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name YOUR.DOMAIN.COM;
root /var/www/html/first-project/public;
ssl_certificate /etc/letsencrypt/live/YOUR.DOMAIN.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOUR.DOMAIN.COM/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.php index.html index.htm index.nginx-debian.html;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
}
sudo nginx -tsudo ufw app listFor firewallsudo ufw allow 'Nginx HTTPS'to add NGINXsudo ufw statusto verify changesudo systemctl reload nginxreload Nginx
Extra Credit
Let's make the prompt pretty
sudo apt-get install zshto install ZSHzsh --versionto confirm installwhereis zshto find out where it issudo usermod -s /usr/bin/zsh $(whoami)to make Zsh defaultsudo rebootto reapply all changes2to populate a default filesudo apt-get install powerline fonts-powerlineto install powerlinesudo apt-get install zsh-theme-powerlevel9kto install Themeecho "source /usr/share/powerlevel9k/powerlevel9k.zsh-theme" >> ~/.zshrcto enable the theme in your Zshrcexitand login again to see the new themesh -c "$(wget https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh -O -)"for Oh My Zshecho "source /usr/share/powerlevel9k/powerlevel9k.zsh-theme" >> ~/.zshrcto re-enable 9K