Skip to content

Instantly share code, notes, and snippets.

@ErxrilOwl

ErxrilOwl/laravel_ubuntu_deploy.md

Last active July 1, 2024 14:24
Show Gist options
  • Save ErxrilOwl/b0b82a09c7fae99de14c88898282d8d4 to your computer and use it in GitHub Desktop.
Save ErxrilOwl/b0b82a09c7fae99de14c88898282d8d4 to your computer and use it in GitHub Desktop.
Download ZIP
Deployment Guide to Laravel - Ubuntu
Raw
laravel_ubuntu_deploy.md

Deployment Guide to Laravel - Ubuntu

Setup Firewall

  • View all available firewall settings
  • sudo ufw app list
  • Allow on OpenSSH so we don't get locked out
  • sudo ufw allow OpenSSH
  • Enable Firewall
  • sudo ufw enable
  • Check the status
  • sudo ufw status

Install Linux, Nginx, MySQL, PHP and Other dependencies

Nginx

  • sudo apt update
  • sudo apt install nginx enter Y to install
  • sudo ufw app list
  • sudo ufw allow 'Nginx HTTP' to add NGINX
  • sudo ufw status
  • Visit server in browser

MySQL

  • sudo apt install mysql-server enter Y to install
  • sudo mysql
  • ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'your_root_password_here';
  • Type exit after the ALTER USER command
  • sudo mysql_secure_installation to run automated securing script
  • Press N for VALIDATE PASSWORD plugin
  • Set root password
  • Remove anonymous users? Y
  • Disallow root login remotely? N
  • Remove test database and access to it? Y
  • Reload privilege tables now? Y
  • sudo mysql to enter MySQL CLI
  • SELECT user,authentication_string,plugin,host FROM mysql.user; to verify root user's auth method
  • ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'STRONG_PASSWORD_HERE'; to set a root password
  • SELECT user,authentication_string,plugin,host FROM mysql.user; to verify root user's auth method
  • FLUSH PRIVILEGES; to apply all changes
  • mysql -u root -p to access db from now on, enter password STRONG_PASSWORD_HERE

PHP

  • sudo apt update
  • sudo apt install php8.1-fpm
  • sudo apt install php8.1-common php8.1-mysql php8.1-xml php8.1-xmlrpc php8.1-curl php8.1-gd php8.1-imagick php8.1-cli php8.1-dev php8.1-imap php8.1-mbstring php8.1-opcache php8.1-soap php8.1-zip php8.1-redis php8.1-intl -y
  • Optional
  • sudo vim /etc/php/8.1/fpm/php.ini
  • upload_max_filesize = 32M post_max_size = 48M memory_limit = 256M max_execution_time = 600 max_input_vars = 3000 max_input_time = 1000
  • sudo service php8.1-fpm restart

Other dependencies

  • sudo apt-get install composer unzip

Project Setup

  • cd /var/www/
  • `git clone REPO_URL
  • cd to cloned project
  • cp .env.example .env
  • vim .env and edit the file
  • composer install
  • php artisan migrate
  • php artisan key:generate to generate the key
  • sudo chgrp -R www-data storage bootstrap/cache fix permissions
  • sudo chmod -R ug+rwx storage bootstrap/cache fix permissions
  • sudo chmod -R 755 /var/www/PROJECT_FOLDER fix permissions
  • chmod -R o+w /var/www/PROJECT_FOLDER/storage/ fix permission
  • chmod -R o+w /var/www/PROJECT_FOLDER/storage/* fix permission
  • sudo vim /etc/nginx/sites-available/YOUR.DOMAIN.COM
  • sudo ln -s /etc/nginx/sites-available/YOUR.DOMAIN.COM /etc/nginx/sites-enabled/ to create symlink to enabled sites
  • sudo unlink /etc/nginx/sites-enabled/default
server {
    listen 80;
    listen [::]:80;

    root /var/www/html/PROJECT_FOLDER/public;
    index index.php index.html index.htm index.nginx-debian.html;

    server_name YOUR.DOMAIN.COM;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
    }

    location ~ /\.ht {
            deny all;
    }
}
  • sudo nginx -t
  • sudo systemctl reload nginx
  • sudo systemctl status apache2
  • sudo systemctl is-enabled apache2
  • sudo systemctl disable apache2
  • sudo systemctl stop apache2
  • sudo apt remove apache2

Free SSL with Let's Encrypt

  • sudo add-apt-repository ppa:certbot/certbot to get repo
  • sudo apt install python-certbot-nginx to install
  • sudo certbot certonly --webroot --webroot-path=/var/www/PROJECT_FOLDER/public -d YOUR_DOMAIN.com -d www.YOUR_DOMAIN.com
  • sudo vim /etc/nginx/sites-available/YOUR.DOMAIN.COM
server {
    listen 80;
    listen [::]:80;

    server_name YOUR.DOMAIN.COM;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name YOUR.DOMAIN.COM;
    root /var/www/PROJECT_FOLDER/public;

    ssl_certificate /etc/letsencrypt/live/YOUR.DOMAIN.COM/fullchain.pem;
	  ssl_certificate_key /etc/letsencrypt/live/YOUR.DOMAIN.COM/privkey.pem;
    
    ssl_protocols TLSv1.2;
	  ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
	  ssl_prefer_server_ciphers on;

	  add_header X-Frame-Options "SAMEORIGIN";
	  add_header X-XSS-Protection "1; mode=block";
	  add_header X-Content-Type-Options "nosniff";

	  index index.php index.html index.htm index.nginx-debian.html;

    charset utf-8;

    location / {
            try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
    }

    location ~ /\.ht {
            deny all;
    }

    location ~ /.well-known {
            allow all;
    }
}
  • sudo nginx -t
  • sudo ufw app list For firewall
  • sudo ufw allow 'Nginx HTTPS' to add NGINX
  • sudo ufw status to verify change
  • sudo systemctl reload nginx

Others

Credits

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment