Deployment Guide to Laravel - Ubuntu
View all available firewall settings
sudo ufw app list
Allow on OpenSSH so we don't get locked out
sudo ufw allow OpenSSH
Enable Firewall
sudo ufw enable
Check the status
sudo ufw status
Install Linux, Nginx, MySQL, PHP and Other dependencies
sudo apt update
sudo apt install nginx
enter Y to install
sudo ufw app list
sudo ufw allow 'Nginx HTTP'
to add NGINX
sudo ufw status
Visit server in browser
sudo apt install mysql-server
enter Y to install
sudo mysql
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'your_root_password_here';
Type exit
after the ALTER USER command
sudo mysql_secure_installation
to run automated securing script
Press N
for VALIDATE PASSWORD plugin
Set root password
Remove anonymous users? Y
Disallow root login remotely? N
Remove test database and access to it? Y
Reload privilege tables now? Y
sudo mysql
to enter MySQL CLI
SELECT user,authentication_string,plugin,host FROM mysql.user;
to verify root user's auth method
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'STRONG_PASSWORD_HERE';
to set a root password
SELECT user,authentication_string,plugin,host FROM mysql.user;
to verify root user's auth method
FLUSH PRIVILEGES;
to apply all changes
mysql -u root -p
to access db from now on, enter password STRONG_PASSWORD_HERE
sudo apt update
sudo apt install php8.1-fpm
sudo apt install php8.1-common php8.1-mysql php8.1-xml php8.1-xmlrpc php8.1-curl php8.1-gd php8.1-imagick php8.1-cli php8.1-dev php8.1-imap php8.1-mbstring php8.1-opcache php8.1-soap php8.1-zip php8.1-redis php8.1-intl -y
Optional
sudo vim /etc/php/8.1/fpm/php.ini
upload_max_filesize = 32M post_max_size = 48M memory_limit = 256M max_execution_time = 600 max_input_vars = 3000 max_input_time = 1000
sudo service php8.1-fpm restart
sudo apt-get install composer unzip
cd /var/www/
`git clone REPO_URL
cd to cloned project
cp .env.example .env
vim .env
and edit the file
composer install
php artisan migrate
php artisan key:generate
to generate the key
sudo chgrp -R www-data storage bootstrap/cache
fix permissions
sudo chmod -R ug+rwx storage bootstrap/cache
fix permissions
sudo chmod -R 755 /var/www/PROJECT_FOLDER
fix permissions
chmod -R o+w /var/www/PROJECT_FOLDER/storage/
fix permission
chmod -R o+w /var/www/PROJECT_FOLDER/storage/*
fix permission
sudo vim /etc/nginx/sites-available/YOUR.DOMAIN.COM
sudo ln -s /etc/nginx/sites-available/YOUR.DOMAIN.COM /etc/nginx/sites-enabled/
to create symlink to enabled sites
sudo unlink /etc/nginx/sites-enabled/default
server {
listen 80;
listen [::]:80;
root /var/www/html/PROJECT_FOLDER/public;
index index.php index.html index.htm index.nginx-debian.html;
server_name YOUR.DOMAIN.COM;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
sudo nginx -t
sudo systemctl reload nginx
sudo systemctl status apache2
sudo systemctl is-enabled apache2
sudo systemctl disable apache2
sudo systemctl stop apache2
sudo apt remove apache2
Free SSL with Let's Encrypt
sudo add-apt-repository ppa:certbot/certbot
to get repo
sudo apt install python-certbot-nginx
to install
sudo certbot certonly --webroot --webroot-path=/var/www/PROJECT_FOLDER/public -d YOUR_DOMAIN.com -d www.YOUR_DOMAIN.com
sudo vim /etc/nginx/sites-available/YOUR.DOMAIN.COM
server {
listen 80;
listen [::]:80;
server_name YOUR.DOMAIN.COM;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name YOUR.DOMAIN.COM;
root /var/www/PROJECT_FOLDER/public;
ssl_certificate /etc/letsencrypt/live/YOUR.DOMAIN.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOUR.DOMAIN.COM/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.php index.html index.htm index.nginx-debian.html;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
}
sudo nginx -t
sudo ufw app list
For firewall
sudo ufw allow 'Nginx HTTPS'
to add NGINX
sudo ufw status
to verify change
sudo systemctl reload nginx