HakamRaza/1. Initial Server Setup

## 1. Initial Server Setup
/*
* Download .pem, connect SSH tunnel after set up Ubuntu instance.
* Open terminal and use following command
* This setup should more or less the same for any provider like DigitalOcean too.
*/

$ ssh -i "your_pem.pem" ubuntu@<your public dns>.compute.amazonaws.com

/*
* the following command may need root privilage
* better create new user with root privilage to do commands
* enter "sudo su" or add "sudo" for individually to each command
*/

########## Setup Uncomplicated Firewall (UFW) ##########

$ sudo ufw allow OpenSSH
$ sudo ufw enable

## 2. Setup Server Components
########## Setup Nginx ##########

$ sudo apt update
$ sudo apt install nginx
$ sudo ufw allow 'Nginx HTTP'

/*
* Modify instance security group Inbound Rules to allow HTTP - Anywhere 0.0.0.0/0
* Check for server nginx success setup by opening your aws server DNS/ip , should get Nginx Welcome page
* also can get public ip set by use command below
*/

$ ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'
(browser) http://<aws public DNS or IP>


########## Set Up MySQL ##########

$ sudo apt install mysql-server

/*
* setup mysql credentials
* setup mysql connection to use password (will be used to login mysql)
* if got stuck loop setting root password, skip this first by Ctrl+C at confirm password question.
* like this "Do you wish to continue with the password provided?(Press y|Y for Yes, any other key for No) : ^C"
* DON'T miss the ";" at the end of every sql command
*/

$ sudo mysql_secure_installation

setup VALIDATE PASSWORD plugin? - y
three levels of password validation policy: 0 (since for test deploy)
New password: <follow the policy, if 0 then 8 char>
Re-enter new password: <follow the policy, if 0 then 8 char>
next others - y

$ sudo mysql
mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;
mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '<your mysql password previously >';
mysql> FLUSH PRIVILEGES;

/*
* repeat "sudo mysql_secure_installation" if skip previously
* Check root is using 'mysql_native_password plugin
*/
mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;
mysql> exit

/*
* next time, to enter mysql, different command is use since using native plugin
*/

$ mysql -u root -p


########## Setup PHP (using PHP 8.1) ##########

$ sudo apt update
$ sudo add-apt-repository universe
$ sudo apt install php-fpm php-mysql
$ sudo apt install php-mbstring php-xml php-bcmath
$ sudo apt-get install php8.1 libapache2-mod-php8.1 php8.1-common php8.1-gd php8.1-mysql php8.1-curl php8.1-intl php8.1-xsl php8.1-mbstring php8.1-zip php8.1-bcmath php8.1-soap php-xdebug php-imagick


########## Test PHPInfo Page File (inside var/www/html/) ##########

/*
* we need to unlink default server block to serve the phpinfo file
* as temporary linking. In serving Laravel project, you may need to configure server block again
* in this case we using myApp server block to serve the php file same as serving Laravel
*/

$ sudo nano /etc/nginx/sites-available/myApp
- change to: (refer to Sites-Available Sample Config File below)
- change root to '/var/www/html' instead of '/var/www/myApp/public;'
$ sudo unlink /etc/nginx/sites-enabled/default
- unlink default server block
$ sudo ln -s /etc/nginx/sites-available/myApp /etc/nginx/sites-enabled/
$ sudo nginx -t
$ sudo systemctl reload nginx

$ sudo nano /var/www/html/info.php
- add "<?php phpinfo(); ?>
- (browser) open http://<aws public DNS or IP>/info.php
- should get php info config details file
- remove this file since it contain sesitive data afterwards

$ sudo rm /var/www/html/info.php

## 3. Serving Laravel
/*
* each project will be serve inside folder in /var/www
* eg: in the example "myApp" laravel project will be use
*/

########## Install Composer ##########

$ sudo apt update
$ sudo apt install php-cli unzip
$ cd ~
$ curl -sS https://getcomposer.org/installer -o /tmp/composer-setup.php
$ HASH=`curl -sS https://composer.github.io/installer.sig`
$ php -r "if (hash_file('SHA384', '/tmp/composer-setup.php') === '$HASH') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
$ sudo php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer
$ composer
- should get composer help page


########## Create New Laravel Project  ##########

$ cd /var/www/
$ sudo composer create-project --prefer-dist laravel/laravel myApp
$ sudo chown -R www-data.www-data /var/www/myApp/storage
$ sudo chown -R www-data.www-data /var/www/myApp/bootstrap/cache


########## OR git Clone Existing Project ##########

$ cd /var/www/
$ sudo git clone <github repo link>
- username: your username
- paswword: key in profile Auth token generated
$ composer install
$ sudo chown -R www-data.www-data /var/www/repoApp/storage
$ sudo chown -R www-data.www-data /var/www/repoApp/bootstrap/cache


########## Setup Schema Database to Use for Laravel ##########

$ mysql -u root -p
- key in password root
mysql> CREATE DATABASE myApp_db;
mysql> SHOW DATABASES;
mysql> exit
- you can also set up different login user instead of root for login mysql


########## Setup Database ENV Laravel ##########

$ sudo nano /var/www/myApp/.env
APP_URL=http://localhostcls
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=myApp_db
DB_USERNAME=root
DB_PASSWORD=<root user password>


########## Deploy to Nginx ##########

$ sudo nano /etc/nginx/sites-available/myApp
- change to: (refer to Sites-Available Sample Config File below)
- make sure root is'/var/www/myApp/public;'
$ sudo unlink /etc/nginx/sites-enabled/default
- unlink default server block
$ sudo unlink /etc/nginx/sites-enabled/myApp
- unlink myApp, reset block if already existed
$ sudo ln -s /etc/nginx/sites-available/myApp /etc/nginx/sites-enabled/
$ sudo nginx -t
$ sudo systemctl reload nginx
- (browser) open http://<aws public DNS or IP>
- should get Laravel Start Page

########################################################################################## END

## 4. Sites-Available Sample Config File
server {
  listen 80;
  root /var/www/myApp/public;
  server_name myApp;

  add_header X-Frame-Options "SAMEORIGIN";
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Content-Type-Options "nosniff";

  index index.html index.htm index.php;

  charset utf-8;

  location / {
      try_files $uri $uri/ /index.php?$query_string;
  }

  location = /favicon.ico { access_log off; log_not_found off; }
  location = /robots.txt  { access_log off; log_not_found off; }

  error_page 404 /index.php;

  location ~ \.php$ {
      fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
      include fastcgi_params;
  }

  location ~ /\.(?!well-known).* {
      deny all;
  }
}

## 5. General Commands
######### Ubuntu Console ##########

// up one level
$ cd ..

// go to home directory
$ cd ~

// go to root
$ cd /

// check nginx config ok
$ sudo nginx -t

// check ubuntu version
$ lsb_release -a

// show nginx error log
$ sudo tail -30 /var/log/nginx/error.log

// reload nginx
$ sudo systemctl reload nginx

// load file read-only
$ cat fileName

// remove file
$ rm fileName

// remove directory
$ rm -rf dirName

// update packages
$ sudo apt update

// mysql login root (using native)
$ mysql -u root -p

// mysql login root (using socket)
$ mysql


#######// Laravel (inside project folder) ##########

// clear config cache
$ php artisan config:clear

// clear route cache, if change route files
$ php artisan route:clear

// clear cache
$ php artisan cache:clear


######### MySQL Console ##########

// exit
mysql> exit

// create new database
mysql> CREATE DATABASE new_database_name;

// list all database
mysql>  SHOW DATABASES;
	/*
	* Download .pem, connect SSH tunnel after set up Ubuntu instance.
	* Open terminal and use following command
	* This setup should more or less the same for any provider like DigitalOcean too.
	*/

	$ ssh -i "your_pem.pem" ubuntu@<your public dns>.compute.amazonaws.com

	/*
	* the following command may need root privilage
	* better create new user with root privilage to do commands
	* enter "sudo su" or add "sudo" for individually to each command
	*/

	########## Setup Uncomplicated Firewall (UFW) ##########

	$ sudo ufw allow OpenSSH
	$ sudo ufw enable
	########## Setup Nginx ##########

	$ sudo apt update
	$ sudo apt install nginx
	$ sudo ufw allow 'Nginx HTTP'

	/*
	* Modify instance security group Inbound Rules to allow HTTP - Anywhere 0.0.0.0/0
	* Check for server nginx success setup by opening your aws server DNS/ip , should get Nginx Welcome page
	* also can get public ip set by use command below
	*/

	$ ip addr show eth0 \| grep inet \| awk '{ print $2; }' \| sed 's/\/.*$//'
	(browser) http://<aws public DNS or IP>


	########## Set Up MySQL ##########

	$ sudo apt install mysql-server

	/*
	* setup mysql credentials
	* setup mysql connection to use password (will be used to login mysql)
	* if got stuck loop setting root password, skip this first by Ctrl+C at confirm password question.
	* like this "Do you wish to continue with the password provided?(Press y\|Y for Yes, any other key for No) : ^C"
	* DON'T miss the ";" at the end of every sql command
	*/

	$ sudo mysql_secure_installation

	setup VALIDATE PASSWORD plugin? - y
	three levels of password validation policy: 0 (since for test deploy)
	New password: <follow the policy, if 0 then 8 char>
	Re-enter new password: <follow the policy, if 0 then 8 char>
	next others - y

	$ sudo mysql
	mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;
	mysql> ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '<your mysql password previously >';
	mysql> FLUSH PRIVILEGES;

	/*
	* repeat "sudo mysql_secure_installation" if skip previously
	* Check root is using 'mysql_native_password plugin
	*/
	mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;
	mysql> exit

	/*
	* next time, to enter mysql, different command is use since using native plugin
	*/

	$ mysql -u root -p


	########## Setup PHP (using PHP 8.1) ##########

	$ sudo apt update
	$ sudo add-apt-repository universe
	$ sudo apt install php-fpm php-mysql
	$ sudo apt install php-mbstring php-xml php-bcmath
	$ sudo apt-get install php8.1 libapache2-mod-php8.1 php8.1-common php8.1-gd php8.1-mysql php8.1-curl php8.1-intl php8.1-xsl php8.1-mbstring php8.1-zip php8.1-bcmath php8.1-soap php-xdebug php-imagick


	########## Test PHPInfo Page File (inside var/www/html/) ##########

	/*
	* we need to unlink default server block to serve the phpinfo file
	* as temporary linking. In serving Laravel project, you may need to configure server block again
	* in this case we using myApp server block to serve the php file same as serving Laravel
	*/

	$ sudo nano /etc/nginx/sites-available/myApp
	- change to: (refer to Sites-Available Sample Config File below)
	- change root to '/var/www/html' instead of '/var/www/myApp/public;'
	$ sudo unlink /etc/nginx/sites-enabled/default
	- unlink default server block
	$ sudo ln -s /etc/nginx/sites-available/myApp /etc/nginx/sites-enabled/
	$ sudo nginx -t
	$ sudo systemctl reload nginx

	$ sudo nano /var/www/html/info.php
	- add "<?php phpinfo(); ?>
	- (browser) open http://<aws public DNS or IP>/info.php
	- should get php info config details file
	- remove this file since it contain sesitive data afterwards

	$ sudo rm /var/www/html/info.php
	/*
	* each project will be serve inside folder in /var/www
	* eg: in the example "myApp" laravel project will be use
	*/

	########## Install Composer ##########

	$ sudo apt update
	$ sudo apt install php-cli unzip
	$ cd ~
	$ curl -sS https://getcomposer.org/installer -o /tmp/composer-setup.php
	$ HASH=`curl -sS https://composer.github.io/installer.sig`
	$ php -r "if (hash_file('SHA384', '/tmp/composer-setup.php') === '$HASH') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
	$ sudo php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer
	$ composer
	- should get composer help page


	########## Create New Laravel Project ##########

	$ cd /var/www/
	$ sudo composer create-project --prefer-dist laravel/laravel myApp
	$ sudo chown -R www-data.www-data /var/www/myApp/storage
	$ sudo chown -R www-data.www-data /var/www/myApp/bootstrap/cache


	########## OR git Clone Existing Project ##########

	$ cd /var/www/
	$ sudo git clone <github repo link>
	- username: your username
	- paswword: key in profile Auth token generated
	$ composer install
	$ sudo chown -R www-data.www-data /var/www/repoApp/storage
	$ sudo chown -R www-data.www-data /var/www/repoApp/bootstrap/cache


	########## Setup Schema Database to Use for Laravel ##########

	$ mysql -u root -p
	- key in password root
	mysql> CREATE DATABASE myApp_db;
	mysql> SHOW DATABASES;
	mysql> exit
	- you can also set up different login user instead of root for login mysql


	########## Setup Database ENV Laravel ##########

	$ sudo nano /var/www/myApp/.env
	APP_URL=http://localhostcls
	DB_CONNECTION=mysql
	DB_HOST=127.0.0.1
	DB_PORT=3306
	DB_DATABASE=myApp_db
	DB_USERNAME=root
	DB_PASSWORD=<root user password>


	########## Deploy to Nginx ##########

	$ sudo nano /etc/nginx/sites-available/myApp
	- change to: (refer to Sites-Available Sample Config File below)
	- make sure root is'/var/www/myApp/public;'
	$ sudo unlink /etc/nginx/sites-enabled/default
	- unlink default server block
	$ sudo unlink /etc/nginx/sites-enabled/myApp
	- unlink myApp, reset block if already existed
	$ sudo ln -s /etc/nginx/sites-available/myApp /etc/nginx/sites-enabled/
	$ sudo nginx -t
	$ sudo systemctl reload nginx
	- (browser) open http://<aws public DNS or IP>
	- should get Laravel Start Page

	########################################################################################## END
	server {
	listen 80;
	root /var/www/myApp/public;
	server_name myApp;

	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Content-Type-Options "nosniff";

	index index.html index.htm index.php;

	charset utf-8;

	location / {
	try_files $uri $uri/ /index.php?$query_string;
	}

	location = /favicon.ico { access_log off; log_not_found off; }
	location = /robots.txt { access_log off; log_not_found off; }

	error_page 404 /index.php;

	location ~ \.php$ {
	fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
	include fastcgi_params;
	}

	location ~ /\.(?!well-known).* {
	deny all;
	}
	}
	######### Ubuntu Console ##########

	// up one level
	$ cd ..

	// go to home directory
	$ cd ~

	// go to root
	$ cd /

	// check nginx config ok
	$ sudo nginx -t

	// check ubuntu version
	$ lsb_release -a

	// show nginx error log
	$ sudo tail -30 /var/log/nginx/error.log

	// reload nginx
	$ sudo systemctl reload nginx

	// load file read-only
	$ cat fileName

	// remove file
	$ rm fileName

	// remove directory
	$ rm -rf dirName

	// update packages
	$ sudo apt update

	// mysql login root (using native)
	$ mysql -u root -p

	// mysql login root (using socket)
	$ mysql


	#######// Laravel (inside project folder) ##########

	// clear config cache
	$ php artisan config:clear

	// clear route cache, if change route files
	$ php artisan route:clear

	// clear cache
	$ php artisan cache:clear


	######### MySQL Console ##########

	// exit
	mysql> exit

	// create new database
	mysql> CREATE DATABASE new_database_name;

	// list all database
	mysql> SHOW DATABASES;