Deployment Process for Laravel On AWS

laravel_deployment.md

Deploying Laravel to AWS

Installing PHP

sudo apt update
sudo apt install software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt update
sudo apt-cache search php
sudo apt-get install -y php8.2-cli php8.2-common php8.2-fpm php8.2-mysql php8.2-zip php8.2-gd php8.2-mbstring php8.2-curl php8.2-xml php8.2-bcmath
# To Install other version
sudo apt-get install php7.4 php7.4-fpm
sudo apt-get install php7.4-mysql php7.4-mbstring php7.4-xml php7.4-gd php7.4-curl

To switch to different php versions

sudo update-alternatives --config php
# Choose the version and press enter
sudo php --version
# check active version
sudo apt-get remove php5.6-*
# Remove php version

Setting Up Mysql

sudo apt install mysql-server
sudo mysql
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'your-password';
exit
sudo mysql_secure_installation
sudo mysql -u root -p
ALTER USER 'root'@'localhost' IDENTIFIED WITH auth_socket;
CREATE USER 'example_user'@'%' IDENTIFIED WITH mysql_native_password BY 'password';
GRANT ALL ON *.* TO 'example_user'@'%';
FLUSH PRIVILEGES;

1. Edit the Inbound Security rules for the current ec2 isntance to allow TCP 3306 in order to connect our mysql locally. Set the type to Mysql and source to anywhere.

2. Connect with Mysql Workbench with Connection Method 'Standard TCP/IP Over SSH'.

3. Enter the IP Address, EC2 User, Mysql Username, Password and the private key in .pem format only.

Note: The Key should be in .pem format. Otherwise it won't connect.

Installing Composer

sudo apt install zip unzip
cd ~
curl -sS https://getcomposer.org/installer -o /tmp/composer-setup.php
HASH=`curl -sS https://composer.github.io/installer.sig`
echo $HASH
php -r "if (hash_file('SHA384', '/tmp/composer-setup.php') === '$HASH') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
sudo php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer
composer

Git SSH Check for existing ssh key

ls -al ~/.ssh
# Lists the files in your .ssh directory, if they exist
ssh-keygen -t ed25519 -C "your_email@example.com"
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519
ssh-keygen -t ed25519-sk -C "YOUR_EMAIL"
cat ~/.ssh/id_ed25519.pub
#Add the output to github ssh key
ssh -T git@github.com
# Test your ssh connection

Setting Up NGINX

sudo apt update
sudo apt install nginx -y
sudo mkdir /var/www/myproject
# Manage separate folders for each domain we add.
# Leave the default html folder.
sudo chown -R $USER:$USER /var/www/myproject
cd /var/www/myproject
git pull GITHUB_PROJECT_SSH_LINK
sudo chown -R www-data.www-data /var/www/myproject/storage
sudo chown -R www-data.www-data /var/www/myproject/bootstrap/cache
sudo nano /etc/nginx/sites-available/myproject

server {
    listen 80;
    server_name server_domain_or_IP;
    root /var/www/travellist/public;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}

sudo nginx -t
sudo systemctl reload nginx

Setting Up Lets Encrypt Certbot For SSL Certificate

sudo snap install core; sudo snap refresh core
sudo apt remove certbot
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot --nginx -d example.com -d www.example.com
# Check certbot auto-renewal script
sudo systemctl status snap.certbot.renew.service
sudo certbot renew --dry-run