benounnas/laravel-deployment-vps.md

## laravel-deployment-vps.md

      
    Raw
  

              laravel-deployment-vps.md
            
          
    Sign in and create git user


ssh root@IP
adduser git
usermod -aG sudo git

Set SSH keys

on local machine


ssh-keygen
ls ~/.ssh
cat ~/.ssh/id_rsa.pub

on VPS


cd ~/.ssh
vim authorized_keys paste public key
for other users you need to login to:
su git then mkdir ~/.ssh
fix permissions chmod 700 ~/.ssh?
vim ~/.ssh/authorized_keys paste public key
chmod 600 ~/.ssh/authorized_keys to restrict this from being modified?
exit to return to root user

disable password login if needed


sudo vim /etc/ssh/sshd_config
Find PasswordAuthentication and set that to no
Turn on PubkeyAuthentication yes
Turn off ChallengeResponseAuthentication no
Reload the SSH service sudo systemctl reload sshd
Test new user in a new tab to prevent getting locked out

LEMP


apt update
apt install nginx
apt install mysql-server
mysql_secure_installation
mysql
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'STRONG_PASSWORD_HERE';
FLUSH PRIVILEGES;
mysql -u root -p
apt install software-properties-common
add-apt-repository ppa:ondrej/php
apt update
apt install php7.4-fpm php7.4-common php7.4-mysql php7.4-xml php7.4-xmlrpc php7.4-curl php7.4-gd php7.4-imagick php7.4-cli php7.4-dev php7.4-imap php7.4-mbstring php7.4-opcache php7.4-soap php7.4-zip unzip -y
nano /etc/php/7.4/fpm/php.ini

upload_max_filesize = 32M 
post_max_size = 48M 
memory_limit = 256M 
max_execution_time = 600 
max_input_vars = 3000 
max_input_time = 1000


service php7.4-fpm restart
vim /etc/nginx/sites-available/YOUR.DOMAIN.COM paste:

server {
  listen 80;
  listen [::]:80;
  
  root /var/www/html/project/public;
  index index.php index.html index.htm index.nginx-debian.html;
  
  server_name YOUR.DOMAIN.COM;

  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }

  location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
  }

  location ~ /\.ht {
    deny all;
  }
}


sudo ln -s /etc/nginx/sites-available/YOUR.DOMAIN.COM /etc/nginx/sites-enabled/
sudo unlink /etc/nginx/sites-enabled/default
sudo nginx -t
sudo systemctl reload nginx

Laravel


apt install php7.4-mbstring php7.4-xml composer unzip
mysql -u root -p
CREATE DATABASE laravel DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
GRANT ALL ON laravel.* TO 'laraveluser'@'localhost' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
exit
cd /var/www/html/project
composer install
cp .env.example .env && vim .env
php artisan migrate
php artisan key:generate
sudo chgrp -R www-data storage bootstrap/cache
sudo chmod -R ug+rwx storage bootstrap/cache

SSL


sudo add-apt-repository ppa:certbot/certbot
sudo apt install python-certbot-nginx
sudo certbot certonly --webroot --webroot-path=/var/www/html/quickstart/public -d example.com -d www.example.com
sudo certbot certonly --webroot --webroot-path=/var/www/html/first-project/public -d YOUR.DOMAIN.COM

server {
    listen 80;
    listen [::]:80;

    server_name YOUR.DOMAIN.COM;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name YOUR.DOMAIN.COM;
    root /var/www/html/first-project/public;

    ssl_certificate /etc/letsencrypt/live/YOUR.DOMAIN.COM/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/YOUR.DOMAIN.COM/privkey.pem;
    
    ssl_protocols TLSv1.2;
	ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
	ssl_prefer_server_ciphers on;

	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Content-Type-Options "nosniff";

	index index.php index.html index.htm index.nginx-debian.html;

    charset utf-8;

    location / {
            try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
    }

    location ~ /\.ht {
            deny all;
    }

    location ~ /.well-known {
            allow all;
    }
}


sudo nginx -t
sudo systemctl reload nginx

Git


cd /var/www/html
mkdir project && sudo chown git:www-data project -R
apt update
apt install git
su git
cd ~ && git init --bare project.git
cd ~/project.git/hooks
touch post-receive
chmod +x post-receive
vim post-receive

#!/bin/sh
PROD="/var/www/html/project"
REPO="/home/git/project.git"
git --work-tree=$PROD --git-dir=$REPO checkout -f

local git repo


git remote add production git@IP:project.git (or set-url if using origin)

Mail

Redis

Queue