Skip to content

Instantly share code, notes, and snippets.

@godkinmo

godkinmo/server_setup.md

Created February 6, 2022 17:48
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save godkinmo/1b13a3445dae20d003e978f2bf3c8928 to your computer and use it in GitHub Desktop.
Save godkinmo/1b13a3445dae20d003e978f2bf3c8928 to your computer and use it in GitHub Desktop.
Download ZIP
Laravel 8 Server Setup
Raw
server_setup.md

Server Setup

安裝 Laravel 8 - Server 基本設定

Installation - Laravel - The PHP Framework For Web Artisans

Requirements

  • PHP >= 7.3
  • OpenSSL PHP Extension
  • PDO PHP Extension
  • Mbstring PHP Extension
  • Tokenizer PHP Extension
  • XML PHP Extension
  • Ctype PHP Extension
  • JSON PHP Extension
  • BCMath PHP Extension

不同系統之間的安裝方法都不同,這裏只介紹 Linux 的安裝方法,其他的 OS 就不介紹了,想在家中 setup 好 PHP 的 environment,請自行瀏覽。

安裝部驟

Digital Ocean (https://www.digitalocean.com) 快速建立一個 web server (base on Ubuntu 20.04).

IP Address: x.x.x.x
Username: root

包括以下軟件的安裝

  1. Nginx
  2. PHP/PHP-FPM
  3. MySQL

ssh root@x.x.x.x

基本

# Install some basics
sudo apt-get update
sudo apt-get install -y curl wget zip unzip git python2.7 unattended-upgrades htop

# Set the timezone to UTC
sudo ln -sf /usr/share/zoneinfo/UTC /etc/localtime

Nginx

# Add repositories to get latest stable versions
# "development" is Nginx's MAINELINE branch & is actually considered stable
sudo add-apt-repository -y ppa:nginx/development

# Update local cache to learn about new available packages
sudo apt-get update

# Install Nginx
sudo apt-get install -y nginx

PHP

# Install PHP 8.1
sudo add-apt-repository -y ppa:ondrej/php

sudo apt-get update

sudo apt-get install -y php8.1-fpm php8.1-cli \
    php8.1-sqlite3 php8.1-mysql \
    php8.1-gd php8.1-curl php8.1-memcached \
    php8.1-imap php8.1-mbstring php8.1-xml \
    php8.1-zip php8.1-bcmath php8.1-soap \
    php8.1-intl php8.1-readline php8.1-mcrypt


# Install Composer
curl -sS https://getcomposer.org/installer | sudo php -- --install-dir=/usr/local/bin --filename=composer

MySQL

安裝 MySQL 8 並設定 root password

export DEBIAN_FRONTEND=noninteractive

sudo debconf-set-selections <<< "mysql-server-8.0 mysql-server/root_password password root"
sudo debconf-set-selections <<< "mysql-server-8.0 mysql-server/root_password_again password root"

sudo apt-get install -y mysql-server

# Optionally:
sudo mysql_secure_installation

Node

最後我們安裝 nodejs 和一些常用的工具,NodeJS 版本經常更新, 所以你安裝時需要查一查最新版本:

curl --silent --location https://deb.nodesource.com/setup_16.x | sudo bash -

sudo apt-get update

sudo apt-get install -y nodejs

sudo npm install -g yarn

Server

優化 server 設定,修改一些 Server 預設設定

Swap

當 ram 唔夠時,行起一些指令時會 failed,我們可以開啟 swap 用 1G disk 容量黎用作 ram ,用於一些 ram 比較少的服務器,但是速度沒有真實的 ram 咁快

# Swap
sudo fallocate -l 1G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo "/swapfile none swap sw 0 0" | sudo tee -a /etc/fstab
echo "vm.swappiness=30" | sudo tee -a /etc/sysctl.conf
echo "vm.vfs_cache_pressure=50" | sudo tee -a /etc/sysctl.conf

PHP

我們可以在PHP配置中更改一些變量。 這些設置錯誤報告,內存限制,時區和路徑信息設置在Linux服務器上由Nginx + PHP更好地使用。

# Set some defaults in PHP CLI
sudo sed -i "s/error_reporting = .*/error_reporting = E_ALL/" /etc/php/8.1/cli/php.ini
sudo sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/8.1/cli/php.ini
sudo sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/8.1/cli/php.ini

# Set some defaults in PHP FPM
sed -i "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/" /etc/php/8.1/fpm/php.ini
sed -i "s/memory_limit = .*/memory_limit = 512M/" /etc/php/8.1/fpm/php.ini
sed -i "s/;date.timezone.*/date.timezone = UTC/" /etc/php/8.1/fpm/php.ini

# Restart PHP-FPM to get the changes to take effect
sudo service php8.1-fpm restart

Nginx

編輯 /etc/nginx/sites-available/default 為 Laravel app 的基本設定 綁定 namecheap 一個 example.com 的域名 然後綁定中一個 subdomain, ws22-laravel8.example.com

server {
        listen 80 default_server;

        root /home/jack/ws22-laravel8.example.com/public;

        index index.html index.htm index.php;

        server_name _;

        location / {
                try_files $uri $uri/ /index.php$is_args$args;
        }

        location ~ \.php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php8.1-fpm-app-jack.sock;
        }
}

User

為每一個人建立 Linux 帳戶

# Create user jack
sudo adduser jack
sudo usermod -aG sudo jack
# Switch to jack user
sudo su jack

# Start laravel app
cd ~/
composer create-project laravel/laravel ws22-laravel8.example.com

PHP FPM

為不同用戶設定不同的 php-fpm socket,這樣可以確保自己新建 laravel project 與php server 行起的權限都是自己 因為預設為 www-data,ps aux | grep php,可以在這裏看到 這樣做可以解決權限問題,而無法新建 log/cache file

sudo cp /etc/php/8.1/fpm/pool.d/www.conf /etc/php/8.1/fpm/pool.d/app-jack.conf
# Changes to the new configuration:# Change "www" to "app-jack"
[app-jack]

usre = jack
group = jack
# Must listen on unique socket
listen = /var/run/php8.1-fpm-app-jack.sock;
sudo service php8.1-fpm reload

MySQL 用戶設定

# use mysql-cli, and use root to login
mysql -uroot -proot

create database ws22_laravel8 charset utf8mb4 collate utf8mb4_general_ci;

create user 'jack'@'localhost' identified by 'password';

grant all privileges on ws22_laravel8.* to 'jack'@'localhost';

flush privileges;

Security

我們需要為 server 提高安全性

SSH

ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_ws19 -C "jack.mo@gmail.com"
cat ~/.ssh/id_ws19.pub | pbcopy

將 key 入加 至 jack user’s ~/.ssh/authorized_keys file on the server. 如果檔案不存在,自行建立

# Login as jack user
cd ~
mkdir .ssh
touch ~/.ssh/authorized_keys

echo 'ssh-ed25519 ...skip... jack.mo@gmail.com' > ~/.ssh/authorized_keys

然後設定 server 只允許 ssh 方式登入,需要修改 /etc/ssh/sshd_config

PermitRootLogin without-password
PasswordAuthentication no

重啟 SSH 生效

sudo service ssh restart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment