title | keywords | description | date | tags | permalink | img | author | authorlink |
---|---|---|---|---|---|---|---|---|
Setting Up Laravel in Ubuntu / DigitalOcean |
servers, laravel, coderstape, coder's tape |
Let's take a look at settting up a server from scratch for Laravel. |
April 1, 2019 |
servers, laravel |
setting-up-laravel-in-ubuntu-digitalocean |
Victor Gonzalez |
In this post, we are looking at the steps necessary to create an Ubuntu droplet in DigitalOcean from scratch. This is the companion guide to the video series in Laravel 5.8 from scrath. Follow along with those to get the video guide.
Part 1 https://coderstape.com/lesson/112-deployment-basic-server-setup-part-1
Part 2 https://coderstape.com/lesson/113-deployment-basic-server-setup-part-2
Part 3 https://coderstape.com/lesson/114-deployment-basic-server-setup-part-3
- Create droplet with Ubuntu 18.10
ssh root@[DROPLET IP ADDRESS]
- Get password from your email
- Change password on first login
adduser laravel
- Enter password and other information
usermod -aG sudo laravel
- In your local machine,
ssh-keygen
- Generate a key, if you leave passphrase blank, no need for password
ls ~/.ssh
to show files in local machine- Get the public key,
cat ~/.ssh/id_rsa.pub
- Copy it
cd ~/.ssh
andvim authorized_keys
- Paste key
- Repeat steps for laravel user
su laravel
thenmkdir ~/.ssh
fix permissionschmod 700 ~/.ssh
vim ~/.ssh/authorized_keys
and paste keychmod 600 ~/.ssh/authorized_keys
to restrict this from being modifiedexit
to return to root user
sudo vim /etc/ssh/sshd_config
- Find PasswordAuthentication and set that to
no
- Turn on
PubkeyAuthentication yes
- Turn off
ChallengeResponseAuthentication no
- Reload the SSH service
sudo systemctl reload sshd
- Test new user in a new tab to prevent getting locked out
- View all available firewall settings
sudo ufw app list
- Allow on OpenSSH so we don't get locked out
sudo ufw allow OpenSSH
- Enable Firewall
sudo ufw enable
- Check the status
sudo ufw status
sudo apt update
enter root passwordsudo apt install nginx
enter Y to installsudo ufw app list
For firewallsudo ufw allow 'Nginx HTTP'
to add NGINXsudo ufw status
to verify change- Visit server in browser
sudo apt install mysql-server
enter Y to installsudo mysql_secure_installation
to run automated securing script- Press N for VALIDATE PASSWORD plugin
- Set root password
- Remove anonymous users?
Y
- Disallow root login remotely?
N
- Remove test database and access to it?
Y
- Reload privilege tables now?
Y
sudo mysql
to enter MySQL CLISELECT user,authentication_string,plugin,host FROM mysql.user;
to verify root user's auth methodALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'STRONG_PASSWORD_HERE';
to set a root passwordSELECT user,authentication_string,plugin,host FROM mysql.user;
to verify root user's auth methodFLUSH PRIVILEGES;
to apply all changesmysql -u root -p
to access db from now on, enter passwordSTRONG_PASSWORD_HERE
sudo add-apt-repository universe
to add software reposudo apt install php-fpm php-mysql
to install the basic PHP softwaresudo vim /etc/nginx/sites-available/YOUR.DOMAIN.COM
server {
listen 80;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name YOUR.DOMAIN.COM;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
sudo ln -s /etc/nginx/sites-available/YOUR.DOMAIN.COM /etc/nginx/sites-enabled/
to create symlink to enabled sitessudo unlink /etc/nginx/sites-enabled/default
to remove default linksudo nginx -t
test the whole configsudo systemctl reload nginx
to apply all changessudo vim /var/www/html/info.php
to start a new PHP file, fill it with <?php phpinfo();sudo rm /var/www/html/info.php
optional command to get rid of test file
sudo apt-get install php7.2-mbstring php7.2-xml composer unzip
mysql -u root -p
Login to create the Laravel DBCREATE DATABASE laravel DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
GRANT ALL ON laravel.* TO 'laraveluser'@'localhost' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
exit
cd /var/www/html
,sudo mkdir -p first-project
sudo chown laravel:laravel first-project
git clone https://github.com/coderstape/laravel-58-from-scratch.git .
composer install
cp .env.example .env
, and thenvim .env
APP_NAME=Laravel
APP_ENV=production
APP_KEY=
APP_DEBUG=false
APP_URL=http://YOUR.DOMAIN.COM
LOG_CHANNEL=stack
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=root
DB_USERNAME=laravel
DB_PASSWORD=STRONG_PASSWORD_HERE
php artisan migrate
php artisan key:generate
to generate the keysudo chgrp -R www-data storage bootstrap/cache
fix permissionssudo chmod -R ug+rwx storage bootstrap/cache
fix permissionssudo chmod -R 755 /var/www/html/first-project
fix permissionschmod -R o+w /var/www/html/first-project/storage/
fix permission
sudo vim /etc/nginx/sites-available/YOUR.DOMAIN.COM
server {
listen 80;
listen [::]:80;
root /var/www/html/first-project/public;
index index.php index.html index.htm index.nginx-debian.html;
server_name YOUR.DOMAIN.COM;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
sudo nginx -t
sudo systemctl reload nginx
reload Nginx
sudo add-apt-repository ppa:certbot/certbot
to get reposudo apt install python-certbot-nginx
to installsudo certbot certonly --webroot --webroot-path=/var/www/html/quickstart/public -d example.com -d www.example.com
sudo certbot certonly --webroot --webroot-path=/var/www/html/first-project/public -d YOUR.DOMAIN.COM
sudo vim /etc/nginx/sites-available/YOUR.DOMAIN.COM
server {
listen 80;
listen [::]:80;
server_name YOUR.DOMAIN.COM;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name YOUR.DOMAIN.COM;
root /var/www/html/first-project/public;
ssl_certificate /etc/letsencrypt/live/YOUR.DOMAIN.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOUR.DOMAIN.COM/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.php index.html index.htm index.nginx-debian.html;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
}
sudo nginx -t
sudo ufw app list
For firewallsudo ufw allow 'Nginx HTTPS'
to add NGINXsudo ufw status
to verify changesudo systemctl reload nginx
reload Nginx
Let's make the prompt pretty
sudo apt-get install zsh
to install ZSHzsh --version
to confirm installwhereis zsh
to find out where it issudo usermod -s /usr/bin/zsh $(whoami)
to make Zsh defaultsudo reboot
to reapply all changes2
to populate a default filesudo apt-get install powerline fonts-powerline
to install powerlinesudo apt-get install zsh-theme-powerlevel9k
to install Themeecho "source /usr/share/powerlevel9k/powerlevel9k.zsh-theme" >> ~/.zshrc
to enable the theme in your Zshrcexit
and login again to see the new themesh -c "$(wget https://raw.githubusercontent.com/robbyrussell/oh-my-zsh/master/tools/install.sh -O -)"
for Oh My Zshecho "source /usr/share/powerlevel9k/powerlevel9k.zsh-theme" >> ~/.zshrc
to re-enable 9K
sudo chown -R www-data:www-data /var/www/html/firs-project
fix permissions