Setting up Laravel script with nginx + mysql + php

cmd.sh

# installing nginx

sudo apt update
sudo apt install nginx

# firewall: opening appropriate ports

sudo ufw app list
sudo ufw allow 'Nginx Full'
sudo ufw status

# checking nginx

systemctl status nginx

# creating web folders

mkdir /var
mkdir /var/www

# uninstalling Apache2

sudo apt autoremove
sudo apt remove apache2.*

# creating a user which will manage deployments

adduser deployer

# installing mysql (use latest version for files)

cd /var
wget -c https://dev.mysql.com/get/mysql-apt-config_0.8.15-1_all.deb
sudo dpkg -i mysql-apt-config_0.8.15-1_all.deb
sudo apt-get update
sudo apt-get install mysql-server
sudo mysql_secure_installation

# installing php (PHP7.4 is referenced here which is not up-to-date)

sudo apt update
sudo apt upgrade
sudo apt install software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt update
sudo apt install php7.4-fpm
sudo apt install php7.4-common php7.4-mysql php7.4-xml php7.4-curl php7.4-gd php7.4-imagick php7.4-cli php7.4-dev php7.4-imap php7.4-mbstring php7.4-opcache php7.4-soap php7.4-zip php7.4-intl php7.4-gmp -y

# creating hosts in nginx

cd /etc/nginx/sites-available
nano {your_hostname}

===
server {
    #listen 443 ssl http2;
    #listen [::]:443 ssl http2;
    listen 80;

    server_name {servername};

    root /var/www/{your_hostname}/public;
    index index.php;

    charset utf-8;

    #include snippets/ssl.conf;
    #ssl_certificate /etc/letsencrypt/live/{your_hostname}/fullchain.pem;
    #ssl_certificate_key /etc/letsencrypt/live/{your_hostname}/privkey.pem;
    #ssl_trusted_certificate /etc/letsencrypt/live/{your_hostname}/chain.pem;

    include snippets/headers.conf;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    error_page 401 404 403 500 /index.php;

    location ~ \.php$ {
        fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~* \.(js|css|png|jpg|svg|gif|ico|ttf|woff|woff2|txt)$ {
        expires 1y;
    }
}

#server {
#    listen    80;
#    listen    [::]:80;

#    server_name {your_hostname};

#    return    301 https://$host$request_uri;
#}
===

ln -s /etc/nginx/sites-available/{your_hostname} /etc/nginx/sites-enabled/{your_hostname}

nano /etc/nginx/sites-available/default

===
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    server_name _;

    return    301 http://{your_hostname};
}
===

nano /etc/nginx/snippets/headers.conf

===
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload;";
add_header Content-Security-Policy "default-src 'none'; frame-ancestors 'none'; script-src 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; form-action 'self';";
add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
===

# configure mysql access

mysql -u root -p
- CREATE USER 'laravel'@'%' IDENTIFIED BY 'password';
- CREATE DATABASE `web`;
- GRANT ALL PRIVILEGES ON web.* TO 'laravel'@'%';
- FLUSH PRIVILEGES;

# creating deploy tokens in git

ssh-keygen -t rsa -b 4096
cat ~/.ssh/id_rsa.pub

# installing git

apt install git

# installing composer

apt install composer

# changing ownership of web folders

chown www-data:deployer /var/www
chmod g+w /var/www
(deployer) mkdir /var/www/{your_hostname}
cd /var/www
git clone {your_repo} {your_hostname}
cp .env.example .env
nano .env (configure DB access and app names etc)
composer install
php artisan migrate
(optional) php artisan db:seed

# configure php-fpm

nano /etc/php/7.4/fpm/pool.d/www.conf

===
group = deployer
#listen = /run/php/php7.4-fpm.sock
===

# restarting nginx

nginx -s reload

# installing curl

apt install curl

# installing npm

apt install npm
sudo npm cache clean -f
sudo npm install -g n
sudo n stable

# installing yarn

curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
sudo apt update
sudo apt install yarn

# setting up basic http auth (for instance for staging server, if needed)

sudo apt-get update
sudo apt-get install apache2-utils
sudo htpasswd -c /var/www/.htpwd {your_password}
nano /etc/nginx/sites-available/{your_hostname}

===
auth_basic "Restricted Content";
auth_basic_user_file /var/www/.htpwd;
===

# installing supervisor

apt install supervisor
cd /etc/supervisor/conf.d
nano laravel-worker.conf

===
[program:laravel-worker]
process_name=%(program_name)s_%(process_num)02d
command=php /var/www/{your_hostname}/artisan queue:work --sleep=3 --tries=3
autostart=true
autorestart=true
user=www-data
numprocs=8
redirect_stderr=true
stdout_logfile=/var/www/{your_hostname}/storage/logs/worker.log
stopwaitsecs=3600
===

supervisorctl reread
supervisorctl update
supervisorctl start laravel-worker:*

# installing cron

apt update
apt install cron
systemctl enable cron

(deployer) crontab -e

which php7.4

=== (FULL PATH TO PHP EXECUTABLE IS CRITICAL!)
* * * * * cd /var/www/{your_hostname} && /usr/bin/php7.4 artisan schedule:run >> /dev/null 2>&1
===