tajulasri/fab.py

## fab.py
from fabric.api import *

'''
    fabric python laravel vps setup
    pip install fabric

    1. Save as fabfile.py
    2. fab deploy


'''
env.hosts = [
    'YOUR_IP'
]

env.user = 'YOUR_USER_NAME'
# you can use key instead


def uname():
    run('uname -a')


def upgrade():
    run('sudo apt-get -y upgrade')


def update():
    run('sudo apt-get update -y')


def apt_common():
    run('sudo apt-get install -y python-software-properties')
    run('sudo apt-get install -y software-properties-common')


def setup_ngix():
    run('sudo apt-get install -y nginx')
    run('curl -I localhost')


def setup_php():
    apt_common()
    run('sudo add-apt-repository -y ppa:ondrej/php')
    update()
    run('apt-cache pkgnames | grep php7.1')
    run('sudo apt-get install -y php7.1-curl php7.1 php7.1-cli php7.1-common php7.1-mbstring php7.1-gd php7.1-intl php7.1-xml php7.1-mysql php7.1-mcrypt php7.1-zip php7.1-pdo-pgsql php7.1-dom php7.1-bcmath')


def setup_php_fpm():
    run('sudo apt-get install -y php7.1-fpm')


def setup_composer():
    run('sudo wget https://getcomposer.org/installer && php installer && chmod +x composer.phar')
    run('sudo mv composer.phar /usr/bin/composer')
    run('composer')


def setup_default_directory():
    run('sudo mkdir /var/www/{logs,config}')
    run('sudo chown -R www-data:www-data /var/www')


def setup_lets_encrypt():
    run('sudo add-apt-repository -y ppa:certbot/certbot')
    update()
    run('sudo apt-get install -y python-certbot-nginx')


def setup_redis():
    run('sudo apt-get install redis-server -y')
    run('redis-cli --version && redis-cli PING')


def setup_supervisor():
    run('sudo apt-get install supervisor')


def deploy():
    upgrade()
    update()
    setup_ngix()
    setup_php()
    setup_php_fpm()
    setup_default_directory()
    setup_lets_encrypt()
    setup_redis()
    setup_supervisor()
    setup_composer()

## generate cert using certbot
certbot certonly --webroot --agree-tos -w /var/www/app.domain.my -d app.domain.my

references: https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8

## laravel-worker.conf
[program:laravel-worker]
process_name=%(program_name)s_%(process_num)02d
command=php /var/www/app.domain.com/artisan queue:work redis --sleep=3 --tries=3
autostart=true
autorestart=true
user=www-data
numprocs=8
redirect_stderr=true
stdout_logfile=/var/www/logs/queue.log

## nginx vhost ssl
server {

	listen 80;
	listen [::]:80;

	server_name yourdomainapp.com;

	return 301 https://$server_name$request_uri;

}

server {

	listen 443 ssl http2;

	#ssl http2;
	ssl on;
	listen [::]:443 ssl http2;

       include snippets/ssl-params.conf;
       include snippets/ssl-yourdomainapp.com.conf;

       server_name app.yourdomain.com;

       root var/www/yourdomainapp.com;

       index index.php index.html index.htm;

        location / {
                try_files $uri $uri/ /index.php?$args;
        }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.1-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }


	location ~ /.well-known {
                allow all;
        }
}

## ssl-params.conf
# from https://cipherli.st/
# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
# openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# disable HSTS header for now
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

ssl_dhparam /etc/ssl/certs/dhparam.pem;

## ssl-yourdomain.com.conf
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
	from fabric.api import *

	'''
	fabric python laravel vps setup
	pip install fabric

	1. Save as fabfile.py
	2. fab deploy


	'''
	env.hosts = [
	'YOUR_IP'
	]

	env.user = 'YOUR_USER_NAME'
	# you can use key instead


	def uname():
	run('uname -a')


	def upgrade():
	run('sudo apt-get -y upgrade')


	def update():
	run('sudo apt-get update -y')


	def apt_common():
	run('sudo apt-get install -y python-software-properties')
	run('sudo apt-get install -y software-properties-common')


	def setup_ngix():
	run('sudo apt-get install -y nginx')
	run('curl -I localhost')


	def setup_php():
	apt_common()
	run('sudo add-apt-repository -y ppa:ondrej/php')
	update()
	run('apt-cache pkgnames \| grep php7.1')
	run('sudo apt-get install -y php7.1-curl php7.1 php7.1-cli php7.1-common php7.1-mbstring php7.1-gd php7.1-intl php7.1-xml php7.1-mysql php7.1-mcrypt php7.1-zip php7.1-pdo-pgsql php7.1-dom php7.1-bcmath')


	def setup_php_fpm():
	run('sudo apt-get install -y php7.1-fpm')


	def setup_composer():
	run('sudo wget https://getcomposer.org/installer && php installer && chmod +x composer.phar')
	run('sudo mv composer.phar /usr/bin/composer')
	run('composer')


	def setup_default_directory():
	run('sudo mkdir /var/www/{logs,config}')
	run('sudo chown -R www-data:www-data /var/www')


	def setup_lets_encrypt():
	run('sudo add-apt-repository -y ppa:certbot/certbot')
	update()
	run('sudo apt-get install -y python-certbot-nginx')


	def setup_redis():
	run('sudo apt-get install redis-server -y')
	run('redis-cli --version && redis-cli PING')


	def setup_supervisor():
	run('sudo apt-get install supervisor')


	def deploy():
	upgrade()
	update()
	setup_ngix()
	setup_php()
	setup_php_fpm()
	setup_default_directory()
	setup_lets_encrypt()
	setup_redis()
	setup_supervisor()
	setup_composer()
	certbot certonly --webroot --agree-tos -w /var/www/app.domain.my -d app.domain.my

	references: https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8
	[program:laravel-worker]
	process_name=%(program_name)s_%(process_num)02d
	command=php /var/www/app.domain.com/artisan queue:work redis --sleep=3 --tries=3
	autostart=true
	autorestart=true
	user=www-data
	numprocs=8
	redirect_stderr=true
	stdout_logfile=/var/www/logs/queue.log
	server {

	listen 80;
	listen [::]:80;

	server_name yourdomainapp.com;

	return 301 https://$server_name$request_uri;

	}

	server {

	listen 443 ssl http2;

	#ssl http2;
	ssl on;
	listen [::]:443 ssl http2;

	include snippets/ssl-params.conf;
	include snippets/ssl-yourdomainapp.com.conf;

	server_name app.yourdomain.com;

	root var/www/yourdomainapp.com;

	index index.php index.html index.htm;

	location / {
	try_files $uri $uri/ /index.php?$args;
	}

	location ~ \.php$ {
	include snippets/fastcgi-php.conf;
	fastcgi_pass unix:/run/php/php7.1-fpm.sock;
	}

	location ~ /\.ht {
	deny all;
	}


	location ~ /.well-known {
	allow all;
	}
	}
	# from https://cipherli.st/
	# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
	# openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
	ssl_ecdh_curve secp384r1;
	ssl_session_cache shared:SSL:10m;
	ssl_session_tickets off;
	ssl_stapling on;
	ssl_stapling_verify on;
	resolver 8.8.8.8 8.8.4.4 valid=300s;
	resolver_timeout 5s;
	# disable HSTS header for now
	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
	add_header X-Frame-Options DENY;
	add_header X-Content-Type-Options nosniff;

	ssl_dhparam /etc/ssl/certs/dhparam.pem;
	ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;