Skip to content

Instantly share code, notes, and snippets.

@vsnai

vsnai/Linux, nginx, PHP 7.4, and Laravel 6.md

Last active March 11, 2020 13:00
Show Gist options
  • Save vsnai/00dba3f6727ed63578497fa064d37c0e to your computer and use it in GitHub Desktop.
Save vsnai/00dba3f6727ed63578497fa064d37c0e to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Linux, nginx, PHP 7.4, and Laravel 6.md 
ssh root@your_server_ip
  > yes

Add repositories

add-apt-repository -y ppa:nginx/development
add-apt-repository -y ppa:ondrej/php
add-apt-repository -y ppa:certbot/certbot

apt update

apt -y install git vim curl wget zip unzip htop
apt -y install nginx
apt -y install php7.4-{fpm,mysql,mbstring,xml,bcmath,fpm,zip}

Firewall

ufw allow ssh
ufw allow http
ufw allow https

ufw enable
  > y

ufw status

DigitalOcean
  > Networking
  > enter domain
  > type: @ ; select Droplet
  > type: www ; select Droplet

Namecheap
  > manage domain
  > nameservers: Custom DNS
    > ns1.digitalocean.com
    > ns2.digitalocean.com
    > ns3.digitalocean.com
  > confirm

Wait to propagate (~15min)

Configure nginx

touch /var/www/html/index.html
vim /etc/nginx/sites-available/default

server {
  listen 80 default_server;
  server_name app.com www.app.com;
  root /var/www/app/public;

  index index.html index.htm index.php;
  charset utf-8;

  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }

  location = /favicon.ico { access_log off; log_not_found off; }
  location = /robots.txt  { access_log off; log_not_found off; }

  error_page 404 /index.php;

  location ~ \.php$ {
    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
    include fastcgi_params;
  }

  location ~ /\.(?!well-known).* {
    deny all;
  }
}

service nginx restart

Let's Encrypt

apt -y install python-certbot-nginx
certbot --nginx -d app.com -d www.app.com
  > enter your email
  > A
  > N
  > 2

# Not required right now, but to renew the cert, run this every 90 days:
certbot renew --dry-run

Create a new user: elvijs

adduser elvijs
  > set password
  > ... set everything to blank: []
  > Y

usermod -aG sudo elvijs

# Suppresses that annoying welcome message
touch /home/elvijs/.hushlogin

Move SSH keys over

rsync --archive --chown=elvijs:elvijs ~/.ssh /home/elvijs && exit
ssh elvijs@your_server_ip
  > yes

sudo vim /etc/nginx/sites-available/default

server {
  listen 80;
  listen [::]:80;

  server_name app.com;
  return 301 https://$server_name$request_uri;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name app.com;
  root /home/elvijs/app/public;

  ssl_certificate /etc/letsencrypt/live/app.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/app.com/privkey.pem;

  ssl_protocols TLSv1.2;
  ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
  ssl_prefer_server_ciphers on;
  add_header X-Frame-Options "SAMEORIGIN";
  add_header X-XSS-Protection "1; mode=block";
  add_header X-Content-Type-Options "nosniff";

  index index.html index.htm index.php;
  charset utf-8;

  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }

  location = /favicon.ico { access_log off; log_not_found off; }
  location = /robots.txt  { access_log off; log_not_found off; }

  error_page 404 /index.php;

  location ~ \.php$ {
    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
    include fastcgi_params;
  }

  location ~ /\.(?!well-known).* {
    deny all;
  }
}

sudo nginx -t
sudo service nginx restart

https://getcomposer.org/download/

sudo mv composer.phar /usr/local/bin/composer
composer global require laravel/installer
echo 'export PATH="$PATH:$HOME/.config/composer/vendor/bin"' >> ~/.bashrc
source ~/.bashrc

cd
laravel new app

sudo chown -R elvijs: app
sudo vim /etc/php/7.4/fpm/pool.d/www.conf
  > user = elvijs
  > group = elvijs
sudo service php7.4-fpm restart
sudo rm -rf /var/www/html

vi .env
... comment out DB

vi routes/web.php

$arr = ['text', 5];

Route::get('test', fn () => implode(', ', [...[1, 2, 3], ...$arr]));

Deployment

sudo visudo -f /etc/sudoers.d/php-fpm

Content

elvijs ALL=NOPASSWD: /usr/sbin/service php7.4-fpm reload

htop
# check the memory usage

sudo vim /etc/php/7.4/fpm/pool.d/www.conf

user = elvijs
group = elvijs
pm.max_children
  5 -> 10
pm.start_servers
  2 -> 4
pm-min_spare_servers
  1 -> 2
pm.max_spare_servers
  2 -> 4
pm_max_requests
  0 -> 1000

sudo service php7.4-fpm restart
ps aux | grep php

# check the memory usage
htop

MySQL

sudo apt update
sudo apt -y install mysql-server

sudo mysql_secure_installation
  > no for plugin
  > enter new password
  > ... y to all

sudo su
mysql -uroot -p
  > enter your pw

create database app charset utf8mb4;
create user elvijs@localhost identified by 'Secret1!';
grant all privileges on app.* to elvijs@localhost;
flush privileges;

exit

mysql -uelvijs -p
  > Secret1!

Update .env file

cd ~/app
vim .env

# update DB variables

sudo /bin/dd if=/dev/zero of=/var/swap.1 bs=1M count=1024
sudo /sbin/mkswap /var/swap.1
sudo /sbin/swapon /var/swap.1

rm -rf vendor
composer require laravel/ui --dev
php artisan ui react --auth

cd ~
sudo curl -sL https://deb.nodesource.com/setup_13.x | sudo bash -
sudo apt-get install -y nodejs
node -v
npm -v

cd ~/app
npm i && npm run prod
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment