ssh root@your_server_ip
> yes
Add repositories
add-apt-repository -y ppa:nginx/development
add-apt-repository -y ppa:ondrej/php
add-apt-repository -y ppa:certbot/certbot
apt update
apt -y install git vim curl wget zip unzip htop
apt -y install nginx
apt -y install php7.4-{fpm,mysql,mbstring,xml,bcmath,fpm,zip}
Firewall
ufw allow ssh
ufw allow http
ufw allow https
ufw enable
> y
ufw status
DigitalOcean
> Networking
> enter domain
> type: @ ; select Droplet
> type: www ; select Droplet
Namecheap
> manage domain
> nameservers: Custom DNS
> ns1.digitalocean.com
> ns2.digitalocean.com
> ns3.digitalocean.com
> confirm
Wait to propagate (~15min)
Configure nginx
touch /var/www/html/index.html
vim /etc/nginx/sites-available/default
server {
listen 80 default_server;
server_name app.com www.app.com;
root /var/www/app/public;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
service nginx restart
Let's Encrypt
apt -y install python-certbot-nginx
certbot --nginx -d app.com -d www.app.com
> enter your email
> A
> N
> 2
# Not required right now, but to renew the cert, run this every 90 days:
certbot renew --dry-run
Create a new user: elvijs
adduser elvijs
> set password
> ... set everything to blank: []
> Y
usermod -aG sudo elvijs
# Suppresses that annoying welcome message
touch /home/elvijs/.hushlogin
Move SSH keys over
rsync --archive --chown=elvijs:elvijs ~/.ssh /home/elvijs && exit
ssh elvijs@your_server_ip
> yes
sudo vim /etc/nginx/sites-available/default
server {
listen 80;
listen [::]:80;
server_name app.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name app.com;
root /home/elvijs/app/public;
ssl_certificate /etc/letsencrypt/live/app.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.com/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_prefer_server_ciphers on;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
sudo nginx -t
sudo service nginx restart
https://getcomposer.org/download/
sudo mv composer.phar /usr/local/bin/composer
composer global require laravel/installer
echo 'export PATH="$PATH:$HOME/.config/composer/vendor/bin"' >> ~/.bashrc
source ~/.bashrc
cd
laravel new app
sudo chown -R elvijs: app
sudo vim /etc/php/7.4/fpm/pool.d/www.conf
> user = elvijs
> group = elvijs
sudo service php7.4-fpm restart
sudo rm -rf /var/www/html
vi .env
... comment out DB
vi routes/web.php
$arr = ['text', 5];
Route::get('test', fn () => implode(', ', [...[1, 2, 3], ...$arr]));
Deployment
sudo visudo -f /etc/sudoers.d/php-fpm
Content
elvijs ALL=NOPASSWD: /usr/sbin/service php7.4-fpm reload
htop
# check the memory usage
sudo vim /etc/php/7.4/fpm/pool.d/www.conf
user = elvijs
group = elvijs
pm.max_children
5 -> 10
pm.start_servers
2 -> 4
pm-min_spare_servers
1 -> 2
pm.max_spare_servers
2 -> 4
pm_max_requests
0 -> 1000
sudo service php7.4-fpm restart
ps aux | grep php
# check the memory usage
htop
sudo apt update
sudo apt -y install mysql-server
sudo mysql_secure_installation
> no for plugin
> enter new password
> ... y to all
sudo su
mysql -uroot -p
> enter your pw
create database app charset utf8mb4;
create user elvijs@localhost identified by 'Secret1!';
grant all privileges on app.* to elvijs@localhost;
flush privileges;
exit
mysql -uelvijs -p
> Secret1!
Update .env file
cd ~/app
vim .env
# update DB variables
sudo /bin/dd if=/dev/zero of=/var/swap.1 bs=1M count=1024
sudo /sbin/mkswap /var/swap.1
sudo /sbin/swapon /var/swap.1
rm -rf vendor
composer require laravel/ui --dev
php artisan ui react --auth
cd ~
sudo curl -sL https://deb.nodesource.com/setup_13.x | sudo bash -
sudo apt-get install -y nodejs
node -v
npm -v
cd ~/app
npm i && npm run prod