For this installation, I'm using Ubuntu 18.04 on DigitalOcean, with my ssh key already added for easy first-time login.
Login into the new server using ssh:
ssh root@serverip
Before doing anything, update Ubuntu using the following commands:
Because we're logged in as root, there's no need to use sudo.
# apt update
# apt dist-upgrade
Both commands can take a minute.
This step is very important if you want to have a secure server.
By default, many VPS providers setup servers with only a root user.
I'm going to create a user, this is the user I'm going to use when logging in.
Root login will be completely disabled. Commands that require super user privilege will be executed using sudo.
Use the following command to create a user:
# adduser username
Replace username with your own username.
It'll ask you to choose a password and some personal account information. Choose a super safe password and remember it, this is the password you're going to use when you need superuser privileges.
Use the usermod command to add the user to the sudo group.
# usermod -aG sudo username
After this, you can use su - username to test logging in as the user.
If logging in works, you can test sudo rights for example by using sudo ls /root.
Now for the new user, you can add your SSH keys for easier and safer login. On the host computer, read your ssh keys by typing:
$ cat ~/.ssh/id_rsa.pub
The output probably starts with with ssh-rsa. Copy the contents of the file.
On the server, type
$ mkdir ~/.ssh
$ nano ~/.ssh/authorized_keys
(or use any other text editor) And paste the contents of the public key. Save by typing control-o (enter) and quit by typing control-x.
After this step, it's not possible to login using the root anymore.
Open the ssh configuration file:
$ sudo nano /etc/ssh/sshd_config
And add the following line:
PermitRootLogin no
Save by typing control-o (enter) and quit by typing control-x. After that, restart the SSH servers:
$ sudo service ssh restart
Edit the passwd file by typing
sudo nano /etc/passwd
The first line will probably look somethnig like this:
root:x:0:0:root:/root:/bin/bash
Change that to the following.
root:x:0:0:root:/root:/sbin/nologin
This makes sure that if anyone tries to log in on the server (in
Install the following packages:
- Apache2
- php7.4
- php7.4-mysql for connecting php to mysql
- php7.4-xml for html parsing (laravel needs it)
- php7.4-zip for reading zips - makes composer faster
- php7.4-mbstring Multibyte strings 😎
- php7.4-curl For web requests from PHP
- mod-php php module for apache
- composer Install your laravel project
- MariaDB MySQL compatible database server
$ sudo apt install apache2 php7.4 php7.4-mysql php7.4-xml php7.4-zip php7.4-mbstring libapache2-mod-php7.4 php7.4-curl composer mariadb-server
First, secure the database and make database and user:
$ sudo mysql_secure_installation
Choose a super safe root password and disable remote root login!
Now, login with that new password. (replace newuser, password and dbname)
$ mysql -u root -p
mysql> CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost';
mysql> FLUSH PRIVILEGES;
mysql> CREATE DATABASE dbname;
If your git repository needs it, create a new ssh keypair and read the public key:
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is: (...)
The key's randomart image is: (...)
$ cat ~/.ssh/id_rsa.pub
And set it up on the git server.
Go to the web server directory and clone the project:
$ cd /var/www
$ sudo chmod 777 .
$ git clone (git address)
$ cd (project)
$ composer install
$ cp .env.example .env
$ php artisan migrate
$ sudo nano /etc/apache2/sites-available/sitename.conf
And add something like
<VirtualHost *:80>
ServerAdmin (email)
ServerName (hostname)
DocumentRoot /var/www/(cloned git dir)/public
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<Directory /var/www/(cloned git dir)/public>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
Save and activate it using
$ sudo a2ensite sitename
Also activate mod_rewrite
$ sudo a2enmod rewrite
$ sudo systemctl reload apache2
Have a nice weekend.
Sources:
💯