Skip to content

Instantly share code, notes, and snippets.

@huenisys

huenisys/AWS + Ubuntu 17.10 + Nginx + PHP 7.1 + Laravel 5.5 guide.md

Last active January 1, 2018 17:34
Show Gist options
  • Save huenisys/c4a49d5b9ddf8dbeca7c826958917c83 to your computer and use it in GitHub Desktop.
Save huenisys/c4a49d5b9ddf8dbeca7c826958917c83 to your computer and use it in GitHub Desktop.
Download ZIP
AWS + Ubuntu 17.10 + Nginx + PHP 7.1 + Laravel 5.5 guide
Raw
AWS + Ubuntu 17.10 + Nginx + PHP 7.1 + Laravel 5.5 guide.md

Select some AMI

Set some elastic IP

Some new linux user

  • $ sudo adduser {some_user}
  • $ sudo usermod -aG sudo {some_user} # give sudo access
  • $ su - {some_user} # switch to that user

Ubuntu upgrade

  • $ sudo do-release-upgrade
  • $ sudo apt-get install -y git tmux vim curl wget zip unzip htop
  • $ sudo add-apt-repository -y ppa:chris-lea/redis-server
  • $ sudo apt-get install -y redis-server

Commands

  • $ ps aux | grep php # setup php to run as user not the default www-data
  • $ history | grep mysql
  • $ history | less # useful checking past commands from old server
  • $ sudo lsof -nP -i | grep LISTEN

Install nginx, mysql, php

  • $ sudo apt-get update
  • $ sudo apt-get install nginx
  • $ sudo apt-get install mysql-server
  • $ sudo mysql_secure_installation
  • $ sudo apt-get install php-fpm php-mysql

SSH keys

  • copy authorized keys from ubuntu to the new user, chown it

Update AWS sec group

  • allow HTTP access, i.e. open port 80

PHP deep dive

  • $ sudo add-apt-repository ppa:ondrej/php we want to install 7.1 for now, not 7.2 as laravel has some issues with 7.2 atm
  • $ sudo apt-get update
  • $ sudo apt-get install -y php7.1-fpm php7.1-cli php7.1-curl php7.1-mysql php7.1-sqlite3 php7.1-gd php7.1-xml php7.1-mcrypt php7.1-mbstring php7.1-iconv php7.1-pgsql php7.1-imap php-memcached php7.1-bcmath

Composer installation

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php -r "if (hash_file('SHA384', 'composer-setup.php') === '544e09ee996cdf60ece3804abc52599c22b1f40f4323403c44d44fdfdd586475ca9813a858088ffbc1f233e9b180f061') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"
php composer-setup.php
php -r "unlink('composer-setup.php');"
  • sudo mv composer.phar /usr/local/bin/composer
  • which composer

Todo: run php process as user

Secured vhosting

  • /etc/nginx/nginx.con user someoneElse
  • create a new user with a different group, e.g. huenisys:huenits
cd /etc/php/7.1/fpm/pool.d/
sudo vim huenisys.conf
  • content
[huenisys]
user = huenisys
group = www-data
listen = /run/php/php7.1-fpm-huenisys.sock
listen.owner = www-data
listen.group = www-data
php_admin_value[disable_functions] = exec,passthru,shell_exec,system
php_admin_flag[allow_url_fopen] = off
pm = dynamic
pm.max_children = 5
pm.start_servers = 2
pm.min_spare_servers = 1
pm.max_spare_servers = 3
chdir = /
  • $ sudo service php7.1-fpm restart
  • server block
server {
        listen 80;
        root /home/huenisys/www/huenits.com;
        index index.html index.htm index.php;
        server_name www.huenits.com;

        charset utf-8;

        location / {
                try_files $uri $uri/ /index.php?$query_string;
        }

        location = /favicon.ico { access_log off; log_not_found off; }
        location = /robots.txt  { access_log off; log_not_found off; }

        access_log  /var/log/nginx/www.huenits.com-access.log;
        error_log  /var/log/nginx/www.huenits.com-error.log error;

        sendfile off;

        client_max_body_size 100m;

        location ~ \.php$ {
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php/php7.1-fpm-huenisys.sock;
                fastcgi_index index.php;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param APP_ENV production;


                fastcgi_intercept_errors off;
                fastcgi_buffer_size 16k;
                fastcgi_buffers 4 16k;
                fastcgi_connect_timeout 300;
                fastcgi_send_timeout 300;
                fastcgi_read_timeout 300;
        }

        location ~ /\.ht {
         deny all;
        }
        #ssl on;
        ##ssl_certificate     /etc/nginx/ssl/www.huenits.com.crt;
        ##ssl_certificate_key /etc/nginx/ssl/www.huenits.com.key;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment