Skip to content

Instantly share code, notes, and snippets.

@mokhosh

mokhosh/laravel-deployment-vps.md

Last active December 29, 2023 20:20
Show Gist options
  • Save mokhosh/a63558d916a337c31f492f0cc0cab864 to your computer and use it in GitHub Desktop.
Save mokhosh/a63558d916a337c31f492f0cc0cab864 to your computer and use it in GitHub Desktop.
Download ZIP
Deploy Laravel to VPS (LEMP, Git, Mail, Redis, SSL, etc.)
Raw
laravel-deployment-vps.md

A BETTER ALTERNATIVE

Use laravel-sheploy instead. It's more capabale and much eaiser to use.

Sign in and create git user

  • ssh root@IP
  • adduser git
  • usermod -aG sudo git

Set SSH keys

on local machine

  • ssh-keygen
  • ls ~/.ssh
  • cat ~/.ssh/id_rsa.pub

on VPS

  • cd ~/.ssh
  • vim authorized_keys paste public key
  • for other users you need to login to:
  • su git then mkdir ~/.ssh
  • fix permissions chmod 700 ~/.ssh?
  • vim ~/.ssh/authorized_keys paste public key
  • chmod 600 ~/.ssh/authorized_keys to restrict this from being modified?
  • exit to return to root user

disable password login if needed

  • sudo vim /etc/ssh/sshd_config
  • Find PasswordAuthentication and set that to no
  • Turn on PubkeyAuthentication yes
  • Turn off ChallengeResponseAuthentication no
  • Reload the SSH service sudo systemctl reload sshd
  • Test new user in a new tab to prevent getting locked out

LEMP

  • apt update
  • apt install nginx
  • apt install mysql-server
  • mysql_secure_installation
  • mysql
  • ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'STRONG_PASSWORD_HERE';
  • FLUSH PRIVILEGES;
  • mysql -u root -p
  • apt install software-properties-common
  • add-apt-repository ppa:ondrej/php
  • apt update
  • apt install php7.4-fpm php7.4-common php7.4-mysql php7.4-xml php7.4-xmlrpc php7.4-curl php7.4-gd php7.4-imagick php7.4-cli php7.4-dev php7.4-imap php7.4-mbstring php7.4-opcache php7.4-soap php7.4-zip unzip -y
  • nano /etc/php/7.4/fpm/php.ini
upload_max_filesize = 32M 
post_max_size = 48M 
memory_limit = 256M 
max_execution_time = 600 
max_input_vars = 3000 
max_input_time = 1000
  • service php7.4-fpm restart
  • vim /etc/nginx/sites-available/YOUR.DOMAIN.COM paste:
server {
  listen 80;
  listen [::]:80;
  
  root /var/www/html/project/public;
  index index.php index.html index.htm index.nginx-debian.html;
  
  server_name YOUR.DOMAIN.COM;

  location / {
    try_files $uri $uri/ /index.php?$query_string;
  }

  location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
  }

  location ~ /\.ht {
    deny all;
  }
}
  • sudo ln -s /etc/nginx/sites-available/YOUR.DOMAIN.COM /etc/nginx/sites-enabled/
  • sudo unlink /etc/nginx/sites-enabled/default
  • sudo nginx -t
  • sudo systemctl reload nginx

Laravel

  • apt install php7.4-mbstring php7.4-xml composer unzip
  • mysql -u root -p
  • CREATE DATABASE laravel DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
  • GRANT ALL ON laravel.* TO 'laraveluser'@'localhost' IDENTIFIED BY 'password';
  • FLUSH PRIVILEGES;
  • exit
  • cd /var/www/html/project
  • composer install
  • cp .env.example .env && vim .env
  • php artisan migrate
  • php artisan key:generate
  • sudo chgrp -R www-data storage bootstrap/cache
  • sudo chmod -R ug+rwx storage bootstrap/cache

SSL

  • sudo add-apt-repository ppa:certbot/certbot
  • sudo apt install python-certbot-nginx
  • sudo certbot certonly --webroot --webroot-path=/var/www/html/quickstart/public -d example.com -d www.example.com
  • sudo certbot certonly --webroot --webroot-path=/var/www/html/first-project/public -d YOUR.DOMAIN.COM
server {
    listen 80;
    listen [::]:80;

    server_name YOUR.DOMAIN.COM;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name YOUR.DOMAIN.COM;
    root /var/www/html/first-project/public;

    ssl_certificate /etc/letsencrypt/live/YOUR.DOMAIN.COM/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/YOUR.DOMAIN.COM/privkey.pem;
    
    ssl_protocols TLSv1.2;
	ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
	ssl_prefer_server_ciphers on;

	add_header X-Frame-Options "SAMEORIGIN";
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Content-Type-Options "nosniff";

	index index.php index.html index.htm index.nginx-debian.html;

    charset utf-8;

    location / {
            try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
    }

    location ~ /\.ht {
            deny all;
    }

    location ~ /.well-known {
            allow all;
    }
}
  • sudo nginx -t
  • sudo systemctl reload nginx

Git

  • cd /var/www/html
  • mkdir project && sudo chown git:www-data project -R
  • apt update
  • apt install git
  • su git
  • cd ~ && git init --bare project.git
  • cd ~/project.git/hooks
  • touch post-receive
  • chmod +x post-receive
  • vim post-receive
#!/bin/sh
PROD="/var/www/html/project"
REPO="/home/git/project.git"
git --work-tree=$PROD --git-dir=$REPO checkout -f

local git repo

  • git remote add production git@IP:project.git (or set-url if using origin)

Mail

Redis

Queue

@mokhosh
Copy link
Author

mokhosh commented Dec 29, 2023

This script is pretty dated now.
I recommend using https://github.com/mokhosh/laravel-sheploy if you're considering using this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment