Ubuntu 16.04
PHP 7.2
Mysql 5.7
Nginx
Redis (v3.0.6)
MongoDB (v1.4.2)
NodeJS (v9.11.1), Npm (v5.6.0), Yarn (v1.6.0)
Ruby (v2.3.1p112), SASS (v3.5.6)
Composer (v1.6.4)
Check if deploy user existed in server
cut -d: -f1 /etc/passwd
Create deploy user and provide more information (Ex: password, name, ...)
sudo adduser deploy
ssh-keygen -t rsa -b 4096
eval "$(ssh-agent -s)"
// Example Output: Agent pid 5624
ssh-add -k ~/.ssh/id_rsa
// Example Output: Identity added: /home/deploy/.ssh/id_rsa (/home/deploy/.ssh/id_rsa)
Display, copy and add public key to Deploy Keys in Github Repository (Only need READ permission)
cat ~/.ssh/id_rsa.pub
Check user deploy can access to Repository
ssh -T [email protected]
// Hi xxx/repo-name! You've successfully authenticated, but GitHub does not provide shell access.
Add your public key or service public key (Ex: Drone) to /home/deploy/.ssh/authorized_keys for ssh to server or auto deployment
sudo su - deploy
Create project folder (ex: xxx)
mkdir xxx
Setting up base evironment sudo su -
Setup server stack following these commands:
DEBIAN_FRONTEND=noninteractive
locale-gen en_US.UTF-8
LANGUAGE=en_US.UTF-8
LC_ALL=en_US.UTF-8
LC_CTYPE=UTF-8
LANG=en_US.UTF-8
TERM=xterm
# Install "software-properties-common" (for the "add-apt-repository")
apt-get update && apt-get install -y software-properties-common
# Install Mysql
echo "mysql-server mysql-server/root_password password root" | debconf-set-selections \
&& echo "mysql-server mysql-server/root_password_again password root" | debconf-set-selections \
&& apt-get install -y mysql-server
# Install Redis, Nginx, MongoDB, Supervisor
apt-get -y install nginx redis-server mongodb supervisor \
&& mkdir -p /data/db
# Add the "PHP 7" ppa
add-apt-repository -y ppa:ondrej/php
# Install PHP-CLI 7, some PHP extentions and some useful Tools with APT
apt-get update && apt-get install -y \
php7.2-cli \
php7.2-common \
php7.2-curl \
php7.2-json \
php7.2-xml \
php7.2-mbstring \
php7.2-mysql \
php7.2-pgsql \
php7.2-sqlite \
php7.2-sqlite3 \
php7.2-zip \
php7.2-memcached \
php7.2-gd \
php7.2-fpm \
php7.2-xdebug \
php7.2-dev \
libcurl4-openssl-dev \
libedit-dev \
libssl-dev \
libxml2-dev \
xz-utils \
sqlite3 \
libsqlite3-dev \
git \
curl \
vim \
nano \
net-tools \
pkg-config \
iputils-ping
# remove load xdebug extension (only load on phpunit command)
sed -i 's/^/;/g' /etc/php/7.2/cli/conf.d/20-xdebug.ini
# Install mongodb extension
pecl channel-update pecl.php.net && pecl install mongodb
echo "extension=mongodb.so" >> /etc/php/7.2/cli/php.ini
# Install Nodejs
curl -sL https://deb.nodesource.com/setup_9.x | bash - \
&& apt-get install -y nodejs \
&& npm install -g gulp-cli bower eslint babel-eslint eslint-plugin-react yarn
# Install SASS
apt-get install -y ruby-full rubygems \
&& gem install sass
# Install Composer
curl -s http://getcomposer.org/installer | php \
&& mv composer.phar /usr/local/bin/composer
# Add bin folder of composer to PATH.
echo "export PATH=${PATH}:/home/deploy/xxx/vendor/bin:/root/.composer/vendor/bin" >> ~/.bashrc
// If you choose to deploy with Rocketeer please use this command below
echo "export PATH=${PATH}:/home/deploy/xxx/current/vendor/bin:/root/.composer/vendor/bin" >> ~/.bashrc
# Load xdebug Zend extension with phpunit command
echo "alias phpunit='php -dzend_extension=xdebug.so /home/deploy/xxx/vendor/bin/phpunit'" >> ~/.bashrc
// If you choose to deploy with Rocketeer please use this command below
echo "alias phpunit='php -dzend_extension=xdebug.so /home/deploy/xxx/current/vendor/bin/phpunit'" >> ~/.bashrc
Grant access deploy user can run command restart nginx and php-fpm, switch to su user
sudo su -
Edit /etc/sudoers file, add following command
deploy ALL=(ALL) NOPASSWD: /etc/init.d/nginx restart
deploy ALL=(ALL) NOPASSWD: /etc/init.d/php7.2-fpm restart
Change directory to /etc/nginx/sites-available
cd /etc/nginx/sites-available
Make a new virutal host file based on your project name
vim xxx.domain
Put content below to virtual host config file
server {
listen 80;
listen [::]:80 ipv6only=on;
root /home/deploy/xxx;
index index.php index.html index.htm;
server_name xxx.domain;
try_files $uri $uri/ @rewrite;
access_log /var/log/nginx/xxx.domain.access.log;
error_log /var/log/nginx/xxx.domain.error.log;
location @rewrite {
rewrite ^/(.*)$ /index.php?_url=/$1;
}
# set client body size to 500M #
client_max_body_size 500M;
# Increase buffer size to deal with too long URL (especially on redirect)
fastcgi_buffers 8 16k;
fastcgi_buffer_size 32k;
# pass the PHP scripts to FastCGI server listening on the php-fpm socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
include fastcgi_params;
}
}
Link this configuration to sites-enabled for activating
ln -s /etc/nginx/sites-available/gmt.framgia.vn /etc/nginx/sites-enabled/
Make test HTML file like /home/deploy/xxx/index.html with test content for validating
Make Nginx running with deploy user instead of www-data, please edit /etc/nginx/nginx.conf, replace www-data to deploy user
Make Php FPM running with deploy user, please edit /etc/php/7.2/fpm/pool.d/www.conf and replace www-data to deploy
Restart nginx, php7.2-fpm with deploy user and access xxx.domain for verifying
Another step you can create /home/deploy/xxx/info.php and put content below in that for verifying PHP Info
<?php
phpinfo();
Some background process like Nginx, Redis, Php FPM, MongoDB or Laravel Queue listen we don't want to manually restart before deploying server, so we can configure it running in background with Supervisor
Firstly, edit /etc/supervisor/supervisord.conf, add this line below [supervisord] block
nodaemon=true
Create /etc/supervisor/conf.d/main-worker.conf
[program:mysqld]
command=/usr/sbin/service mysql start
autorestart=false
[program:redis-server]
command=/usr/bin/redis-server
[program:mongodb]
command=/usr/bin/mongod
[program:php7.2-fpm]
command=/usr/sbin/service php7.2-fpm start
autorestart=false
startretries=0
redirect_stderr=false
redirect_stderr=false
[program:nginx]
command=/usr/sbin/nginx -g "daemon off;"
supervisorctl reread
supervisorctl update
