Kuendesa application kuLaravel 7 paUbuntu & Nginx

Ndakasarudza kugadzira portfolio yangu ndichishandisa Laravel 7. Kuti peji huru ive peji yekumhara, uye ruzivo rwese pairi runogona kuchinjwa uchishandisa admin panel. Kwete iyo pfungwa. Kwakasvika pakutumirwa. Ndakawana akati wandei matutorials akanaka ekuita izvi pane yakazara-yakazara server nematambudziko ese. Ini handina kusimba zvakanyanya mukutumirwa; ini kazhinji ndiri kumberi kupfuura yakazara stack. Uye, kana ndichiri kugona kunyora uye kuyedza muPHP, saka ndisati ndabata sevha, nezvimwe. Handisati ndakura. Asi ndaifanira kuzvinzwisisa.

Iye zvino tichapfuura nematanho ese, kutanga nekutanga kuburikidza neSSH uye kupera nesaiti yekushanda. Tichaedza kunzvenga misungo yese.

Unogona kuwana mirairo yakafanana pamhepo. Pashure pezvose, pakupedzisira ndakaiwana. Ichokwadi, kwete munzvimbo imwe chete, kwete pasina rubatsiro rweStackOverflow, uye zvishoma muRussia. Ndakatambura. Ndosaka ndafunga kurerutsa hupenyu hwako.

Tichaita zvese nedonhwe paDigitalOcean. Izvi, hongu, hazvidiwi; sarudza chero yekutambira. Paunosvika kune server inoshanda paUbuntu, dzoka. Kune avo vachiri kufunga kuzviita paDigitalOcean, pachave nemamwe matipi ekumisikidza domain. Uye $100 kutumira link.

Ese DigitalOcean-chaiwo matanho achapihwa muzasi manyoro akadai.

Ngatitange.

TL; DR (zvakakosha mirairo chete)

Gadzira mushandisi

• ssh root@[IP-адрес вашего дроплета]
• adduser laravel
• usermod -aG sudo laravel
• su laravel

Wedzera SSH kwairi

• mkdir ~/.ssh
• chmod 700 ~/.ssh
• vim ~/.ssh/authorized_keys
• Isa kiyi yeruzhinji
• chmod 600 ~/.ssh/authorized_keys

Firewall

• sudo ufw allow OpenSSH
• sudo ufw enable
• sudo ufw status

Nginx

• sudo apt update
• sudo apt install -y nginx
• sudo ufw allow 'Nginx HTTP'
• sudo ufw status

MySQL

• sudo apt install -y mysql-server
• sudo mysql_secure_installation, NYNNY
• sudo mysql
• ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '<Ваш пароль для MySQL>';
• SELECT user,authentication_string,plugin,host FROM mysql.user;
• FLUSH PRIVILEGES;
• exit

PHP

• sudo apt update

• sudo apt install -y curl wget gnupg2 ca-certificates lsb-release apt-transport-https

• sudo apt-add-repository ppa:ondrej/php

• sudo apt update

• 7.3: sudo apt install -y php7.3-fpm php7.3-mysql

• 7.4: sudo apt install -y php7.4-fpm php7.4-mysql

• sudo vim /etc/nginx/sites-available/<Ваш домен>

Basic setup:

server {
        listen 80;
        root /var/www/html;
        index index.php index.html index.htm index.nginx-debian.html;
        server_name <Ваш домен или IP>;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ .php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        }

        location ~ /.ht {
                deny all;
        }
}

Chete HTTP setup yeLaravel:

server {
    listen 80;
    listen [::]:80;

    root /var/www/html/<Имя проекта>/public;
    index index.php index.html index.htm index.nginx-debian.html;

    server_name <Ваш домен или IP>;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ .php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    }

    location ~ /.ht {
        deny all;
    }
}

HTTPS marongero eLaravel:

server {
    listen 80;
    listen [::]:80;

    server_name <Ваш домен> www.<Ваш домен>;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name <Ваш домен> www.<Ваш домен>;
    root /var/www/html/<Имя проекта>/public;

    ssl_certificate /etc/letsencrypt/live/<Ваш домен>/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/<Ваш домен>/privkey.pem;

    ssl_protocols TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.php index.html index.htm index.nginx-debian.html;

    charset utf-8;

    location / {
            try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ .php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    }

    location ~ /.ht {
            deny all;
    }

    location ~ /.well-known {
            allow all;
    }
}

• sudo ln -s /etc/nginx/sites-available/<Ваш домен> /etc/nginx/sites-enabled/
• sudo unlink /etc/nginx/sites-enabled/default
• sudo nginx -t
• sudo systemctl reload nginx

Laravel

• 7.3: sudo apt install -y php7.3-mbstring php7.3-xml composer unzip

• 7.4: sudo apt install -y php7.4-mbstring php7.4-xml composer unzip

• mysql -u root -p

• CREATE DATABASE laravel DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;

• GRANT ALL ON laravel.* TO 'root'@'localhost' IDENTIFIED BY '<Ваш пароль от MySQL>';

• FLUSH PRIVILEGES;

• exit

• cd /var/www/html

• sudo mkdir -p <Имя проекта>

• sudo chown laravel:laravel <Имя проекта>

• cd ./<Имя проекта>

• git clone <ссылка на проект> . / git clone -b <имя ветки> --single-branch <ссылка на проект> .

• composer install

• vim .env

APP_NAME=Laravel
APP_ENV=production
APP_KEY=
APP_DEBUG=false
APP_URL=http://<Ваш домен>

LOG_CHANNEL=stack

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=laravel
DB_USERNAME=root
DB_PASSWORD=<Ваш пароль от MySQL>

• php artisan migrate

• php artisan key:generate

• sudo chown -R $USER:www-data storage

• sudo chown -R $USER:www-data bootstrap/cache

• chmod -R 775 storage

• chmod -R 775 bootstrap/cache

HTTPS

• sudo add-apt-repository ppa:certbot/certbot

• sudo apt install -y python-certbot-nginx

• sudo certbot certonly --webroot --webroot-path=/var/www/html/<Имя проекта>/public -d <Ваш домен> -d www.<Ваш домен>

• sudo nginx -t

• sudo ufw allow 'Nginx HTTPS'

• sudo ufw status

• sudo systemctl reload nginx

Gadzira chinodonhedza paDigitalOcean uye nyoresa kiyi itsva yeSSH

Ini ndinotenda zvechokwadi kuti iwe unozoona nzira yekunyoresa nayo DigitalOcean iwe pachako. Hazvisi nyore, zvine akawanda ma verification nezvimwe zvinhu. Kana iwe uchigara uchiwana kukanganisa kwetiweki paunenge uchisimbisa uchishandisa zvinyorwa, edza kuita zvese kuburikidza neVPN, zvinofanirwa kubatsira.

Mune menyu kumusoro, tinya sika->Twumadonhwe. Sarudza Ubuntu.

Paunongonyoresa, iwe unogashira $100 kuaccount yako. Asi usanyengerwa. Unongova nemazuva makumi matanhatu chete kuti uzvipedze. Uye izvi zvishoma. Iwe unogona, kufanana neni, unoda kushandisa chirongwa chinodhura, kuitira kuti gare gare, apo mari chaiyo inotanga kuyerera, unogona kushandura kune inodhura. Ini ndichakuudza pakarepo kuti hazvishande. Iwe unogona kuwedzera, asi haugone kuderedza. Saka zvinoenda. Ndinosarudza Standard->$5.

Ndinosarudza nzvimbo iri pedyo nesu muFrankfurt. VPC Network->default-fra1

Isu tinobva taita huchokwadi kuburikidza neSSH. Dzvanya Nyowani SSH Key. Kana iwe usina SSH, kune mirairo yakapusa kurudyi. Vhura bash terminal uye unamate ssh-keygen. Zvadaro tinoenda kune faira nekiyi yeruzhinji /Users/<Ваше имя пользователя>/.ssh/id_rsa.pub (kana zvakapusa cat ~/.ssh/id_rsa.pub), kopira zvirimo wozvinamira mufafitera riri kuruboshwe. Chero zita.

Isu tinouya nezita remugadziri weiyo droplet.

Dinani pano Gadzira Droplet

Gadzira mushandisi mutsva

• ssh root@[IP-адрес вашего дроплета]
• Une chokwadi here kuti unoda kuenderera mberi nekubatanidza (hongu/kwete/[mudhindo wemunwe])? yes
• Isa password yako yeSSH
• Gadzira mushandisi laravel: adduser laravel
• Isa password yako uye rumwe ruzivo (ini ndinongoisa Zita Rakazara)
• Wedzera mushandisi kuboka re sudo: usermod -aG sudo laravel

SSH yemushandisi mutsva

• Chinja kumushandisi mutsva: su laravel

Isu tinoita zviito zvese mberi, kusvika pakupera kwechinyorwa, takamiririra mushandisi welaravel. Naizvozvo, kana ukangoerekana wavhiringwa, pindazve uye upinde su laravel

• mkdir ~/.ssh
• chmod 700 ~/.ssh
• vim ~/.ssh/authorized_keys

Takavhura faira muVim. Kana usiri kujairana nazvo zvachose, unogona kushanda muNano, kurudyi rwako.

Iwo akanyanya kukosha Vim mirairo

Kuti ushandise Vim mupepeti muchinyorwa chose, iwe unongoda kuziva zvinotevera.

• Vim ine mamodhi akasiyana: Yakajairika modhi, yaunopinda mairi mirairo uye sarudza modes uye nevamwe.
• Kubuda chero modhi uye kudzokera kune yakajairwa modhi, ingo dzvanya Esc
• Famba-famba: unogona kungoshandisa miseve
• Buda usina kuchengetedza <Normal mode>: :q!
• Buda uye chengetedza <Normal mode>: :wq
• Chinja kumodhi yekuisa mavara <Normal mode>: i (kubva kuChirungu. isa)

• Isu tinoisa kiyi yedu yeruzhinji (yatakaita pamusoro)
• Isu tinodzivirira kubva kune shanduko: chmod 600 ~/.ssh/authorized_keys

Kuisa firewall

• Ngatitarisei ese anowanikwa marongero: sudo ufw app list
• Bvumira OpenSSH (zvikasadaro ichatikiya): sudo ufw allow OpenSSH
• Ngatitangei firewall: sudo ufw enable, y
• Tinotarisa: sudo ufw status

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)

Zvese zvakanaka.

Kuisa Nginx

Panguva yekuisa iwe dzimwe nguva unozobvunzwa "Une chokwadi here?" Pindura y (zvakanaka, chete kana uine chokwadi).

• sudo apt update
• sudo apt install nginx

Kuwedzera Nginx kune firewall marongero

• sudo ufw app list
• sudo ufw allow 'Nginx HTTP'
• sudo ufw status

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere
Nginx HTTP                 ALLOW       Anywhere
OpenSSH (v6)               ALLOW       Anywhere (v6)
Nginx HTTP (v6)            ALLOW       Anywhere (v6)

Enda kuIP yako. Kana zvinhu zvose zvikafamba zvakanaka, unofanira kuona zvinotevera.

Kuisa MySQL

• sudo apt install mysql-server
• Kuvhura otomatiki kudzivirira script sudo mysql_secure_installation

Pindura mibvunzo yabvunzwa. Kana usingazive chekupindura, hedzino dzimwe sarudzo dzinokurudzirwa:

• Bvisa password plugin - N

• Bvisa vashandisi vasingazivikanwe? - Y

• Usatendera midzi kupinda kure? - N

• Bvisa test database uye kuwana kwairi? - N

• Rodhazve matafura eropafadzo izvozvi? - Y

• Ngatiende kuMySQL: sudo mysql

• Ngatitarisei nzira dzekuwana: SELECT user,authentication_string,plugin,host FROM mysql.user;

• Seta password yemidzi: ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY '<Ваш пароль для MySQL>';

• Ngatitarisei nzira dzekuwana zvakare: SELECT user,authentication_string,plugin,host FROM mysql.user;

• Isa shanduko uye buda muMySQL: FLUSH PRIVILEGES; и exit

• Iye zvino, kuti upinde muMySQL yaunoda kushandisa mysql -u root -p uye isa password

Kuisa PHP

Ngatishandisei yechitatu-bato repository kubva Ondrej Surý

• sudo apt update
• sudo apt install -y curl wget gnupg2 ca-certificates lsb-release apt-transport-https
• sudo apt-add-repository ppa:ondrej/php
• sudo apt update

Zvino ngatisarudzei. YeLaravel 7, unogona kusarudza PHP 7.3 kana 7.4. Musiyano chete uchange uri munhamba 3 ne4.

• 7.3: sudo apt install -y php7.3-fpm php7.3-mysql
• 7.4: sudo apt install -y php7.4-fpm php7.4-mysql

PHP FastCGI Process Manager (fpm) inoshanda nezvikumbiro zvePP. mysql, hongu, yekushanda neMySQL.

Kubva zvino zvichienda mberi ndichaita zvese pa7.4.

Kugadzika Nginx

• sudo vim /etc/nginx/sites-available/<Ваш домен>

Panzvimbo pe "<Yako domain>" isa iyo domain (semuenzaniso, mysite.ru) yaunoda kushandisa mune ramangwana. Kana iwe usati wava nayo, nyora chero, wobva wadzokorora nhanho dziri muchitsauko chino chedomasi yako paunosarudza.

Isa zvinotevera:

server {
        listen 80;
        root /var/www/html;
        index index.php index.html index.htm index.nginx-debian.html;
        server_name <Ваш домен или IP>;

        location / {
                try_files $uri $uri/ =404;
        }

        location ~ .php$ {
                include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        }

        location ~ /.ht {
                deny all;
        }
}

Kana ukasarudza vhezheni 7.3 pane php7.4-fpm.sock nyora mukati php7.4-fpm.sock.

Teerera kune port 80 pa server_namepatinosvika pakukumbira mudzi /var/www/html tora index file. Kana mushure server_name Pane chimwe chinhu, tiri kutsvaga faira yakadaro. Kana tikasaiwana, tinorasa kunze 404. Kana yapera nayo .php, mhanya fpm... Kana aripo .ht, rambidza (403).

• Kugadzira link kubva sites-available в sites-enabled: sudo ln -s /etc/nginx/sites-available/<Ваш домен> /etc/nginx/sites-enabled/
• Kubvisa chinongedzo ku default: sudo unlink /etc/nginx/sites-enabled/default
• Kutarisa kukanganisa: sudo nginx -t
• Reboot: sudo systemctl reload nginx

Kuongorora basa:

• sudo vim /var/www/html/info.php
• Tinonyora: <?php phpinfo();
• Handei ku <Ваш IP>/info.php

Iwe unofanirwa kuona chimwe chinhu chakadai:

Iye zvino faira iri rinogona kudzimwa: sudo rm /var/www/html/info.php

Isa Laravel

• 7.3: sudo apt install php7.3-mbstring php7.3-xml composer unzip

• 7.4: sudo apt install php7.4-mbstring php7.4-xml composer unzip

• Ngatiende kuMySQL: mysql -u root -p

• Gadzira database ine zita laravel: CREATE DATABASE laravel DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;

• Isu tinopa midzi yekuwana laravel: GRANT ALL ON laravel.* TO 'root'@'localhost' IDENTIFIED BY '<Ваш пароль от MySQL>';

• FLUSH PRIVILEGES;

• exit

• cd /var/www/html

• Gadzira folda yeprojekiti: sudo mkdir -p <Имя проекта>

• Isu tinopa mushandisi laravel kodzero kupurojekiti: sudo chown laravel:laravel <Имя проекта>

Tevere unofanira kutamisa purojekiti. Semuenzaniso, cloning kubva kuGithub.

• cd ./<Имя проекта>
• git clone <ссылка на проект> .

Zvakakodzera kufunga kuti kana usina kuchengetedza static mafaira (semuenzaniso, kubva /public) paGithub, saka zvakasununguka hauzove nazvo. Semuenzaniso, ndakagadzira tambo yakaparadzana kugadzirisa izvi deploy, kubva kwandakatogadzira: git clone -b <имя ветки> --single-branch <ссылка на проект> ..

• Installing dependencies: composer install
• Create .env: vim .env

Iyo yekutanga vhezheni yayo inoita seizvi:

APP_NAME=Laravel
APP_ENV=production
APP_KEY=
APP_DEBUG=false
APP_URL=http://<Ваш домен>

LOG_CHANNEL=stack

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=laravel
DB_USERNAME=root
DB_PASSWORD=<Ваш пароль от MySQL>

Kana ukakopa .env yako, chinja APP_ENV nekugadzira, APP_DEBUG nenhema uye isa zvigadziriso zveMySQL.

• Kutamisa dhatabhesi: php artisan migrate
• Kugadzira kodhi: php artisan key:generate

Kuchinja mvumo:

• sudo chown -R $USER:www-data storage
• sudo chown -R $USER:www-data bootstrap/cache
• chmod -R 775 storage
• chmod -R 775 bootstrap/cache

Chinhu chekupedzisira chasara kugadzirisazve Nginx yeLaravel:

sudo vim /etc/nginx/sites-available/<Ваш домен>

server {
    listen 80;
    listen [::]:80;

    root /var/www/html/<Имя проекта>/public;
    index index.php index.html index.htm index.nginx-debian.html;

    server_name <Ваш домен или IP>;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ .php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    }

    location ~ /.ht {
        deny all;
    }
}

Senguva yekupedzisira, kana ukasarudza vhezheni 7.3 pachinzvimbo php7.4-fpm.sock nyora mukati php7.4-fpm.sock.

Kumisikidza domain paDigitalOcean

Zvese zviri nyore chaizvo. Iwe unotenga domain (chero kupi), chinja kuDigitalOcean pa sika->Domains/DNS... Mumunda Wedzera domain iwe pinda iyi domain uye tinya wedzera. Wobva waenda kune zvigadziriso zvedomasi uye kumunda ZITA REHOST kupinda @. Sarudza chirongwa uye tinya Gadzira rekodhi.
Zvino enda kunzvimbo yawakatenga iyo dura, tsvaga "DNS Servers" ipapo (kana chimwe chinhu chakafanana) uye pinda iyo DigitalOcean maseva (kureva. ns1.digitalocean.com, ns2.digitalocean.com, ns3.digitalocean.com) Iye zvino unofanirwa kumirira zvishoma (kana zvakawanda) kusvikira zvigadziriso izvi zvagamuchirwa. Ready!
Dambudziko chete nderekuti saiti yako inovhura chete seHTTP. Kuti uve neHTTPS, enda kune chikamu chinotevera.

Kugadzika HTTPS

Isa certbot uye uipfuudze iyo zita rezita (format mysite.ru) uye zita rezita rine www (www.mysite.ru).

• sudo add-apt-repository ppa:certbot/certbot
• sudo apt install python-certbot-nginx
• sudo certbot certonly --webroot --webroot-path=/var/www/html/<Имя проекта>/public -d <Ваш домен> -d www.<Ваш домен>

Iye zvino iwe unofanirwa kugadzirisazve Nginx (usakanganwa kutsiva yako tsika):

server {
    listen 80;
    listen [::]:80;

    server_name <Ваш домен> www.<Ваш домен>;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name <Ваш домен> www.<Ваш домен>;
    root /var/www/html/<Имя проекта>/public;

    ssl_certificate /etc/letsencrypt/live/<Ваш домен>/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/<Ваш домен>/privkey.pem;

    ssl_protocols TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
    ssl_prefer_server_ciphers on;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.php index.html index.htm index.nginx-debian.html;

    charset utf-8;

    location / {
            try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ .php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
    }

    location ~ /.ht {
            deny all;
    }

    location ~ /.well-known {
            allow all;
    }
}

Ini ndinofunga iwe unotonzwisisa izvo zvinoda kuchinjirwa PHP 7.3.

Pano, chaizvoizvo, zvinhu zvose zviri nyore. Isu tinongotungamira zvese zvikumbiro kubva kuHTTP (port 80) kuenda kuHTTPS (port 443). Uye ipapo tinoita zvese zvakafanana nekare, asi ne encryption.

Chinosara ndechekuisa mvumo mune firewall:

• sudo nginx -t
• sudo ufw app list
• sudo ufw allow 'Nginx HTTPS'
• sudo ufw status
• sudo systemctl reload nginx

Iye zvino zvinhu zvose zvinofanira kushanda sezvazvinofanira.

[Yepamusoro] Kuisa Node.js

Kana iwe ukangoerekana wada kumhanya npm mirairo zvakananga pane sevha, unofanirwa kuisa Node.js.

• sudo apt update
• sudo apt install -y nodejs npm
• nodejs -v

Ndizvozvo, ndakamira panguva ino. Muchidimbu, ndinogutsikana nemugumisiro. Pamwe ini ndichachinja kubva kuDigitalOcean kumwe kudhuze neRussia uye yakachipa. Asi sezvo ndakanga ndatopfuura nepakati pese kutenderera kutenderera pane saiti uye ndakaita zvese ipapo, ndakavaratidza nemuenzaniso. Pamusoro pezvo, kutanga kwavo $100 ibhodhi rakanakisa rekudzidziswa.

PS Kutenda kwakakosha kumunyori pfungwa iyi, iyo yakashanda sehwaro hwezvose zvakaitwa pamusoro apa. Mune zvimwe zviitiko hazvishande kuLaravel 7, ndakazvigadzirisa.

PPS Kana iwe ukaitika uri injinjiniya wepamusoro anofunga mumirairo yebash, ndapota usatonge nehasha. Unogona kuona kuti chinyorwa ichi chakaderera, asi ndingadai ndakafara kuchiwana pandakachida. Kana pane mazano ekuvandudza, ini ndinozviita.

Source: www.habr.com