演練平台安裝步驟

# 演練平台安裝步驟 # 基本說明此系統使用 Laravel 開發，為 Server Side Render 架構，以下以 Ubuntu 環境為範例安裝。 # 更新 ```bash= sudo apt update; ``` # Nginx ```bash= sudo apt install nginx; sudo service nginx status; sudo service nginx start; curl 127.0.0.1; sudo service nginx enable; ``` # 安裝 PHP 安裝 apt repositories 管理工具包，用於新增 PPA 的資料來源 ```bash= sudo apt -y install software-properties-common; sudo add-apt-repository ppa:ondrej/php; sudo apt install php7.4-fpm php7.4-cli php7.4-mysql php7.4-gd php7.4-tidy php7.4-xmlrpc php7.4-mbstring php7.4-xml php7.4-curl php7.4-zip; sudo service php7.4-fpm start; sudo service php7.4-fpm status; ``` # 安裝 PHP Composer ```bash= sudo apt install unzip; cd ~; php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" php -r "if (hash_file('sha384', 'composer-setup.php') === '906a84df04cea2aa72f40b5f787e49f22d4c2f19492ac310e8cba5b96ac8b64115ac402c8cd292b8a03482574915d1a8') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" php composer-setup.php php -r "unlink('composer-setup.php');" ``` # 安裝 MariaDB(MySQL) ```bash= sudo apt-key adv --fetch-keys 'https://mariadb.org/mariadb_release_signing_key.asc'; sudo add-apt-repository 'deb [arch=amd64,arm64,ppc64el] http://nyc2.mirrors.digitalocean.com/mariadb/repo/10.4/ubuntu focal main'; sudo apt install mariadb-server; mysql --version; sudo service mysql start; ``` # 安裝 Redis ```bash= sudo apt install redis-server; sudo vim /etc/redis/redis.conf; sudo service redis-server start; ``` 輸入 sudo vim /etc/redis/redis.conf 之後，找到 supervised 關鍵字，將其設定改成如下方所示。 ```bash= ... # If you run Redis from upstart or systemd, Redis can interact with your # supervision tree. Options: # supervised no - no supervision interaction # supervised upstart - signal upstart by putting Redis into SIGSTOP mode # supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET # supervised auto - detect upstart or systemd method based on # UPSTART_JOB or NOTIFY_SOCKET environment variables # Note: these supervision methods only signal "process is ready." # They do not enable continuous liveness pings back to your supervisor. supervised systemd ... ``` 設定好之後輸入 ```bash= sudo service redis-server restart sudo service redis-server status ``` # 安裝 Supervisor ```bash= sudo apt install supervisor; sudo service supervisor start; ``` # 安裝專案程式碼 * 可以透過 FTP 等工具將專案程式碼上傳至 Linux 當中 * 一般專案程式碼會放在 `/var/www` ```bash= sudo mv ~/se_project /var/www/se_project cd /var/www sudo chown kali:kali se_project -R; cd se_project composer install --no-dev; composer dump; cp .env.example .env; vim .env; ``` 修改 .env 以下主要幾個參數，注意有井字號行數的文字描述不要複製到，是備註說明用。 ```bash= # 設定環境為正式環境 APP_ENV=production APP_DEBUG=false # APP_URL 要是有使用 HTTPS，必須改成 HTTPS APP_URL=http://web_domain # 設定 MaraiDB 帳號密碼 DB_USERNAME=new_root DB_PASSWORD=new_root # 設定 Laravel 發信的 SMTP 相關參數 MAIL_DRIVER=smtp MAIL_HOST=smtp.mailgun.org MAIL_PORT=xxx MAIL_USERNAME=xxx MAIL_PASSWORD=xxx MAIL_ENCRYPTION=tls ``` # 設定 MariaDB Database Schema ```bash= sudo mysql; ``` 進入 MySQL 之後輸入以下指令 ```bash= CREATE DATABASE se_db; CREATE USER 'new_root'@'localhost' IDENTIFIED BY 'new_root'; GRANT ALL PRIVILEGES ON *.* TO 'new_root'@'localhost'; FLUSH PRIVILEGES; GRANT ALL ON *.* to 'new_root'@'%' IDENTIFIED BY 'new_root' WITH GRANT OPTION; ``` 測試 `new_root` 是否可以登入成功 ```bash= mysql -u new_root -p ``` 再來輸入以下指令（需在 se_project 目錄當中） ```bash= php artisan migrate:fresh --seed php artisan key:generate; php artisan config:clear;php artisan view:clear;php artisan route:clear; php artisan cache:clear; php artisan clear; ``` # 設置 crontab ```bash= crontab -e ``` 進入 crontab 設置頁面，輸入 ```bash= * * * * * /usr/bin/php /var/www/se_project/artisan schedule:run >/dev/null 2>&1 ``` # 設置 supervisor ```bash= sudo vim /etc/supervisor/conf.d/laravel-worker.conf sudo service supervisor start ``` ```bash= [program:laravel-worker] process_name=%(program_name)s_%(process_num)02d command=/usr/bin/php /var/www/se_project/artisan queue:work --sleep=3 --tries=1 --memory=2048 autostart=true autorestart=true user=www-data numprocs=6 redirect_stderr=true stdout_logfile=/var/log/supervisor/laravel_supervisor.log ``` 設定完之後，輸入以下指令載入排程設定 ``` sudo supervisorctl stop laravel-worker:*;sudo supervisorctl reread; sudo supervisorctl update;sudo supervisorctl start laravel-worker:* ``` # 設置 Nginx ``` vim /etc/nginx/sites-enabled/default ``` 可以將 default 的設定清空，替換成下面的設定。 ``` server { listen 80; server_name example.com; root /var/www/se_project/public; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; index index.html index.htm index.php; charset utf-8; location / { try_files $uri $uri/ /index.php?$query_string; } location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } error_page 404 /index.php; location ~ \.php$ { fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; include fastcgi_params; } location ~ /\.(?!well-known).* { deny all; } } ``` 編輯完之後重新啟動即可 ``` sudo service nginx restart; sudo service nginx status; ``` 最後回到 `/var/www` 的目錄，輸入以下指令修改權限即可登入網 ``` sudo chown www-data:www-data se_project -R ```