# GCP Ubuntu Nginx 部署 Laravel 8 專案 ###### tags: `deploy` `gcp` `nginx` `laravel` `database` ## 前言 這次部署踩了不少雷，像是因為專案是用 Laravel 8 寫的，所以機器也要升到 PHP7.4，但怎麼升、要裝哪些東西也是卡很久；裝好後那個權限問題也是折騰了一番，為了下次不再崩潰，紀錄個部署流程 準備 - GCP Compute Engine: Ubuntu 18.04 - 要部署的專案 步驟 1. local 安裝 gcloud SDK 2. remote 安裝 PHP7.4、composer、mysql 3. remote 安裝 git、下載專案、權限設定 4. remote 安裝 Nginx、設定 nginx conf ## 1. GCP Compute Engine GCP 全名 Google Cloud Platform，Compute Engine 是 GCP 開虛擬機的服務 ### 1-1 安裝 gcloud SDK 開好機器 ### 1-2 連線到遠端機器 Make sure you are authenticated with the correct account: ``` gcloud auth list ``` * account 1 account 2 Change to the project's account if not: gcloud config set account `ACCOUNT` Depending on the account, the project list will be different: ``` gcloud projects list ``` - project 1 - project 2... Switch to intended project: ``` gcloud config set project PROJECT ID ``` - instance_zone: 開機器時選的位置，例如 asia-east1-b - instance_name: 機器名稱 ``` gcloud compute ssh --zone [instance_zone] [instance_name] ``` - 偷懶寫法 ``` gcloud compute ssh [instance_name] ``` ### 2-1 安裝 PHP7.4 ``` sudo apt-get install software-properties-common sudo add-apt-repository ppa:ondrej/php sudo apt-get update sudo apt -y --allow-unauthenticated install php7.4 sudo apt-get install -y --allow-unauthenticated \ php7.4-{bcmath,bz2,intl,gd,mbstring,mysql,zip,xml} ``` - 查看本版，檢查是否安裝成功 ``` php -v ``` ### 2-2 安裝 Composer - 安裝且設定 $PATH ``` curl -sS https://getcomposer.org/installer \ | sudo php -- --install-dir=/usr/local/bin --filename=composer ``` - 查看本版，檢查是否安裝成功 ``` composer -v ``` ### 2-3 安裝 MySQL ``` sudo apt-get install mysql-server ``` 若要安裝特定版本`sudo apt-get install mysql-server-5.7` 若要設密碼：`$sudo mysql_secure_installation` 啟動 mysql-server: ``` sudo systemctl start mysql ``` 查看是否成功啟動： ``` systemctl |grep mysql ``` 進入 mysql server: ``` sudo mysql -u root ``` 查看目前使用者及其身份驗證方式： ``` SELECT User, Host, plugin FROM mysql.user; ``` ``` CREATE USER 'liang'@'localhost' IDENTIFIED WITH mysql_native_password BY '00000'; ``` 給予新建的使用者存取DB的權限： ``` GRANT ALL PRIVILEGES ON *.* TO 'liang'@'localhost'; ``` (＊.＊ 代表所有DB的所有 table) 查看目前 mysql server的使用者： ``` select user,plugin,authentication_string from mysql.user; ``` 建立 DB ``` CREATE DATABASE database_name; ``` ### 3-1 安裝 git ``` sudo apt-get update sudo apt-get upgrade -y --allow-unauthenticated sudo apt-get install git ``` ### 3-2 下載專案 ``` git clone ``` 安裝相關套件 ``` composer install ``` 環境檔設置 ``` cp .env.example .env ``` ``` php artisan key:generate ``` 其他環境變數設置，例如 API KEY、AUTH TOKEN ``` vi .env ``` ### 3-3 設置專案權限 > 這邊很重要！三顆星！ 移動到專案目錄 ``` cd /var/www/project ``` 專案擁有者改為自己、全組改為 www-data ``` sudo chown -R $USER:www-data . ``` 權限設定，讓自己和 server 都能存取 ``` sudo find . -type f -exec chmod 664 {} \; sudo find . -type d -exec chmod 775 {} \; ``` 變更三個路徑的權限 ``` sudo chgrp -R www-data storage bootstrap/cache public sudo chmod -R ug+rwx storage bootstrap/cache public ``` > 其他方式請見 [How to set up file permissions for Laravel](https://stackoverflow.com/questions/30639174/how-to-set-up-file-permissions-for-laravel) ## Nginx ### 4-1 安裝 查看Port 80 是否被佔用： ``` sudo netstat -utlnp | grep 80 ``` (參數意義 udp, tcp, listen, numeric, process) numeric 的意思是將名稱數字化(IP)，例：原本的 localhost 會變成 127.0.0.1 Ubuntu 的映像檔已內建 Apache2，預設是開啟聽著 80 port， 查看 apache2 狀態：`sudo systemctl status apache2` 我們要改用 Nginx, 但是因為安裝 Nginx 後它也會自動聽 80 port，所以先把 apache2 停掉：`sudo systemctl stop apache2` 安裝 Nginx：`sudo apt-get install nginx -y` 安裝 Nginx 與 PHP溝通之套件 `sudo apt-get -y --allow-unauthenticated install php7.4-fpm` ### 4-3 設定 conf 以下是只 host 一個網站的方式，所以直接改 default 修改預設 config ``` sudo vi /etc/nginx/sites-available/default ``` 內容可參考以下 - root 指到 Laravel 專案的 public/ - index 加入或改為 index.php - 修改 try_files - fastcgi pass 到 php7.4-fpm ``` bash server { listen 80 default_server; listen [::]:80 default_server; # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; root /var/www/project/public; # Add index.php to the list if you are using PHP index index.php; server_name _; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ /index.php?$query_string; } # pass PHP scripts to FastCGI server # location ~ \.php$ { include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; } } ``` 改好儲存後重新載入設定 ``` sudo nginx -s reload ``` > reload 成功的話 /var/log/nginx/error.log 會有紀錄 去網址查看是否成功！ > 如果錯誤，例如 500 可去看 nginx 或 Laravel 專案的 log /var/log/nginx/error.log debug、project/storage/logs/ > 如果誤刪 error.log 只要在執行一次 reload 就會再產生 ## Domain and SSL ### 5-1 Set up domain ### 5-2 SSL https://xenby.com/b/101-%E6%95%99%E5%AD%B8-%E7%94%B3%E8%AB%8Blets-encrypt%E6%86%91%E8%AD%89%E8%88%87%E5%95%9F%E7%94%A8https-nginx 自動更新憑證的指令要新增排成在 root 登入 root 使用者 ``` sudo -s ``` 編輯 crontab ``` crontab -e ``` ## 參考 - [[GCP] Ubuntu 18 部署 Nginx server, Laravel 專案](https://ithelp.ithome.com.tw/articles/10228765) - [How to set up file permissions for Laravel](https://stackoverflow.com/questions/30639174/how-to-set-up-file-permissions-for-laravel) - [Check php-fpm running](https://stackoverflow.com/questions/14915147/php-fpm-check-if-running/20071968) - [常用的 apt 指令 （安裝、更新、移除](https://sean22492249.medium.com/%E5%B8%B8%E7%94%A8%E7%9A%84-apt-%E6%8C%87%E4%BB%A4-%E5%AE%89%E8%A3%9D-%E6%9B%B4%E6%96%B0-%E7%A7%BB%E9%99%A4-cbb56f595568)