# AWS deploy laravel ###### tags: `note` `AWS` `video` ubuntu sudo apt-get update sudo apt-get upgrade ## install nginx ppa sudo add-apt-repository ppa:nginx/stable sudo apt-get update sudo apt-get install nginx ## start nginx sudo service nginx start cd /var/www/html ## create new user sudo adduser lj 123456zxc123 ### give user auth (add sudo permission to lj) sudo usermod -aG sudo lj ### disable root (prevent that root be hacked and delete all files) #swich user su - lj #### make ssh to user 正確來說只要給它需要用的權限就好 sudo su #check ssh key for root user cat .ssh/authorized_keys #copy to user lj cp -r .ssh/authorized_keys /home/lj su - lj mkdir .ssh mv authorized_keys .ssh/ cd .ssh/ ll ``` total 12 drwxrwxr-x 2 lj lj 4096 Apr 21 02:38 ./ drwxr-xr-x 3 lj lj 4096 Apr 21 02:38 ../ -rw------- 1 root root 571 Apr 21 02:37 authorized_keys ``` #make auth of authorized_keys from root to lj sudo chown lj:lj authorized_keys ll ``` total 12 drwxrwxr-x 2 lj lj 4096 Apr 21 02:38 ./ drwxr-xr-x 3 lj lj 4096 Apr 21 02:38 ../ -rw------- 1 lj lj 571 Apr 21 02:37 authorized_key ``` #### inable root sudo vi /etc/ssh/sshd_config change the root login from true to no ## Install php ppa (擴充元（可以抓別人做好的）->怕找不到對的版本,也可以用Docker): https://launchpad.net/~ondrej/+archive/ubuntu/php sudo add-apt-repository ppa:ondrej/php sudo apt-get install ## other requirement #to connect nginx sudo apt-get install php-fpm sudo apt-get install php sudo apt-get install php-mbstring sudo apt-get install php-json //sudo apt-get install php-ctype -y //sudo apt-get install php-openssl -y //sudo apt-get install php-pdo -y sudo apt-get install php-xml -y sudo apt-get install php-zip -y sudo apt-get install php-mysql ## set nginx cd /etc/nginx/sites-available/ ``` ubuntu@ip-172-31-20-155:/etc/nginx/sites-available$ cat default ## # You should look at the following URL's in order to grasp a solid understanding # of Nginx configuration files in order to fully unleash the power of Nginx. # https://www.nginx.com/resources/wiki/start/ # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/ # https://wiki.debian.org/Nginx/DirectoryStructure # # In most cases, administrators will remove this file from sites-enabled/ and # leave it as reference inside of sites-available where it will continue to be # updated by the nginx packaging team. # # This file will automatically load configuration files provided by other # applications, such as Drupal or Wordpress. These applications will be made # available underneath a path with that package name, such as /drupal8. # # Please see /usr/share/doc/nginx-doc/examples/ for more detailed examples. ## # Default server configuration # server { listen 80 default_server; listen [::]:80 default_server; # SSL configuration # # listen 443 ssl default_server; # listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; root /var/www/html; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; server_name _; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } # pass PHP scripts to FastCGI server # #location ~ \.php$ { # include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): # fastcgi_pass unix:/run/php/php7.4-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # Virtual Host configuration for example.com # # You can move that to a different file under sites-available/ and symlink that # to sites-enabled/ to enable it. # #server { # listen 80; # listen [::]:80; # # server_name example.com; # # root /var/www/example.com; # index index.html; # # location / { # try_files $uri $uri/ =404; # } #} ``` change to ``` server { listen 80; server_name laravel_api; root /var/www/laravel_api/public; add_header X-Frame-Options "SAMEORIGIN"; add_header X-Content-Type-Options "nosniff"; index index.php; charset utf-8; location / { try_files $uri $uri/ /index.php?$query_string; } location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } error_page 404 /index.php; location ~ \.php$ { fastcgi_pass unix:/var/run/php/php8.0-fpm.sock; fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name; include fastcgi_params; } location ~ /\.(?!well-known).* { deny all; } } ``` uninstall apache(不宜定要刪掉,可以停掉就好80port) ``` sudo apt remove apache2 sudo apt purge apache2 ``` sudo service nginx restart ## deploy cd /var/www git clone file #install composer cd /projectfile sudo apt-get install composer sudo composer install sudo cp .env.example .env ## change to nginx user（把user 和 (其實只要給特定的夾子就好) (其實只要group 改成) sudo chown -R www-data:www-data . ->No application encryption key has been specified. ## add key sudo php artisan key:generate sudo vi .env ``` APP_NAME=Laravel APP_ENV=production APP_KEY= APP_DEBUG=false APP_URL=http://localhost ``` ### install mySQL ``` wget https://dev.mysql.com/get/mysql-apt-config_0.8.15-1_all.deb sudo dpkg -i mysql-apt-config_0.8.15-1_all.deb sudo apt-get update sudo apt-get install mysql-server 123456zxc123 sudo service mysql status mysql -u root -p ``` 20210510（可以直接用這個,現在 mysql 都內建） ``` sudo apt update sudo apt install mysql-server sudo mysql_secure_installation 123456zxc123 mysql -u root -p CREATE USER 'laravel_api'@'localhost' IDENTIFIED WITH authentication_plugin BY '123456zxc123'; ``` CREATE USER 'laravel_api'@'localhost' IDENTIFIED WITH authentication_plugin BY '123456zxc123'; #### make a user connect from outside （這步驟要很小心,資料庫越少人連越好->怕別人駭掉你的電腦也順便駭掉資料庫（盡量直接連進去看）） setting: ``` ubuntu@ip-172-31-20-155:~$ mysql_secure_installation Securing the MySQL server deployment. Enter password for user root: VALIDATE PASSWORD COMPONENT can be used to test passwords and improve security. It checks the strength of password and allows the users to set only those passwords which are secure enough. Would you like to setup VALIDATE PASSWORD component? Press y|Y for Yes, any other key for No: y There are three levels of password validation policy: LOW Length >= 8 MEDIUM Length >= 8, numeric, mixed case, and special characters STRONG Length >= 8, numeric, mixed case, special characters and dictionary file Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 0 Using existing password for root. Estimated strength of the password: 50 Change the password for root ? ((Press y|Y for Yes, any other key for No) : n ... skipping. By default, a MySQL installation has an anonymous user, allowing anyone to log into MySQL without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? (Press y|Y for Yes, any other key for No) : y Success. Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? (Press y|Y for Yes, any other key for No) : y Success. By default, MySQL comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? (Press y|Y for Yes, any other key for No) : y - Dropping test database... Success. - Removing privileges on test database... Success. Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? (Press y|Y for Yes, any other key for No) : y Success. All done! ``` #create new user: mysql -u root -p CREATE USER 'lj'@'%' IDENTIFIED BY '123456zxc123'; #give privalige GRANT ALL PRIVILEGES ON *.* TO 'lj'@'%'; FLUSH PRIVILEGES; #enable outside access ``` sudo apt install net-tools ubuntu@ip-172-31-20-155:~$ netstat -ntlp (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN - tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp6 0 0 :::3306 :::* LISTEN - tcp6 0 0 :::22 :::* LISTEN - tcp6 0 0 :::33060 :::* LISTEN - ``` #make 3306 listen to ouside(這步驟也是很危險,可能會被駭（無差別駭客）,要開也是要換一個port) cd /etc/mysql/mysql.conf.d/ #listen to all the host,allow remote connsction sudo vi mysqld.cnf ``` # For explanations see # http://dev.mysql.com/doc/mysql/en/server-system-variables.html [mysqld] pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock //前兩個是連線方式 datadir = /var/lib/mysql //mysql資料庫檔案位置 log-error = /var/log/mysql/error.log bind-address = 0.0.0.0 //全開,可以指定某些ip ``` sudo service mysql restart sudo ufw allow 3306 ### connect using terminal mysql -u lj -h 3.89.137.188 -p mysql -u lj -h 3.112.246.91 -p https://laracasts.com/discuss/channels/code-review/unable-to-do-php-artisan-migrate ### migration change .env ``` cd /var/www/laravel_api sudo php artisan migrate:fresh --seed ``` error(因為權限給nginx所以) ``` UnexpectedValueException: The stream or file "/var/www/laravel_api/storage/logs/laravel.log" could not be opened in append mode: Failed to open stream: Permission denied in file /var/www/laravel_api/vendor/monolog/monolog/src/Monolog/Handler/StreamHandler.php on line 111 ``` 給login user laravel.log寫入的權限