Ashrafdev · February 14, 2018 04:23 · Jan 25, 2018 · Nov 21, 2017 · Nov 21, 2017
diff --git a/laravel-worker.conf b/laravel-worker.conf
@@ -0,0 +1,9 @@
+[program:laravel-worker]
+process_name=%(program_name)s_%(process_num)02d
+command=php /var/www/html/artisan queue:work redis --sleep=3 --tries=3
+autostart=true
+autorestart=true
+user=www-data
+numprocs=8
+redirect_stderr=true
+stdout_logfile=/var/www/html/storage/logs/laravel.log
diff --git a/generate key b/generate key
@@ -1 +1,3 @@
-certbot certonly --webroot --agree-tos --no-eff-email --email [email protected] -w /app/yourdomain.com/public -d www.domain.com -d domain.com
+certbot certonly --webroot --agree-tos --no-eff-email --email [email protected] -w /app/yourdomain.com/public -d www.domain.com -d domain.com
+
+references: https://gist.github.com/cecilemuller/a26737699a7e70a7093d4dc115915de8
diff --git a/fab.py b/fab.py
@@ -0,0 +1,90 @@
+from fabric.api import *
+
+'''
+    fabric python laravel vps setup 
+    pip install fabric
+
+    1. Save as fabfile.py
+    2. fab deploy
+
+
+'''
+env.hosts = [
+    'YOUR_IP'
+]
+
+env.user = 'YOUR_USER_NAME'
+# you can use key instead
+
+
+def uname():
+    run('uname -a')
+
+
+def upgrade():
+    run('sudo apt-get -y upgrade')
+
+
+def update():
+    run('sudo apt-get update -y')
+
+
+def apt_common():
+    run('sudo apt-get install -y python-software-properties')
+    run('sudo apt-get install -y software-properties-common')
+
+
+def setup_ngix():
+    run('sudo apt-get install -y nginx')
+    run('curl -I localhost')
+
+
+def setup_php():
+    apt_common()
+    run('sudo add-apt-repository -y ppa:ondrej/php')
+    update()
+    run('apt-cache pkgnames | grep php7.1')
+    run('sudo apt-get install -y php7.1 php7.1-cli php7.1-common php7.1-mbstring php7.1-gd php7.1-intl php7.1-xml php7.1-mysql php7.1-mcrypt php7.1-zip php7.1-pdo-pgsql php7.1-dom php7.1-bcmath')
+
+
+def setup_php_fpm():
+    run('sudo apt-get install php7.1-fpm')
+
+
+def setup_composer():
+    run('sudo wget https://getcomposer.org/installer && php installer && chmod +x composer.phar')
+    run('sudo mv composer.phar /usr/bin/composer')
+    run('composer')
+
+
+def setup_default_directory():
+    run('sudo mkdir /apps')
+    run('sudo mkdir /apps/{logs,config,repo,backup,mainteinances}')
+    run('sudo chown -R www-data:www-data /apps')
+
+
+def setup_lets_encrypt():
+    run('sudo add-apt-repository -y ppa:certbot/certbot')
+    update()
+    run('sudo apt-get install -y python-certbot-nginx')
+
+
+def setup_redis():
+    run('sudo apt-get install redis-server -y')
+    run('redis-cli --version && redis-cli PING')
+
+
+def setup_supervisor():
+    run('sudo apt-get install supervisor')
+
+
+def deploy():
+    upgrade()
+    update()
+    setup_ngix()
+    setup_php()
+    setup_default_directory()
+    setup_lets_encrypt()
+    setup_redis()
+    setup_supervisor()
+    setup_composer()
diff --git a/generate key b/generate key
@@ -0,0 +1 @@
+certbot certonly --webroot --agree-tos --no-eff-email --email [email protected] -w /app/yourdomain.com/public -d www.domain.com -d domain.com
diff --git a/nginx vhost ssl b/nginx vhost ssl
@@ -0,0 +1,44 @@
+server {
+
+	listen 80;
+	listen [::]:80;
+
+	server_name yourdomainapp.com;
+
+	return 301 https://$server_name$request_uri;
+
+}
+
+server {
+
+	listen 443 ssl http2;
+
+	#ssl http2;
+	ssl on; 
+	listen [::]:443 ssl http2;
+
+       include snippets/ssl-params.conf;
+       include snippets/ssl-yourdomainapp.com.conf;
+
+
+       root apps/yourdomainapp.com;
+       index index.php index.html index.htm;
+
+        location / {
+                try_files $uri $uri/ /index.php?$args;
+        }
+
+    location ~ \.php$ {
+        include snippets/fastcgi-php.conf;
+        fastcgi_pass unix:/run/php/php7.1-fpm.sock;
+    }
+
+    location ~ /\.ht {
+        deny all;
+    }
+
+
+	location ~ /.well-known {
+                allow all;
+        }
+}
diff --git a/ssl-yourdomain.com.conf b/ssl-yourdomain.com.conf
@@ -0,0 +1,2 @@
+ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
+ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
diff --git a/sslkeyparams b/sslkeyparams
@@ -0,0 +1,20 @@
+# from https://cipherli.st/
+# and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
+# openssl dhparam -out /etc/nginx/ssl/dhparam.pem 2048
+
+ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ssl_prefer_server_ciphers on;
+ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
+ssl_ecdh_curve secp384r1;
+ssl_session_cache shared:SSL:10m;
+ssl_session_tickets off;
+ssl_stapling on;
+ssl_stapling_verify on;
+resolver 8.8.8.8 8.8.4.4 valid=300s;
+resolver_timeout 5s;
+# disable HSTS header for now
+add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+add_header X-Frame-Options DENY;
+add_header X-Content-Type-Options nosniff;
+
+ssl_dhparam /etc/ssl/certs/dhparam.pem;
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		certbot certonly --webroot --agree-tos --no-eff-email --email [email protected] -w /app/yourdomain.com/public -d www.domain.com -d domain.com
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
		ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;