-
Notifications
You must be signed in to change notification settings - Fork 83
Server Setup
Daniel Metzner edited this page Apr 15, 2024
·
13 revisions
- Connect (via SSH) to the server. Make sure to replace 'username' and 'host' with the correct username and host!
ssh username@host
- Install:
sudo apt update
sudo apt upgrade
sudo apt install php8.3-common php8.3-ldap php8.3-cli php8.3-curl php8.3-intl php-apcu php-imagick php-mbstring php-gettext git curl php-xdebug nginx php8.3-fpm php8.3-mysql npm mariadb-server php8.3-gd php8.3-zip php8.3-xml
sudo apt autoremove
npm install -g n
n stable
npm install -g sass
- Configure and set up MariaDb + DB. Don't forget to create a different root password and optional a new user+password:
sudo mysql
update mysql.user set plugin='' where user='root';
update mysql.user set password=password('root') where user='root';
CREATE USER 'catroweb' IDENTIFIED BY 'catroweb';
GRANT ALL PRIVILEGES ON * . * TO 'catroweb';
FLUSH PRIVILEGES;
CREATE DATABASE catroweb;
- To be able to use our deploy script the /etc/sudoers file needs to be updated. Add the following lines at the bottom of the file. Make sure to replace 'username' with the correct username!
username ALL = (ALL:ALL) ALL
username ALL = (www-data) NOPASSWD:/usr/bin/php*
username ALL = NOPASSWD:/bin/setfacl
username ALL = NOPASSWD:/usr/sbin/service nginx *
username ALL = NOPASSWD:/usr/sbin/service php*
- Update the following values in the /etc/php/X/fpm/php.ini file. Make sure to replace X by the correct version number. (Eg. 8.1) Else the project upload will not work. Specify the values as you need them. The following are only example values!
memory_limit = 2G
post_max_size = 256M
upload_max_filesize = 256M
- Create the sites-available in the nginx config:
sudo nano /etc/nginx/sites-available/catroweb
with
server {
listen 80;
listen [::]:80;
client_max_body_size 100M;
root /var/www/share/current/public/;
server_name HERE_USE_actual_server_name;
location / {
# try to serve file directly, fallback to index.php
try_files $uri /index.php$is_args$args;
}
location ~ ^/index\.php(/|$) {
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS off;
keepalive_timeout 90;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/index.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
access_log /var/log/nginx/access.log combined;
error_log /var/log/nginx/error.log warn;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
client_max_body_size 100M;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
fastcgi_param HTTPS on;
root /var/www/share/current/public/;
server_name HERE_USE_actual_server_name;
location / {
# try to serve file directly, fallback to index.php
try_files $uri /index.php$is_args$args;
}
location ~ ^/index\.php(/|$) {
fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
fastcgi_param HTTP_SCHEME https;
keepalive_timeout 90;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/index.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
access_log /var/log/nginx/access.log combined;
error_log /var/log/nginx/error.log warn;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php8.1-fpm.sock;
}
}
Make sure to update the php version number if needed!
- Now we enable the site
sudo ln -s /etc/nginx/sites-available/catroweb /etc/nginx/sites-enabled
sudo rm /etc/nginx/sites-enabled/default
- Create our web folder and give the correct rights
sudo mkdir /var/www/share
sudo chmod -R 0777 /var/www/share
- Deploy onto the server. For more details look into the "How to Deploy" section.
Make sure to use the correct db name, and define a secret! Credentials can only be found on Confluence. (https://confluence.catrob.at/display/MAN/%5BCredentials%5D+Catroweb+Servers+Parameters#space-menu-link-content)
The same accounts for the local .env files. (.env.dev.local .env.prod.local).
(E.g. the mail system -> https://confluence.catrob.at/display/MAN/%5BCredentials%5D+No-Reply+Mail)
Those files keep the same content between every deployment and will not be overwritten!
- Now deploy again. It should work. Might need to restart the services on the server.
Check out /share.catrob.at/pocketcode/
- Docker - Linux/Mac/Windows
- Ubuntu - VM/Native
- Installing Elasticsearch
- Server Setup
- Using Webpack (material components)