Stedding is a minimalistic LEMP Stack setup for Laravel PHP. It facilitates the setting up of Laravel apps on a well prepared Ubuntu based VPS using Ansible Playbooks.
You need to have Ansible installed on your local computer. This really differs from box to box See Ansible Documents for instructions.
For hashing the password for the admin user you have to install passlib:
pip install passlib
To run Ansible Playbooks properly on Ubuntu 20.10+ we need to setup a sudo user and make sure Python and some other packages such as ppa:ondrej/php
are available so Ansible can run. The setting up of a sudo user and adding of the SSH keys has been taken care of. So is the adding of Python and Ondrej's PHP PPA. All you need is root access to the Ubuntu 16.0.4 box. Preferably using an SSH key.
NB Gist with useful setup tips
- Install prerequisites
- Sudo user Creation
- Web user Creation
- LEMP Provisioning
- Laravel Homebase Setup
Geerllingguy Roles:
added where possible with ansible-galaxy install --roles-path . geerlingguy.rolename
inside roles folder.
Do not forget to adjust the vars in:
group_vars/all
vars/mainyml
hosts
where need be.
Here you normally add at least the ip address for the server. We added two hosts in this example:
[web]
xxx.xxx.xx.xxx
[database]
xxx.xxx.xx.xxx
The variables in vars/main.yml
are for setting up PHP, MySQL and Nginx details based on Geerlingguy roles.
The variables in group_vars/all
are for the repo, keys, branch, user, password and domain.
example:
repo_url : git@github.com:Larastudio/larastudio.git
github_keys: https://github.com/jasperf.keys
git_branch: master
sudo_user: admin
web_user: web
upassword: passsword
domain: larastud.io
database_name: database_name
database_user: database_user
database_user_password: database_user_password
Nginx details are stored in vars/main.yml
and server.yml
. One host for the site being used for testing purposes has been added there. Do change it to work with the domain of your choice.
Using Geerling's Certbot role Let's Encrypt's Certbot has been added to the server. This allows the site to use Let's Encrypt SSL certificate. This does however not adjust the Nginx's domain configuration to server on 443 and redirect port 80 traffic to port 443. Tweaks for this are being made.
Nginx Certbot plugin has to be added using
sudo apt-get install python-certbot-nginx
A task is in the works, but not done. Then you can run:
certbot --nginx
to start the installation. You will then be asked to choose a domain. Next, they will ask you to agree with the TOS and install all. Working on an incorporation on the server still.
NB May not be necessary if you run your own certs only. See further down on SSL
To work with PHP 7.4 Ondrej's PHP PPA is added in requirements playbook using:
- name: Add repository for PHP 7.
apt_repository: repo='ppa:ondrej/php'
For pre compiling PHP scripts Stedding uses PHP OpCache. For quick emptying OpCache use /etc/init.d/php7.1-fpm restart
. Read more on it at Ma.ttias.be
"Free & open source, high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load."
The MariaDB details are added to vars/main.yml
are just dummy data. Do adjust them.
Composer is added and binary is put in the directory of the web user. Laravel is also added as a globally required package so it can be used.
To set up your Laravel application to work with Mailgun for sending out emails which is used in this repo check out this Laravel document
Nodejs role is installed and we automatically add the following global packages:
nodejs_npm_global_packages:
- name: yarn
- npm
To run your Laravel application from a specific project directory, the one added to your Nginx configuration, we have added a separate playbook. One we will expand upon soon with other tasks. For now the project directory is created only using this task:
- name: Project Folder Creation
file: dest=/var/www/{{domain}} mode=2755 state=directory owner=web group=www-data
The domain can be set in group_vars/all
. [GUID]
OpenSSL role has been added so self signed certificates can be added when you would like to. Current Stedding setup is aimed at working with Let's Encrypt so this role has not been acitvated. The path to own SSL certificates have been commented out.
As you will see there are two server blocks. One is for port 80, the second one should be for port 443 and both in different files. Let's Encrypt task for auto renewal has also been added.