How To Securely Manage Secrets with HashiCorp Vault on Ubuntu 16.04
0

Introduction

Laravel is an open-source PHP internet framework made to make web that is common tasks, such as authentication, routing, and caching, easier. Deployer is an PHP that is open-source deployment with out-of-the-box help for several popular frameworks, including Laravel, CodeIgniter, Symfony, and Zend Framework.

Deployer automates deployments by cloning a credit card applicatoin from a Git repository to a host, setting up dependencies with Composer, and configuring the application form so that you do not have to achieve this by hand. This enables you to definitely save money time on development, in the place of uploads and designs, and enables you to deploy more often.

In this guide, you can expect to deploy a Laravel application immediately with no downtime. For this, you can expect to prepare the development that is local from where you are going to deploy rule then configure a production host with Nginx and a MySQL database to provide the application form.

Prerequisites

Before you start this make suggestionswill need the ( that is following******)

Step 1 — creating neighborhood Development Environment

Since you will end up producing and deploying the application from your own regional device, start with configuring your development that is local environment. Deployer will control the deployment that is entire from your own regional device, therefore begin by setting up it.

Note: you should use a BASH emulator (like Git bash) to run all local commands.
( if you use Windows on your local machine******)

On your local machine, available the terminal and down load the Deployer installer making use of curl:

  • curl -LO https://deployer.org/deployer.phar

Next, operate a quick PHP script to validate your installer fits the SHA-1 hash the latest installer on the Deployer – down load web page. Substitute the highlighted value with all the hash:( that is latest******)

  • php -r "if (hash_file('sha1', 'deployer.phar') === '35e8dcd50cf7186502f603676b972065cb68c129') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('deployer.phar'); } echo PHP_EOL;"

Output

Installer verified

Make Deployer system that is available. Remember that if you should be operating Windows or macOS in your regional device, you may have to produce the /usr/local/bin/dep directory before operating this demand:

  • sudo mv deployer.phar /usr/local/bin/dep

Make it ( that is executable******)

  • sudo chmod/usr/local/bin/dep that is +x

Next, create a Laravel task in your local machine:

  • composer create-project --prefer-dist laravel/laravel laravel-app "5.5.*"

You have actually set up most of the software that is required your local machine. With that in place, we shall proceed to producing a Git repository the application.

Step 2 — linking towards Remote Git Repository

Deployer ended up being made to allow users to anywhere deploy code from. To allow this functionality, it requires users to push code to a repository on the Internet from which Deployer then copies the code over to the production server. We shall make use of Git, an open-source variation control system, to handle the origin rule of Laravel application. It is possible to connect with the Git host SSH that is using protocol also to do that firmly you’ll want to create SSH tips. That is safer than password-based verification and let us you avoid typing the password prior to each implementation.

Run the command that is following your local machine to create the SSH key. Remember that the -f specifies the filename of key file, and you may change gitkey with your own personal filename. It’s going to create an SSH key set (called gitkey and gitkey.pub) to your ~/.ssh/ folder.

  • ssh-keygen -t rsa -b 4096 -f ~/.ssh/gitkey

It can be done it connects to your Git server.( that you have more SSH keys on your local machine, so configure the SSH client to know which SSH private key to use when******)

Create an SSH config file on the local machine:

Open the file and include a shortcut towards Git host. This will support the HostName directive (pointing towards Git host's hostname) additionally the IdentityFile directive (pointing to your file course of SSH key you simply created:

~/.ssh/config

Host mygitserver.com/username/repository.git
    HostName mygitserver.com/username/repository.git
    IdentityFile ~/.ssh/gitkey

Save and shut the file, and restrict its permissions then:

Now your SSH customer will understand which key that is private for connecting to your Git host.

Display this content of the general public key file with all the command that is following******)

Copy the production and include the key that is public your Git host.

If you utilize a Git web hosting solution, consult its paperwork on the best way to include SSH tips back:

Now it will be possible for connecting towards local machine to your Git server. Test the connection with the command that is following******)

If this demand leads to one, be sure you included your SSH tips precisely by discussing your Git web hosting solution's paperwork and again try connecting.

Before pressing the application form to your Git that is remote repository deploying it, let us very first configure the manufacturing host.

Step 3 — Configuring the Deployer consumer

Deployer utilizes the SSH protocol to execute commands on securely the server. The first step we will take toward configuring the production server will be to create a user which Deployer can use to log in and execute commands on your server via SSH.( for this reason******)

Log directly into a sudo non-root user to your LEMP server and produce a fresh individual called "deployer" with all the after demand:

Laravel requires some writable directories to keep cached files and uploads, therefore the directories developed by the deployer individual should be writable by the Nginx internet host. Include the consumer to your www-data team to get this done:

  • sudo usermod www-data deployer that is-aG

The standard authorization for files developed by the deployer individual must be 644 for files and 755 for directories. In this way, the deployer individual should be able to read and compose the files, even though the team along with other users should be able to read them.

Do this by establishing deployer's standard umask to 022:

  • sudo chfn -o umask=022 deployer

We'll keep the application form in /var/www/html/ directory, therefore replace the ownership of directory to your deployer individual and www-data team.

  • sudo chown deployer:www-data /var/www/html

The deployer individual must manage to change files and files in the /var/www/html directory. Because, brand new files and subdirectories developed in the /var/www/html directory should inherit the folder's team id (www-data). To make this happen, set the team id with this directory with all the command that is following

  • sudo chmod/var/www/html that is g+s

Deployer will clone the Git repo to your manufacturing host SSH that is using you want to ensure that the connection between your LEMP server and the Git server is secure. We'll use the approach that is same useful for our regional device, and now we'll create an SSH key the deployer individual.

Switch to your deployer individual in your host:

Next, create an SSH key set since the deployer individual. Now, the default can be accepted by you filename of SSH tips:

  • ssh-keygen -t rsa -b 4096

Display the key:( that is public******)

Copy people key and include it towards Git host while you did in the earlier step.

Your regional device will keep in touch with the host making use of SSH and, so that you should create SSH tips the deployer individual in your regional device and include people key to your host.

On your local machine operate the command that is following. Take a moment to displace deployerkey with a filename of the option:

  • ssh-keygen -t rsa -b 4096 -f ~/.ssh/deployerkey

Copy these demand's production containing the key:( that is public******)

  • cat ~/.ssh/deployerkey.pub

On your host since the deployer individual run the ( that is following******)

  • nano ~/.ssh/authorized_keys

Paste the key that is public the editor and hit CTRL-X, Y, then ENTER to truly save and leave.

Restrict the permissions of file:

  • chmod 600 ~/.ssh/authorized_keys

Now switch back again to the user:( that is sudo******)

Now your host can connect with the Git host and you may log on to the host with all the deployer individual from your own regional device.

Log in from your own regional device towards host since the deployer individual to try the text:

  • ssh deployer@your_server_ip -i ~/.ssh/deployerkey

After you have got logged in as deployer, test the text betwixt your host additionally the Git host and:

Finally, leave the host:

From right here, we could proceed to configuring Nginx and MySQL on our internet host.

Step 4 — Configuring Nginx

We're now willing to configure the internet host that will provide the application form. This may include configuring the document root and structure that is directory we are going to used to keep the Laravel files. We shall setup Nginx to provide our files through the /var/www/laravel directory.

First, we have to produce a host block setup apply for the site that is new.

Log in the host as your sudo individual and produce a config file that is new. Remember to replace example.com with your domain name that is own:

  • sudo nano************************)example.com( that is/etc/nginx/sites-available/(**************)

Add a server block to your the top of setup file:

example.com '>/etc/nginx/sites-available/example.com

server {
        pay attention 80;
        pay attention [::]:80;

        root /var/www/html/laravel-app/current/public;
        index index.php index.html index.htm Index.html that is.nginx-debian

        server_name example.com www.example.com;
}

The two listen directives at tell that is top which ports to listen to, and the root directive defines the document root where Laravel will be installed. The current/public in the path of the root directory is a symbolic link that points to the release that is latest of application. With the addition of the index directive, we're telling Nginx to provide any index.php files first before searching for their HTML counterparts whenever asking for a directory location. The server_name directive must be followed closely by your domain and some of its aliases.

We also needs to change the way in which Nginx will manage needs. This is accomplished through try_files directive. We wish it to try and provide the demand as a file first and, it should attempt to serve the default index file for a directory that matches the request if it cannot find a file with the correct name. Failing this, the request should be passed by it to your index.php file as a query parameter.

example.com '>/etc/nginx/sites-available/example.com

server {
        pay attention 80;
        pay attention [::]:80;

        root /var/www/html/laravel-app/current/public;
        index index.php index.html index.htm Index.html that is.nginx-debian

        server_name example.com www.example.com;

        location / {
                try_files $uri $/index.php?$query_string that is uri/
        }

Next, we have to produce a block that handles the execution that is actual of PHP files. This will apply to any files that end in .php. It will try the file itself and try to pass then it as a parameter to your index.php file.

We will set the fastcgi directives to inform Nginx to utilize the course of application (remedied just after following symbolic website link), as opposed to the link that is symbolic. The path where the symbolic link points will be cached, meaning that an old version of your application will be loaded after the deployment if you don't add these lines to the configuration. Without these directives, you'd manually have to clear the cache after each deployment and requests to your application could potentially fail. Additionally, the fastcgi_pass directive shall ensure that Nginx utilizes the socket that php7-fpm is making use of for interaction which the index.php file can be used since the index of these operations.

example.com '>/etc/nginx/sites-available/example.com

server {
        pay attention 80;
        pay attention [::]:80;

        root /var/www/html/laravel-app/current/public;
        index index.php index.html index.htm Index.html that is.nginx-debian

        server_name example.com www.example.com;

        location / {
                try_files $uri $/index.php?$query_string that is uri/
        }


        location ~ .php$ {
                include snippets/fastcgi-php.conf;

                fastcgi_param SCRIPT_FILENAME $ fastcgi_script_name that is realpath_root$
                fastcgi_param DOCUMENT_ROOT $realpath_root;

                fastcgi_pass unix.sock that is:/run/php/php7.0-fpm

        }

Finally, you want to ensure that Nginx doesn't enable use of any concealed .htaccess files. We shall do that with the addition of yet another location block called location ~ /.ht and, within that block, a specifying that is directive***************)deny all;.

After incorporating this location that is last, the setup file will appear similar to this:

example.com '>/etc/nginx/sites-available/example.com

server {
        pay attention 80;
        pay attention [::]:80;

        root /var/www/html/laravel-app/current/public;
        index index.php index.html index.htm Index.html that is.nginx-debian

        server_name example.com www.example.com;

        location / {
                try_files $uri $/index.php?$query_string that is uri/
        }


        location ~ .php$ {
                consist of snippets/fastcgi-php.conf;

                fastcgi_param SCRIPT_FILENAME $ fastcgi_script_name that is realpath_root$
                fastcgi_param DOCUMENT_ROOT $realpath_root;

                fastcgi_pass unix.sock that is:/run/php/php7.0-fpm

        }

        location ~ /.ht {
                reject all;
        }

}

Save and shut the file (CTRL-X, Y, then ENTER), then allow the brand new host block by producing a symbolic url to the sites-enabled directory:

  • sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

Test your setup apply for syntax mistakes:

If the thing is any mistakes, return back and recheck your file before continuing.

Restart Nginx to push the required modifications:

  • sudo systemctl restart nginx

The Nginx host has become configured. Next, we shall configure the application form's MySQL database.

Step 5 — Configuring MySQL

After the installation, MySQL produces a root individual automagically. This individual has limitless privileges, however, so it's a security that is bad to use the root user for your application's database. Instead, we will create the database for the application with a user that is dedicated

Log in the MySQL system as root:

This will prompt you the root password.

Next, produce a database that is new the application form:

  • CREATE DATABASE laravel_database DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;

Then, produce a database user that is new. The purposes of the guide, we are going to phone this individual laravel_user with all the password password, although you ought to change the password with a very good password of the selecting.

  • CREATE CONSUMER 'laravel_user'@'localhost' IDENTIFIED with 'password';

Grant privileges on database to your individual:

  • GRANT each ON laravel_database.* TO 'laravel_user'@'localhost';

Next, reload the privileges:

And, finally, exit through the MySQL system:

Your application's database and individual are actually configured, therefore're very nearly willing to run very first implementation.

Step 6 — Deploying the applying

So far, you have configured most of the tools and programs required for Deployer to operate. All that is kept doing before operating very first implementation would be to complete configuring your Laravel application and Deployer it self, also to initialize and push the application towards remote Git repository.

Open the terminal in your local machine and alter the working directory to your application's folder with all the after demand:

From this directory, run the command that is following produces a file called deploy.php in the laravel-app folder, that will include setup information and tasks for implementation:

Next, available the deploy.php file together with your chosen text editor or IDE. The line that is third a PHP script containing the required tasks and designs to deploy a Laravel application:

deploy.php

<?php
namespace Deployer;

need 'recipe/laravel.php';

. . .

Below this are areas that you simply should modify to align together with your setup:

  • Under // venture Name, include the title of the Laravel task.
  • Under // venture Repository, include the web link towards Git repository.
  • In the // Hosts part, include your host's internet protocol address or domain title to your host() directive, the title of the Deployer individual (deployer inside our examples) to your user() directive. It's also wise to include the SSH key you created in step three to your identifyFile() directive. Finally, you ought to include file course of folder containing the application.

whenever you've completed modifying these areas, they need to appear to be this:

deploy.php

...
// venture title
set('application', 'laravel-app');

// venture repository
set('repository', '[email protected]:username/repository.git');

. . .

// Hosts

host('your_server_ip')
    ->user('deployer')
    ->identityFile('~/.ssh/deployerkey')
    ->set('deploy_path', '/var/www/html/laravel-app');

Next, remark from line that is last of file, before('deploy:symlink', 'artisan:migrate');. This line instructs Deployer to run the database migrations automatically, and by commenting it out we are disabling it. It out, the deployment will fail as this line requires appropriate database credentials to be on the server, which can only be added using a file which will be generated during the first deployment:( if you don't comment******)

deploy.php

...
// Migrate database before symlink release that is new.

//before('deploy:symlink', 'artisan:migrate');

(we must first push it to the remote Git repository.

Before we can deploy the project,******)

On your local machine replace the working directory towards application's folder:

Run the command that is following your laravel-app directory to initialize a Git repository in task folder:

Next, include most of the task files to your repository:

Commit the modifications:

  • git commit -m 'Initial commit for very first implementation.'

Add your Git host to your regional repository with all the command that is following. Be sure to replace the text that is highlighted your personal remote repository's Address:

Push the modifications to your Git repository that is remote:

Finally, run your deployment that is first using dep demand:

If every thing goes you should see a production similar to this with Successfully implemented! by the end:

Deployer's production

✈︎ Deploying master on your_server_ip ✔ Executing task deploy:prepare ✔ Executing task deploy:lock ✔ Executing task deploy:release ➤ Executing task deploy:update_code ✔ Okay ✔ Executing task deploy:shared ✔ Executing task deploy:vendors ✔ Executing task deploy:writable ✔ Executing task artisan:storage:link ✔ Executing task artisan:view:clear ✔ Executing task artisan:cache:clear ✔ Executing task artisan:config:cache ✔ Executing task artisan:optimize ✔ Executing task deploy:symlink ✔ Executing task deploy:unlock ✔ Executing task cleaning Effectively implemented!

The after framework may be developed in your host, in the /var/www/html/laravel-app directory:

├── .dep
├── present -> releases/1
├── releases
│   └── 1
└── provided
    ├─.env that is
    └── storage space

Verify this by operating the command that is following***********)on your host that will record the files and directories in folder:

  • ls /var/www/html/laravel-app

Output

current .dep releases provided

here is what all these files and directories have:

  • The releases directory contains deploy releases of Laravel application.

  • current is a symlink to your release that is last

  • The .dep directory contains metadata that is special Deployer.

  • The shared directory offers the .env setup file additionally the storage directory that will be symlinked every single launch.

However, the application form won't work yet as the .env file is empty. This file can be used to keep crucial designs just like the application key — a string that is random for encryptions. If it is not set, your user sessions and other encrypted data will not be secure. The app has a .env file on your local machine, but Laravel's .gitignore file excludes it from the Git repo because storing sensitive data like passwords in a Git repository is not a idea that is good, additionally, the application form calls for various settings in your host. The .env file offers the database connection settings and, and that's why we disabled the database migrations the very first implementation.

Let's configure the application form in your host.

Log directly into your host since the deployer individual:

  • ssh deployer@your_server_ip -i ~/.ssh/deployerkey

Run the command that is following***********)on your host, and content and paste the local .env file to your editor:

  • nano /var/www/html/laravel-app/shared/.env

(that you should make*****)Before you can save it, there are some changes. Set APP_ENV to production, APP_DEBUG to false, APP_LOG_LEVEL to error and don't forget to replace the database, the database user, and password with your own. You should replace example.com with your domain that is own as:

/var/www/html/laravel-app/shared/.env

APP_NAME=Laravel
APP_ENV=production
APP_KEY=base64:cA1hATAgR4BjdHJqI8aOj8jEjaaOM8gMNHXIP8d5IQg=
APP_DEBUG=false
APP_LOG_LEVEL=error
APP_URL=http://example.com

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=laravel_database
DB_USERNAME=laravel_user
DB_PASSWORD=password

BROADCAST_DRIVER=log
CACHE_DRIVER=file
SESSION_DRIVER=file
QUEUE_DRIVER=sync

REDIS_HOST=127.0.0.1
REDIS_PASSWORD=null
REDIS_PORT=6379

Save the file and shut the editor.

Now uncomment the past distinct the deploy.php file in your regional device:

deploy.php

...
// Migrate database before symlink release that is new.

before('deploy:symlink', 'artisan:migrate');

Warning: this may cause your database migrations to operate immediately on every implementation. This may enable you to avoid migrating the databases by hand, but do not forget to straight back your database up just before deploy.

To be sure this setup is working, deploy the application form yet again. Run the command that is following***********)on the local machine:

Now, the application will continue to work precisely. You will see the following landing page:( if you visit your server's domain name(http://example.com)******)

Laravel's landing page

You do not have to modify the .env file in your host before all deployments. A deployment that is typical never as complicated since the very first and it is completed with just a couple commands.

Step 7 — operating a normal Deployment

As a step that is final this part will take care of a straightforward implementation procedure you need to use every day.

Start by changing the application form just before deploy once more. For instance, you could add a route that is new the routes/web.php file:

/routes/web.php

<?php

. . .

Route::get('/', function () {
    return view('welcome');
});

Route::get('/greeting', function(){
    return 'Welcome!';
});

Commit these modifications:

  • git commit -am 'your message that is commit.

Push the modifications to your Git repository that is remote:

And, finally, deploy the application form:

You have actually effectively implemented the application form towards host.

Conclusion

You have actually configured the local computer along with your host to effortlessly deploy zero downtime to your Laravel application. The article covers only the basics of Deployer, and it has many functions that are useful. It is possible to deploy to more servers simultaneously and produce tasks; as an example, you are able to specify an activity to straight back the database up prior to the migration. If you wish to find out about Deployer's features, there is more info in Deployer paperwork.

Linux mkfifo Command Tutorial for novices (with Examples)

Previous article

Facebook scraped call, text information for a long time from Android os phones

Next article

You may also like

Comments

Leave a Reply

More in MySQL