書いてあること
EC2上にlaravel+vueで開発したプロダクトの実行環境を構築する方法。
OSはAmazonLinux2です。
手順
1.EC2のセットアップ
初期ユーザやrootにパスワードかける。
「yum update -y」でパッケージアップデートする。
日本時間にして日本語に対応させる。
$ timedatectl set-timezone Asia/Tokyo
$ localectl set-locale LANG=ja_JP.UTF-8
$ localectl set-keymap jp106
$ date
Wed Apr 22 13:53:00 JST 2020
ホスト名設定
$ hostnamectl set-hostname host.example.com
ホスト名設定
$ vi /etc/sysconfig/network
NETWORKING=yes
NOZEROCONF=yes
+HOSTNAME=host.example.com
2.証明書取得
httpsで公開したいので。
rootユーザで
$ wget https://dl.eff.org/certbot-auto
$ chmod 700 certbot-auto
EC2用に書き換え
$ vi certbot-auto
elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then
Bootstrap() {
ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
}
BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
↓
elif grep -i "Amazon Linux" /etc/issue > /dev/null 2>&1 || \
grep 'cpe:.*:amazon_linux:2' /etc/os-release > /dev/null 2>&1; then
Bootstrap() {
ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
}
BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"
コマンド移動
$ sudo mv ./certbot-auto /usr/local/bin
証明書取得
$ certbot-auto certonly --standalone -d csfhost.example.com --debug
/etc/letsencrypt/live/host.example.com/ 以下に証明書ができる。
3.nginxのインストール
rootユーザで
$ amazon-linux-extras install nginx1.12 -y
nginxの起動とインスタンス起動時自動起動の設定
$ sudo systemctl start nginx
$ sudo systemctl enable nginx
$ systemctl status nginx
4.phpのインストール
rootユーザで
$ amazon-linux-extras info php7.4
$ sudo amazon-linux-extras install php7.4 -y
$ php-fpm -v
PHP 7.4.x (fpm-fcgi) (built: Aug 14 2018 16:48:43)
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
$ yum install -y php-mbstring.x86_64
$ yum install -y php-xml.x86_64
$ yum install php-gd.x86_64
5.nginxとphp-fpmの連携設定
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
#include /etc/nginx/conf.d/*.conf;
index index.php index.html index.htm;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name localhost;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name localhost;
ssl_certificate "/etc/letsencrypt/live/host.example.com/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/host.example.com/privkey.pem";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
root /usr/share/nginx/html/xxx/public;
index index.php index.html index.htm;
access_log /var/log/nginx/xxx-access.log main;
error_log /var/log/nginx/xxx-error.log warn;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
error_page 404 /404.html;
location = /40x.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/run/php-fpm/xxx.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/index.php;
fastcgi_param HOSTNAME host.example.com;
fastcgi_max_temp_file_size 0;
fastcgi_buffer_size 4K;
fastcgi_buffers 64 4k;
include fastcgi_params;
}
}
}
/etc/php-fpm.d/www.conf
を
/etc/php-fpm.d/xxx.conf にリネームして以下のように編集
-; Start a new pool named 'www'.
+; Start a new pool named 'xxx'.
; the variable $pool can we used in any directive and will be replaced by the
-; pool name ('www' here)
-[www]
+; pool name ('xxx' here)
+[xxx]
; Per pool prefix
(略)
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
; RPM: apache user chosen to provide access to the same directories as httpd
-user = apache
+user = nginx
; RPM: Keep a group allowed to write in log dir.
-group = apache
+group = nginx
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
-listen = /run/php-fpm/www.sock
+listen = /run/php-fpm/xxx.sock
; Set listen(2) backlog.
; Default Value: 511
;listen.backlog = 511
(略)
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
-listen.acl_users = apache
+listen.acl_users = apache,nginx
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
(略)
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
-slowlog = /var/log/php-fpm/www-slow.log
+slowlog = /var/log/php-fpm/xxx-slow.log
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
(略)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
-php_admin_value[error_log] = /var/log/php-fpm/www-error.log
+php_admin_value[error_log] = /var/log/php-fpm/xxx-error.log
php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 128M
(略)
php-fpm再起動
$ sudo systemctl restart php-fpm.service
nginx起動
$ sudo systemctl restart nginx
プロジェクトのドキュメントルートにphpinfoのファイルを作成して表示できるか確認
$ echo '<?php phpinfo(); ?>' > /usr/share/nginx/html/xxx/public/phpinfo.php
ブラウザでhttps://host.example.com/phpinfo.phpをたたいて確認
6.DBセットアップ
望むバージョンを入れるためリポジトリファイル新規作成
$ vi /etc/yum.repos.d/MariaDB.repo
以下のように定義
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.3/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
インストール
$ yum install MariaDB-server MariaDB-client -y
起動
$ systemctl start mariadb
バージョン確認
$ mysql -V
mysql Ver 15.1 Distrib 10.3.22-MariaDB, for Linux (x86_64) using readline 5.1
有効化
$ systemctl enable mariadb
$ systemctl is-enabled mariadb
セキュリティ設定 rootのパスワード等を設定します。
$ mysql_secure_installation
Set root password? [Y/n] Y
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] n
Remove test database and access to it? [Y/n] n
Reload privilege tables now? [Y/n] n
...
Thanks for using MariaDB!
rootのパスワードを設定しておく。
リモート接続できるように。
# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 520
Server version: 10.1.31-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO root@"%" IDENTIFIED BY '[リモート接続パスワード]' WITH GRANT OPTION;
MariaDB [(none)]> FLUSH PRIVILEGES;
セキュリティを高めるためにポートを変えます。一旦停止してから設定に追記します。
$ systemctl stop mariadb
$ vi /etc/my.cnf.d/server.cnf
/etc/my.cnf.d/server.cnfの末尾に追記
port=3406
起動
$ systemctl start mariadb
7.DB構築実行
.envの接続設定のポート番号が合っているか確認する。
マイグレーション実行
$ php artisan migrate
シーダー実行
$ php artisan db:seed
10.ファイルパーミッション変更
以下4つのフォルダのパーミッションを777にする。
/usr/share/nginx/html/csf/storage/logs
/usr/share/nginx/html/csf/storage/framework/cache
/usr/share/nginx/html/csf/storage/framework/sessions
/usr/share/nginx/html/csf/storage/framework/views