LoginSignup
1
1

More than 3 years have passed since last update.

@oko1977

laravel+Vueプロダクトのデプロイサーバセットアップ

Last updated at Posted at 2020-06-29

書いてあること

EC2上にlaravel+vueで開発したプロダクトの実行環境を構築する方法。
OSはAmazonLinux2です。

手順

1.EC2のセットアップ

初期ユーザやrootにパスワードかける。
「yum update -y」でパッケージアップデートする。
日本時間にして日本語に対応させる。

$ timedatectl set-timezone Asia/Tokyo
$ localectl set-locale LANG=ja_JP.UTF-8
$ localectl set-keymap jp106
$ date
Wed Apr 22 13:53:00 JST 2020

ホスト名設定 

$ hostnamectl set-hostname host.example.com

ホスト名設定

$ vi /etc/sysconfig/network
NETWORKING=yes
NOZEROCONF=yes
+HOSTNAME=host.example.com

2.証明書取得

httpsで公開したいので。
rootユーザで

$ wget https://dl.eff.org/certbot-auto
$ chmod 700 certbot-auto
EC2用に書き換え
$ vi certbot-auto
elif [ -f /etc/issue ] && grep -iq "Amazon Linux" /etc/issue ; then
  Bootstrap() {
    ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
  }
  BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"elif grep -i "Amazon Linux" /etc/issue > /dev/null 2>&1 || \
   grep 'cpe:.*:amazon_linux:2' /etc/os-release > /dev/null 2>&1; then
  Bootstrap() {
    ExperimentalBootstrap "Amazon Linux" BootstrapRpmCommon
  }
  BOOTSTRAP_VERSION="BootstrapRpmCommon $BOOTSTRAP_RPM_COMMON_VERSION"

コマンド移動

$ sudo mv ./certbot-auto /usr/local/bin

証明書取得

$ certbot-auto certonly --standalone -d csfhost.example.com --debug
/etc/letsencrypt/live/host.example.com/ 以下に証明書ができる。

3.nginxのインストール

rootユーザで

$ amazon-linux-extras install nginx1.12 -y

nginxの起動とインスタンス起動時自動起動の設定

$ sudo systemctl start nginx
$ sudo systemctl enable nginx
$ systemctl status nginx

4.phpのインストール

rootユーザで

$ amazon-linux-extras info php7.4
$ sudo amazon-linux-extras install php7.4 -y
$ php-fpm -v
PHP 7.4.x (fpm-fcgi) (built: Aug 14 2018 16:48:43)
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.2.0, Copyright (c) 1998-2018 Zend Technologies
$ yum install -y php-mbstring.x86_64
$ yum install -y php-xml.x86_64
$ yum install php-gd.x86_64

5.nginxとphp-fpmの連携設定

[/etc/nginx/nginx.conf]
# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
  worker_connections 1024;
}

http {
  log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

  access_log  /var/log/nginx/access.log  main;

  sendfile            on;
  tcp_nopush          on;
  tcp_nodelay         on;
  keepalive_timeout   65;
  types_hash_max_size 2048;

  include             /etc/nginx/mime.types;
  default_type        application/octet-stream;

  # Load modular configuration files from the /etc/nginx/conf.d directory.
  # See http://nginx.org/en/docs/ngx_core_module.html#include
  # for more information.
  #include /etc/nginx/conf.d/*.conf;
  index   index.php index.html index.htm;

  server {
    listen       80 default_server;
    listen       [::]:80 default_server;
    server_name  localhost;

    return 301   https://$host$request_uri;
  }

  server {
    listen       443 ssl http2 default_server;
    listen       [::]:443 ssl http2 default_server;
    server_name  localhost;

    ssl_certificate "/etc/letsencrypt/live/host.example.com/fullchain.pem";
    ssl_certificate_key "/etc/letsencrypt/live/host.example.com/privkey.pem";

    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout  10m;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    root   /usr/share/nginx/html/xxx/public;
    index  index.php index.html index.htm;

    access_log  /var/log/nginx/xxx-access.log  main;
    error_log   /var/log/nginx/xxx-error.log  warn;

    location / {
      try_files $uri $uri/ /index.php?$query_string;
    }

    error_page 404 /404.html;
    location = /40x.html {
      root   /usr/share/nginx/html;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
      root   /usr/share/nginx/html;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   unix:/run/php-fpm/xxx.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root/index.php;
        fastcgi_param  HOSTNAME host.example.com;

        fastcgi_max_temp_file_size 0;
        fastcgi_buffer_size 4K;
        fastcgi_buffers 64 4k;

        include        fastcgi_params;
    }
  }
}

/etc/php-fpm.d/www.conf

/etc/php-fpm.d/xxx.conf にリネームして以下のように編集

[xxx.conf]
-; Start a new pool named 'www'.
+; Start a new pool named 'xxx'.
; the variable $pool can we used in any directive and will be replaced by the
-; pool name ('www' here)
-[www]
+; pool name ('xxx' here)
+[xxx]

; Per pool prefix
(略)
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
;       will be used.
; RPM: apache user chosen to provide access to the same directories as httpd
-user = apache
+user = nginx
; RPM: Keep a group allowed to write in log dir.
-group = apache
+group = nginx

; The address on which to accept FastCGI requests.
; Valid syntaxes are:
;   'ip.add.re.ss:port'    - to listen on a TCP socket to a specific IPv4 address on
;                            a specific port;
;   '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
;                            a specific port;
;   'port'                 - to listen on a TCP socket to all addresses
;                            (IPv6 and IPv4-mapped) on a specific port;
;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
-listen = /run/php-fpm/www.sock
+listen = /run/php-fpm/xxx.sock

; Set listen(2) backlog.
; Default Value: 511
;listen.backlog = 511
(略)
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
-listen.acl_users = apache
+listen.acl_users = apache,nginx
;listen.acl_groups =

; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
(略)
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
-slowlog = /var/log/php-fpm/www-slow.log
+slowlog = /var/log/php-fpm/xxx-slow.log

; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
(略)
; Default Value: nothing is defined by default except the values in php.ini and
;                specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
-php_admin_value[error_log] = /var/log/php-fpm/www-error.log
+php_admin_value[error_log] = /var/log/php-fpm/xxx-error.log
php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 128M
(略)

php-fpm再起動

$ sudo systemctl restart php-fpm.service                            
nginx起動                         
$ sudo systemctl restart nginx

プロジェクトのドキュメントルートにphpinfoのファイルを作成して表示できるか確認

$ echo '<?php phpinfo(); ?>' > /usr/share/nginx/html/xxx/public/phpinfo.php

ブラウザでhttps://host.example.com/phpinfo.phpをたたいて確認

6.DBセットアップ

望むバージョンを入れるためリポジトリファイル新規作成

$ vi /etc/yum.repos.d/MariaDB.repo

以下のように定義

[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.3/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

インストール

$ yum install MariaDB-server MariaDB-client -y

起動

$ systemctl start mariadb

バージョン確認

$ mysql -V
mysql  Ver 15.1 Distrib 10.3.22-MariaDB, for Linux (x86_64) using readline 5.1

有効化

$ systemctl enable mariadb
$ systemctl is-enabled mariadb

セキュリティ設定 rootのパスワード等を設定します。

$ mysql_secure_installation
Set root password? [Y/n] Y
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] n
Remove test database and access to it? [Y/n] n
Reload privilege tables now? [Y/n] n
 ...
Thanks for using MariaDB!

rootのパスワードを設定しておく。
リモート接続できるように。

# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 520
Server version: 10.1.31-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO root@"%" IDENTIFIED BY '[リモート接続パスワード]' WITH GRANT OPTION;
MariaDB [(none)]> FLUSH PRIVILEGES;

セキュリティを高めるためにポートを変えます。一旦停止してから設定に追記します。

$ systemctl stop mariadb
$ vi /etc/my.cnf.d/server.cnf

/etc/my.cnf.d/server.cnfの末尾に追記

port=3406

起動

$ systemctl start mariadb

7.DB構築実行

.envの接続設定のポート番号が合っているか確認する。
マイグレーション実行

$ php artisan migrate

シーダー実行

$ php artisan db:seed

10.ファイルパーミッション変更

以下4つのフォルダのパーミッションを777にする。

/usr/share/nginx/html/csf/storage/logs
/usr/share/nginx/html/csf/storage/framework/cache
/usr/share/nginx/html/csf/storage/framework/sessions
/usr/share/nginx/html/csf/storage/framework/views
1
1
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
1
1