Last active
January 26, 2026 13:23
-
-
Save eduanmoldeep/417795775987a6e865c4187300d7e382 to your computer and use it in GitHub Desktop.
setup laravel and mariadb
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Laravel + MariaDB Production Server Setup Script | |
| # For Ubuntu 22.04 LTS | |
| # Run as root or with sudo | |
| set -e # Exit on error | |
| # Colors for output | |
| RED='\033[0;31m' | |
| GREEN='\033[0;32m' | |
| YELLOW='\033[1;33m' | |
| NC='\033[0m' # No Color | |
| echo -e "${GREEN}=== Laravel + MariaDB Server Setup ===${NC}\n" | |
| # Configuration Variables - CHANGE THESE | |
| read -p "Enter your domain name (e.g., example.com): " DOMAIN | |
| read -p "Enter your email for SSL certificates: " EMAIL | |
| read -p "Enter database name: " DB_NAME | |
| read -p "Enter database username: " DB_USER | |
| read -sp "Enter database password: " DB_PASS | |
| echo | |
| read -p "Enter your non-root username (will be created): " APP_USER | |
| read -sp "Enter password for $APP_USER: " USER_PASS | |
| echo | |
| read -p "Enter your Laravel app repository URL (optional, press enter to skip): " GIT_REPO | |
| APP_PATH="/var/www/$DOMAIN" | |
| echo -e "\n${YELLOW}Starting installation...${NC}\n" | |
| # Update system | |
| echo -e "${GREEN}[1/12] Updating system packages...${NC}" | |
| apt update && apt upgrade -y | |
| # Create non-root user | |
| echo -e "${GREEN}[2/12] Creating user $APP_USER...${NC}" | |
| if ! id "$APP_USER" &>/dev/null; then | |
| useradd -m -s /bin/bash -G sudo "$APP_USER" | |
| echo "$APP_USER:$USER_PASS" | chpasswd | |
| echo -e "${GREEN}User $APP_USER created${NC}" | |
| else | |
| echo -e "${YELLOW}User $APP_USER already exists${NC}" | |
| fi | |
| # Install essential packages | |
| echo -e "${GREEN}[3/12] Installing essential packages...${NC}" | |
| apt install -y software-properties-common curl wget git unzip supervisor ufw fail2ban | |
| # Add PHP repository | |
| echo -e "${GREEN}[4/12] Adding PHP repository...${NC}" | |
| add-apt-repository -y ppa:ondrej/php | |
| apt update | |
| # Install PHP and extensions | |
| echo -e "${GREEN}[5/12] Installing PHP 8.3 and extensions...${NC}" | |
| apt install -y php8.3-fpm php8.3-cli php8.3-mysql php8.3-mbstring php8.3-xml \ | |
| php8.3-bcmath php8.3-curl php8.3-zip php8.3-gd php8.3-intl php8.3-redis \ | |
| php8.3-opcache php8.3-soap php8.3-tokenizer | |
| # Install Composer | |
| echo -e "${GREEN}[6/12] Installing Composer...${NC}" | |
| curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer | |
| # Install Nginx | |
| echo -e "${GREEN}[7/12] Installing Nginx...${NC}" | |
| apt install -y nginx | |
| # Install MariaDB | |
| echo -e "${GREEN}[8/12] Installing MariaDB...${NC}" | |
| apt install -y mariadb-server mariadb-client | |
| # Secure MariaDB | |
| echo -e "${GREEN}[9/12] Securing MariaDB...${NC}" | |
| mysql -e "DELETE FROM mysql.user WHERE User='';" | |
| mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" | |
| mysql -e "DROP DATABASE IF EXISTS test;" | |
| mysql -e "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';" | |
| mysql -e "FLUSH PRIVILEGES;" | |
| # Create database and user | |
| echo -e "${GREEN}[10/12] Creating database and user...${NC}" | |
| mysql -e "CREATE DATABASE IF NOT EXISTS $DB_NAME CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;" | |
| mysql -e "CREATE USER IF NOT EXISTS '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';" | |
| mysql -e "GRANT ALL PRIVILEGES ON $DB_NAME.* TO '$DB_USER'@'localhost';" | |
| mysql -e "FLUSH PRIVILEGES;" | |
| # Configure firewall | |
| echo -e "${GREEN}[11/12] Configuring firewall...${NC}" | |
| ufw --force enable | |
| ufw allow 22/tcp | |
| ufw allow 80/tcp | |
| ufw allow 443/tcp | |
| ufw status | |
| # Install Redis (optional but recommended) | |
| echo -e "${GREEN}Installing Redis...${NC}" | |
| apt install -y redis-server | |
| systemctl enable redis-server | |
| systemctl start redis-server | |
| # Configure PHP | |
| echo -e "${GREEN}[12/12] Configuring PHP...${NC}" | |
| PHP_INI="/etc/php/8.3/fpm/php.ini" | |
| sed -i 's/upload_max_filesize = .*/upload_max_filesize = 64M/' $PHP_INI | |
| sed -i 's/post_max_size = .*/post_max_size = 64M/' $PHP_INI | |
| sed -i 's/max_execution_time = .*/max_execution_time = 300/' $PHP_INI | |
| sed -i 's/memory_limit = .*/memory_limit = 512M/' $PHP_INI | |
| sed -i 's/;opcache.enable=.*/opcache.enable=1/' $PHP_INI | |
| sed -i 's/;opcache.memory_consumption=.*/opcache.memory_consumption=128/' $PHP_INI | |
| sed -i 's/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/' $PHP_INI | |
| # Create application directory | |
| echo -e "${GREEN}Creating application directory...${NC}" | |
| mkdir -p $APP_PATH | |
| chown -R $APP_USER:$APP_USER $APP_PATH | |
| # Clone repository if provided | |
| if [ ! -z "$GIT_REPO" ]; then | |
| echo -e "${GREEN}Cloning repository...${NC}" | |
| sudo -u $APP_USER git clone $GIT_REPO $APP_PATH | |
| cd $APP_PATH | |
| sudo -u $APP_USER composer install --no-dev --optimize-autoloader | |
| fi | |
| # Create Nginx configuration | |
| echo -e "${GREEN}Configuring Nginx...${NC}" | |
| cat > /etc/nginx/sites-available/$DOMAIN << EOF | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name $DOMAIN www.$DOMAIN; | |
| root $APP_PATH/public; | |
| add_header X-Frame-Options "SAMEORIGIN"; | |
| add_header X-Content-Type-Options "nosniff"; | |
| index index.php; | |
| charset utf-8; | |
| location / { | |
| try_files \$uri \$uri/ /index.php?\$query_string; | |
| } | |
| location = /favicon.ico { access_log off; log_not_found off; } | |
| location = /robots.txt { access_log off; log_not_found off; } | |
| error_page 404 /index.php; | |
| location ~ \.php$ { | |
| fastcgi_pass unix:/var/run/php/php8.3-fpm.sock; | |
| fastcgi_param SCRIPT_FILENAME \$realpath_root\$fastcgi_script_name; | |
| include fastcgi_params; | |
| } | |
| location ~ /\.(?!well-known).* { | |
| deny all; | |
| } | |
| } | |
| EOF | |
| ln -sf /etc/nginx/sites-available/$DOMAIN /etc/nginx/sites-enabled/ | |
| rm -f /etc/nginx/sites-enabled/default | |
| # Test Nginx configuration | |
| nginx -t | |
| # Install Certbot for SSL | |
| echo -e "${GREEN}Installing Certbot for SSL...${NC}" | |
| apt install -y certbot python3-certbot-nginx | |
| # Restart services | |
| echo -e "${GREEN}Restarting services...${NC}" | |
| systemctl restart php8.3-fpm | |
| systemctl restart nginx | |
| systemctl restart mariadb | |
| # Create .env file template | |
| if [ ! -z "$GIT_REPO" ]; then | |
| echo -e "${GREEN}Creating .env file...${NC}" | |
| cd $APP_PATH | |
| if [ ! -f .env ]; then | |
| sudo -u $APP_USER cp .env.example .env | |
| sudo -u $APP_USER sed -i "s/DB_DATABASE=.*/DB_DATABASE=$DB_NAME/" .env | |
| sudo -u $APP_USER sed -i "s/DB_USERNAME=.*/DB_USERNAME=$DB_USER/" .env | |
| sudo -u $APP_USER sed -i "s/DB_PASSWORD=.*/DB_PASSWORD=$DB_PASS/" .env | |
| sudo -u $APP_USER php artisan key:generate | |
| fi | |
| fi | |
| # Set proper permissions | |
| echo -e "${GREEN}Setting permissions...${NC}" | |
| if [ -d "$APP_PATH" ]; then | |
| chown -R $APP_USER:www-data $APP_PATH | |
| chmod -R 755 $APP_PATH | |
| if [ -d "$APP_PATH/storage" ]; then | |
| chmod -R 775 $APP_PATH/storage | |
| fi | |
| if [ -d "$APP_PATH/bootstrap/cache" ]; then | |
| chmod -R 775 $APP_PATH/bootstrap/cache | |
| fi | |
| fi | |
| # Create supervisor config for Laravel queues | |
| echo -e "${GREEN}Creating supervisor configuration for queues...${NC}" | |
| cat > /etc/supervisor/conf.d/laravel-worker.conf << EOF | |
| [program:laravel-worker] | |
| process_name=%(program_name)s_%(process_num)02d | |
| command=php $APP_PATH/artisan queue:work --sleep=3 --tries=3 --max-time=3600 | |
| autostart=true | |
| autorestart=true | |
| stopasgroup=true | |
| killasgroup=true | |
| user=$APP_USER | |
| numprocs=2 | |
| redirect_stderr=true | |
| stdout_logfile=$APP_PATH/storage/logs/worker.log | |
| stopwaitsecs=3600 | |
| EOF | |
| supervisorctl reread | |
| supervisorctl update | |
| # Configure fail2ban for SSH | |
| echo -e "${GREEN}Configuring fail2ban...${NC}" | |
| systemctl enable fail2ban | |
| systemctl start fail2ban | |
| # Create deployment script | |
| cat > /usr/local/bin/deploy-laravel << 'EOF' | |
| #!/bin/bash | |
| cd $APP_PATH | |
| git pull origin main | |
| composer install --no-dev --optimize-autoloader | |
| php artisan migrate --force | |
| php artisan config:cache | |
| php artisan route:cache | |
| php artisan view:cache | |
| php artisan storage:link | |
| supervisorctl restart laravel-worker:* | |
| EOF | |
| chmod +x /usr/local/bin/deploy-laravel | |
| echo -e "\n${GREEN}=== Installation Complete! ===${NC}\n" | |
| echo -e "${YELLOW}Next steps:${NC}" | |
| echo "1. Obtain SSL certificate: sudo certbot --nginx -d $DOMAIN -d www.$DOMAIN --email $EMAIL --agree-tos" | |
| echo "2. Configure SSH key authentication and disable password login" | |
| echo "3. Upload your Laravel application to: $APP_PATH" | |
| echo "4. Run migrations: cd $APP_PATH && php artisan migrate" | |
| echo "5. Set up automatic backups using cron" | |
| echo "" | |
| echo -e "${YELLOW}Database credentials:${NC}" | |
| echo "Database: $DB_NAME" | |
| echo "Username: $DB_USER" | |
| echo "Password: [hidden]" | |
| echo "" | |
| echo -e "${YELLOW}Application path:${NC} $APP_PATH" | |
| echo -e "${YELLOW}User:${NC} $APP_USER" | |
| echo "" | |
| echo -e "${GREEN}Deployment command:${NC} sudo deploy-laravel" | |
| echo -e "\n${RED}IMPORTANT: Save your database password securely!${NC}\n" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment