Stedding
Stedding is a minimalistic LEMP Stack setup for Laravel PHP. It facilitates the setting up of Laravel apps on a well prepared Ubuntu based VPS using Ansible Playbooks.
Local Box Requirements
You need to have Ansible installed on your local computer. This really differs from box to box See Ansible Documents for instructions.
For hashing the password for the admin user you have to install passlib:
pip install passlib
Remote Server Requirements
To run Ansible Playbooks properly on Ubuntu 20.10+ we need to setup a sudo user and make sure Python and some other packages such as ppa:ondrej/php are available so Ansible can run. The setting up of a sudo user and adding of the SSH keys has been taken care of. So is the adding of Python and Ondrej's PHP PPA. All you need is root access to the Ubuntu 16.0.4 box. Preferably using an SSH key.
NB Gist with useful setup tips
Playbooks
- Install prerequisites
- Sudo user Creation
- Web user Creation
- LEMP Provisioning
- Laravel Homebase Setup
Roles
Geerllingguy Roles:
added where possible with ansible-galaxy install --roles-path . geerlingguy.rolename inside roles folder.
Stedding Variables
Do not forget to adjust the vars in:
group_vars/allvars/mainymlhosts
where need be.
Hosts
Here you normally add at least the ip address for the server. We added two hosts in this example:
[web]
xxx.xxx.xx.xxx
[database]
xxx.xxx.xx.xxx
Main Variables
The variables in vars/main.yml are for setting up PHP, MySQL and Nginx details based on Geerlingguy roles.
All Variables
The variables in group_vars/all are for the repo, keys, branch, user, password and domain.
example:
repo_url : [email protected]:Larastudio/larastudio.git
github_keys: https://github.com/jasperf.keys
git_branch: master
sudo_user: admin
web_user: web
upassword: passsword
domain: larastud.io
database_name: database_name
database_user: database_user
database_user_password: database_user_password
Nginx
Nginx details are stored in vars/main.yml and server.yml . One host for the site being used for testing purposes has been added there. Do change it to work with the domain of your choice.
Certbot
Using Geerling's Certbot role Let's Encrypt's Certbot has been added to the server. This allows the site to use Let's Encrypt SSL certificate. This does however not adjust the Nginx's domain configuration to server on 443 and redirect port 80 traffic to port 443. Tweaks for this are being made.
Nginx Certbot plugin has to be added using
sudo apt-get install python-certbot-nginx
A task is in the works, but not done. Then you can run:
certbot --nginx
to start the installation. You will then be asked to choose a domain. Next, they will ask you to agree with the TOS and install all. Working on an incorporation on the server still.
NB May not be necessary if you run your own certs only. See further down on SSL
PHP
To work with PHP 7.4 Ondrej's PHP PPA is added in requirements playbook using:
- name: Add repository for PHP 7.
apt_repository: repo='ppa:ondrej/php'
PHP OpCache
For pre compiling PHP scripts Stedding uses PHP OpCache. For quick emptying OpCache use /etc/init.d/php7.1-fpm restart . Read more on it at Ma.ttias.be
Memcached
"Free & open source, high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load."
MariaDB
The MariaDB details are added to vars/main.yml are just dummy data. Do adjust them.
Composer
Composer is added and binary is put in the directory of the web user. Laravel is also added as a globally required package so it can be used.
To set up your Laravel application to work with Mailgun for sending out emails which is used in this repo check out this Laravel document
Nodejs
Nodejs role is installed and we automatically add the following global packages:
nodejs_npm_global_packages:
- name: yarn
- npm
Laravel Homebase Setup
To run your Laravel application from a specific project directory, the one added to your Nginx configuration, we have added a separate playbook. One we will expand upon soon with other tasks. For now the project directory is created only using this task:
- name: Project Folder Creation
file: dest=/var/www/{{domain}} mode=2755 state=directory owner=web group=www-data
The domain can be set in group_vars/all. [GUID]
Let's Encryp or Commercial SSL Certificates
OpenSSL role has been added so self signed certificates can be added when you would like to. Current Stedding setup is aimed at working with Let's Encrypt so this role has not been acitvated. The path to own SSL certificates have been commented out.
As you will see there are two server blocks. One is for port 80, the second one should be for port 443 and both in different files. Let's Encrypt task for auto renewal has also been added.