290 lines
6.3 KiB
Markdown
290 lines
6.3 KiB
Markdown
# CKB Application Deployment Guide
|
|
|
|
## Overview
|
|
|
|
This guide explains how to deploy the CKB Laravel application with Docker, SSL certificate, and reverse proxy configuration.
|
|
|
|
## Prerequisites
|
|
|
|
- Ubuntu/Debian server
|
|
- Docker and Docker Compose installed
|
|
- Domain pointing to server IP
|
|
- Nginx installed on main server
|
|
- Root/sudo access
|
|
|
|
## Architecture
|
|
|
|
```
|
|
Internet → Nginx (Port 80/443) → Docker Container (Port 8082) → Laravel App
|
|
```
|
|
|
|
## File Structure
|
|
|
|
```
|
|
/var/www/ckb/
|
|
├── docker-compose.prod.yml # Docker services configuration
|
|
├── Dockerfile # Laravel app container
|
|
├── docker/
|
|
│ ├── nginx-proxy.conf # Internal nginx proxy
|
|
│ ├── php.ini # PHP configuration
|
|
│ ├── mysql.cnf # MySQL configuration
|
|
│ └── supervisord.conf # Process manager
|
|
├── nginx-ckb-reverse-proxy.conf # Main server nginx config
|
|
├── deploy-ckb.sh # Deployment script
|
|
├── setup-ssl.sh # SSL certificate setup script
|
|
└── DEPLOYMENT.md # This file
|
|
```
|
|
|
|
## Container Names and Volumes
|
|
|
|
All containers and volumes are prefixed with `ckb-` to avoid conflicts:
|
|
|
|
### Containers:
|
|
|
|
- `ckb-laravel-app` - Laravel application
|
|
- `ckb-mariadb` - Database
|
|
- `ckb-redis` - Cache/Queue
|
|
- `ckb-nginx-proxy` - Internal nginx proxy
|
|
|
|
### Volumes:
|
|
|
|
- `ckb_mysql_data` - Database data
|
|
- `ckb_redis_data` - Redis data
|
|
- `ckb_nginx_logs` - Nginx logs
|
|
- `ckb_storage_logs` - Laravel logs
|
|
- `ckb_storage_cache` - Laravel cache
|
|
|
|
## Step-by-Step Deployment
|
|
|
|
### Step 1: Prepare the Application
|
|
|
|
```bash
|
|
cd /var/www/ckb
|
|
|
|
# Make scripts executable
|
|
chmod +x deploy-ckb.sh
|
|
chmod +x setup-ssl.sh
|
|
```
|
|
|
|
### Step 2: Deploy Docker Application
|
|
|
|
```bash
|
|
# Run deployment script
|
|
./deploy-ckb.sh
|
|
```
|
|
|
|
This script will:
|
|
|
|
- Stop existing containers
|
|
- Build and start new containers
|
|
- Check if containers are running
|
|
- Verify port 8082 is accessible
|
|
|
|
### Step 3: Setup SSL Certificate
|
|
|
|
```bash
|
|
# Run SSL setup script (requires sudo)
|
|
sudo ./setup-ssl.sh
|
|
```
|
|
|
|
This script will:
|
|
|
|
- Install certbot if not present
|
|
- Create temporary nginx configuration
|
|
- Generate Let's Encrypt certificate
|
|
- Update nginx with SSL configuration
|
|
- Setup auto-renewal
|
|
|
|
### Step 4: Manual Verification
|
|
|
|
```bash
|
|
# Check if containers are running
|
|
docker ps | grep ckb
|
|
|
|
# Check if port 8082 is accessible
|
|
curl -I http://localhost:8082
|
|
|
|
# Check SSL certificate
|
|
sudo certbot certificates
|
|
|
|
# Test HTTPS access
|
|
curl -I https://bengkel.digitaloasis.xyz
|
|
```
|
|
|
|
## Configuration Files
|
|
|
|
### docker-compose.prod.yml
|
|
|
|
- Updated container names with `ckb-` prefix
|
|
- Removed certbot service (handled by main server)
|
|
- Updated APP_URL to use HTTPS
|
|
- Specific volume names to avoid conflicts
|
|
|
|
### nginx-proxy.conf
|
|
|
|
- Simplified configuration (no SSL handling)
|
|
- Proxy to `ckb-app` container
|
|
- Rate limiting and security headers
|
|
- Static file caching
|
|
|
|
### nginx-ckb-reverse-proxy.conf
|
|
|
|
- Main server nginx configuration
|
|
- SSL termination
|
|
- Reverse proxy to port 8082
|
|
- Security headers and SSL settings
|
|
|
|
## Environment Variables
|
|
|
|
Create `.env` file in `/var/www/ckb/`:
|
|
|
|
```env
|
|
APP_ENV=production
|
|
APP_DEBUG=false
|
|
APP_URL=https://bengkel.digitaloasis.xyz
|
|
DB_DATABASE=ckb_production
|
|
DB_USERNAME=laravel
|
|
DB_PASSWORD=your_password
|
|
DB_ROOT_PASSWORD=your_root_password
|
|
REDIS_PASSWORD=your_redis_password
|
|
```
|
|
|
|
## Monitoring and Maintenance
|
|
|
|
### View Logs
|
|
|
|
```bash
|
|
# Docker logs
|
|
docker-compose -f docker-compose.prod.yml logs -f
|
|
|
|
# Nginx logs (main server)
|
|
sudo tail -f /var/log/nginx/access.log
|
|
sudo tail -f /var/log/nginx/error.log
|
|
|
|
# Laravel logs
|
|
docker exec ckb-laravel-app tail -f /var/www/html/storage/logs/laravel.log
|
|
```
|
|
|
|
### SSL Certificate Renewal
|
|
|
|
```bash
|
|
# Manual renewal
|
|
sudo certbot renew
|
|
|
|
# Check renewal status
|
|
sudo certbot certificates
|
|
```
|
|
|
|
### Container Management
|
|
|
|
```bash
|
|
# Restart all services
|
|
docker-compose -f docker-compose.prod.yml restart
|
|
|
|
# Update application
|
|
git pull
|
|
docker-compose -f docker-compose.prod.yml up -d --build
|
|
|
|
# Stop all services
|
|
docker-compose -f docker-compose.prod.yml down
|
|
|
|
# Remove all data (WARNING: This will delete all data)
|
|
docker-compose -f docker-compose.prod.yml down -v
|
|
```
|
|
|
|
## Troubleshooting
|
|
|
|
### Port 8082 Not Accessible
|
|
|
|
```bash
|
|
# Check if container is running
|
|
docker ps | grep ckb-nginx-proxy
|
|
|
|
# Check container logs
|
|
docker-compose -f docker-compose.prod.yml logs ckb-nginx-proxy
|
|
|
|
# Check if port is bound
|
|
netstat -tlnp | grep 8082
|
|
```
|
|
|
|
### SSL Certificate Issues
|
|
|
|
```bash
|
|
# Check certificate status
|
|
sudo certbot certificates
|
|
|
|
# Test certificate
|
|
sudo certbot renew --dry-run
|
|
|
|
# Check nginx configuration
|
|
sudo nginx -t
|
|
```
|
|
|
|
### Database Connection Issues
|
|
|
|
```bash
|
|
# Check database container
|
|
docker exec ckb-mariadb mysql -u root -p -e "SHOW DATABASES;"
|
|
|
|
# Check Laravel database connection
|
|
docker exec ckb-laravel-app php artisan tinker
|
|
```
|
|
|
|
### Permission Issues
|
|
|
|
```bash
|
|
# Fix Laravel permissions
|
|
docker exec ckb-laravel-app chown -R www-data:www-data /var/www/html
|
|
docker exec ckb-laravel-app chmod -R 775 /var/www/html/storage
|
|
docker exec ckb-laravel-app chmod -R 775 /var/www/html/bootstrap/cache
|
|
```
|
|
|
|
## Security Considerations
|
|
|
|
1. **Firewall**: Ensure only necessary ports are open
|
|
2. **SSL**: Certificate auto-renewal is configured
|
|
3. **Rate Limiting**: Configured for login and API endpoints
|
|
4. **Security Headers**: HSTS, XSS protection, etc.
|
|
5. **File Permissions**: Proper Laravel file permissions
|
|
6. **Database**: Strong passwords and limited access
|
|
|
|
## Backup Strategy
|
|
|
|
### Database Backup
|
|
|
|
```bash
|
|
# Create backup
|
|
docker exec ckb-mariadb mysqldump -u root -p ckb_production > backup.sql
|
|
|
|
# Restore backup
|
|
docker exec -i ckb-mariadb mysql -u root -p ckb_production < backup.sql
|
|
```
|
|
|
|
### Application Backup
|
|
|
|
```bash
|
|
# Backup application files
|
|
tar -czf ckb-backup-$(date +%Y%m%d).tar.gz /var/www/ckb/
|
|
|
|
# Backup volumes
|
|
docker run --rm -v ckb_mysql_data:/data -v $(pwd):/backup alpine tar czf /backup/mysql-backup.tar.gz -C /data .
|
|
```
|
|
|
|
## Performance Optimization
|
|
|
|
1. **Nginx**: Gzip compression enabled
|
|
2. **Laravel**: Production optimizations
|
|
3. **Database**: Proper indexing
|
|
4. **Redis**: Caching and session storage
|
|
5. **Static Files**: Long-term caching headers
|
|
|
|
## Support
|
|
|
|
For issues or questions:
|
|
|
|
1. Check logs first
|
|
2. Verify configuration files
|
|
3. Test connectivity step by step
|
|
4. Check system resources
|
|
5. Review security settings
|