6.3 KiB
6.3 KiB
CKB Application Deployment Guide
Overview
This guide explains how to deploy the CKB Laravel application with Docker, SSL certificate, and reverse proxy configuration.
Prerequisites
- Ubuntu/Debian server
- Docker and Docker Compose installed
- Domain pointing to server IP
- Nginx installed on main server
- Root/sudo access
Architecture
Internet → Nginx (Port 80/443) → Docker Container (Port 8082) → Laravel App
File Structure
/var/www/ckb/
├── docker-compose.prod.yml # Docker services configuration
├── Dockerfile # Laravel app container
├── docker/
│ ├── nginx-proxy.conf # Internal nginx proxy
│ ├── php.ini # PHP configuration
│ ├── mysql.cnf # MySQL configuration
│ └── supervisord.conf # Process manager
├── nginx-ckb-reverse-proxy.conf # Main server nginx config
├── deploy-ckb.sh # Deployment script
├── setup-ssl.sh # SSL certificate setup script
└── DEPLOYMENT.md # This file
Container Names and Volumes
All containers and volumes are prefixed with ckb- to avoid conflicts:
Containers:
ckb-laravel-app- Laravel applicationckb-mariadb- Databaseckb-redis- Cache/Queueckb-nginx-proxy- Internal nginx proxy
Volumes:
ckb_mysql_data- Database datackb_redis_data- Redis datackb_nginx_logs- Nginx logsckb_storage_logs- Laravel logsckb_storage_cache- Laravel cache
Step-by-Step Deployment
Step 1: Prepare the Application
cd /var/www/ckb
# Make scripts executable
chmod +x deploy-ckb.sh
chmod +x setup-ssl.sh
Step 2: Deploy Docker Application
# Run deployment script
./deploy-ckb.sh
This script will:
- Stop existing containers
- Build and start new containers
- Check if containers are running
- Verify port 8082 is accessible
Step 3: Setup SSL Certificate
# Run SSL setup script (requires sudo)
sudo ./setup-ssl.sh
This script will:
- Install certbot if not present
- Create temporary nginx configuration
- Generate Let's Encrypt certificate
- Update nginx with SSL configuration
- Setup auto-renewal
Step 4: Manual Verification
# Check if containers are running
docker ps | grep ckb
# Check if port 8082 is accessible
curl -I http://localhost:8082
# Check SSL certificate
sudo certbot certificates
# Test HTTPS access
curl -I https://bengkel.digitaloasis.xyz
Configuration Files
docker-compose.prod.yml
- Updated container names with
ckb-prefix - Removed certbot service (handled by main server)
- Updated APP_URL to use HTTPS
- Specific volume names to avoid conflicts
nginx-proxy.conf
- Simplified configuration (no SSL handling)
- Proxy to
ckb-appcontainer - Rate limiting and security headers
- Static file caching
nginx-ckb-reverse-proxy.conf
- Main server nginx configuration
- SSL termination
- Reverse proxy to port 8082
- Security headers and SSL settings
Environment Variables
Create .env file in /var/www/ckb/:
APP_ENV=production
APP_DEBUG=false
APP_URL=https://bengkel.digitaloasis.xyz
DB_DATABASE=ckb_production
DB_USERNAME=laravel
DB_PASSWORD=your_password
DB_ROOT_PASSWORD=your_root_password
REDIS_PASSWORD=your_redis_password
Monitoring and Maintenance
View Logs
# Docker logs
docker-compose -f docker-compose.prod.yml logs -f
# Nginx logs (main server)
sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log
# Laravel logs
docker exec ckb-laravel-app tail -f /var/www/html/storage/logs/laravel.log
SSL Certificate Renewal
# Manual renewal
sudo certbot renew
# Check renewal status
sudo certbot certificates
Container Management
# Restart all services
docker-compose -f docker-compose.prod.yml restart
# Update application
git pull
docker-compose -f docker-compose.prod.yml up -d --build
# Stop all services
docker-compose -f docker-compose.prod.yml down
# Remove all data (WARNING: This will delete all data)
docker-compose -f docker-compose.prod.yml down -v
Troubleshooting
Port 8082 Not Accessible
# Check if container is running
docker ps | grep ckb-nginx-proxy
# Check container logs
docker-compose -f docker-compose.prod.yml logs ckb-nginx-proxy
# Check if port is bound
netstat -tlnp | grep 8082
SSL Certificate Issues
# Check certificate status
sudo certbot certificates
# Test certificate
sudo certbot renew --dry-run
# Check nginx configuration
sudo nginx -t
Database Connection Issues
# Check database container
docker exec ckb-mariadb mysql -u root -p -e "SHOW DATABASES;"
# Check Laravel database connection
docker exec ckb-laravel-app php artisan tinker
Permission Issues
# Fix Laravel permissions
docker exec ckb-laravel-app chown -R www-data:www-data /var/www/html
docker exec ckb-laravel-app chmod -R 775 /var/www/html/storage
docker exec ckb-laravel-app chmod -R 775 /var/www/html/bootstrap/cache
Security Considerations
- Firewall: Ensure only necessary ports are open
- SSL: Certificate auto-renewal is configured
- Rate Limiting: Configured for login and API endpoints
- Security Headers: HSTS, XSS protection, etc.
- File Permissions: Proper Laravel file permissions
- Database: Strong passwords and limited access
Backup Strategy
Database Backup
# Create backup
docker exec ckb-mariadb mysqldump -u root -p ckb_production > backup.sql
# Restore backup
docker exec -i ckb-mariadb mysql -u root -p ckb_production < backup.sql
Application Backup
# Backup application files
tar -czf ckb-backup-$(date +%Y%m%d).tar.gz /var/www/ckb/
# Backup volumes
docker run --rm -v ckb_mysql_data:/data -v $(pwd):/backup alpine tar czf /backup/mysql-backup.tar.gz -C /data .
Performance Optimization
- Nginx: Gzip compression enabled
- Laravel: Production optimizations
- Database: Proper indexing
- Redis: Caching and session storage
- Static Files: Long-term caching headers
Support
For issues or questions:
- Check logs first
- Verify configuration files
- Test connectivity step by step
- Check system resources
- Review security settings