Differences

This shows you the differences between two versions of the page.

--- deploy_laravel_application_on_a_linux_vds [2025/05/13 07:30] – kkaragoz
+++ deploy_laravel_application_on_a_linux_vds [2025/05/13 07:48] (current) – kkaragoz
@@ Line 95: / Line 95: @@
 </code>
 ===== 3- Bind a Domain =====
-Connect a domain to a server can be done by simply changing the DNS records of the domain. Lets assume the VDS server's IP address as 100.45.213.77. Here is an example DNS record table:
+Connect a domain to a server can be done by simply changing the DNS records of the domain. You will typically manage these records through your **domain registrar's website** or a **separate DNS hosting provider's control panel**. Lets assume the VDS server's IP address as 100.45.213.77.
+Here is an example DNS record table you might configure:
 ^ Type ^ Name ^ Content       ^ TTL  ^
@@ Line 103: / Line 105: @@
 | AAAA | @    | Public IPv6   | Auto |
-  - @ stands for the full domain address (FQDN) like ''%%vicky.com%%''.
+  * ''%%@%%'' stands for the base domain address (often called the root domain or FQDN) like ''%%vicky.com%%''.
-  - For IPv6 you should create AAAA record.
+  * For IPv6, you should create an AAAA record pointing to your server's public IPv6 address.
-  - * stands for the whole subdomains like ''%%*.vicky.com%%''.
+  * ''%%*%%'' stands for a wildcard, representing all subdomains that don't have a specific A record defined, like ''%%anything.vicky.com%%''.
-  - sub1: I wrote sub1 but it can be anything. I'll assume ''%%secret%%'' instead of ''%%sub1%%'', this record stands for ''%%secret.vicky.com%%''.
+  * ''%%sub1%%'': I wrote sub1 but it can be anything. I'll assume ''%%secret%%'' instead of ''%%sub1%%'', this record stands for ''%%secret.vicky.com%%''.
-  - You can add more subdomains as I showed on the table by ''%%sub1%%''
+  * You can add more specific subdomains as needed by creating additional A records.
+  * ''%%TTL%%'' (Time To Live) is the duration that DNS resolvers are told to cache your record before requesting a fresh copy. 'Auto' is usually fine, letting the provider decide.
+{{ :screenshot_20250512_121756.png?400 | Example screenshot of a DNS configuration interface (placeholder)}}
+You don't have to add explicit records for every single subdomain if you use the ''%%*%%'' wildcard record. However, note that an explicit record for a specific subdomain will take precedence over the wildcard record.
-{{ :screenshot_20250512_121756.png?400 |}}
+**DNS Propagation:** After saving your DNS changes, it can take some time for these updates to propagate across the internet's DNS servers. This process, called propagation, can range from a few minutes to several hours, sometimes up to 48 hours, though typically faster for A records. You can use online tools or command-line utilities like ''%%dig%%'' or ''%%nslookup%%'' to check the status of your DNS propagation from different locations.
-You don't have to add record of the subdomain like sub1, sub2, sub3, etc. When you add '*' symbol and create a record, it represent all subdomains that you will create.
+Once these DNS records are pointing to your server's IP address, you will configure your web server (Nginx) in the next section to respond to requests for these domain names.
 ===== 4- Nginx Installation & Configuration =====
 [[https://nginx.org|nginx]] ("engine x") is an HTTP web server, reverse proxy, content cache, load balancer, TCP/UDP proxy server, and mail proxy server. Before nginx installation we should be ensure about apache/apache2 is not running and enabled.
@@ Line 238: / Line 245: @@
 ===== 5- SSL Certification: Certbot =====
-It is time to apply SSL certificates of domains. I use "**Full SSL Encryption**" on CloudFlare for my domain addresses.To install SSL certificates firstly check for updates:
+It is essential to secure your application with SSL/TLS encryption to protect data in transit and build user trust. [[https://letsencrypt.org/|Let's Encrypt]] provides free, automated, and open Certificate Authorities, and [[https://certbot.eff.org|Certbot]] is a tool to easily obtain and manage these certificates, especially for web servers like Nginx.
+You mentioned using "**Full SSL Encryption**" on Cloudflare. This means Cloudflare encrypts the connection between the user and Cloudflare, and ''%%also%%'' encrypts the connection between Cloudflare and your origin server. For Cloudflare's "Full SSL" to work correctly, your server ''%%still needs a valid SSL certificate%%''. Certbot will provide this valid certificate.
+To install Certbot and the Nginx plugin, first ensure your package list is up-to-date:
 <code bash>
 sudo apt update && sudo apt upgrade
 </code>
-We are ready to install [[https://certbot.eff.org|Certbot]]:
+Now we are ready to install Certbot:
 <code bash>
 sudo apt install certbot python3-certbot-nginx
 </code>
-After installation is completed, lets move to the ''%%sites-enabled%%'' path again.
+After installation is completed, we will use the Certbot Nginx plugin, which can automatically configure SSL for domains specified in your Nginx configuration files located in ''%%/etc/nginx/sites-enabled/%%''.
 <code bash>
-cd /etc/nginx/sites-enabled/
+sudo certbot --nginx
 </code>
+When you run this command, Certbot will:
+  * Prompt you for an email address for urgent renewal or security notices.
+  * Ask you to agree to the terms of service.
+  * Scan your Nginx configuration files for ''%%server_name%%'' directives to find the domains you want to secure.
+  * Present a list of identified domains and ask you to select which ones you want certificates for.
+  * Communicate with the Let's Encrypt servers to verify domain ownership (usually by serving a temporary file through your web server).
+  * If successful, it will obtain the SSL certificates.
+  * **Automatically modify** your Nginx configuration file(s) in ''%%/etc/nginx/sites-enabled/%%'' to:
+    * Add the ''%%listen 443 ssl;%%'' directive for HTTPS.
+    * Point to the correct ''%%ssl_certificate%%'' and ''%%ssl_certificate_key%%'' files it just obtained.
+    * (Optionally) Ask if you want to redirect HTTP traffic (port 80) to HTTPS (port 443). It is highly recommended to choose the redirect option for better security and SEO.
+  * **Automatically set up a renewal mechanism** (usually a systemd timer or cron job) that will attempt to renew your certificates before they expire (Let's Encrypt certificates are valid for 90 days).
-Then run the following command for automatic SSL certificate process:
+After Certbot completes its process and potentially modifies your Nginx configuration, it will usually handle reloading or restarting Nginx itself. However, it's a good practice to test the Nginx configuration and explicitly reload to be sure:
 <code bash>
-sudo certbot --nginx
+sudo nginx -t # Test Nginx configuration for syntax errors
-</code>
+sudo systemctl reload nginx # Reload Nginx to apply changes
-Enter the related fields like email, confirm terms, select domains, etc. Then Certbot will notify about the certification status. If it's done, you can reload the nginx again.
-<code bash>
-sudo systemctl reload nginx
 </code>
+You can verify that SSL is working by visiting your domain(s) in a web browser and checking for the padlock icon in the address bar and ensuring the URL starts with ''%%https://%%''.
+**Important:** The ''%%certbot --nginx%%'' command only needs to be run the first time to obtain the certificate and configure Nginx. Certbot's automatic renewal process handles keeping your certificates up-to-date in the future.
 ===== 6- PHP Installation =====
 Let's proceed to uninstall the currently installed PHP packages and then install a specific version (like PHP 8.2) cleanly using the Ondřej Surý PPA, which is the recommended way for up-to-date PHP versions on Ubuntu/Debian.
@@ Line 628: / Line 652: @@
 php artisan migrate
 </code>