Trace: deploy_laravel_application_on_a_linux_vds

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
deploy_laravel_application_on_a_linux_vds [2025/05/13 07:35] – [3- Bind a Domain] kkaragozdeploy_laravel_application_on_a_linux_vds [2025/05/13 07:48] (current) kkaragoz
Line 245: Line 245:
  
 ===== 5- SSL Certification: Certbot ===== ===== 5- SSL Certification: Certbot =====
-It is time to apply SSL certificates of domainsI use "**Full SSL Encryption**" on CloudFlare for my domain addresses.To install SSL certificates firstly check for updates:+It is essential to secure your application with SSL/TLS encryption to protect data in transit and build user trust. [[https://letsencrypt.org/|Let's Encrypt]] provides free, automated, and open Certificate Authorities, and [[https://certbot.eff.org|Certbot]] is a tool to easily obtain and manage these certificates, especially for web servers like Nginx. 
 + 
 +You mentioned using "**Full SSL Encryption**" on Cloudflare. This means Cloudflare encrypts the connection between the user and Cloudflare, and ''%%also%%'' encrypts the connection between Cloudflare and your origin server. For Cloudflare's "Full SSL" to work correctly, your server ''%%still needs a valid SSL certificate%%''. Certbot will provide this valid certificate. 
 + 
 +To install Certbot and the Nginx plugin, first ensure your package list is up-to-date:
 <code bash> <code bash>
 sudo apt update && sudo apt upgrade sudo apt update && sudo apt upgrade
 </code> </code>
  
-We are ready to install [[https://certbot.eff.org|Certbot]]:+Now we are ready to install Certbot:
 <code bash> <code bash>
 sudo apt install certbot python3-certbot-nginx sudo apt install certbot python3-certbot-nginx
 </code> </code>
  
-After installation is completed, lets move to the ''%%sites-enabled%%'' path again.+After installation is completed, we will use the Certbot Nginx plugin, which can automatically configure SSL for domains specified in your Nginx configuration files located in ''%%/etc/nginx/sites-enabled/%%''. 
 <code bash> <code bash>
-cd /etc/nginx/sites-enabled/+sudo certbot --nginx
 </code> </code>
 +When you run this command, Certbot will:
 +  * Prompt you for an email address for urgent renewal or security notices.
 +  * Ask you to agree to the terms of service.
 +  * Scan your Nginx configuration files for ''%%server_name%%'' directives to find the domains you want to secure.
 +  * Present a list of identified domains and ask you to select which ones you want certificates for.
 +  * Communicate with the Let's Encrypt servers to verify domain ownership (usually by serving a temporary file through your web server).
 +  * If successful, it will obtain the SSL certificates.
 +  * **Automatically modify** your Nginx configuration file(s) in ''%%/etc/nginx/sites-enabled/%%'' to:
 +    * Add the ''%%listen 443 ssl;%%'' directive for HTTPS.
 +    * Point to the correct ''%%ssl_certificate%%'' and ''%%ssl_certificate_key%%'' files it just obtained.
 +    * (Optionally) Ask if you want to redirect HTTP traffic (port 80) to HTTPS (port 443). It is highly recommended to choose the redirect option for better security and SEO.
 +  * **Automatically set up a renewal mechanism** (usually a systemd timer or cron job) that will attempt to renew your certificates before they expire (Let's Encrypt certificates are valid for 90 days).
  
-Then run the following command for automatic SSL certificate process:+After Certbot completes its process and potentially modifies your Nginx configuration, it will usually handle reloading or restarting Nginx itself. However, it's a good practice to test the Nginx configuration and explicitly reload to be sure:
  
 <code bash> <code bash>
-sudo certbot --nginx +sudo nginx -t # Test Nginx configuration for syntax errors 
-</code> +sudo systemctl reload nginx # Reload Nginx to apply changes
-Enter the related fields like email, confirm terms, select domains, etc. Then Certbot will notify about the certification status. If it's done, you can reload the nginx again. +
-<code bash> +
-sudo systemctl reload nginx+
 </code> </code>
  
 +You can verify that SSL is working by visiting your domain(s) in a web browser and checking for the padlock icon in the address bar and ensuring the URL starts with ''%%https://%%''.
 +
 +**Important:** The ''%%certbot --nginx%%'' command only needs to be run the first time to obtain the certificate and configure Nginx. Certbot's automatic renewal process handles keeping your certificates up-to-date in the future.
 ===== 6- PHP Installation ===== ===== 6- PHP Installation =====
 Let's proceed to uninstall the currently installed PHP packages and then install a specific version (like PHP 8.2) cleanly using the Ondřej Surý PPA, which is the recommended way for up-to-date PHP versions on Ubuntu/Debian. Let's proceed to uninstall the currently installed PHP packages and then install a specific version (like PHP 8.2) cleanly using the Ondřej Surý PPA, which is the recommended way for up-to-date PHP versions on Ubuntu/Debian.
Line 635: Line 652:
 php artisan migrate php artisan migrate
 </code> </code>
- 
Back to top