Production Deployment - luckydeva03/desa_karangrejo GitHub Wiki
๐ Production Deployment
Panduan lengkap untuk deploy Website Desa Karangrejo ke production server.
๐ฏ Overview
Panduan ini menjelaskan langkah-langkah deployment dari development ke production server dengan fokus pada keamanan, performa, dan reliability.
๐๏ธ Server Requirements
Minimal Server Specifications
- OS: Ubuntu 20.04 LTS atau CentOS 8
- CPU: 2 vCPU (minimal), 4 vCPU (recommended)
- RAM: 4GB (minimal), 8GB (recommended)
- Storage: 50GB SSD (minimal), 100GB SSD (recommended)
- Bandwidth: 1TB/month
Software Requirements
- Web Server: Nginx 1.18+ atau Apache 2.4+
- PHP: 8.2+ dengan extensions:
- BCMath, Ctype, Fileinfo, JSON, Mbstring, OpenSSL, PDO, Tokenizer, XML, Zip
- GD atau ImageMagick untuk image processing
- Redis untuk caching
- Database: MySQL 8.0+ atau MariaDB 10.6+
- Process Manager: Supervisor untuk queue workers
- SSL: Let's Encrypt atau SSL certificate
๐ฆ Pre-deployment Checklist
1. Environment Configuration
# 1. Clone repository
git clone https://github.com/username/desa-karangrejo.git
cd desa-karangrejo
# 2. Install dependencies
composer install --optimize-autoloader --no-dev
npm install --production
npm run build
# 3. Environment setup
cp .env.example .env
php artisan key:generate
2. Environment Variables (.env)
# Application
APP_NAME="Website Desa Karangrejo"
APP_ENV=production
APP_KEY=base64:your-app-key-here
APP_DEBUG=false
APP_URL=https://karangrejo.desa.id
# Database
DB_CONNECTION=mysql
DB_HOST=localhost
DB_PORT=3306
DB_DATABASE=desa_karangrejo
DB_USERNAME=desa_user
DB_PASSWORD=your-secure-password
# Cache & Session
CACHE_DRIVER=redis
SESSION_DRIVER=redis
QUEUE_CONNECTION=redis
# Redis
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=your-redis-password
REDIS_PORT=6379
# Mail
MAIL_MAILER=smtp
MAIL_HOST=smtp.gmail.com
MAIL_PORT=587
[email protected]
MAIL_PASSWORD=your-email-password
MAIL_ENCRYPTION=tls
[email protected]
MAIL_FROM_NAME="Desa Karangrejo"
# File Storage
FILESYSTEM_DISK=public
# Backup
BACKUP_ARCHIVE_PASSWORD=your-backup-password
# Security
SESSION_SECURE_COOKIE=true
SESSION_HTTP_ONLY=true
SESSION_SAME_SITE=strict
๐ง Ubuntu Server Setup
1. Update System
sudo apt update && sudo apt upgrade -y
# Install essential packages
sudo apt install -y curl wget unzip git software-properties-common
2. Install PHP 8.2
# Add PHP repository
sudo add-apt-repository ppa:ondrej/php -y
sudo apt update
# Install PHP and extensions
sudo apt install -y php8.2 php8.2-fpm php8.2-mysql php8.2-xml php8.2-gd \
php8.2-zip php8.2-curl php8.2-mbstring php8.2-bcmath php8.2-redis \
php8.2-intl php8.2-imagick
# Configure PHP
sudo nano /etc/php/8.2/fpm/php.ini
3. PHP Configuration (php.ini)
; Basic settings
memory_limit = 512M
upload_max_filesize = 50M
post_max_size = 50M
max_execution_time = 300
max_input_vars = 3000
; Security
expose_php = Off
display_errors = Off
log_errors = On
error_log = /var/log/php/error.log
; Sessions
session.cookie_httponly = 1
session.cookie_secure = 1
session.use_strict_mode = 1
; Opcache
opcache.enable = 1
opcache.memory_consumption = 256
opcache.interned_strings_buffer = 16
opcache.max_accelerated_files = 20000
opcache.validate_timestamps = 0
opcache.revalidate_freq = 0
opcache.save_comments = 1
4. Install MySQL
# Install MySQL
sudo apt install -y mysql-server
# Secure installation
sudo mysql_secure_installation
# Create database and user
sudo mysql -u root -p
-- MySQL setup
CREATE DATABASE desa_karangrejo CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'desa_user'@'localhost' IDENTIFIED BY 'your-secure-password';
GRANT ALL PRIVILEGES ON desa_karangrejo.* TO 'desa_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;
5. Install Redis
# Install Redis
sudo apt install -y redis-server
# Configure Redis
sudo nano /etc/redis/redis.conf
# Redis configuration
bind 127.0.0.1
port 6379
requirepass your-redis-password
maxmemory 256mb
maxmemory-policy allkeys-lru
# Restart Redis
sudo systemctl restart redis-server
sudo systemctl enable redis-server
6. Install Nginx
# Install Nginx
sudo apt install -y nginx
# Create site configuration
sudo nano /etc/nginx/sites-available/karangrejo.desa.id
# Nginx configuration
server {
listen 80;
server_name karangrejo.desa.id www.karangrejo.desa.id;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name karangrejo.desa.id www.karangrejo.desa.id;
root /var/www/desa-karangrejo/public;
# SSL Configuration
ssl_certificate /etc/letsencrypt/live/karangrejo.desa.id/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/karangrejo.desa.id/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers off;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# Security Headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# Basic Settings
index index.php;
charset utf-8;
client_max_body_size 50M;
# Logging
access_log /var/log/nginx/karangrejo_access.log;
error_log /var/log/nginx/karangrejo_error.log;
# Laravel Configuration
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
# PHP-FPM Configuration
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_hide_header X-Powered-By;
}
# Static Files Caching
location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff|woff2|ttf|eot)$ {
expires 1y;
add_header Cache-Control "public, immutable";
access_log off;
}
# Block access to sensitive files
location ~ /\.(?!well-known).* {
deny all;
}
location ~ /(?:storage|bootstrap\/cache|\.env) {
deny all;
}
}
# Enable site
sudo ln -s /etc/nginx/sites-available/karangrejo.desa.id /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx
sudo systemctl enable nginx
๐ SSL Certificate Setup
Using Let's Encrypt (Certbot)
# Install Certbot
sudo apt install -y certbot python3-certbot-nginx
# Obtain SSL certificate
sudo certbot --nginx -d karangrejo.desa.id -d www.karangrejo.desa.id
# Test auto-renewal
sudo certbot renew --dry-run
# Set up auto-renewal cron job
sudo crontab -e
# Auto-renew SSL certificate
0 12 * * * /usr/bin/certbot renew --quiet
๐ Application Deployment
1. Setup Application Directory
# Create application directory
sudo mkdir -p /var/www/desa-karangrejo
sudo chown -R www-data:www-data /var/www/desa-karangrejo
# Clone repository (as www-data user)
sudo -u www-data git clone https://github.com/username/desa-karangrejo.git /var/www/desa-karangrejo
cd /var/www/desa-karangrejo
2. Install Dependencies
# Install Composer dependencies
sudo -u www-data composer install --optimize-autoloader --no-dev
# Install Node.js dependencies and build assets
sudo -u www-data npm install --production
sudo -u www-data npm run build
3. Set Permissions
# Set proper permissions
sudo chown -R www-data:www-data /var/www/desa-karangrejo
sudo chmod -R 755 /var/www/desa-karangrejo
sudo chmod -R 775 /var/www/desa-karangrejo/storage
sudo chmod -R 775 /var/www/desa-karangrejo/bootstrap/cache
# Create symlink for storage
sudo -u www-data php artisan storage:link
4. Database Migration & Seeding
# Run migrations
sudo -u www-data php artisan migrate --force
# Seed database (optional, for fresh install)
sudo -u www-data php artisan db:seed --force
# Clear and cache config
sudo -u www-data php artisan config:cache
sudo -u www-data php artisan route:cache
sudo -u www-data php artisan view:cache
๐ Queue Worker Setup
1. Install Supervisor
sudo apt install -y supervisor
2. Supervisor Configuration
sudo nano /etc/supervisor/conf.d/desa-karangrejo-worker.conf
[program:desa-karangrejo-worker]
process_name=%(program_name)s_%(process_num)02d
command=php /var/www/desa-karangrejo/artisan queue:work redis --sleep=3 --tries=3 --max-time=3600
autostart=true
autorestart=true
stopasgroup=true
killasgroup=true
user=www-data
numprocs=2
redirect_stderr=true
stdout_logfile=/var/www/desa-karangrejo/storage/logs/worker.log
stopwaitsecs=3600
# Start supervisor
sudo supervisorctl reread
sudo supervisorctl update
sudo supervisorctl start desa-karangrejo-worker:*
๐ Monitoring Setup
1. Log Rotation
sudo nano /etc/logrotate.d/desa-karangrejo
/var/www/desa-karangrejo/storage/logs/*.log {
daily
missingok
rotate 52
compress
delaycompress
notifempty
create 0644 www-data www-data
postrotate
sudo supervisorctl restart desa-karangrejo-worker:*
endscript
}
2. Cron Jobs
# Setup Laravel scheduler
sudo -u www-data crontab -e
# Laravel Scheduler
* * * * * cd /var/www/desa-karangrejo && php artisan schedule:run >> /dev/null 2>&1
# Database backup (daily at 2 AM)
0 2 * * * cd /var/www/desa-karangrejo && php artisan backup:run >> /dev/null 2>&1
# Clear cache (weekly)
0 3 * * 0 cd /var/www/desa-karangrejo && php artisan cache:clear && php artisan view:clear
๐ Deployment Script
Automated Deployment Script
#!/bin/bash
# File: deploy.sh
set -e
echo "๐ Starting deployment..."
# Configuration
APP_DIR="/var/www/desa-karangrejo"
USER="www-data"
echo "๐ฅ Pulling latest changes..."
cd $APP_DIR
sudo -u $USER git pull origin main
echo "๐ฆ Installing dependencies..."
sudo -u $USER composer install --optimize-autoloader --no-dev
sudo -u $USER npm install --production
sudo -u $USER npm run build
echo "๐ง Running migrations..."
sudo -u $USER php artisan migrate --force
echo "๐พ Caching configuration..."
sudo -u $USER php artisan config:cache
sudo -u $USER php artisan route:cache
sudo -u $USER php artisan view:cache
echo "๐ Restarting services..."
sudo supervisorctl restart desa-karangrejo-worker:*
sudo systemctl reload php8.2-fpm
sudo systemctl reload nginx
echo "๐งน Cleaning up..."
sudo -u $USER php artisan cache:clear
sudo -u $USER php artisan view:clear
echo "โ
Deployment completed successfully!"
# Optional: Send notification
curl -X POST "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendMessage" \
-d chat_id="$TELEGRAM_CHAT_ID" \
-d text="โ
Website Desa Karangrejo berhasil di-deploy!"
Make script executable
sudo chmod +x /var/www/desa-karangrejo/deploy.sh
๐ Health Checks
1. System Health Script
#!/bin/bash
# File: health-check.sh
echo "๐ฅ System Health Check"
echo "===================="
# Check disk space
echo "๐พ Disk Usage:"
df -h / /var
# Check memory usage
echo "๐ง Memory Usage:"
free -h
# Check database connection
echo "๐๏ธ Database Connection:"
mysql -u desa_user -p$DB_PASSWORD -e "SELECT 1" desa_karangrejo
# Check Redis connection
echo "๐ฑ Redis Connection:"
redis-cli -a $REDIS_PASSWORD ping
# Check website status
echo "๐ Website Status:"
curl -s -o /dev/null -w "%{http_code}" https://karangrejo.desa.id
# Check SSL certificate expiry
echo "๐ SSL Certificate:"
echo | openssl s_client -connect karangrejo.desa.id:443 2>/dev/null | \
openssl x509 -noout -dates
๐ง Troubleshooting
Common Issues
1. Permission Issues
# Fix file permissions
sudo chown -R www-data:www-data /var/www/desa-karangrejo
sudo chmod -R 755 /var/www/desa-karangrejo
sudo chmod -R 775 /var/www/desa-karangrejo/storage
sudo chmod -R 775 /var/www/desa-karangrejo/bootstrap/cache
2. Cache Issues
# Clear all caches
php artisan cache:clear
php artisan config:clear
php artisan route:clear
php artisan view:clear
3. Database Connection Issues
# Test database connection
mysql -u desa_user -p -h localhost desa_karangrejo
# Check MySQL status
sudo systemctl status mysql
4. Queue Worker Issues
# Check queue worker status
sudo supervisorctl status desa-karangrejo-worker:*
# Restart queue workers
sudo supervisorctl restart desa-karangrejo-worker:*
# Check worker logs
tail -f /var/www/desa-karangrejo/storage/logs/worker.log
Log Files Locations
# Application logs
/var/www/desa-karangrejo/storage/logs/laravel.log
# Nginx logs
/var/log/nginx/karangrejo_access.log
/var/log/nginx/karangrejo_error.log
# PHP-FPM logs
/var/log/php8.2-fpm.log
# MySQL logs
/var/log/mysql/error.log
# Redis logs
/var/log/redis/redis-server.log
Production deployment memerlukan perencanaan dan testing yang matang ๐