This applies to Debian Buster, but similar instructions should apply for other Debian versions.
- We will use PHP 7.3
- We will use version v2.1.0 of 2fauth
- We will setup to use an Sqlite database
- We will use Nginx and PHP-FPM to serve our site on port
8000 - We will run all this as user
www-datawithout root
-
Update your apt repository list:
apt-get update
-
Install the following packages:
apt-get install -y --no-install-recommends \ php7.3 \ php7.3-sqlite3 php7.3-mysql \ php-xml php7.3-gd php7.3-mbstring \ unzip wget ca-certificates \ php7.3-fpm nginx
Let's place 2fauth's code in /srv:
mkdir -p /srv
VERSION=v2.1.0
wget -qO- "https://github.com/Bubka/2FAuth/archive/refs/tags/${VERSION}.tar.gz" | \
tar -xz --strip-components=1 -C /srvSet your Nginx configuration in /etc/nginx/nginx.conf as:
events {}
http {
include mime.types;
access_log /dev/stdout;
error_log /dev/stderr;
server {
listen 8000;
server_name 2fAuth;
root /srv/public;
index index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
}You can verify the Nginx configuration is valid with:
nginx -tDownload the latest stable composer:
wget -qO /usr/local/bin/composer https://getcomposer.org/download/latest-stable/composer.phar
chmod 500 /usr/local/bin/composerSupervisord will be used to manage both Nginx and PHP-FPM.
-
Install it with:
VERSION=0.7.3 wget -qO- "https://github.com/ochinchina/supervisord/releases/download/v${VERSION}/supervisord_${VERSION}_Linux_64-bit.tar.gz" | \ tar -xz --strip-components=1 -C /tmp/ "supervisord_${VERSION}_Linux_64-bit/supervisord_static" chmod 500 /tmp/supervisord_static mv /tmp/supervisord_static /usr/local/bin/supervisord
-
Set its configuration in
/etc/supervisord.confas:[supervisord] nodaemon=true pidfile=/run/supervisord.pid loglevel=info [program-default] stdout_logfile=/dev/stdout stdout_logfile_maxbytes=0 stderr_logfile=/dev/stderr stderr_logfile_maxbytes=0 autorestart=false startretries=0 [program:php-fpm] command=/usr/sbin/php-fpm7.3 -F [program:nginx] command=/usr/sbin/nginx -g 'daemon off;' depends_on=php-fpm
-
Let's fix the ownership and permissions for existing files:
chown -R www-data \ /var/lib/nginx/ \ /var/log/nginx \ /srv \ /usr/local/bin/composer \ /usr/local/bin/supervisord \ /etc/supervisor/supervisord.conf chmod 700 /srv
-
Let's pre-create some directories and files with the right ownership and permissions:
mkdir -p /run/php /www/data/.composer touch /run/nginx.pid /var/log/php7.3-fpm.log chown -R www-data \ /var/log/php7.3-fpm.log \ /run/nginx.pid \ /run/php \ /www/data/.composer chmod 700 /run/php /www/data/.composer chmod 600 /var/log/php7.3-fpm.log
Let's run the final commands as www-data:
su -l www-data -s /bin/bashcd /srv
composer install --prefer-dist --no-scripts --no-dev --no-autoloader
composer dump-autoload --no-scripts --no-dev --optimizetouch /srv/database/database.sqlite
chmod 700 /srv/database/database.sqliteUse the /srv/.env.example file as a template and rename it to .env.
mv /srv/.env.example /srv/.envMake sure you modify:
DB_DATABASEto be/srv/database/database.sqlite
php artisan migrate:refresh
php artisan passport:install
php artisan storage:link
php artisan config:cachesupervisordNow you can access your site at http://localhost:8000
You can also run supervisord -d to run it as a daemon.
-
Stop
supervisord -
Update the source code in
/srv.⚠️ do not change the/srv/storagedirectory nor your/srv/database/database.sqlitefile. -
Run the following commands:
php artisan migrate php artisan config:clear
-
Run
supervisordagain