Initial commit

deploy/apache/apache-setup.md

@@ -0,0 +1,92 @@
+# Apache Virtual Host Setup for Laravel
+
+## Prerequisites
+
+Ubuntu 24.04 with Apache2 and PHP-FPM installed.
+
+## Required Apache Modules
+
+Enable the necessary modules:
+
+```bash
+sudo a2enmod rewrite
+sudo a2enmod headers
+sudo a2enmod ssl
+sudo a2enmod proxy_fcgi
+sudo a2enmod deflate
+sudo a2enmod expires
+sudo a2enmod setenvif
+```
+
+## Installation Steps
+
+### 1. Copy Virtual Host Configuration
+
+```bash
+sudo cp deploy/apache/laravel-site.conf /etc/apache2/sites-available/your-app.conf
+```
+
+### 2. Edit Configuration
+
+Update the following in the config file:
+- `ServerName` - Your domain name
+- `DocumentRoot` - Path to Laravel's public folder
+- `Directory` - Same path as DocumentRoot
+- Log file names
+
+### 3. Enable Site
+
+```bash
+sudo a2ensite your-app.conf
+sudo a2dissite 000-default.conf  # Disable default site if needed
+```
+
+### 4. Test Configuration
+
+```bash
+sudo apache2ctl configtest
+```
+
+### 5. Restart Apache
+
+```bash
+sudo systemctl restart apache2
+```
+
+## SSL with Certbot
+
+Install Certbot and obtain SSL certificate:
+
+```bash
+sudo apt install certbot python3-certbot-apache
+sudo certbot --apache -d your-domain.com -d www.your-domain.com
+```
+
+Certbot will automatically modify your Apache configuration for SSL.
+
+## File Permissions
+
+Set correct permissions for Laravel:
+
+```bash
+sudo chown -R www-data:www-data /var/www/your-app
+sudo chmod -R 755 /var/www/your-app
+sudo chmod -R 775 /var/www/your-app/storage
+sudo chmod -R 775 /var/www/your-app/bootstrap/cache
+```
+
+## Common Issues
+
+### 403 Forbidden
+- Check directory permissions
+- Ensure `AllowOverride All` is set
+- Verify `mod_rewrite` is enabled
+
+### 500 Internal Server Error
+- Check Laravel logs: `storage/logs/laravel.log`
+- Check Apache error logs: `/var/log/apache2/your-app-error.log`
+- Ensure `.env` file exists and has correct permissions
+
+### PHP Not Processing
+- Verify PHP-FPM is running: `sudo systemctl status php8.3-fpm`
+- Check socket path matches in Apache config

deploy/apache/laravel-site.conf

@@ -0,0 +1,115 @@
+<VirtualHost *:80>
+    ServerName your-domain.com
+    ServerAlias www.your-domain.com
+    ServerAdmin webmaster@your-domain.com
+    
+    DocumentRoot /var/www/your-app/public
+    
+    <Directory /var/www/your-app/public>
+        Options -Indexes +FollowSymLinks
+        AllowOverride All
+        Require all granted
+    </Directory>
+    
+    # PHP-FPM configuration
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/var/run/php/php8.3-fpm.sock|fcgi://localhost"
+    </FilesMatch>
+    
+    # Security headers
+    Header always set X-Frame-Options "SAMEORIGIN"
+    Header always set X-Content-Type-Options "nosniff"
+    Header always set X-XSS-Protection "1; mode=block"
+    Header always set Referrer-Policy "strict-origin-when-cross-origin"
+    
+    # Disable server signature
+    ServerSignature Off
+    
+    # Logging
+    ErrorLog ${APACHE_LOG_DIR}/your-app-error.log
+    CustomLog ${APACHE_LOG_DIR}/your-app-access.log combined
+    
+    # Compression
+    <IfModule mod_deflate.c>
+        AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
+        AddOutputFilterByType DEFLATE application/javascript application/json
+        AddOutputFilterByType DEFLATE application/xml application/xhtml+xml
+        AddOutputFilterByType DEFLATE image/svg+xml
+    </IfModule>
+    
+    # Static file caching
+    <IfModule mod_expires.c>
+        ExpiresActive On
+        ExpiresByType image/jpeg "access plus 1 month"
+        ExpiresByType image/png "access plus 1 month"
+        ExpiresByType image/gif "access plus 1 month"
+        ExpiresByType image/svg+xml "access plus 1 month"
+        ExpiresByType text/css "access plus 1 month"
+        ExpiresByType application/javascript "access plus 1 month"
+        ExpiresByType font/woff2 "access plus 1 month"
+        ExpiresByType font/woff "access plus 1 month"
+    </IfModule>
+</VirtualHost>
+
+# SSL Configuration (use with Let's Encrypt / Certbot)
+<VirtualHost *:443>
+    ServerName your-domain.com
+    ServerAlias www.your-domain.com
+    ServerAdmin webmaster@your-domain.com
+    
+    DocumentRoot /var/www/your-app/public
+    
+    <Directory /var/www/your-app/public>
+        Options -Indexes +FollowSymLinks
+        AllowOverride All
+        Require all granted
+    </Directory>
+    
+    # PHP-FPM configuration
+    <FilesMatch \.php$>
+        SetHandler "proxy:unix:/var/run/php/php8.3-fpm.sock|fcgi://localhost"
+    </FilesMatch>
+    
+    # SSL Configuration (Certbot will fill these in)
+    SSLEngine on
+    SSLCertificateFile /etc/letsencrypt/live/your-domain.com/fullchain.pem
+    SSLCertificateKeyFile /etc/letsencrypt/live/your-domain.com/privkey.pem
+    
+    # Modern SSL configuration
+    SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
+    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384
+    SSLHonorCipherOrder off
+    
+    # Security headers
+    Header always set X-Frame-Options "SAMEORIGIN"
+    Header always set X-Content-Type-Options "nosniff"
+    Header always set X-XSS-Protection "1; mode=block"
+    Header always set Referrer-Policy "strict-origin-when-cross-origin"
+    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
+    
+    ServerSignature Off
+    
+    ErrorLog ${APACHE_LOG_DIR}/your-app-ssl-error.log
+    CustomLog ${APACHE_LOG_DIR}/your-app-ssl-access.log combined
+    
+    # Compression
+    <IfModule mod_deflate.c>
+        AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css
+        AddOutputFilterByType DEFLATE application/javascript application/json
+        AddOutputFilterByType DEFLATE application/xml application/xhtml+xml
+        AddOutputFilterByType DEFLATE image/svg+xml
+    </IfModule>
+    
+    # Static file caching
+    <IfModule mod_expires.c>
+        ExpiresActive On
+        ExpiresByType image/jpeg "access plus 1 month"
+        ExpiresByType image/png "access plus 1 month"
+        ExpiresByType image/gif "access plus 1 month"
+        ExpiresByType image/svg+xml "access plus 1 month"
+        ExpiresByType text/css "access plus 1 month"
+        ExpiresByType application/javascript "access plus 1 month"
+        ExpiresByType font/woff2 "access plus 1 month"
+        ExpiresByType font/woff "access plus 1 month"
+    </IfModule>
+</VirtualHost>