Production Deployment

Overview

This guide covers deploying Zafira to production environments with proper security, performance, and reliability configurations.

Pre-Deployment Checklist

Server Requirements

• [ ] PHP 8.2+ installed and configured
• [ ] Composer latest version installed
• [ ] Node.js 18+ for asset compilation
• [ ] MySQL 8.0+ or PostgreSQL 13+ configured
• [ ] Redis 6.0+ for caching (recommended)
• [ ] Web Server (Nginx/Apache) configured
• [ ] SSL Certificate installed and configured
• [ ] Domain Name pointing to server

Security Requirements

• [ ] Firewall configured with proper ports
• [ ] SSH Key Authentication enabled
• [ ] Database Security configured
• [ ] File Permissions set correctly
• [ ] Environment Variables secured
• [ ] Backup Strategy implemented

Production Environment Setup

1. Server Configuration

PHP Configuration

; php.ini optimizations for production
memory_limit = 512M
max_execution_time = 300
upload_max_filesize = 64M
post_max_size = 64M
max_input_vars = 3000

; Security settings
expose_php = Off
display_errors = Off
log_errors = On
error_log = /var/log/php/error.log

; OPcache settings
opcache.enable = 1
opcache.memory_consumption = 256
opcache.interned_strings_buffer = 16
opcache.max_accelerated_files = 20000
opcache.validate_timestamps = 0
opcache.save_comments = 1
opcache.fast_shutdown = 1

Web Server Configuration (Nginx)

server {
    listen 443 ssl http2;
    server_name your-domain.com;
    root /var/www/zafira/public;
    index index.php;

    # SSL Configuration
    ssl_certificate /path/to/certificate.crt;
    ssl_certificate_key /path/to/private.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512;
    ssl_prefer_server_ciphers off;

    # Security Headers
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;

    # Gzip Compression
    gzip on;
    gzip_vary on;
    gzip_min_length 1024;
    gzip_types text/plain text/css text/xml text/javascript application/javascript application/xml+rss application/json;

    # Handle Laravel Routes
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    # PHP-FPM Configuration
    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
    }

    # Static Files
    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
    }

    # Security
    location ~ /\.(?!well-known).* {
        deny all;
    }
}

2. Environment Configuration

Production .env File

APP_NAME=Zafira
APP_ENV=production
APP_KEY=base64:your-generated-app-key
APP_DEBUG=false
APP_URL=https://zafira-app.vratts.com

# Database Configuration
DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3306
DB_DATABASE=zafira_production
DB_USERNAME=zafira_user
DB_PASSWORD=secure-database-password

# Redis Configuration
REDIS_HOST=127.0.0.1
REDIS_PASSWORD=secure-redis-password
REDIS_PORT=6379

# Cache Configuration
CACHE_DRIVER=redis
SESSION_DRIVER=redis
QUEUE_CONNECTION=redis

# Mail Configuration
MAIL_MAILER=smtp
MAIL_HOST=your-smtp-host
MAIL_PORT=587
MAIL_USERNAME=your-email@domain.com
MAIL_PASSWORD=your-email-password
MAIL_ENCRYPTION=tls
MAIL_FROM_ADDRESS=noreply@your-domain.com
MAIL_FROM_NAME="Zafira"

# Cryptography Configuration
CRYPTOGRAPH_STORAGE=file
CRYPTOGRAPH_NAME=zafira_cryptograph_key_production
ETHERSCAN_API_KEY=your-etherscan-api-key

# Logging
LOG_CHANNEL=stack
LOG_DEPRECATIONS_CHANNEL=null
LOG_LEVEL=error

# Session Configuration
SESSION_LIFETIME=120
SESSION_ENCRYPT=true
SESSION_PATH=/
SESSION_DOMAIN=your-domain.com
SESSION_SECURE_COOKIE=true
SESSION_HTTP_ONLY=true
SESSION_SAME_SITE=lax

3. Database Setup

MySQL Configuration

-- Create database and user
CREATE DATABASE zafira_production CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'zafira_user'@'localhost' IDENTIFIED BY 'secure-database-password';
GRANT ALL PRIVILEGES ON zafira_production.* TO 'zafira_user'@'localhost';
FLUSH PRIVILEGES;

-- Optimize MySQL for production
SET GLOBAL innodb_buffer_pool_size = 1G;
SET GLOBAL innodb_log_file_size = 256M;
SET GLOBAL innodb_flush_log_at_trx_commit = 2;
SET GLOBAL query_cache_size = 64M;
SET GLOBAL query_cache_type = 1;

Database Migration

# Run migrations
php artisan migrate --force

# Seed initial data (optional)
php artisan db:seed --force

# Optimize database
php artisan optimize

4. Application Deployment

Deployment Script

#!/bin/bash
# deploy.sh

set -e

# Configuration
DEPLOY_PATH="/var/www/zafira"
BACKUP_PATH="/var/backups/zafira"
REPO_URL="https://github.com/RattsTechServices/zafira.git"
BRANCH="main"

# Create backup
echo "Creating backup..."
if [ -d "$DEPLOY_PATH" ]; then
    tar -czf "$BACKUP_PATH/backup-$(date +%Y%m%d-%H%M%S).tar.gz" -C "$DEPLOY_PATH" .
fi

# Pull latest code
echo "Pulling latest code..."
if [ -d "$DEPLOY_PATH" ]; then
    cd "$DEPLOY_PATH"
    git pull origin "$BRANCH"
else
    git clone "$REPO_URL" "$DEPLOY_PATH"
    cd "$DEPLOY_PATH"
fi

# Install dependencies
echo "Installing dependencies..."
composer install --no-dev --optimize-autoloader
npm ci --production
npm run build

# Set permissions
echo "Setting permissions..."
sudo chown -R www-data:www-data "$DEPLOY_PATH"
sudo chmod -R 755 "$DEPLOY_PATH"
sudo chmod -R 775 "$DEPLOY_PATH/storage"
sudo chmod -R 775 "$DEPLOY_PATH/bootstrap/cache"

# Clear and cache configurations
echo "Optimizing application..."
php artisan config:cache
php artisan route:cache
php artisan view:cache
php artisan optimize

# Run migrations
echo "Running migrations..."
php artisan migrate --force

# Restart services
echo "Restarting services..."
sudo systemctl restart php8.2-fpm
sudo systemctl restart nginx
sudo systemctl restart redis

echo "Deployment completed successfully!"

5. Security Configuration

File Permissions

# Set correct file permissions
sudo find /var/www/zafira -type f -exec chmod 644 {} \;
sudo find /var/www/zafira -type d -exec chmod 755 {} \;

# Special permissions for Laravel
sudo chmod -R 775 /var/www/zafira/storage
sudo chmod -R 775 /var/www/zafira/bootstrap/cache
sudo chmod 600 /var/www/zafira/.env

# Set ownership
sudo chown -R www-data:www-data /var/www/zafira

Firewall Configuration

# UFW Firewall Configuration
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow ssh
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw enable

SSL Certificate (Let's Encrypt)

# Install Certbot
sudo apt update
sudo apt install certbot python3-certbot-nginx

# Obtain SSL certificate
sudo certbot --nginx -d your-domain.com

# Auto-renewal
sudo crontab -e
# Add: 0 12 * * * /usr/bin/certbot renew --quiet

Performance Optimization

1. Laravel Optimization

# Production optimizations
php artisan config:cache
php artisan route:cache
php artisan view:cache
php artisan optimize
php artisan queue:work --daemon

2. Redis Configuration

# redis.conf optimizations
maxmemory 512mb
maxmemory-policy allkeys-lru
save 900 1
save 300 10
save 60 10000

3. Database Optimization

-- MySQL optimizations
SET GLOBAL innodb_buffer_pool_size = 2G;
SET GLOBAL innodb_log_file_size = 512M;
SET GLOBAL innodb_flush_log_at_trx_commit = 2;
SET GLOBAL query_cache_size = 128M;
SET GLOBAL max_connections = 200;

4. Monitoring Setup

System Monitoring

# Install monitoring tools
sudo apt install htop iotop nethogs

# Configure logrotate
sudo nano /etc/logrotate.d/zafira

Application Monitoring

# Laravel Telescope (for debugging)
composer require laravel/telescope --dev
php artisan telescope:install
php artisan migrate

Backup Strategy

1. Database Backup

#!/bin/bash
# backup-database.sh

DATE=$(date +%Y%m%d_%H%M%S)
BACKUP_DIR="/var/backups/zafira/database"
DB_NAME="zafira_production"

# Create backup directory
mkdir -p "$BACKUP_DIR"

# Create database backup
mysqldump -u zafira_user -p"$DB_PASSWORD" "$DB_NAME" > "$BACKUP_DIR/backup_$DATE.sql"

# Compress backup
gzip "$BACKUP_DIR/backup_$DATE.sql"

# Remove backups older than 30 days
find "$BACKUP_DIR" -name "backup_*.sql.gz" -mtime +30 -delete

echo "Database backup completed: backup_$DATE.sql.gz"

2. File Backup

#!/bin/bash
# backup-files.sh

DATE=$(date +%Y%m%d_%H%M%S)
BACKUP_DIR="/var/backups/zafira/files"
APP_DIR="/var/www/zafira"

# Create backup directory
mkdir -p "$BACKUP_DIR"

# Create file backup (excluding vendor and node_modules)
tar -czf "$BACKUP_DIR/files_$DATE.tar.gz" \
    --exclude="$APP_DIR/vendor" \
    --exclude="$APP_DIR/node_modules" \
    --exclude="$APP_DIR/storage/logs" \
    -C "$APP_DIR" .

# Remove backups older than 30 days
find "$BACKUP_DIR" -name "files_*.tar.gz" -mtime +30 -delete

echo "File backup completed: files_$DATE.tar.gz"

3. Automated Backup

# Add to crontab
sudo crontab -e

# Daily database backup at 2 AM
0 2 * * * /path/to/backup-database.sh

# Daily file backup at 3 AM
0 3 * * * /path/to/backup-files.sh

Monitoring and Maintenance

1. Health Checks

#!/bin/bash
# health-check.sh

# Check application health
curl -f https://zafira-app.vratts.com/api/supervisor || exit 1

# Check database connection
mysql -u zafira_user -p"$DB_PASSWORD" -e "SELECT 1" zafira_production || exit 1

# Check Redis connection
redis-cli ping || exit 1

echo "All health checks passed"

2. Log Monitoring

# Monitor application logs
tail -f /var/www/zafira/storage/logs/laravel.log

# Monitor web server logs
tail -f /var/log/nginx/access.log
tail -f /var/log/nginx/error.log

# Monitor system logs
tail -f /var/log/syslog

3. Performance Monitoring

# Monitor system resources
htop
iotop
nethogs

# Monitor database performance
mysql -u root -p -e "SHOW PROCESSLIST;"
mysql -u root -p -e "SHOW STATUS LIKE 'Slow_queries';"

Troubleshooting

Common Issues

Application Errors

# Check Laravel logs
tail -f /var/www/zafira/storage/logs/laravel.log

# Clear application cache
php artisan cache:clear
php artisan config:clear
php artisan route:clear
php artisan view:clear

Database Issues

# Check database connection
php artisan tinker
>>> DB::connection()->getPdo();

# Check database status
mysql -u zafira_user -p -e "SHOW STATUS;"

Web Server Issues

# Check Nginx configuration
sudo nginx -t

# Restart Nginx
sudo systemctl restart nginx

# Check Nginx logs
sudo tail -f /var/log/nginx/error.log

Security Checklist

Pre-Launch Security Review

• [ ] SSL Certificate properly installed and configured
• [ ] Environment Variables secured and not exposed
• [ ] Database Credentials using strong passwords
• [ ] File Permissions set correctly
• [ ] Firewall configured with minimal required ports
• [ ] Backup Strategy implemented and tested
• [ ] Monitoring configured for security events
• [ ] Log Rotation configured to prevent disk space issues
• [ ] Error Reporting configured for production
• [ ] Rate Limiting enabled for API endpoints

Ongoing Security Maintenance

• [ ] Regular Updates of system packages
• [ ] Security Patches applied promptly
• [ ] Log Monitoring for suspicious activity
• [ ] Backup Verification regular testing
• [ ] Performance Monitoring for anomalies
• [ ] Access Review regular review of user access
• [ ] SSL Certificate renewal before expiration
• [ ] Database Optimization regular maintenance

Next Steps

• Configuration - Application configuration
• API Documentation - API usage and integration
• Monitoring Setup - Advanced monitoring configuration
• Scaling - Scaling strategies for high traffic