adduser deploy /*creation de l'utilistaur deploy */

usermod -aG sudo deploy /* ajout droit sudo */
/* ne pas demander le mot de passe pour acceder au sudo : */
sudo visudo
/*ajout de la ligne : */
deploy ALL=(ALL) NOPASSWD: ALL

sudo nano /home/deploy/.ssh/authorized_keys 
/* collez y les clés ssh pour le compte deploy */
/* si le dossier n'existe pas , il faut le créer : */ 
cd /home/deploy && mkdir .ssh 

/* ajout des clés ssh pour l'utilisateur root /*

sudo nano /root/.ssh/authorized_keys

sudo nano sudo nano /etc/ssh/sshd_config

/*
et changez a la ligne : */
#PasswordAuthentication yes
en 
PasswordAuthentication no

ssh deploy@xxx.xxx.xxx.xxx

sudo -s
apt-get update
apt-get install software-properties-common
apt-get install python-software-properties
apt-get update
apt-get -y install unzip zip nginx php7.2 php7.2-mysql php7.2-fpm
apt-get -y install php7.2-mbstring php7.2-xml php7.2-curl
/* install nginx */
apt-get -y install nginx
/* mariadb (mysql ) */
apt-get -y install mysql-client mysql-server
mysql_secure_installation
/* installation de composer */
curl -sS https://getcomposer.org/installer | php
mv composer.phar /usr/local/bin/composer
chmod +x /usr/local/bin/composer

sudo -s
mysql -u <login>


mysql> CREATE DATABASE laravel;
mysql> GRANT ALL ON laravel.* to 'laravel'@'localhost' IDENTIFIED BY 'secret_password';
mysql> FLUSH PRIVILEGES;
mysql> quit

/* creation de la base de donnee "laravel"
creation de l'utilisateur laravel avec le mot de passe "secet_password"
=> les noms sont à changer :-) 

ssh deploy@xxx.xxx.xxx.xxx

deploy@vps208143:~$ tree -d apps/ -L 2
apps/
├── current -> /home/deploy/apps/releases/20181017145548
├── releases
│   ├── 20181013150102
│   ├── 20181013150140
│   └── 20181017145548
├── repo
│   ├── branches
│   ├── hooks
│   ├── info
│   ├── objects
│   └── refs
└── shared
    ├── admin
    ├── framework
    └── storage

15 directories

deploy@vps208143:~/apps/shared$ tree -L 3
.
├── admin
│   ├── wp-config.php
│   └── wp-content
│       └── uploads
├── framework
│   ├── cache
│   └── views
└── storage
    ├── app
    │   └── public
    ├── debugbar
    ├── framework
    │   ├── cache
    │   ├── sessions
    │   ├── testing
    │   └── views
    └── logs
        └── laravel.log

16 directories, 41 files

deploy@vps208143:~/apps/current$ tree -L 2 -d
.
├── admin
│   ├── wp-admin
│   ├── wp-content
│   └── wp-includes
├── app
│   ├── Console
│   ├── Exceptions
│   ├── Http
│   └── Providers
├── bootstrap
│   └── cache
├── config
│   └── deploy
├── database
│   ├── factories
│   ├── migrations
│   └── seeds
├── lib
│   └── capistrano
├── log
├── public
│   ├── css
│   ├── fonts
│   ├── images
│   └── js
├── resources
│   ├── assets
│   ├── lang
│   └── views
├── routes
├── storage -> /home/deploy/apps/shared/storage
├── tests
│   ├── Feature
│   └── Unit
└── vendor
    ├── ....
76 directories

gem install capistrano /* en global */
/* ou */
bundle install 

cap install

├── Capfile
├── config
│   ├── deploy
│   │   ├── production.rb
│   │   └── staging.rb
│   └── deploy.rb
└── lib
    └── capistrano
            └── tasks

sudo apt-get update
sudo apt-get install -y nginx

rm /etc/nginx/sites-enabled/default

git add .
git commit -m "votre commit"
git push <repo> master

cap production deploy /* cap <env> deploy */
/* faire une tache précise */
cap <env> namespace:tache 
cap production deploy:restart 

/* test commande */ 
cap production deploy --dry-run

cap deploy                         # Deploy a new release
cap deploy:check                   # Check required files and directories e...
cap deploy:check:directories       # Check shared and release directories e...
cap deploy:check:linked_dirs       # Check directories to be linked exist i...
cap deploy:check:linked_files      # Check files to be linked exist in shared
cap deploy:check:make_linked_dirs  # Check directories of files to be linke...
cap deploy:cleanup                 # Clean up old releases
cap deploy:cleanup_rollback        # Remove and archive rolled-back release
cap deploy:finished                # Finished
cap deploy:finishing               # Finish the deployment, clean up server(s)
cap deploy:finishing_rollback      # Finish the rollback, clean up server(s)
cap deploy:log_revision            # Log details of the deploy
cap deploy:published               # Published
cap deploy:publishing              # Publish the release
cap deploy:revert_release          # Revert to previous release timestamp
cap deploy:reverted                # Reverted
cap deploy:reverting               # Revert server(s) to previous release
cap deploy:rollback                # Rollback to previous release
cap deploy:set_current_revision    # Place a REVISION file with the current...
cap deploy:started                 # Started
cap deploy:starting                # Start a deployment, make sure server(s...
cap deploy:symlink:linked_dirs     # Symlink linked directories
cap deploy:symlink:linked_files    # Symlink linked files
cap deploy:symlink:release         # Symlink release to current
cap deploy:symlink:shared          # Symlink files and directories from sha...
cap deploy:updated                 # Updated
cap deploy:updating                # Update server(s) by setting up a new r...
cap doctor                         # Display a Capistrano troubleshooting r...
cap doctor:environment             # Display Ruby environment details
cap doctor:gems                    # Display Capistrano gem versions
cap doctor:servers                 # Display the effective servers configur...
cap doctor:variables               # Display the values of all Capistrano v...
cap git:check                      # Check that the repository is reachable
cap git:clone                      # Clone the repo to the cache
cap git:create_release             # Copy repo to releases
cap git:set_current_revision       # Determine the revision that will be de...
cap git:update                     # Update the repo mirror to reflect the ...
cap git:wrapper                    # Upload the git wrapper script, this sc...
cap install                        # Install Capistrano, cap install STAGES...
cap laravel:cache                  # vider cache
cap laravel:composer               # charger composer
cap laravel:migrate                # migration
cap laravel:permission             # permission démarrage
cap laravel:permissionfin          # permission fin
cap laravel:reset                  # reset db
                                                         

/* Logs par défaut */

tail -f /var/log/nginx/error.log
tail -f /var/log/nginx/access.log
tail -f /var/log/auth.log /* accès ssh */
tail -f /var/log/fail2ban.log /*si fail2ban */

/* logs système !!indigeste :-) !! */
tail -f /var/log/syslogs

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
/* nginx doit déjà être configuré avec les noms de domaines 
conf de nginx : 
. . .
server_name example.com www.example.com;
. . .

*/

/* creer + parametrer nginx */
sudo certbot --nginx -d example.com -d www.example.com

sudo -s
apt-get install ufw

ufw default deny incoming
ufw default allow outgoing

ufw allow <port> /*(tcp and udp) */ 
ufw allow <port>/<prot> /*(tcp or udp) */

sudo ufw enable