/
Install Production Environment on Ubuntu Server

Install Production Environment on Ubuntu Server

Attention! The Production Environment is not so ease to made than the Development Environment. E.g you need a lot of knowledge of using GIT and configuring your Apache HTTP Server right way. So read this documentation carefully first you're going to do anything.

First step is install Front-end

In Ubuntu based Servers you need to run git clone https://github.com/foghorn-hash/i4ware_SDK.git in folder /var/www and after this case run npm run build after run npm install in folder /var/www/i4ware_SDK/login-form and then start from configuring the Apache HTTP Server's Virtual Host file like saas.i4ware.conf correctly with like this example below:

<VirtualHost *:80> ServerAdmin info@yourdomain.fi ServerName saas.yourdomain.fi DirectoryIndex index.php index.html DocumentRoot /var/www/i4ware_SDK/login-form/build LogLevel warn ErrorLog /var/log/apache2/error.log ​​ <IfModule mod_rewrite.c> RewriteEngine on RewriteRule (.*) https://%{HTTP_HOST} [NC,L] </IfModule> </VirtualHost>

Then configure saas.yourdomain-ssl.conf like below:

<VirtualHost *:443> ServerAdmin info@yourdomain.fi DocumentRoot /var/www/login-form/build ServerName saas.yourdomain.fi SSLEngine On SSLProxyEngine On SSLCertificateKeyFile /etc/apache2/ssl.key/server.key SSLCertificateFile /etc/apache2/ssl.crt/server.crt SSLCACertificateFile /etc/apache2/ssl.crt/WILDCARD_yourdoamin_fi.ca-bundle SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLHonorCipherOrder on SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS" SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1 <IfModule mod_headers.c> Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" Header set Referrer-Policy "no-referrer-when-downgrade" Header always set Public-Key-Pins "pin-sha256='your-sha256-pin-1-here'; pin-sha256='your-sha256-pin-2-here'; max-age=31536000" Header always set X-Xss-Protection "1; mode=block" Header always set X-Content-Type-Options "nosniff" Header set Permissions-Policy: "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()" Header always set X-Frame-Options "SAMEORIGIN" Header set Cache-Control: "no-cache, no-store" </IfModule> LogLevel warn ErrorLog /var/log/apache2/error.log <Directory "/var/www/i4ware_SDK/login-form/build"> # # Possible values for the Options directive are "None", "All", # or any combination of: # Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews # # Note that "MultiViews" must be named *explicitly* --- "Options All" # doesn't give it to you. # # The Options directive is both complicated and important. Please see # http://httpd.apache.org/docs/2.2/mod/core.html#options # for more information. # Options +Indexes +MultiViews +FollowSymLinks # # AllowOverride controls what directives may be placed in .htaccess files. # It can be "All", "None", or any combination of the keywords: # Options FileInfo AuthConfig Limit # AllowOverride All # # Controls who can get stuff from this server. # Order allow,deny Allow from all </Directory> ​</VirtualHost>

Note! Change Header always set Public-Key-Pins with this documentation: https://developer.mozilla.org/en-US/docs/Web/HTTP/Public_Key_Pinning  

Note! Use this manual to make CAA Record to your DNS: https://www.thesslstore.com/blog/what-is-caa-record-certificate-authority-authorization/  

Now is the right time to run command service apache2 reload after you're ran command a2ensite for saas.yourdomain.conf and saas.yourdomain-ssl.conf.

Note! Do not forget to place .htaccess file to /var/www/login-form/i4ware_SDK/build with configuration below:

RewriteEngine On RewriteCond %{REQUEST_FILENAME} -s [OR] RewriteCond %{REQUEST_FILENAME} -l [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^.*$ - [NC,L] RewriteRule ^.*$ index.html [NC,L] <FilesMatch "\.(jpg|jpeg|png|gif|svg|js|css)$"> FileETag None <IfModule mod_headers.c> Header unset ETag Header set Cache-Control "max-age=0, no-cache, no-store, must-revalidate" Header set Pragma "no-cache" Header set Expires "Wed, 11 Jan 1984 05:00:00 GMT" </IfModule> </FilesMatch>

Second step is install Back-end

Be noticed! SMTP on your Virtual Private Server does not work with Laravel 9 without official Wildcard SSL Certificate in Postfix and Laravel 9 needs PHP 8 or never to work.

Here is correct configuration in Postfix main.cf below:

# TLS parameters smtpd_tls_cert_file = /etc/apache2/ssl.crt/server.crt smtpd_tls_key_file = /etc/apache2/ssl.key/server.key smtpd_tls_CAfile = /etc/apache2/ssl.crt/WILDCARD_yourdomain_fi.ca-bundle smtpd_tls_security_level=may smtp_tls_CApath=/etc/ssl/certs smtp_tls_security_level=may smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

Installation of Back-end and Front-end Final

Installation into Production Environmant goes mostly similar than in Develpment Enviroment Install Instructions but to folder /var/www/i4ware_SDK/saas-app/.

# Laravel .env file APP_URL=https://saas-app.yourdomain.fi APP_UI_URL=https://saas.yourdomain.fi APP_DOMAIN_ADMIN=www.yourdomain.fi APP_DOMAIN_ADMIN_FULLNAME="Matti Kiviharju" APP_DOMAIN_ADMIN_EMAIL=matti.kiviharju@yourdomain.fi APP_DOMAIN_ADMIN_PASSWORD=12345678 # Change this default password APP_DOMAIN_ADMIN_COMPANY="i4ware Software" APP_IS_HOUSE_USE=false APP_ASSET_URL=https://saas-app.yourdomain.fi/storage

Just make file /var/www/i4ware_SDK/login-form/.env.production.local and edit it’s content:

REACT_APP_SERVER_URL=https://saas-app.yourdomain.fi REACT_APP_SERVER_STORAGE_URL=https://saas-app.yourdomain.fi/storage REACT_APP_DEFAULT_LANGUAGE=en REACT_APP_PUSHER_KEY= REACT_APP_PUSHER_CLUSTER=