Deploying Laravel 9 on Apache, MySQL & Ubuntu 20.04 LTS with extra security (Modsecurity and Fail2ban)

This is a follow up article to deploying Laravel 8. If you’d like to read the previous article, click on https://bala420.medium.com/deploying-laravel-8-on-apache-ubuntu-20-04-lts-with-extra-security-modsecurity-and-fail2ban-e6f07c3f1dc8

Deploying PHP applications has always been the same (almost) over the years. But, I have seen people struggle for simpler things that are generally obvious or apparent for people who are familiar with the Ubuntu-PHP ecosystem or for the people who deploy more often. This is a simple article that lists the commands and explains why we need those commands along the way.

To deploy a Laravel 9 application using PHP, MySQL, and Apache on Ubuntu 22.04 LTS, follow these steps:

1. First, make sure you have the required software installed on your system. You will need PHP, MySQL, and Apache. You can install these using the following commands:

sudo apt update
sudo apt install php php-common php-cli php-mysql mysql-server apache2
mysql -u root -p

In the MySQL prompt, type the following commands to create a new database.

CREATE DATABASE laravel;

2. Next, download and install Composer, which is a dependency manager for PHP. Composer will be used to install Laravel and its dependencies. You can download and install Composer using the following commands:

curl -sS https://getcomposer.org/installer | sudo php — — install-dir=/usr/local/bin — filename=composer

3. After installing Composer, use it to install Laravel by running the following command:

composer create-project laravel/laravel my-laravel-app

This will create a new Laravel application in a directory named my-laravel-app.

If you already have an existing laravel 9 app to deploy, skip the above command, and instead navigate to the folder and do composer install in order to install the dependancies. This requires you to have a copied version of your project on the deployment machine.

4. Now, we need to configure Apache to serve the Laravel application. To do this, create a new virtual host configuration file for the Laravel application. You can do this by running the following command:

sudo nano /etc/apache2/sites-available/my-laravel-app.conf

5. Add the following configuration to the file, replacing example.com with your domain name:

<VirtualHost *:80>
  ServerName example.com
  ServerAlias www.example.com
  DocumentRoot /var/www/my-laravel-app/public
  <Directory /var/www/my-laravel-app>
    AllowOverride All
  </Directory>
</VirtualHost>

6. Save the file and exit the editor. Then, enable the virtual host by running the following command:

sudo a2ensite my-laravel-app

7. Finally, restart Apache to apply the changes by running the following command:

sudo systemctl restart apache2

Your Laravel application should now be up and running at the domain you specified in the virtual host configuration file. Ensure that your DNS records for the domain are pointed to your Ubuntu instance.

You can further customize your deployment, such as configuring HTTPS or setting up a database connection, by following the Laravel deployment guide: https://laravel.com/docs/9.x/deployment.

Optional tips for security

You can take it a step futher by securing your Laravel application with Let’s Encrypt’s Certbot, ModSecurity, and Fail2ban:

1. Install Certbot and obtain an SSL certificate for your domain:

sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
sudo certbot certonly - standalone -d example.com

You can customize it by specifying that you’d like to use an apache based installation like below —

sudo certbot --apache

For further customization, visit https://certbot.eff.org/ and select your platform specific details for detailed instructions.

Note: If you’re using the certbot subcommand on certbot, it’ll only create the certificate and not change any config files. If you want certbot to auto change the config files and redirect requests on port 80 to 443, use the --apache flag and follow the on-screen instructions.

2. Install and configure ModSecurity, a web application firewall (WAF), to protect your application from common vulnerabilities and attacks:

sudo apt install libapache2-mod-security2
sudo mv /etc/modsecurity/modsecurity.conf-recommended /etc/modsecurity/modsecurity.conf

3. In the modsecurity.conf file, you can customize the rules and settings to suit your application’s needs. For more information on configuring ModSecurity, see the documentation: https://modsecurity.org/documentation/

Install and configure Fail2ban, a tool that blocks malicious IP addresses that attempt to access your application:

sudo apt install fail2ban
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

In the jail.local file, you can customize the settings to suit your needs. For example, you can specify the directories that Fail2ban should monitor for failed login attempts, as well as the ban duration and other parameters. For more information on configuring Fail2ban, see the documentation: https://www.fail2ban.org/wiki/index.php/Main_Page

Once you have completed these steps, your Laravel application should be secured with an SSL certificate, a web application firewall, and a tool to block malicious IP addresses. These measures can help protect your application from common vulnerabilities and attacks.