July 19, 2017

A Forge-Like Setup

We see how to change our setup, and permissions, to be similar to Laravel Forge, giving us an easier way to deploy and manage our code base.

To help with permissions, we can do a setup similar to Forge, where user "forge" runs our applications and deploys it.

This has two steps:

  1. Set code file ownership as the user you select
  2. Set PHP-FPM to run as that user
  3. Allow user "forge" to reload PHP-FPM

Code Setup

First we'll create a user "forge" (I chose forge, but you can create any username you want).

# Create user + password
sudo adduser forge

# Move code to myapp user home directory
sudo mv /var/www/myapp /home/forge/myapp
sudo chown -R forge: /home/forge/myapp

PHP-FPM

Edit /etc/php/7.1/fpm/pool.d/www.conf and set the user/group of PHP to run as user forge.

user = forge
group = forge

Then restart PHP when that change is saved:

sudo service php7.1-fpm restart

Sudoers

If we automate deployments, then it's likely we'll want to reload PHP-FPM when we're done. This requires sudo, but I don't really want to allow user forge to run any command, and since we're automating it, we don't have the opportunity to input the user's password.

We can create a sudoers config file to allow this, however:

sudo visudo -f /etc/sudoers.d/php-fpm

Add the following content:

forge ALL=NOPASSWD: /usr/sbin/service php7.1-fpm reload

This allows user forge, when logged in from any host, to run the service php7.1-fpm reload command using sudo, without requiring a password.

sudo su forge
sudo apt-get update # requires password

sudo service php7.1-fpm reload # works without a password!

All Topics