Easiest production Linux for Laravel

Thanks for your detailed response @Tray2

@laracoft Docker is very performant in production. So there are no issues on running docker in production. And it's very easily scaled if you have a load balancer. Then you can just spin up another instance of your server.

@Tray2

I tried out ubuntu 21 and I must say, it is significantly faster than CentOS 8 running in VirtualBox. Not sure if it is because of SELInux.

Anyway, I was wondering if you can share whether you use SELinux or AppArmor? It is the last item on my checklist. :)

Thank you.

@laracoft On my server that sits behind a firewall with no ports opened for access from the internet I only run apparmor which comes by default when installing Ubuntu. I've read some about apparmor and selinux and they aren't strictly necessary to run a server securely if you have the correct permissions set to the files and directories. They are however recommended. SELinux is a bit harder to configure while Apparmor is not as precise ( for a lack of a better word).

This might give you a hint which to use

https://ritcsec.wordpress.com/2016/11/30/apparmor-vs-selinux/

@Tray2 thanks!

@tray2 i know this is discussion is said and done, but I'm running into this issue and can't seem to find a solution.

The error below happens when ubuntu first boots, causing the website to load with SSL errors. (Note: apache2 is running as verified by service apache2 status and also being able to connect.

Once I run service apache2 restart, the website loads normally and without errors.

I deduced it to be something in particular to ubuntu and/or apache2. It would have been much easier if the service apache2 restart did not solve the problem, now I'm quite confused and in need of help.

Thank you.

# openssl s_client -connect example.com:443
CONNECTED(00000003)
139778191202112:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:332:

@laracoft This sounds to me like a vhost issue.

What happens when you run apachectl -S?

https://community.letsencrypt.org/t/solved-30810293761408f10b-ssl-routineswrong-version-number-ssl-record-ssl3-record-c-332/98244

@Tray2 I came across that link, apachectl -S produced a list of vhosts but I could not see any issue with them. (apache works, so syntax of config files must be valid)

I have a number *.conf files, 1 for each domain with it's own specific certificate. This worked on CentOS. What I did was to link these files as-is into the site-enabled/ folder.

The more puzzling thing is that the issue goes away after I manually run service apache restart. That seems to me that the config is not only syntactically correct, but also functionally correct, it is just that things don't get loaded properly at boot and I can't find anything in the logs.

@laracoft I suggest you post your question on an Apache forum.

@Tray2 ok thanks, let me try

@tray2 sorry, I have spent hours on this, any idea of a good forum? Thank you.

@tray2 I managed to narrow down upon boot up, port 443 was serving HTTP instead of HTTPS. Utterly confused.

@laracoft This thread might shed some light on the issue

https://serverfault.com/questions/744960/configuring-ssl-with-virtual-hosts-under-apache-and-centos

@Sinnbeck

Yea, but AFAIK, there is only 1 forge provider at the moment yea? ;) haha

@laracoft I personally use ploi, and it supports 6-7 providers I believe

They aren't that far with security yet, but it evolves day by day, and there is a market place for installing stuff.

But it is true that they only support Ubuntu, but it is my goto anyway (or Debian)