Deployment

---

• Checklist
• Redirecting Magento
• Secure Elasticsearch
  • Kibana
  • Without Kibana
• Secure OpenSearch
• Magento 2 Docker

Checklist

• Check the Laravel deployment docs
• Make sure the server meets the requirements
• Check all configurations
• Configure CORS
• Make sure the flat tables are enabled
• If you're upgrading, check the upgrade notes
• Configure the indexer in the scheduler or with webhooks
• Redirect Magento
• Secure Elasticsearch
• Check your .env
  • Set APP_ENV to production
  • Change the RAPIDEZ_TOKEN to something random
  • Make sure these values are false
    • APP_DEBUG
    • VITE_DEBUG
    • DEBUGBAR_ENABLED
• Optionally configure your multistore
• Optionally setup full page caching
• Make sure php artisan optimize is within your deployment script
• Issues? Check see troubleshooting

Redirecting Magento

The Magento frontend should not be accessible anymore as you're using Rapidez. But GraphQL, media, admin, etc should be reachable. Create a redirect rule to accomplish that, for example with Nginx:

location ~* ^\/(?!(rest|graphql|static|media|admin)(\/|$)) {
    return 301 $scheme://your-rapidez-url.com$request_uri;
}

Make sure to change the admin location and URL. Place this below the Magento location directives, for example here in the sample Nginx config.

Secure Elasticsearch

You have to secure your Elasticsearch instance so other people can't manipulate the data in it as it needs to be exposed for InstantSearch.

• Enable security in elasticsearch.yml with: xpack.security.enabled: true
  • On Ubuntu: /etc/elasticsearch/elasticsearch.yml
• Change http.cors.allow-origin to your domain
• Restart Elasticsearch
  • On Ubuntu: sudo service elasticsearch restart
  • With Docker: docker restart rapidez_elasticsearch
• Setup a password with bin/elasticsearch-setup-passwords auto (or use interactive to choose the passwords yourself)
  • On Ubuntu, from: cd /usr/share/elasticsearch/
  • With Docker, prefix with: docker exec rapidez_elasticsearch
• Add your credentials to .env

ELASTICSEARCH_USER=elastic
ELASTICSEARCH_PASS=YOUR-PASSWORD

• Create a proxy (with SSL) on a subdomain

location / {
        proxy_pass http://localhost:9200;
}

Kibana

No Kibana running?

You can also secure Elasticsearch without it, see: Without Kibana

• Repeat this step for Kibana which should be running on port 5601
• Set the credentials in kibana.yml

elasticsearch.username: "elastic"
elasticsearch.password: "YOUR-PASSWORD"

• Login to Kibana and go to Management > Roles
• Add a new role web. It only needs one index privilege; use rapidez_* for the indices and read as privilege.
• Create a user web, password rapidez and the web role
• Add the URL to your .env

ELASTICSEARCH_URL=https://web:[email protected]

Without Kibana

Run the following commands:

# Create the role `web` that may read `rapidez_*` indexes
curl -X POST "localhost:9200/_security/role/web?pretty" -H 'Content-Type: application/json' -d'
{
  "indices": [
    {
      "names": [ "rapidez_*" ],
      "privileges": ["read"]
    }
  ]
}
' -u username:password

Then create the user.

# Create the user `web` with password `rapidez`
curl -X POST "localhost:9200/_security/user/web?pretty" -H 'Content-Type: application/json' -d'
{
  "password" : "rapidez",
  "roles" : [ "web" ]
}
' -u username:password

Finally add the URL to your .env

ELASTICSEARCH_URL=https://web:[email protected]

Secure OpenSearch

You have to secure your OpenSearch instance so other people can't manipulate the data in it as it needs to be exposed for InstantSearch. Add this in your opensearch.yml

http.cors.enabled: true
http.cors.allow-credentials: true
http.cors.allow-origin: "https://your-rapidez-store.com"
http.cors.allow-headers: X-Requested-With, X-Auth-Token, Content-Type, Content-Length, Authorization, Access-Control-Allow-Headers, Accept

You will need to create a rapidez/web user as well in the internal_users.yml

web:
  hash: "WEB_PASSWORD_REPLACEME"
  reserved: true
  backend_roles:
  - "rapidez"
  description: "Public web user"

Then link that user to the role we are about to create in the roles_mapping.yml

rapidez:
  reserved: false
  users:
  - "web"
  backend_roles:
  - "rapidez"
  description: "Allow read only access to indexes prefixed with rapidez_"

Create the role with the correct permissions to the rapidez_ indexes in the roles.yml

rapidez:
  reserved: false
  cluster_permissions:
    - "indices:data/read/msearch"
    - "indices:data/read/msearch/template"
  index_permissions:
    - index_patterns:
        - 'rapidez_*'
      allowed_actions:
        - "indices:data/read/scroll"
        - "indices:data/read/scroll/clear"
        - "indices:data/read/mget"
        - "indices:data/read/mget*"
        - "indices:data/read/search"
        - "indices:data/read/search*"
        - "indices:data/read/msearch"
        - "indices:data/read/msearch/template"
        - "indices:data/read/search/template"
        - "indices:data/read/mtv"
        - "indices:data/read/mtv*"
        - "indices:data/read/search/template/render*"

Magento 2 Docker

WARNING

This is only needed if you'd like to run the Magento 2 demo webshop on a server.

Just proxy everything to a subdomain and use that domain as MAGENTO_URL in the .env. With Laravel Forge this is really easy; just create another website on your server, setup SSL and edit the Nginx config

location / {
    proxy_pass http://127.0.0.1:1234;
    proxy_redirect off;
    proxy_read_timeout 60;
    proxy_connect_timeout 60;
    
    proxy_buffer_size 128k;
    proxy_buffers 4 256k;
    proxy_busy_buffers_size 256k;

    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Host $host;
}

Use the MySQL credentials from the container in the .env

DB_CONNECTION=mysql
DB_HOST=127.0.0.1
DB_PORT=3307
DB_DATABASE=magento
DB_USERNAME=magento
DB_PASSWORD=password