PHP From ZeroModern PHP course

deployment and operations

VPS Deployment Orientation

A virtual private server gives the team control over the operating system and the software installed on it. That can suit an application with ordinary web traffic and a few background processes, but the team now owns more than copying PHP files into a directory. Security updates, firewall rules, TLS, PHP-FPM, logs, backups, and worker supervision all need an owner.

Prefer Repeatable Releases

Avoid editing the live application directory by hand. A versioned release directory keeps the previous build available while the new build is verified. Shared writable data and environment configuration live outside individual releases. A current symlink or equivalent release pointer chooses which version serves traffic.

/srv/shop/
  releases/20260601T120000Z/
  shared/.env
  shared/storage/
  current -> releases/20260601T120000Z/

Provision the VPS from documented steps or automation. Use a supported OS and PHP packages. Run PHP-FPM, the web server, and queue workers with deliberately scoped users. Expose only required network ports. Store secrets outside the release directory and make writable paths explicit.

Rehearse Recovery

Set up staging before production. Deploy a new release, switch the release pointer, reload workers gracefully, and check application health. Then rehearse rollback by switching back to the previous release. A backup is not proven until a restore has been tested, and a VPS is not maintainable when only one person knows its undocumented state.

Practice

Practice: Outline A VPS Runbook

Outline a VPS release runbook for a small PHP application. Include the server responsibilities the team now owns and the steps needed to roll back a failed release.

Requirements

  • Use a supported OS and supported PHP packages.
  • Run web and worker processes with least privilege.
  • Automate repeatable provisioning where possible.
  • Configure staging first.
  • Deploy into a versioned release directory.
  • Verify health and keep rollback release available.
Show solution

Document how the supported OS, PHP packages, web server, PHP-FPM, TLS, firewall, logs, backups, and process supervisor are installed and maintained. Deploy application code into a versioned release directory and keep secrets plus writable storage outside that directory.

For each release, install dependencies, run checks, switch the active release pointer, reload web and worker processes gracefully, and run health checks. Keep the prior release available so rollback is a deliberate switch rather than an emergency rebuild. Test backup restoration separately.