{"id":416,"date":"2025-08-27T21:10:27","date_gmt":"2025-08-27T21:10:27","guid":{"rendered":"https:\/\/1v0.net\/blog\/?p=416"},"modified":"2025-08-27T21:10:29","modified_gmt":"2025-08-27T21:10:29","slug":"optimizing-laravel-for-aws-deployment-step-by-step","status":"publish","type":"post","link":"https:\/\/1v0.net\/blog\/optimizing-laravel-for-aws-deployment-step-by-step\/","title":{"rendered":"Optimizing Laravel for AWS Deployment (Step-by-Step)"},"content":{"rendered":"\n

Optimizing Laravel for AWS Deployment (Step-by-Step)<\/strong><\/h2>\n\n\n\n

AWS gives you flexible building blocks\u2014EC2 for compute, RDS for databases, ElastiCache for Redis, S3 for storage, and CloudFront for global edge caching. In this step-by-step guide, you\u2019ll prepare your Laravel app for production, provision AWS services, configure Nginx + PHP-FPM on EC2, wire up queues with Horizon, store assets on S3, and add a health check endpoint for load balancers. We\u2019ll keep performance and security front-and-center and link to deep dives where relevant.<\/p>\n\n\n\n

<\/div>\n\n\n\n\n

1 – Production Prep: Env & Optimizations<\/strong><\/h2>\n\n\n\n

Before deploying, make sure your app boots fast and reads secrets from environment variables. These commands pre-compile configuration\/routes\/views for minimal runtime overhead (see also Article #41<\/a> for the rationale).<\/p>\n\n\n

# locally or in your build stage<\/span>\nphp artisan key:generate --force\nphp artisan config:cache\nphp artisan route:cache\nphp artisan view:cache\nphp artisan event:cache<\/code><\/span>Code language:<\/span> Bash<\/span> (<\/span>bash<\/span>)<\/span><\/small><\/pre>\n\n\n
These commands write optimized PHP arrays to bootstrap\/cache<\/code>, reducing file I\/O and framework bootstrap time in production.<\/p>\n\n\n\n# .env.production (example)\nAPP_ENV=production\nAPP_DEBUG=false\nAPP_URL=https:\/\/your-domain.com\n\nLOG_CHANNEL=stack\nLOG_LEVEL=warning\n\n# database via RDS\nDB_CONNECTION=mysql\nDB_HOST=your-rds-endpoint.amazonaws.com\nDB_PORT=3306\nDB_DATABASE=app\nDB_USERNAME=app_user\nDB_PASSWORD=strong-password\n\n# cache\/session via ElastiCache Redis\nCACHE_DRIVER=redis\nSESSION_DRIVER=redis\nREDIS_HOST=your-redis.xxxxxx.use1.cache.amazonaws.com\nREDIS_PORT=6379\n\n# files & assets\nFILESYSTEM_DISK=s3\nAWS_ACCESS_KEY_ID=…\nAWS_SECRET_ACCESS_KEY=…\nAWS_DEFAULT_REGION=us-east-1\nAWS_BUCKET=your-bucket\nAWS_USE_PATH_STYLE_ENDPOINT=false\n\n# queues (Redis) + Horizon\nQUEUE_CONNECTION=redis\n\n\n
Use a separate .env.production<\/code> with real endpoints. In AWS, prefer Systems Manager Parameter Store or Secrets Manager instead of raw env files for credentials.<\/p>\n\n\n\n\n
<\/div>\n\n\n\n\n
2 – Provision AWS: RDS, ElastiCache, S3, CloudFront<\/strong><\/h2>\n\n\n\n
Create an RDS MySQL (or Postgres) instance, an ElastiCache Redis cluster, and an S3 bucket. Optionally add a CloudFront distribution on top of S3 for global asset delivery. Make sure your EC2 security groups allow egress to these services and RDS\/Redis are restricted to your VPC.<\/p>\n\n\n
# example: upload public build assets to S3 during deploy<\/span>\nphp artisan storage:link   # for local; in prod we serve from S3 directly<\/span>\n# build your front-end (Vite\/Mix) then<\/span>\naws s3 sync public\/build s3:\/\/your-bucket\/build --delete<\/code><\/span>Code language:<\/span> Bash<\/span> (<\/span>bash<\/span>)<\/span><\/small><\/pre>\n\n\n
Syncing compiled assets to S3 lets CloudFront cache them globally. Set long cache-control headers for immutable filenames (Vite\u2019s hashed files).<\/p>\n\n\n\n\n
<\/div>\n\n\n\n\n
3 – EC2: PHP-FPM + Nginx Configuration<\/strong><\/h2>\n\n\n\n
We\u2019ll run Laravel on EC2 behind Nginx with PHP-FPM. This mirrors our Docker\/Nginx setup from Article #46<\/a> but installed on the instance directly.<\/p>\n\n\n
# on Ubuntu EC2<\/span>\nsudo apt update\nsudo apt install -y nginx php8.3-fpm php8.3-xml php8.3-mbstring php8.3-zip php8.3-mysql php8.3-bcmath php8.3-curl unzip git\nsudo systemctl enable<\/span> php8.3-fpm nginx<\/code><\/span>Code language:<\/span> Bash<\/span> (<\/span>bash<\/span>)<\/span><\/small><\/pre>\n\n\n
This installs Nginx and PHP 8.3 with common Laravel extensions. Enable services to start on boot so reboots don\u2019t cause downtime.<\/p>\n\n\n\n
# \/etc\/nginx\/sites-available\/laravel.conf<\/span>\nserver<\/span> {\n    listen<\/span> 80<\/span>;\n    server_name<\/span> your-domain.com;\n    root<\/span> \/var\/www\/current\/public;\n\n    index<\/span> index.php index.html;\n\n    location<\/span> \/ {\n        try_files<\/span> $uri<\/span> $uri<\/span>\/ \/index.php?$query_string<\/span>;\n    }\n\n    location<\/span> ~ \\.php$<\/span> {\n        include<\/span> snippets\/fastcgi-php.conf;\n        fastcgi_pass<\/span> unix:\/run\/php\/php8.3-fpm.sock;\n        fastcgi_read_timeout<\/span> 60s<\/span>;\n    }\n\n    location<\/span> ~* \\.(jpg|jpeg|png|gif|css|js|ico|woff2?)$<\/span> {\n        expires<\/span> 7d<\/span>;\n        access_log<\/span> off<\/span>;\n    }\n}<\/code><\/span>Code language:<\/span> Nginx<\/span> (<\/span>nginx<\/span>)<\/span><\/small><\/pre>\n\n\n
This server block routes requests to Laravel\u2019s index.php<\/code> and serves static files with caching. Point root<\/code> to your release directory (\/var\/www\/current<\/code>) to support zero-downtime symlink deployments.<\/p>\n\n\n\n
sudo ln -s \/etc\/nginx\/sites-available\/laravel.conf \/etc\/nginx\/sites-enabled\/laravel.conf\nsudo nginx -t && sudo systemctl reload nginx<\/code><\/span>Code language:<\/span> Bash<\/span> (<\/span>bash<\/span>)<\/span><\/small><\/pre>\n\n\n
<\/div>\n\n\n\n\n
4 – Deploy Script: Zero-Downtime Releases<\/strong><\/h2>\n\n\n\n
Use a simple release pattern: upload a timestamped build directory, run composer\/artisan, then atomically switch the current<\/code> symlink.<\/p>\n\n\n
# \/usr\/local\/bin\/deploy.sh (run as a deploy user)<\/span>\nset<\/span> -euo pipefail\n\nAPP_DIR=\/var\/www\nRELEASES=$APP_DIR<\/span>\/releases\nNEW=$RELEASES<\/span>\/$(date +%Y%m%d%H%M%S)\n\nmkdir -p \"$NEW<\/span>\"<\/span>\n# rsync or unzip your build into $NEW<\/span>\nrsync -az --delete build\/ \"$NEW<\/span>\/\"<\/span>\n\ncd<\/span> \"$NEW<\/span>\"<\/span>\ncomposer install --no-dev --optimize-autoloader\nphp artisan config:cache\nphp artisan route:cache\nphp artisan view:cache\nphp artisan migrate --force\n\nln -sfn \"$NEW<\/span>\"<\/span> \"$APP_DIR<\/span>\/current\"<\/span>\nsudo systemctl reload php8.3-fpm\nsudo systemctl reload nginx<\/code><\/span>Code language:<\/span> Bash<\/span> (<\/span>bash<\/span>)<\/span><\/small><\/pre>\n\n\n
<\/div>\n\n\n\n\n
5 – Queues & Horizon on EC2<\/strong><\/h2>\n\n\n\n
Use Horizon to manage Redis queues (jobs, notifications, broadcasts). Run it under systemd so it restarts on failure or reboot (see Article #45<\/a> for UI and scaling).<\/p>\n\n\n
# \/etc\/systemd\/system\/horizon.service<\/span>\n[Unit]<\/span>\nDescription<\/span>=Laravel Horizon\nAfter<\/span>=network.target\n\n[Service]<\/span>\nUser<\/span>=www-data\nType<\/span>=simple\nWorkingDirectory<\/span>=\/var\/www\/current\nExecStart<\/span>=\/usr\/bin\/php artisan horizon\nRestart<\/span>=always\nRestartSec<\/span>=3<\/span>\n\n[Install]<\/span>\nWantedBy<\/span>=multi-user.target<\/code><\/span>Code language:<\/span> TOML, also INI<\/span> (<\/span>ini<\/span>)<\/span><\/small><\/pre>\n\n\n
Enable and start the service so jobs are continuously processed. Horizon also provides a dashboard at \/horizon<\/code> for throughput\/failed job metrics.<\/p>\n\n\n\n
sudo systemctl daemon-reload\nsudo systemctl enable<\/span> --now horizon<\/code><\/span>Code language:<\/span> Bash<\/span> (<\/span>bash<\/span>)<\/span><\/small><\/pre>\n\n\n
<\/div>\n\n\n\n\n
6 – Optional: Octane for Concurrency<\/strong><\/h2>\n\n\n\n
If your app is CPU-bound and you need higher RPS, consider running Laravel Octane<\/strong> (Swoole\/RoadRunner) behind Nginx on EC2 (see Article #44<\/a> for benchmarks and configuration).<\/p>\n\n\n
# \/etc\/systemd\/system\/octane.service<\/span>\n[Unit]<\/span>\nDescription<\/span>=Laravel Octane\nAfter<\/span>=network.target\n\n[Service]<\/span>\nUser<\/span>=www-data\nWorkingDirectory<\/span>=\/var\/www\/current\nExecStart<\/span>=\/usr\/bin\/php artisan octane:start --server=swoole --port=9000<\/span> --workers=8<\/span> --task-workers=4<\/span>\nRestart<\/span>=always\nRestartSec<\/span>=3<\/span>\n\n[Install]<\/span>\nWantedBy<\/span>=multi-user.target<\/code><\/span>Code language:<\/span> TOML, also INI<\/span> (<\/span>ini<\/span>)<\/span><\/small><\/pre>\n\n\n
Expose Octane on an internal port and proxy to it from Nginx. Keep max_requests<\/code> set in config\/octane.php<\/code> so workers recycle and memory stays healthy.<\/p>\n\n\n\n\n
<\/div>\n\n\n\n\n
7 – S3 Filesystem & CloudFront<\/strong><\/h2>\n\n\n\n
Move user uploads to S3 for durability and scale, and serve them via CloudFront for low latency worldwide.<\/p>\n\n\n
\/\/ config\/filesystems.php (snippet)<\/span>\n'disks'<\/span> => [\n    's3'<\/span> => [\n        'driver'<\/span> => 's3'<\/span>,\n        'key'<\/span>    => env('AWS_ACCESS_KEY_ID'<\/span>),\n        'secret'<\/span> => env('AWS_SECRET_ACCESS_KEY'<\/span>),\n        'region'<\/span> => env('AWS_DEFAULT_REGION'<\/span>, 'us-east-1'<\/span>),\n        'bucket'<\/span> => env('AWS_BUCKET'<\/span>),\n        'url'<\/span>    => env('AWS_URL'<\/span>), \/\/ set to CloudFront domain for public URLs<\/span>\n        'visibility'<\/span> => 'public'<\/span>,\n    ],\n],<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
Setting AWS_URL<\/code> to your CloudFront domain ensures generated URLs (e.g., Storage::url()<\/code>) use the CDN, not the S3 endpoint. Cache objects with long TTLs since filenames are versioned.<\/p>\n\n\n\n\n
<\/div>\n\n\n\n\n
8 – Health Check Endpoint (UI)<\/strong><\/h2>\n\n\n\n
Add a simple route for ALB\/ELB health checks that verifies DB\/Redis connectivity without heavy logic.<\/p>\n\n\n
\/\/ routes\/web.php<\/span>\nRoute::get('\/health'<\/span>, function<\/span> ()<\/span> <\/span>{\n    try<\/span> {\n        DB::connection()->getPdo();\n        Cache::put('healthcheck'<\/span>, now(), 5<\/span>);\n        return<\/span> response()->json(['status'<\/span> => 'ok'<\/span>, 'time'<\/span> => now()], 200<\/span>);\n    } catch<\/span> (\\Throwable $e) {\n        return<\/span> response()->json(['status'<\/span> => 'fail'<\/span>], 500<\/span>);\n    }\n});<\/code><\/span>Code language:<\/span> PHP<\/span> (<\/span>php<\/span>)<\/span><\/small><\/pre>\n\n\n
Your load balancer can poll \/health<\/code> to remove unhealthy instances automatically. Keep it lightweight and fast.<\/p>\n\n\n\n\n
<\/div>\n\n\n\n\n
9 – Security Hardening<\/strong><\/h2>\n\n\n\n
Reload systemd and start Horizon immediately. Pair this with Redis in ElastiCache for a robust, low-latency queue layer (background on queues in Article #42<\/a>).<\/p>\n\n\n\n\n
This script minimizes downtime by swapping symlinks only after the new release is warmed and migrations are applied. For CI\/CD automation, see Article #54<\/a>.<\/p>\n\n\n\n\n
Symlink the site, test the config, and reload Nginx without dropping connections. For more Nginx hardening, see Article #56<\/a>.<\/p>\n\n\n\n\n