Laravel Speed and Performance Optimization 101 – The Guideline

speed-1249610_1920I am working with a pretty heavy Laravel site with many requests and lots of Eloquent/SQL calls. Even though the high-memory and high-cpu VPS, I felt there is room for performance improvement. That is why I would like to write out some improvements to speed up Laravel:

1. Use Database or Redis for cache and sessions

When you navigate to config/cache.php and config/session.php, you see that the default CACHE_DRIVER and SESSION_DRIVER = file. If you have Redis installed, just try to set it as a cache and session driver. Check if Redis is installed by running:

redis-cli

If it is installed, try to define the drivers in your .env file:

CACHE_DRIVER=redis
SESSION_DRIVER=redis

2. Use several artisan pre-made commands

There are various artisan commands that are made to cache several parts of Laravel. You can configure them in the deployment process of Laravel Forge or Envoyer:

php artisan route:cache
php artisan config:cache
php artisan optimize --force

 

Use Developer tools guideline

Do a run at https://developers.google.com/web/fundamentals/performance/ and optimize several steps:

3. Optimize images like PNGs and JPEGs

Images sometime possess useless extra data that can be lossless optimized. Therefore you can use the packages OptiPNG and JPEGOptim. In Ubuntu install OptiPNG:

sudo apt-get update
sudo apt-get install optipng

And also install JPEGOptim:

sudo apt-get install jpegoptim

Now navigate to the folder that you would like to optimize its images. For optipng run:

optipng *

For jpegoptim run:

for i in *.jpg; do jpegoptim --all-progressive "$i"; done

Note that also the subdirectories might be optimized

4. Use HTTP2 instead of HTTP 1.1 if you have an SSL certificate enabled

The following guideline helps you through the process of updating to HTTP2 in Nginx.

Note that you need to have a SSL certificate. Google PageSpeed gave a server speed change from 0.52s (without HTTP2, with SSL) to 0.35s (with HTTP2)

Result: About 30% speed increase

5. Cache response in Redis or File

Sometimes it is unnecessary that the page is called from a database many times. Just caching the page reduces quite some load. That is exactly the same idea of the Laravel Response Cache plugin. The install instructions are quite good. In my case it had a drastic performance improvement.

Result: about 200 ms speed increase in my case

6. Optimize InnoDB innodb_buffer_pool_size

I am not sure why, but for some reason InnoDB has a really small innodb_buffer_pool_size when deploying your initial Laravel Forge server. In my default case, the innodb_buffer_pool_size was 8MB, while some blogs estimate that you can reserve up to 80% of your ram for innodb_buffer_pool_size. So edit the my.conf file:

sudo nano /etc/mysql/my.cnf

And add for example:

innodb_buffer_pool_size = 1G

Result: Several times faster queries

R7. educe load by adding swap

My server regularly had Redis full-memory issues and high loads. This was solved by adding some swap to Ubuntu. As described by DigitalOcean:

One of the easiest way of increasing the responsiveness of your server and guarding against out of memory errors in your applications is to add some swap space. Swap is an area on a hard drive that has been designated as a place where the operating system can temporarily store data that it can no longer hold in RAM.

Read more about adding swap at the DigitalOcean website.

Result: a reduction in load when entering the ‘top’ command

This list is still a work-in-progress list, although above tips gave me a speed improvement of MORE THAN 1 SECOND. Got any tips, let me know in the comments!

Also share your speed improvements 🙂



Laravel 5.3 change login path and prevent registration

Prevent that /login is the default path for login

Thanks to Stackoverflow. Go to your routes/web.php

And change:

Auth::routes();

Into:

// Login
Route::group(['middleware' => ['web']], function() {
    Route::get('login-new-address', ['as' => 'login', 'uses' => 'Auth\LoginController@showLoginForm']);
    Route::post('login-new-address', ['as' => 'login.post', 'uses' => 'Auth\LoginController@login']);
    Route::post('logout-new-address', ['as' => 'logout', 'uses' => 'Auth\LoginController@logout']);
});
// Registration Routes...
    Route::get('register', ['as' => 'register', 'uses' => 'Auth\RegisterController@showRegistrationForm']);
    Route::post('register', ['as' => 'register.post', 'uses' => 'Auth\RegisterController@register']);

// Password Reset Routes...
    Route::get('password/reset', ['as' => 'password.reset', 'uses' => 'Auth\ForgotPasswordController@showLinkRequestForm']);
    Route::post('password/email', ['as' => 'password.email', 'uses' => 'Auth\ForgotPasswordController@sendResetLinkEmail']);
    Route::get('password/reset/{token}', ['as' => 'password.reset.token', 'uses' => 'Auth\ResetPasswordController@showResetForm']);
    Route::post('password/reset', ['as' => 'password.reset.post', 'uses' => 'Auth\ResetPasswordController@reset']);

Would you like to prevent registration?

Remove the registration and password reset routes if you don’t want people to register, e.g. for admin panels.

Also change your redirect if not logged in

Change in App/Exceptions/Handler.php the redirect to:

return redirect()->guest('login-new-address');


Laravel Forge Ubuntu Update and Upgrade Manual with OpenSSL bugfixes

Be careful: Not all commands have been fully tested, you use these instructions with care and on your own risk. To repeat, as goes for all our articles, using our instructions is on your own risk!
This article primarily focuses on Ubuntu 14.04 and 16.04 servers that are working with Laravel Forge, but it can be useful for all Ubuntu (server) users.

As mentioned, OpenSSL recently had a security vulnerability with code CVE-2016-2107. This vulnerability is fixed in OpenSSL 1.0.2h – 3 May 2016. Check your current version by entering the command:

openssl version -v 

Only updating OpenSSL?

Then you can run:

sudo apt-get install --only-upgrade libssl1.0.0 openssl

Then restart Nginx:

sudo service nginx restart

Check if the version is upgrade by entering the command:

openssl version -v 

If it is all right you should see the version:

OpenSSL 1.0.2h 3 May 2016

Or newer of course.

Doing an update or upgrade within the same version

As instructed by DigitalOcean, you can update or upgrade Ubuntu by updating the package list:

sudo apt-get update

Then, upgrade installed packages to their latest available versions:

sudo apt-get upgrade

You will be shown a list of upgrades, and prompted to continue. Answer y for yes and press Enter. Then, the packages are updated and upgraded

Error: Unmet dependencies?

While upgrading, the following error may occur:

The following packages have unmet dependencies:
linux-image-extra-3.13.0-66-generic: Depends: linux-image-3.13.0-66-generic but it is not installed
linux-image-extra-3.13.0-79-generic: Depends: linux-image-3.13.0-79-generic but it is not installed
linux-image-generic: Depends: linux-image-3.13.0-79-generic but it is not installed"

Therefore you can install the missing images by entering the command:

sudo apt-get install -f

It could be that you get this message:

Unpacking linux-image-3.13.0-79-generic (3.13.0-79.123) ...
dpkg: error processing archive /var/cache/apt/archives/linux-image-3.13.0-79-generic_3.13.0-79.123_amd64.deb (--unpack):
 cannot copy extracted data for './boot/vmlinuz-3.13.0-79-generic' to '/boot/vmlinuz-3.13.0-79-generic.dpkg-new': failed to write (No space left on device)
No apport report written because the error message indicates a disk full error
                                                                              dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)

In that case read the next paragraph.

Full /boot directory?

When installing missing dependencies and running the command:

sudo apt-get install

There might occur an error as described in the previous paragraph. This can be solved by following the following steps as described on Stack Overflow.
When you command:

df -h

You probably would see that the /boot directory is 100% filled. In that case:

First, identify the space to be used,

cd /boot
du -sk *|sort -n

There might be a lot of kernels. Then run:

uname -a

to get the running kernel. The user on Stack Overflow: identified that I was on Linux alternate 2.6.32-43-server and did a tar of 6 of the versions that were not running, and were old.

tar -cvf ~username/boot.tar *2.6.32-44-server *2.6.32-45-server *2.6.32-46-server *2.6.32-47-server *2.6.32-48-server *2.6.32-49-server

Then do a rm -rf of what is backed up:

rm -rf *2.6.32-44-server *2.6.32-45-server *2.6.32-46-server *2.6.32-47-server *2.6.32-48-server *2.6.32-49-server

I am showing these commands as examples, you will have to decide what you will work with for your situation.

Now that you have some space on /boot, you are able to run

apt-get -f install 

To clean up the failed install of 2.6.32-56-server.

Then do:

apt-get remove linux-headers-2.6.32-38 linux-headers-2.6.32-38-server linux-image-2.6.32-38-server
apt-get remove linux-headers-2.6.32-39 linux-headers-2.6.32-39-server linux-image-2.6.32-39-server

This gives room to put back what I had backed up.

tar -xf ~username/boot.tar
rm  ~username/boot.tar    

To clean up, you could could run:

apt-get autoremove

Then reboot and you will see you are using a very small percentage of /boot.

Release upgrading from 14.04 to 16.04

Be careful! As “zachleigh” mentions on Laracasts: “If you’re already using php7 in 14.04, then there really isnt much point in upgrading now I guess. 14.04 is supported until spring 2018 so you still have a couple years before you have to do anything. May as well wait until the next long term support release, 18.04, comes out in 2018.”

If you still would like to do this, read the guide by DigitalOcean and run:

sudo do-release-upgrade


Laravel 5 socialite with Facebook integration

Would you like to offer a Facebook login functionality next to a regular e-mail based login? This is a tutorial to achieve that with Laravel 5 and the Socialite plugin. This tutorial is based on Matt Stauffer’s tutorial.

First of all pull in Laravel Socialite via composer:

composer require laravel/socialite

Create the users and password_remember migration:

$table->increments('id');
$table->string('name');
$table->string('email')->unique();
$table->string('avatar');
$table->string('password', 60);
$table->boolean('is_admin');
$table->rememberToken();
$table->timestamps();

Get your Facebook developer id and secret at: https://developers.facebook.com/.

Insert the Facebook credentials into the app/services.php file:

'facebook' => [
        'client_id' => env('FACEBOOK_ID'),
        'client_secret' => env('FACEBOOK_SECRET'),
        'redirect' => env('FACEBOOK_URL'),
    ],

In my case, I store them in the .env file as environment variables:

FACEBOOK_ID=xxx
FACEBOOK_SECRET=yyy
FACEBOOK_URL=http://myapp.devapp/auth/facebook/callback

Create a users model and make sure that some fields are fillable:

<?php

namespace App;

use Illuminate\Auth\Authenticatable;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Auth\Passwords\CanResetPassword;
use Illuminate\Contracts\Auth\Authenticatable as AuthenticatableContract;
use Illuminate\Contracts\Auth\CanResetPassword as CanResetPasswordContract;

class User extends Model implements AuthenticatableContract, CanResetPasswordContract
{
    use Authenticatable, CanResetPassword;

    /**
     * The database table used by the model.
     *
     * @var string
     */
    protected $table = 'users';

    /**
     * The attributes that are mass assignable.
     *
     * @var array
     */
    protected $fillable = ['name', 'email', 'password', 'avatar', 'facebook_id'];

    /**
     * The attributes excluded from the model's JSON form.
     *
     * @var array
     */
    protected $hidden = ['password', 'remember_token'];
}

So the model and migrations are prepared, if necessary, run your migration:

php artisan migrate

Register a new controller in your routes file (if there’s an auth controller already, do it above the auth controller):

Route::get('/auth/facebook', 'Auth\SocialController@redirectToProvider');
Route::get('/auth/facebook/callback', 'Auth\SocialController@handleProviderCallback');

Create the Facebook Social Auth Controller (app/Http/Controllers/Auth/SocialController.php):

<?php

namespace App\Http\Controllers\Auth;

use Illuminate\Http\Request;
use App\User;
use App\Http\Requests;
use App\Http\Controllers\Controller;
use Auth;
use Socialite;

class SocialController extends Controller
{
    /**
     * Redirect the user to the Facebook authentication page.
     *
     * @return Response
     */
    public function redirectToProvider()
    {
        return Socialite::driver('facebook')->redirect();
    }

    /**
     * Obtain the user information from Facebook.
     *
     * @return Response
     */
    public function handleProviderCallback()
    {
        $user = Socialite::driver('facebook')->user();

        $authUser = $this->findOrCreateUser($user);

        Auth::login($authUser, true);

        return redirect()->back();
    }

    /**
     * Return user if exists; create and return if doesn't
     *
     * @param $fbUser
     * @return User
     */
    private function findOrCreateUser($fbUser)
    {

        if ($authUser = User::where('facebook_id', $fbUser->id)->first()) {
            return $authUser;
        }

        return User::create([
            'name' => $fbUser->name,
            'email' => $fbUser->email,
            'facebook_id' => $fbUser->id,
            'avatar' => $fbUser->avatar
        ]);

    }
}

You can now link to your social auth controller from somewhere in your blade view:

<a class="btn btn-primary" href="{{ action('Auth\SocialController@redirectToProvider') }}"><span class="glyphicon glyphicon-thumbs-up"></span> Login with Facebook</a>

Important safety note

If you’d like to keep the possibility for people to login, make sure that you’ve empty password validation checks, so that people can’t sign in with only Facebook e-mail addresses.

That’s it. Do you’ve additions to this tutorial? Let me know in the comments.



Laravel 5 Admin Middleware (is_admin user check)

Would you like to have middleware that makes sure that only users with an is_admin = 1 status will be able to see the admin section? Then you can use the following code:

app/Http/Middleware/AdminMiddleware.php

<?php

namespace App\Http\Middleware;

use Closure;

class AdminMiddleware
{

    /**
     * Handle an incoming request. User must be logged in to do admin check
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if (\Auth::user()->is_admin == 1)
        {
            return $next($request);
        }

        return redirect()->guest('/');
    }
}

Make sure you’ll register the middleware as a route in app/Http/Kernel.php

protected $routeMiddleware = [
        'auth' => \App\Http\Middleware\Authenticate::class,
        'auth.basic' => \Illuminate\Auth\Middleware\AuthenticateWithBasicAuth::class,
        'guest' => \App\Http\Middleware\RedirectIfAuthenticated::class,
        'admin' => \App\Http\Middleware\AdminMiddleware::class
];

Finally assign this middleware in the routes.php next to the auth middleware, since the admin middleware is an extension to the auth middleware.

App/Http/routes.php

Route::group(['prefix' => 'administration', 'middleware' => ['auth', 'admin']], function()
{
	Route::get('/', 'Admin\HomeController@index');
}

If you’ve suggestions to make this coding more efficient, you’re always welcome to drop a comment below.



Backup Ubuntu site / Laravel Forge server with Tarsnap

Would you like to backup your Ubuntu server with Tarsnap and also backup your Mysql database? Then follow this steps:

Install Tarsnap

1. Install dependencies

sudo apt-get install build-essential ext2fs-dev zlib1g-dev libssl-dev 

2. Install Tarsnap

Download Tarsnap with this wget:

wget --no-check-certificate https://www.tarsnap.com/download/tarsnap-autoconf-1.0.35.tgz

Now we need to extract, configure, and compile Tarsnap.

tar xfz tarsnap-autoconf-1.0.35.tgz
cd tarsnap-autoconf-1.0.35
./configure
sudo make install clean

3. Configure Tarsnap

Copy the example config to the live config:

sudo mv /usr/local/etc/tarsnap.conf.sample /usr/local/etc/tarsnap.conf

Then create a key, save this key to a USB or something, you can’t reset it.

mkdir ~/.tarsnap
tarsnap-keygen --keyfile /home/youruser/.tarsnap/tarsnap.key --user your@email.com --machine your-machine-name
You’ll be prompted for your Tarsnap password when running tarsnap-keygen.

Now, edit the tarsnap.conf file:

sudo pico /usr/local/etc/tarsnap.conf

Point the keyfile directive to the key file we created a couple steps ago. The top of your tarsnap.conf file should look similar to this now:

### Recommended options
 
# Tarsnap cache directory
cachedir /tmp/tarsnap-cache
 
# Tarsnap key file
keyfile /home/youruser/.tarsnap/tarsnap.key

4. Use Tarsnap to Make a Backup

To create a backup do this:

tarsnap -c -f servername-20140805 /home/forge

I’m using Laravel forge’s home directory. This directory is now backup up to Tarsnap. In the next step we’ll add a backup folder with the latest mysql-database.

Backup Mysql database

Create a folder in /home/forge : backup. Create a file in the folder:

touch /home/forge/makebackup.sh

Insert this information in the file:

#!/bin/sh
TODAY=$(date "+%A");
flock -n ~/.mysqldump mysqldump -u forge -p forge --password=YOURPASSWORD > ~/backup/mysql-latest.sql; 
flock -n ~/.tarsnap.lock tarsnap -c -f backup-$TODAY ~/ 2>/dev/null; 

Create Cronjob

Let the makebackup.sh be called every x days:

crontab -e

Insert this piece of info:

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
MAILTO={{YOUREMAILHERE}}
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 2 * * * flock -n ~/.makebackup.lock ~/backup/makebackup.sh

Thanks to Longren.io and thanks to Hypernode



Laravel 5: simple multi-tenant/multi-site model setup (many-to-many relation covered as well)

Laravel multi site multi tenant navigation bar illusatrationLaravel 5 is a brand new version of the popular framework. Unfortunately, there are no good multi-tenant setups for Laravel 5 yet. That’s why I’d decided to create my own simple version as well, based on Eloquent Global Scopes.

In my case I wanted a sites table, with categories that have a many to many relationship. So like:

sites
id | name

categories
id | name

site_category
id | site_id | category_id

So this table structure is a many to many relation. With this setup you can create a multi-site setup with different categories. Site A has categories 1 and 2, Site B has category 3 etc. It’s defined in the model as follows:

App\Site.php

<?php namespace App;

use Illuminate\Database\Eloquent\Model;

class Site extends Model {

    protected $fillable = ['name', 'domain'];

    public function categories()
    {
        return $this->belongsToMany('App\Category', 'site_category');
    }
}

And the category like:

App\Category.php

<?php namespace App;

use Illuminate\Database\Eloquent\Model;
use App\Traits\TenantableTrait;

class Category extends Model {
	use TenantableTrait;

	/**
	 * The fillables
	 * @var array
	 */
	protected $fillable = ['name', 'description'];

	/**
	 * A category has many sites
	 */
	public function sites()
    {
        return $this->belongsToMany('App\Site', 'site_category');
    }

Notice that this category has the trait TenantableTrait assigned. That is like:

App\Traits\TenantableTrait.php

<?php namespace App\Traits;

use App\TenantScope;
use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\ModelNotFoundException;

trait TenantableTrait {

    /**
     * Boot the tenantable trait for the model
     *
     * @return void
     */
    public static function bootTenantableTrait()
    {
        static::addGlobalScope(new TenantScope);
    }

}

And finally, don’t forget the global Eloquent scope:

App\TenantScope.php

&lt;?php namespace App;

use Illuminate\Database\Eloquent\Model;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\ScopeInterface;
use Session;

class TenantScope implements ScopeInterface
{
    /**
     * Apply the scope to a given Eloquent query builder.
     *
     * @param  \Illuminate\Database\Eloquent\Builder  $builder
     * @param  \Illuminate\Database\Eloquent\Model  $model
     * @return void
     */
    public function apply(Builder $builder, Model $model)
    {
        if (Session::has('siteId'))
        {
            $siteId = session('siteId');
          
            $builder->whereHas('sites', function($query) use($siteId)
            {
                $query->where('sites.id', $siteId);
            });
        }
    }

    /**
     * Remove the scope from the given Eloquent query builder.
     *
     * @param  \Illuminate\Database\Eloquent\Builder  $builder
     * @param  \Illuminate\Database\Eloquent\Model  $model
     * @return void
     */
    public function remove(Builder $builder, Model $model)
    {
        
        dd('remove called');
    }
}

Now, if you set the site id by session (e.g.) in a controller with:

Session::set('siteId', 1)

A all categories that have a site_category link with site_id=1 will be called. As you see, the remove method still has to be specified, so if you’d like to finish up this script, leave it in the comments.

You can repeat this with site_products or probably even site_category_product (with some finetuning, if that works, let me know below 🙂 ).