Production Deployment

<?php
/*Datos de conexion a la base de datos*/
define('DB_HOST', 'localhost');
define('DB_USER', 'invoice_user');  // Change from 'root'
define('DB_PASS', 'strong_secure_password_here');  // Set a strong password
define('DB_NAME', 'simple_invoice');
?>

# Configuration files - read-only for web server
chmod 640 config/db.php
chmod 640 config/conexion.php
chown www-data:www-data config/*.php

# Upload directories - writable
chmod 755 img/
chmod 755 pdf/documentos/
chmod 755 pdf/documentos/res/

# Application files - read-only
find . -type f -name "*.php" ! -path "./config/*" ! -path "./img/*" ! -path "./pdf/documentos/*" -exec chmod 644 {} \;

<VirtualHost *:443>
    ServerName invoice.yourdomain.com
    DocumentRoot /var/www/simple-invoice
    
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/invoice.crt
    SSLCertificateKeyFile /etc/ssl/private/invoice.key
    SSLCertificateChainFile /etc/ssl/certs/chain.pem
    
    # Security headers
    Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-Content-Type-Options "nosniff"
    Header always set X-XSS-Protection "1; mode=block"
    
    <Directory /var/www/simple-invoice>
        Options -Indexes +FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

# Redirect HTTP to HTTPS
<VirtualHost *:80>
    ServerName invoice.yourdomain.com
    Redirect permanent / https://invoice.yourdomain.com/
</VirtualHost>

server {
    listen 443 ssl http2;
    server_name invoice.yourdomain.com;
    root /var/www/simple-invoice;
    index index.php;
    
    ssl_certificate /etc/ssl/certs/invoice.crt;
    ssl_certificate_key /etc/ssl/private/invoice.key;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    
    # Security headers
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-XSS-Protection "1; mode=block" always;
    
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
    
    location ~ \.php$ {
        fastcgi_pass unix:/var/run/php/php5.6-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
    
    # Deny access to sensitive files
    location ~ /config/ {
        deny all;
        return 404;
    }
}

# Redirect HTTP to HTTPS
server {
    listen 80;
    server_name invoice.yourdomain.com;
    return 301 https://$server_name$request_uri;
}

; /etc/php/5.6/apache2/php.ini (or php-fpm/php.ini for Nginx)

upload_max_filesize = 2M
post_max_size = 3M
max_execution_time = 30
memory_limit = 128M

; File upload security
file_uploads = On
allow_url_fopen = Off
allow_url_include = Off

; Display errors - DISABLED for production
display_errors = Off
display_startup_errors = Off

; Log errors instead
log_errors = On
error_log = /var/log/php/error.log

; Error reporting level
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT

mkdir -p /var/log/php
chown www-data:www-data /var/log/php
chmod 755 /var/log/php

Options -Indexes

autoindex off;

Order deny,allow
Deny from all

location ~ /config/ {
    deny all;
    return 404;
}

#!/bin/bash
# /usr/local/bin/backup-invoice-files.sh

BACKUP_DIR="/var/backups/simple-invoice"
APP_DIR="/var/www/simple-invoice"
DATE=$(date +%Y%m%d_%H%M%S)

tar -czf $BACKUP_DIR/files_$DATE.tar.gz \
  $APP_DIR/img \
  $APP_DIR/pdf/documentos \
  $APP_DIR/config

# Keep last 30 days
find $BACKUP_DIR -name "files_*.tar.gz" -mtime +30 -delete

; /etc/php/5.6/apache2/conf.d/10-opcache.ini

opcache.enable=1
opcache.memory_consumption=128
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=4000
opcache.revalidate_freq=60
opcache.fast_shutdown=1

-- Analyze tables
ANALYZE TABLE clientes, facturas, productos, detalle_factura;

-- Optimize tables
OPTIMIZE TABLE clientes, facturas, productos, detalle_factura;

-- Add indexes for common queries
CREATE INDEX idx_status ON clientes(status_cliente);
CREATE INDEX idx_date ON facturas(date_added);

# Enable compression
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/css text/javascript application/javascript
</IfModule>

# Browser caching
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/jpeg "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType image/gif "access plus 1 year"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
</IfModule>

# Real-time monitoring
tail -f /var/log/php/error.log

# Alert on errors
grep -i "fatal\|error" /var/log/php/error.log | mail -s "Invoice Errors" [email protected]

-- Check database size
SELECT 
    table_name AS 'Table',
    ROUND(((data_length + index_length) / 1024 / 1024), 2) AS 'Size (MB)'
FROM information_schema.TABLES
WHERE table_schema = 'simple_invoice'
ORDER BY (data_length + index_length) DESC;

-- Check connection count
SHOW STATUS WHERE Variable_name = 'Threads_connected';

# Monitor upload directories
du -sh /var/www/simple-invoice/img
du -sh /var/www/simple-invoice/pdf/documentos

# Test MySQL connection
mysql -u invoice_user -p -h localhost simple_invoice

# Check MySQL is running
systemctl status mysql

# Verify credentials match config/db.php
grep -E "DB_USER|DB_PASS|DB_NAME" config/db.php

# Check directory permissions
ls -la img/

# Verify PHP upload settings
php -i | grep -E "upload_max_filesize|post_max_size"

# Check web server error logs
tail -f /var/log/apache2/error.log  # Apache
tail -f /var/log/nginx/error.log    # Nginx

# Fix ownership
chown -R www-data:www-data /var/www/simple-invoice

# Fix permissions
find /var/www/simple-invoice -type d -exec chmod 755 {} \;
find /var/www/simple-invoice -type f -exec chmod 644 {} \;
chmod 755 /var/www/simple-invoice/img
chmod 755 /var/www/simple-invoice/pdf/documentos