# RemoteMatch Buyer Installation Guide This guide is for installing RemoteMatch on a cPanel shared server or VPS. ## Requirements - PHP 8.3 or newer - MySQL 8 or compatible MariaDB - Composer 2 - Node.js 20+ for building frontend assets - PHP extensions normally required by Laravel: BCMath, Ctype, cURL, DOM, Fileinfo, JSON, Mbstring, OpenSSL, PDO, Tokenizer, XML - `pdftotext` recommended for PDF resume extraction - SSL certificate for production ## Installation Steps 1. Upload the project to your server. 2. Set the domain document root to the `public` directory. 3. Create a MySQL database and database user. 4. Install dependencies if your package does not already include generated assets: ```bash composer install --no-dev --optimize-autoloader npm ci npm run build ``` 5. Open the browser installer: ```text https://your-domain.com/install ``` 6. Enter: - Application name - Application URL - Timezone - MySQL database credentials - First admin name, email, and password 7. Submit the form. The installer writes `.env`, runs migrations, seeds required records, creates the admin, and locks the install to the domain. 8. Log in to `/admin`. 9. Configure Google, Razorpay, OpenAI, Brevo, and job sources from the admin settings panel. If you need to configure `.env` manually, update at minimum: ```env APP_URL=https://your-domain.com DB_DATABASE=your_database_name DB_USERNAME=your_database_user DB_PASSWORD="your_database_password" MAIL_FROM_ADDRESS=no-reply@your-domain.com DEFAULT_ADMIN_EMAIL=your-admin@email.com DEFAULT_ADMIN_PASSWORD="TemporaryStrongPassword#2026" DEMO_MODE=false ``` Then run `php artisan remotematch:install` only for controlled developer maintenance. Buyer installs should use `/install`. Open `Admin > Operations > System Health` and fix failed checks. ## Required External Settings Configure these in `.env` first, then optionally manage them in `Admin > Settings`. ### Google OAuth ```env GOOGLE_CLIENT_ID= GOOGLE_CLIENT_SECRET= GOOGLE_REDIRECT_URI="${APP_URL}/auth/google/callback" ``` The redirect URL in Google Cloud Console must exactly match the live value. ### Razorpay ```env RAZORPAY_MODE=test RAZORPAY_KEY= RAZORPAY_SECRET= RAZORPAY_WEBHOOK_SECRET= RAZORPAY_CURRENCY=INR RAZORPAY_UNLOCK_AMOUNT_PAISE=49900 ``` The admin payment settings show the unlock price in currency units. Razorpay still receives paise internally. ### OpenAI ```env OPENAI_API_KEY= OPENAI_RESUME_ANALYSIS_MODEL=gpt-4.1-mini ``` Never expose the API key in frontend code. ### Brevo Email ```env MAIL_MAILER=smtp MAIL_HOST=smtp-relay.brevo.com MAIL_PORT=587 MAIL_USERNAME=your_brevo_smtp_login MAIL_PASSWORD="your_brevo_smtp_key" MAIL_ENCRYPTION=tls BREVO_API_KEY= BREVO_WEBHOOK_SECRET= ``` Use a verified sender domain with SPF, DKIM, and DMARC to reduce spam placement. ## Cron Add both cron entries: ```bash * * * * * cd /path/to/remotematch && php artisan schedule:run >> /dev/null 2>&1 * * * * * cd /path/to/remotematch && php artisan queue:work --stop-when-empty --tries=3 --timeout=180 >> /dev/null 2>&1 ``` ## Production Commands ```bash php artisan optimize:clear php artisan config:cache php artisan route:cache php artisan view:cache php artisan remotematch:health ``` ## Demo Data Demo data is disabled by default. For local review: ```bash php artisan db:seed --class=Database\\Seeders\\DemoDataSeeder ``` Remove demo users, applications, and sample jobs before production use. ## Installation Lock After installation, the script stores: ```text storage/app/remotematch-installed.json ``` It also writes the installed domain hash to `.env`. If the installed copy is moved to a different domain, normal requests are blocked. This is practical copy protection for a self-hosted PHP script. It is not equivalent to a remote license server. A user with full source access can still remove local checks. ## Public Demo Mode For a hosted marketplace demo only: ```env DEMO_MODE=true ``` This blocks admin write actions so visitors cannot modify demo data. Do not enable it on a real buyer installation. ## Troubleshooting - Google login state errors usually mean `APP_URL`, browser URL, and Google redirect URL do not match. - If emails go to spam, verify the sender domain, avoid free-mail sender addresses, and connect Brevo event webhooks. - If jobs are not visible, run `php artisan jobs:sync-sources` and then process the queue. - If uploaded logos do not show, run `php artisan storage:link` or create the public storage link manually on cPanel.