Membangun LAMP Stack (Apache, MariaDB, PHP)

Update & Upgrade

sudo apt update && sudo apt upgrade -y

Install Apache

sudo apt install apache2

Periksa status service Apache, JIka statusnya (running) itu menandakan Apache berjalan dengan baik

Agar apache auto start pada saat startup ketikkan perintah.

sudo systemctl enable apache2
sudo systemctl restart apache2

Untuk percobaan apakah Apache berjalan dengan semestinya, buka web browser dan ketikkan IP server

IPADDRESS

Install PHP

sudo apt install php

Install modul PHP yang dibutuhkan (ini tergantung dengan aplikasi web yang digunakan)

sudo apt install libapache2-mod-php php-common php-bcmath php-mbstring php-mysql php-tokenizer php-zip php-curl php-gd php-mail php-mail-mime php-pear php-db php-xml php-json php-imagick imagemagick php-intl php-gmp php-cli php-ldap

Install MariaDB

sudo apt install mariadb-server mariadb-client

Jalankan secure installation

mysql_secure_installation

Jika muncul pertanyaan

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):

Tekan enter

Jika muncul pertanyaan

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y

Jawab Y enter, lalu masukkan password root mysql baru

Jika muncul pertanyaan

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y

Jawab Y

Jika muncul pertanyaan

Remove anonymous users? [Y/n] y

Jawab Y

Jika muncul pertanyaan

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y

Jawab Y

Jika muncul pertanyaan

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y

Jawab Y

Jika muncul pertanyaan

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y

Jawab Y

Tes masuk kedalam MariDB

mysql -u root -p

Lalu masukkan password

Buat VirtualHost

Langkah ini bergantung dengan domain dan root direkori yang akan digunakan.

VirtualHost default Apache

Edit file 000-default.conf

sudo nano /etc/apache2/sites-available/000-default.conf

Tambahkan baris ini dibawah baris DocumentRoot /var/www/html

<Directory /var/www/html>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Require all granted
    </Directory>

## Mengganti (urutan) default directory index
<IfModule mod_dir.c>
        DirectoryIndex index.php  index.html index.cgi index.pl index.xhtml index.htm
</IfModule>

Sehingga menjadi seperti berikut :

<VirtualHost *:80>
        # The ServerName directive sets the request scheme, hostname and port that
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        <Directory /var/www/html>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Require all granted
    </Directory>

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Sesuikan yang ditandai warna orange dengan lokasi direkori tempat kamu menyimpan aplikasi web/source code

Mengaktifkan modul rewrite

sudo a2enmod rewrite

Restart Apache

sudo systemctl restart apache2

VirtualHost dengan Domain

Membuat direktori untuk menyimpan aplikasi web/source code

sudo mkdir /var/www/namadirektori

Membuat file konfigurasi virtual host

sudo nano /etc/apache2/sites-available/namakonfigurasi.conf

Masukkan ini kedalamnya

<VirtualHost *:80>
    ServerName namamdomain.com    
    DocumentRoot /var/www/namadirektori

    <Directory /var/www/namadirektori>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Require all granted
    </Directory>
    
    ErrorLog /var/log/apache2/namadomain.com_error.log
    CustomLog /var/log/apache2/namadomain.com_access.log combined
</VirtualHost>

Jika kamu punya certificate dari letsencrypt tambahkan baris berikut

<VirtualHost *:443>
    ServerName namamdomain.com    
    DocumentRoot /var/www/namadirektori

    <Directory /var/www/namadirektori>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Require all granted
    </Directory>
    
    ErrorLog /var/log/apache2/namadomain.com_websecure_error.log
    CustomLog /var/log/apache2/namadomain.com_websecure_access.log combined
        SSLEngine on
        SSLCertificateFile /path/to/fullchain.pem

        SSLCertificateKeyFile /path/to/privkey.pem
</VirtualHost>

Mengaktifkan konfigurasi virtualhost

sudo a2ensite namakonfigurasi.conf

Pastikan didalam direktori /etc/apache2/sites-enabled/ sudah terdapat file konfigurasi namakonfigruasi.conf

Reload Apache

systemctl reload apache2

Mengaktifkan modul rewrite (untuk permalink)

a2enmod rewrite

Jika kamu memakai SSL/https wajib megaktifkan modul ssl.

a2enmod ssl

Restart Apache

sudo systemctl restart apache2

Cek syntax, apakah ada error/kesalahan penulisan

sudo apachectl configtest

Pastikan output yang keluar: Syntax OK

*Catatan: Jangan lupa untuk ponting/menambahkan A record domain ke IP server

Pasang SSL (Optional)

Install Let’s Encrypt Certbot

apt install python3-certbot-apache -y	
certbot --apache

Lalu pilih situs yang akan dipasang SSL dengan memasukan nomor pilihan. Jika ada 2 situs yang ingin dipasangkan SSL pisahkan dengan <spasi>

contoh:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: namadomain.com
2: blog.namadomain.com
3: www.blog.namadomain.com
4: www.namadomain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1 4

Untuk letsencrypt terbaru tidak terdapat List domain dengan pilihan nomor, jadi kita harus mengetikkan domain secara manual, Dan jika ingin menambahkan lebih dari 1 domain maka harus dipisahkan menggunakan spasi. Contoh:

Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): farizanwar.my.id www.farizanwar.my.id

Atau dengan perintah berikut

certbot --apache -d namadomain.com -d www.namadomain.com

Jika muncul pertanyaan

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel):

Masukkan email untuk mendapatkan notifikasi jika masa berlaku sertifikat akan berakhir/kadaluwarsa

Jika muncul pertanyaan

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Jawab Y

Jika muncul pertanyaan

Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N

Jawab saja N

Untuk letsencrypt terbaru jika kita menginstal wordpress di default root document/directory apache muncul pertanyaan berikut:

We were unable to find a vhost with a ServerName or Address of www.farizanwar.my.id.
Which virtual host would you like to choose?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: 000-default.conf               |                       |       | Enabled
2: 000-default-le-ssl.conf        | farizanwar.my.id      | HTTPS | Enabled
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Dan kita pilih pilihan yang terdapat tulisan HTTPS, contoh diatas HTTPS terdapat pada nomor 2 maka kita pilih nomor 2

Test konfigurasi Web Server dan PHP

Buat sebuah file php untuk melihat informasi versi php yang dipakai

nano /var/www/lokasidirektori/info.php

Masukkan ini kedalamnya

<?php phpinfo( ); ?>

Lalu akses dengan Web Browser menggunakan IP atau Domain

IPADDRESSatauDOMAIN
IPADDRESSatauDOMAIN/info.php

Hasil yang keluar kurang lebih seperti ini: