Update & Upgrade
sudo apt update && sudo apt upgrade -yInstall Apache
sudo apt install apache2Periksa status service Apache, JIka statusnya (running) itu menandakan Apache berjalan dengan baik
Agar apache auto start pada saat startup ketikkan perintah.
sudo systemctl enable apache2sudo systemctl restart apache2Untuk percobaan apakah Apache berjalan dengan semestinya, buka web browser dan ketikkan IP server
IPADDRESSInstall PHP
sudo apt install phpInstall modul PHP yang dibutuhkan (ini tergantung dengan aplikasi web yang digunakan)
sudo apt install libapache2-mod-php php-common php-bcmath php-mbstring php-mysql php-tokenizer php-zip php-curl php-gd php-mail php-mail-mime php-pear php-db php-xml php-json php-imagick imagemagick php-intl php-gmp php-cli php-ldapInstall MariaDB
sudo apt install mariadb-server mariadb-clientJalankan secure installation
mysql_secure_installationJika muncul pertanyaan
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):Tekan enter
Jika muncul pertanyaan
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] yJawab Y enter, lalu masukkan password root mysql baru
Jika muncul pertanyaan
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] yJawab Y
Jika muncul pertanyaan
Remove anonymous users? [Y/n] yJawab Y
Jika muncul pertanyaan
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] yJawab Y
Jika muncul pertanyaan
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] yJawab Y
Jika muncul pertanyaan
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] yJawab Y
Tes masuk kedalam MariDB
mysql -u root -pLalu masukkan password
Buat VirtualHost
Langkah ini bergantung dengan domain dan root direkori yang akan digunakan.
VirtualHost default Apache
Edit file 000-default.conf
sudo nano /etc/apache2/sites-available/000-default.confTambahkan baris ini dibawah baris DocumentRoot /var/www/html
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
## Mengganti (urutan) default directory index
<IfModule mod_dir.c>
DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
</IfModule>Sehingga menjadi seperti berikut :
<VirtualHost *:80>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noetSesuikan yang ditandai warna orange dengan lokasi direkori tempat kamu menyimpan aplikasi web/source code
Mengaktifkan modul rewrite
sudo a2enmod rewriteRestart Apache
sudo systemctl restart apache2VirtualHost dengan Domain
Membuat direktori untuk menyimpan aplikasi web/source code
sudo mkdir /var/www/namadirektoriMembuat file konfigurasi virtual host
sudo nano /etc/apache2/sites-available/namakonfigurasi.confMasukkan ini kedalamnya
<VirtualHost *:80>
ServerName namamdomain.com
DocumentRoot /var/www/namadirektori
<Directory /var/www/namadirektori>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/namadomain.com_error.log
CustomLog /var/log/apache2/namadomain.com_access.log combined
</VirtualHost>Jika kamu punya certificate dari letsencrypt tambahkan baris berikut
<VirtualHost *:443>
ServerName namamdomain.com
DocumentRoot /var/www/namadirektori
<Directory /var/www/namadirektori>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/namadomain.com_websecure_error.log
CustomLog /var/log/apache2/namadomain.com_websecure_access.log combined
SSLEngine on
SSLCertificateFile /path/to/fullchain.pem
SSLCertificateKeyFile /path/to/privkey.pem
</VirtualHost>Mengaktifkan konfigurasi virtualhost
sudo a2ensite namakonfigurasi.confPastikan didalam direktori /etc/apache2/sites-enabled/ sudah terdapat file konfigurasi namakonfigruasi.conf
Reload Apache
systemctl reload apache2Mengaktifkan modul rewrite (untuk permalink)
a2enmod rewriteJika kamu memakai SSL/https wajib megaktifkan modul ssl.
a2enmod sslRestart Apache
sudo systemctl restart apache2Cek syntax, apakah ada error/kesalahan penulisan
sudo apachectl configtestPastikan output yang keluar: Syntax OK
*Catatan: Jangan lupa untuk ponting/menambahkan A record domain ke IP server
Pasang SSL (Optional)
Install Let’s Encrypt Certbot
apt install python3-certbot-apache -y certbot --apacheLalu pilih situs yang akan dipasang SSL dengan memasukan nomor pilihan. Jika ada 2 situs yang ingin dipasangkan SSL pisahkan dengan <spasi>
contoh:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: namadomain.com
2: blog.namadomain.com
3: www.blog.namadomain.com
4: www.namadomain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1 4Untuk letsencrypt terbaru tidak terdapat List domain dengan pilihan nomor, jadi kita harus mengetikkan domain secara manual, Dan jika ingin menambahkan lebih dari 1 domain maka harus dipisahkan menggunakan spasi. Contoh:
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): farizanwar.my.id www.farizanwar.my.idAtau dengan perintah berikut
certbot --apache -d namadomain.com -d www.namadomain.comJika muncul pertanyaan
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices)
(Enter 'c' to cancel):Masukkan email untuk mendapatkan notifikasi jika masa berlaku sertifikat akan berakhir/kadaluwarsa
Jika muncul pertanyaan
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: YJawab Y
Jika muncul pertanyaan
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: NJawab saja N
Untuk letsencrypt terbaru jika kita menginstal wordpress di default root document/directory apache muncul pertanyaan berikut:
We were unable to find a vhost with a ServerName or Address of www.farizanwar.my.id.
Which virtual host would you like to choose?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: 000-default.conf | | | Enabled
2: 000-default-le-ssl.conf | farizanwar.my.id | HTTPS | Enabled
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2Dan kita pilih pilihan yang terdapat tulisan HTTPS, contoh diatas HTTPS terdapat pada nomor 2 maka kita pilih nomor 2
Test konfigurasi Web Server dan PHP
Buat sebuah file php untuk melihat informasi versi php yang dipakai
nano /var/www/lokasidirektori/info.phpMasukkan ini kedalamnya
<?php phpinfo( ); ?>Lalu akses dengan Web Browser menggunakan IP atau Domain
IPADDRESSatauDOMAIN IPADDRESSatauDOMAIN/info.php
Hasil yang keluar kurang lebih seperti ini:
