API tools faq
paste
Advertisement
teknisiazza

Buat Server Nginx Support SSL di Ubuntu 18.40 Support Codeigniter 3 dan Support php7.2

teknisiazza
Jun 14th, 2021 (edited)
714
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 9.35 KB | None | 0 0
raw download clone embed print report
  1. OS UBUNTU SERVER 18.04 MINIMAL
  2.  
  3. ***********************************
  4. Hardware    : VPS 1GB RAM 1 vCore 20GB Disk
  5. OS          : Ubuntu 18.04 LTS Minimal
  6. ***********************************
  7. Ini hanya sebatas pengingat Saya untuk membuat Server CBT pribadi di Instansi
  8. Kurang lebih beberapa konfigurasi nya ada dibawah:
  9. Server Ini Support:
  10. -PHP 7.2 yang dicocokkan untuk script framework Codeigniter 3
  11. -NGINX
  12. -PhpMyadmin
  13. -MariaDB
  14. -UFW (Firewall)
  15. -FTP
  16. -SSL
  17. ***********************************
  18.  
  19. sudo apt-get update && apt-get upgrade
  20. sudo apt-get install nginx
  21. sudo apt-get install ufw
  22. sudo ufw allow http
  23. sudo ufw allow https
  24. sudo systemctl restart nginx
  25. sudo systemctl status nginx
  26.  
  27. sudo apt install mariadb-server
  28. sudo mysql_secure_installation
  29. #SKIP aja, NO
  30.  
  31. sudo mariadb
  32.  
  33. GRANT ALL ON *.* TO 'admin'@'localhost' IDENTIFIED BY 'admin1234' WITH GRANT OPTION;
  34. FLUSH PRIVILEGES;
  35. exit;
  36.  
  37. mariadb -u admin -p
  38.  
  39.  
  40.  
  41. sudo nano /etc/nginx/sites-available/default
  42.  
  43. server {
  44.         listen 80;
  45.         listen [::]:80;
  46.         root /var/www/html;
  47.  
  48.         #menambah index.php
  49.         index index.php index.html index.htm index.nginx-debian.html;
  50.  
  51.         server_name cbt.smkn1candipuro.sch.id;
  52.  
  53.         location / {
  54.                 #agar semua request diarahkan ke index.php
  55.                 try_files $uri $uri/ /index.php?$args;
  56.         }
  57.  
  58.         location ~ \.php$ {
  59.                 include snippets/fastcgi-php.conf;
  60.                 fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
  61.         }
  62.  
  63. }
  64.  
  65. sudo systemctl restart nginx.service
  66.  
  67. sudo apt-get install php-fpm php-mysql php-cgi php-common php-pear php-mbstring
  68. sudo apt-get install phpmyadmin php-gettext
  69. sudo ln -s /usr/share/phpmyadmin /var/www/html
  70.  
  71. nano /var/www/html/info.php
  72. <?php
  73. phpinfo();
  74. ?>
  75.  
  76. #Ujicoba situs
  77. http://ipserver/info.php
  78. http://ipserver/phpmyadmin
  79.  
  80. =========================================================================
  81. JIKA TERJADI ERROR PADA PHPMYADMIN SAAT DIAKSES
  82. =========================================================================
  83.  
  84. phpmyadmin warning libraries/sql.lib.php#613
  85.  
  86. sudo cp /usr/share/phpmyadmin/libraries/sql.lib.php /usr/share/phpmyadmin/libraries/sql.lib.php.bak
  87. sudo nano /usr/share/phpmyadmin/libraries/sql.lib.php
  88.  
  89. Press CTRL + W and search for (count($analyzed_sql_results['select_expr'] == 1)
  90.  
  91. Replace it with ((count($analyzed_sql_results['select_expr']) == 1)
  92.  
  93. Save file and exit. (Press CTRL + X, press Y and then press ENTER)
  94.  
  95.  
  96.  
  97. function PMA_isRememberSortingOrder($analyzed_sql_results)
  98. {
  99.     return $GLOBALS['cfg']['RememberSorting']
  100.         && ! ($analyzed_sql_results['is_count']
  101.             || $analyzed_sql_results['is_export']
  102.             || $analyzed_sql_results['is_func']
  103.             || $analyzed_sql_results['is_analyse'])
  104.         && $analyzed_sql_results['select_from']
  105.         && ((empty($analyzed_sql_results['select_expr'])) ||
  106.         (count($analyzed_sql_results['select_expr']) == 1)
  107.                     && ($analyzed_sql_results['select_expr'][0] == '*'))
  108.         && count($analyzed_sql_results['select_tables']) == 1;
  109. }
  110.  
  111.  
  112. Warning in ./libraries/plugin_interface.lib.php#551
  113.  
  114. sudo cp /usr/share/phpmyadmin/libraries/plugin_interface.lib.php /usr/share/phpmyadmin/libraries/plugin_interface.lib.php.bak
  115. sudo nano /usr/share/phpmyadmin/libraries/plugin_interface.lib.php
  116.  
  117. Press CTRL + W and search for if (! is_null($options) && count($options) > 0) {
  118.  
  119. If not found, try search for if ($options != null && count($options) > 0)
  120.  
  121. Replace with if (! is_null($options) && count((array)$options) > 0) {
  122.  
  123.  
  124.  
  125.  
  126.  
  127.  
  128. =========================================================================
  129. MEMAKSIMALKAN RESOURCE PHP UNTUK php cli/fpm dan nginx
  130. =========================================================================
  131.  
  132. nano /etc/php/7.2/cli/php.ini
  133. nano /etc/php/7.2/fpm/php.ini
  134.  
  135. upload_max_filesize = 320M
  136. post_max_size = 480M
  137. memory_limit = 1024M
  138. max_execution_time = 6000
  139. max_input_time = 10000
  140. max_input_vars = 30000
  141.  
  142. php-fpm7.2 -t
  143. service php7.2-fpm restart
  144.  
  145. =========================================================================
  146. JIKA MUNCUL PESAN ERROR SAAT UPLOAD FILE BESAR
  147.  
  148. Error: 413 “Request Entity Too Large” in Nginx with “client_max_body_size”
  149.  
  150. sudo nano /etc/nginx/nginx.conf
  151. #tambahkan pada akhir http:
  152. client_max_body_size 100M;
  153.  
  154. sudo service nginx restart
  155.  
  156. =========================================================================
  157. INSTALASI FTP UNTUK KEPERLUAN UPLOAD FILE KE SERVER
  158. =========================================================================
  159.  
  160. sudo apt install curl
  161. sudo apt install vsftpd -y
  162.  
  163. sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.bak
  164. sudo nano /etc/vsftpd.conf
  165. write_enable=YES
  166. sudo systemctl restart vsftpd
  167.  
  168. sudo apt install zip
  169.  
  170. =========================================================================
  171. UJICOBA SAYA
  172. =========================================================================
  173. dump database cbt.sql dengan http://ipserver/phpmyadmin
  174. upload zip cbt.zip dengan FTP Client (WinSCP)
  175.  
  176. =========================================================================
  177. BERI AKSES
  178. =========================================================================
  179.  
  180. chown -R www-data:www-data /var/www/html
  181. chmod 755 /var/www/html
  182.  
  183. =========================================================================
  184. jika ada pesan Failed to upload image: HTTP Error: 403
  185. ini karena alamat situs pada controller codeigniter admin/soal/uploadfile belum ditambahkan
  186.  
  187.  
  188.  
  189. =========================================================================
  190. ADA 3 OPSI SSL YANG AKAN KITA BUAT DAN PILIH SESUAI KEINGINAN
  191. -selfsigned (buat sendiri)
  192. -sslforfree.com (daftar disitusnya pasang manual certnya)
  193. -letsencrypt.org (dengan certbotnya)
  194. =========================================================================
  195.  
  196.  
  197.  
  198.  
  199.  
  200.  
  201. =========================================================================
  202. selfsigned
  203. =========================================================================
  204.  
  205. sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
  206.  
  207. sudo nano /etc/nginx/snippets/self-signed.conf
  208.  
  209. ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
  210. ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;
  211.  
  212. sudo nano /etc/nginx/snippets/ssl-params.conf
  213.  
  214. ssl_protocols TLSv1.2;
  215. ssl_prefer_server_ciphers on;
  216. ssl_dhparam /etc/ssl/certs/dhparam.pem;
  217. ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
  218. ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
  219. ssl_session_timeout  10m;
  220. ssl_session_cache shared:SSL:10m;
  221. ssl_session_tickets off; # Requires nginx >= 1.5.9
  222. # ssl_stapling on; # Requires nginx >= 1.3.7
  223. # ssl_stapling_verify on; # Requires nginx => 1.3.7
  224. resolver 8.8.8.8 8.8.4.4 valid=300s;
  225. resolver_timeout 5s;
  226. add_header X-Frame-Options DENY;
  227. add_header X-Content-Type-Options nosniff;
  228. add_header X-XSS-Protection "1; mode=block";
  229.  
  230. sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
  231. sudo nano /etc/nginx/sites-available/default
  232.  
  233. server {
  234.     listen 80;
  235.     listen [::]:80
  236.  
  237.     listen 443 ssl;
  238.         listen [::]:443 ssl;
  239.         include snippets/self-signed.conf;
  240.         include snippets/ssl-params.conf;
  241.  
  242.         root /var/www/html;
  243.  
  244.         index index.php index.html index.htm index.nginx-debian.html;
  245.  
  246.         server_name cbt.smkn1candipuro.sch.id;
  247. }
  248.  
  249. sudo systemctl restart nginx
  250.  
  251.  
  252. =========================================================================
  253. /etc/hosts
  254. 141.136.47.220 cbt.smkn1candipuro.sch.id server.cbt.smkn1candipuro.sch.id
  255.  
  256. sudo cp default subdomain
  257.  
  258. server {
  259.         listen 80;
  260.         listen [::]:80;
  261.         listen 443 ssl;
  262.         listen [::]:443 ssl;
  263.  
  264.         include snippets/self-signed.conf;
  265.         include snippets/ssl-params.conf;
  266.  
  267.         root /var/www/html/server;
  268.  
  269.         index index.php index.html index.htm index.nginx-debian.html;
  270.  
  271.         server_name server.cbt.smkn1candipuro.sch.id;
  272.  
  273.         location / {
  274.                 try_files $uri $uri/ /index.php?$args;
  275.         }
  276.  
  277.  
  278.  
  279.     location ~ \.php$ {
  280.                 include snippets/fastcgi-php.conf;
  281.                 fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
  282.         }
  283.  
  284. }
  285.  
  286.  
  287. sudo nginx -t
  288. sudo systemctl restart nginx
  289.  
  290. #TEST https://namaserver
  291.  
  292.  
  293. =========================================================================
  294. sslforfree.com
  295. =========================================================================
  296. https://sslforfree.com
  297.  
  298. Download your certificate and upload zip
  299.  
  300. cd /etc/ssl
  301. cat certificate.crt ca_bundle.crt >> certificate.crt
  302.  
  303. sudo nano /etc/nginx/default
  304.  
  305.  
  306. server {
  307.     listen               443 ssl;
  308.    
  309.     ssl                  on;
  310.     ssl_certificate      /etc/ssl/certificate.crt;
  311.     ssl_certificate_key  /etc/ssl/private.key;
  312.  
  313. }
  314.  
  315. sudo /etc/init.d/nginx restart
  316.  
  317. UNTUK subdomain, kamu daftar ssl lagi kesitusnya
  318.  
  319.  
  320.  
  321.  
  322. =========================================================================
  323. letsencrypt.org
  324. =========================================================================
  325. sudo apt update
  326. sudo apt install software-properties-common
  327. sudo add-apt-repository ppa:certbot/certbot
  328. sudo apt install python-certbot-nginx
  329. sudo certbot --nginx -d namaserver.com -d www.namaserver.com
  330.  
  331. #TEST https://namaserver
  332.  
  333.  
  334. Verifying Certbot Auto-Renewal
  335. sudo certbot renew --dry-run
  336.  
  337.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!