wilihandarwo/setupvps

Initial Setup VPS

Langkah 1 - Login sebagai root

ssh root@your_server_ip

Update

sudo apt-get update
sudo apt-get upgrade -y

Langkah 2 - Buat user baru

Kedepannya kita ga akan pernah login lagi sebagai root, tapi dengan user baru ini

adduser fadli

Langkah 3 - Pemberian akses admin / root ke user baru tadi

usermod -aG sudo fadli

Langkah 4 - Setting Firewall

Cek dulu setting yang ada:

ufw app list

ufw allow OpenSSH

ufw enable

ufw status

Langkah 5 - Aktifkan Akses Eksternal untuk Reguler User

A. Jika punya password

ssh fadli@your_server_ip

B. Jika root sudah menggunakan SSH

rsync --archive --chown=fadli:fadli ~/.ssh /home/fadli

C. Jika belum setup SSH

C.1. Generate SSH di lokal

ssh-keygen

Akan ada 2 file yang jadi:

• ~/.ssh/id_rsa: Private key. Jangan share ini.
• ~/.ssh/id_rsa.pub: Public key. Bisa di share.

C.2. Transfer public key dari local

C.2.1. Dengan SSH Copy ID

ssh-copy-id username@remote_host

C.2.2. Dengan Manual

cat ~/.ssh/id_rsa.pub

Copy value nya. Masuk ke server lagi. Buat folder SSH

mkdir -p ~/.ssh

Terus masukkan public key yang dicopy tadi

echo isi_public_key >> ~/.ssh/authorized_keys

C.3. Secure folder SSH (ga usah dulu)

sudo chmod 700 ~/.ssh
sudo chmod 600 ~/.ssh/authorized_keys

C.3. Coba login dengan SSH

ssh fadli@remote_host

Langkah 6 - Non-aktifkan Password

sudo nano /etc/ssh/sshd_config

Cari baris PasswordAuthentication, comment nya dihapus, biar aktif

PasswordAuthentication no

Restart

sudo service ssh restart

atau

sudo systemctl restart ssh

Langkah 8 - Login ke SSH tanpa ngetik IP berulang kali

Di local

nano ~/.ssh/config

Trus buat config nya

Host testhost
    HostName your_domain
    User demo

Langkah 9 - Limit user yang bisa connect ke SSH

sudo nano /etc/ssh/sshd_config

Cari dan edit

AllowUsers user1 user2

Restart

sudo service ssh restart

Langkah 10 - Nonaktifkan login dengan root

sudo nano /etc/ssh/sshd_config

Cari dan edit

PermitRootLogin no

Restart

sudo service ssh restart

Langkah 11 - Jaga koneksi terus hidup

nano ~/.ssh/config

cari dan edit

Host *
    ServerAliveInterval 120

Install Nginx Ubuntu 22.04

Langkah 1 - Install Nginx

sudo apt update
sudo apt install nginx

Enable Nginx

sudo systemctl start nginx
sudo systemctl enable nginx

Langkah 2 - Atur ulang firewall

sudo ufw app list

sudo ufw allow 'Nginx HTTP'

verifiy

sudo ufw status

Langkah 3 - Cek web server

systemctl status nginx

Buka ip address nya, kalau ga tau silahkan ketik di server:

curl -4 icanhazip.com

Langkah 4 - Command untuk Nginx

Stop web server:

sudo systemctl stop nginx

Start web server:

sudo systemctl start nginx

Stop and start web server:

sudo systemctl restart nginx

Configuration changes and reload web server:

sudo systemctl reload nginx

Disable startu automaticaly the server:

sudo systemctl disable nginx

Start at boot server:

sudo systemctl enable nginx

Langkah 5 - Install PHP

sudo apt install php8.1-fpm php8.1-sqlite3

verify

php -v

Cek Sqlite

sqlite3 --version

Langkah 5 - Setup server block

Multiple domain di /var/www/

Buat directory

sudo mkdir -p /var/www/your_domain

Kasih ownership access ke $USER environtment variable

sudo chown -R $USER:$USER /var/www/your_domain

permission

sudo chmod -R 755 /var/www/your_domain

setup configuration block

sudo nano /etc/nginx/sites-available/your_domain

configuration

server {
    listen 80;
    server_name your_domain www.your_domain;
    root /var/www/your_domain;

    index index.html index.htm index.php;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
     }

    location ~ /\.ht {
        deny all;
    }

}

site enable

sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled/

unlink

sudo unlink /etc/nginx/sites-enabled/default

prevent memory bucket problem

sudo nano /etc/nginx/nginx.conf

cari server_names_hash_bucket_size, uncomment

...
http {
    ...
    server_names_hash_bucket_size 64;
    ...
}
...

Cek syntax error di config nginx

sudo nginx -t

kalau aman restart

sudo systemctl restart nginx

Securing Nginx

Langkah 1 - Install Certbot

sudo snap install core; sudo snap refresh core

old

sudo apt remove certbot
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

link certbot command

sudo ln -s /snap/bin/certbot /usr/bin/certbot

Langkah 2 - Setting Firewall

Cek firewall

sudo ufw status

Tambah

sudo ufw allow 'Nginx Full'
sudo ufw delete allow 'Nginx HTTP'

Cek statusnya

sudo ufw status

Langkah 3 - Keluarin Sertifikat SSL

sudo certbot --nginx -d example.com -d www.example.com

Langkah 4 - Verifikasi

sudo systemctl status snap.certbot.renew.service

dryrun

sudo certbot renew --dry-run

Add New Website

Persiapan di Server

Buat folder di /var/www/

sudo mkdir -p /var/www/your_domain

Kasih ownership access ke $USER environtment variable

sudo chown -R $USER:$USER /var/www/your_domain

permission

sudo chmod -R 755 /var/www/your_domain

setup configuration block

sudo nano /etc/nginx/sites-available/your_domain

configuration

server {
    listen 80;
    server_name your_domain www.your_domain;
    root /var/www/your_domain;

    index index.html index.htm index.php;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
     }

    location ~ /\.ht {
        deny all;
    }

}

site enable

sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled/

Cek syntax error di config nginx

sudo nginx -t

kalau aman restart

sudo systemctl restart nginx

Arahkan domain ke IP

Install Certbot

sudo certbot --nginx -d example.com -d www.example.com

sudo systemctl status snap.certbot.renew.service

dryrun

sudo certbot renew --dry-run

Auto Git Pull using GitHub Webhook

Cek Git version

git --version

Set Name on Git

git config --global user.name "Fadli Wilihandarwo"

git config --global user.email "fadli@wilihandarwo.com"

git config --global init.defaultBranch main

SSH Key to Github

ssh-keygen -t ed25519 -C "your_email@example.com"

eval "$(ssh-agent -s)"

ssh-add ~/.ssh/id_ed25519

cat ~/.ssh/id_ed25519.pub

Add key to SSH Key on Github

CLone Git

Go to the directory, and don't forget add dot . at the end to copy to current folder

git clone https://github.com/username/repo.git .

Create PHP Webhook File

Copy deployer.php

nano deployer.php

create per site setting php

nano contohwebsite.php

create log file

nano contohwebsite.log

Set folder permission

sudo chown -R www-data:www-data /var/www/contohwebsite.com
sudo chmod -R 750 /var/www/contohwebsite.com

sudo chown -R www-data:www-data /var/www/setupvps.com/deploy/contohwebsite.php
sudo chown -R www-data:www-data /var/www/setupvps.com/deploy/contohwebsite.log
sudo chown -R www-data:www-data /var/www/setupvps.com/deploy/deployer.php

sudo chmod -R 750 /var/www/setupvps.com/deploy/contohwebsite.php
sudo chmod -R 750 /var/www/setupvps.com/deploy/contohwebsite.log
sudo chmod -R 750 /var/www/setupvps.com/deploy/deployer.php

Set SSH www-data ke Github

sudo mkdir .ssh
sudo chown -R www-data:www-data .ssh
sudo -u www-data -s /bin/bash
ssh-keygen -t ed25519 -C "fadli@wilihandarwo.com"
cat /var/www/.ssh/id_ed25519.pub
copy ke github ssh key setting

cd /var/www/contohwebsite.com/
git status
git pull

👇👇👇👇👇👇👇👇👇👇👇👇👇👇👇👇👇

New Website Include Auto Git Pull

Buat folder di /var/www/

sudo mkdir -p /var/www/your_domain

Kasih ownership access ke $USER environtment variable

sudo chown -R $USER:$USER /var/www/your_domain

permission

sudo chmod -R 750 /var/www/your_domain

setup configuration block

sudo nano /etc/nginx/sites-available/your_domain

configuration

server {
    listen 80;
    server_name your_domain www.your_domain;
    root /var/www/your_domain;

    index index.html index.htm index.php;

    location / {
        try_files $uri $uri/ /index.php
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;
     }

    location ~ /\.ht {
        deny all;
    }

}

site enable

sudo ln -s /etc/nginx/sites-available/your_domain /etc/nginx/sites-enabled/

Cek syntax error di config nginx

sudo nginx -t

kalau aman restart

sudo systemctl restart nginx

Arahkan domain ke IP

Install Certbot

sudo certbot --nginx -d example.com -d www.example.com

sudo systemctl status snap.certbot.renew.service

dryrun

sudo certbot renew --dry-run

CLone Git

Go to the directory, and don't forget add dot . at the end to copy to current folder

git clone git@github.com:wilihandarwo/solofounder.id.git .
git status
git add .
git commit -m "test"
git pull
git config pull.rebase false
git push

Create PHP Webhook File

go to folder /var/www/setupvps.com/deploy/ create per site setting php

nano contohwebsite.php

create log file

nano contohwebsite.log

Set folder permission

sudo chown -R www-data:www-data /var/www/contohwebsite.com
sudo chmod -R 750 /var/www/contohwebsite.com

sudo chown -R www-data:www-data /var/www/setupvps.com/deploy/contohwebsite.php
sudo chown -R www-data:www-data /var/www/setupvps.com/deploy/contohwebsite.log


sudo chmod -R 750 /var/www/setupvps.com/deploy/contohwebsite.php
sudo chmod -R 750 /var/www/setupvps.com/deploy/contohwebsite.log

Set SSH www-data ke Github ??? Kayaknya ga perlu lagi

sudo -u www-data -s /bin/bash

cd /var/www/contohwebsite.com/
git status
git pull

Set Webhook on GitHub

Payload url: https://setupvps.com/deploy/iklanabadi.php Content Type: application/json Secret: