Mempersiapkan System
Terlebih dahulu lakukan install CentOS 6.8 dengan partisi untuk folder “/home” terpisah dengan partisi root-nya yaitu partisi “/“, contoh….
[root@web ~]# df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/vg_web-lv_root
103081248 6835244 91003124 7% /
tmpfs 24713772 0 24713772 0% /dev/shm
/dev/vda1 487652 81002 381050 18% /boot
/dev/mapper/vg_web-lv_home
1464973920 0 1464973920 0% /home
Matikan semua service yang tidak terpakai…
[root@web ~]# service cups stop chkconfig rpcbind offStopping cups: [ OK ] [root@web ~]# service postfix stop Shutting down postfix: [ OK ] [root@web ~]# service ip6tables stop ip6tables: Setting chains to policy ACCEPT: filter [ OK ] ip6tables: Flushing firewall rules: [ OK ] ip6tables: Unloading modules: [ OK ] [root@web ~]# service netfs stop [root@web ~]# service autofs stop Stopping automount: [ OK ] [root@web ~]# service nfslock stop Stopping NFS statd: [ OK ] [root@web ~]# service rpcbind stop Stopping rpcbind: [ OK ] [root@web ~]# chkconfig cups off [root@web ~]# chkconfig postfix off [root@web ~]# chkconfig ip6tables off [root@web ~]# chkconfig netfs off [root@web ~]# chkconfig autofs off [root@web ~]# chkconfig nfslock off [root@web ~]# chkconfig rpcbind off
Matikan SELinux…
[root@web ~]# nano /etc/selinux/config
Rubah enforcing menjadi disabled
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of these two values: # targeted - Targeted processes are protected, # mls - Multi Level Security protection. SELINUXTYPE=targeted
Tunning system….
[root@web ~]# nano /etc/sysctl.conf
pada paling bawah tambahkan…
net.ipv4.tcp_fin_timeout=15 net.ipv4.tcp_tw_reuse=1 net.ipv4.tcp_tw_recycle=1 vm.swappiness=1
Lakukan update system dan restart…
[root@web ~]# yum upgrade -y && reboot
Atur Firewall, Open Port yang diperlukan…
Buka port sebagai berikut…
1. TCP 80 untuk Web
2. TCP 20 dan 21 untuk FTP
3. TCP 22 untuk SSH (sebaiknya dirubah)
4. TCP 3306 untuk database MySQL (bila diperlukan, dianjurkan di tutup saja)
Edit file /etc/sysconfig/iptables dan rubah sebagai berikut…
[root@web ~]# nano /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m multiport -p tcp --dports 20,21,22,80,3306 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
kemudian copy ke /etc/sysconfig/iptables.old…
[root@web ~]# cp -rf /etc/sysconfig/iptables /etc/sysconfig/iptables.old
terakhir restart service daemon iptables-nya
[root@web ~]# service iptables restart
Instalasi Repo dan aplikasi server yang dibutuhkan…
Disini akan mengambil dari Repo REMI untuk PHP 5.6 dan MySQL kemudian untuk Apache 2.4 mengambil dari Repo lain yaitu JKALUZA.
sebelum memasang repository, install epel-release…
[root@web ~]# yum install -y epel-release
install repository…
[root@web ~]# cd /etc/yum.repos.d/ [root@web yum.repos.d]# wget http://repos.fedorapeople.org/repos/jkaluza/httpd24/epel-httpd24.repo [root@web yum.repos.d]# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
mengaktifkan repo REMI, dengan mengedit enabled=0 menjadi enabled=1…
[root@web yum.repos.d]# nano remi.repo
[remi] name=Remi's RPM repository for Enterprise Linux 6 - $basearch #baseurl=http://rpms.remirepo.net/enterprise/6/remi/$basearch/ mirrorlist=http://rpms.remirepo.net/enterprise/6/remi/mirror enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi [remi-php56] name=Remi's PHP 5.6 RPM repository for Enterprise Linux 6 - $basearch #baseurl=http://rpms.remirepo.net/enterprise/6/php56/$basearch/ mirrorlist=http://rpms.remirepo.net/enterprise/6/php56/mirror # NOTICE: common dependencies are in "remi-safe" enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi [remi-php56-debuginfo] name=Remi's PHP 5.6 RPM repository for Enterprise Linux 6 - $basearch - debuginfo baseurl=http://rpms.remirepo.net/enterprise/6/debug-php56/$basearch/ enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi
install aplikasi server…
[root@web yum.repos.d]# yum update -y
[root@web yum.repos.d]# yum install -y httpd24 perl-BSD-Resource httpd24-apr-util-ldap
[root@web yum.repos.d]# yum --enablerepo=remi install -y mysql mysql-server php-fpm libzip-last php-common php-pecl-jsonc php-pecl-zip php-mysqlnd php-pgsql php-mysql php-pecl-mongo php-pdo php-pecl-memcache php-pecl-memcached php-gd php-xml php-mbstring php-mcrypt php-pecl-apcu php-cli php-pear php-devel php-snmp
[root@web yum.repos.d]# yum install -y phpmyadmin vsftpd ftp nmap
Menyesuaikan folder dengan standartnya dari CentOS 6.x
Memindahkan dengan menggunakan link…
[root@web yum.repos.d]# cd / [root@web ~]# rm -rf /opt/rh/httpd24/root/lib64/tls [root@web ~]# ln -s /lib64/tls /opt/rh/httpd24/root/lib64/tls [root@web ~]# cp /etc/httpd/conf.d/* /opt/rh/httpd24/root/etc/httpd/conf.d/ [root@web ~]# rm -rf /etc/httpd [root@web ~]# ln -s /opt/rh/httpd24/root/etc/httpd /etc/httpd [root@web ~]# ln -s /opt/rh/httpd24/root/etc/sysconfig/httpd /etc/sysconfig/httpd [root@web ~]# rm -rf /opt/rh/httpd24/root/etc/pki [root@web ~]# ln -s /etc/pki /opt/rh/httpd24/root/etc/pki [root@web ~]# rm -rf /opt/rh/httpd24/root/lib/modules/ [root@web ~]# ln -s /lib/modules /opt/rh/httpd24/root/lib/modules [root@web ~]# ln -s /opt/rh/httpd24/root/usr/bin/ab /usr/bin/ab [root@web ~]# ln -s /opt/rh/httpd24/root/usr/bin/dbmanage /usr/bin/dbmanage [root@web ~]# ln -s /opt/rh/httpd24/root/usr/bin/htdbm /usr/bin/htdbm [root@web ~]# ln -s /opt/rh/httpd24/root/usr/bin/htdigest /usr/bin/htdigest [root@web ~]# ln -s /opt/rh/httpd24/root/usr/bin/htpasswd /usr/bin/htpasswd [root@web ~]# ln -s /opt/rh/httpd24/root/usr/bin/httxt2dbm /usr/bin/httxt2dbm [root@web ~]# ln -s /opt/rh/httpd24/root/usr/bin/logresolve /usr/bin/logresolve [root@web ~]# ln -s /opt/rh/httpd24/root/usr/lib64/apr-util-1 /usr/lib64/apr-util-1 [root@web ~]# ln -s /opt/rh/httpd24/root/usr/lib64/httpd /usr/lib64/httpd [root@web ~]# ln -s /opt/rh/httpd24/root/usr/lib64/libapr-1-httpd24.so.0.4.8 /usr/lib64/libapr-1-httpd24.so.0.4.8 [root@web ~]# ln -s /opt/rh/httpd24/root/usr/lib64/libapr-1-httpd24.so.0.5.2 /usr/lib64/libapr-1-httpd24.so.0.5.2 [root@web ~]# ln -s /opt/rh/httpd24/root/usr/lib64/libapr-1-httpd24.so.0 /usr/lib64/libapr-1-httpd24.so.0 [root@web ~]# ln -s /opt/rh/httpd24/root/usr/lib64/libaprutil-1-httpd24.so.0 /usr/lib64/libaprutil-1-httpd24.so.0 [root@web ~]# rm -rf /opt/rh/httpd24/root/usr/lib64/pm-utils/module.d [root@web ~]# ln -s //usr/lib64/pm-utils/module.d /opt/rh/httpd24/root/usr/lib64/pm-utils/module.d [root@web ~]# rm -rf /opt/rh/httpd24/root/usr/lib64/pm-utils/power.d/ [root@web ~]# ln -s /usr/lib64/pm-utils/power.d /opt/rh/httpd24/root/usr/lib64/pm-utils/power.d [root@web ~]# rm -rf /opt/rh/httpd24/root/usr/lib64/pm-utils/sleep.d [root@web ~]# ln -s /usr/lib64/pm-utils/sleep.d /opt/rh/httpd24/root/usr/lib64/pm-utils/sleep.d [root@web ~]# rm -rf /opt/rh/httpd24/root/usr/lib64/sse2 [root@web ~]# ln -s /usr/lib64/sse2 /opt/rh/httpd24/root/usr/lib64/sse2 [root@web ~]# rm -rf /opt/rh/httpd24/root/usr/lib64/tls [root@web ~]# ln -s /usr/lib64/tls /opt/rh/httpd24/root/usr/lib64/tls [root@web ~]# rm -rf /opt/rh/httpd24/root/usr/lib64/X11 [root@web ~]# ln -s /usr/lib64/X11 /opt/rh/httpd24/root/usr/lib64/X11 [root@web ~]# ln -s /opt/rh/httpd24/root/usr/sbin/apachectl /usr/sbin/apachectl [root@web ~]# ln -s /opt/rh/httpd24/root/usr/sbin/fcgistarter /usr/sbin/fcgistarter [root@web ~]# ln -s /opt/rh/httpd24/root/usr/sbin/htcacheclean /usr/sbin/htcacheclean [root@web ~]# ln -s /opt/rh/httpd24/root/usr/sbin/httpd /usr/sbin/httpd [root@web ~]# ln -s /opt/rh/httpd24/root/usr/sbin/rotatelogs /usr/sbin/rotatelogs [root@web ~]# ln -s /opt/rh/httpd24/root/usr/sbin/suexec /usr/sbin/suexe [root@web ~]# ln -s /opt/rh/httpd24/root/usr/share/httpd /usr/share/httpd [root@web ~]# ln -s /opt/rh/httpd24/root/usr/share/doc/httpd24-apr-1.4.8 /usr/share/doc/httpd24-apr-1.4.8 [root@web ~]# ln -s /opt/rh/httpd24/root/usr/share/doc/httpd24-apr-util-1.5.2 /usr/share/doc/httpd24-apr-util-1.5.2 [root@web ~]# ln -s /opt/rh/httpd24/root/usr/share/doc/httpd24-httpd-2.4.6 /usr/share/doc/httpd24-httpd-2.4.6 [root@web ~]# ln -s /opt/rh/httpd24/root/usr/share/doc/httpd24-httpd-tools-2.4.6 /usr/share/doc/httpd24-httpd-tools-2.4.6 [root@web ~]# ln -s /opt/rh/httpd24/root/usr/share/man/* /usr/share/man/* [root@web ~]# ln -s /opt/rh/httpd24/root/var/log/httpd /var/log/httpd [root@web ~]# ln -s /opt/rh/httpd24/root/var/run/httpd /var/run/httpd [root@web ~]# ln -s /opt/rh/httpd24/root/var/cache/httpd /var/cache/httpd
Memindahkan root file www ke folder home…
[root@web ~]# mkdir /home/data-www [root@web ~]# mkdir /home/data-www/www [root@web ~]# cp -rf /opt/rh/httpd24/root/var/www/* /home/data-www/www/ [root@web ~]# rm -rf /opt/rh/httpd24/root/var/www [root@web ~]# ln -s /home/data-www/www /opt/rh/httpd24/root/var/www
Memindahkan file execute untuk mengaktifkan service server…
[root@web ~]# ln -s /etc/init.d/httpd24-httpd /etc/init.d/httpd [root@web ~]# ln -s /etc/init.d/php-fpm /etc/init.d/php
Membuat Proxy untuk jalankan PHP
Untuk menjalankan PHP 5.6 kita buatkan Proxy di port localhost 9000 dengan membuat virtual host pada Apache. Buat file config virtual host-nya…
[root@web ~]# nano /etc/httpd/conf.d/php.conf
<Proxy "fcgi://localhost:9000" retry=0 >
ProxySet connectiontimeout=5 timeout=7200
</Proxy>
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
Satisfy All
</IfModule>
</Files>
AddType text/html .php
DirectoryIndex index.php
<IfModule proxy_module>
<FilesMatch "\.php$">
SetHandler "proxy:fcgi://localhost/:9000"
</FilesMatch>
</IfModule>
Memindahkan folder database MySQL
Memindahkan folder database MySQL ke /home bertujuan mempermudahkan untuk maintenance dan back-up secara berkala.
Membuat folder database dan memberikan previlege user dan group mysql…
[root@web ~]# mkdir /home/data-mysql [root@web ~]# chown mysql:mysql -R /home/data-mysql [root@web ~]# rm -rf /var/lib/mysql [root@web ~]# ln -s /home/data-mysql /var/lib/mysql
Rubah config MySQL di file /etc/my.cnf
1. Sebelumnya datadir=/var/lib/mysql rubah menjadi datadir=/home/data-mysql
2. Sebelumnya socket=/var/lib/mysql/mysql.sock menjadi socket=/home/data-mysql/mysql.sock
[root@web ~]# nano /etc/my.cnf
[mysqld] datadir=/home/data-mysql socket=/home/data-mysql/mysql.sock ......
Kemudian jalankan perintah…
[root@web ~]# restorecon -Rv /home/data-mysql
Kembalikan aktifkan service MySQL…
[root@web ~]# service mysqld start
Lakukan tester dengan menyambungkan ke database…
[root@web ~]# mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 2 Server version: 5.5.54 MySQL Community Server (GPL) by Remi Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>
dan lihat isi database-nya, ketik show databases; bila muncul database-nya seperti dibawah ini berarti berhasil memindahkan database.
mysql> show databases; +----------------------+ | Database | +----------------------+ | information_schema | | mysql | | performance_schema | | test | +----------------------+ 4 rows in set (0.00 sec)
Jalankan daemon-nya dan tester
Menjalan daemon aplikasi server dan membuat agar daemon tersebut akan di loading saat pertama kali server booting…
[root@web ~]# chkconfig mysqld on [root@web ~]# chkconfig httpd on [root@web ~]# chkconfig php on [root@web ~]# service httpd start [root@web ~]# service php start
Check port yang jalan…
[root@web ~]# nmap localhost
Starting Nmap 5.51 ( http://nmap.org ) at 2017-01-15 00:20 WIB Nmap scan report for localhost (127.0.0.1) Host is up (0.000019s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 996 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 3306/tcp open mysql 9000/tcp open cslistener Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds
Check versi di CLI…
[root@web ~]# httpd -v Server version: Apache/2.4.6 (Red Hat) Server built: Sep 25 2013 05:25:46 [root@web ~]# php -v PHP 5.6.29 (cli) (built: Dec 8 2016 08:51:50) Copyright (c) 1997-2016 The PHP Group Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
Tester tampilan welcome Apache 2.4, http://ip-server
Tester dengan membuat file di /home/data-www/www/html dengan script php, misal diberi nama phpinfo.php
[root@web ~]# nano /home/data-www/www/html/phpinfo.php
<?php phpinfo(); ?>
dan buka di web browser http://ip-server/phpinfo.php…
Config Tools untuk Upload File Web
Mempermudah upload file Web pada Web Hosting bisa menggunakan FTP Protocol yang bisa diatur secara user dan folder, terlebih dahulu lakukan config pada vsFTP…
edit file /etc/vsftpd/vsftpd.conf…
1. Sebelumnya anonymous_enable=YES rubah menjadi anonymous_enable=NO
2. Pastikan local_enable=YES dan write_enable=YES
3. Hapus tanda comment “#” pada chroot_local_user=YES
Start service daemon-nya dan jadikan autorun saat server booting pertama kali…
[root@web ~]# service vsftpd start [root@web ~]# chkconfig vsftpd on
Check port protocolnya, port FTP sudah ada belum dengan nmap…
[root@web ~]# nmap localhost Starting Nmap 5.51 ( http://nmap.org ) at 2017-01-15 15:34 WIB Nmap scan report for localhost (127.0.0.1) Host is up (0.000018s latency). Other addresses for localhost (not scanned): 127.0.0.1 Not shown: 995 closed ports PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 80/tcp open http 3306/tcp open mysql 9000/tcp open cslistener Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
Config Tools untuk phpMyAdmin agar Mudah Mem-manage Database MySQL
Sebelumnya reset password root pada MySQL, berikut langkah-langkahnya…
Matikan service daemon MySQL
[root@web ~]# service mysqld stop
Menjalankan kembali MySQL namun dengan safe mode dan skip previlege…
[root@web ~]# mysqld_safe --skip-grant-tables &
Connect ke MySQL
[root@web ~]# mysql -uroot
Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 1 Server version: 5.5.54 MySQL Community Server (GPL) by Remi Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>
Barulah jalankan script sebagai berikut dan keluar…
mysql> use mysql;
mysql> update user set password=PASSWORD("mynewpassword") where User='root';
mysql> flush privileges;
mysql> quit
Terakhir restat service daemon MySQL
[root@web ~]# service mysqld restart
Edit file /etc/httpd/conf.d/phpMyAdmin.conf kemudian tambahkan module proxy untuk menjalankan script php dan atur access permit-nya…
[root@web ~]# nano /etc/httpd/conf.d/phpMyAdmin.conf
...... <IfModule proxy_module> ProxyPassMatch ^/phpmyadmin/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/usr/share/phpMyAdmin/$1 ProxyPassMatch ^/phpMyAdmin/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/usr/share/phpMyAdmin/$1 </IfModule> <Directory /usr/share/phpMyAdmin/> ...... <IfModule mod_authz_core.c> # Apache 2.4 Require all granted </IfModule> ......
Terakhir restat service daemon Apache
[root@web ~]# service httpd restart
buka pada web browser…
