Web Hosting Apache2.4 + PHP5.6 + MySQL + FTP + phpMyAdmin dengan CentOS 6.8

Mempersiapkan System

Terlebih dahulu lakukan install CentOS 6.8 dengan partisi untuk folder “/home” terpisah dengan partisi root-nya yaitu partisi “/“, contoh….

[root@web ~]# df
Filesystem            1K-blocks       Used    Available   Use%   Mounted on
/dev/mapper/vg_web-lv_root
                      103081248     6835244     91003124     7%   /
tmpfs                  24713772           0     24713772     0%   /dev/shm
/dev/vda1                487652       81002       381050    18%   /boot
/dev/mapper/vg_web-lv_home
                     1464973920           0   1464973920     0%   /home

Matikan semua service yang tidak terpakai…

[root@web ~]# service cups stop
chkconfig rpcbind offStopping cups:                        [  OK  ]
[root@web ~]# service postfix stop
Shutting down postfix:                                     [  OK  ]
[root@web ~]# service ip6tables stop
ip6tables: Setting chains to policy ACCEPT: filter         [  OK  ]
ip6tables: Flushing firewall rules:                        [  OK  ]
ip6tables: Unloading modules:                              [  OK  ]
[root@web ~]# service netfs stop
[root@web ~]# service autofs stop
Stopping automount:                                        [  OK  ]
[root@web ~]# service nfslock stop
Stopping NFS statd:                                        [  OK  ]
[root@web ~]# service rpcbind stop
Stopping rpcbind:                                          [  OK  ]
[root@web ~]# chkconfig cups off
[root@web ~]# chkconfig postfix off
[root@web ~]# chkconfig ip6tables off
[root@web ~]# chkconfig netfs off
[root@web ~]# chkconfig autofs off
[root@web ~]# chkconfig nfslock off
[root@web ~]# chkconfig rpcbind off

Matikan SELinux…

[root@web ~]# nano /etc/selinux/config

Rubah enforcing menjadi disabled

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Tunning system….

[root@web ~]# nano /etc/sysctl.conf

pada paling bawah tambahkan…

net.ipv4.tcp_fin_timeout=15
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_tw_recycle=1
vm.swappiness=1

Lakukan update system dan restart…

[root@web ~]# yum upgrade -y && reboot

 

Atur Firewall, Open Port yang diperlukan…

Buka port sebagai berikut…
1. TCP 80 untuk Web
2. TCP 20 dan 21 untuk FTP
3. TCP 22 untuk SSH (sebaiknya dirubah)
4. TCP 3306 untuk database MySQL (bila diperlukan, dianjurkan di tutup saja)

Edit file /etc/sysconfig/iptables dan rubah sebagai berikut…

[root@web ~]# nano /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m multiport -p tcp --dports 20,21,22,80,3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

kemudian copy ke /etc/sysconfig/iptables.old

[root@web ~]# cp -rf /etc/sysconfig/iptables /etc/sysconfig/iptables.old

terakhir restart service daemon iptables-nya

[root@web ~]# service iptables restart

 

 

Instalasi Repo dan aplikasi server yang dibutuhkan…

Disini akan mengambil dari Repo REMI untuk PHP 5.6 dan MySQL kemudian untuk Apache 2.4 mengambil dari Repo lain yaitu JKALUZA.

sebelum memasang repository, install epel-release…

[root@web ~]# yum install -y epel-release

install repository…

[root@web ~]# cd /etc/yum.repos.d/
[root@web yum.repos.d]# wget http://repos.fedorapeople.org/repos/jkaluza/httpd24/epel-httpd24.repo
[root@web yum.repos.d]# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

mengaktifkan repo REMI, dengan mengedit enabled=0 menjadi enabled=1

[root@web yum.repos.d]# nano remi.repo
[remi]
name=Remi's RPM repository for Enterprise Linux 6 - $basearch
#baseurl=http://rpms.remirepo.net/enterprise/6/remi/$basearch/
mirrorlist=http://rpms.remirepo.net/enterprise/6/remi/mirror
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

[remi-php56]
name=Remi's PHP 5.6 RPM repository for Enterprise Linux 6 - $basearch
#baseurl=http://rpms.remirepo.net/enterprise/6/php56/$basearch/
mirrorlist=http://rpms.remirepo.net/enterprise/6/php56/mirror
# NOTICE: common dependencies are in "remi-safe"
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

[remi-php56-debuginfo]
name=Remi's PHP 5.6 RPM repository for Enterprise Linux 6 - $basearch - debuginfo
baseurl=http://rpms.remirepo.net/enterprise/6/debug-php56/$basearch/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

install aplikasi server…

[root@web yum.repos.d]# yum update -y
[root@web yum.repos.d]# yum install -y httpd24 perl-BSD-Resource httpd24-apr-util-ldap
[root@web yum.repos.d]# yum --enablerepo=remi install -y mysql mysql-server php-fpm libzip-last php-common php-pecl-jsonc php-pecl-zip php-mysqlnd php-pgsql php-mysql php-pecl-mongo php-pdo php-pecl-memcache php-pecl-memcached php-gd php-xml php-mbstring php-mcrypt php-pecl-apcu php-cli php-pear php-devel php-snmp
[root@web yum.repos.d]# yum install -y phpmyadmin vsftpd ftp nmap

 

 

Menyesuaikan folder dengan standartnya dari CentOS 6.x

Memindahkan dengan menggunakan link…

[root@web yum.repos.d]# cd /
[root@web ~]# rm -rf /opt/rh/httpd24/root/lib64/tls
[root@web ~]# ln -s /lib64/tls /opt/rh/httpd24/root/lib64/tls
[root@web ~]# cp /etc/httpd/conf.d/* /opt/rh/httpd24/root/etc/httpd/conf.d/
[root@web ~]# rm -rf /etc/httpd
[root@web ~]# ln -s /opt/rh/httpd24/root/etc/httpd /etc/httpd
[root@web ~]# ln -s /opt/rh/httpd24/root/etc/sysconfig/httpd /etc/sysconfig/httpd
[root@web ~]# rm -rf /opt/rh/httpd24/root/etc/pki
[root@web ~]# ln -s /etc/pki /opt/rh/httpd24/root/etc/pki
[root@web ~]# rm -rf /opt/rh/httpd24/root/lib/modules/
[root@web ~]# ln -s /lib/modules /opt/rh/httpd24/root/lib/modules
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/bin/ab /usr/bin/ab
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/bin/dbmanage /usr/bin/dbmanage
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/bin/htdbm /usr/bin/htdbm
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/bin/htdigest /usr/bin/htdigest
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/bin/htpasswd /usr/bin/htpasswd
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/bin/httxt2dbm /usr/bin/httxt2dbm
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/bin/logresolve /usr/bin/logresolve
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/lib64/apr-util-1 /usr/lib64/apr-util-1
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/lib64/httpd /usr/lib64/httpd
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/lib64/libapr-1-httpd24.so.0.4.8 /usr/lib64/libapr-1-httpd24.so.0.4.8
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/lib64/libapr-1-httpd24.so.0.5.2 /usr/lib64/libapr-1-httpd24.so.0.5.2
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/lib64/libapr-1-httpd24.so.0 /usr/lib64/libapr-1-httpd24.so.0
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/lib64/libaprutil-1-httpd24.so.0 /usr/lib64/libaprutil-1-httpd24.so.0
[root@web ~]# rm -rf /opt/rh/httpd24/root/usr/lib64/pm-utils/module.d
[root@web ~]# ln -s //usr/lib64/pm-utils/module.d /opt/rh/httpd24/root/usr/lib64/pm-utils/module.d
[root@web ~]# rm -rf /opt/rh/httpd24/root/usr/lib64/pm-utils/power.d/
[root@web ~]# ln -s /usr/lib64/pm-utils/power.d /opt/rh/httpd24/root/usr/lib64/pm-utils/power.d
[root@web ~]# rm -rf /opt/rh/httpd24/root/usr/lib64/pm-utils/sleep.d
[root@web ~]# ln -s /usr/lib64/pm-utils/sleep.d /opt/rh/httpd24/root/usr/lib64/pm-utils/sleep.d
[root@web ~]# rm -rf /opt/rh/httpd24/root/usr/lib64/sse2
[root@web ~]# ln -s /usr/lib64/sse2 /opt/rh/httpd24/root/usr/lib64/sse2
[root@web ~]# rm -rf /opt/rh/httpd24/root/usr/lib64/tls
[root@web ~]# ln -s /usr/lib64/tls /opt/rh/httpd24/root/usr/lib64/tls
[root@web ~]# rm -rf /opt/rh/httpd24/root/usr/lib64/X11
[root@web ~]# ln -s /usr/lib64/X11 /opt/rh/httpd24/root/usr/lib64/X11
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/sbin/apachectl /usr/sbin/apachectl
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/sbin/fcgistarter /usr/sbin/fcgistarter
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/sbin/htcacheclean /usr/sbin/htcacheclean
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/sbin/httpd /usr/sbin/httpd
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/sbin/rotatelogs /usr/sbin/rotatelogs
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/sbin/suexec /usr/sbin/suexe
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/share/httpd /usr/share/httpd
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/share/doc/httpd24-apr-1.4.8 /usr/share/doc/httpd24-apr-1.4.8
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/share/doc/httpd24-apr-util-1.5.2 /usr/share/doc/httpd24-apr-util-1.5.2
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/share/doc/httpd24-httpd-2.4.6 /usr/share/doc/httpd24-httpd-2.4.6
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/share/doc/httpd24-httpd-tools-2.4.6 /usr/share/doc/httpd24-httpd-tools-2.4.6
[root@web ~]# ln -s /opt/rh/httpd24/root/usr/share/man/* /usr/share/man/*
[root@web ~]# ln -s /opt/rh/httpd24/root/var/log/httpd /var/log/httpd
[root@web ~]# ln -s /opt/rh/httpd24/root/var/run/httpd /var/run/httpd
[root@web ~]# ln -s /opt/rh/httpd24/root/var/cache/httpd /var/cache/httpd

Memindahkan root file www ke folder home…

[root@web ~]# mkdir /home/data-www
[root@web ~]# mkdir /home/data-www/www
[root@web ~]# cp -rf /opt/rh/httpd24/root/var/www/* /home/data-www/www/
[root@web ~]# rm -rf /opt/rh/httpd24/root/var/www
[root@web ~]# ln -s /home/data-www/www /opt/rh/httpd24/root/var/www

Memindahkan file execute untuk mengaktifkan service server…

[root@web ~]# ln -s /etc/init.d/httpd24-httpd /etc/init.d/httpd
[root@web ~]# ln -s /etc/init.d/php-fpm /etc/init.d/php

 

 

Membuat Proxy untuk jalankan PHP

Untuk menjalankan PHP 5.6 kita buatkan Proxy di port localhost 9000 dengan membuat virtual host pada Apache. Buat file config virtual host-nya…

[root@web ~]# nano /etc/httpd/conf.d/php.conf
<Proxy "fcgi://localhost:9000" retry=0 >
         ProxySet connectiontimeout=5 timeout=7200
</Proxy>

<Files ".user.ini">
         <IfModule mod_authz_core.c>
               Require all denied
         </IfModule>
         <IfModule !mod_authz_core.c>
               Order allow,deny
               Deny from all
               Satisfy All
         </IfModule>
</Files>

AddType text/html .php
DirectoryIndex index.php

<IfModule proxy_module>
         <FilesMatch "\.php$">
               SetHandler "proxy:fcgi://localhost/:9000"
         </FilesMatch>
</IfModule>

 

 

Memindahkan folder database MySQL

Memindahkan folder database MySQL ke /home bertujuan mempermudahkan untuk maintenance dan back-up secara berkala.

Membuat folder database dan memberikan previlege user dan group mysql

[root@web ~]# mkdir /home/data-mysql
[root@web ~]# chown mysql:mysql -R /home/data-mysql
[root@web ~]# rm -rf /var/lib/mysql
[root@web ~]# ln -s /home/data-mysql /var/lib/mysql

Rubah config MySQL di file /etc/my.cnf
1. Sebelumnya datadir=/var/lib/mysql rubah menjadi datadir=/home/data-mysql
2. Sebelumnya socket=/var/lib/mysql/mysql.sock menjadi socket=/home/data-mysql/mysql.sock

[root@web ~]# nano /etc/my.cnf
[mysqld]
datadir=/home/data-mysql
socket=/home/data-mysql/mysql.sock
......

Kemudian jalankan perintah…

[root@web ~]# restorecon -Rv /home/data-mysql

Kembalikan aktifkan service MySQL…

[root@web ~]# service mysqld start

Lakukan tester dengan menyambungkan ke database…

[root@web ~]# mysql -u root -p

Enter password:
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 2
Server version: 5.5.54 MySQL Community Server (GPL) by Remi

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

dan lihat isi database-nya, ketik show databases; bila muncul database-nya seperti dibawah ini berarti berhasil memindahkan database.

mysql> show databases;
+----------------------+
| Database             |
+----------------------+
| information_schema   |
| mysql                |
| performance_schema   |
| test                 |
+----------------------+
4 rows in set (0.00 sec)

 

 

Jalankan daemon-nya dan tester

Menjalan daemon aplikasi server dan membuat agar daemon tersebut akan di loading saat pertama kali server booting…

[root@web ~]# chkconfig mysqld on
[root@web ~]# chkconfig httpd on
[root@web ~]# chkconfig php on
[root@web ~]# service httpd start
[root@web ~]# service php start

Check port yang jalan…

[root@web ~]# nmap localhost
Starting Nmap 5.51 ( http://nmap.org ) at 2017-01-15 00:20 WIB
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000019s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
9000/tcp open cslistener

Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds

Check versi di CLI…

[root@web ~]# httpd -v
Server version: Apache/2.4.6 (Red Hat)
Server built: Sep 25 2013 05:25:46
[root@web ~]# php -v
PHP 5.6.29 (cli) (built: Dec 8 2016 08:51:50)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies

Tester tampilan welcome Apache 2.4, http://ip-server

Tester dengan membuat file di /home/data-www/www/html dengan script php, misal diberi nama phpinfo.php

[root@web ~]# nano /home/data-www/www/html/phpinfo.php
<?php phpinfo(); ?>

dan buka di web browser http://ip-server/phpinfo.php…

 

 

Config Tools untuk Upload File Web

Mempermudah upload file Web pada Web Hosting bisa menggunakan FTP Protocol yang bisa diatur secara user dan folder, terlebih dahulu lakukan config pada vsFTP…

edit file /etc/vsftpd/vsftpd.conf…
1. Sebelumnya anonymous_enable=YES rubah menjadi anonymous_enable=NO
2. Pastikan local_enable=YES dan write_enable=YES
3. Hapus tanda comment “#” pada chroot_local_user=YES

Start service daemon-nya dan jadikan autorun saat server booting pertama kali…

[root@web ~]# service vsftpd start
[root@web ~]# chkconfig vsftpd on

Check port protocolnya, port FTP sudah ada belum dengan nmap…

[root@web ~]# nmap localhost

Starting Nmap 5.51 ( http://nmap.org ) at 2017-01-15 15:34 WIB
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000018s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 995 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
9000/tcp open cslistener

Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds

 

 

Config Tools untuk phpMyAdmin agar Mudah Mem-manage Database MySQL

Sebelumnya reset password root pada MySQL, berikut langkah-langkahnya…

Matikan service daemon MySQL

[root@web ~]# service mysqld stop

Menjalankan kembali MySQL namun dengan safe mode dan skip previlege…

[root@web ~]# mysqld_safe --skip-grant-tables &

Connect ke MySQL

[root@web ~]# mysql -uroot
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 1
Server version: 5.5.54 MySQL Community Server (GPL) by Remi

Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql>

Barulah jalankan script sebagai berikut dan keluar…

mysql> use mysql;
mysql> update user set password=PASSWORD("mynewpassword") where User='root';
mysql> flush privileges;
mysql> quit

Terakhir restat service daemon MySQL

[root@web ~]# service mysqld restart

Edit file /etc/httpd/conf.d/phpMyAdmin.conf kemudian tambahkan module proxy untuk menjalankan script php dan atur access permit-nya…

[root@web ~]# nano /etc/httpd/conf.d/phpMyAdmin.conf
......
<IfModule proxy_module>
ProxyPassMatch ^/phpmyadmin/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/usr/share/phpMyAdmin/$1
ProxyPassMatch ^/phpMyAdmin/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/usr/share/phpMyAdmin/$1
</IfModule>

<Directory /usr/share/phpMyAdmin/>
......

<IfModule mod_authz_core.c>
# Apache 2.4
Require all granted
</IfModule>
......

Terakhir restat service daemon Apache

[root@web ~]# service httpd restart

buka pada web browser…