Install Apache MariaDB 10.6 PHP 8 on AlmaLinux 8

Install Apache MariaDB 10.6 PHP 8.0 VirtualHost Let’s Encrypt pada AlmaLinux 8

  • Update repository package almalinux
yum update -y && yum install epel-release -y && yum install wget nano net-tools -y

Install Apache pada AlmaLinux

  • Install Apache
yum install httpd -y
  • Jalankan service httpd
systemctl enable httpd
systemctl start httpd
systemctl status httpd
  • Cek versi apache
httpd -v
Server version: Apache/2.4.37 (AlmaLinux)
Server built:   Jan 25 2022 20:48:49
  • Tes webserver apache dengan url: http://ip_address_almalinux

Install MariaDB 10.6 pada AlmaLinux

  • Tambahkan repository MariaDB 10.6 pada AlmaLinux
nano /etc/yum.repos.d/mariadb.repo
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.6/rhel8-amd64
module_hotfixes=1
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1 
  • Install mariadb 10.6
yum install MariaDB-client MariaDB-server -y
  • Jalankan service mariadb
systemctl start mariadb 
systemctl enable mariadb 
systemctl status mariadb 
  • Jalankan mariadb secure installation
mariadb-secure-installation
Enter current password for root (enter for none):  <enter>
OK, successfully used password, moving on...

Switch to unix_socket authentication [Y/n] n
 ... skipping.

Change the root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!

Remove anonymous users? [Y/n] Y
 ... Success!

Disallow root login remotely? [Y/n] Y
 ... Success!

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reload privilege tables now? [Y/n] Y
 ... Success!

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!
  • Cek versi mariadb
mariadb -V
mariadb  Ver 15.1 Distrib 10.6.5-MariaDB, for Linux (x86_64) using readline 5.1

Install PHP 8.0 pada AlmaLinux

  • Install repository remi 8
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-8.rpm
  • Cek versi php yang tersedia dan aktifkan repository php 8.0
sudo yum module list php -y 
sudo yum module reset php -y
sudo yum module enable php:remi-8.0
  • Install PHP 8.0
yum install php php-common php-mcrypt php-cli php-gd php-curl php-mysql php-xml php-mbstring php-zip php-ldap php-xmlrpc php-curl php-fileinfo php-intl php-libvirt php-devel php-fpm php-pecl-memcache php-pecl-memcached php-pecl-apcu php-pdo php-redis -y
  • Setting file /etc/php.ini
file_uploads = On
upload_max_filesize = 100M
post_max_size = 100M
max_file_uploads = 20
memory_limit = 256M
max_input_time = 180
max_execution_time = 180
date.timezone = Asia/Jakarta
display_errors = Off
  • Cek versi php
php -v
PHP 8.0.15 (cli) (built: Jan 18 2022 12:16:19) ( NTS gcc x86_64 )
Copyright (c) The PHP Group
Zend Engine v4.0.15, Copyright (c) Zend Technologies
    with Zend OPcache v8.0.15, Copyright (c), by Zend Technologies

Setting apache php-fpm pada almalinux

  • Secara default jika install httpd dan php-fpm harusny server api yang digunakan sudah menggunakan php-fpm, jika masih tidak aktif maka harus di cek dengan langkah berikut.
  • Restart service httpd dan php-fpm
systemctl restart httpd
systemctl restart php-fpm
systemctl enable php-fpm
  • Edit file /etc/php-fpm.d/www.conf, uncoment baris berikut
listen = /run/php-fpm/www.sock
...
listen.allowed_clients = 127.0.0.1
listen.owner = apache
listen.group = apache
listen.mode = 0660
...
user = apache
group = apache
  • Setting mpm_event_module pada httpd, tambahakan tanda pagar (#) pada baris LoadModule mpm_prefork_module modules/mod_mpm_prefork.so , dan hapus tanda pagar pada baris LoadModule mpm_event_module modules/mod_mpm_event.so
nano /etc/httpd/conf.modules.d/00-mpm.conf
# Select the MPM module which should be used by uncommenting exactly
# one of the following LoadModule lines.  See the httpd.conf(5) man
# page for more information on changing the MPM.

# prefork MPM: Implements a non-threaded, pre-forking web server
# See: http://httpd.apache.org/docs/2.4/mod/prefork.html
#
# NOTE: If enabling prefork, the httpd_graceful_shutdown SELinux
# boolean should be enabled, to allow graceful stop/shutdown.
#
#LoadModule mpm_prefork_module modules/mod_mpm_prefork.so

# worker MPM: Multi-Processing Module implementing a hybrid
# multi-threaded multi-process web server
# See: http://httpd.apache.org/docs/2.4/mod/worker.html
#
#LoadModule mpm_worker_module modules/mod_mpm_worker.so

# event MPM: A variant of the worker MPM with the goal of consuming
# threads only for connections with active processing
# See: http://httpd.apache.org/docs/2.4/mod/event.html
#
LoadModule mpm_event_module modules/mod_mpm_event.so
  • Restart service httpd dan php-fpm
systemctl restart httpd
systemctl restart php-fpm
  • Cek status httpd, pastikan sudah menggunakan server mpm: event dan threaded: yes
httpd -V
Server version: Apache/2.4.37 (AlmaLinux)
Server built:   Jan 25 2022 20:48:49
Server's Module Magic Number: 20120211:83
Server loaded:  APR 1.6.3, APR-UTIL 1.6.1
Compiled using: APR 1.6.3, APR-UTIL 1.6.1
Architecture:   64-bit
Server MPM:     event
  threaded:     yes (fixed thread count)
    forked:     yes (variable process count)
Server compiled with....
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=256
 -D HTTPD_ROOT="/etc/httpd"
 -D SUEXEC_BIN="/usr/sbin/suexec"
 -D DEFAULT_PIDLOG="run/httpd.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="conf/mime.types"
 -D SERVER_CONFIG_FILE="conf/httpd.conf"
  • Tambahkan file index.php pada directory /var/www/html untuk cek status server api
<?php phpinfo(); ?>

Setting Apache Virtual Host pada AlmaLinux

  • Buat directory dan file web html untuk domain alma.rainui.cloud
mkdir /var/www/alma.rainui.cloud/
nano /var/www/alma.rainui.cloud/index.html
<!DOCTYPE html>
<html lang="en" dir="ltr">
  <head>
    <meta charset="utf-8">
    <title>sys-ops.id</title>
  </head>
  <body>
    <h1>Virtual Host Alma.Rainui.Cloud</h1>
    <h3>Sys-Ops.id</h3>
  </body>
</html>
  • Buat file config virtual host untuk domain alma.rainui.cloud
nano /etc/httpd/conf.d/alma.rainui.cloud.conf
<VirtualHost *:80>
    ServerName alma.rainui.cloud
    ServerAlias alma.rainui.cloud
    ServerAdmin [email protected]
    DocumentRoot /var/www/alma.rainui.cloud

    <Directory /var/www/alma.rainui.cloud>
        Options -Indexes +FollowSymLinks
        DirectoryIndex index.php index.html
        AllowOverride All
        Order allow,deny
        Allow from all

        Header set Access-Control-Allow-Headers "ORIGIN, X-REQUESTED-WITH, CONTENT-TYPE"
        Header set Access-Control-Allow-Methods "POST, GET, OPTIONS, PUT, DELETE"
        Header set Access-Control-Allow-Origin "*"
        Header set Access-Control-Allow-Credentials true
        Header set X-XSS-Protection 1;mode=block
        Header set X-Frame-Options SAMEORIGIN
        Header set X-Content-Type-Options nosniff
        Header set Strict-Transport-Security "max-age=15552000; includeSubDomains;preload"
        Header set Referrer-Policy strict-origin-when-cross-origin
        Header set Access-Control-Max-Age 60000
    </Directory>

    ErrorLog /var/log/httpd/alma.rainui.cloud-error.log
    CustomLog /var/log/httpd/alma.rainui.cloud-access.log combined
</VirtualHost>
  • Verifikasi file konfigurasi httpd, jika OK lalu restart service httpd
httpd -t
Syntax OK
-------------------
systemctl restart httpd
  • Cek pada browser dengan url: http://alma.rainui.cloud

Install apache https let’s encrypt pada almalinux

  • install certbot let’s encrypt ssl
yum install certbot python3-certbot-apache mod_ssl -y
  • Buat sertifikat ssl untuk domain alma.rainui.cloud
certbot --apache -d alma.rainui.cloud -m [email protected]
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Account registered.
Requesting a certificate for alma.rainui.cloud

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/alma.rainui.cloud/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/alma.rainui.cloud/privkey.pem
This certificate expires on 2022-05-13.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
Deploying certificate
Successfully deployed certificate for alma.rainui.cloud to /etc/httpd/conf.d/alma.rainui.cloud-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https://alma.rainui.cloud
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  • Domain alma.rainui.cloud sudah menggunakan https
  • Tambahkan ke dalam cron job agar auto renewal let’s encrypt
crontab -e
* */12 * * * root /usr/bin/certbot renew >/dev/null 2>&1

service crond reload

herdiana3389

A system administrator with skills in system administration, virtualization, linux, windows, networking, cloud computing, container, etc.