Install LNMP Stack (Nginx 1.26, MariaDB 11.4, PHP 8.3) on Ubuntu 24.04

Install LAMP (Nginx 1.26, MariaDB 11.4, PHP 8.3) di Ubuntu 24.04

  • Update repository ubuntu
apt update && apt upgrade -y

Install Nginx 1.26

  • Install Nginx Stable
  • Secara default repository ubuntu 24.04 support nginx 1.24
apt install -y curl gnupg2 ca-certificates lsb-release ubuntu-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
gpg --dry-run --quiet --no-keyring --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" | sudo tee /etc/apt/preferences.d/99nginx

apt update && apt install -y nginx
systemctl enable --now nginx
  • Cek versi nginx
nginx -v
---<output>---
nginx version: nginx/1.26.0
  • Akses web server apache lewat browser: http://ip_address_ubuntu atau http://domain (http://lnmp.sys-ops.id.sideka.my.id)

Install PHP 8.3

  • Secara default repository ubuntu 24.04 sudah support php 8.3 tanpa harus menambahkan repository ppa:ondrej/php
  • Jika ingin menginstall php selain versi 8.3 bisa menggunakan repository ppa:ondrej/php
add-apt-repository ppa:ondrej/php
apt install -y php8.3 php8.3-{common,cli,gd,curl,mysql,xml,mbstring,zip,ldap,xmlrpc,curl,intl,fpm,imagick,dev,imap,opcache,soap,memcached,redis}
  • Cek versi php
php -v
---<output>---
PHP 8.3.7 (cli) (built: May 13 2024 15:38:35) (NTS)
Copyright (c) The PHP Group
Zend Engine v4.3.7, Copyright (c) Zend Technologies
    with Zend OPcache v8.3.7, Copyright (c), by Zend Technologies
  • Setting PHP-FPM
  • Dan pastikan user pada file /etc/nginx/nginx.conf adalah www-data
sed -i '/^\s*user\s\+nginx;/c\user www-data;' /etc/nginx/nginx.conf
nano /etc/php/8.3/fpm/pool.d/www.conf
---<edit file>---
user = www-data
group = www-data
listen = /run/php/php8.3-fpm.sock
listen.allowed_clients = 127.0.0.1
pm.max_children = 30
pm.start_servers = 10
pm.min_spare_servers = 10
pm.max_spare_servers = 30
pm.process_idle_timeout = 30s
  • Setting php.ini
nano /etc/php/8.3/fpm/php.ini

upload_max_filesize = 100M
post_max_size = 100M
memory_limit = 512M
max_execution_time = 300
max_input_time = 300
date.timezone = Asia/Jakarta
zlib.output_compression = On
zlib.output_compression_level = 6
  • Restart service apache dan php-fpm
systemctl restart php8.3-fpm
systemctl restart nginx

Setting Virtual Host

  • Buat directory untuk domain lnmp.sys-ops.id.sideka.my.id (sesuaikan dengan domain anda)
mkdir -p /var/www/lnmp.sys-ops.id.sideka.my.id
  • Download sample file website dan copy ke folder /var/www/lnmp.sys-ops.id.sideka.my.id
git clone https://github.com/sideka-cloud/web-test.git
cp -R web-test/* /var/www/lnmp.sys-ops.id.sideka.my.id/
chown -R www-data:www-data /var/www/lnmp.sys-ops.id.sideka.my.id/
  • Buat file config virtual host untuk domain lnmp.sys-ops.id.sideka.my.id
  • Ganti nama domain lnmp.sys-ops.id.sideka.my.id dengan domain yang diinginkan
nano /etc/nginx/conf.d/lnmp.sys-ops.id.sideka.my.id.conf
server {
   listen 80;
   server_name lnmp.sys-ops.id.sideka.my.id;
   root /var/www/lnmp.sys-ops.id.sideka.my.id;

   location / {
       index index.php index.html index.htm;
       try_files $uri $uri/ /index.php?$args;
   }

         add_header Access-Control-Allow-Headers "ORIGIN, X-REQUESTED-WITH, CONTENT-TYPE";
         add_header Access-Control-Allow-Origin "*";
         add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
         add_header X-Content-Type-Options "nosniff";
         add_header X-Xss-Protection "1; mode=block";
         add_header X-Frame-Options "SAMEORIGIN";
         add_header Referrer-Policy "strict-origin-when-cross-origin";
         add_header Strict-Transport-Security "max-age=15552000; includeSubDomains;preload";
         add_header Access-Control-Max-Age "60000";
         add_header Permissions-Policy "microphone=(), geolocation=(self), fullscreen=()";
         add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' http: https:; img-src 'self' data: https:; font-src 'self' data: https:; frame-src 'self' data: https: blob:";

         proxy_hide_header X-Powered-By;
         fastcgi_hide_header X-Powered-By;
         server_tokens off;

         gzip on;
         gzip_comp_level 7;
         gzip_proxied any;
         gzip_types text/plain application/xml text/css text/js text/xml application/x-javascript text/javascript application/json application/xml+rss;
         gzip_vary on;

         location ~* /\.(?!well-known\/) {
                 deny all;
         }

         location ~\.(ini|log|conf|txt|bak|old)$ {
                 deny all;
         }

   location ~ \.php$ {
      include /etc/nginx/fastcgi_params;
      fastcgi_pass unix:/run/php/php8.3-fpm.sock;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      include fastcgi_params;
      fastcgi_read_timeout 300;
      proxy_read_timeout 600;
   }
}
  • Verifikasi file konfigurasi apache, pastikan tidak ada error
nginx -t
---<output>---
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
  • Restart service apache dan php-fpm
systemctl restart php8.3-fpm
systemctl restart nginx
  • Akses domain lewat browser http://domain (http://lnmp.sys-ops.id.sideka.my.id)
  • Verifikasi php-fpm
nano /var/www/lnmp.sys-ops.id.sideka.my.id/info.php

<?php phpinfo();

Install MariaDB 11.4 LTS

  • Install MariaDB 11.4
  • Secara default ubuntu 24.04 menggunakan mariadb versi 10.11 LTS
curl -LsS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash -s -- --mariadb-server-version=11.4
apt install mariadb-server mariadb-client -y
  • Cek versi mariadb
mariadb -V
---<output>---
mariadb from 11.4.2-MariaDB, client 15.2 for debian-linux-gnu (x86_64) using  EditLine wrapper
  • mariadb secure installation
mariadb-secure-installation
---<output>---
   Enter current password for root (enter for none):  <enter>
   Switch to unix_socket authentication [Y/n] n
   Change the root password? [Y/n] Y
   Remove anonymous users? [Y/n] Y
   Disallow root login remotely? [Y/n] Y
   Remove test database and access to it? [Y/n] Y
   Reload privilege tables now? [Y/n] Y
  • Login ke dalam mariadb
mariadb -u root -p
---<output>---
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 34
Server version: 11.4.2-MariaDB-ubu2404 mariadb.org binary distribution

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>
  • Enable user root mariadb password authentication
sudo mariadb

ALTER USER root@localhost identified by 'P@ssw0rd!';
FLUSH PRIVILEGES;

  • Testing koneksi database dengan php
  • Buat database baru
CREATE DATABASE sys_ops_id;
GRANT ALL PRIVILEGES ON sys_ops_id.* TO 'user_ops'@'localhost' IDENTIFIED BY 'P@ssw0rd!';
FLUSH PRIVILEGES;
  • Buat file koneksi.php
nano /var/www/lnmp.sys-ops.id.sideka.my.id/koneksi.php
---<isi file>---

<?php
// Koneksi Database
$konek = mysqli_connect("localhost", "user_ops", "P@ssw0rd!", "sys_ops_id");

if (!$konek) {
    echo "Error: Tidak dapat terhubung ke database." . PHP_EOL;
    echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
    echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
    exit;
}
echo "Sukses: Koneksi ke database berhasil terhubung." . PHP_EOL;
echo "Informasi Host: " . mysqli_get_host_info($link) . PHP_EOL;
mysqli_close($link);
?>
  • Verifikasi lewat browser

Install Let’s Encrypt (Free SSL)

  • Install Let’s Encrypt (Free SSL)
apt install certbot python3-certbot-nginx -y
certbot --nginx --agree-tos --redirect -m [email protected] -d lnmp.sys-ops.id.sideka.my.id
  • Verifikasi lewat browser
  • Re-new ssl
certbot renew --dry-run
  • Aktifkan renew ssl pada corn job
crontab -e
   * */12 * * * root /usr/bin/certbot renew >/dev/null 2>&1

systemctl restart cron

herdiana3389

A system administrator with skills in system administration, virtualization, linux, windows, networking, cloud computing, container, etc.