Install Nginx MariaDB PHP Let’s Encrypt on AlmaLinux 9 / RockyLinux 9

Install Nginx 1.24 MariaDB 11.0 PHP 8.2 Let’s Encrypt SSL pada AlmaLinux 9 / RockyLinux 9

  • Update system dan install tool pendukung
yum update -y && yum install epel-release -y
yum install nano curl wget htop nano net-tools yum-utils unzip -y
  • Disable selinux dan firewalld
setenforce 0
sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config

systemctl disable --now firewalld

Install Nginx

  • Install Nginx Stable 1.24
  • Buat file nginx.repo
nano /etc/yum.repos.d/nginx.repo
[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true
  • Cek info versi nginx yang tersedia
yum info nginx
---<output>---
Available Packages
Name         : nginx
Epoch        : 1
Version      : 1.24.0
Release      : 1.el9.ngx
Architecture : x86_64
Size         : 868 k
Source       : nginx-1.24.0-1.el9.ngx.src.rpm
Repository   : nginx-stable
Summary      : High performance web server
URL          : https://nginx.org/
License      : 2-clause BSD-like license
Description  : nginx [engine x] is an HTTP and reverse proxy server, as well as
             : a mail proxy server.
  • Install nginx dan cek versi nginx
yum install nginx -y
systemctl enable --now nginx

nginx -v
---<output>---
nginx version: nginx/1.24.0
  • Verifikasi nginx server lewat web browser

Install MariaDB 11.0

  • Download repository mariadb 11.0 dan install mariadb server
  • Aktifkan service mariadb
curl -LsS https://downloads.mariadb.com/MariaDB/mariadb_repo_setup | sudo bash -s -- --mariadb-server-version=11.0
yum install MariaDB-client MariaDB-server -y

systemctl enable --now mariadb
  • Cek versi mysql
mariadb -V
---<output>---
mariadb from 11.0.2-MariaDB, client 15.2 for Linux (x86_64) using  EditLine wrapper
  • Jalankan mariadb secure installation
mariadb-secure-installation
---<output>---
Enter current password for root (enter for none):  <enter>
Switch to unix_socket authentication [Y/n] n
Change the root password? [Y/n] Y
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
  • Verifikasi login ke dalam mysql server
mariadb
---<output>---
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 11.0.2-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
4 rows in set (0.001 sec)

Install PHP 8.2

  • Install repository remi
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-9.rpm
  • Cek module php
yum module list php -y
---<output>---
AlmaLinux 9 - AppStream
Name      Stream       Profiles                       Summary                   
php       8.1          common [d], devel, minimal     PHP scripting language    

Remi's Modular repository for Enterprise Linux 9 - x86_64
Name      Stream       Profiles                       Summary                   
php       remi-7.4     common [d], devel, minimal     PHP scripting language    
php       remi-8.0     common [d], devel, minimal     PHP scripting language    
php       remi-8.1     common [d], devel, minimal     PHP scripting language    
php       remi-8.2     common [d], devel, minimal     PHP scripting language    

Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalled
  • Reset default module php dan aktifkan module php 8.2
yum module reset php -y
yum module enable php:remi-8.2 -y
  • Install php
yum install -y php php-common php-mcrypt php-cli php-gd php-curl php-mysql php-xml php-mbstring php-zip php-ldap php-xmlrpc php-curl php-fileinfo php-intl php-libvirt php-devel php-fpm php-pecl-memcache php-pecl-memcached php-pecl-apcu php-pdo php-redis php-sqlite3 php-opcache php-soap php-apcu php-imagick
  • Cek versi php
php -v
---<output>---
PHP 8.2.9 (cli) (built: Aug  3 2023 11:39:08) (NTS gcc x86_64)
Copyright (c) The PHP Group
Zend Engine v4.2.9, Copyright (c) Zend Technologies
with Zend OPcache v8.2.9, Copyright (c), by Zend Technologies
  • Setting file /etc/php.ini
file_uploads = On
upload_max_filesize = 1000M
post_max_size = 1000M
max_file_uploads = 20
memory_limit = 512M
max_input_time = 300
max_execution_time = 300
date.timezone = Asia/Jakarta
display_errors = Off
  • Setting php-fpm pada file /etc/php-fpm.d/www.conf
[www] >> [sys-ops.id]
user = nginx
group = nginx
listen = /run/php-fpm/www.sock
listen.allowed_clients = 127.0.0.1
pm.max_children = 30
pm.start_servers = 10
pm.min_spare_servers = 10
pm.max_spare_servers = 30
pm.process_idle_timeout = 30s
  • Hapus default konfigurasi nginx pada file default.conf
rm -rf /etc/nginx/conf.d/default.conf
  • Buat file default konfigurasi nginx yang baru pada file example.conf agar file php bisa berjalan pada webserver nginx
nano /etc/nginx/conf.d/example.conf
server {
 listen       80 default_server;
 server_name  localhost;
 root         /var/www/html;
 
 # Load configuration files for the default server block.
 include /etc/nginx/default.d/*.conf;
 
 location / {
      try_files $uri $uri/ /index.php?$args;
 }
 
 location ~* \.php$ {
 fastcgi_pass unix:/run/php-fpm/www.sock;
 include         fastcgi_params;
 fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
 fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
 fastcgi_read_timeout 300;
 proxy_read_timeout 600;
 }
}
  • Restart service nginx dan aktifkan service php-fpm
systemctl restart nginx
systemctl restart php-fpm
systemctl enable php-fpm
  • Buat file index.php pada directory /var/www/html/
<?php phpinfo(); ?>
  • Verifikasi php lewat web browser

Setting Virtual Host

  • Buat directory pada /var/www/
mkdir /var/www/ops.sideka.my.id
  • Download file web test
wget https://github.com/sideka-cloud/web-test/archive/refs/heads/main.zip
unzip main.zip
cp -r web-test-main/* /var/www/ops.sideka.my.id/
chown -R nginx:nginx /var/www/
  • Buat file konfigurasi virtual host pada directory /etc/httpd/conf.d/
nano /etc/nginx/conf.d/ops.sideka.my.id.conf
server {
   listen 80;
   server_name ops.sideka.my.id;
   root /var/www/ops.sideka.my.id;
   access_log /var/log/nginx/ops.sideka.my.id-access.log  combined;
   error_log /var/log/nginx/ops.sideka.my.id-error.log;

   location / {
       index index.php index.htm index.html;
       try_files $uri $uri/ /index.php?$args;
   }

   add_header X-Frame-Options "SAMEORIGIN";
   add_header X-Content-Type-Options "nosniff";
   add_header X-Xss-Protection "1; mode=block";
   add_header Referrer-Policy strict-origin-when-cross-origin;
   add_header Strict-Transport-Security "max-age=15552000; includeSubDomains;preload";

   location ~* /\.(?!well-known\/) {
       deny all;
   }

   location ~\.(ini|log|conf)$ {
      deny all;
   }

   location ~ \.php$ {
      include /etc/nginx/fastcgi_params;
      fastcgi_pass unix:/run/php-fpm/www.sock;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      include fastcgi_params;
      fastcgi_read_timeout 300;
      proxy_read_timeout 600;
   }
}
  • Verifikasi file konfigurasi nginx
nginx -t
---<output>---
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
  • Restart service nginx dan php-fpm
systemctl restart nginx php-fpm
  • Verifikasi virtual host lewat web browser

Install Let’s Encrypt SSL

  • Install certbot dan install let’s encrypt pada domain
yum install certbot python3-certbot-nginx -y
certbot --nginx --agree-tos -d ops.sideka.my.id -m [email protected]
  • Verifikasi let’s encrypt ssl lewat web browser

herdiana3389

A system administrator with skills in system administration, virtualization, linux, windows, networking, cloud computing, container, etc.