Monday, March 16, 2026

setup server dg mariadb

 

 ini save sebagai setup.sh, chmod +x, jalankan ./setup.sh


 bila setelah script jalan, lalu ada error certbot, jalankan certbot -v

---------------------- 

 

#!/bin/bash
# Script untuk setup awal VPS Debian 12 minimal
# Jalankan sebagai root
# Pastikan domain/subdomain sudah mengarah ke IP VPS sebelum menjalankan script

set -e  # hentikan script jika ada error

# ===== Konfigurasi Awal =====
ROOT_PASS="12345678Abcdefg"
SSH_PORT="27000"
USERNAME="bejo"                # username yang akan dibuat
BEJO_PASS="Bejo123!"           # password untuk user tersebut
DB_PASS="123posG"
SUBDOMAIN1="sub1.example.com"  # ganti dengan domain anda
SUBDOMAIN2="sub2.example.com"  # ganti dengan domain anda
EMAIL="admin@example.com"      # email untuk certbot
# =============================

# Cek root
if [ "$EUID" -ne 0 ]; then
    echo "Jalankan script ini sebagai root."
    exit 1
fi

echo "=== Memulai setup VPS ==="

# Update sistem dan install paket dasar
echo ">>> Update sistem dan install paket dasar..."
apt update
apt upgrade -y
apt install -y sudo wget curl mc lsb-release gnupg2

# Buat user (jika belum ada)
if id "$USERNAME" &>/dev/null; then
    echo ">>> User $USERNAME sudah ada, melewati pembuatan user."
else
    echo ">>> Membuat user $USERNAME..."
    useradd -m -s /bin/bash "$USERNAME"
    echo "$USERNAME:${BEJO_PASS}" | chpasswd
    usermod -aG sudo "$USERNAME"
    echo "User $USERNAME dibuat dan ditambahkan ke grup sudo."
fi

# Ubah password root
echo ">>> Mengubah password root..."
echo "root:${ROOT_PASS}" | chpasswd

# Konfigurasi SSH
echo ">>> Mengkonfigurasi SSH (port ${SSH_PORT}, root login disable)..."
SSHD_CONFIG="/etc/ssh/sshd_config"
cp ${SSHD_CONFIG} ${SSHD_CONFIG}.bak

# Set port
if grep -q "^Port " ${SSHD_CONFIG}; then
    sed -i "s/^Port .*/Port ${SSH_PORT}/" ${SSHD_CONFIG}
else
    echo "Port ${SSH_PORT}" >> ${SSHD_CONFIG}
fi

# Disable root login
if grep -q "^PermitRootLogin " ${SSHD_CONFIG}; then
    sed -i "s/^PermitRootLogin .*/PermitRootLogin no/" ${SSHD_CONFIG}
else
    echo "PermitRootLogin no" >> ${SSHD_CONFIG}
fi

# Pastikan PasswordAuthentication yes (default)
if grep -q "^PasswordAuthentication " ${SSHD_CONFIG}; then
    sed -i "s/^PasswordAuthentication .*/PasswordAuthentication yes/" ${SSHD_CONFIG}
else
    echo "PasswordAuthentication yes" >> ${SSHD_CONFIG}
fi

# Restart SSH
systemctl restart ssh
echo ">>> SSH dikonfigurasi ulang."

echo "Installing MariaDB..."
apt install -y mariadb-server

echo "Stopping MariaDB to apply config..."
systemctl stop mariadb

CONFIG_FILE="/etc/mysql/mariadb.conf.d/60-vps-1gb.cnf"

echo "Writing optimized config..."

cat > $CONFIG_FILE <<EOF
[mysqld]

# CONNECTION
max_connections = 40
thread_cache_size = 40
skip-name-resolve

# INNODB SETTINGS (optimized for 1GB RAM)
innodb_buffer_pool_size = 256M
innodb_buffer_pool_instances = 1
innodb_log_file_size = 64M
innodb_log_buffer_size = 8M
innodb_flush_method = O_DIRECT
innodb_flush_log_at_trx_commit = 2

# QUERY / TEMP
tmp_table_size = 32M
max_heap_table_size = 32M

# TABLE CACHE
table_open_cache = 1024

# DISABLE QUERY CACHE (modern workloads)
query_cache_type = 0
query_cache_size = 0

# LOG
slow_query_log = 1
slow_query_log_file = /var/log/mysql/slow.log
long_query_time = 2
EOF

echo "Starting MariaDB..."
systemctl start mariadb

echo "Setting root password..."

mysql -u root <<MYSQL_SCRIPT
ALTER USER 'root'@'localhost' IDENTIFIED BY '${DB_PASS}';
FLUSH PRIVILEGES;
MYSQL_SCRIPT

echo "Securing installation..."

mysql -u root -p${DB_PASS} <<MYSQL_SCRIPT
DELETE FROM mysql.user WHERE User='';
DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
FLUSH PRIVILEGES;
MYSQL_SCRIPT

systemctl restart mariadb

 
# Install nginx
echo ">>> Menginstall nginx..."
apt install -y nginx
systemctl enable nginx

# Buat direktori untuk subdomain
mkdir -p /var/www/${SUBDOMAIN1}
mkdir -p /var/www/${SUBDOMAIN2}

# Buat file index sederhana
echo "<h1>${SUBDOMAIN1}</h1>" > /var/www/${SUBDOMAIN1}/index.html
echo "<h1>${SUBDOMAIN2}</h1>" > /var/www/${SUBDOMAIN2}/index.html

# Buat konfigurasi server block untuk subdomain1 (HTTP only, nanti akan diubah certbot)
cat > /etc/nginx/sites-available/${SUBDOMAIN1} <<EOF
server {
    listen 80;
    listen [::]:80;
    server_name ${SUBDOMAIN1};
    root /var/www/${SUBDOMAIN1};
    index index.html;
    location / {
        try_files \$uri \$uri/ =404;
    }
}
EOF

# Buat konfigurasi untuk subdomain2 (HTTP only)
cat > /etc/nginx/sites-available/${SUBDOMAIN2} <<EOF
server {
    listen 80;
    listen [::]:80;
    server_name ${SUBDOMAIN2};
    root /var/www/${SUBDOMAIN2};
    index index.html;
    location / {
        try_files \$uri \$uri/ =404;
    }
}
EOF

# Aktifkan konfigurasi
ln -sf /etc/nginx/sites-available/${SUBDOMAIN1} /etc/nginx/sites-enabled/
ln -sf /etc/nginx/sites-available/${SUBDOMAIN2} /etc/nginx/sites-enabled/

# Hapus default site jika ada
rm -f /etc/nginx/sites-enabled/default

# Test dan reload nginx
nginx -t && systemctl reload nginx
echo ">>> Nginx dikonfigurasi dengan subdomain ${SUBDOMAIN1} dan ${SUBDOMAIN2} (HTTP)."

# Install dan setup SSL dengan certbot (task 10)
echo ">>> Menginstall certbot dan mengatur SSL untuk subdomain..."
apt install -y certbot python3-certbot-nginx

# Jalankan certbot untuk mendapatkan sertifikat dan redirect HTTP ke HTTPS
certbot --nginx -d ${SUBDOMAIN1} -d ${SUBDOMAIN2} \
    --non-interactive --agree-tos --email ${EMAIL} \
    --redirect --hsts --staple-ocsp --must-staple

# --redirect: Mengalihkan HTTP ke HTTPS
# --hsts: Menambahkan header HSTS
# --staple-ocsp: Mengaktifkan OCSP Stapling
# --must-staple: Menambahkan flag OCSP Must-Staple

echo ">>> SSL berhasil dipasang. Nginx sekarang hanya melayani HTTPS dengan redirect dari HTTP."

# Pastikan konfigurasi nginx valid dan reload
nginx -t && systemctl reload nginx

# Install dan konfigurasi UFW
echo ">>> Menginstall UFW..."
apt install -y ufw

# Izinkan port SSH baru, HTTP, HTTPS
ufw allow ${SSH_PORT}/tcp
ufw allow 80/tcp
ufw allow 443/tcp

# Aktifkan UFW (non-interaktif)
echo "y" | ufw enable
echo ">>> UFW diaktifkan, port ${SSH_PORT}, 80, 443 diizinkan."

# Tampilkan informasi
echo "=== Setup selesai! ==="
echo "Informasi:"
echo "- Root password telah diubah."
echo "- User $USERNAME dengan password ${BEJO_PASS} (dapat sudo)."
echo "- SSH port: ${SSH_PORT}, root login dinonaktifkan."
echo "- Password untuk database: ${DB_PASS}"
echo "- Nginx subdomain: ${SUBDOMAIN1} dan ${SUBDOMAIN2} (pastikan DNS mengarah ke IP VPS)."
echo "- SSL sudah diaktifkan untuk kedua subdomain menggunakan Let's Encrypt."
echo "  Semua akses HTTP akan diarahkan ke HTTPS secara otomatis."
echo "- UFW aktif, hanya port ${SSH_PORT}, 80, 443 yang terbuka."
echo ""
echo "PERINGATAN: Pastikan Anda dapat login sebagai $USERNAME melalui SSH sebelum menutup sesi ini!"

 

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)