ini save sebagai setup.sh, chmod +x, jalankan ./setup.sh
bila setelah script jalan, lalu ada error certbot, jalankan certbot -v
----------------------
#!/bin/bash
# Script setup VPS Debian 12 minimal + Fail2Ban
# Jalankan sebagai root
set -e
# ===== Konfigurasi =====
ROOT_PASS="12345678Abcdefg"
SSH_PORT="27000"
USERNAME="bejo"
BEJO_PASS="Bejo123!"
DB_PASS="123posG"
SUBDOMAIN1="sub1.example.com"
SUBDOMAIN2="sub2.example.com"
EMAIL="[admin@example.com](mailto:admin@example.com)"
# =======================
# Cek root
if [ "$EUID" -ne 0 ]; then
echo "Jalankan sebagai root!"
exit 1
fi
echo "=== Memulai setup VPS ==="
# Update sistem
apt update && apt upgrade -y
apt install -y sudo wget curl mc lsb-release gnupg2
# Buat user
if ! id "$USERNAME" &>/dev/null; then
useradd -m -s /bin/bash "$USERNAME"
echo "$USERNAME:${BEJO_PASS}" | chpasswd
usermod -aG sudo "$USERNAME"
fi
# Set password root
echo "root:${ROOT_PASS}" | chpasswd
# Konfigurasi SSH
SSHD_CONFIG="/etc/ssh/sshd_config"
cp $SSHD_CONFIG ${SSHD_CONFIG}.bak
sed -i "s/^#Port.*/Port ${SSH_PORT}/" $SSHD_CONFIG
sed -i "s/^#PermitRootLogin.*/PermitRootLogin no/" $SSHD_CONFIG
sed -i "s/^#PasswordAuthentication.*/PasswordAuthentication yes/" $SSHD_CONFIG
systemctl restart ssh
# Install MariaDB
apt install -y mariadb-server
systemctl stop mariadb
cat > /etc/mysql/mariadb.conf.d/60-vps.cnf <<EOF
[mysqld]
max_connections = 40
innodb_buffer_pool_size = 256M
innodb_log_file_size = 64M
tmp_table_size = 32M
max_heap_table_size = 32M
EOF
systemctl start mariadb
mysql -u root <<MYSQL_SCRIPT
ALTER USER 'root'@'localhost' IDENTIFIED BY '${DB_PASS}';
FLUSH PRIVILEGES;
CREATE USER 'root'@'127.0.0.1' IDENTIFIED BY '${DB_PASS}';
GRANT ALL PRIVILEGES ON *.* TO 'root'@'127.0.0.1';
FLUSH PRIVILEGES;
MYSQL_SCRIPT
# Install Nginx
apt install -y nginx
systemctl enable nginx
mkdir -p /var/www/${SUBDOMAIN1}
mkdir -p /var/www/${SUBDOMAIN2}
echo "<h1>${SUBDOMAIN1}</h1>" > /var/www/${SUBDOMAIN1}/index.html
echo "<h1>${SUBDOMAIN2}</h1>" > /var/www/${SUBDOMAIN2}/index.html
cat > /etc/nginx/sites-available/${SUBDOMAIN1} <<EOF
server {
listen 80;
server_name ${SUBDOMAIN1};
root /var/www/${SUBDOMAIN1};
index index.html;
}
EOF
cat > /etc/nginx/sites-available/${SUBDOMAIN2} <<EOF
server {
listen 80;
server_name ${SUBDOMAIN2};
root /var/www/${SUBDOMAIN2};
index index.html;
}
EOF
ln -sf /etc/nginx/sites-available/${SUBDOMAIN1} /etc/nginx/sites-enabled/
ln -sf /etc/nginx/sites-available/${SUBDOMAIN2} /etc/nginx/sites-enabled/
rm -f /etc/nginx/sites-enabled/default
nginx -t && systemctl reload nginx
# Install UFW
apt install -y ufw
ufw allow ${SSH_PORT}/tcp
ufw allow 80/tcp
ufw allow 443/tcp
echo "y" | ufw enable
# =============================
# Install Fail2Ban
# =============================
apt install -y fail2ban
cat > /etc/fail2ban/jail.local <<EOF
[DEFAULT]
bantime = 1h
findtime = 10m
maxretry = 5
backend = systemd
[sshd]
enabled = true
port = ${SSH_PORT}
EOF
systemctl enable fail2ban
systemctl restart fail2ban
# =============================
# Install SSL (TERAKHIR)
# =============================
apt install -y certbot python3-certbot-nginx
sleep 3
certbot --nginx -d ${SUBDOMAIN1} -d ${SUBDOMAIN2} --non-interactive --agree-tos --email ${EMAIL} --redirect
nginx -t && systemctl reload nginx
echo "=== SELESAI ==="
echo "User: $USERNAME"
echo "SSH Port: $SSH_PORT"
echo "Domain: $SUBDOMAIN1, $SUBDOMAIN2"
echo "SSL aktif & Fail2Ban aktif"
No comments:
Post a Comment