Wednesday, March 11, 2026

setup server

 ini save sebagai setup.sh, chmod +x, jalankan ./setup.sh

setelah selesai, terminal sekarang jangan ditutup, buka terminal lain utk test login

matikan root (PermitRootLogin no) 

 

/etc/
├── nginx/
│   ├── sites-available/
│   │   ├── app.mydomain.com      # Konfigurasi Frontend (Vue)
│   │   └── api.mydomain.com      # Konfigurasi Backend (Rust)
│   └── sites-enabled/            # Symlink ke sites-available
├── fail2ban/
│   └── jail.d/
│       └── nginx.conf            # Custom jail untuk Nginx
/var/
├── www/
│   ├── app/                      # File build VueJS (dist)
│   └── api/                      # (Opsional) Jika ada static file dari Rust
/opt/
└── apps/
    ├── vue-frontend/             # Source code / proses build Vue (opsional jika build di lokal)
    └── rust-backend/             # Binary Rust & systemd service config
/var/log/
├── nginx/
│   ├── app-error.log
│   ├── app-access.log
│   ├── api-error.log
│   └── api-access.log
└── fail2ban/
    └── fail2ban.log

 

---------------------- 

 

#!/bin/bash

# Warna Output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color

echo -e "${GREEN}=========================================${NC}"
echo -e "${GREEN}  Script Setup VPS Debian Minimal        ${NC}"
echo -e "${GREEN}  (PostgreSQL 17 & Secure SSH)           ${NC}"
echo -e "${GREEN}=========================================${NC}"

# Cek apakah dijalankan sebagai root
if [ "$EUID" -ne 0 ]; then 
  echo -e "${RED}Error: Jalankan script ini sebagai root (sudo su)${NC}"
  exit 1
fi

# --- INPUT PENGGUNA ---
echo -e "${YELLOW}--- Konfigurasi Awal ---${NC}"

# 1. Input Port SSH
read -p "Masukkan Port SSH Baru (Contoh: 3900): " SSH_PORT
if [[ -z "$SSH_PORT" ]]; then
    SSH_PORT=3900
    echo -e "${BLUE}Port kosong, menggunakan default: $SSH_PORT${NC}"
fi
# Validasi sederhana apakah angka
if ! [[ "$SSH_PORT" =~ ^[0-9]+$ ]]; then
    echo -e "${RED}Error: Port harus berupa angka.${NC}"
    exit 1
fi

# 2. Input Username Baru
read -p "Masukkan Username Baru (Pengganti Root): " NEW_USER
if [[ -z "$NEW_USER" ]]; then
    echo -e "${RED}Error: Username tidak boleh kosong.${NC}"
    exit 1
fi

# 3. Input Password Baru
read -s -p "Masukkan Password untuk $NEW_USER: " NEW_PASS
echo ""
if [[ -z "$NEW_PASS" ]]; then
    echo -e "${RED}Error: Password tidak boleh kosong.${NC}"
    exit 1
fi

echo -e "${GREEN}Konfigurasi Diterima:${NC}"
echo -e "Port SSH : $SSH_PORT"
echo -e "User     : $NEW_USER"
echo -e "Pass     : (Tersembunyi)"
echo ""
read -p "Tekan Enter untuk melanjutkan instalasi..."

# --- MULAI INSTALASI ---

# 1. Update Repository & Upgrade Paket
echo -e "${YELLOW}[1/9] Updating system...${NC}"
apt update && apt upgrade -y

# 2. Install Utility Dasar (Termasuk lsb-release & gnupg untuk PG Repo)
echo -e "${YELLOW}[2/9] Installing basic utilities...${NC}"
apt install -y sudo mc curl gnupg apt-transport-https software-properties-common lsb-release

# 3. Konfigurasi UFW (Firewall)
echo -e "${YELLOW}[3/9] Configuring UFW Firewall...${NC}"
apt install -y ufw
ufw default deny incoming
ufw default allow outgoing
ufw allow $SSH_PORT/tcp comment 'SSH Custom Port'
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow 'Nginx Full'
ufw --force enable

# 4. Buat User Baru & Konfigurasi SSH Key
echo -e "${YELLOW}[4/9] Creating new user ($NEW_USER) & configuring SSH...${NC}"

# Buat user dan tambahkan ke group sudo
useradd -m -s /bin/bash -G sudo $NEW_USER

# Set password
echo "$NEW_USER:$NEW_PASS" | chpasswd

# Salin SSH Authorized Keys dari root ke user baru (PENTING agar tidak lockout)
if [ -d /root/.ssh ] && [ -f /root/.ssh/authorized_keys ]; then
    mkdir -p /home/$NEW_USER/.ssh
    cp /root/.ssh/authorized_keys /home/$NEW_USER/.ssh/
    chown -R $NEW_USER:$NEW_USER /home/$NEW_USER/.ssh
    chmod 700 /home/$NEW_USER/.ssh
    chmod 600 /home/$NEW_USER/.ssh/authorized_keys
    echo -e "${GREEN}SSH Keys berhasil disalin ke user baru.${NC}"
else
    echo -e "${YELLOW}Peringatan: Tidak ditemukan SSH Key di root. Login hanya bisa menggunakan Password.${NC}"
fi

# 5. Ubah Port SSH
echo -e "${YELLOW}[5/9] Changing SSH Port to $SSH_PORT...${NC}"
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

# Ganti port
sed -i 's/^\s*#\?Port\s\+[0-9]\+/Port '"$SSH_PORT"'/' /etc/ssh/sshd_config

# Pastikan PasswordAuthentication on untuk jaga-jaga
sed -i 's/^\s*#\?PasswordAuthentication\s\+.*/PasswordAuthentication yes/' /etc/ssh/sshd_config

systemctl restart sshd
echo -e "${GREEN}SSH Port changed to $SSH_PORT.${NC}"

# 6. Install & Konfigurasi Fail2Ban
echo -e "${YELLOW}[6/9] Installing and Configuring Fail2Ban...${NC}"
apt install -y fail2ban
systemctl enable fail2ban
systemctl start fail2ban

cat > /etc/fail2ban/jail.local <<EOF
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 5

[sshd]
enabled = true
port = $SSH_PORT
filter = sshd
logpath = /var/log/auth.log
maxretry = 5
EOF

systemctl restart fail2ban

# 7. Install Nginx
echo -e "${YELLOW}[7/9] Installing Nginx...${NC}"
apt install -y nginx
systemctl enable nginx
systemctl start nginx

# 8. Install PostgreSQL 17 (Official Repo)
echo -e "${YELLOW}[8/9] Installing PostgreSQL 17 (Official Repo)...${NC}"

# Import kunci repository PostgreSQL
curl -fsSL https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /etc/apt/trusted.gpg.d/postgresql.gpg

# Tambahkan repository ke sources list
echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list

# Update lagi untuk mengambil paket dari repo baru
apt update

# Install versi 17 spesifik
apt install -y postgresql-17 postgresql-contrib-17

# Enable dan Start Service
systemctl enable postgresql
systemctl start postgresql

echo -e "${GREEN}PostgreSQL 17 installed.${NC}"

# 9. Install Certbot
echo -e "${YELLOW}[9/9] Installing Certbot...${NC}"
apt install -y certbot python3-certbot-nginx

# Cleanup
apt autoremove -y

# --- SELESAI & RINGKASAN ---
echo -e "${GREEN}=========================================${NC}"
echo -e "${GREEN}  Instalasi Selesai!                   ${NC}"
echo -e "${GREEN}=========================================${NC}"
echo -e "${YELLOW}Ringkasan Konfigurasi:${NC}"
echo -e "SSH Port   : $SSH_PORT"
echo -e "SSH User   : $NEW_USER"
echo -e "Web Server : Nginx (Port 80 & 443)"
echo -e "Database   : PostgreSQL 17"
echo -e "Firewall   : UFW (Active)"
echo -e "Security   : Fail2Ban (SSH Port $SSH_PORT)"
echo -e "Tools      : MC, Certbot"
echo ""
echo -e "${RED}⚠️  PENTING - JANGAN TUTUP TERMINAL INI DULU! ⚠️${NC}"
echo -e "1. Pastikan port $SSH_PORT terbuka di Dashboard Provider VPS."
echo -e "2. Buka terminal **BARU** dan test login:"
echo -e "   ${BLUE}ssh -p $SSH_PORT $NEW_USER@${NC}<IP_VPS_ANDA>"
echo -e "3. Jika login berhasil, baru Anda boleh logout dari sesi root ini."
echo -e "4. (Opsional) Untuk keamanan maksimal, edit /etc/ssh/sshd_config,"
echo -e "   ubah 'PermitRootLogin yes' menjadi 'no', lalu restart sshd."
echo -e "5. Untuk SSL, jalankan: certbot --nginx -d domain-anda.com"
echo -e "6. Untuk akses Postgres 17: sudo -u postgres psql"
echo ""

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)