Cara-cara:
- Siapkan mesin baru
- Backup data dari mesin lama
- Restore data ke mesin baru
- Done
Sebelum memulai, pastikan DNS sudah propagate ke mesin baru.
Spin up mesin baru kemudian perbaru dulu
# apt update
# apt upgrade
Lakukan instalasi Maridb
# apt install mariadb-server
Konfigurasikan Mariadb ke default yang aman:
# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] n
... skipping.
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
Matikan Mariadb untuk sementara:
# systemctl stop mariadb
Selidiki konfigurasi Mariadb dan pindahkan storage ke attached volume
# cat /etc/mysql/mariadb.conf.d/50-server.cnf
...
datadir = /mnt/attached-storage/mariadb
Pastikan permission storage Mariadb tepat:
# chown -R mysql:mysql /mnt/attached-storage/mariadb
# chmod -R 755 /mnt/attached-storage/mariadb
Hidupkan kembali Mariadb:
# systemctl start mariadb
Lakukan instalasi snap untuk certbot
# sudo snap install core
# sudo snap refresh core
Lakukan instalasi nginx
# apt install nginx
Lakukan instalasi Certbot
$ sudo snap install --classic certbot
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot
Instalasi nginx SSL dari Certbot:
$ sudo certbot --nginx
Lakukan instalasi PHP 7.4 FPM:
# sudo apt install php7.4-fpm \
php7.4-common \
php7.4-mbstring \
php7.4-xmlrpc \
php7.4-gd \
php7.4-xml \
php7.4-mysql \
php7.4-cli \
php7.4-zip \
php7.4-curl \
php7.4-bcmath \
php-imagick
Sunting konfigurasi /etc/nginx/sites-enabled/default
menjadi sebagai berikut. Ganti yoursite.com
menjadi FQDN situs web Anda.
server {
root /mnt/volume_nyc1_01/nginx-sites;
index index.php index.html index.htm index.nginx-debian.html;
server_name yoursite.com www.yoursite.com;
location / {
try_files $uri $uri/ /index.php?$args;
}
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
include snippets/fastcgi-php.conf;
# With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
# With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
location ~ /\.ht {
deny all;
}
listen [::]:443 ssl http2 ipv6only=on; # managed by Certbot
listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/yoursite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/yoursite.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.yoursite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = yoursite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name yoursite.com www.yoursite.com;
listen 80;
listen [::]:80 ;
return 404; # managed by Certbot
}
Buka /etc/nginx/fastcgi_params
, pastikan isinya adalah sebagai berikut:
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS $https if_not_empty;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param REDIRECT_STATUS 200;
Catatan: Backup hanya diperlukan jika belum menggunakan attached storage.
Backup HTML:
$ cd /var/www
$ tar cvf www-backup.tar.gz www
Kirim ke mesin baru:
$ scp www-backup.tar.gz root@mesinbaru:~
Backup SQL
$ mysqldump -u [user] -p [database_name] > mysqlbackup.sql
Kirim ke mesin baru:
$ scp mysqlbackup.sql root@mesinbaru:~
Extract dan salin arsip HTML:
$ tar xvf www-backup.tar.gz
$ cp html /var/www -r
$ cd /var/www
$ chown www-data:www-data www -r
Buat database wordpress-nya:
$ mariadb
mariadb> CREATE DATABASE databasenya;
Buat akun Mariadb:
$ mariadb
mariadb> CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'passwordyangdiinginkan';
mariadb> GRANT ALL PRIVILEGES ON databasenya.* TO 'newuser'@'localhost';
mariadb> FLUSH PRIVILEGES;
Restore database:
$ mysql -u newuser -p databasenya < mysqlbackup.sql