Skip to content

Instantly share code, notes, and snippets.

@mufid

mufid/NginxPhp2004.md

Last active October 31, 2020 08:40
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mufid/3e931b216a6f02644b7bffa10639cd73 to your computer and use it in GitHub Desktop.
Save mufid/3e931b216a6f02644b7bffa10639cd73 to your computer and use it in GitHub Desktop.
Download ZIP
Nginx PHP Migration/Installation 20.04
Raw
NginxPhp2004.md

Memindahkan Pemasangan Wordpress (Ubuntu 20.04)

Cara-cara:

  • Siapkan mesin baru
  • Backup data dari mesin lama
  • Restore data ke mesin baru
  • Done

Menyiapkan Mesin Baru

Sebelum memulai, pastikan DNS sudah propagate ke mesin baru.

Spin up mesin baru kemudian perbaru dulu

# apt update
# apt upgrade

Lakukan instalasi Maridb

# apt install mariadb-server

Konfigurasikan Mariadb ke default yang aman:

# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] n
 ... skipping.

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] Y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Matikan Mariadb untuk sementara:

# systemctl stop mariadb

Selidiki konfigurasi Mariadb dan pindahkan storage ke attached volume

# cat /etc/mysql/mariadb.conf.d/50-server.cnf
...
datadir                 = /mnt/attached-storage/mariadb

Pastikan permission storage Mariadb tepat:

# chown -R mysql:mysql /mnt/attached-storage/mariadb
# chmod -R 755 /mnt/attached-storage/mariadb

Hidupkan kembali Mariadb:

# systemctl start mariadb

Lakukan instalasi snap untuk certbot

# sudo snap install core
# sudo snap refresh core

Lakukan instalasi nginx

# apt install nginx

Lakukan instalasi Certbot

$ sudo snap install --classic certbot
$ sudo ln -s /snap/bin/certbot /usr/bin/certbot

Instalasi nginx SSL dari Certbot:

$ sudo certbot --nginx

Lakukan instalasi PHP 7.4 FPM:

# sudo apt install php7.4-fpm \
                   php7.4-common \
                   php7.4-mbstring \
                   php7.4-xmlrpc \
                   php7.4-gd \
                   php7.4-xml \
                   php7.4-mysql \
                   php7.4-cli \
                   php7.4-zip \
                   php7.4-curl \
                   php7.4-bcmath \
                   php-imagick

Sunting konfigurasi /etc/nginx/sites-enabled/default menjadi sebagai berikut. Ganti yoursite.com menjadi FQDN situs web Anda.

server {
    root /mnt/volume_nyc1_01/nginx-sites;
    index index.php index.html index.htm index.nginx-debian.html;
    server_name yoursite.com www.yoursite.com;
    location / {
        try_files $uri $uri/ /index.php?$args;
    }
    # pass PHP scripts to FastCGI server
    #

    location ~ \.php$ {
            include snippets/fastcgi-php.conf;

            # With php-fpm (or other unix sockets):
            fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
            # With php-cgi (or other tcp sockets):
            # fastcgi_pass 127.0.0.1:9000;
            include fastcgi_params;
    }
    
    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #

    location ~ /\.ht {
            deny all;         
    }         

    listen [::]:443 ssl http2 ipv6only=on; # managed by Certbot
    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/yoursite.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/yoursite.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = www.yoursite.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = yoursite.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
    server_name yoursite.com www.yoursite.com;


    listen 80;
    listen [::]:80 ;
    return 404; # managed by Certbot
}

Buka /etc/nginx/fastcgi_params, pastikan isinya adalah sebagai berikut:

fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              $https if_not_empty;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param  REDIRECT_STATUS    200;

Backup dari mesin lama

Catatan: Backup hanya diperlukan jika belum menggunakan attached storage.

Backup HTML:

$ cd /var/www
$ tar cvf www-backup.tar.gz www

Kirim ke mesin baru:

$ scp www-backup.tar.gz root@mesinbaru:~

Backup SQL

$ mysqldump -u [user] -p [database_name] > mysqlbackup.sql

Kirim ke mesin baru:

$ scp mysqlbackup.sql root@mesinbaru:~

Restore Mesin Baru

Extract dan salin arsip HTML:

$ tar xvf www-backup.tar.gz
$ cp html /var/www -r
$ cd /var/www
$ chown www-data:www-data www -r

Buat database wordpress-nya:

$ mariadb
mariadb> CREATE DATABASE databasenya;

Buat akun Mariadb:

$ mariadb
mariadb> CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'passwordyangdiinginkan';
mariadb> GRANT ALL PRIVILEGES ON databasenya.* TO 'newuser'@'localhost';
mariadb> FLUSH PRIVILEGES;

Restore database:

$ mysql -u newuser -p databasenya < mysqlbackup.sql
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment