Skip to main content
  1. Posts/

Install Apache dengan PHP-FPM dan Userdir

·3 mins·
apache ubuntu linux php apache
Table of Contents

Berikut merupakan cara untuk menginstall webserver Nginx dengan PHP-FPM dan Userdir. Sebelum memulai pastikan Anda sudah memilki 1 server Ubuntu dengan RAM minimal 1GB.

Install Apache
# 

apt update
apt install apache2

Selanjutnya edit /etc/apache2/mods-available/userdir.conf seperti berikut

<IfModule mod_userdir.c>
   UserDir public_html
   UserDir disabled root
   UserDir enabled ubuntu

   <Directory /home/*/public_html>
      Options Indexes SymLinksIfOwnerMatch MultiViews ExecCGI Includes IncludesNOEXEC
      AllowOverride AuthConfig FileInfo Indexes Limit
      Require method GET POST OPTIONS
   </Directory>
</IfModule>
ubuntu merupakan user yang digunakan. Anda dapat sesuaikan kembali jika menggunakan user lain.

Enable module userdir dan beberapa module lain untuk keperluan PHP

a2enmod userdir actions fcgid alias proxy_fcgi

Buat virtual host

nano /etc/apache2/sites-available/ubuntu.conf

Edit ubuntu.conf

<VirtualHost *:80>
   ServerName example.com
   ServerAdmin webmaster@localhost
   DocumentRoot /home/ubuntu/public_html
    <Directory /home/ubuntu/public_html>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    <FilesMatch \.(phtml|phar|php[0-9]*)$>
      <If "-f %{REQUEST_FILENAME}">
        SetHandler "proxy:unix:/run/php/php7.4-fpm.ubuntu.sock|fcgi://localhost"
      </If>
    </FilesMatch>
   #LogLevel info ssl:warn
   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined
   #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

Enable site ubuntu

a2ensite ubuntu

Install PHP
# 

apt install php7.4 php7.4-bcmath php7.4-bz2 php7.4-cli php7.4-common php7.4-curl php7.4-enchant php7.4-fpm php7.4-imap php7.4-intl php7.4-json php7.4-mbstring php7.4-mysql php7.4-opcache php7.4-readline php7.4-xml php7.4-xmlrpc php7.4-zip

Buat pool fpm untuk user ubuntu

nano /etc/php/7.4/fpm/pool.d/ubuntu.conf

Edit ubuntu.conf

[ubuntu]
user = ubuntu
group = ubuntu
catch_workers_output = yes
chdir = /home/ubuntu/public_html
listen = /run/php/php7.4-fpm.ubuntu.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
listen.acl_users = ubuntu,www-data
listen.allowed_clients = 127.0.0.1
listen.backlog = 32768
request_slowlog_timeout = 5s
slowlog = /home/ubuntu/logs/php.slow.log

pm = ondemand
pm.max_children = 50
pm.max_requests = 200
pm.process_idle_timeout = 10
pm.start_servers = 1
pm.max_spare_servers = 1
pm.min_spare_servers = 1
pm.status_path = /status
ping.path = /ping
request_terminate_timeout = 300
security.limit_extensions = .phtml .php .php3 .php4 .php5 .php6 .php7 .php8

; php.ini custom configuration directives
php_admin_flag[allow_url_fopen] = on
php_admin_flag[log_errors] = on
php_admin_value[disable_functions] = exec,passthru,shell_exec,system
; abused php functions
; php_admin_value[disable_functions] = show_source, system, shell_exec, passthru, exec, popen, proc_open
php_admin_value[short_open_tag] = on
php_admin_value[sys_temp_dir] = "/home/ubuntu/tmp"
php_admin_value[upload_tmp_dir] = "/home/ubuntu/tmp"
php_admin_value[max_input_vars] = 10000
php_admin_value[doc_root] = "/home/ubuntu/public_html"
php_admin_value[error_log] = /home/ubuntu/logs/php.error.log
php_value[error_reporting] = E_ALL & ~E_NOTICE
php_value[max_execution_time] = 300
php_value[max_input_time] = 300
php_value[memory_limit] = 512M
;php_value[open_basedir] = "/home/ubuntu/:/tmp/:/var/www/:/usr/share/php/:/var/run/nginx-cache/:/dev/urandom:/dev/shm:/var/lib/php/sessions/"
php_value[session.save_handler] = files
php_value[session.save_path] = "/home/ubuntu/tmp"
php_value[date.timezone] = "Asia/Jakarta"
php_value[post_max_size] = 256M
php_value[upload_max_filesize] = 128M
env[TMPDIR] = "/home/ubuntu/tmp"

Buat folder docroot
#

Login sebagai user ubuntu lalu buat folder public_html dan atur permission home user

mkdir public_html
chmod 711 /home/ubuntu/

Buat file index.php untuk test PHP

nano ~/public_html/index.php

Edit index.php

<?php phpinfo(); ?>

Restart service
#

Terakhir restart service apache dan php-fpm

systemctl restart apache2 php7.4-fpm

Test akses web melalui http://example.com

Optimasi
#

Berikut merupakan tambahan konfigurasi untuk optimasi webserver dan php-fpm.

Langkah ini opsional dan dapat Anda lewati.

httpd.conf

ExtendedStatus On

TraceEnable Off
ServerSignature Off
ServerTokens ProductOnly
FileETag None

StartServers 5
<IfModule prefork.c>
    MinSpareServers 5
    MaxSpareServers 10
</IfModule>

ServerLimit 256
MaxRequestWorkers 150
MaxConnectionsPerChild 10000
KeepAlive On
KeepAliveTimeout 5
MaxKeepAliveRequests 100
Timeout 300

conf.d/ssl.conf

<IfModule ssl_module>
   SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
   SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
   SSLPassPhraseDialog  builtin
     
     <IfModule socache_shmcb_module>
        SSLUseStapling On
        SSLStaplingCache shmcb:/run/apache2/stapling_cache_shmcb(256000)

        # Prevent browsers from failing if an OCSP server is temporarily broken.
        SSLStaplingReturnResponderErrors off
        SSLStaplingErrorCacheTimeout 60
        SSLStaplingFakeTryLater off
        SSLStaplingResponderTimeout 3
        SSLSessionCache shmcb:/run/apache2/ssl_gcache_data_shmcb(1024000)
     </IfModule>
     <IfModule !socache_shmcb_module>
        SSLSessionCache dbm:/run/apache2/ssl_gcache_data_dbm
     </IfModule>

   SSLSessionCacheTimeout  300
   Mutex                   file:/run/apache2 ssl-cache
   SSLRandomSeed startup builtin
   SSLRandomSeed connect builtin

   AddType application/x-x509-ca-cert .crt
   AddType application/x-pkcs7-crl .crl
</IfModule>

conf.d/deflate.conf

<IfModule mod_deflate.c>
        # Compression Level
        DeflateCompressionLevel 5

        # Compress HTML, CSS, JavaScript, Text and XML
        AddOutputFilterByType DEFLATE application/javascript
        AddOutputFilterByType DEFLATE application/x-javascript
        AddOutputFilterByType DEFLATE application/xml
        AddOutputFilterByType DEFLATE application/json
        AddOutputFilterByType DEFLATE text/css
        AddOutputFilterByType DEFLATE text/html
        AddOutputFilterByType DEFLATE text/javascript
        AddOutputFilterByType DEFLATE text/plain
        AddOutputFilterByType DEFLATE text/xml

</IfModule>

conf.d/security.conf

# Disallow remote access to .htaccess, .htpasswd, .user.ini, and php.ini files
<Files ~ "^\.ht">
        Require all denied
        Satisfy All
</Files>

<FilesMatch "^(\.user\.ini|php\.ini)$">
        Require all denied
        Satisfy All
</FilesMatch>

php-fpm.conf

emergency_restart_threshold = 10
emergency_restart_interval = 1m
process_control_timeout = 10s

/etc/security/limits.conf

*         hard    nofile      500000
*         soft    nofile      500000
root      hard    nofile      500000
root      soft    nofile      500000

/opt/myscript/kernel.sh

echo 1 >/sys/kernel/mm/ksm/run
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
echo never > /sys/kernel/mm/transparent_hugepage/enabled

/etc/modules-load.d/htcp.conf

tcp_htcp

Related

Recover Root Password Ubuntu
·1 min
ubuntu linux ubuntu
Enable Userdir Module httpd
·2 mins
apache apache
Setting Network Ubuntu dengan Netplan
·1 min
ubuntu ubuntu linux
Linux Commands Cheat Sheet
·6 mins
linux linux
Install Docker
·3 mins
docker linux docker
Install Brave di Linux
·1 min
linux linux