Banyak developer atau sysadmin yang butuh setup server sederhana untuk aplikasi berbasis container. Artikel ini membahas cara membuat VPS berbasis RedHat (contoh: Amazon Linux, CentOS, Rocky, AlmaLinux) siap pakai di mode produksi menggunakan Docker, Nginx, dan Cloudflare SSL.
Update paket
sudo dnf update -y Buat user non-root (misal mona)
sudo adduser mona sudo passwd mona # kalau masih mau pakai password sementara sudo usermod -aG wheel mona Setup SSH Key Authentication
Dari Windows atau lokal machine:
ssh-keygen -t ed25519 -C "emailkamu@example.com" Hasilnya ada id_rsa (private key, simpan lokal) dan id_rsa.pub (public key).
Salin id_rsa.pub ke VPS:
sudo mkdir -p /home/nemo/.ssh sudo nano /home/nemo/.ssh/authorized_keys # paste isi id_rsa.pub di sini sudo chown -R nemo:nemo /home/nemo/.ssh sudo chmod 700 /home/nemo/.ssh sudo chmod 600 /home/nemo/.ssh/authorized_keys Edit konfigurasi SSH:
sudo nano /etc/ssh/sshd_config Ubah:
PermitRootLogin no PasswordAuthentication no Restart SSH:
sudo systemctl restart sshd Sekarang login hanya bisa dengan private key.
2. Install Docker & Docker Compose
sudo dnf install -y docker sudo systemctl enable docker sudo systemctl start docker sudo usermod -aG docker nemo Untuk Docker Compose (binary standalone):
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose sudo chmod +x /usr/local/bin/docker-compose Logout/login ulang agar user bisa pakai docker tanpa sudo.
3. Hubungkan Domain dengan Cloudflare
- Tambahkan domain ke Cloudflare Dashboard.
- Arahkan A record domain ke IP publik VPS.
- Di menu SSL/TLS, pilih mode Full (Strict).
4. Setup SSL di VPS (Cloudflare Origin Certificate)
Buat Sertifikat
- Masuk Cloudflare → SSL/TLS > Origin Server → Create Certificate.
- Pilih RSA, validity bisa 15 tahun.
- Download Origin Certificate dan Private Key.
Pasang di VPS
Simpan di:
sudo mkdir -p /etc/ssl/cloudflare sudo nano /etc/ssl/cloudflare/cert.pem # paste certificate sudo nano /etc/ssl/cloudflare/key.pem # paste private key Install Nginx
sudo dnf install -y nginx sudo systemctl enable nginx sudo systemctl start nginx Konfigurasi Nginx Minimal
/etc/nginx/conf.d/app.conf
server { listen 80; server_name domainkamu.com www.domainkamu.com; return 301 https://$host$request_uri; } server { listen 443 ssl; server_name domainkamu.com www.domainkamu.com; ssl_certificate /etc/ssl/cloudflare/cert.pem; ssl_certificate_key /etc/ssl/cloudflare/key.pem; location / { proxy_pass http://127.0.0.1:3000; # arahkan ke container app proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } Reload Nginx:
sudo nginx -t sudo systemctl reload nginx 5. Firewall & Security Groups
Firewalld
Install & aktifkan:
sudo dnf install -y firewalld sudo systemctl enable firewalld sudo systemctl start firewalld Izinkan port penting:
sudo firewall-cmd --permanent --add-service=ssh sudo firewall-cmd --permanent --add-service=https sudo firewall-cmd --permanent --remove-service=http # kalau tidak butuh redirect sudo firewall-cmd --reload Security Group (AWS/Cloud Provider)
Atur inbound rule:
- Port 22 (SSH) → hanya dari IP kamu
- Port 443 (HTTPS) → open to all
- Port 80 → optional (redirect), kalau tidak perlu jangan dibuka
6. Menjalankan Aplikasi dengan Docker
Contoh docker-compose.yml sederhana:
version: '3.8' services: app: image: your-docker-image:latest container_name: myapp restart: always ports: - "3000:3000" Jalankan:
docker-compose up -d Let’s try
Source: DEV Community.
Leave a Reply