Web Server

Apa itu Web Server? Web Server adalah sebuah program yang digunakan untuk melayani request http/s dari client browser. Web server umumnya menggunakan port 80/tcp untuk http dan port 443/tcp untuk https. Web server ada banyak, ada apache, nginx, dan openlitespeed dan masih banyak lainnya.

Cara Kerja Web Server

Topologi

Kita menjadikan server ns2 sebagai web server. Untuk domain ‘idn-academy.id’ akan dipointing ke server ns2, dan buat juga subdomain ‘wp.idn-academy.id’ yang dipointing juga di server ns2.

Instalasi Web Server Apache

  • Kita pastikan apache atau ‘httpd’ sudah terinstall di ns2.
n2
[sysadmin@ns2 ~]$ sudo dnf update -y[sysadmin@ns2 ~]$ sudo dnf install -y httpd openssl mod_ssl

1. Konfigurasi ssl.

  • Kita akan membuat self signed certificate dengan openssl. Kita akan buat ca terlebih dahulu
ns2
[root@ns2 ~]# sudo mkdir /etc/ssl/idn-academy.id[root@ns2 ~]# cd /etc/ssl/idn-academy.id/[sysadmin@ns2 idn-academy.id]$ sudo openssl genrsa  -out ca.key 2048[sysadmin@ns2 idn-academy.id]$ sudo openssl req -x509 -new -nodes -key ca.key -sha256 -days 365 -out ca.pemYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter ‘.’, the field will be left blank.—–Country Name (2 letter code) [XX]:IDState or Province Name (full name) []:East JavaLocality Name (eg, city) [Default City]:SurabayaOrganization Name (eg, company) [Default Company Ltd]:IDN ACADEMYOrganizational Unit Name (eg, section) []:SYSADMINCommon Name (eg, your name or your server’s hostname) []:ns2.idn-academy.idEmail Address []:root@idn-academy.id
  • Setelah itu buat key domain, csr domain.
ns2
[sysadmin@ns2 idn-academy.id]$ sudo openssl genrsa -out domain.key 2048[sysadmin@ns2 idn-academy.id]$ sudo openssl req -new -key domain.key -out domain.csrYou are about to be asked to enter information that will be incorporatedinto your certificate request.What you are about to enter is what is called a Distinguished Name or a DN.There are quite a few fields but you can leave some blankFor some fields there will be a default value,If you enter ‘.’, the field will be left blank.—–Country Name (2 letter code) [XX]:IDState or Province Name (full name) []:East JavaLocality Name (eg, city) [Default City]:SurabayaOrganization Name (eg, company) [Default Company Ltd]:IDN ACADEMYOrganizational Unit Name (eg, section) []:SYSADMINCommon Name (eg, your name or your server’s hostname) []:idn-academy.idEmail Address []:root@idn-academy.id
Please enter the following ‘extra’ attributesto be sent with your certificate requestA challenge password []:An optional company name []:
  • Lalu buat file config.txt yang berisi seperti dibawah ini
ns2
[sysadmin@ns2 idn-academy.id]$ sudo nano config.txt
/etc/ssl/idn-academy.id/config.txt
authorityKeyIdentifier=keyid,issuerbasicConstraints=CA:FALSEkeyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEnciphermentsubjectAltName = @alt_names
[alt_names]DNS.1 = idn-academy.idDNS.2 = *.idn-academy.id
  • Lalu generate cert untuk domain ‘idn-academy.id’.
ns2
[sysadmin@ns2 idn-academy.id]$ openssl x509 -req -in domain.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out domain.crt -days 365 -sha256 -extfile config.txtCertificate request self-signature oksubject=C = ID, ST = East Java, L = Surabaya, O = IDN ACADEMY, OU = SYSADMIN, CN = idn-academy.id, emailAddress = root@idn-academy.id
  • Cek di direktori ‘idn-academy.id’ seharusnya ada file ca.pem, domain.key dan domain.crt.
ns2
[sysadmin@ns2 ssl]$ sudo ls idn-academy.id/ca.key ca.pem ca.srl config.txt  domain.crt domain.csr  domain.key
  • Lalu konfigurasi file ‘ssl.conf’ didirektori ‘/etc/httpd/conf.d’.
ns2
[sysadmin@ns2 conf.d]$ cd[sysadmin@ns2 ~]$ cd /etc/httpd/conf.d/[sysadmin@ns2 conf.d]$ sudo nano ssl.conf 
/etc/httpd/conf.d/ssl.conf
Listen 443 httpsSSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialogSSLSessionCache         shmcb:/run/httpd/sslcache(512000)SSLSessionCacheTimeout  300SSLCryptoDevice builtin
<VirtualHost _default_:443>
ErrorLog logs/ssl_error_logTransferLog logs/ssl_access_logLogLevel warnSSLHonorCipherOrder onSSLCipherSuite PROFILE=SYSTEMSSLProxyCipherSuite PROFILE=SYSTEMSSLEngine onSSLCertificateFile /etc/ssl/idn-academy.id/domain.crtSSLCertificateKeyFile /etc/ssl/idn-academy.id/domain.keySSLCACertificateFile /etc/ssl/idn-academy.id/ca.pem
<FilesMatch “\.(cgi|shtml|phtml|php)$”>    SSLOptions +StdEnvVars</FilesMatch><Directory “/var/www/cgi-bin”>    SSLOptions +StdEnvVars</Directory>
BrowserMatch “MSIE [2-5]” \         nokeepalive ssl-unclean-shutdown \         downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \          “%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”
</VirtualHost>
  • Setelah itu restart service httpd nya. Dan coba akses dari client.
ns2
[sysadmin@ns2 conf.d]$ sudo systemctl restart httpd

2. Konfigurasi Virtual Host dan Install Wordpres.

Virtual Host adalah konsep untuk menjalankan dua atau lebih situs web dalam satu server fisik. Kita akan deploy wordpress menggunakan virtual host dan expose pada port 8080.

  • Download wordpress dan ekstrak ke file zip. Lalu pindahkan ke direktori ‘/var’
ns2
[sysadmin@ns2 ~]$ wget https://id.wordpress.org/latest-id_ID.zip[sysadmin@ns2 ~]$ unzip latest-id_ID.zip [sysadmin@ns2 ~]$ sudo mv wordpress /var/www/
  • Setelah itu buat file ‘wordpress.conf’ di direktori ‘/etc/httpd/conf.d’. Konfigurasi seperti berikut.
ns2
[sysadmin@ns2 ~]$ sudo nano /etc/httpd/conf.d/wordpress.conf 
/etc/httpd/conf.d/wordpress.conf
Listen 8080<VirtualHost *:80>
ServerAdmin root@idn-academy.idDocumentRoot /var/www/wordpressServerName wp.idn-academy.idErrorLog logs/wordpress_error_logCustomLog logs/wordpress_access_log common 
SSLEngine onSSLCertificateFile /etc/ssl/idn-academy.id/domain.crtSSLCertificateKeyFile /etc/ssl/idn-academy.id/domain.keySSLCACertificateFile /etc/ssl/idn-academy.id/ca.pem
</VirtualHost>
  • Setelah itu restart service httpd. Dan buat database untuk wordpress.
ns2
[sysadmin@ns2 ~]$ sudo systemctl restart httpd[sysadmin@ns2 ~]$ sudo mysqlWelcome to the MariaDB monitor.  Commands end with ; or \g.Your MariaDB connection id is 72Server version: 10.5.22-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
MariaDB [(none)]> create database dbwordpress;Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> grant all privileges on dbwordpress.* to ‘sysadmin’@’%’ identified by ‘sysadmin’;Query OK, 0 rows affected (0.006 sec)
MariaDB [(none)]> flush privileges;Query OK, 0 rows affected (0.003 sec)

  • Masukkan nama database, user dan password untuk database ‘dbwordpress’ yang sudah dibuat.
  • Setelah koneksi kedatase sudah selesai. Lanjut setup judul situs web, user dan password yang digunakan untuk login situs web wordpress.

  • Setelah itu coba masuk dengan kredensial yang baru saja dibuat. YmEdAcAnDi

  • Tampilan dashboard admin dan landing page wordpress.

2. Konfigurasi User Dir dan Install Flop.

Fungsi dari userdir supaya user yang ada disuatu server bisa mempunyai situsnya masing”. Dan juga bisa melakukan update sendiri, yang man acara kerjanya mirip seperti hosting.

  • Edit file ‘userdir.conf’ yang berada di direktori ‘/etc/httpd/conf.d’ dan tambahkan konfigurasi seperti dibawah ini.
ns2
[sysadmin@ns2 ~]$ sudo nano /etc/httpd/conf.d/userdir.conf 
/etc/httpd/conf.d/userdir.conf
<IfModule mod_userdir.c>    UserDir enabled
    UserDir public_html</IfModule>
<Directory “/home/*/public_html”>    AllowOverride FileInfo AuthConfig Limit Indexes    Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec    Require method GET POST OPTIONS</Directory>
  • Setelah itu install git, dan clone repository berikut https://github.com/nebez/floppybird. Dan rename direktori ‘floppybird’ jadi ‘public_html’. Ubah juga permission direktori home sysadmin menjadi 711 dan direktori public_html jadi 755. Setelah itu restart service httpd.
ns2
[sysadmin@ns2 ~]$ sudo dnf install -y git[sysadmin@ns2 ~]$ git clone https://github.com/nebez/floppybird[sysadmin@ns2 ~]$ mv floppybird public_html

[sysadmin@ns2 ~]$ chmod 711 /home/sysadmin[sysadmin@ns2 ~]$ chmod 755 public_html
  • Jika sudah coba akses melalui browser ‘http://idn-academy.id/~sysadmin’.

Konfigurasi Basic Auth Httpd.

  • Kita akan membuat autentikasi ketika ada client mengakses game floopy bird di direktori user sysadmin. Buat file ‘.htaccess’ di direktori ‘/home/sysadmin/public_html’ yang berisi seperti dibawah ini.
ns2
[sysadmin@ns2 ~]$ cd public_html/[sysadmin@ns2 public_html]$ nano .htaccess 
/home/sysadmin/.user
AuthType BasicAuthName “Silahkan login”AuthUserFile “/home/sysadmin/.user”Require valid-user 
  • Setelah itu buat user ‘alif’ dan password ‘alif’ dengan perintah htpasswd. Lalu restart servicenya. Dan uji coba akses situs user sysadmin ‘https://idn-academy.id/~sysadmin’.
ns2
[sysadmin@ns2 public_html]$ htpasswd -c ~/.user alifNew password: alifRe-type new password: alifAdding password for user alif 
[sysadmin@ns2 public_html]$ sudo systemctl restart httpd

Konfigurasi Firewall Sebelum Httpd.

  • Open port 80/tcp, 443/tcp dan 8080/tcp
ns2
[sysadmin@ns2 ~]$ sudo firewall-cmd –add-port=80/tcp –permanent success[sysadmin@ns2 ~]$ sudo firewall-cmd –add-port=443/tcp –permanent success[sysadmin@ns2 ~]$ sudo firewall-cmd –add-port=8080/tcp –permanent success[sysadmin@ns2 ~]$ sudo firewall-cmd –reload success

Tertarik mengikuti training di ID-Networkers? Kami menyediakan berbagai pilihan training yang bisa kamu ikuti, klik disini untuk info lengkapnya.

Penulis : Achmad Alif Nasrulloh