Reverse-Proxy-Nginx-Multiple-Node
===============
Dokumentasi untuk Lab Reverse Proxy Nginx with Multiple Node
<img src="https://git.leon36.web.id/yukitoki/Reverse-Proxy-with-Nginx/raw/master/images/nginx-reverse-proxy.jpg" width="650">
Task
==============
Instalasi & Konfigurasi:
* Apache (Port 8080) node2
* Nginx as Reverse Proxy (Port 80) node1
* MariaDB 10.1 node3
* PHP node2
Ketentuan:
* WordPress: wordpress.domain.tld (PHP 7.2, Port 8080 + Reverse Proxy) dengan Document Root di /home/wordpress/
* PrestaShop: prestashop.domain.tld (PHP 7.1, Port 8080 + Reverse Proxy) dengan Document Root di /home/prestashop/
* Nextcloud: nextcloud.domain.tld (PHP 7.3, Port 8080 + Reverse Proxy) dengan Document Root di /home/nextcloud/
* Phpmyadmin: console-sql.task.my.id (PHP 7.1, Port 8080 + Reverse Proxy) dengan Document Root di /home/phpmyadmin/
* Semua website harus menggunakan SSL
* SSL tidak boleh menggunakan CloudFlare ataupun CertBot
* SSL yang boleh digunakan adalah https://sslforfree.com
Installasi dan konfigurasi MariaDB pada node3
===============
Tambahkan repo mariadb
```
# vim /etc/yum.repos.d/mariadb.repo
```
```
# MariaDB 10.1 CentOS repository
# http://downloads.mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
```
Simpan dan keluar, selanjut nya install mariadb
```
# yum -y install mariadb-server
```
Start dan enable MariaDB
```
# systemctl start mariadb
# systemctl enable mariadb
```
Kemudian setup MariaDB
```
# mysql_secure_installation
```
```
* Enter current password for root (enter for none): Just press the Enter
* Set root password? [Y/n]: Y
* New password: Enter password
* Re-enter new password: Repeat password
* Remove anonymous users? [Y/n]: Y
* Disallow root login remotely? [Y/n]: Y
* Remove test database and access to it? [Y/n]: Y
* Reload privilege tables now? [Y/n]: Y
```
Selanjutnya kita akan mengubah listen mariadb menjadi hanya listen pada ip private, agar database kita tidak bisa diakses dai luar
Cek ip terlebih dahulu
```
# ifconfig
```
Output:
```
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1460
inet 10.148.0.14 netmask 255.255.255.255 broadcast 10.148.0.9
inet6 fe80::4001:aff:fe94:9 prefixlen 64 scopeid 0x20<link>
ether 42:01:0a:94:00:09 txqueuelen 1000 (Ethernet)
RX packets 14403 bytes 125867464 (120.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11783 bytes 1123006 (1.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
```
Nah pada bagian inet tertera ip kita, silakan copy ip nya
kemudian buka konfigurasi mariadb server
```
# vim /etc/my.cnf.d/server.cnf
```
<img src="https://s3-id-jkt-1.kilatstorage.id/joyfloss/2020/03/db-ss1.png" width="650">
Selanjutnya buat user dan database untuk masing-masing CMS dan phpmyadmin
```
# mysql -u root -p
```
#### 1. Prestashop
```
CREATE DATABASE prestashop;
GRANT ALL PRIVILEGES ON prestashop.* TO 'prestashopuser'@'10.148.0.15' IDENTIFIED BY 'prestashoppass';
```
#### 2. Nextcloud
```
CREATE DATABASE nextcloud;
GRANT ALL PRIVILEGES ON nextcloud.* TO 'nextclouduser'@'10.148.0.15' IDENTIFIED BY 'nextcloudpass' WITH GRANT OPTION;
```
#### 3. Wordpress
```
CREATE DATABASE wordpress;
GRANT ALL PRIVILEGES ON wordpress.* TO 'wordpressuser'@'10.148.0.15' IDENTIFIED BY 'wordpresspass' WITH GRANT OPTION;
```
#### 4. Phpmyadmin
```
CREATE USER 'admin'@'10.148.0.15' IDENTIFIED BY 'password_here';
GRANT ALL PRIVILEGES ON *.* TO 'admin'@'10.148.0.15' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;
```
Konfigurasi apache dan php pada node2
=============
Tambahkan user baru
```
# useradd wordpress
# useradd prestashop
# useradd nextcloud
# useradd phpmyadmin
```
Kemudian tambahkan host untuk domain kita dengan listen ip private untuk mengarahkan request dari nginx nantinya
```
# vim /etc/hosts
```
<img src="https://git.leon36.web.id/yukitoki/Reverse-Proxy-with-Nginx/raw/master/images/ss-4.png" width="650">
Installasi dan konfigurasi tools yang dibutuhkan
===============
#### Step 1: Install dan konfigurasi apache2
```
# yum -y install httpd
```
Ubah agar apache listen pada ip private server dan pada port 8080
sama seperti pada node3 cek ip private nya dan copy
```
# vim /etc/httpd/conf/httpd.conf
```
<img src="https://s3-id-jkt-1.kilatstorage.id/joyfloss/2020/03/httpd-ss2-1.png" width="650">
Disini kita merubah listen menjadi ip private agar apache tidak bisa diakses dari luar, karena webserver
dan reverse proxy dalam 1 jaringan local yang sama maka kita tidak perlu mengekspose server ke luar dengan ip public
tapi cukup dengan ip private yang hanya bisa diakses oleh reverse proxy
#### Step 2: Install dan konfigurasi php
Selanjutnya install php, karena disini kita akan menggunakan 3 php dengan versi berbeda sekaligus, maka kita
akan menggunakan php-fpm dan kita akan mengubah setiap port default ketiga php aga bisa berjalan secara bersamaan diwaktu yang sama
Install repositori php remi
```
# yum install http://rpms.remirepo.net/enterprise/remi-release-7.rpm -y
```
Lalu install php satu per satu
php 7.1
```
# yum install php71 php71-php-fpm php71-php-mysql php71-php-pdo php71-php-gd php71-php-mbstring php71-php-mcrypt php71-php-xml php71-php-zip php71-php-intl php71-php-process php71-php-apcu -y
```
php 7.2
```
# yum -y install php72 php72-php-fpm php72-php-pdo php72-php-mysqlnd php72-php-opcache php72-php-xml php72-php-gd php72-php-devel php72-php-mysql php72-php-intl php72-php-mbstring php72-php-bcmath php72-php-json php72-php-iconv php72-php-soap php72-php-zip php72-php-mcrypt
```
php 7.3
```
# yum -y install php73 php73-php-fpm php73-php-pdo php73-php-mysqlnd php73-php-opcache php73-php-xml php73-php-gd php73-php-devel php73-php-mysql php73-php-intl php73-php-mbstring php73-php-bcmath php73-php-json php73-php-iconv php73-php-soap php73-php-zip php73-php-mcrypt
```
Konfigurasi php71. , buka www.conf
```
# vim /etc/opt/remi/php71/php-fpm.d/www.conf
```
Lalu tambahkan user dan group prestashop setelah apache, disini kita membuat agar webserver dapat mengakses direktory user
```
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
; RPM: apache user chosen to provide access to the same directories as httpd
user = apache
user = prestashop
; RPM: Keep a group allowed to write in log dir.
group = apache
group = prestashop
```
Kemudian ubah listen port :9000 menjadi :9071
```
; Note: This value is mandatory.
listen = 127.0.0.1:9071
```
Lakukan untuk kedua user lainnya juga, sesuaikan dengan task
* Tambahkan user wordpress dan phpmyadmin ke php 7.2 dan ubah port menjadi :9072
* Tambahkan user nextcloud ke php 7.3 dan ubah port menjadi :9073
Ubah kepemilikan directory session
```
# chown -R prestashop:prestashop /var/opt/remi/php71/lib/php/session/
# chown -R wordpress:wordpress /var/opt/remi/php72/lib/php/session/
# chown -R nextcloud:nextcloud /var/opt/remi/php73/lib/php/session/
```
Ubah settingan selinux dari enforcing menjadi permissive
```
# setenforce 0
```
Jalankan Service php
```
# systemctl start php71-php-fpm
# systemctl enable php71-php-fpm
# systemctl start php72-php-fpm
# systemctl enable php72-php-fpm
# systemctl start php73-php-fpm
# systemctl enable php73-php-fpm
```
#### Step 3: Konfigurasi apache2
Pertama kita harus mengubah userdir.conf agar apache dapat mengakses user direktory
```
# vim /etc/httpd/conf.d/userdir.conf
```
Ubah UserDir Disabled menjadi UserDir Enabled [nama user], jika lebih dari satu user maka tambahkan [nama user]
setelah [nama user] sebelumnya. lihat gambar dibawah agar lebih jelas
<img src="https://s3-id-jkt-1.kilatstorage.id/joyfloss/2020/03/httpd-ss3.png" width="650">
Kemudian scrol kebawah, di bagian
```
<Directory "/home/*/public_html">
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Require method GET POST OPTIONS
</Directory>
```
Hapus public_html, lihat gambar di bawah
<img src="https://git.leon36.web.id/yukitoki/Reverse-Proxy-with-Nginx/raw/master/images/ss-3.png" width="650">
Simpan dan keluar, lalu restart service apache
```
# systemctl restart httpd
```
Kemudian kita akan membuat virtualhost untuk masing-masing website
**1. Virtualhost untuk prestashop**
```
# vim /etc/httpd/conf.d/prestashop.conf
```
Kemudian isikan
```
<VirtualHost *:8080>
ServerName prestashop.task.my.id
ServerAdmin admin@task.my.id
DocumentRoot /home/prestashop
ErrorLog /home/prestashop/error.log
CustomLog /home/prestashop/requests.log combined
<FilesMatch \.php$>
SetHandler "proxy:fcgi://127.0.0.1:9071"
</FilesMatch>
<Directory /home/prestashop>
<IfModule mod_dir.c>
DirectoryIndex index.php index.html index.htm
</IfModule>
AllowOverride all
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
```
Disini saya menggunakan domain prestashop.task.my.id untuk website prestashop nantinya, silakan ubah dengan
domain kalian dan jangan lupa untuk menambahkan A record
Kemudian perhatikan SetHandler “proxy:fcgi://127.0.0.1:9071” , disini kita mengarahkan setiap pemrosesan php ke php7.1,
ingat tadi pada konfigurasi php7.1 kita mengubah listen port menjadi 9071
**2. Virtualhost untuk wordpress**
```
<VirtualHost *:8080>
ServerName wordpress.task.my.id
ServerAdmin admin@task.my.id
DocumentRoot /home/wordpress
ErrorLog /home/wordpress/error.log
CustomLog /home/wordpress/requests.log combined
<FilesMatch \.php$>
SetHandler "proxy:fcgi://127.0.0.1:9072"
</FilesMatch>
<Directory /home/wordpress>
<IfModule mod_dir.c>
DirectoryIndex index.php index.html index.htm
</IfModule>
AllowOverride all
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
```
Disini kita sesuaikan juga user dan listen portnya menjadi :9072
**3. Virtualhost untuk nextcloud**
```
<VirtualHost *:8080>
ServerName nextcloud.task.my.id
ServerAdmin admin@task.my.id
DocumentRoot /home/nextcloud
ErrorLog /home/nextcloud/error.log
CustomLog /home/nextcloud/requests.log combined
<FilesMatch \.php$>
SetHandler "proxy:fcgi://127.0.0.1:9073"
</FilesMatch>
<Directory /home/nextcloud>
<IfModule mod_dir.c>
DirectoryIndex index.php index.html index.htm
</IfModule>
AllowOverride all
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
```
**4. Virtualhost untuk phpmyadmin**
```
<VirtualHost *:8080>
ServerName console-sql.task.my.id
ServerAdmin admin@task.my.id
DocumentRoot /home/phpmyadmin
ErrorLog /home/phpmyadmin/error.log
CustomLog /home/phpmyadmin/requests.log combined
<FilesMatch \.php$>
SetHandler "proxy:fcgi://127.0.0.1:9073"
</FilesMatch>
<Directory /home/phpmyadmin>
<IfModule mod_dir.c>
DirectoryIndex index.php index.html index.htm
</IfModule>
AllowOverride all
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
```
Jika sudah semua cek apakah ada konfigurasi yang salah
```
# httpd -t
```
Restart apache
```
# systemctl restart httpd
```
Selanjutnya lakukan pengecekan php menggunakan curl
Pertama buat file index.php di setiap dir root website
```
# echo "<?php phpinfo();" > /home/nextcloud/test.php
# echo "<?php phpinfo();" > /home/wordpress/test.php
# echo "<?php phpinfo();" > /home/prestashop/test.php
```
Selanjut nya ubah kepemilikan dan permission setiap dir root website
```
# chown -R nextcloud:nextcloud /home/nextcloud
# chmod -R 755 /home/nextcloud
# chown -R wordpress:wordpress /home/wordpress
# chmod -R 755 /home/wordpress
# chown -R prestashop:prestashop /home/prestashop
# chmod -R 755 /home/prestashop
```
Cek versi php dengan curl
Prestashop
```
# curl -I prestashop.task.my.id:8080/test.php
```
Output:
```
HTTP/1.1 200 OK
Date: Sun, 08 Mar 2020 07:27:22 GMT
Server: Apache/2.4.6 (CentOS)
X-Powered-By: PHP/7.1.33
Content-Type: text/html; charset=UTF-8
```
Wordpress
```
# curl -I wordpress.task.my.id:8080/test.php
```
Output:
```
HTTP/1.1 200 OK
Date: Sun, 08 Mar 2020 07:29:15 GMT
Server: Apache/2.4.6 (CentOS)
X-Powered-By: PHP/7.2.28
Content-Type: text/html; charset=UTF-8
```
Nextcloud
```
# curl -I nextcloud.task.my.id:8080/test.php
```
Output:
```
HTTP/1.1 200 OK
Date: Sun, 08 Mar 2020 07:30:08 GMT
Server: Apache/2.4.6 (CentOS)
X-Powered-By: PHP/7.3.15
Content-Type: text/html; charset=UTF-8
```
Perhatikan pada bagian X-Powered-By: PHP/ pastikan versi php nya sudah cocok dengan yang kita inginkan
Konfigurasi reverse proxy nginx pada node1
===============
Install dan enable nginx
```
# yum -y install nginx
```
Start dan enable nginx
```
# systemctl start nginx
# systemctl enable nginx
```
Buat server block yang akan di gunakan sebagai reverse proxy yang mengarah pada masing-masing website
**1. Prestashop**
```
# vim /etc/nginx/conf.d/prestashop.conf
```
Kemudian isikan
```
server {
listen 80;
server_name prestashop.task.my.id;
location / {
proxy_set_header Host $host;
proxy_set_header Accept-Encoding "";
proxy_pass http://prestashop.task.my.id:8080;
}
}
```
**2. Wordpress**
```
server {
listen 80;
server_name wordpress.task.my.id;
location / {
proxy_set_header Host $host;
proxy_set_header Accept-Encoding "";
proxy_pass http://wordpress.task.my.id:8080;
}
}
```
**3. Nextcloud**
```
server {
listen 80;
server_name nextcloud.task.my.id;
location / {
proxy_set_header Host $host;
proxy_set_header Accept-Encoding "";
proxy_pass http://nextcloud.task.my.id:8080;
}
}
```
**4. Phpmyadmin**
```
server {
listen 80;
server_name console-sql.task.my.id;
location / {
proxy_set_header Host $host;
proxy_set_header Accept-Encoding "";
proxy_pass http://nextcloud.task.my.id:8080;
}
}
```
Cek apakah ada error pada konfigurasi kita
```
# nginx -t
```
Restart nginx
```
# systemctl restart nginx
```
Jika sudah lakukan pengecekan kembali dengan curl
```
# curl -I prestashop.task.my.id/test.php
```
Output:
```
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Sun, 08 Mar 2020 08:01:26 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 25
Connection: keep-alive
Last-Modified: Sun, 08 Mar 2020 07:41:33 GMT
ETag: "19-5a05303fcdfb0"
Accept-Ranges: bytes
```
Perhatikan pada bagian Server, pastikan server nya nginx
lalu coba curl website lainnya juga dan pastikan server nya nginx
Installasi prestashop, wordpress, nextcloud dan phpmyadmin
==============
### 1. Prestashop
#### Step 1: Konfigurasi php untuk prestashop
Buka konfigurasi php.ini
```
# vim /etc/opt/remi/php71/php.ini
```
Lalu ubah beberapa bagian menjadi
```
file_uploads = On
allow_url_fopen = On
memory_limit = 1024M
max_execution_time = 18000
upload_max_filesize = 256M
```
#### Step 2: Download dan konfigurasi prestashop
Masuk ke dir root prestashop
```
# cd /home/prestashop
```
Kemudian hapus file index.html dan test.php yang sudah kita buat
```
# rm -f test.php
```
Download prestashop
```
# curl -O https://download.prestashop.com/download/releases/prestashop_1.7.6.4.zip
```
Unzip prestashop dan hapus archive
```
# unzip prestashop_1.7.2.4.zip
# rm -f prestashop_1.7.2.4.zip
```
Ubah permission dan kepilikan directory
```
# chown -R prestashop:prestashop /home/prestashop
# chmod -R 755 /home/prestashop
```
Setup prestashop dengan mengakses prestashop.task.my.id di browser
<img src="https://git.leon36.web.id/yukitoki/Reverse-Proxy-with-Nginx/raw/master/images/ss-5.png" width="650">
Tunggu hingga selesai
<img src="https://git.leon36.web.id/yukitoki/Reverse-Proxy-with-Nginx/raw/master/images/ss-6.png" width="650">
Lalu setup seperti biasa
<img src="https://git.leon36.web.id/yukitoki/Reverse-Proxy-with-Nginx/raw/master/images/ss-7.png" width="650">
Selamat prestashop berhasil diinstall
### 2.Wordpress
#### Step 1: Konfigurasi php untuk wordpress
Buka konfigurasi php.ini
```
# vim /etc/opt/remi/php72/php.ini
```
Lalu ubah beberapa bagian menjadi
```
file_uploads = On
max_execution_time = 180
memory_limit = 256M
upload_max_filesize = 64M
```
Restart php dan apache
```
# systemctl restart php72-php-fpm
# systemctl restart httpd
```
#### Step 2: Download dan konfigurasi wordpress
Masuk ke dir root wordpress
```
# cd /home/wordpress
```
Kemudian hapus file index.html dan test.php yang sudah kita buat
```
# rm -f index.html test.php
```
Download wordpress
```
# wget https://wordpress.org/latest.tar.gz
```
Untar wordpress dan hapus archive
```
# tar -xzvf latest.tar.gz
# rm -f latest.tar.gz
```
Kemudian pindahkan isi wordpress ke /home/wordpress karena dir root weabsite kita berada pada /home/wordpress, dan hapus directory kosong wordpress
```
# mv wordpress/* .
# rm -rf wordpress
```
Copy config sample wordpress
```
# cp /home/wordpress/wp-config-sample.php /home/wordpress/wp-config.php
```
Kemudian edit isi config.php
```
# vim /home/wordpress/wp-config.php
```
Ganti databse,user dan password dibawah dengan database yang sudah dibuat tadi
```
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'wordpress');
/** MySQL database username */
define('DB_USER', 'wordpressuser');
/** MySQL database password */
define('DB_PASSWORD', 'wordpresspass');
/** MySQL hostname */
define('DB_HOST', '10.148.0.9');
/** Database Charset to use in creating database tables. */
define('DB_CHARSET', 'utf8');
/** The Database Collate type. Don't change this if in doubt. */
define('DB_COLLATE', '');
```
Ubah permission dan kepilikan directory
```
# chown -R wordpress:wordpress /home/wordpress
# chmod -R 755 /home/wordpress
```
Kemudian akses wordpress.task.my.id
Setup seperti biasa
<img src="https://git.leon36.web.id/yukitoki/Reverse-Proxy-with-Nginx/raw/master/images/ss-8.png" width="650">
Selamat wordpress berhasil diinstall
### 3. nextcloud
#### Step 1: Download dan konfigurasi nextcloud
Masuk ke dir root nextcloud
```
# cd /home/nextcloud
```
Kemudian hapus file index.html dan test.php yang sudah kita buat
```
# rm -f test.php
```
Download nextcloud
```
# wget https://download.nextcloud.com/server/releases/latest-17.zip
```
Unzip nextcloud dan hapus archive
```
# unzip latest-17.zip
# rm -f latest-17.zip
```
Kemudian pindahkan isi nextcloud ke /home/nextcloud
```
# mv nextcloud/* .
# rm -rf nextcloud
```
Ubah permission dan kepilikan directory
```
# chown -R nextcloud:nextcloud /home/nextcloud
# chmod -R 755 /home/nextcloud
```
Selanjutnya akses nextcloud.task.my.id dan lakukan setup
<img src="https://git.leon36.web.id/yukitoki/Reverse-Proxy-with-Nginx/raw/master/images/ss-9.png" width="650">
Selamat nextcloud berhasil diinstall
### 4.phpmyadmin
#### Step 1: Install phpmyadmin
```
# yum -y install phpmyadmin
```
Link phpmyadmin
```
ln -s /usr/share/phpMyAdmin
```
#### Step 2: Konfigurasi virtualhost dan serverblock untuk phpmyadmin
*** 1.Konfigurasi virtualhost pana node2***
```
# vim /etc/httpd/conf.d/phpmyadmin.conf
```
```
<VirtualHost *:8080>
ServerName console-sql.task.my.id
ServerAdmin admin@task.my.id
DocumentRoot /var/www/html/phpmyadmin
ErrorLog /var/www/html/phpmyadmin/error.log
CustomLog /var/www/html/phpmyadmin/requests.log combined
<FilesMatch \.php$>
SetHandler "proxy:fcgi://127.0.0.1:9071"
</FilesMatch>
<Directory /var/www/html/phpmyadmin>
<IfModule mod_dir.c>
DirectoryIndex index.php index.html index.htm
</IfModule>
AllowOverride all
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
```
*** 2.Konfigurasi server block pada node1***
```
# vim /etc/nginx/conf.d/
```
```
server {
listen 80;
server_name console-sql.task.my.id;
location / {
proxy_set_header Host $host;
proxy_set_header Accept-Encoding "";
proxy_pass http://console-sql.task.my.id:8080;
}
}
```
Kemudian coba akses console-sql.task.my.id
<img src="https://git.leon36.web.id/yukitoki/Reverse-Proxy-with-Nginx/raw/master/images/ss-10.png" width="650">
Selamat phpmyadmin sudah terinstall
*** 3. Buat user untuk phpmyadmin***
```
# mysql -u root -p
```
```
CREATE USER 'user'@'%' IDENTIFIED BY 'user';
GRANT ALL PRIVILEGES ON *.* TO 'user'@'%' WITH GRANT OPTION;
FLUSH PRIVILEGES;
EXIT;
```
Selanjunya coba login dengan user yang sudah di buat
<img src="https://git.leon36.web.id/yukitoki/Reverse-Proxy-with-Nginx/raw/master/images/ss-11.png" width="650">
