Panduan Instalasi WordPress di VPS Ubuntu

Cara Install WordPress di VPS Ubuntu

By Posted on

Cara Install WordPress di VPS Ubuntu. Di artikel kali ini saya akan membahas mengenai bagaimana cara memasang CMS WordPress di VPS Ubuntu. WorPress sendiri merupakan salahsatu CMS populer yang bisa digunakan untuk berbagai macam kebutuhan dari blog pribadi sampai situs jual beli.

Untuk tutorial ini yang dibutuhkan adalah VPS atau server dengan sistem operasi Ubuntu. Nantinya kita akan menggunakan web server Nginx dan PHP versi 7.4. Semua proses dilakukan secara manual, tanpa bantuan script seperti Easy Engine, maupun panel.

Untuk memulai tutorial ini pastikan kalian memiliki hak akses sudo atau root di server yang akan dipasang WordPress.

Install Nginx

Karena biasanya versi Nginx dari repository Ubuntu tertinggal jauh dari versi stable Nginx, kita akan gunakan repository milik Nginx.

Tambahkan repository Nginx dengan perintah:

echo -e \
"deb [arch=amd64] http://nginx.org/packages/ubuntu/ $(lsb_release -cs) nginx\n\
#deb-src [arch=amd64] http://nginx.org/packages/ubuntu/ $(lsb_release -cs) nginx" | \
sudo tee /etc/apt/sources.list.d/nginx.list

Tambahkan key milik Nginx agar tidak error ketika proses install.

wget -q "http://nginx.org/packages/keys/nginx_signing.key" -O-| sudo apt-key add -

Lanjut install Nginx dengan perintah

sudo apt update && sudo apt install nginx

Sementara kita lanjut install PHP dulu. Konfigurasi Nginx dilakukan nanti.

Install PHP 7.4

Seperti Nginx, versi PHP di repository Ubuntu juga tertinggal. Kita akan gunakan repository PPA dari Ondřej Surý.

sudo apt-get install -y software-properties-common
sudo add-apt-repository ppa:ondrej/php
sudo apt-get update

Selanjutnya kita install PHP dan juga modul yang nantinya dibutuhkan oleh WordPress.

sudo apt install php-common php-pear php7.4-cli php7.4-common php7.4-curl php7.4-fpm \
php7.4-gd php7.4-igbinary php7.4-json php7.4-mbstring php7.4-mysql php7.4-opcache \
php7.4-readline php7.4-xml php7.4-zip php7.4-imagick

Install MariaDB

Untuk server database kita menggunakan MariaDB.

sudo apt-get install mariadb-server mariadb-client

Selanjutnya kita jalankan perintah berikut untuk menghapus user anonymous, menghapus database test, maupun menonaktifkan fitur remote login.

sudo mysql_secure_installation

Contoh output ketika menjalankan perintah diatas:

zero-two@linuxsec:~$ sudo mysql_secure_installation
[sudo] password for zero-two: 

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Oke selanjutnya adalah tahap mempersiapkan database untuk WordPress.

Mempersiapkan Database

Selanjutnya adalah tahap mempersiapkan database WordPress.

sudo mysql -u root

Lalu jalankan command

create database domaincom_database;
CREATE USER 'domaincom_user'@'localhost' IDENTIFIED BY 'domaincomp4sSw0rd';
GRANT ALL ON domaincom_database.* TO 'domaincom_user'@'localhost';

Untuk nama database, user database, maupun password silahkan diubah sendiri.

Konfigurasi Nginx dan SSL

Di tahap ini kita akan mulai mengkonfigurasi agar domain dan web server Nginx terhubung, dan juga menambahkan SSL dari Let’s Encrypt. Saya asumsikan kalian sudah mengarahkan A record dari DNS manager domain ke IP VPS sehingga kita akan langsung mulai ke konfigurasi Nginx.

Konfigurasi virtual host dari Nginx yang diinstall menggunakan repository nginx.org (cara yang kita pakai diatas) terletak di /etc/nginx/conf.d sementara webroot berlokasi di /usr/share/nginx/. Kita akan mulai konfigurasinya darisitu.

Buat terlebih dahulu webroot nya.

sudo mkdir /usr/share/nginx/domain.com
sudo chown -R www-data:www-data /usr/share/nginx/domain.com

Selanjutnya kita buat file virtual hostnya.

sudo nano /etc/nginx/conf.d/domain.com.conf

Isinya:

server {
	listen         80;
	server_name    domain.com;

	access_log /var/log/nginx/domain.com-access.log;
	error_log /var/log/nginx/domain.com-error.log;

# HTTP Security Headers
	add_header X-Content-Type-Options nosniff;
	add_header Referrer-Policy "no-referrer";
	add_header Cache-Control "public";
	add_header X-Frame-Options SAMEORIGIN;
	add_header X-XSS-Protection "1; mode=block";
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
	
# Webroot location
	root /usr/share/nginx/domain.com;

	index index.php index.html index.htm;
        location / {
                try_files $uri $uri/ /index.php?$args;
        }

# Error page handling
	error_page 404 /404.html;
	error_page 500 502 503 504 /50x.html;
	location = /50x.html {
        root /usr/share/nginx/html;
	}

# FastCGI tweak
	location ~ \.php$ {
		fastcgi_pass unix:/run/php/php7.4-fpm.sock;
		fastcgi_index   index.php;
		fastcgi_param   SCRIPT_FILENAME  $document_root$fastcgi_script_name;
		include         fastcgi_params;
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		set $path_info $fastcgi_path_info;
		fastcgi_param PATH_INFO $path_info;
	}

# Disable htaccess
	location ~ /\.ht {
		deny all;
	}

# For Let's Encrypt verification
	location ~ /.well-known {
		allow all;
	}

# RSS caching
        location ~* \.(?:rss|atom)$ {
		expires 1h;
        }
# Media caching
        location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
		expires 30d;
		access_log off;
        }
# Static files caching
        location ~* \.(?:css|js)$ {
		expires 1y;
		access_log off;
        }

}

Cek terlebih dahulu apakah ada yang error dengan perintah

sudo nginx -t

Jika tidak ada error, kita restart Nginx dengan perintah

sudo service nginx restart

Selanjutnya adalah memasang SSL untuk domain kita. Disini kita bisa gunakan certbot. Jika belum diinstall, kalian bisa install terlebih dahulu dengan perintah

sudo apt-get install certbot -y

Lalu generate certificatenya dengan perintah:

sudo certbot certonly -a webroot --webroot-path=/usr/share/nginx/domain.com -d domain.com --email email@domain.com --agree-tos --rsa-key-size 4096

Contoh outputnya:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain.com
Using the webroot path /usr/share/nginx/domain.com for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/domain.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/domain.com/privkey.pem
   Your cert will expire on 2021-11-03. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Oke sekarang kita sudah memiliki file certificate yang berlokasi di /etc/letsencrypt/live/domain.com/.

Generate dulu SSL dhparam dengan perintah

sudo openssl dhparam -dsaparam -out /etc/ssl/certs/dhparam.pem 4096

Lalu kita edit lagi file virtual host Nginx untuk mengaktifkan SSL nya.

echo "" | sudo tee /etc/nginx/conf.d/domain.com.conf
sudo nano /etc/nginx/conf.d/domain.com.conf

Lalu ubah menjadi:

server {
        listen         80;
        server_name    domain.com;
        return         301 https://$server_name$request_uri;
}
server {
        listen 443 ssl;
        server_name    domain.com;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;

        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
        ssl_prefer_server_ciphers on;    

        resolver 1.1.1.1 valid=300s;
        ssl_session_timeout  10m;
        ssl_session_cache shared:SSL:10m;
        ssl_session_tickets off;
        ssl_early_data off;
        resolver_timeout 5s;

# SSL Certificate Location
        ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;

# Enable SSL OCSP Stapling
        ssl_stapling on;
        ssl_stapling_verify on;

# Access log location
        access_log /var/log/nginx/domain.com-access.log;
        error_log /var/log/nginx/domain.com-error.log;

# HTTP Security Headers
        add_header X-Content-Type-Options nosniff;
        add_header Referrer-Policy "no-referrer";
        add_header Cache-Control "public";
        add_header X-Frame-Options DENY;
        add_header X-XSS-Protection "1; mode=block";
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";

# Webroot location
        root /usr/share/nginx/domain.com;

        index index.php index.html index.htm;
        location / {
                try_files $uri $uri/ /index.php?$args;
        }

# Error page handling
        error_page 404 /404.html;
        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        root /usr/share/nginx/html;
        }

# FastCGI tweak
        location ~ \.php$ {
                fastcgi_pass unix:/run/php/php7.4-fpm.sock;
                fastcgi_index   index.php;
                fastcgi_param   SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                include         fastcgi_params;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                set $path_info $fastcgi_path_info;
                fastcgi_param PATH_INFO $path_info;
        }

# Disable htaccess
        location ~ /\.ht {
                deny all;
        }

# For Let's Encrypt verification
        location ~ /.well-known {
                allow all;
        }

# RSS caching
        location ~* \.(?:rss|atom)$ {
                expires 1h;
        }
# Media caching
        location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
                expires 30d;
                access_log off;
        }
# Static files caching
        location ~* \.(?:css|js)$ {
                expires 1y;
                access_log off;
        }

}

Simpan lalu cek apakah ada error di konfigurasinya.

sudo nginx -t

Jika semuanya sudah oke, kita restart Nginx dengan perintah:

sudo service nginx restart

Cek domain.com di browser. Jika diredirect ke https://domain.com tanpa error, kita bisa lanjut ke instalasi WordPress.

Instalasi WordPress

Sekarang kita sudah siap untuk memasang WordPress di VPS Ubuntu. Masuk ke direktori webroot domain kita lalu download file installer WordPress.

cd /usr/share/nginx/domain.com
wget https://id.wordpress.org/latest-id_ID.zip && unzip latest-id_ID.zip
rm latest-id_ID.zip
mv wordpress/* .
rm -rf wordpress/

cd ..
chown -R www-data:www-data domain.com

Sekarang akses url berikut melalui browser.

https://domain.com/wp-admin/setup-config.php

Lalu ikuti proses instalasinya hingga selesai.

Masukkan nama database, username database, dan password database yang sudah kita persiapkan diatas.

Jika semuanya benar, kalian akan dialihkan ke halaman setup identitas situs seperti nama situs, username untuk login ke blog maupun password. Di tahap ini kalian bisa (dan dianjurkan) mengatur user dan password yang berbeda dari kredensial database.

Selesai.

Selanjutnya kalian bisa login ke halaman admin WordPress melalui url domain.com/wp-login.php. Gunakan username dan password yang sudah diatur di step sebelumnya. Jika kredensialnya benar, maka kalian akan diarahkan ke halaman dashboard.

Oke selesai. Mungkin sekian tutorial kali ini. Jika ada yang ingin ditanyakan bisa tinggalkan komentar.

Related posts:

Jack Wilder
Budak korporat yang hobi nulis. Pengguna Kali Linux sebagai daily driver. Kadang nonton anime di waktu luang.