Install Apache dengan PHP-FPM dan Userdir

Berikut merupakan cara untuk menginstall webserver Nginx dengan PHP-FPM dan Userdir. Sebelum memulai pastikan Anda sudah memilki 1 server Ubuntu dengan RAM minimal 1GB.

Install Apache

apt update
apt install apache2

Selanjutnya edit /etc/apache2/mods-available/userdir.conf seperti berikut

<IfModule mod_userdir.c>
   UserDir public_html
   UserDir disabled root
   UserDir enabled ubuntu

   <Directory /home/*/public_html>
      Options Indexes SymLinksIfOwnerMatch MultiViews ExecCGI Includes IncludesNOEXEC
      AllowOverride AuthConfig FileInfo Indexes Limit
      Require method GET POST OPTIONS
   </Directory>
</IfModule>
ubuntu merupakan user yang digunakan. Anda dapat sesuaikan kembali jika menggunakan user lain.

Enable module userdir dan beberapa module lain untuk keperluan PHP

a2enmod userdir actions fcgid alias proxy_fcgi

Buat virtual host

nano /etc/apache2/sites-available/ubuntu.conf

Edit ubuntu.conf

<VirtualHost *:80>
   ServerName example.com
   ServerAdmin webmaster@localhost
   DocumentRoot /home/ubuntu/public_html
    <Directory /home/ubuntu/public_html>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    <FilesMatch \.(phtml|phar|php[0-9]*)$>
      <If "-f %{REQUEST_FILENAME}">
        SetHandler "proxy:unix:/run/php/php7.4-fpm.ubuntu.sock|fcgi://localhost"
      </If>
    </FilesMatch>
   #LogLevel info ssl:warn
   ErrorLog ${APACHE_LOG_DIR}/error.log
   CustomLog ${APACHE_LOG_DIR}/access.log combined
   #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

Enable site ubuntu

a2ensite ubuntu

Install PHP

apt install php7.4 php7.4-bcmath php7.4-bz2 php7.4-cli php7.4-common php7.4-curl php7.4-enchant php7.4-fpm php7.4-imap php7.4-intl php7.4-json php7.4-mbstring php7.4-mysql php7.4-opcache php7.4-readline php7.4-xml php7.4-xmlrpc php7.4-zip

Buat pool fpm untuk user ubuntu

nano /etc/php/7.4/fpm/pool.d/ubuntu.conf

Edit ubuntu.conf

[ubuntu]
user = ubuntu
group = ubuntu
catch_workers_output = yes
chdir = /home/ubuntu/public_html
listen = /run/php/php7.4-fpm.ubuntu.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
listen.acl_users = ubuntu,www-data
listen.allowed_clients = 127.0.0.1
listen.backlog = 32768
request_slowlog_timeout = 5s
slowlog = /home/ubuntu/logs/php.slow.log

pm = ondemand
pm.max_children = 50
pm.max_requests = 200
pm.process_idle_timeout = 10
pm.start_servers = 1
pm.max_spare_servers = 1
pm.min_spare_servers = 1
pm.status_path = /status
ping.path = /ping
request_terminate_timeout = 300
security.limit_extensions = .phtml .php .php3 .php4 .php5 .php6 .php7 .php8

; php.ini custom configuration directives
php_admin_flag[allow_url_fopen] = on
php_admin_flag[log_errors] = on
php_admin_value[disable_functions] = exec,passthru,shell_exec,system
; abused php functions
; php_admin_value[disable_functions] = show_source, system, shell_exec, passthru, exec, popen, proc_open
php_admin_value[short_open_tag] = on
php_admin_value[sys_temp_dir] = "/home/ubuntu/tmp"
php_admin_value[upload_tmp_dir] = "/home/ubuntu/tmp"
php_admin_value[max_input_vars] = 10000
php_admin_value[doc_root] = "/home/ubuntu/public_html"
php_admin_value[error_log] = /home/ubuntu/logs/php.error.log
php_value[error_reporting] = E_ALL & ~E_NOTICE
php_value[max_execution_time] = 300
php_value[max_input_time] = 300
php_value[memory_limit] = 512M
;php_value[open_basedir] = "/home/ubuntu/:/tmp/:/var/www/:/usr/share/php/:/var/run/nginx-cache/:/dev/urandom:/dev/shm:/var/lib/php/sessions/"
php_value[session.save_handler] = files
php_value[session.save_path] = "/home/ubuntu/tmp"
php_value[date.timezone] = "Asia/Jakarta"
php_value[post_max_size] = 256M
php_value[upload_max_filesize] = 128M
env[TMPDIR] = "/home/ubuntu/tmp"

Buat folder docroot

Login sebagai user ubuntu lalu buat folder public_html dan atur permission home user

mkdir public_html
chmod 711 /home/ubuntu/

Buat file index.php untuk test PHP

nano ~/public_html/index.php

Edit index.php

<?php phpinfo(); ?>

Restart service

Terakhir restart service apache dan php-fpm

systemctl restart apache2 php7.4-fpm

Test akses web melalui http://example.com

Optimasi

Berikut merupakan tambahan konfigurasi untuk optimasi webserver dan php-fpm.

Langkah ini opsional dan dapat Anda lewati.

httpd.conf

ExtendedStatus On

TraceEnable Off
ServerSignature Off
ServerTokens ProductOnly
FileETag None

StartServers 5
<IfModule prefork.c>
    MinSpareServers 5
    MaxSpareServers 10
</IfModule>

ServerLimit 256
MaxRequestWorkers 150
MaxConnectionsPerChild 10000
KeepAlive On
KeepAliveTimeout 5
MaxKeepAliveRequests 100
Timeout 300

conf.d/ssl.conf

<IfModule ssl_module>
   SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
   SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
   SSLPassPhraseDialog  builtin
     
     <IfModule socache_shmcb_module>
        SSLUseStapling On
        SSLStaplingCache shmcb:/run/apache2/stapling_cache_shmcb(256000)

        # Prevent browsers from failing if an OCSP server is temporarily broken.
        SSLStaplingReturnResponderErrors off
        SSLStaplingErrorCacheTimeout 60
        SSLStaplingFakeTryLater off
        SSLStaplingResponderTimeout 3
        SSLSessionCache shmcb:/run/apache2/ssl_gcache_data_shmcb(1024000)
     </IfModule>
     <IfModule !socache_shmcb_module>
        SSLSessionCache dbm:/run/apache2/ssl_gcache_data_dbm
     </IfModule>

   SSLSessionCacheTimeout  300
   Mutex                   file:/run/apache2 ssl-cache
   SSLRandomSeed startup builtin
   SSLRandomSeed connect builtin

   AddType application/x-x509-ca-cert .crt
   AddType application/x-pkcs7-crl .crl
</IfModule>

conf.d/deflate.conf

<IfModule mod_deflate.c>
        # Compression Level
        DeflateCompressionLevel 5

        # Compress HTML, CSS, JavaScript, Text and XML
        AddOutputFilterByType DEFLATE application/javascript
        AddOutputFilterByType DEFLATE application/x-javascript
        AddOutputFilterByType DEFLATE application/xml
        AddOutputFilterByType DEFLATE application/json
        AddOutputFilterByType DEFLATE text/css
        AddOutputFilterByType DEFLATE text/html
        AddOutputFilterByType DEFLATE text/javascript
        AddOutputFilterByType DEFLATE text/plain
        AddOutputFilterByType DEFLATE text/xml

</IfModule>

conf.d/security.conf

# Disallow remote access to .htaccess, .htpasswd, .user.ini, and php.ini files
<Files ~ "^\.ht">
        Require all denied
        Satisfy All
</Files>

<FilesMatch "^(\.user\.ini|php\.ini)$">
        Require all denied
        Satisfy All
</FilesMatch>

php-fpm.conf

emergency_restart_threshold = 10
emergency_restart_interval = 1m
process_control_timeout = 10s

/etc/security/limits.conf

*         hard    nofile      500000
*         soft    nofile      500000
root      hard    nofile      500000
root      soft    nofile      500000

/opt/myscript/kernel.sh

echo 1 >/sys/kernel/mm/ksm/run
echo 1000 >/sys/kernel/mm/ksm/sleep_millisecs
echo never > /sys/kernel/mm/transparent_hugepage/enabled

/etc/modules-load.d/htcp.conf

tcp_htcp