August 29, 2025
Random News

Paradise Solution Newspaper

Best News Website

Author Info

Author Name

Find Me On

Trending News

Setup Simple VPS (RedHat Base) + Docker + Cloudflare SSL/Domain: Production Ready

psitbdUser06 mins


Banyak developer atau sysadmin yang butuh setup server sederhana untuk aplikasi berbasis container. Artikel ini membahas cara membuat VPS berbasis RedHat (contoh: Amazon Linux, CentOS, Rocky, AlmaLinux) siap pakai di mode produksi menggunakan Docker, Nginx, dan Cloudflare SSL.



1. Update Sistem & Persiapan User



Update paket

sudo dnf update -y
Enter fullscreen mode

Exit fullscreen mode



Buat user non-root (misal mona)

sudo adduser mona
sudo passwd mona   # kalau masih mau pakai password sementara
sudo usermod -aG wheel mona
Enter fullscreen mode

Exit fullscreen mode



Setup SSH Key Authentication

Dari Windows atau lokal machine:

ssh-keygen -t ed25519 -C "emailkamu@example.com"
Enter fullscreen mode

Exit fullscreen mode

Hasilnya ada id_rsa (private key, simpan lokal) dan id_rsa.pub (public key).

Salin id_rsa.pub ke VPS:

sudo mkdir -p /home/nemo/.ssh
sudo nano /home/nemo/.ssh/authorized_keys
# paste isi id_rsa.pub di sini

sudo chown -R nemo:nemo /home/nemo/.ssh
sudo chmod 700 /home/nemo/.ssh
sudo chmod 600 /home/nemo/.ssh/authorized_keys
Enter fullscreen mode

Exit fullscreen mode

Edit konfigurasi SSH:

sudo nano /etc/ssh/sshd_config
Enter fullscreen mode

Exit fullscreen mode

Ubah:

PermitRootLogin no
PasswordAuthentication no
Enter fullscreen mode

Exit fullscreen mode

Restart SSH:

sudo systemctl restart sshd
Enter fullscreen mode

Exit fullscreen mode

Sekarang login hanya bisa dengan private key.



2. Install Docker & Docker Compose

sudo dnf install -y docker
sudo systemctl enable docker
sudo systemctl start docker
sudo usermod -aG docker nemo
Enter fullscreen mode

Exit fullscreen mode

Untuk Docker Compose (binary standalone):

sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
Enter fullscreen mode

Exit fullscreen mode

Logout/login ulang agar user bisa pakai docker tanpa sudo.



3. Hubungkan Domain dengan Cloudflare

  1. Tambahkan domain ke Cloudflare Dashboard.
  2. Arahkan A record domain ke IP publik VPS.
  3. Di menu SSL/TLS, pilih mode Full (Strict).



4. Setup SSL di VPS (Cloudflare Origin Certificate)



Buat Sertifikat

  • Masuk Cloudflare → SSL/TLS > Origin ServerCreate Certificate.
  • Pilih RSA, validity bisa 15 tahun.
  • Download Origin Certificate dan Private Key.



Pasang di VPS

Simpan di:

sudo mkdir -p /etc/ssl/cloudflare
sudo nano /etc/ssl/cloudflare/cert.pem   # paste certificate
sudo nano /etc/ssl/cloudflare/key.pem    # paste private key
Enter fullscreen mode

Exit fullscreen mode



Install Nginx

sudo dnf install -y nginx
sudo systemctl enable nginx
sudo systemctl start nginx
Enter fullscreen mode

Exit fullscreen mode



Konfigurasi Nginx Minimal

/etc/nginx/conf.d/app.conf

server {
    listen 80;
    server_name domainkamu.com www.domainkamu.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name domainkamu.com www.domainkamu.com;

    ssl_certificate     /etc/ssl/cloudflare/cert.pem;
    ssl_certificate_key /etc/ssl/cloudflare/key.pem;

    location / {
        proxy_pass http://127.0.0.1:3000; # arahkan ke container app
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
Enter fullscreen mode

Exit fullscreen mode

Reload Nginx:

sudo nginx -t
sudo systemctl reload nginx
Enter fullscreen mode

Exit fullscreen mode



5. Firewall & Security Groups



Firewalld

Install & aktifkan:

sudo dnf install -y firewalld
sudo systemctl enable firewalld
sudo systemctl start firewalld
Enter fullscreen mode

Exit fullscreen mode

Izinkan port penting:

sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --permanent --remove-service=http  # kalau tidak butuh redirect
sudo firewall-cmd --reload
Enter fullscreen mode

Exit fullscreen mode



Security Group (AWS/Cloud Provider)

Atur inbound rule:

  • Port 22 (SSH) → hanya dari IP kamu
  • Port 443 (HTTPS) → open to all
  • Port 80 → optional (redirect), kalau tidak perlu jangan dibuka



6. Menjalankan Aplikasi dengan Docker

Contoh docker-compose.yml sederhana:

version: '3.8'
services:
  app:
    image: your-docker-image:latest
    container_name: myapp
    restart: always
    ports:
      - "3000:3000"
Enter fullscreen mode

Exit fullscreen mode

Jalankan:

docker-compose up -d
Enter fullscreen mode

Exit fullscreen mode

Let’s try



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Related News