Melanjutkan tutorial sebelumnya, kali ini saya akan share bagaimana cara setup serverblock (virtualhost) NGINX di Ubuntu 24.04 LTS. Namun, harap dicatat bahwa Anda harus familiar dengan baris perintah (CLI) di Linux untuk setupnya.
1. Buat Directory / Folder Website Anda Akan Dihosting
Umumnya di /var/www/ dan sebagai contoh kita bisa pakai domain.com (ganti dengan domain Anda sendiri)
> mkdir -p /var/www/domain.com/public/ /var/www/domain.com/logs/
2. Masuk ke Folder Public
> cd /var/www/domain.com/public/
3. Install WordPress (paling mudah)
Gunakan perintah wget untuk mendownload file WordPress
> wget https://wordpress.org/latest.zip
Ekstrak file zip WordPress
> unzip latest.zip
Next, pindahkan data installer WordPress ke folder public
> mv wordpress/* /var/www/domain.com/public/
4. Perbaiki file dan folder permissions
> chown -R www-data:www-data /var/www/domain.com/public/
5. Setup Serverblock (Vhost) NGINX dengan module FastCGI-Cache
> nano /etc/nginx/sites-available/domain.com
===============================================================
# Virtual Host Configuration by KuliVPS.com (Please don't alter these files manually)
server {
listen 80; ## listen for ipv4; this line is default and implied
#listen [::]:80 default ipv6only=on; ## listen for ipv6
root /var/www/domain.com/public/;
index index.htm index.html index.php;
# Server Name
server_name domain.com www.domain.com;
listen 443 ssl http2;
#listen [::]:443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
#ssl_certificate /etc/nginx/ssl/domain.com/ssl-bundle.crt;
#ssl_certificate_key /etc/nginx/ssl/domain.com/thenextcars.key;
ssl_session_cache shared:SSL:30m;
ssl_session_timeout 60m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
#ssl_dhparam /etc/nginx/ssl/domain.com/dhparams.pem;
# Intermediate configuration.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required)
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header FastCGI-Cache $upstream_cache_status;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
#add_header X-Content-Type-Options nosniff;
#add_header X-XSS-Protection "1; mode=block";
# OCSP Stapling (Fetch OCSP records from URL in ssl_certificate and cache them)
ssl_stapling on;
ssl_stapling_verify on;
## Verify chain trust of OCSP response using Root CA and Intermediate certs
#ssl_trusted_certificate /etc/nginx/ssl/domain.com/full_chain.pem;
location / {
try_files $uri $uri/ /index.php?$args ;
}
# Nginx Fastcgi Config
#fastcgi_cache start
set $no_cache 0;
# POST requests and urls with a query string should handled by PHP
if ($request_method = POST) {
set $no_cache 1;
}
if ($query_string != "") {
set $no_cache 1;
}
# Don't cache uris containing the following segments
if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
set $no_cache 1;
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
set $no_cache 1;
}
# Fastcgi-Cache Config
location ~ \.php$ {
try_files $uri =404;
#fastcgi_pass unix:/run/php/php8.3-fpm.sock;
include fastcgi_params;
include fastcgi.conf;
fastcgi_param HTTP_PROXY "";
fastcgi_index index.php;
#fastcgi_intercept_errors on;
fastcgi_cache_bypass $no_cache;
fastcgi_no_cache $no_cache;
fastcgi_cache microcache;
fastcgi_cache_valid 200 60m;
}
# Fastcgi-Purge Config
location ~ /purge(/.*) {
# Uncomment the following two lines to allow purge only from the webserver
#allow 127.0.0.1;
#deny all;
fastcgi_cache_purge microcache "$scheme$request_method$host$1";
}
# Static Cache Config
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|css|js|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off; log_not_found off; expires 360d;
add_header Access-Control-Allow-Origin "*";
}
location = /robots.txt { access_log off; log_not_found off; }
#location ~ /\. { deny all; access_log off; log_not_found off; } (disable # untuk aktivasi Positive SSL di folder /.well-known/pki-validation/)
# XML Sitemap
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml$ "/index.php?xml_sitemap=params=$2" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml\.gz$ "/index.php?xml_sitemap=params=$2;zip=true" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html$ "/index.php?xml_sitemap=params=$2;html=true" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html.gz$ "/index.php?xml_sitemap=params=$2;html=true;zip=true" last;
access_log /var/log/nginx/thenextcars.com.access.log;
error_log /var/log/nginx/thenextcars.com.error.log;
access_log off;
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
#root html;
#}
location ~ ^/\.user\.ini {
deny all;
}
# Block http user agent AhrefsBot
if ($http_user_agent ~* (AhrefsBot) ) {
return 403;
}
# Nginx HTTP2 Module (ngx_http_v2_module)
#http2_recv_buffer_size 512k;
http2_body_preread_size 128k;
http2_chunk_size 16k;
http2_idle_timeout 5m;
http2_max_concurrent_streams 256;
http2_max_field_size 8k;
http2_max_header_size 32k;
http2_max_requests 1000;
http2_recv_timeout 60s;
}
6. Buat symlink ke sites-enabled directory dan logging
> ln -s /etc/nginx/sites-available/domain.com /etc/nginx/sites-enabled/ > ln -s /var/log/nginx/domain.com.access.log /var/www/domain.com/logs/access.log > ln -s /var/log/nginx/domain.com.error.log /var/www/domain.com/logs/error.log
7. Test Nginx dan Restart
> nginx -t > service nginx restart
