This content originally appeared on DEV Community and was authored by Nandan Ramdani
Banyak developer atau sysadmin yang butuh setup server sederhana untuk aplikasi berbasis container. Artikel ini membahas cara membuat VPS berbasis RedHat (contoh: Amazon Linux, CentOS, Rocky, AlmaLinux) siap pakai di mode produksi menggunakan Docker, Nginx, dan Cloudflare SSL.
1. Update Sistem & Persiapan User
Update paket
sudo dnf update -y
Buat user non-root (misal mona)
sudo adduser mona
sudo passwd mona # kalau masih mau pakai password sementara
sudo usermod -aG wheel mona
Setup SSH Key Authentication
Dari Windows atau lokal machine:
ssh-keygen -t ed25519 -C "emailkamu@example.com"
Hasilnya ada id_rsa (private key, simpan lokal) dan id_rsa.pub (public key).
Salin id_rsa.pub ke VPS:
sudo mkdir -p /home/nemo/.ssh
sudo nano /home/nemo/.ssh/authorized_keys
# paste isi id_rsa.pub di sini
sudo chown -R nemo:nemo /home/nemo/.ssh
sudo chmod 700 /home/nemo/.ssh
sudo chmod 600 /home/nemo/.ssh/authorized_keys
Edit konfigurasi SSH:
sudo nano /etc/ssh/sshd_config
Ubah:
PermitRootLogin no
PasswordAuthentication no
Restart SSH:
sudo systemctl restart sshd
Sekarang login hanya bisa dengan private key.
2. Install Docker & Docker Compose
sudo dnf install -y docker
sudo systemctl enable docker
sudo systemctl start docker
sudo usermod -aG docker nemo
Untuk Docker Compose (binary standalone):
sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
Logout/login ulang agar user bisa pakai docker tanpa sudo.
3. Hubungkan Domain dengan Cloudflare
- Tambahkan domain ke Cloudflare Dashboard.
- Arahkan A record domain ke IP publik VPS.
- Di menu SSL/TLS, pilih mode Full (Strict).
4. Setup SSL di VPS (Cloudflare Origin Certificate)
Buat Sertifikat
- Masuk Cloudflare → SSL/TLS > Origin Server → Create Certificate.
- Pilih RSA, validity bisa 15 tahun.
- Download Origin Certificate dan Private Key.
Pasang di VPS
Simpan di:
sudo mkdir -p /etc/ssl/cloudflare
sudo nano /etc/ssl/cloudflare/cert.pem # paste certificate
sudo nano /etc/ssl/cloudflare/key.pem # paste private key
Install Nginx
sudo dnf install -y nginx
sudo systemctl enable nginx
sudo systemctl start nginx
Konfigurasi Nginx Minimal
/etc/nginx/conf.d/app.conf
server {
listen 80;
server_name domainkamu.com www.domainkamu.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name domainkamu.com www.domainkamu.com;
ssl_certificate /etc/ssl/cloudflare/cert.pem;
ssl_certificate_key /etc/ssl/cloudflare/key.pem;
location / {
proxy_pass http://127.0.0.1:3000; # arahkan ke container app
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Reload Nginx:
sudo nginx -t
sudo systemctl reload nginx
5. Firewall & Security Groups
Firewalld
Install & aktifkan:
sudo dnf install -y firewalld
sudo systemctl enable firewalld
sudo systemctl start firewalld
Izinkan port penting:
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --permanent --remove-service=http # kalau tidak butuh redirect
sudo firewall-cmd --reload
Security Group (AWS/Cloud Provider)
Atur inbound rule:
- Port 22 (SSH) → hanya dari IP kamu
- Port 443 (HTTPS) → open to all
- Port 80 → optional (redirect), kalau tidak perlu jangan dibuka
6. Menjalankan Aplikasi dengan Docker
Contoh docker-compose.yml sederhana:
version: '3.8'
services:
app:
image: your-docker-image:latest
container_name: myapp
restart: always
ports:
- "3000:3000"
Jalankan:
docker-compose up -d
Let’s try
This content originally appeared on DEV Community and was authored by Nandan Ramdani