Setup Simple VPS (RedHat Base) + Docker + Cloudflare SSL/Domain: Production Ready

[Nandan Ramdani]

Banyak developer atau sysadmin yang butuh setup server sederhana untuk aplikasi berbasis container. Artikel ini membahas cara membuat VPS berbasis RedHat (contoh: Amazon Linux, CentOS, Rocky, AlmaLinux) siap pakai di mode produksi menggunakan Docker, Nginx, dan Cloudflare SSL.

1. Update Sistem & Persiapan User​

Update paket​

sudo dnf update -y

Buat user non-root (misal mona)​

sudo adduser mona
sudo passwd mona   # kalau masih mau pakai password sementara
sudo usermod -aG wheel mona

Setup SSH Key Authentication​

Dari Windows atau lokal machine:

ssh-keygen -t ed25519 -C "[email protected]"

Hasilnya ada id_rsa (private key, simpan lokal) dan id_rsa.pub (public key).

Salin id_rsa.pub ke VPS:

sudo mkdir -p /home/nemo/.ssh
sudo nano /home/nemo/.ssh/authorized_keys
# paste isi id_rsa.pub di sini

sudo chown -R nemo:nemo /home/nemo/.ssh
sudo chmod 700 /home/nemo/.ssh
sudo chmod 600 /home/nemo/.ssh/authorized_keys

Edit konfigurasi SSH:

sudo nano /etc/ssh/sshd_config

Ubah:

PermitRootLogin no
PasswordAuthentication no

Restart SSH:

sudo systemctl restart sshd

Sekarang login hanya bisa dengan private key.

2. Install Docker & Docker Compose​

sudo dnf install -y docker
sudo systemctl enable docker
sudo systemctl start docker
sudo usermod -aG docker nemo

Untuk Docker Compose (binary standalone):

sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

Logout/login ulang agar user bisa pakai docker tanpa sudo.

3. Hubungkan Domain dengan Cloudflare​

1. Tambahkan domain ke Cloudflare Dashboard.
2. Arahkan A record domain ke IP publik VPS.
3. Di menu SSL/TLS, pilih mode Full (Strict).

4. Setup SSL di VPS (Cloudflare Origin Certificate)​

Buat Sertifikat​

• Masuk Cloudflare → SSL/TLS > Origin Server → Create Certificate.
• Pilih RSA, validity bisa 15 tahun.
• Download Origin Certificate dan Private Key.

Pasang di VPS​

Simpan di:

sudo mkdir -p /etc/ssl/cloudflare
sudo nano /etc/ssl/cloudflare/cert.pem   # paste certificate
sudo nano /etc/ssl/cloudflare/key.pem    # paste private key

Install Nginx​

sudo dnf install -y nginx
sudo systemctl enable nginx
sudo systemctl start nginx

Konfigurasi Nginx Minimal​

/etc/nginx/conf.d/app.conf

server {
    listen 80;
    server_name domainkamu.com www.domainkamu.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name domainkamu.com www.domainkamu.com;

    ssl_certificate     /etc/ssl/cloudflare/cert.pem;
    ssl_certificate_key /etc/ssl/cloudflare/key.pem;

    location / {
        proxy_pass http://127.0.0.1:3000; # arahkan ke container app
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

Reload Nginx:

sudo nginx -t
sudo systemctl reload nginx

5. Firewall & Security Groups​

Firewalld​

Install & aktifkan:

sudo dnf install -y firewalld
sudo systemctl enable firewalld
sudo systemctl start firewalld

Izinkan port penting:

sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --permanent --remove-service=http  # kalau tidak butuh redirect
sudo firewall-cmd --reload

Security Group (AWS/Cloud Provider)​

Atur inbound rule:

• Port 22 (SSH) → hanya dari IP kamu
• Port 443 (HTTPS) → open to all
• Port 80 → optional (redirect), kalau tidak perlu jangan dibuka

6. Menjalankan Aplikasi dengan Docker​

Contoh docker-compose.yml sederhana:

version: '3.8'
services:
  app:
    image: your-docker-image:latest
    container_name: myapp
    restart: always
    ports:
      - "3000:3000"

Jalankan:

docker-compose up -d

Let's try

Continue reading...

 

Join 𝕋𝕄𝕋 on Telegram
Channel PREVIEW: