Setup Simple VPS (RedHat Base) + Docker + Cloudflare SSL/Domain: Production Ready

**MyrinNew** · 08-29-2025, 01:44 AM

Banyak developer atau sysadmin yang butuh setup server sederhana untuk aplikasi berbasis container. Artikel ini membahas cara membuat VPS berbasis RedHat (contoh: Amazon Linux, CentOS, Rocky, AlmaLinux) siap pakai di mode produksi menggunakan Docker, Nginx, dan Cloudflare SSL.

1. Update Sistem & Persiapan User

Update paket

sudo dnf update -y

Buat user non-root (misal mona)

sudo adduser mona
sudo passwd mona # kalau masih mau pakai password sementara
sudo usermod -aG wheel mona

Setup SSH Key Authentication

Dari Windows atau lokal machine:

ssh-keygen -t ed25519 -C "emailkamu@example.com"

Hasilnya ada id_rsa (private key, simpan lokal) dan id_rsa.pub (public key).

Salin id_rsa.pub ke VPS:

sudo mkdir -p /home/nemo/.ssh
sudo nano /home/nemo/.ssh/authorized_keys
# paste isi id_rsa.pub di sini

sudo chown -R nemo:nemo /home/nemo/.ssh
sudo chmod 700 /home/nemo/.ssh
sudo chmod 600 /home/nemo/.ssh/authorized_keys

Edit konfigurasi SSH:

sudo nano /etc/ssh/sshd_config

Ubah:

PermitRootLogin no
PasswordAuthentication no

Restart SSH:

sudo systemctl restart sshd

Sekarang login hanya bisa dengan private key.

2. Install Docker & Docker Compose

sudo dnf install -y docker
sudo systemctl enable docker
sudo systemctl start docker
sudo usermod -aG docker nemo

Untuk Docker Compose (binary standalone):

sudo curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose

Logout/login ulang agar user bisa pakai docker tanpa sudo.

3. Hubungkan Domain dengan Cloudflare

Tambahkan domain ke Cloudflare Dashboard.
Arahkan A record domain ke IP publik VPS.
Di menu SSL/TLS, pilih mode Full (Strict).

4. Setup SSL di VPS (Cloudflare Origin Certificate)

Buat Sertifikat

Masuk Cloudflare → SSL/TLS > Origin Server → Create Certificate.
Pilih RSA, validity bisa 15 tahun.
Download Origin Certificate dan Private Key.

Pasang di VPS

Simpan di:

sudo mkdir -p /etc/ssl/cloudflare
sudo nano /etc/ssl/cloudflare/cert.pem # paste certificate
sudo nano /etc/ssl/cloudflare/key.pem # paste private key

Install Nginx

sudo dnf install -y nginx
sudo systemctl enable nginx
sudo systemctl start nginx

Konfigurasi Nginx Minimal

/etc/nginx/conf.d/app.conf

server {
listen 80;
server_name domainkamu.com www.domainkamu.com;
return 301 https://$host$request_uri;
}

server {
listen 443 ssl;
server_name domainkamu.com www.domainkamu.com;

ssl_certificate /etc/ssl/cloudflare/cert.pem;
ssl_certificate_key /etc/ssl/cloudflare/key.pem;

location / {
proxy_pass http://127.0.0.1:3000; # arahkan ke container app
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}

Reload Nginx:

sudo nginx -t
sudo systemctl reload nginx

5. Firewall & Security Groups

Firewalld

Install & aktifkan:

sudo dnf install -y firewalld
sudo systemctl enable firewalld
sudo systemctl start firewalld

Izinkan port penting:

sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --permanent --remove-service=http # kalau tidak butuh redirect
sudo firewall-cmd --reload

Security Group (AWS/Cloud Provider)

Atur inbound rule:

Port 22 (SSH) → hanya dari IP kamu
Port 443 (HTTPS) → open to all
Port 80 → optional (redirect), kalau tidak perlu jangan dibuka

6. Menjalankan Aplikasi dengan Docker

Contoh docker-compose.yml sederhana:

version: '3.8'
services:
app:
image: your-docker-image:latest
container_name: myapp
restart: always
ports:
- "3000:3000"

Jalankan:

docker-compose up -d

Let's try

More...