LAMP Stack (Linux, Apache, MySQL/MariaDB, PHP) adalah fondasi web server yang paling populer dan terbukti. Artikel ini membahas instalasi lengkap LAMP Stack di Ubuntu 22.04 dengan konfigurasi optimal untuk production environment.

Persiapan Sistem

Update Sistem

# Update package list
sudo apt update
Upgrade packages
sudo apt upgrade -y

Install Tools Dasar

sudo apt install -y curl wget vim nano net-tools htop

1. Install Apache Web Server

Instalasi Apache

# Install Apache
sudo apt install -y apache2
Enable Apache start on boot
sudo systemctl enable apache2
Start Apache
sudo systemctl start apache2
Cek status
sudo systemctl status apache2

Verifikasi Instalasi

# Cek versi
apache2 -v
Cek apakah running
curl 
http://localhost
Atau buka browser dan akses http://server-ip/
Seharusnya muncul "Apache2 Ubuntu Default Page"

Konfigurasi Firewall

# Allow Apache traffic
sudo ufw allow 'Apache Full'
# atau:
sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
Cek status
sudo ufw status

Konfigurasi Apache Dasar

Edit file konfigurasi utama:

sudo nano /etc/apache2/apache2.conf

Tambahkan/modifikasi:

# Server identity
ServerName localhost
Timeout settings
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 5
Directory settings
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Security: Disable server signature
ServerTokens Prod
ServerSignature Off
Limit request body size
LimitRequestBody 52428800

Enable Modules Penting

# Enable mod_rewrite untuk URL rewriting
sudo a2enmod rewrite
Enable mod_ssl untuk HTTPS
sudo a2enmod ssl
Enable mod_headers
sudo a2enmod headers
Enable mod_deflate untuk compression
sudo a2enmod deflate
Enable mod_expires untuk caching
sudo a2enmod expires
Enable mod_security (jika install)
sudo a2enmod security2
Reload Apache
sudo systemctl reload apache2

Optimasi Apache untuk Production

Edit /etc/apache2/mods-enabled/mpm_prefork.conf:

<IfModule mpm_prefork_module>
    StartServers             5
    MinSpareServers          5
    MaxSpareServers         10
    MaxRequestWorkers      150
    MaxConnectionsPerChild   0
</IfModule>

Atau gunakan mpm_event untuk performa lebih baik:

# Disable prefork
sudo a2dismod mpm_prefork
Enable event
sudo a2enmod mpm_event
Install dan enable php-fpm
sudo apt install -y php-fpm
sudo a2enconf php8.1-fpm
Restart Apache
sudo systemctl restart apache2

Setup Virtual Hosts

Buat struktur direktori:

# Buat direktori untuk website
sudo mkdir -p /var/www/example.com/public_html
sudo mkdir -p /var/www/example.com/logs
Set ownership
sudo chown -R $USER:$USER /var/www/example.com/public_html
Set permissions
sudo chmod -R 755 /var/www

Buat virtual host file:

sudo nano /etc/apache2/sites-available/example.com.conf

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName example.com
    ServerAlias www.example.com
DocumentRoot /var/www/example.com/public_html

&lt;Directory /var/www/example.com/public_html&gt;
    Options -Indexes +FollowSymLinks
    AllowOverride All
    Require all granted
&lt;/Directory&gt;

ErrorLog /var/www/example.com/logs/error.log
CustomLog /var/www/example.com/logs/access.log combined

# PHP-FPM (jika menggunakan event MPM)
&lt;FilesMatch \.php$&gt;
    SetHandler &quot;proxy:unix:/var/run/php/php8.1-fpm.sock|fcgi://localhost&quot;
&lt;/FilesMatch&gt;
</VirtualHost>
Enable site:
# Disable default site
sudo a2dissite 000-default
Enable new site
sudo a2ensite example.com
Test konfigurasi
sudo apache2ctl configtest
Reload Apache
sudo systemctl reload apache2
2. Install MySQL/MariaDB
Instalasi MySQL
# Install MySQL Server
sudo apt install -y mysql-server
Enable dan start
sudo systemctl enable mysql
sudo systemctl start mysql
Cek status
sudo systemctl status mysql
Atau Instalasi MariaDB
# Install MariaDB (alternative)
sudo apt install -y mariadb-server
Enable dan start
sudo systemctl enable mariadb
sudo systemctl start mariadb
Secure MySQL Installation
# Jalankan security script
sudo mysql_secure_installation
Jawaban yang disarankan:
- VALIDATE PASSWORD PLUGIN: Y
- Password validation policy: STRONG
- Remove anonymous users: Y
- Disallow root login remotely: Y
- Remove test database: Y
- Reload privilege tables: Y
Konfigurasi MySQL untuk Production
Edit /etc/mysql/mysql.conf.d/mysqld.cnf:
[mysqld]
# Basic Settings
user            = mysql
pid-file        = /var/run/mysqld/mysqld.pid
socket          = /var/run/mysqld/mysqld.sock
port            = 3306
basedir         = /usr
datadir         = /var/lib/mysql
tmpdir          = /tmp
lc-messages-dir = /usr/share/mysql
skip-external-locking
Binding
bind-address            = 127.0.0.1
mysqlx-bind-address     = 127.0.0.1
Performance Tuning
key_buffer_size         = 256M
max_allowed_packet      = 64M
thread_stack            = 256K
thread_cache_size       = 8
myisam-recover-options  = BACKUP
Query Cache (deprecated in MySQL 8.0, jangan enable)
query_cache_type        = 1
query_cache_size        = 16M
Connection Settings
max_connections         = 100
wait_timeout            = 600
interactive_timeout     = 600
InnoDB Settings
innodb_buffer_pool_size = 512M
innodb_log_file_size    = 64M
innodb_flush_log_at_trx_commit = 2
innodb_file_per_table   = 1
Logging
log_error = /var/log/mysql/error.log
slow_query_log          = 1
slow_query_log_file     = /var/log/mysql/slow.log
long_query_time         = 2
Security
local_infile            = 0
secure_file_priv        = /var/lib/mysql-files/
symbolic-links          = 0
Restart MySQL:
sudo systemctl restart mysql
Buat Database dan User
# Login ke MySQL
sudo mysql
Buat database
CREATE DATABASE example_db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
Buat user
CREATE USER 'example_user'@'localhost' IDENTIFIED BY 'StrongPassword123!';
Grant privileges
GRANT ALL PRIVILEGES ON example_db.* TO 'example_user'@'localhost';
Flush privileges
FLUSH PRIVILEGES;
Exit
EXIT;
3. Install PHP
Instalasi PHP dan Extensions
# Install PHP 8.1 (default di Ubuntu 22.04)
sudo apt install -y php8.1 libapache2-mod-php8.1
Install PHP extensions yang umum dibutuhkan
sudo apt install -y \
php8.1-common \
php8.1-mysql \
php8.1-xml \
php8.1-xmlrpc \
php8.1-curl \
php8.1-gd \
php8.1-imagick \
php8.1-cli \
php8.1-dev \
php8.1-imap \
php8.1-mbstring \
php8.1-opcache \
php8.1-soap \
php8.1-zip \
php8.1-intl \
php8.1-bcmath \
php8.1-sqlite3 \
php8.1-pgsql
Jika menggunakan php-fpm dengan mpm_event
sudo apt install -y php8.1-fpm
Verifikasi PHP
# Cek versi
php -v
Test PHP dengan Apache
sudo nano /var/www/example.com/public_html/info.php
Isi file:
<?php
phpinfo();
?>
Akses http://example.com/info.php untuk melihat informasi PHP.
Hapus file info.php setelah testing:
sudo rm /var/www/example.com/public_html/info.php
Konfigurasi PHP (php.ini)
Edit /etc/php/8.1/apache2/php.ini:
; File upload settings
file_uploads = On
upload_max_filesize = 64M
post_max_size = 64M
max_file_uploads = 20
; Memory limit
memory_limit = 256M
; Execution time
max_execution_time = 300
max_input_time = 300
; Error logging
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
display_errors = Off
log_errors = On
error_log = /var/log/php/error.log
; Timezone
date.timezone = Asia/Jakarta
; Session security
session.cookie_httponly = 1
session.use_strict_mode = 1
session.cookie_secure = 1
; OPcache settings
opcache.enable = 1
opcache.memory_consumption = 256
opcache.max_accelerated_files = 20000
opcache_revalidate_freq = 60
Buat direktori log PHP:
sudo mkdir -p /var/log/php
sudo chown www-data:www-data /var/log/php
Restart Apache:
sudo systemctl restart apache2
Konfigurasi PHP-FPM (Opsional, untuk performa lebih baik)
Edit /etc/php/8.1/fpm/pool.d/www.conf:
[www]
user = www-data
group = www-data
listen = /run/php/php8.1-fpm.sock
listen.owner = www-data
listen.group = www-data
pm = dynamic
pm.max_children = 50
pm.start_servers = 5
pm.min_spare_servers = 5
pm.max_spare_servers = 35
pm.max_requests = 500
Restart PHP-FPM:
sudo systemctl restart php8.1-fpm
4. Testing LAMP Stack
Test File PHP
sudo nano /var/www/example.com/public_html/index.php

<?php
// Test PHP
echo "<h1>PHP is working!</h1>";
echo "<p>PHP Version: " . phpversion() . "</p>";
// Test MySQL
$host = 'localhost';
$user = 'example_user';
$pass = 'StrongPassword123!';
$db   = 'example_db';
try {
$pdo = new PDO("mysql:host=$host;dbname=$db", $user, $pass);
echo "<p>MySQL connection: <strong>Success!</strong></p>";
} catch (PDOException $e) {
echo "<p>MySQL connection: <strong>Failed!</strong></p>";
echo "<p>Error: " . $e->getMessage() . "</p>";
}
?>
Akses http://example.com/index.php untuk testing.
5. Security Hardening
1. Secure Apache
# Hide Apache version
echo "ServerTokens Prod" | sudo tee /etc/apache2/conf-available/security.conf
echo "ServerSignature Off" | sudo tee -a /etc/apache2/conf-available/security.conf
echo "TraceEnable off" | sudo tee -a /etc/apache2/conf-available/security.conf
Enable
sudo a2enconf security
Disable directory listing
sudo a2dismod autoindex
Restart
sudo systemctl restart apache2
2. Secure MySQL
# Disable remote root login (sudah di secure_installation)
# Ensure bind-address = 127.0.0.1
Buat user dengan privileges minimal
sudo mysql
-- Untuk WordPress/read-only applications
CREATE USER 'wp_user'@'localhost' IDENTIFIED BY 'Password123!';
GRANT SELECT, INSERT, UPDATE, DELETE ON wordpress.* TO 'wp_user'@'localhost';
FLUSH PRIVILEGES;
3. Setup HTTPS dengan Let’s Encrypt
# Install Certbot
sudo apt install -y certbot python3-certbot-apache
Dapatkan certificate
sudo certbot --apache -d example.com -d www.example.com
Auto-renewal sudah di-setup oleh certbot
Test renewal
sudo certbot renew --dry-run
4. Setup Fail2Ban
“`bash
Install
sudo apt install -y fail2ban
Konfigurasi untuk Apache dan MySQL
sudo tee /etc/fail2ban/jail.local <<EOF
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 3
[apache-auth]
enabled = true
[apache-badbots]
enabled = true
[apache-noscript]
enabled = true
[apache-overflows]
enabled = true
[mysqld-auth]
enabled = true
port = 3306
logpath = /var/log/mysql/error.log