Shell Scripting : Mariadb dan PhpMyAdmin: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
[[File:ShellScripting.png|thumb|'''ShellScripting''']] | [[File:ShellScripting.png|thumb|'''ShellScripting''']] | ||
Buat file baru dengan nama | Buat file baru dengan nama database.sh<syntaxhighlight lang="linuxconfig"> | ||
nano | nano database.sh | ||
</syntaxhighlight>isikan script berikut ini :<syntaxhighlight lang="linuxconfig" line="1"> | </syntaxhighlight>isikan script berikut ini :<syntaxhighlight lang="linuxconfig" line="1"> | ||
#!/bin/bash | #!/bin/bash | ||
# Script | # Script untuk instalasi MariaDB dan phpMyAdmin di Debian 12 | ||
# | # Dengan pendekatan config yang benar - hanya modifikasi blowfish_secret | ||
# | set -e | ||
echo " | # Color codes for output | ||
echo " | RED='\033[0;31m' | ||
echo "==== | GREEN='\033[0;32m' | ||
YELLOW='\033[1;33m' | |||
NC='\033[0m' | |||
# Logging function | |||
log() { | |||
echo -e "${GREEN}[$(date '+%Y-%m-%d %H:%M:%S')] $1${NC}" | |||
} | |||
warn() { | |||
echo -e "${YELLOW}[WARNING] $1${NC}" | |||
} | |||
error() { | |||
echo -e "${RED}[ERROR] $1${NC}" | |||
} | |||
# Password validation | |||
validate_mysql_password() { | |||
local password="$1" | |||
if [[ ${#password} -lt 8 ]]; then | |||
error "Password harus minimal 8 karakter" | |||
return 1 | |||
fi | |||
if ! [[ "$password" =~ [A-Z] ]] || ! [[ "$password" =~ [a-z] ]] || ! [[ "$password" =~ [0-9] ]]; then | |||
error "Password harus mengandung huruf besar, huruf kecil, dan angka" | |||
return 1 | |||
fi | |||
return 0 | |||
} | } | ||
# | # Get MySQL root password from user | ||
get_mysql_password() { | |||
local password | |||
echo " | local password_confirm | ||
while true; do | |||
echo | |||
echo "=== KONFIGURASI PASSWORD MYSQL ROOT ===" | |||
echo "Password harus:" | |||
echo "- Minimal 8 karakter" | |||
echo "- Mengandung huruf besar dan kecil" | |||
echo "- Mengandung angka" | |||
echo | |||
read -s -p "Masukkan password untuk MySQL root user: " password | |||
echo | |||
if ! validate_mysql_password "$password"; then | |||
continue | |||
fi | |||
read -s -p "Konfirmasi password: " password_confirm | |||
echo | echo | ||
if [[ $ | if [[ "$password" != "$password_confirm" ]]; then | ||
error "Password tidak cocok!" | |||
continue | |||
fi | fi | ||
MYSQL_ROOT_PASSWORD="$password" | |||
log "Password MySQL root diterima" | |||
break | |||
done | |||
} | |||
# Secure MariaDB installation with user-provided password | |||
install_mariadb_secure() { | |||
log "Menginstall MariaDB server..." | |||
export DEBIAN_FRONTEND=noninteractive | |||
apt update | |||
apt install -y mariadb-server unzip curl wget | |||
log "Mengamankan instalasi MariaDB..." | |||
systemctl start mariadb | |||
systemctl enable mariadb | |||
# Gunakan expect atau metode non-interactive untuk mysql_secure_installation | |||
mysql -u root << SQL_EOF | |||
ALTER USER 'root'@'localhost' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}'; | |||
DELETE FROM mysql.user WHERE User=''; | |||
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1'); | |||
DROP DATABASE IF EXISTS test; | |||
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'; | |||
FLUSH PRIVILEGES; | |||
SQL_EOF | |||
if mysql -u root -p"${MYSQL_ROOT_PASSWORD}" -e "SELECT 1;" &>/dev/null; then | |||
log "Password MySQL root berhasil dikonfigurasi" | |||
else | else | ||
error "Gagal mengkonfigurasi password MySQL root!" | |||
exit 1 | |||
fi | fi | ||
} | } | ||
# | # Download phpMyAdmin dengan fallback | ||
download_phpmyadmin() { | |||
log "Mendownload phpMyAdmin..." | |||
LATEST_VERSION=$(curl -s --connect-timeout 10 https://www.phpmyadmin.net/home_page/version.txt | head -1) | |||
if [[ -z "$LATEST_VERSION" ]] || ! [[ "$LATEST_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then | |||
if [[ -z "$ | warn "Gagal mendapatkan versi terbaru, menggunakan fallback: 5.2.1" | ||
LATEST_VERSION="5.2.1" | |||
fi | fi | ||
log "Menggunakan phpMyAdmin version: $LATEST_VERSION" | |||
DOWNLOAD_URL="https://files.phpmyadmin.net/phpMyAdmin/${LATEST_VERSION}/phpMyAdmin-${LATEST_VERSION}-all-languages.zip" | |||
if ! wget --timeout=30 -O /tmp/phpmyadmin.zip "$DOWNLOAD_URL"; then | |||
error "Download phpMyAdmin gagal!" | |||
exit 1 | exit 1 | ||
fi | fi | ||
} | } | ||
# | # Setup phpMyAdmin directory and config | ||
setup_phpmyadmin() { | |||
log "Menyiapkan phpMyAdmin..." | |||
rm -rf /var/www/phpmyadmin | |||
unzip -q /tmp/phpmyadmin.zip -d /tmp/ | |||
mv /tmp/phpMyAdmin-*-all-languages /var/www/phpmyadmin | |||
# | # Selalu gunakan config.sample.inc.php sebagai base | ||
if | if [ -f "/var/www/phpmyadmin/config.sample.inc.php" ]; then | ||
cp /var/www/phpmyadmin/config.sample.inc.php /var/www/phpmyadmin/config.inc.php | |||
log "File config.inc.php dibuat dari config.sample.inc.php" | |||
else | |||
error "File config.sample.inc.php tidak ditemukan!" | |||
exit 1 | exit 1 | ||
fi | fi | ||
# Konfigurasi blowfish_secret yang proper | |||
configure_blowfish_secret | |||
} | |||
# Konfigurasi blowfish_secret YANG BENAR - hanya modifikasi baris yang diperlukan | |||
configure_blowfish_secret() { | |||
local config_file="/var/www/phpmyadmin/config.inc.php" | |||
log "Mengkonfigurasi blowfish_secret di config.inc.php..." | |||
# | # Backup file config | ||
cp "$config_file" "${config_file}.backup" | |||
# | # Cari dan replace baris blowfish_secret yang ada | ||
if | if grep -q "blowfish_secret" "$config_file"; then | ||
# Hapus baris blowfish_secret yang lama | |||
sed -i '/blowfish_secret/d' "$config_file" | |||
if [ | |||
# Tambahkan blowfish_secret yang baru di bagian yang tepat | |||
# Cari baris setelah declaration strict types | |||
if grep -q "declare(.*strict_types" "$config_file"; then | |||
# Tambahkan setelah strict_types declaration | |||
sed -i '/declare(.*strict_types/a \$cfg['"'"'blowfish_secret'"'"'] = sodium_hex2bin('"'"'f16ce59f45714194371b48fe362072dc3b019da7861558cd4ad29e4d6fb13851'"'"');' "$config_file" | |||
else | |||
# Jika tidak ada strict_types, tambahkan di area config umum | |||
# Cari area common configuration | |||
if grep -q "Configuration storage settings" "$config_file"; then | |||
# Tambahkan sebelum Configuration storage settings | |||
sed -i '/Configuration storage settings/i \$cfg['"'"'blowfish_secret'"'"'] = sodium_hex2bin('"'"'f16ce59f45714194371b48fe362072dc3b019da7861558cd4ad29e4d6fb13851'"'"');' "$config_file" | |||
else | |||
# Tambahkan di bagian atas file setelah PHP opening tag | |||
sed -i '1 a \$cfg['"'"'blowfish_secret'"'"'] = sodium_hex2bin('"'"'f16ce59f45714194371b48fe362072dc3b019da7861558cd4ad29e4d6fb13851'"'"');' "$config_file" | |||
fi | |||
fi | fi | ||
else | else | ||
# | # Jika tidak ada blowfish_secret, tambahkan di tempat yang tepat | ||
if grep -q "declare(.*strict_types" "$config_file"; then | |||
# Tambahkan setelah strict_types declaration | |||
sed -i '/declare(.*strict_types/a \$cfg['"'"'blowfish_secret'"'"'] = sodium_hex2bin('"'"'f16ce59f45714194371b48fe362072dc3b019da7861558cd4ad29e4d6fb13851'"'"');' "$config_file" | |||
else | else | ||
# Tambahkan di bagian atas file | |||
sed -i '1 a \$cfg['"'"'blowfish_secret'"'"'] = sodium_hex2bin('"'"'f16ce59f45714194371b48fe362072dc3b019da7861558cd4ad29e4d6fb13851'"'"');' "$config_file" | |||
fi | fi | ||
fi | fi | ||
# | # Verifikasi blowfish_secret berhasil ditambahkan | ||
if grep -q "blowfish_secret" "$config_file"; then | |||
log "blowfish_secret berhasil dikonfigurasi" | |||
# Tampilkan baris yang berhasil dimodifikasi untuk verifikasi | |||
log "Baris blowfish_secret yang ditambahkan:" | |||
grep "blowfish_secret" "$config_file" | |||
else | |||
error "Gagal mengkonfigurasi blowfish_secret!" | |||
exit 1 | exit 1 | ||
fi | fi | ||
} | } | ||
# | # Set secure permissions YANG BENAR untuk phpMyAdmin | ||
set_permissions() { | |||
local pmadir="/var/www/phpmyadmin" | |||
log "Mengatur permissions yang benar untuk phpMyAdmin..." | |||
# Set ownership ke www-data agar Apache bisa baca/tulis | |||
chown -R www-data:www-data "$pmadir" | |||
# Set permissions yang aman tapi bisa diakses Apache | |||
find "$pmadir" -type d -exec chmod 755 {} \; | |||
find "$pmadir" -type f -exec chmod 644 {} \; | |||
# Khusus config file, beri permission yang bisa dibaca Apache | |||
chmod 644 "$pmadir/config.inc.php" | |||
# Buat dan set permission untuk tmp directory | |||
mkdir -p "$pmadir/tmp" | |||
chown www-data:www-data "$pmadir/tmp" | |||
chmod 755 "$pmadir/tmp" | |||
log "Permissions berhasil diatur" | |||
} | |||
# Install PHP dependencies | |||
install_php_deps() { | |||
log "Menginstall PHP dan dependencies..." | |||
# Install PHP dan ekstensi yang diperlukan untuk phpMyAdmin | |||
local php_packages=( | |||
php | |||
php-fpm | |||
php-mysql | |||
php-mbstring | |||
php-zip | |||
php-gd | |||
php-curl | |||
php-xml | |||
php-bz2 | |||
php-json | |||
php-intl | |||
) | |||
for pkg in "${php_packages[@]}"; do | |||
if ! dpkg -l | grep -q "^ii $pkg "; then | |||
apt install -y "$pkg" | |||
fi | |||
done | |||
# Enable PHP module di Apache | |||
a2enmod rewrite | |||
a2enmod headers | |||
log "PHP dan dependencies berhasil diinstall" | |||
} | |||
# Create virtual host | |||
create_virtualhost() { | |||
log "Membuat virtualhost Apache..." | |||
echo | echo | ||
echo "--- | echo "=== KONFIGURASI VIRTUALHOST ===" | ||
echo -n "Masukkan ServerName untuk phpMyAdmin (contoh: pma.domain.com atau localhost): " | |||
read SERVER_NAME | |||
if [[ -z "$SERVER_NAME" ]]; then | |||
SERVER_NAME="localhost" | |||
warn "Menggunakan ServerName default: $SERVER_NAME" | |||
fi | |||
local vhost_file="/etc/apache2/sites-available/phpmyadmin.conf" | |||
# | # Create virtualhost file | ||
cat > "$vhost_file" << VHOST_EOF | |||
<VirtualHost *:80> | |||
ServerName $SERVER_NAME | |||
DocumentRoot /var/www/phpmyadmin | |||
<Directory /var/www/phpmyadmin> | |||
Options FollowSymLinks | |||
DirectoryIndex index.php | |||
AllowOverride All | |||
Require all granted | |||
# Security headers | |||
Header always set X-Content-Type-Options nosniff | |||
Header always set X-Frame-Options SAMEORIGIN | |||
Header always set X-XSS-Protection "1; mode=block" | |||
# PHP settings | |||
<FilesMatch \.php$> | |||
SetHandler application/x-httpd-php | |||
</FilesMatch> | |||
</Directory> | |||
# Logging | |||
ErrorLog \${APACHE_LOG_DIR}/phpmyadmin_error.log | |||
CustomLog \${APACHE_LOG_DIR}/phpmyadmin_access.log combined | |||
# Additional security | |||
<Directory "/var/www/phpmyadmin/setup"> | |||
Require all denied | |||
</Directory> | |||
</VirtualHost> | |||
VHOST_EOF | |||
echo "$SERVER_NAME" > /tmp/phpmyadmin_servername.txt | |||
log "Virtualhost berhasil dibuat: $vhost_file" | |||
} | |||
# Enable site and services | |||
enable_site() { | |||
log "Mengaktifkan site dan services..." | |||
a2ensite phpmyadmin.conf | |||
# Disable default site jika ada | |||
if [ -f "/etc/apache2/sites-enabled/000-default.conf" ]; then | |||
a2dissite 000-default.conf | |||
fi | |||
# Restart Apache | |||
systemctl restart apache2 | |||
# Restart MariaDB jika belum running | |||
if ! systemctl is-active --quiet mariadb; then | |||
systemctl start mariadb | |||
fi | |||
log "Services berhasil di-restart" | |||
} | } | ||
# | # Create phpMyAdmin database user (optional) | ||
create_pma_user() { | |||
log "Membuat user database khusus untuk phpMyAdmin..." | |||
local pma_password=$(openssl rand -base64 16) | |||
# | # Try to create pma user | ||
if mysql -u root -p"${MYSQL_ROOT_PASSWORD}" -e "SELECT 1;" &>/dev/null; then | |||
mysql -u root -p"${MYSQL_ROOT_PASSWORD}" << MYSQL_EOF | |||
CREATE USER IF NOT EXISTS 'pma_user'@'localhost' IDENTIFIED BY '${pma_password}'; | |||
GRANT ALL PRIVILEGES ON *.* TO 'pma_user'@'localhost' WITH GRANT OPTION; | |||
FLUSH PRIVILEGES; | |||
MYSQL_EOF | |||
if [[ $? -eq 0 ]]; then | |||
log "User pma_user berhasil dibuat" | |||
echo "Password pma_user: $pma_password" > /root/pma_password.txt | |||
chmod 600 /root/pma_password.txt | |||
else | |||
warn "Tidak dapat membuat user pma" | |||
fi | |||
else | |||
warn "Tidak dapat terhubung ke MySQL untuk membuat user pma" | |||
fi | |||
} | |||
# Save credentials securely | |||
save_credentials() { | |||
local cred_file="/root/phpmyadmin_credentials.txt" | |||
local server_name | |||
if [[ -f "/tmp/phpmyadmin_servername.txt" ]]; then | |||
server_name=$(cat /tmp/phpmyadmin_servername.txt) | |||
else | |||
server_name="$SERVER_NAME" | |||
fi | |||
# | # Create credentials file | ||
cat > | cat > "$cred_file" << CRED_EOF | ||
=== KREDENSIAL PHPYMYADMIN === | |||
Dibuat: $(date) | |||
ServerName: $server_name | |||
=== MYSQL CREDENTIALS === | |||
MySQL Root User: root | |||
MySQL Root Password: ${MYSQL_ROOT_PASSWORD} | |||
=== AKSES === | |||
URL: http://$server_name | |||
Direktori: /var/www/phpmyadmin | |||
File Konfigurasi: /var/www/phpmyadmin/config.inc.php | |||
=== KEAMANAN === | |||
- Simpan file ini di tempat yang aman | |||
- Hapus file ini setelah mencatat kredensial | |||
- Ubah password secara berkala | |||
CRED_EOF | |||
chmod 600 "$cred_file" | |||
log "Kredensial disimpan di: $cred_file" | |||
} | |||
# Verify installation | |||
verify_installation() { | |||
log "Memverifikasi instalasi..." | |||
# Verifikasi MariaDB | |||
if systemctl is-active --quiet mariadb; then | |||
log "✓ MariaDB service berjalan" | |||
else | |||
error "✗ MariaDB service tidak berjalan" | |||
fi | |||
# Verifikasi Apache | |||
if systemctl is-active --quiet apache2; then | |||
log "✓ Apache service berjalan" | |||
else | |||
error "✗ Apache service tidak berjalan" | |||
fi | |||
# | # Verifikasi file config.inc.php | ||
if [[ -f "/var/www/phpmyadmin/config.inc.php" ]]; then | |||
log "✓ File config.inc.php ada" | |||
# Verifikasi blowfish_secret | |||
if grep -q "blowfish_secret" "/var/www/phpmyadmin/config.inc.php"; then | |||
log "✓ blowfish_secret terkoneksi" | |||
# Tampilkan baris blowfish_secret untuk verifikasi | |||
log "Konfigurasi blowfish_secret:" | |||
grep "blowfish_secret" "/var/www/phpmyadmin/config.inc.php" | |||
else | |||
error "✗ blowfish_secret tidak ditemukan" | |||
fi | |||
# | # Verifikasi strict_types declaration ada | ||
if head -n 5 "/var/www/phpmyadmin/config.inc.php" | grep -q "strict_types"; then | |||
if | log "✓ strict_types declaration ada" | ||
else | else | ||
warn "⚠ strict_types declaration tidak ditemukan" | |||
fi | fi | ||
else | else | ||
error "✗ File config.inc.php tidak ditemukan" | |||
fi | |||
# Verifikasi direktori phpMyAdmin | |||
if [[ -d "/var/www/phpmyadmin" ]]; then | |||
log "✓ Direktori phpMyAdmin ada" | |||
else | |||
error "✗ Direktori phpMyAdmin tidak ditemukan" | |||
fi | |||
# Verifikasi PHP sodium extension | |||
if php -m | grep -q sodium; then | |||
log "✓ PHP sodium extension terinstall" | |||
else | |||
error "✗ PHP sodium extension tidak terinstall" | |||
fi | fi | ||
} | } | ||
# | # Cleanup function | ||
cleanup() { | |||
log "Membersihkan file temporary..." | |||
rm -f /tmp/phpmyadmin.zip | |||
rm -f /tmp/phpmyadmin_servername.txt | |||
} | } | ||
# Main | # Main installation function | ||
main() { | main() { | ||
if [[ $EUID -ne 0 ]]; then | if [[ $EUID -ne 0 ]]; then | ||
error "Script ini harus dijalankan sebagai root!" | |||
exit 1 | exit 1 | ||
fi | fi | ||
clear | |||
log "Memulai instalasi MariaDB dan phpMyAdmin di Debian 12" | |||
echo | |||
# | # Get MySQL password from user | ||
get_mysql_password | |||
# | # Installation steps | ||
install_mariadb_secure | |||
download_phpmyadmin | |||
setup_phpmyadmin | |||
install_php_deps | |||
set_permissions | |||
create_virtualhost | |||
enable_site | |||
create_pma_user | |||
save_credentials | |||
# | # Verifikasi | ||
verify_installation | |||
# | # Cleanup | ||
cleanup | |||
# | # Final output | ||
log "==================================================" | |||
log "INSTALASI BERHASIL!" | |||
log "==================================================" | |||
log "Akses phpMyAdmin: http://$SERVER_NAME" | |||
log "MySQL Root Password: [tersimpan di /root/phpmyadmin_credentials.txt]" | |||
log "" | |||
log "LANGKAH SELANJUTNYA:" | |||
log "1. Catat kredensial di /root/phpmyadmin_credentials.txt" | |||
log "2. Setup DNS/hosts file jika menggunakan domain" | |||
log "3. Consider setup SSL certificate" | |||
log "4. Restrict access by IP jika needed" | |||
log "==================================================" | |||
} | } | ||
# | # Run main function | ||
main "$@" | main "$@" | ||
</syntaxhighlight>Simpan script tersebut. | </syntaxhighlight>Simpan script tersebut. | ||
beri hak akses eksekusi<syntaxhighlight lang="linuxconfig"> | beri hak akses eksekusi<syntaxhighlight lang="linuxconfig"> | ||
chmod +x | chmod +x database.sh | ||
</syntaxhighlight>Jika script tidak jalan, jalankan perintah berikut<syntaxhighlight lang="linuxconfig"> | </syntaxhighlight>Jika script tidak jalan, jalankan perintah berikut<syntaxhighlight lang="linuxconfig"> | ||
sed -i 's/\r$//' | sed -i 's/\r$//' database.sh | ||
</syntaxhighlight>jalankan script<syntaxhighlight lang="linuxconfig"> | </syntaxhighlight>jalankan script<syntaxhighlight lang="linuxconfig"> | ||
./ | ./database.sh | ||
</syntaxhighlight> | </syntaxhighlight> | ||
Latest revision as of 13:01, 17 October 2025
Buat file baru dengan nama database.sh
nano database.sh
isikan script berikut ini :
#!/bin/bash
# Script untuk instalasi MariaDB dan phpMyAdmin di Debian 12
# Dengan pendekatan config yang benar - hanya modifikasi blowfish_secret
set -e
# Color codes for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m'
# Logging function
log() {
echo -e "${GREEN}[$(date '+%Y-%m-%d %H:%M:%S')] $1${NC}"
}
warn() {
echo -e "${YELLOW}[WARNING] $1${NC}"
}
error() {
echo -e "${RED}[ERROR] $1${NC}"
}
# Password validation
validate_mysql_password() {
local password="$1"
if [[ ${#password} -lt 8 ]]; then
error "Password harus minimal 8 karakter"
return 1
fi
if ! [[ "$password" =~ [A-Z] ]] || ! [[ "$password" =~ [a-z] ]] || ! [[ "$password" =~ [0-9] ]]; then
error "Password harus mengandung huruf besar, huruf kecil, dan angka"
return 1
fi
return 0
}
# Get MySQL root password from user
get_mysql_password() {
local password
local password_confirm
while true; do
echo
echo "=== KONFIGURASI PASSWORD MYSQL ROOT ==="
echo "Password harus:"
echo "- Minimal 8 karakter"
echo "- Mengandung huruf besar dan kecil"
echo "- Mengandung angka"
echo
read -s -p "Masukkan password untuk MySQL root user: " password
echo
if ! validate_mysql_password "$password"; then
continue
fi
read -s -p "Konfirmasi password: " password_confirm
echo
if [[ "$password" != "$password_confirm" ]]; then
error "Password tidak cocok!"
continue
fi
MYSQL_ROOT_PASSWORD="$password"
log "Password MySQL root diterima"
break
done
}
# Secure MariaDB installation with user-provided password
install_mariadb_secure() {
log "Menginstall MariaDB server..."
export DEBIAN_FRONTEND=noninteractive
apt update
apt install -y mariadb-server unzip curl wget
log "Mengamankan instalasi MariaDB..."
systemctl start mariadb
systemctl enable mariadb
# Gunakan expect atau metode non-interactive untuk mysql_secure_installation
mysql -u root << SQL_EOF
ALTER USER 'root'@'localhost' IDENTIFIED BY '${MYSQL_ROOT_PASSWORD}';
DELETE FROM mysql.user WHERE User='';
DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');
DROP DATABASE IF EXISTS test;
DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%';
FLUSH PRIVILEGES;
SQL_EOF
if mysql -u root -p"${MYSQL_ROOT_PASSWORD}" -e "SELECT 1;" &>/dev/null; then
log "Password MySQL root berhasil dikonfigurasi"
else
error "Gagal mengkonfigurasi password MySQL root!"
exit 1
fi
}
# Download phpMyAdmin dengan fallback
download_phpmyadmin() {
log "Mendownload phpMyAdmin..."
LATEST_VERSION=$(curl -s --connect-timeout 10 https://www.phpmyadmin.net/home_page/version.txt | head -1)
if [[ -z "$LATEST_VERSION" ]] || ! [[ "$LATEST_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
warn "Gagal mendapatkan versi terbaru, menggunakan fallback: 5.2.1"
LATEST_VERSION="5.2.1"
fi
log "Menggunakan phpMyAdmin version: $LATEST_VERSION"
DOWNLOAD_URL="https://files.phpmyadmin.net/phpMyAdmin/${LATEST_VERSION}/phpMyAdmin-${LATEST_VERSION}-all-languages.zip"
if ! wget --timeout=30 -O /tmp/phpmyadmin.zip "$DOWNLOAD_URL"; then
error "Download phpMyAdmin gagal!"
exit 1
fi
}
# Setup phpMyAdmin directory and config
setup_phpmyadmin() {
log "Menyiapkan phpMyAdmin..."
rm -rf /var/www/phpmyadmin
unzip -q /tmp/phpmyadmin.zip -d /tmp/
mv /tmp/phpMyAdmin-*-all-languages /var/www/phpmyadmin
# Selalu gunakan config.sample.inc.php sebagai base
if [ -f "/var/www/phpmyadmin/config.sample.inc.php" ]; then
cp /var/www/phpmyadmin/config.sample.inc.php /var/www/phpmyadmin/config.inc.php
log "File config.inc.php dibuat dari config.sample.inc.php"
else
error "File config.sample.inc.php tidak ditemukan!"
exit 1
fi
# Konfigurasi blowfish_secret yang proper
configure_blowfish_secret
}
# Konfigurasi blowfish_secret YANG BENAR - hanya modifikasi baris yang diperlukan
configure_blowfish_secret() {
local config_file="/var/www/phpmyadmin/config.inc.php"
log "Mengkonfigurasi blowfish_secret di config.inc.php..."
# Backup file config
cp "$config_file" "${config_file}.backup"
# Cari dan replace baris blowfish_secret yang ada
if grep -q "blowfish_secret" "$config_file"; then
# Hapus baris blowfish_secret yang lama
sed -i '/blowfish_secret/d' "$config_file"
# Tambahkan blowfish_secret yang baru di bagian yang tepat
# Cari baris setelah declaration strict types
if grep -q "declare(.*strict_types" "$config_file"; then
# Tambahkan setelah strict_types declaration
sed -i '/declare(.*strict_types/a \$cfg['"'"'blowfish_secret'"'"'] = sodium_hex2bin('"'"'f16ce59f45714194371b48fe362072dc3b019da7861558cd4ad29e4d6fb13851'"'"');' "$config_file"
else
# Jika tidak ada strict_types, tambahkan di area config umum
# Cari area common configuration
if grep -q "Configuration storage settings" "$config_file"; then
# Tambahkan sebelum Configuration storage settings
sed -i '/Configuration storage settings/i \$cfg['"'"'blowfish_secret'"'"'] = sodium_hex2bin('"'"'f16ce59f45714194371b48fe362072dc3b019da7861558cd4ad29e4d6fb13851'"'"');' "$config_file"
else
# Tambahkan di bagian atas file setelah PHP opening tag
sed -i '1 a \$cfg['"'"'blowfish_secret'"'"'] = sodium_hex2bin('"'"'f16ce59f45714194371b48fe362072dc3b019da7861558cd4ad29e4d6fb13851'"'"');' "$config_file"
fi
fi
else
# Jika tidak ada blowfish_secret, tambahkan di tempat yang tepat
if grep -q "declare(.*strict_types" "$config_file"; then
# Tambahkan setelah strict_types declaration
sed -i '/declare(.*strict_types/a \$cfg['"'"'blowfish_secret'"'"'] = sodium_hex2bin('"'"'f16ce59f45714194371b48fe362072dc3b019da7861558cd4ad29e4d6fb13851'"'"');' "$config_file"
else
# Tambahkan di bagian atas file
sed -i '1 a \$cfg['"'"'blowfish_secret'"'"'] = sodium_hex2bin('"'"'f16ce59f45714194371b48fe362072dc3b019da7861558cd4ad29e4d6fb13851'"'"');' "$config_file"
fi
fi
# Verifikasi blowfish_secret berhasil ditambahkan
if grep -q "blowfish_secret" "$config_file"; then
log "blowfish_secret berhasil dikonfigurasi"
# Tampilkan baris yang berhasil dimodifikasi untuk verifikasi
log "Baris blowfish_secret yang ditambahkan:"
grep "blowfish_secret" "$config_file"
else
error "Gagal mengkonfigurasi blowfish_secret!"
exit 1
fi
}
# Set secure permissions YANG BENAR untuk phpMyAdmin
set_permissions() {
local pmadir="/var/www/phpmyadmin"
log "Mengatur permissions yang benar untuk phpMyAdmin..."
# Set ownership ke www-data agar Apache bisa baca/tulis
chown -R www-data:www-data "$pmadir"
# Set permissions yang aman tapi bisa diakses Apache
find "$pmadir" -type d -exec chmod 755 {} \;
find "$pmadir" -type f -exec chmod 644 {} \;
# Khusus config file, beri permission yang bisa dibaca Apache
chmod 644 "$pmadir/config.inc.php"
# Buat dan set permission untuk tmp directory
mkdir -p "$pmadir/tmp"
chown www-data:www-data "$pmadir/tmp"
chmod 755 "$pmadir/tmp"
log "Permissions berhasil diatur"
}
# Install PHP dependencies
install_php_deps() {
log "Menginstall PHP dan dependencies..."
# Install PHP dan ekstensi yang diperlukan untuk phpMyAdmin
local php_packages=(
php
php-fpm
php-mysql
php-mbstring
php-zip
php-gd
php-curl
php-xml
php-bz2
php-json
php-intl
)
for pkg in "${php_packages[@]}"; do
if ! dpkg -l | grep -q "^ii $pkg "; then
apt install -y "$pkg"
fi
done
# Enable PHP module di Apache
a2enmod rewrite
a2enmod headers
log "PHP dan dependencies berhasil diinstall"
}
# Create virtual host
create_virtualhost() {
log "Membuat virtualhost Apache..."
echo
echo "=== KONFIGURASI VIRTUALHOST ==="
echo -n "Masukkan ServerName untuk phpMyAdmin (contoh: pma.domain.com atau localhost): "
read SERVER_NAME
if [[ -z "$SERVER_NAME" ]]; then
SERVER_NAME="localhost"
warn "Menggunakan ServerName default: $SERVER_NAME"
fi
local vhost_file="/etc/apache2/sites-available/phpmyadmin.conf"
# Create virtualhost file
cat > "$vhost_file" << VHOST_EOF
<VirtualHost *:80>
ServerName $SERVER_NAME
DocumentRoot /var/www/phpmyadmin
<Directory /var/www/phpmyadmin>
Options FollowSymLinks
DirectoryIndex index.php
AllowOverride All
Require all granted
# Security headers
Header always set X-Content-Type-Options nosniff
Header always set X-Frame-Options SAMEORIGIN
Header always set X-XSS-Protection "1; mode=block"
# PHP settings
<FilesMatch \.php$>
SetHandler application/x-httpd-php
</FilesMatch>
</Directory>
# Logging
ErrorLog \${APACHE_LOG_DIR}/phpmyadmin_error.log
CustomLog \${APACHE_LOG_DIR}/phpmyadmin_access.log combined
# Additional security
<Directory "/var/www/phpmyadmin/setup">
Require all denied
</Directory>
</VirtualHost>
VHOST_EOF
echo "$SERVER_NAME" > /tmp/phpmyadmin_servername.txt
log "Virtualhost berhasil dibuat: $vhost_file"
}
# Enable site and services
enable_site() {
log "Mengaktifkan site dan services..."
a2ensite phpmyadmin.conf
# Disable default site jika ada
if [ -f "/etc/apache2/sites-enabled/000-default.conf" ]; then
a2dissite 000-default.conf
fi
# Restart Apache
systemctl restart apache2
# Restart MariaDB jika belum running
if ! systemctl is-active --quiet mariadb; then
systemctl start mariadb
fi
log "Services berhasil di-restart"
}
# Create phpMyAdmin database user (optional)
create_pma_user() {
log "Membuat user database khusus untuk phpMyAdmin..."
local pma_password=$(openssl rand -base64 16)
# Try to create pma user
if mysql -u root -p"${MYSQL_ROOT_PASSWORD}" -e "SELECT 1;" &>/dev/null; then
mysql -u root -p"${MYSQL_ROOT_PASSWORD}" << MYSQL_EOF
CREATE USER IF NOT EXISTS 'pma_user'@'localhost' IDENTIFIED BY '${pma_password}';
GRANT ALL PRIVILEGES ON *.* TO 'pma_user'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;
MYSQL_EOF
if [[ $? -eq 0 ]]; then
log "User pma_user berhasil dibuat"
echo "Password pma_user: $pma_password" > /root/pma_password.txt
chmod 600 /root/pma_password.txt
else
warn "Tidak dapat membuat user pma"
fi
else
warn "Tidak dapat terhubung ke MySQL untuk membuat user pma"
fi
}
# Save credentials securely
save_credentials() {
local cred_file="/root/phpmyadmin_credentials.txt"
local server_name
if [[ -f "/tmp/phpmyadmin_servername.txt" ]]; then
server_name=$(cat /tmp/phpmyadmin_servername.txt)
else
server_name="$SERVER_NAME"
fi
# Create credentials file
cat > "$cred_file" << CRED_EOF
=== KREDENSIAL PHPYMYADMIN ===
Dibuat: $(date)
ServerName: $server_name
=== MYSQL CREDENTIALS ===
MySQL Root User: root
MySQL Root Password: ${MYSQL_ROOT_PASSWORD}
=== AKSES ===
URL: http://$server_name
Direktori: /var/www/phpmyadmin
File Konfigurasi: /var/www/phpmyadmin/config.inc.php
=== KEAMANAN ===
- Simpan file ini di tempat yang aman
- Hapus file ini setelah mencatat kredensial
- Ubah password secara berkala
CRED_EOF
chmod 600 "$cred_file"
log "Kredensial disimpan di: $cred_file"
}
# Verify installation
verify_installation() {
log "Memverifikasi instalasi..."
# Verifikasi MariaDB
if systemctl is-active --quiet mariadb; then
log "✓ MariaDB service berjalan"
else
error "✗ MariaDB service tidak berjalan"
fi
# Verifikasi Apache
if systemctl is-active --quiet apache2; then
log "✓ Apache service berjalan"
else
error "✗ Apache service tidak berjalan"
fi
# Verifikasi file config.inc.php
if [[ -f "/var/www/phpmyadmin/config.inc.php" ]]; then
log "✓ File config.inc.php ada"
# Verifikasi blowfish_secret
if grep -q "blowfish_secret" "/var/www/phpmyadmin/config.inc.php"; then
log "✓ blowfish_secret terkoneksi"
# Tampilkan baris blowfish_secret untuk verifikasi
log "Konfigurasi blowfish_secret:"
grep "blowfish_secret" "/var/www/phpmyadmin/config.inc.php"
else
error "✗ blowfish_secret tidak ditemukan"
fi
# Verifikasi strict_types declaration ada
if head -n 5 "/var/www/phpmyadmin/config.inc.php" | grep -q "strict_types"; then
log "✓ strict_types declaration ada"
else
warn "⚠ strict_types declaration tidak ditemukan"
fi
else
error "✗ File config.inc.php tidak ditemukan"
fi
# Verifikasi direktori phpMyAdmin
if [[ -d "/var/www/phpmyadmin" ]]; then
log "✓ Direktori phpMyAdmin ada"
else
error "✗ Direktori phpMyAdmin tidak ditemukan"
fi
# Verifikasi PHP sodium extension
if php -m | grep -q sodium; then
log "✓ PHP sodium extension terinstall"
else
error "✗ PHP sodium extension tidak terinstall"
fi
}
# Cleanup function
cleanup() {
log "Membersihkan file temporary..."
rm -f /tmp/phpmyadmin.zip
rm -f /tmp/phpmyadmin_servername.txt
}
# Main installation function
main() {
if [[ $EUID -ne 0 ]]; then
error "Script ini harus dijalankan sebagai root!"
exit 1
fi
clear
log "Memulai instalasi MariaDB dan phpMyAdmin di Debian 12"
echo
# Get MySQL password from user
get_mysql_password
# Installation steps
install_mariadb_secure
download_phpmyadmin
setup_phpmyadmin
install_php_deps
set_permissions
create_virtualhost
enable_site
create_pma_user
save_credentials
# Verifikasi
verify_installation
# Cleanup
cleanup
# Final output
log "=================================================="
log "INSTALASI BERHASIL!"
log "=================================================="
log "Akses phpMyAdmin: http://$SERVER_NAME"
log "MySQL Root Password: [tersimpan di /root/phpmyadmin_credentials.txt]"
log ""
log "LANGKAH SELANJUTNYA:"
log "1. Catat kredensial di /root/phpmyadmin_credentials.txt"
log "2. Setup DNS/hosts file jika menggunakan domain"
log "3. Consider setup SSL certificate"
log "4. Restrict access by IP jika needed"
log "=================================================="
}
# Run main function
main "$@"
Simpan script tersebut. beri hak akses eksekusi
chmod +x database.sh
Jika script tidak jalan, jalankan perintah berikut
sed -i 's/\r$//' database.sh
jalankan script
./database.sh