Kembali ke Blog
SERVER

Production Deployment of OpenSID on Ubuntu Server Utilizing Nginx and Let's Encrypt

02 Jun 2026 Administrator
Header Hero

Production Deployment of OpenSID on Ubuntu Server Utilizing Nginx and Let's Encrypt



OpenSID is a specialized, web-based Village Information System (Sistem Informasi Desa / SID) application engineered to optimize public administration workflows within village governments across Indonesia. By leveraging OpenSID, local administrations can digitize citizen records, streamline document distribution, compile fiscal reports, and manage public announcements with greater efficiency. The overarching initiative aims to empower over 74,000 villages nationwide with sustainable technological infrastructures.



Core Institutional Benefits



  • Optimized Public Welfare: Speeds up handling administrative filings and distributing citizen paperwork.

  • Democratized Information Access: Provides local communities with open, unhindered pathways to public village insights.

  • Accountable Governance: Helps village entities operate with verifiable transparency and data integrity.




"The primary mission of the OpenSID project is to ensure that all 74,000+ village communities across the Indonesian archipelago can leverage integrated software architectures to advance their local infrastructure."

— Extracted via the Official OpenSID Core Repository


Initial Infrastructure Prerequisites


Before executing the compilation scripts, you must provision an isolated server environment. This setup document outlines an online deployment leveraging an enterprise-grade Virtual Private Server (VPS) rather than an insecure local development stack like XAMPP, making your site instantly accessible via a public domain name.



Target Server Benchmark Specification



  • Processor Resource: 1 vCPU Core

  • System Memory: 2 GB RAM

  • Storage Media: 25 GB NVMe SSD Volume

  • Designated Production Domain: demokan.web.id

  • Infrastructure Provider: Jetorbit Cloud Services




Alternative Setup Track: Containerizing the OpenSID Software Stack Utilizing Docker Architecture.


High-Level Deployment Path


The system compilation sequence is broken down into the following operational phases:



  1. Updating local core operating system indexes and time localization tracks.

  2. Deploying and verifying the high-performance Nginx web processing server.

  3. Installing and monitoring the MariaDB relational storage engine.

  4. Linking custom repositories to build the PHP 8.1 runtime and prerequisite framework extensions.

  5. Cloning and assigning system permissions to the main OpenSID distribution source code.

  6. Structuring isolated relational databases, users, and security privileges.

  7. Engineering a custom Nginx virtual host configuration block file.

  8. Configuring edge network DNS A records.

  9. Enforcing transport layer security patches utilizing Let's Encrypt SSL automation.

  10. Executing the canonical browser-based schema installation wizard.





Step 1: Refreshing Repository Indexes and Synchronizing System Clocks


Prior to introducing any external program dependencies, upgrade the internal server application index structures to patch legacy software vulnerabilities:



sudo apt update && sudo apt upgrade -y


Align the host system runtime clock parameters with your actual geographic region to ensure that system logging, security auditing, and automated background cron tasks run accurately (e.g., matching Western Indonesian Time):



sudo timedatectl set-timezone Asia/Jakarta




Step 2: Deploying the Nginx Web Processing Server


To establish a fast and reliable public routing layer, install the stable Nginx web server engine onto the server host instance:



sudo apt install -y nginx


Launch the web routing background daemon and configure the service layer to spin up automatically during subsequent hardware power boot cycles:



sudo systemctl start nginx

sudo systemctl enable nginx


Verify base network accessibility by entering your server's public IP address into an internet browser address bar. The standard default Nginx greeting screen should display on your screen.





If the web interface stalls or drops the connection, local firewall systems are likely blockading incoming requests. Clear this constraint by modifying your internal Netfilter iptables configurations to allow public inbound traffic over ports 80 and 443:



sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT

sudo iptables -I INPUT -p tcp --dport 443 -j ACCEPT




Step 3: Compiling the MariaDB Transactional Database Server


To manage OpenSID's relational public record data tables, install the standard MariaDB database service engine components:



sudo apt install -y mariadb-server mariadb-client


Following a successful build sequence, initialize the relational data platform daemon, enable it to run on startup, and check its operational tracking states to ensure a healthy active status:



sudo systemctl start mariadb

sudo systemctl enable mariadb

sudo systemctl status mariadb


Ensure that the active tracking line outputs confirm the database is running normally.







Step 4: Provisioning PHP 8.1 and Required Framework Extensions


The core OpenSID code base requires stable PHP environments between version 8.1 and 8.2.0. Because legacy PHP tracks are omitted from standard Ubuntu 24.04 core package channels, you must link verified external software repositories to compile the required dependencies.



Incorporate the trusted Ondrej PHP repository configuration track into your system deployment layout:



sudo apt update

sudo apt install -y software-properties-common

sudo add-apt-repository ppa:ondrej/php

sudo apt update


Deploy the main PHP 8.1 FastCGI Process Manager (FPM) runtime along with the complete suite of extension libraries required by the application:



sudo apt install -y php8.1 php8.1-fpm php8.1-curl php8.1-fileinfo php8.1-gd php8.1-iconv php8.1-mbstring php8.1-mysqli php8.1-mysqlnd php8.1-tidy php8.1-zip php8.1-xml


Verify that the binary environment variable maps to the correct execution target version:





If your server maintains multiple active PHP runtimes concurrently, execute the configuration utility below to set the default global command line terminal processor back to track 8.1:



sudo update-alternatives --config php




Step 5: Cloning the OpenSID Core Source Code Distribution


The stable production components of the platform are maintained under public Git version control trees. Install Git and clone the targeted production release tree into your server environment workspace:



sudo apt install git

git clone https://github.com/OpenSID/OpenSID.git


Relocate the extracted software directory files over to the production web document root directory path:



sudo mv OpenSID /var/www/


Enforce strict access security lines by transferring directory ownership properties directly to the standard Nginx system user (www-data):



sudo chown www-data:www-data /var/www/OpenSID -R

sudo chmod 755 /var/www/OpenSID




Step 6: Creating the Relational Core Application Database


Access the MariaDB command console workspace using root administrative privileges to establish an isolated storage channel:



sudo mariadb


Execute the following relational statements to build a separate database, create an independent service account profile, and grant full application access rights. Be sure to replace the placeholder password string 'rahasia' with a highly secure custom passphrase value:



CREATE DATABASE opensid_db;

CREATE USER opensiduser@localhost IDENTIFIED BY 'rahasia';

GRANT ALL PRIVILEGES ON opensid_db.* TO opensiduser@localhost IDENTIFIED BY 'rahasia';


Commit the newly mapped security privileges across active system tables and shut down the terminal database session connection:



FLUSH PRIVILEGES;

EXIT;


Your data configuration terminal entries should closely match the standard user creation sequence layout shown below.







Step 7: Engineering the Nginx Virtual Host Configuration Block


An Nginx Virtual Host profile explicitly delegates inbound domain requests, isolates system root directories, restricts unauthorized hidden script loops, and forwards execution streams to the underlying PHP-FPM execution path socket.



Generate a new server block file within your web server configurations directory path using a text editor:



sudo nano /etc/nginx/sites-available/opensid.conf


Inject the following optimized and hardened security rules parameters into the file, ensuring you replace demokan.web.id with your live web domain name:



server {

    listen 80;

    server_name demokan.web.id;



    root /var/www/OpenSID;

    index index.php;



    location / {

        try_files $uri $uri/ /index.php?$args;

    }



    # Additional Security and Buffer Configuration

    client_max_body_size 10M;

    client_body_buffer_size 128k;

    client_body_timeout 10;

    client_header_timeout 10;

    keepalive_timeout 5;



    location ~ \.php$ {

        include snippets/fastcgi-php.conf;

        fastcgi_pass unix:/var/run/php/php8.1-fpm.sock;

        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

        include fastcgi_params;

        fastcgi_read_timeout 3600;

    }



    # Enhanced Security Headers

    add_header X-Content-Type-Options nosniff;

    add_header X-XSS-Protection "1; mode=block";

    add_header X-Permitted-Cross-Domain-Policies none;

    add_header X-Frame-Options "SAMEORIGIN";



    location ~ /\.ht {

        deny all;

    }



    error_log /var/log/nginx/opensid_error.log;

    access_log /var/log/nginx/opensid_access.log;

}


Link your site file into the active web routing directories to prepare for live deployment:



sudo ln -s /etc/nginx/sites-available/opensid.conf /etc/nginx/sites-enabled/


Run a verification trace configuration test to check that your structural statements do not contain format anomalies or typos:



sudo nginx -t


Ensure that the validation checks confirm a successful configuration status output before restarting your web infrastructure:



sudo systemctl restart nginx




Step 8: Setting Up Domain DNS Records


To establish a clean custom domain address path instead of using raw server IP strings, map your zones within your central domain registry dashboard. If you use Cloudflare systems to manage records, establish a standard DNS A Record entry pointing your core root name straight to your production VPS public IP network address.





Note that network propagation latency can vary across global routing channels depending on specified TTL variables. Proxy cloud networks typically optimize this update speed curve to just 1 or 2 minutes.





Step 9: Enforcing Production Let's Encrypt TLS/SSL Transport Security


To secure public community traffic data, configure transport encryption layers via Let's Encrypt. Install the core Certbot client library along with its native Nginx configuration modules:



sudo apt install -y certbot python3-certbot-nginx


Execute the automated script tracking sequence to request your free security keys, apply runtime rewrite parameters, and handle HTTPS server redirects automatically. Be sure to update the email parameters and target domain values with your live data:



sudo certbot --nginx --agree-tos --redirect --email admin@yourdomain.com -d demokan.web.id


Verify that your console returns a successful certificate deployment notification string before proceeding.







Step 10: Running the Graphical Web Initialization Wizard


With all backend server dependencies running smoothly, open an internet browser window and load your production domain address (e.g., https://demokan.web.id) to initiate the graphical setup assistant script.





The system web installer will evaluate your server specifications. Verify that all dependencies return an affirmative green check status log before proceeding.





Next, the installer verifies read and write permission attributes on your internal directory storage logs. Ensure these evaluations display successful validation indicators as well.





Input your database access settings using the database name, user identifier, and password passphrase strings established during Step 6.





Conclude the installation by creating your primary administrator profile account credentials, which will give you secure access to manage your site dashboard configuration screens.





Once finalized, the application will redirect you directly to the primary public community landing workspace dashboard.







Post-Installation Tuning: Maximizing PHP Resource Capacities


To prevent execution timeouts when processing large batch tasks, importing vast census csv spreadsheets, or handling file structures, scale up your default PHP limits to align with the core software recommendations.



Execute the following inline modifier statements to adjust memory limits and execution caps within your active PHP configuration files:



sudo sed -i 's/^max_execution_time = .*/max_execution_time = 30/' /etc/php/8.1/fpm/php.ini

sudo sed -i 's/^post_max_size = .*/post_max_size = 8M/' /etc/php/8.1/fpm/php.ini

sudo sed -i 's/^upload_max_filesize = .*/upload_max_filesize = 2M/' /etc/php/8.1/fpm/php.ini

sudo sed -i 's/^memory_limit = .*/memory_limit = 128M/' /etc/php/8.1/fpm/php.ini


Restart your PHP FastCGI processor engine instances to apply the performance modifications immediately:



sudo systemctl restart php8.1-fpm


Summary


By pairing Ubuntu Server with an optimized Nginx server block framework and securing data pipelines through automated Let's Encrypt SSL configurations, your OpenSID village ecosystem is now running within a highly secure, enterprise-grade cloud architecture. This environment provides low latency, strong request balancing, and robust data isolation to power your digital village administration workflows smoothly.

DAFTAR ARTIKEL LAINNYA