mbahsomo
/
mbahsomo-note
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update system-lof.md

This commit is contained in:
mbahsomo 2026-02-16 01:03:51 +00:00
parent e2c51c2b1e
commit 8cb705450e
1 changed files with 176 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

176
system-lof.md
View File

@ -121,3 +121,179 @@ isi:
} }
``` ```
## Untuk user non root
Berikut contoh **systemd service production-ready** yang lebih aman, ada logging, restart policy, dan security hardening.
Misalnya file:
`/etc/systemd/system/delamonganpasarapi.service`
```
[Unit]
Description=Delamongan Pasar API Service
After=network.target
[Service]
Type=simple
# Jalankan dengan user khusus (BUKAN root)
User=api
Group=api
# folder kerja aplikasi
WorkingDirectory=/home/api
# jalankan binary
ExecStart=/home/api/delamonganpasarapi
# restart otomatis jika crash
Restart=always
RestartSec=5
# logging
StandardOutput=append:/var/log/delamonganpasarapi.log
StandardError=append:/var/log/delamonganpasarapi-error.log
SyslogIdentifier=delamonganpasarapi
# limit resource (optional tapi recommended)
LimitNOFILE=65535
# security hardening
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=/home/api /var/log
# timeout
TimeoutStartSec=30
TimeoutStopSec=30
[Install]
WantedBy=multi-user.target
```
---
# 1. Buat user khusus (recommended)
Jangan pakai root.
```
sudo useradd -r -s /bin/false -d /home/api api
sudo chown -R api:api /home/api
```
---
# 2. Buat file log
```
sudo touch /var/log/delamonganpasarapi.log
sudo touch /var/log/delamonganpasarapi-error.log
sudo chown api:api /var/log/delamonganpasarapi*.log
```
---
# 3. Enable dan start service
```
sudo systemctl daemon-reload
sudo systemctl enable delamonganpasarapi
sudo systemctl start delamonganpasarapi
```
Cek status:
```
sudo systemctl status delamonganpasarapi
```
---
# 4. Monitor log realtime
File log:
```
tail -f /var/log/delamonganpasarapi.log
```
Error log:
```
tail -f /var/log/delamonganpasarapi-error.log
```
Atau journalctl:
```
journalctl -u delamonganpasarapi -f
```
---
# 5. Auto start saat boot
Sudah otomatis karena:
```
WantedBy=multi-user.target
```
dan
```
systemctl enable delamonganpasarapi
```
---
# 6. Bonus (SANGAT recommended): logrotate
```
sudo nano /etc/logrotate.d/delamonganpasarapi
```
isi:
```
/var/log/delamonganpasarapi*.log {
daily
rotate 30
compress
delaycompress
missingok
notifempty
copytruncate
}
```
---
# 7. Struktur production yang ideal
```
/home/api/
├── delamonganpasarapi
├── config.json
└── .env
/var/log/
├── delamonganpasarapi.log
└── delamonganpasarapi-error.log
```
---
# 8. Debug cepat kalau service gagal
```
journalctl -u delamonganpasarapi -n 100 --no-pager
```
---
Kalau mau, saya bisa buatkan juga: