Tutorial DevOps Go Fiber 28 April 2026 · 12 min read

Cara Deploy Fullstack App React + Go Fiber ke AWS EC2 dengan Docker & GitHub Actions CI/CD

Panduan lengkap dari nol: setup EC2, Docker Compose, Nginx reverse proxy, SSL, sampai CI/CD pipeline otomatis yang berjalan tiap push ke main branch. Semua berdasarkan pengalaman langsung deploy proyek Letta School.

Maulana Nur Anfajm (Lananuranf)

Fullstack Developer · Mahasiswa Universitas Gunadarma

Stack yang digunakan: ReactGo FiberPostgreSQLDockerDocker ComposeAWS EC2GitHub ActionsNginxSSL/HTTPS

Pendahuluan

Salah satu skill yang paling berguna tapi jarang diajarkan di kampus adalah bagaimana cara deploy aplikasi ke internet secara benar — bukan cuma "bisa diakses", tapi production-grade: aman, otomatis, dan mudah dimaintain.

Artikel ini adalah panduan lengkap yang saya tulis berdasarkan pengalaman langsung men-deploy Letta School, sebuah fullstack school management system dengan React di frontend dan Go Fiber di backend.

⚡ Yang akan kamu pelajari:

Setup AWS EC2 instance (Ubuntu) dari nol
Dockerize React app dan Go Fiber app
Orchestrate multi-container dengan Docker Compose
Konfigurasi Nginx reverse proxy + SSL dengan Let's Encrypt
Build GitHub Actions CI/CD pipeline yang fully automated
Tips production: health check, restart policy, environment variables

Prasyarat

Akun AWS (bisa pakai free tier untuk EC2 t2.micro)
Domain yang sudah diarahkan ke IP EC2 (untuk SSL)
Pemahaman dasar Docker dan Linux command line
Repository GitHub dengan kode React + Go Fiber

Step 1: Setup AWS EC2 Instance

Login ke AWS Console → EC2 → "Launch Instance". Pilih Ubuntu Server 22.04 LTS. Instance type t2.micro cukup untuk project kecil-menengah (masuk free tier).

Security Group — buka port berikut:

22 (SSH) — restrict ke IP kamu saja
80 (HTTP) — dari mana saja
443 (HTTPS) — dari mana saja

Download file .pem, simpan aman, lalu koneksi SSH:

chmod 400 your-key.pem
ssh -i your-key.pem ubuntu@YOUR_EC2_IP

Step 2: Install Docker di EC2

# Update system
sudo apt-get update && sudo apt-get upgrade -y

# Install dependencies
sudo apt-get install -y ca-certificates curl gnupg lsb-release

# Add Docker GPG key
sudo mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg

# Add Docker repository
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] \
https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

# Install Docker Engine
sudo apt-get update
sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin

# Tambahkan user ubuntu ke group docker
sudo usermod -aG docker ubuntu
newgrp docker

# Verifikasi
docker --version
docker compose version

Step 3: Dockerize Go Fiber Backend

Pakai multi-stage build untuk meminimalkan ukuran image — dari ~300MB jadi hanya ~15MB:

# Stage 1: Build binary
FROM golang:1.22-alpine AS builder
WORKDIR /app

COPY go.mod go.sum ./
RUN go mod download

COPY . .
RUN CGO_ENABLED=0 GOOS=linux go build -ldflags="-s -w" -o main ./cmd/main.go

# Stage 2: Image final (minimal)
FROM alpine:3.19
RUN apk --no-cache add ca-certificates tzdata
WORKDIR /root/
COPY --from=builder /app/main .
ENV TZ=Asia/Jakarta
EXPOSE 8080
CMD ["./main"]

Step 4: Dockerize React Frontend

React di-build jadi static files, lalu di-serve Nginx. Jauh lebih efisien dari npm start di production:

# Stage 1: Build React app
FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci --only=production
COPY . .
RUN npm run build

# Stage 2: Serve dengan Nginx
FROM nginx:alpine
COPY --from=builder /app/dist /usr/share/nginx/html
COPY nginx-frontend.conf /etc/nginx/conf.d/default.conf
EXPOSE 80
CMD ["nginx", "-g", "daemon off;"]

Konfigurasi Nginx untuk handle React Router (SPA fallback):

server {
    listen 80;
    root /usr/share/nginx/html;
    index index.html;

    gzip on;
    gzip_types text/css application/javascript application/json;

    location / {
        try_files $uri $uri/ /index.html;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg|woff2)$ {
        expires 1y;
        add_header Cache-Control "public, immutable";
    }
}

Step 5: Docker Compose

Orchestrate semua service (db, backend, frontend, nginx) dalam satu file:

version: '3.8'

services:
  db:
    image: postgres:16-alpine
    container_name: letta_db
    restart: unless-stopped
    environment:
      POSTGRES_USER: ${DB_USER}
      POSTGRES_PASSWORD: ${DB_PASSWORD}
      POSTGRES_DB: ${DB_NAME}
    volumes:
      - postgres_data:/var/lib/postgresql/data
    networks:
      - app-network
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U ${DB_USER}"]
      interval: 10s
      timeout: 5s
      retries: 5

  backend:
    build:
      context: ./backend
      dockerfile: Dockerfile
    container_name: letta_backend
    restart: unless-stopped
    environment:
      DB_HOST: db
      DB_USER: ${DB_USER}
      DB_PASSWORD: ${DB_PASSWORD}
      DB_NAME: ${DB_NAME}
      DB_PORT: 5432
      JWT_SECRET: ${JWT_SECRET}
      APP_ENV: production
    depends_on:
      db:
        condition: service_healthy
    networks:
      - app-network

  frontend:
    build:
      context: ./frontend
      dockerfile: Dockerfile
    container_name: letta_frontend
    restart: unless-stopped
    depends_on:
      - backend
    networks:
      - app-network

  nginx:
    image: nginx:alpine
    container_name: letta_nginx
    restart: unless-stopped
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - /etc/letsencrypt:/etc/letsencrypt:ro
    depends_on:
      - frontend
      - backend
    networks:
      - app-network

volumes:
  postgres_data:

networks:
  app-network:
    driver: bridge

Buat file .env di server (jangan di-commit ke Git!):

DB_USER=letta_user
DB_PASSWORD=supersecretpassword123
DB_NAME=letta_school
JWT_SECRET=your-very-long-random-jwt-secret-here

Step 6: Nginx Reverse Proxy + SSL

sudo apt-get install -y certbot
sudo certbot certonly --standalone -d yourdomain.com -d www.yourdomain.com

events { worker_connections 1024; }

http {
    server {
        listen 80;
        server_name yourdomain.com www.yourdomain.com;
        return 301 https://$host$request_uri;
    }

    server {
        listen 443 ssl http2;
        server_name yourdomain.com www.yourdomain.com;

        ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-Content-Type-Options "nosniff";
        add_header Referrer-Policy "strict-origin-when-cross-origin";

        location / {
            proxy_pass http://frontend:80;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
        }

        location /api/ {
            proxy_pass http://backend:8080/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
    }
}

Step 7: GitHub Actions CI/CD Pipeline

Buat .github/workflows/deploy.yml. Setiap push ke main → security scan → deploy otomatis:

name: Deploy to AWS EC2

on:
  push:
    branches: [main]

jobs:
  deploy:
    name: Build & Deploy
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: GitLeaks — Secret Scanning
        uses: gitleaks/gitleaks-action@v2
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

      - name: Semgrep — SAST
        uses: semgrep/semgrep-action@v1
        with:
          config: "auto"

      - name: Trivy — Container Scan
        uses: aquasecurity/trivy-action@master
        with:
          scan-type: 'fs'
          scan-ref: './backend'
          severity: 'CRITICAL,HIGH'
          exit-code: '1'

      - name: Deploy via SSH
        uses: appleboy/ssh-action@v1
        with:
          host: ${{ secrets.EC2_HOST }}
          username: ubuntu
          key: ${{ secrets.EC2_SSH_KEY }}
          script: |
            cd /home/ubuntu/letta-school
            git pull origin main
            docker compose up --build -d
            docker image prune -f

Tambahkan secrets di GitHub → Settings → Secrets: EC2_HOST dan EC2_SSH_KEY.

Step 8: First Deployment

cd /home/ubuntu
git clone https://github.com/username/letta-school.git
cd letta-school

# Buat .env
nano .env

# Jalankan semua container
docker compose up --build -d

# Cek status
docker compose ps
docker compose logs -f backend

Tips Production

Auto-renew SSL: Setup cron job:

0 0 1 * * certbot renew --quiet && docker compose restart nginx

Database backup: Setup cronjob backup PostgreSQL ke S3 secara rutin.
Jangan commit .env: Tambahkan .env ke .gitignore.
Resource limit: Tambahkan memory dan CPU limits di docker-compose.yml.

Hasil Akhir

Workflow deployment kamu jadi: push ke main → GitHub Actions scan security → SSH ke EC2 → docker compose up --build -d → aplikasi live dalam 2-3 menit tanpa manual intervention. Ini persis workflow yang dipakai untuk deploy Letta School.

Tentang penulis

Maulana Nur Anfajm (Lananuranf) — mahasiswa Sistem Informasi Universitas Gunadarma semester 6. Fullstack developer spesialis React, Go Fiber, Docker, AWS, dan DevSecOps. Lihat portfolio lengkap →

DockerAWS EC2Go FiberReactGitHub ActionsCI/CDNginxSSLDevOpsTutorial

Ada pertanyaan atau feedback?

Hubungi gua langsung — happy to discuss!

Email Gua GitHub Lihat Portfolio