Skip to content

Instantly share code, notes, and snippets.

@samsulmaarif

samsulmaarif/notes-nusa.txt

Last active October 28, 2019 02:36
Show Gist options
  • Save samsulmaarif/d70089949123b567ba2887d42ffe28e0 to your computer and use it in GitHub Desktop.
Save samsulmaarif/d70089949123b567ba2887d42ffe28e0 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
notes-nusa.txt
https://192.168.1.200:8006
user : root
password : smknusa
http://192.168.1.14:9001/notes.txt
wiki.samsul.web.id
#### Web Server
sed -i 's/ftp.debian.org/kartolo.sby.datautama.net.id/g' /etc/apt/sources.list
cat /etc/apt/sources.list
apt update
apt upgrade
https://wiki.samsul.web.id/linux/Lokakarya.BlankOn.Linux.Surabaya.2-9-2017#bInstalasiApache2
apt install apache2
systemctl status apache2
mkdir -p /var/www/html/sekolahku/
chown -Rfv www-data.www-data /var/www/html/sekolahku/
nano /var/www/html/sekolahku/index.html
```
<html>
<head>
<title>Belajar Membuat VirtualHost</title>
</head>
<body>
<h1>Belajar Membuat VirtualHost</h1>
<p>Paragraf pertama</p>
<p>paragraf kedua</p>
</body>
```
cd /etc/apache2/sites-available/
cp 000-default.conf sekolahku.conf
nano sekolahku.conf
```
<VirtualHost *:80>
ServerName samsulmaarif.sch.id
ServerAlias www.samsulmaarif.sch.id
ServerAdmin [email protected]
DocumentRoot /var/www/html/sekolahku/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
```
a2ensite sekolahku
service apache2 reload
systemctl reload apache2
systemctl status apache2
Windows :
- buka cmd dengan akses administrator
- buka notepad, cari file berikut :
C:\Windows\System32\drivers\etc\hosts
Linux :
/etc/hosts
```
192.168.1.205 samsulmaarif.sch.id
192.168.1.205 www.samsulmaarif.sch.id
```
### Database Server
cd
apt install mysql-server
mysql_secure_installation
password root : rahasia
mysql -u root -p
create database samsuldb;
grant all privileges on samsuldb.* to 'samsul'@'localhost' identified by 'rahasia';
flush privileges;
\q
mysql -u samsul -p
show databases;
use samsuldb;
CREATE TABLE Siswa (
id int,
namadepan varchar(255),
namabelakang varchar(255),
alamat varchar(255),
kota varchar(255)
);
show tables;
describe Siswa;
\q
### DNS Server
apt install bind9
cd /etc/bind
nano named.conf.local
```
zone "samsulmaarif.sch.id" {
type master;
file "/etc/bind/db.sekolahku";
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/etc/bind/db.192";
};
```
cp db.local db.sekolahku
cp db.127 db.192
ls
nano db.sekolahku
```
;
; BIND data file for local loopback interface
;
$TTL 604800
@ IN SOA samsulmaarif.sch.id. root.samsulmaarif.sch.id. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.samsulmaarif.sch.id.
@ IN A 192.168.1.205
@ IN MX 10 mail.samsulmaarif.sch.id.
ns IN A 192.168.1.205
www IN A 192.168.1.205
mail IN A 192.168.1.205
ftp IN A 192.168.1.205
```
nano db.192
```
;
; BIND reverse data file for local loopback interface
;
$TTL 604800
@ IN SOA samsulmaarif.sch.id. root.samsulmaarif.sch.id. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns.samsulmaarif.sch.id.
205 IN PTR ns.samsulmaarif.sch.id.
205 IN PTR www.samsulmaarif.sch.id.
205 IN PTR mail.samsulmaarif.sch.id.
205 IN PTR ftp.samsulmaarif.sch.id.
```
nano named.conf.options
```
options {
directory "/var/cache/bind";
forwarders {
8.8.8.8;
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { any; };
};
```
systemctl restart bind9
apt install dnsutils
nano /etc/resolv.conf
```
nameserver 192.168.1.205
```
nslookup samsulmaarif.sch.id
nslookup 192.168.1.205
#### HAProxy
apt install haproxy
nano /etc/default/haproxy
```
# Defaults file for HAProxy
#
# This is sourced by both, the initscript and the systemd unit file, so do not
# treat it as a shell script fragment.
ENABLED=1
# Change the config file location if needed
CONFIG="/etc/haproxy/haproxy.cfg"
# Add extra flags here, see haproxy(1) for a few options
#EXTRAOPTS="-de -m 16"
```
systemctl status haproxy
cd /etc/haproxy
cp haproxy.cfg haproxy.cfg.orig
nano haproxy.cfg
```
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL). This list is from:
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
# An alternative list with additional directives can be obtained from
# https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=haproxy
ssl-default-bind-ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-bind-options no-sslv3
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend www
bind 192.168.1.11:80
default_backend lks-backend
backend lks-backend
balance roundrobin
mode http
stats enable
stats uri /haproxy?status
server srv1 10.1.1.21:80 check
server srv2 10.1.1.31:80 check
```
nano /etc/rsyslog.conf
```
$ModLoad imudp
$UDPServerRun 514
$UDPServerAddress 127.0.0.1
```
systemctl restart rsyslog
systemctl status rsyslog
systemctl restart haproxy
systemctl status rsyslog
### eksekusi di srv1 & srv2
apt update
apt install apache2
### eksekusi di srv1
echo "Server 1" > /var/www/html/index.html
### eksekusi di srv2
echo "Server 2" > /var/www/html/index.html
#### Install FreeRADIUS on Debian 9
apt install php libapache2-mod-php php-mysql php-common php-gd php-mbstring php-curl php-xml
nano /etc/apache2/mods-available/dir.conf
```
<IfModule mod_dir.c>
DirectoryIndex index.php index.html index.cgi index.pl index.php index.$
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
```
systemctl restart apache2
apt install -y freeradius freeradius-utils freeradius-mysql
systemctl enable freeradius
systemctl stop freeradius
freeradius -X
mysql -u root -p
create database radius;
grant all privileges on radius.* to radius@localhost identified by 'rahasia';
flush privileges;
\q
mysql -u root -p radius < /etc/freeradius/3.0/mods-config/sql/main/mysql/schema.sql
ln -s /etc/freeradius/3.0/mods-available/sql /etc/freeradius/3.0/mods-enabled/
nano /etc/freeradius/3.0/mods-available/sql
```
driver = "rlm_sql_mysql"
dialect = "mysql"
server = "localhost"
port = 3306
login = "radius"
password = "rahasia"
radius_db = "radius"
```
...
# Set to 'yes' to read radius clients from the database ('nas' table)
# Clients will ONLY be read on server startup.
read_clients = yes
...
chown -h freerad.freerad /etc/freeradius/3.0/mods-enabled/sql
systemctl restart freeradius
### Install Daloradius
apt install php-pear
pear install DB
wget https://github.com/lirantal/daloradius/archive/master.zip
apt install unzip
unzip master.zip
mv daloradius-master daloradius
cd daloradius
mysql -u root -p radius < contrib/db/fr2-mysql-daloradius-and-freeradius.sql
mysql -u root -p radius < contrib/db/mysql-daloradius.sql
cd ..
mv daloradius /var/www/html/
chown -R www-data:www-data /var/www/html/daloradius/
chmod 664 /var/www/html/daloradius/library/daloradius.conf.php
cd /var/www/html/daloradius
nano library/daloradius.conf.php
```
$configValues['CONFIG_DB_HOST'] = 'localhost';
$configValues['CONFIG_DB_PORT'] = '3306';
$configValues['CONFIG_DB_USER'] = 'radius';
$configValues['CONFIG_DB_PASS'] = 'rahasia';
$configValues['CONFIG_DB_NAME'] = 'radius';
```
systemctl restart freeradius.service apache2
http://ip-address/daloradius/login.php
default login :
Username: administrator
Password: radius
### Mail Server
apt -y install postfix sasl2-bin
cp /usr/share/postfix/main.cf.dist /etc/postfix/main.cf
nano /etc/postfix/main.cf
```
mail_owner = postfix
myhostname = mail.domainku.oke
mydomain = domainku.oke
myorigin = $mydomain
inet_interfaces = all
mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
local_recipient_maps = unix:passwd.byname $alias_maps
mynetworks_style = subnet
mynetworks = 127.0.0.0/8, 10.0.0.0/24
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
home_mailbox = Maildir/
#smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
smtpd_banner = $myhostname ESMTP
sendmail_path = /usr/sbin/postfix
newaliases_path = /usr/bin/newaliases
mailq_path = /usr/bin/mailq
setgid_group = postdrop
#html_directory =
#manpage_directory =
#sample_directory =
#readme_directory =
# add to the end: limit an email size 10M
message_size_limit = 10485760
# limit mailbox 1G
mailbox_size_limit = 1073741824
# SMTP-Auth settings
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
smtpd_recipient_restrictions = permit_mynetworks, permit_auth_destination, permit_sasl_authenticated, reject
```
newaliases
systemctl restart postfix
### Install Dovecot
apt -y install dovecot-core dovecot-pop3d dovecot-imapd
nano /etc/dovecot/dovecot.conf
```
listen = *, ::
```
nano /etc/dovecot/conf.d/10-auth.conf
```
disable_plaintext_auth = no
auth_mechanisms = plain login
```
nano /etc/dovecot/conf.d/10-mail.conf
```
mail_location = maildir:~/Maildir
```
nano /etc/dovecot/conf.d/10-master.conf
```
unix_listener /var/spool/postfix/private/auth {
mode = 0666
user = postfix
group = postfix
}
```
systemctl restart dovecot
### Add Mail Account
apt -y install mailutils
echo 'export MAIL=$HOME/Maildir' >> /etc/profile
adduser user1
su - user1
user1@mail:~$ mail user1@localhost
# specify [CC] (if not need, simply Enter)
Cc:
# input subject
Subject: Test Mail#1
# input messages
This is the first mail.
# to finish messages, push [Ctrl+D]
# see received emails
user1@mail:~$ mail
"/home/debian/Maildir": 2 messages 2 unread
>U 1 Server World 20/723 Test Mail #5
U 2 debian 20/674 Test Mail#1
# input the number you'd like to see an email
? 2
Return-Path: <[email protected]>
X-Original-To: debian@localhost
Delivered-To: debian@localhost
Received: from mail.domainku.oke (localhost [127.0.0.1])
by mail.domainku.oke (Postfix) with ESMTP id EA44515F32C
for <debian@localhost>; Thu, 29 Jun 2017 19:26:23 +0900 (JST)
Received: by mail.domainku.oke (Postfix, from userid 1001)
id C5D5915F385; Thu, 29 Jun 2017 19:26:23 +0900 (JST)
To: <debian@localhost>
Subject: Test Mail#1
X-Mailer: mail (GNU Mailutils 3.1.1)
Message-Id: <[email protected]>
Date: Thu, 29 Jun 2017 19:26:23 +0900 (JST)
From: [email protected] (debian)
# to quit, input [q]
? q
Saved 1 message in /home/debian/mbox
Held 1 message in /home/debian/Maildir
### LDAP Server
apt -y install slapd ldap-utils
slapcat
(perhatikan hasil outputnya)
nano base.ldif
```
# create new (menyesuaikan hasil output slapcat)
# change to your own suffix for the field [dc=samsul,dc=oke]
dn: ou=people,dc=samsul,dc=oke
objectClass: organizationalUnit
ou: people
dn: ou=groups,dc=samsul,dc=oke
objectClass: organizationalUnit
ou: groups
```
ldapadd -x -D cn=admin,dc=samsul,dc=oke -W -f base.ldif
### Add LDAP User Account
slappasswd
password : rahasia
nano ldapuser.ldif
```
dn: uid=stretch,ou=people,dc=samsul,dc=oke
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
cn: stretch
sn: debian
userPassword: {SSHA}xxxxxxxxxxxxxxxx (hasil generate slappasswd)
loginShell: /bin/bash
uidNumber: 2000
gidNumber: 2000
homeDirectory: /home/stretch
dn: cn=stretch,ou=groups,dc=srv,dc=world
objectClass: posixGroup
cn: stretch
gidNumber: 2000
memberUid: stretch
```
ldapadd -x -D cn=admin,dc=samsul,dc=oke -W -f ldapuser.ldif
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment