RHEL

Daftar Isi
Daftar Isi..............................................................................................................................................1
Registration........................................................................................................................................ 3
Lab 1 : Register account......................................................................................................... 4

Lab 2 : Subscription Evaluation............................................................................................. 7
Network Setting..............................................................................................................................14
Lab 1 : Setting IP Address.................................................................................................... 18
Subscription..................................................................................................................................... 21
Lab 1 : Registering Subscription......................................................................................... 22

Lab 2 : Manage Repository.................................................................................................. 25
Lab 3 : Remove Subscription...............................................................................................28
Yum................................................................................................................................................... 30
Lab 1 : Checking Update System........................................................................................31

Lab 2 : Update System..........................................................................................................33
Lab 3 : Update System Off-line............................................................................................40
Lab 4 : Management Paket.................................................................................................. 42
Apache (httpd).................................................................................................................................46
Lab 1 : Install Apache (httpd)............................................................................................... 47

Lab 2 : Konfigurasi Apache.................................................................................................. 50
Lab 3 : Membuat Sample Website......................................................................................60
Lab 4 : SSL Website.............................................................................................................. 61
Lab 5 : Web Basic Authentication....................................................................................... 70
Lab 6 : Userdir........................................................................................................................ 72
Lab 7 : Virtual Hosting........................................................................................................... 75
Nginx................................................................................................................................................ 77
Lab 1 : Install paket Nginx.................................................................................................... 78

Lab 2 : SSL Nginx.................................................................................................................. 82
Lab 3 : Usedir Nginx.............................................................................................................. 86
Lab 4 : Basic Web Authentication Nginx............................................................................ 89
Lab 5 : NginX Load Balancer............................................................................................... 92
DNS (Domain Name Server) Server............................................................................................95
Lab 1 : Install BIND................................................................................................................ 96

Lab 2 : Konfigurasi BIND...................................................................................................... 99
vSchool.id 1
Lab 3 : BIND Forwarder......................................................................................................103
Lab 4 : BIND CNAME (Canonical Name)........................................................................107
Lab 5 : Slave DNS Server.................................................................................................. 109
MariaDB.......................................................................................................................................... 116
Lab 1 : Install MariaDB........................................................................................................117

Lab 2 : Install phpMyAdmin................................................................................................123
Lab 3 : Database Replication.............................................................................................130
Lab 4 : MariaDB Galera Cluster........................................................................................ 137
SAMBA........................................................................................................................................... 144
Lab 1 : Install Samba.......................................................................................................... 145

Lab 2 : Full Access Shared Folder....................................................................................147
Lab 3 : Limited Access Shared Folder............................................................................. 151
Lab 4 : Block File di Samba............................................................................................... 154
PROXY............................................................................................................................................155
Lab 1 : Install Paket Squid..................................................................................................156

Lab 2: Konfigurasi Squid.................................................................................................... 158
Lab 3: Transparent Proxy................................................................................................... 164
Lab 4: Proxy Basic Authentication.................................................................................... 167
Lab 5: Squid Web Filter...................................................................................................... 169
Zimbra Mail Server....................................................................................................................... 181
Lab 1 : Install Zimbra...........................................................................................................182

Lab 2 : Configure and Manage Zimbra............................................................................ 194
Storage.......................................................................................................................................... 175
Lab 1 : Konfigurasi Raid 1..................................................................................................176
vSchool.id 2
Registration
vSchool.id 3
Lab 1 : Register account
● Register account Red Hat
Agar sistem operasi Red Hat dapat berfungsi kita harus punya sebuah
suscription. Untuk mendapatkan subscription tersebut kita harus memebelinya
ke Red Hat authorized partner, namun demikian tersedia juga subscription
berupa evaluation (trial) selama 30 hari. Untuk mendapatkannya kita harus
membuat account di official Red Hat (http://www.redhat.com).
Berikut beberapa langkah untuk melakukan pembuatan account di website
Red Hat.
Buka website official Red Hat di http://www.redhat.com, klik icon user
kemudian klik Register.
Isi form sesuai data diri, sebagai catatan untuk mendapatkan subscription
evaluation kita harus menggunakan email bisnis bukan email pribadi seperti
(gmail, yahoo, dll).
vSchool.id 4
vSchool.id 5
vSchool.id 6
Lab 2 : Subscription Evaluation
● Request subscription evaluation
Red hat menyediakan free trial subscription selama 30 hari, setelah

mempunyai account untuk mendapatkannya ikuti langkah-langkah berikut :
Buka website redhat dan login, kemudian klik ke menu Products &
Services > Red Hat Enterprise Linux.
Klik Request An Evaluation.
vSchool.id 7
Klik Continue di Red Hat Enterprise Linux.
vSchool.id 8
Yang terakhir klik Agree And Started.
vSchool.id 9
Installation
vSchool.id 10
Lab 1 : Install Red Hat
● Melakukan instalasi Red Hat
Berikut beberapa langkah deployment sistem Linux Red Hat. Download

terlebih dahulu file ISO di wesbite office Red Hat (http://www.redhat.com).
Bila install pada server fisik burning file ISO tersebut ke sebuah DVD. Atau
gunakan langsung file ISO bila install diatas Virtual Machine (VM)
vSchool.id 11
Pilih bahasa selama proses instalasi. Default English (US).
Pilih menu Software Selection untuk menentukan paket instalasi, ada

beberapa opsi antara lain :
● Minimal install ● Basic web server
● Infrastruktur server ● Virtualization host
● File and print server ● Server with GUI
vSchool.id 12
Pilih paket instalasi, default Minimal install, bila ingin tampilan server dengan
GUI pilih paket Server with GUI.
Selanjutnya konfigurasi partisi, bila ingin mengikuti pengaturan default

gunakan automatically configure partitioning. Namun bila kita custom
partisi gunakan I will configure partitioning.
vSchool.id 13
Selanjutnya wajib kita masukkan password untuk root.
Selanjutnya menambahkan satu user, bila user tersebut sebagai administrator

beri centang di Make this administrator.
vSchool.id 14
Tunggu proses instalasinya sampai selesai.
Setelah selesai, masuk menu License Agreement dan beri centang pada I
accept the license agreement.
vSchool.id 15
Selanjutnya klik Finish configuration.
vSchool.id 16
Network Setting
vSchool.id 17
Lab 1 : Setting IP Address
Tujuan :
● Konfigurasi IP static pada server
● Konfigurasi IP dynamic pada server
Mulai dari rilis 7 Red Hat menggunakan penamaan “predictable network

interface” yang lebih stable sebagai nama NIC (network interface card),
Ethernet maupun Wireless LAN menggantikan penamaan traditional
(unpredictable) sebelumnya (eth0, eth1, wlan0, dll).
Berikut contoh penamaan interface pada Red Hat 7.
Penamaan tersebut memiliki 2 karakter awal yang menunjukkan jenis interface,

yaitu :
● en, untuk Ethernet (LAN)
● wl, untuk wireless LAN
● ww, untuk wireless wide area network
Kemudian beberapa attribute-nya, antara lain :
● p, untuk nomor periperal
● s, untuk nomor slot
vSchool.id 18
Berikut konfigurasi IP dengan mengedit file konfigurasi
/etc/sysconfig/network-script/ifcfg-*.
[vschool@localhost ~]$ vim /etc/sysconfig/network-scripts/ifcfg-enp0s3
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
NAME=enp0s3
IPADDR=172.20.10.10
NETMASK=255.255.255.0
GATEWAY=172.20.10.1
DNS1=8.8.8.8
UUID=25ce1a79-3872-44f4-9faf-bfe68d269058
DEVICE=enp0s3
ONBOOT=yes
Bila konfigurasi IP menggunakan DHCP tulis script sebagai berikut.
TYPE=Ethernet
BOOTPROTO=dhcp
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
NAME=enp0s3
UUID=25ce1a79-3872-44f4-9faf-bfe68d269058
DEVICE=enp0s3
ONBOOT=yes
vSchool.id 19
Restart service network agar konfigurasi IP tereksekusi.
[vschool@localhost ~]$ systemctl restart network
vSchool.id 20
Subscription
vSchool.id 21
Lab 1 : Registering Subscription
Tujuan :
● Register subscription
Subscription merupakan mekanisme dari Red Hat untuk mengatur inventori

software dan update sistem. Pada Red Hat Enterprise Linux 7 cara untuk
mengatur subscription adalah menggunakan sebuah tool bernama Red Hat
Subscription Manager. Menggunakan tool ini kita harus menjalankan sebagai
root.
Gunakan perintah berikut untuk melakukan register sistem.
[root@master ~]# subscription-manager register

Registering to: subscription.rhn.redhat.com:443/subscription
Username: a.musajid
Password:
The system has been registered with ID:
38fcc2dd-dd11-4c8a-b4b8-90f707b73eec
Untuk menampilkan subscription yang tersedia pada sistem kita gunakan

perintah berikut.
[root@master ~]# subscription-manager list --available
Subscription Name: 30 Day Red Hat Enterprise Linux Server Self-Supported

Evaluation
Provides: Red Hat Container Images Beta
Red Hat Beta
Oracle Java (for RHEL Server)
Red Hat Enterprise Linux Atomic Host Beta
Red Hat Container Images
Red Hat Enterprise Linux Server
Red Hat Enterprise Linux Atomic Host
SKU: RH00065
Contract: 10914791
Pool ID: 8a85f98153b99a5b0153bb3a40db724f
Provides Management: No
Available: 1
Suggested: 1
Service Level: Self-Support
Service Type: L1-L3
vSchool.id 22
Subscription Type: Instance Based
Ends: 04/25/2016
System Type: Physical
Untuk menggunakan subscription yang tersedia adalah dengan memasukan

pool ID-nya.
[root@master ~]# subscription-manager attach --pool=[pool_ id]
Contoh :
[root@master ~]# subscription-manager attach --pool=8a85f98153b99a5b0

153bb3a40db724f
Successfully attached a subscription for: 30 Day Red Hat Enterprise Linux
Server Self-Supported Evaluation
Bila ingin attach subscription secara otomatis gunakan perintah berikut.
[root@master ~]# subscription-manager attach --auto
Untuk verifikasi subscription yang digunakan adalah sebagai berikut.
[root@master ~]# subscription-manager list --consumed

+-------------------------------------------+
Consumed Subscriptions
+-------------------------------------------+
Evaluation
Provides: Oracle Java (for RHEL Server)
Red Hat Container Images Beta
Red Hat Beta
SKU: RH00065
Contract: 10914791
Account: 5659699
Serial: 93496520529050803
Active: True
Quantity Used: 1
vSchool.id 23
Service Type: L1-L3
Status Details: Subscription is current
Starts: 03/27/2016
Ends: 04/25/2016
vSchool.id 24
Lab 2 : Manage Repository
Tujuan :
● Mengatur repository
Ketika sistem sudah ter-subscribe kemudian kita bisa mengatur repository

pada direktori /etc/yum.repos.d/. Untuk verifikasi repository yang aktif
gunakan perintah yum.
[vschool@master ~]$ sudo yum repolist

Loaded plugins: langpacks, product-id, search-disabled-repos,
: subscription-manager
repo id repo name status
!epel/x86_64 Extra Packages for Enterprise Linux 7
9.743
!mariadb MariaDB
14
!rhel-7-server-rpms/7Server/x86_64 Red Hat Enterprise Linux 7 Server (RPM
10.572
repolist: 20.329
Untuk melihat semua daftar repositori yang tersedia pada sistem subscription
Red Hat adalah sebagai berikut.
[root@master ~]# subscription-manager repos --list

+----------------------------------------------------------+
Available Repositories in /etc/yum.repos.d/redhat.repo
+----------------------------------------------------------+
Repo ID: rhel-7-server-optional-debug-rpms
Repo Name: Red Hat Enterprise Linux 7 Server - Optional (Debug RPMs)
Repo URL:
https://cdn.redhat.com/content/dist/rhel/server/7/$releasever/$basear
ch/optional/debug
Enabled: 0
Repo ID: rhel-7-server-rhn-tools-beta-debug-rpms

Repo Name: RHN Tools for Red Hat Enterprise Linux 7 Server Beta (Debug
RPMs)
Repo URL:
https://cdn.redhat.com/content/beta/rhel/server/7/$basearch/rhn-tools
/debug
Enabled: 0
vSchool.id 25
Repo ID: rhel-7-server-v2vwin-1-debug-rpms
Repo Name: Red Hat Virt V2V Tool for RHEL 7 (Debug RPMs)
Repo URL:
ch/v2vwin/debug
Enabled: 0
Repo ID: rhel-7-server-rhn-tools-debug-rpms

Repo Name: RHN Tools for Red Hat Enterprise Linux 7 Server (Debug RPMs)
Repo URL:
ch/rhn-tools/debug
Enabled: 0
Repo ID: rhel-7-server-supplementary-beta-source-rpms

Repo Name: Red Hat Enterprise Linux 7 Server - Supplementary Beta (Source
RPMs)
Repo URL:
https://cdn.redhat.com/content/beta/rhel/server/7/$basearch/supplemen
tary/source/SRPMS
Enabled: 0
Repo ID: rhel-7-server-beta-source-rpms

Repo Name: Red Hat Enterprise Linux 7 Server Beta (Source RPMs)
Repo URL:
https://cdn.redhat.com/content/beta/rhel/server/7/$basearch/source/SR
PMS
Enabled: 0
Repo ID: rhel-7-server-extras-source-rpms

Repo Name: Red Hat Enterprise Linux 7 Server - Extras (Source RPMs)
Repo URL:
https://cdn.redhat.com/content/dist/rhel/server/7/7Server/$basearch/e
xtras/source/SRPMS
Enabled: 0
Repo ID: rh-gluster-3-client-for-rhel-7-server-rpms

Repo Name: Red Hat Storage Native Client for RHEL 7 (RPMs)
Repo URL:
ch/rhs-client/os
Enabled: 0
vSchool.id 26
Repo ID: rhel-7-server-rpms
Repo Name: Red Hat Enterprise Linux 7 Server (RPMs)
Repo URL:
ch/os
Enabled: 1
Dari semua list repositori ada yang aktif dengan nilai Enabled = 1 dan disable
dengan nilai Enabled = 0. Untuk mengaktifkan repositori gunakan perintah
berikut.
[root@master ~]# subscription-manager repos --enable [repo_ID]
Contoh :
[root@master ~]# subscription-manager repos --enable rhel-7-server-

optional-source-rpms
Repository 'rhel-7-server-optional-source-rpms' is enabled for this
system.
Untuk menon-aktifkan repositori menggunakan perintah berikut.
[root@master ~]# subscription-manager repos --disable [repo_ID]
vSchool.id 27
Lab 3 : Remove Subscription
Tujuan :
● Menghapus subscription
Untuk menghapus subscription gunakan langkah-langkah sebagai berikut.

Cari seial number dari subscription yang dipakai, gunakan perintah
subscription-manager.
[root@master ~]# subscription-manager list --consumed

+-------------------------------------------+
Consumed Subscriptions
+-------------------------------------------+
Evaluation
Provides: Oracle Java (for RHEL Server)
Red Hat Container Images Beta
Red Hat Beta
SKU: RH00065
Contract: 10914791
Account: 5659699
Serial: 93496520529050803
Active: True
Quantity Used: 1
Service Type: L1-L3
Status Details: Subscription is current
Starts: 03/27/2016
Ends: 04/25/2016
vSchool.id 28
Bila sudah mengetahui serial number dari subscription yang digunakan hapus
dengan perintah berikut.
[root@master ~]# subscription-manager remove --serial=[serial_number]
Atau bila kita ingin menghapus semua subscription gunakan perintah :
[root@master ~]# subscription-manager remove --all
vSchool.id 29
Yum
vSchool.id 30
Lab 1 : Checking Update System
Tujuan :
● Melakuka update sistem Linux
RPM (Red Hat Package Manager) merupakan tools yang berfungsi untuk
memperoleh informasi mengenai ketersediaan paket dari repositori, install dan
uninstall serta update sistem,
Untuk melihat paket apabila sudah tersedia update gunakan perintah dibawah
ini.
[vschool@master ~]$ sudo yum check-update

[sudo] password for vschool:
epel/x86_64/metalink | 4.9 kB 00:00
epel | 4.3 kB 00:00
mariadb | 2.9 kB 00:00
rhel-7-server-optional-rpms | 3.5 kB 00:00
rhel-7-server-optional-source-rpms | 3.8 kB 00:00
rhel-7-server-rpms | 3.7 kB 00:00
(1/7): epel/x86_64/updateinfo | 525 kB 00:01
(2/7): rhel-7-server-optional-source-rpms/7Server/x86_64/g | 104 B
00:03
(3/7): rhel-7-server-optional-source-rpms/7Server/x86_64/u | 153 kB
00:04
(4/7): epel/x86_64/primary_db | 4.0 MB 00:10
(5/7): rhel-7-server-optional-source-rpms/7Server/x86_64/p | 797 kB
00:06
(6/7): rhel-7-server-optional-rpms/7Server/x86_64/primary_ | 3.1 MB
00:12
(7/7): rhel-7-server-rpms/7Server/x86_64/primary_db | 20 MB 01:03
(1/2): rhel-7-server-optional-rpms/7Server/x86_64/updatein | 852 kB
00:04
(2/2): rhel-7-server-rpms/7Server/x86_64/updateinfo | 1.1 MB 00:05
libldb.x86_64 1.1.25-1.el7_2 rhel-7-server-rpms

libsmbclient.x86_64 4.2.10-6.el7_2 rhel-7-server-rpms
libtalloc.x86_64 2.1.5-1.el7_2 rhel-7-server-rpms
libtdb.x86_64 1.3.8-1.el7_2 rhel-7-server-rpms
libtevent.x86_64 0.9.26-1.el7_2 rhel-7-server-rpms
libwbclient.x86_64 4.2.10-6.el7_2 rhel-7-server-rpms
vSchool.id 31
pytalloc.x86_64 2.1.5-1.el7_2 rhel-7-server-rpms
samba-client-libs.x86_64 4.2.10-6.el7_2 rhel-7-server-rpms
samba-common.noarch 4.2.10-6.el7_2 rhel-7-server-rpms
samba-common-libs.x86_64 4.2.10-6.el7_2 rhel-7-server-rpms
samba-common-tools.x86_64 4.2.10-6.el7_2 rhel-7-server-rpms
samba-libs.x86_64 4.2.10-6.el7_2 rhel-7-server-rpms
Informasi diatas menunjukkan paket-paket yang sudah tersedia update dan

siap untuk lakukan eksekusi update. Seperti contoh paket samba-libs berikut
beberapa keterangannya :
● Samba-libs - nama paket.
● X86_64 - Arsitektur prosesor.
● 4.2.10 - versi update yang akan diinstall.
● rhel-7-server-rpms - Sumber repositori.
vSchool.id 32
Lab 2 : Update System
Tujuan :
● Update Sistem Linux
Kita dapat melakukan update pada semua paket yang sudah tersedia atau
bisa juga update per-single paket. Dan jika terdapat dependensi dari satu
paket maka akan ikut ter-update juga.
Untuk melakukan update pada satu paket gunakan perintah berikut.
[vschool@master ~]$ sudo yum update samba-libs

Resolving Dependencies
--> Running transaction check
---> Package samba-libs.x86_64 0:4.2.3-12.el7_2 will be updated
--> Processing Dependency: samba-libs = 4.2.3-12.el7_2 for package:
samba-common-tools-4.2.3-12.el7_2.x86_64
---> Package samba-libs.x86_64 0:4.2.10-6.el7_2 will be an update
--> Processing Dependency: samba-client-libs = 4.2.10-6.el7_2 for package:
samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: libwbclient = 4.2.10-6.el7_2 for package:
samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: libutil-tdb-samba4.so(SAMBA_4.2.10)(64bit)
for package: samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: libutil-setid-samba4.so(SAMBA_4.2.10)(64bit)
--> Processing Dependency: libtdb-wrap-samba4.so(SAMBA_4.2.10)(64bit)
--> Processing Dependency:
libsocket-blocking-samba4.so(SAMBA_4.2.10)(64bit) for package:
samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: libsmbd-base-samba4.so(SAMBA_4.2.10)(64bit)
libsmb-transport-samba4.so(SAMBA_4.2.10)(64bit) for package:
samba-libs-4.2.10-6.el7_2.x86_64
libserver-role-samba4.so(SAMBA_4.2.10)(64bit) for package:
vSchool.id 33
samba-libs-4.2.10-6.el7_2.x86_64
libsamdb-common-samba4.so(SAMBA_4.2.10)(64bit) for package:
samba-libs-4.2.10-6.el7_2.x86_64
libsamba3-util-samba4.so(SAMBA_4.2.10)(64bit) for package:
samba-libs-4.2.10-6.el7_2.x86_64
libsamba-sockets-samba4.so(SAMBA_4.2.10)(64bit) for package:
samba-libs-4.2.10-6.el7_2.x86_64
libsamba-security-samba4.so(SAMBA_4.2.10)(64bit) for package:
samba-libs-4.2.10-6.el7_2.x86_64
libsamba-modules-samba4.so(SAMBA_4.2.10)(64bit) for package:
samba-libs-4.2.10-6.el7_2.x86_64
libsamba-debug-samba4.so(SAMBA_4.2.10)(64bit) for package:
samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: libreplace-samba4.so(SAMBA_4.2.10)(64bit)
--> Processing Dependency: libndr-samba4.so(SAMBA_4.2.10)(64bit) for
package: samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: libndr-samba-samba4.so(SAMBA_4.2.10)(64bit)
--> Processing Dependency: libldbsamba-samba4.so(SAMBA_4.2.10)(64bit)
--> Processing Dependency: libevents-samba4.so(SAMBA_4.2.10)(64bit) for
--> Processing Dependency: liberrors-samba4.so(SAMBA_4.2.10)(64bit) for
libdcerpc-samba-samba4.so(SAMBA_4.2.10)(64bit) for package:
samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: libdbwrap-samba4.so(SAMBA_4.2.10)(64bit) for
--> Processing Dependency: libcliauth-samba4.so(SAMBA_4.2.10)(64bit)
--> Processing Dependency: libcli-ldap-samba4.so(SAMBA_4.2.10)(64bit)
libcli-ldap-common-samba4.so(SAMBA_4.2.10)(64bit) for package:
samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: libcli-cldap-samba4.so(SAMBA_4.2.10)(64bit)
vSchool.id 34
--> Processing Dependency: libauthkrb5-samba4.so(SAMBA_4.2.10)(64bit)
libauth-sam-reply-samba4.so(SAMBA_4.2.10)(64bit) for package:
samba-libs-4.2.10-6.el7_2.x86_64
---> Package libwbclient.x86_64 0:4.2.3-12.el7_2 will be updated
--> Processing Dependency: libwbclient = 4.2.3-12.el7_2 for package:
samba-common-libs-4.2.3-12.el7_2.x86_64
---> Package libwbclient.x86_64 0:4.2.10-6.el7_2 will be an update
---> Package samba-client-libs.x86_64 0:4.2.3-12.el7_2 will be updated
--> Processing Dependency: samba-client-libs = 4.2.3-12.el7_2 for package:
libsmbclient-4.2.3-12.el7_2.x86_64
libcli-smb-common-samba4.so(SAMBA_4.2.3)(64bit) for package:
libdcerpc-samba-samba4.so(SAMBA_4.2.3)(64bit) for package:
--> Processing Dependency: liberrors-samba4.so(SAMBA_4.2.3)(64bit) for
package: libsmbclient-4.2.3-12.el7_2.x86_64
--> Processing Dependency: libgse-samba4.so(SAMBA_4.2.3)(64bit) for
--> Processing Dependency: liblibcli-lsa3-samba4.so(SAMBA_4.2.3)(64bit)
for package: libsmbclient-4.2.3-12.el7_2.x86_64
--> Processing Dependency: liblibsmb-samba4.so(SAMBA_4.2.3)(64bit) for
--> Processing Dependency: libmsrpc3-samba4.so(SAMBA_4.2.3)(64bit) for
--> Processing Dependency: libreplace-samba4.so(SAMBA_4.2.3)(64bit) for
--> Processing Dependency: libsamba-debug-samba4.so(SAMBA_4.2.3)(64bit)
libsamba-security-samba4.so(SAMBA_4.2.3)(64bit) for package:
--> Processing Dependency: libsecrets3-samba4.so(SAMBA_4.2.3)(64bit)
--> Processing Dependency: libsmbregistry-samba4.so(SAMBA_4.2.3)(64bit)
libutil-cmdline-samba4.so(SAMBA_4.2.3)(64bit) for package:
vSchool.id 35
---> Package samba-client-libs.x86_64 0:4.2.10-6.el7_2 will be an update
--> Processing Dependency: samba-common = 4.2.10-6.el7_2 for package:
samba-client-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: samba-common = 4.2.10-6.el7_2 for package:
samba-client-libs-4.2.10-6.el7_2.x86_64
---> Package samba-common-tools.x86_64 0:4.2.3-12.el7_2 will be updated
---> Package samba-common-tools.x86_64 0:4.2.10-6.el7_2 will be an update
---> Package libsmbclient.x86_64 0:4.2.3-12.el7_2 will be updated
---> Package libsmbclient.x86_64 0:4.2.10-6.el7_2 will be an update
---> Package samba-common.noarch 0:4.2.3-12.el7_2 will be updated
---> Package samba-common.noarch 0:4.2.10-6.el7_2 will be an update
---> Package samba-common-libs.x86_64 0:4.2.3-12.el7_2 will be updated
---> Package samba-common-libs.x86_64 0:4.2.10-6.el7_2 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
=====================================================================
Package Arch Version Repository Size
=====================================================================
Updating:
samba-libs x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 260 k
Updating for dependencies:
Libsmbclient x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 119 k
libwbclient x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 96 k
samba-client-libs x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 4.3 M
samba-common noarch 4.2.10-6.el7_2 rhel-7-server-rpms 272 k
samba-common-libs x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 157 k
samba-common-tools x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 444 k
Transaction Summary
=====================================================================
Upgrade 1 Package (+6 Dependent packages)
Total download size: 5.6 M

Is this ok [y/d/N]: y
vSchool.id 36
Apabila kita akan melakukan update seluruh sistem linux gunakan perintah
berikut.
[vschool@master ~]$ sudo yum update

---> Package libldb.x86_64 0:1.1.20-1.el7_2.2 will be updated
---> Package libldb.x86_64 0:1.1.25-1.el7_2 will be an update
---> Package libtalloc.x86_64 0:2.1.2-1.el7 will be updated
---> Package libtalloc.x86_64 0:2.1.5-1.el7_2 will be an update
---> Package libtdb.x86_64 0:1.3.6-2.el7 will be updated
---> Package libtdb.x86_64 0:1.3.8-1.el7_2 will be an update
---> Package libtevent.x86_64 0:0.9.25-1.el7 will be updated
---> Package libtevent.x86_64 0:0.9.26-1.el7_2 will be an update
---> Package pytalloc.x86_64 0:2.1.2-1.el7 will be updated
---> Package pytalloc.x86_64 0:2.1.5-1.el7_2 will be an update
=====================================================================
=====================================================================
Updating:
libldb x86_64 1.1.25-1.el7_2 rhel-7-server-rpms 125 k
libtalloc x86_64 2.1.5-1.el7_2 rhel-7-server-rpms 34 k
vSchool.id 37
libtdb x86_64 1.3.8-1.el7_2 rhel-7-server-rpms 45 k
libtevent x86_64 0.9.26-1.el7_2 rhel-7-server-rpms 33 k
pytalloc x86_64 2.1.5-1.el7_2 rhel-7-server-rpms 14 k
Transaction Summary
=====================================================================
Upgrade 12 Packages

Apabila untuk melakukan update terkait dengan security paket gunakan

perintah berikut.
[vschool@master ~]$ sudo yum update --security

12 package(s) needed (+0 related) for security, out of 12 available
---> Package libldb.x86_64 0:1.1.20-1.el7_2.2 will be updated
---> Package libldb.x86_64 0:1.1.25-1.el7_2 will be an update
---> Package libtalloc.x86_64 0:2.1.2-1.el7 will be updated
---> Package libtalloc.x86_64 0:2.1.5-1.el7_2 will be an update
---> Package libtdb.x86_64 0:1.3.6-2.el7 will be updated
---> Package libtdb.x86_64 0:1.3.8-1.el7_2 will be an update
---> Package libtevent.x86_64 0:0.9.25-1.el7 will be updated
---> Package libtevent.x86_64 0:0.9.26-1.el7_2 will be an update
---> Package pytalloc.x86_64 0:2.1.2-1.el7 will be updated
---> Package pytalloc.x86_64 0:2.1.5-1.el7_2 will be an update
vSchool.id 38
=====================================================================
=====================================================================
Updating:
libldb x86_64 1.1.25-1.el7_2 rhel-7-server-rpms 125 k
libtalloc x86_64 2.1.5-1.el7_2 rhel-7-server-rpms 34 k
libtdb x86_64 1.3.8-1.el7_2 rhel-7-server-rpms 45 k
libtevent x86_64 0.9.26-1.el7_2 rhel-7-server-rpms 33 k
pytalloc x86_64 2.1.5-1.el7_2 rhel-7-server-rpms 14 k
Transaction Summary
=====================================================================
Upgrade 12 Packages

vSchool.id 39
Lab 3 : Update System Off-line
Tujuan :
● Melakukan update sistem ecara off-line
Secara umum menggunakan server Linux harus terkoneksi ke internet karena

terkait dengan install paket software dan update sistem. Namun apabila pada
kondisi server kita tidak terkoneksi maka untuk melakukan install maupun
update kita bisa menggunakan ISO image Red Hat Enterprise Linux.
Pertama, buat sebuah direktori sebagai tempat mounting file ISO redhat.
[vschool@master ~]$ sudo mkdir /media/rhel
Note : /media/rhel merupakan path dimana ISO image akan termounting
Mount ISO image ke direktori yang baru saja dibuat sebagai berikut.
[vschool@master ~]$ sudo mount -o loop /tmp/rhel-server-7.2-x86_64-dvd.

iso /media/rhel/
Note : /tmp/ merupakan direktori dimana file ISO berada, mungkin kita
meletakkan pada direktori yang lain. Kemudian opsi -o loop digunakan agar
file dimounting sebagai block device.
Setelah ter-mount kemudian kopi file media.repo dari direktori mount ke

direktori repositori /etc/yum.repos.d/offline.repo.
[vschool@master ~]$ sudo cp /media/rhel/media.repo /etc/yum.repos.d/

offline.repo
Edit file /etc/yum.repos.d/offline.repo kemudian tambahkan pada baris

terahir sebagai berikut.
vSchool.id 40
[vschool@master ~]$ sudo vim /etc/yum.repos.d/offline.repo
[InstallMedia]
name=Red Hat Enterprise Linux 7.2
mediaid=1446216863.790260
metadata_expire=-1
gpgcheck=0
cost=500
baseurl=file:///media/rhel/
Langkah terahir update repositori dengan perintah yum.
[vschool@master tmp]$ sudo yum update

InstallMedia | 4.1 kB 00:00
(1/2): InstallMedia/group_gz | 136 kB 00:00
(2/2): InstallMedia/primary_db | 3.6 MB 00:00
vSchool.id 41
Lab 4 : Management Paket
Tujuan :
● Mencari paket software
● Listing paket software
● Menampilkan informasi paket
● Install paket
● Download paket
● Remove paket
Kita bisa mencari semua paket RPM dengan perintah berikut.
[vschool@master ~]$ sudo yum search [term]
Contoh :
[vschool@master ~]$ sudo yum search mysql

==================== N/S matched: mysql =============================
MySQL-python.x86_64 : An interface to MySQL
MySQL-zrm.noarch : MySQL backup manager
akonadi-mysql.x86_64 : Akonadi MySQL backend support
apr-util-mysql.x86_64 : APR utility library MySQL DBD driver
collectd-mysql.x86_64 : MySQL plugin for collectd
dmlite-plugins-mysql.x86_64 : MySQL plugin for dmlite
dovecot-mysql.x86_64 : MySQL back end for dovecot
dpm-copy-server-mysql.x86_64 : DPM copy server with MySQL database
back-end
vSchool.id 42
Untuk melihat paket yang terinstall dan available pada sistem Linux kita
gunakan perintah berikut.
[vschool@master ~]$ sudo yum list all
Untuk melihat paket yang terinstall sesuai yang ingin kita cari gunakan
perintah seperti contoh berikut.
[vschool@master ~]$ sudo yum list samba*

Installed Packages
samba-client-libs.x86_64 4.2.3-12.el7_2 @rhel-7-server-rpms
samba-common.noarch 4.2.3-12.el7_2 @rhel-7-server-rpms
samba-common-libs.x86_64 4.2.3-12.el7_2 @rhel-7-server-rpms
samba-common-tools.x86_64 4.2.3-12.el7_2 @rhel-7-server-rpms
samba-libs.x86_64 4.2.3-12.el7_2 @rhel-7-server-rpms
Untuk melihat paket yang sudah terinstall saja.
[vschool@master ~]$ sudo yum list installed samba*
Untuk melihat paket yang available saja.
[vschool@master ~]$ sudo yum list available samba*
Untuk melihat informasi pake secara lengkap gunakan perintah berikut.
[vschool@master ~]$ sudo yum info [term]
Contoh :
[vschool@master ~]$ sudo yum info samba

Available Packages
Name : samba
Arch : x86_64
Version : 4.2.10
Release : 6.el7_2
Size : 614 k
Repo : rhel-7-server-rpms/7Server/x86_64
Summary : Server and Client software to interoperate with Windows
machines
vSchool.id 43
URL : http://www.samba.org/
License : GPLv3+ and LGPLv3+
Description : Samba is the standard Windows interoperability suite of
programs
: for Linux and Unix.
Untuk install paket software beserta semua dependensinya masukkan

perintah berikut.
[vschool@master ~]$ sudo yum install [paket]
Contoh :
[vschool@master ~]$ sudo yum install haproxy

---> Package haproxy.x86_64 0:1.5.14-3.el7 will be installed
=====================================================================
=====================================================================
Installing:
haproxy x86_64 1.5.14-3.el7 InstallMedia 833 k
Transaction Summary
=====================================================================
Install 1 Package
Total download size: 833 k

Installed size: 2.6 M
vSchool.id 44
Selanjutnya bila kita hanya akan download paket software tanpa
menginstallnya gunakan peritntah berikut.
[vschool@master ~]$ sudo yum install haproxy

---> Package haproxy.x86_64 0:1.5.14-3.el7 will be installed
=====================================================================
=====================================================================
Installing:
haproxy x86_64 1.5.14-3.el7 InstallMedia 833 k
Transaction Summary
=====================================================================
Install 1 Package
Total download size: 833 k

Is this ok [y/d/N]: d
vSchool.id 45
Apache (httpd)
vSchool.id 46
Lab 1 : Install Apache (httpd)
Tujuan :
● Melakukan instalasi web server menggunakan paket httpd.
Setelah selesai menginstall repository kemudian Install paket httpd seperti

berikut.
[vschool@localhost ~]$ sudo yum -y install httpd

Loaded plugins: fastestmirror, langpacks, priorities
Loading mirror speeds from cached hostfile
* base: buaya.klas.or.id
* extras: buaya.klas.or.id
* updates: buaya.klas.or.id
---> Package httpd.x86_64 0:2.4.6-40.el7.centos will be installed
--> Processing Dependency: httpd-tools = 2.4.6-40.el7.centos for package:
httpd-2.4.6-40.el7.centos.x86_64
--> Processing Dependency: /etc/mime.types for package:
--> Processing Dependency: libaprutil-1.so.0()(64bit) for package:
--> Processing Dependency: libapr-1.so.0()(64bit) for package:
---> Package apr.x86_64 0:1.4.8-3.el7 will be installed
---> Package apr-util.x86_64 0:1.5.2-6.el7 will be installed
---> Package httpd-tools.x86_64 0:2.4.6-40.el7.centos will be installed
---> Package mailcap.noarch 0:2.1.41-2.el7 will be installed
vSchool.id 47
=====================================================================
=====================================================================
Installing:
httpd x86_64 2.4.6-40.el7.centos base 2.7 M
Installing for dependencies:
apr x86_64 1.4.8-3.el7 base 103 k
apr-util x86_64 1.5.2-6.el7 base 92 k
httpd-tools x86_64 2.4.6-40.el7.centos base 82 k
mailcap noarch 2.1.41-2.el7 base 31 k
Transaction Summary
=====================================================================
Install 1 Package (+4 Dependent packages)

Installed size: 10 M
Downloading packages:
(1/5): mailcap-2.1.41-2.el7.noarch.rpm | 31 kB 00:01
(2/5): apr-1.4.8-3.el7.x86_64.rpm | 103 kB 00:02
(3/5): apr-util-1.5.2-6.el7.x86_64.rpm | 92 kB 00:02
(4/5): httpd-tools-2.4.6-40.el7.centos.x86_64.rpm | 82 kB 00:02
(5/5): httpd-2.4.6-40.el7.centos.x86_64.rpm | 2.7 MB 00:07
---------------------------------------------------------------------
Total 395 kB/s | 3.0 MB 00:07
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : apr-1.4.8-3.el7.x86_64 1/5
Installing : apr-util-1.5.2-6.el7.x86_64 2/5
Installing : httpd-tools-2.4.6-40.el7.centos.x86_64 3/5
Installing : mailcap-2.1.41-2.el7.noarch 4/5
Installing : httpd-2.4.6-40.el7.centos.x86_64 5/5
Verifying : httpd-2.4.6-40.el7.centos.x86_64 1/5
Verifying : apr-1.4.8-3.el7.x86_64 2/5
Verifying : mailcap-2.1.41-2.el7.noarch 3/5
Verifying : httpd-tools-2.4.6-40.el7.centos.x86_64 4/5
Verifying : apr-util-1.5.2-6.el7.x86_64 5/5
vSchool.id 48
Installed:
httpd.x86_64 0:2.4.6-40.el7.centos
Dependency Installed:
apr.x86_64 0:1.4.8-3.el7 apr-util.x86_64
0:1.5.2-6.el7
httpd-tools.x86_64 0:2.4.6-40.el7.centos mailcap.noarch
0:2.1.41-2.el7
Complete!
vSchool.id 49
Lab 2 : Konfigurasi Apache
Tujuan :
● Melakukan konfigurasi web server.
● Website dapat diakses dari client.
Untuk mengaktifkan web server lakukan edit konfigurasi di file

/etc/httpd/conf/httpd.conf
[vschool@localhost ~]$ sudo vim /etc/httpd/conf/httpd.conf

#
# This is the main Apache HTTP server configuration file. It contains
the
# configuration directives that give the server its instructions.
# See <URL:http://httpd.apache.org/docs/2.4/> for detailed information.
# In particular, see
# <URL:http://httpd.apache.org/docs/2.4/mod/directives.html>
# for a discussion of each configuration directive.
#
# Do NOT simply read the instructions in here without understanding
# what they do. They're here only as hints or reminders. If you are unsure
# consult the online docs. You have been warned.
#
# Configuration and logfile names: If the filenames you specify for many
# of the server's control files begin with "/" (or "drive:/" for Win32),
the
# server will use that explicit path. If the filenames do *not* begin
# with "/", the value of ServerRoot is prepended -- so 'log/access_log'
# with ServerRoot set to '/www' will be interpreted by the
# server as '/www/log/access_log', where as '/log/access_log' will be
vSchool.id 50
# interpreted as '/log/access_log'.
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used. If you wish to share
the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "/etc/httpd"
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80 Default port http adalah 80, kita bisa mengubah
ke port yang lainnya
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a
DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
Include conf.modules.d/*.conf
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
vSchool.id 51
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User apache
Group apache
# 'Main' server configuration

#
# The directives in this section set up the values used by the 'main'
# server, which responds to any requests that aren't handled by a
# <VirtualHost> definition. These values also provide defaults for
# any <VirtualHost> containers you may define later in the file.
#
# All of these directives may appear inside <VirtualHost> containers,
# in which case these default settings will be overridden for the
# virtual host being defined.
#
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin info@vschool.com
Diisi dengan alamat email dari admin web server
#
# ServerName gives the name and port that the server uses to identify
itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address
here.
#
ServerName www.vschool.com:80
Alamat domain web server
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
vSchool.id 52
AllowOverride none
Require all denied
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/html"
Direcotry utama untuk menampung
source code web
#
# Relax access to content within /var/www.
#
<Directory "/var/www">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
# Further relax access to the default document root:

<Directory "/var/www/html">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI
MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
vSchool.id 53
#
# AllowOverride controls what directives may be placed in .htaccess
files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html index.cgi index.php
</IfModule>
Set file index pada web yang
# dieksekusi oleh web server
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
Require all denied
</Files>
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "logs/error_log"
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
vSchool.id 54
LogLevel warn
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
#CustomLog "logs/access_log" common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
vSchool.id 55
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to
the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
#
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
#
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig /etc/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
vSchool.id 56
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the
#server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
# For type maps (negotiated resources):

#AddHandler type-map var
#
# Filters allow you to process content before it is sent to the client.
#
# To parse .shtml files for server-side includes (SSI):
# (You will also need to add "Includes" to the "Options" directive.)
#
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
#
# Specify a default charset for all content served; this enables
# interpretation of all content as UTF-8 by default. To use the
# default browser choice (ISO-8859-1), or to allow the META tags
# in HTML content to override this choice, comment out this
# directive:
#
AddDefaultCharset UTF-8
vSchool.id 57
<IfModule mime_magic_module>
#
# The mod_mime_magic module allows the server to use various hints
from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
MIMEMagicFile conf/magic
</IfModule>
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults if commented: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
EnableSendfile on
# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf
vSchool.id 58
Aktifkan service Apache menggunakan perintah berikut.
[vschool@localhost ~]$ sudo systemctl start httpd

[vschool@localhost ~]$ sudo systemctl enable httpd
ln -s '/usr/lib/systemd/system/httpd.service'
'/etc/systemd/system/multi-user.target.wants/httpd.service'
Karena secara default CentOS akan menolak semua jenis trafik yang masuk
kecuali ssh dan dhcp seperti informasi berikut ini.
[vschool@localhost ~]$ sudo firewall-cmd --get-default-zone

public
[vschool@localhost ~]$ sudo firewall-cmd --list-service --zone=public
dhcpv6-client ssh
Maka langkah berikutnya adalah kita harus menambahkan service http agar
masuk kedalam list service menggunakan perintah berikut.
[vschool@localhost ~]$ sudo firewall-cmd --add-service=http --permanent

success
[vschool@localhost ~]$ sudo firewall-cmd --reload
success
[vschool@localhost ~]$ sudo firewall-cmd --list-service
dhcpv6-client http ssh
Coba lakukan test akses web dari client.
vSchool.id 59
Lab 3 : Membuat Sample Website
Tujuan :
● Membuat sampel website
Membuat halaman HTML pada server kemudian akses web dari client.
[vschool@localhost ~]$ sudo vim /var/www/html/index.html
<html>
<title>vschool.com</title>
<body>
<div style="width: 100%; font-size :40px; text-align:
center">
HALAMAN TEST
</div>
</body>
</html>
Lakukan test akses dari client menggunakan browser ke IP 192.168.1.254.
vSchool.id 60
Lab 4 : SSL Website
Tujuan :
● Install dan konfigurasi certificate SSL.
● Konfigurasi SSL pada http.
Buat certificate sebagai berikut.
[vschool@localhost ~]$ cd /etc/pki/tls/certs/

[vschool@localhost certs]$ sudo make server.key
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > server.key
Generating RSA private key, 2048 bit long modulus
...+++
......................................................................
.........+++
e is 65537 (0x10001)
Masukkan password
Enter pass phrase:
Verifying - Enter pass phrase:
Hapus password dari private key.
[vschool@localhost certs]$ sudo openssl rsa -in server.key -out

server.key
Enter pass phrase for server.key:
writing RSA key Masukkan password
[vschool@localhost certs]$ sudo make server.csr

umask 77 ; \
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
vSchool.id 61
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ID
State or Province Name (full name) []:Jakarta
Locality Name (eg, city) [Default City]:Jakarta
Organization Name (eg, company) [Default Company Ltd]:vschool
Organizational Unit Name (eg, section) []:server
Common Name (eg, your name or your server's hostname) []:vschool.com
Email Address []:info@vschool.com
Please enter the following 'extra' attributes

to be sent with your certificate request
A challenge password []:
An optional company name []: Tekan ‘Enter’
Mengatur waktu valid dari certificate.
[vschool@localhost certs]$ sudo openssl x509 -in server.csr -out

server.crt -req -signkey server.key -days 3560
Signature ok
subject=/C=ID/ST=Jakarta/L=Jakarta/O=vschool/OU=server/CN=vschool.com
/emailAddress=info@vschool.com
Getting Private key
Konfigurasi SSL pada httpd. Install module ssl terlebih dahulu.
[vschool@localhost ~]$ sudo yum -y install mod_ssl
Melakukan konfigurasi ssl pada file /etc/httpd/conf.d/ssl.conf sebagai berikut.
[vschool@localhost ~]$ sudo vim /etc/httpd/conf.d/ssl.conf
#
# When we also provide SSL we have to listen to the
# the HTTPS port in addition.
#
Listen 443 https
##
## SSL Global Context
vSchool.id 62
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
# Pass Phrase Dialog:

# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
# Inter-Process Session Cache:

# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
SSLSessionCache shmcb:/run/httpd/sslcache(512000)
SSLSessionCacheTimeout 300
# Pseudo Random Number Generator (PRNG):

# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512
#
# Use "SSLCryptoDevice" to enable any supported hardware
# accelerators. Use "openssl engine -v" to list supported
# engine names. NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec
##
vSchool.id 63
## SSL Virtual Host Context
##
Sesuaikan document
<VirtualHost _default_:443>
root web server
# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html"
Rubah ke nama
ServerName www.vschool.com:443
server-nya
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
# SSL Engine Switch:

# Enable/Disable SSL for this virtual host.
SSLEngine on
# SSL Protocol support:

# List the enable protocol levels with which clients will be able to
# connect. Disable SSLv2 access by default:
SSLProtocol all -SSLv2
# SSL Cipher Suite:

# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
# Speed-optimized SSL Cipher configuration:

# If speed is your main concern (on busy HTTPS servers e.g.),
# you might want to force clients to specific, performance
# optimized ciphers. In this case, prepend those ciphers
# to the SSLCipherSuite list, and enable SSLHonorCipherOrder.
# Caveat: by giving precedence to RC4-SHA and AES128-SHA
# (as in the example below), most connections will no longer
# have perfect forward secrecy - if the server's key is
# compromised, captures of past or future traffic must be
# considered compromised, too.
#SSLCipherSuite RC4-SHA:AES128-SHA:HIGH:MEDIUM:!aNULL:!MD5
#SSLHonorCipherOrder on
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
vSchool.id 64
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/server.crt Lokasi file .crt yang sudah
dibuat sebelumnya
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/certs/server.key
Lokasi file .key yang sudah
# Server Certificate Chain: dibuat sebelumnya
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
# Certificate Authority (CA):

# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
# Client Authentication (Type):

# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
vSchool.id 65
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:

# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means
# that
# the standard Auth/DBMAuth methods can be used for access control.
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the
# user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT
# and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment
# variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when
# SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
vSchool.id 66
</Directory>
# SSL Protocol Adjustments:

# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait
# for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e.
# no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach
# where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e.
a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but
# in
# practice often causes hanging connections with brain-dead browsers.
# Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for
# this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0"
# and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-5]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# Per-Server Logging:
# The home of a custom SSL log file. Use this when you want a
# compact non-error SSL logfile on a virtual host basis.
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>
vSchool.id 67
Jangan lupa untuk membuka service https pada server agar dapat diakses
dari client, sebagai berikut.
[vschool@localhost ~]$ sudo firewall-cmd --add-service=https --permanent

success
success
dhcpv6-client http https ssh
Setelah itu coba kita akses dari client menggunakan browser dengan alamat
https://192.168.1.254.
Dari gambar diatas klik ‘Advanced’. Kemudian klik ‘Add exception’.
vSchool.id 68
Kemudian klik ‘Confirm Security Exception’.
Setelah itu akan tampil website menggunakan protocol https sebagai berikut.
vSchool.id 69
Lab 5 : Web Basic Authentication
Tujuan :
● Melakukan otentikasi website
Membuat file baru untuk konfigurasi otentikasi web pada directory

/etc/httpd/conf.d/auth.conf sebagai berikut.
[vschool@localhost ~]$ sudo vim /etc/httpd/conf.d/auth.conf
<Directory /var/www/html>
AuthType Basic
AuthName "Basic Authentication"
AuthUserFile /etc/httpd/conf/.htpasswd
require valid-user
</Directory>
Membuat user dan password untuk keperluan otentikasi.
[vschool@localhost ~]$ sudo htpasswd -c /etc/httpd/conf/.htpasswd budi

New password:
Re-type new password:
Adding password for user budi
Restart service Apache.
[vschool@localhost ~]$ sudo service httpd restart

Redirecting to /bin/systemctl restart httpd.service
Selanjutnya kita test menggunakan browser pada client ke alamat IP server

192.168.1.254.
vSchool.id 70
Dari gambar diatas ketika kita coba akses maka akan diminta user dan
password. Isikan dengan username budi dan password yang sudah dibuat
sebelumnya. Ketika otentikasi berhasil barulah akan muncul halaman web.
vSchool.id 71
Lab 6 : Userdir
Tujuan :
● Mengaktifkan usedir supaya user di Linux bisa membuat websitenya

sendiri-sendiri.
Edit file konfigurasi di directory /etc/httpd/conf.d/userdir.conf untuk

mengaktifkan userdir.
[vschool@localhost ~]$ sudo vim /etc/httpd/conf.d/userdir.conf
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
#UserDir disabled
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disabled" line above, and uncomment
# the following line instead:
#
UserDir public_html
</IfModule>
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
vSchool.id 72
<Directory "/home/*/public_html">
AllowOverride All
Options None
Require method GET POST OPTIONS
</Directory>
Pindah ke user root untuk membuat sebuah user baru, sebagai contoh user
budi.
[root@localhost ~]# adduser budi

[root@localhost ~]# passwd budi
Changing password for user budi.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
Login sebagai user Budi kemudian buat sebuah directory public_html,

directory ini sebagai tempat source code website milik Budi.
[budi@localhost ~]$ mkdir public_html

[budi@localhost ~]$ chmod 711 /home/budi/
[budi@localhost ~]$ chmod 755 /home/budi/public_html/
Buat source code simpel untuk website budi.
[budi@localhost ~]$ vim public_html/index.html
<html>
<title>Budi</title>
<body>
center">
HALAMAN TEST WEBSITE BUDI
</div>
</body>
</html>
Yang terakhir, restart service Apache.
[vschool@localhost ~]$ sudo service httpd restart

Redirecting to /bin/systemctl restart httpd.service
vSchool.id 73
Lakukan test dari client dengan mengakses ke alamat
192.168.1.254/~budi/ sebagai berikut.
vSchool.id 74
Lab 7 : Virtual Hosting
Tujuan :
● Membuat virtual hosting didalam satu server.
Buat sebuah file konfigurasi untuk virtual hosting pada directory

/etc/httpd/conf.d/vhost.conf
[vschool@localhost ~]$ sudo vim /etc/httpd/conf.d/vhost.conf
###### ORIGINAL SERVER #######

<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName www.vschool.com
</VirtualHost>
###### VIRTUAL DOMAIN ########
<VirtualHost *:80>
DocumentRoot /home/budi/public_html
ServerName www.budi.com
ServerAdmin webmaster@budi.com
ErrorLog logs/virtual.host-error_log
CustomLog logs/virtual.host-access_log combined
</VirtualHost>
Karena virtual hosting diatas menggunakan domain sendiri yaitu

www.budi.com maka kita harus buat domainya terlebih dahulu dan hal ini ada
kaitannya dengan materi DNS server pada materi selanjutnya.
vSchool.id 75
vSchool.id 76
Nginx
vSchool.id 77
Lab 1 : Install paket Nginx
Tujuan :
1. Melakukan instalasi paket Nginx.
2. Melakukan konfigurasi dasar Nginx.
3. Membuat simple web kemudian akses dari client.
Karena sebelumnya sudah install paket httpd maka hapus dulu menggunakan
perintah yum.
[vschool@localhost ~]$ sudo yum -y remove httpd
Buat file repository terlebih dahulu bisa diambil dari website official Nginx
sebelum melakukan instalasi paket Nginx. Buat file repo tersebut pada
direktori /etc/yum.repos.d/.
[vschool@master ~]$ sudo vim /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/rhel/7/$basearch/
gpgcheck=0
enabled=1
Kemudian barulah install peket Nginx.
[vschool@localhost ~]$ sudo yum -y install --enablerepo=nginx nginx
Setelah selesai install paket, edit file konfigurasi utama dari Nginx pada
directory /etc/nginx/nginx.conf.
[vschool@localhost ~]$ sudo vim /etc/nginx/nginx.conf
# For more information on configuration, see:

# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
vSchool.id 78
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local]
"$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d

# directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name www.vschool.com;
root /usr/share/nginx/html;
# Load configuration files for the default server block.

include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;

location = /40x.html {
}
vSchool.id 79
error_page 500 502 503 504 /50x.html;
}
}
}
Restart service Nginx dan jadikan aktifkan service secara permanent.
[vschool@localhost ~]$ sudo service nginx restart

Redirecting to /bin/systemctl restart nginx.service
[vschool@localhost ~]$ sudo systemctl enable nginx
Lakukan test dari client dengan mengakses ke IP server menggunakan

browser.
Directory utama untuk menampung source code web pada Nginx adalah di
/usr/share/nginx/html. Buatlah web simple pada directory tersebut.
[vschool@localhost ~]$ sudo vim /usr/share/nginx/html/index.html
vSchool.id 80
<html>
<title>vschool.com</title>
<body>
center">
HALAMAN TEST
</div>
</body>
</html>
Test lagi dari client.
vSchool.id 81
Lab 2 : SSL Nginx
Tujuan :
1. Membuat mode secure http (https) pada web server Nginx.
Sebelum konfigurasi pada Nginx buat certificate-nya terlebih dahulu. Buat

pada directory /etc/pki/tls/certs/. Pertama buat private key.
[vschool@localhost ~]$ cd /etc/pki/tls/certs/

[vschool@localhost certs]$ sudo make vschool.key
umask 77 ; \
/usr/bin/openssl genrsa -aes128 2048 > vschool.key
Generating RSA private key, 2048 bit long modulus
......................................................................
...........................+++
.............+++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
Hapus password dari private key.
[vschool@localhost certs]$ sudo openssl rsa -in vschool.key -out

vschool.key
Enter pass phrase for vschool.key:
writing RSA key
Selanjutnya menginputkan informasi yang terkait dengan certificate.
[vschool@localhost certs]$ sudo make vschool.csr

umask 77 ; \
/usr/bin/openssl req -utf8 -new -key vschool.key -out vschool.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
vSchool.id 82
Country Name (2 letter code) [XX]:ID
State or Province Name (full name) []:DKI Jakarta
Locality Name (eg, city) [Default City]:Jakarta Barat
Organization Name (eg, company) [Default Company Ltd]:vSchool
Organizational Unit Name (eg, section) []:Server
Common Name (eg, your name or your server's hostname) []:www.vschool.com
Email Address []:info@vschool.com
Please enter the following 'extra' attributes

to be sent with your certificate request
A challenge password []:
An optional company name []:
Berikutnya membuat file certificate beserta masa berlakunya, sebagai contoh

adalah 10 tahun.
[vschool@localhost certs]$ sudo openssl x509 -in vschool.csr -out

vschool.crt -req -signkey vschool.key -days 3650
Signature ok
subject=/C=ID/ST=DKI Jakarta/L=Jakarta
Barat/O=vSchool/OU=Server/CN=www.vschool.com/emailAddress=info@vschoo
l.com
Getting Private key
Langkah terakhir konfigurasi pada Nginx.
[vschool@localhost certs]$ sudo vim /etc/nginx/nginx.conf

user nginx;
pid /run/nginx.pid;
events {
}
http {
"$request" '
vSchool.id 83
sendfile on;
tcp_nopush on;
tcp_nodelay on;

# directory.
server {
listen 443 ssl;
ssl_certificate /etc/pki/tls/certs/vschool.crt;
ssl_certificate_key /etc/pki/tls/certs/vschool.key;
location / {
}

}
error_page 500 502 503 504 /50x.html;

}
}
}
vSchool.id 84
Jangan lupa restart service Nginx.
[vschool@localhost certs]$ sudo service nginx restart

Test dari client akses dengan alamat https://192.168.1.254
vSchool.id 85
Lab 3 : Usedir Nginx
Tujuan :
● Mengaktifkan usedir supaya user di Linux bisa membuat websitenya

sendiri-sendiri.
Lakukan konfigurasi Nginx.
[vschool@localhost budi]$ sudo vim /etc/nginx/nginx.conf

user nginx;
pid /run/nginx.pid;
events {
}
http {
"$request" '
sendfile on;
tcp_nopush on;
tcp_nodelay on;
vSchool.id 86
directory.
server {
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
index index.html index.htm
autoindex on;
}
listen 443 ssl;
location / {
}

}
error_page 500 502 503 504 /50x.html;

}
}
}
Restart service Nginx.
[vschool@localhost budi]$ sudo service nginx restart

vSchool.id 87
Untuk mengakses website punya budi gunakan alamat
http://192.168.1.254/~budi.
vSchool.id 88
Lab 4 : Basic Web Authentication Nginx
Tujuan :
● Membuat otentikasi pada website menggunakan Nginx.
Konfigurasi pada Nginx sebagai berikut.
[vschool@localhost ~]$ sudo vim /etc/nginx/nginx.conf

user nginx;
pid /run/nginx.pid;
events {
}
http {
"$request" '
sendfile on;
tcp_nopush on;
tcp_nodelay on;

# directory.
vSchool.id 89
server {
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
index index.html index.htm
autoindex on;
}
auth_basic "Masukkan Password";
auth_basic_user_file "/etc/nginx/.htpasswd";
listen 443 ssl;
location / {

}
error_page 500 502 503 504 /50x.html;

}
}
}
vSchool.id 90
Buat user dan password untuk otentikasi web.
[vschool@localhost budi]$ sudo htpasswd -c /etc/nginx/.htpasswd budi

New password:
Adding password for user budi
[vschool@localhost budi]$ sudo htpasswd /etc/nginx/.htpasswd jono
New password:
Adding password for user jono
[vschool@localhost budi]$ sudo htpasswd /etc/nginx/.htpasswd tuti
New password:
Seperti biasa ya restart service Nginx.
[vschool@localhost ~]$ sudo service nginx restart

Jika sukses lakukan test akses web, maka harusnya muncul otentikasi terlebih
dahulu sebelum web terbuka.
vSchool.id 91
Lab 5 : NginX Load Balancer
Tujuan :
● Membuat fungsi NginX sebagai load balancer web server.
Edit file konfigurasi /etc/nginx/nginx.conf sebagai berikut.
[root@loadbalancer ~]# vim /etc/nginx/nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;

pid /var/run/nginx.pid;
events {
}
http {

"$request" '
sendfile on;
#tcp_nopush on;
#gzip on;
vSchool.id 92
upstream backends {
server nginx1.vschool.com:80;
server nginx2.vschool.com:80;
}
}
Dan juga edit file konfigurasi di /etc/nginx/conf.d/default.conf.
[root@loadbalancer ~]# vim /etc/nginx/conf.d/default.conf
server {
listen 80;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
proxy_set_header Host $http_host;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
location / {
# root /usr/share/nginx/html;
# index index.html index.htm;
proxy_pass http://backends;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html

#
error_page 500 502 503 504 /50x.html;
Restart service NginX
[root@loadbalancer ~]# systemctl restart nginx
vSchool.id 93
Akses dari browser client dengan menuju ke alamat domain NginX
loadbalancer seperti contoh berikut.
vSchool.id 94
DNS (Domain Name Server) Server
vSchool.id 95
Lab 1 : Install BIND
Tujuan :
● Melakukan instalasi BIND
Instalasi paket paket menggunakan perintah yum.
[vschool@localhost ~]$ sudo yum install bind bind-utils -y

Loaded plugins: fastestmirror, langpacks, priorities
base | 3.6 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
updates/7/x86_64/primary_db | 3.2 MB 00:03
Determining fastest mirrors
* base: mirror.dionipe.net
* extras: mirror.dionipe.net
* updates: mirror.upsi.edu.my
---> Package bind.x86_64 32:9.9.4-29.el7_2.3 will be installed
--> Processing Dependency: bind-libs = 32:9.9.4-29.el7_2.3 for package:
32:bind-9.9.4-29.el7_2.3.x86_64
---> Package bind-utils.x86_64 32:9.9.4-29.el7_2.2 will be updated
---> Package bind-utils.x86_64 32:9.9.4-29.el7_2.3 will be an update
---> Package bind-libs.x86_64 32:9.9.4-29.el7_2.2 will be updated
---> Package bind-libs.x86_64 32:9.9.4-29.el7_2.3 will be an update
--> Processing Dependency: bind-license = 32:9.9.4-29.el7_2.3 for package:
32:bind-libs-9.9.4-29.el7_2.3.x86_64
---> Package bind-license.noarch 32:9.9.4-29.el7_2.2 will be updated
--> Processing Dependency: bind-license = 32:9.9.4-29.el7_2.2 for package:
32:bind-libs-lite-9.9.4-29.el7_2.2.x86_64
---> Package bind-license.noarch 32:9.9.4-29.el7_2.3 will be an update
---> Package bind-libs-lite.x86_64 32:9.9.4-29.el7_2.2 will be updated
---> Package bind-libs-lite.x86_64 32:9.9.4-29.el7_2.3 will be an update
=====================================================================
vSchool.id 96
Package Arch Version Repository
Size
=====================================================================
Installing:
bind x86_64 32:9.9.4-29.el7_2.3 updates 1.8 M
Updating:
bind-utils x86_64 32:9.9.4-29.el7_2.3 updates 200 k
Updating for dependencies:
bind-libs x86_64 32:9.9.4-29.el7_2.3 updates 1.0 M
bind-libs-lite x86_64 32:9.9.4-29.el7_2.3 updates 724 k
bind-license noarch 32:9.9.4-29.el7_2.3 updates 82 k
Transaction Summary
=====================================================================
Install 1 Package
Upgrade 1 Package (+3 Dependent packages)

updates/7/x86_64/prestodelta | 275 kB 00:00
(1/5): bind-9.9.4-29.el7_2.3.x86_64.rpm | 1.8 MB 00:02
(2/5): bind-utils-9.9.4-29.el7_2.3.x86_64.rpm | 200 kB 00:02
(3/5): bind-libs-9.9.4-29.el7_2.3.x86_64.rpm | 1.0 MB 00:03
(4/5): bind-license-9.9.4-29.el7_2.3.noarch.rpm | 82 kB 00:03
(5/5): bind-libs-lite-9.9.4-29.el7_2.3.x86_64.rpm | 724 kB 00:09
---------------------------------------------------------------------
Total 421 kB/s | 3.7 MB 00:09
Running transaction
Updating : 32:bind-license-9.9.4-29.el7_2.3.noarch 1/9
Updating : 32:bind-libs-9.9.4-29.el7_2.3.x86_64 2/9
Updating : 32:bind-utils-9.9.4-29.el7_2.3.x86_64 3/9
Installing : 32:bind-9.9.4-29.el7_2.3.x86_64 4/9
Updating : 32:bind-libs-lite-9.9.4-29.el7_2.3.x86_64 5/9
Cleanup : 32:bind-libs-lite-9.9.4-29.el7_2.2.x86_64 6/9
Cleanup : 32:bind-utils-9.9.4-29.el7_2.2.x86_64 7/9
Cleanup : 32:bind-libs-9.9.4-29.el7_2.2.x86_64 8/9
Cleanup : 32:bind-license-9.9.4-29.el7_2.2.noarch 9/9
Verifying : 32:bind-license-9.9.4-29.el7_2.3.noarch 1/9
Verifying : 32:bind-libs-9.9.4-29.el7_2.3.x86_64 2/9
Verifying : 32:bind-utils-9.9.4-29.el7_2.3.x86_64 3/9
Verifying : 32:bind-libs-lite-9.9.4-29.el7_2.3.x86_64 4/9
vSchool.id 97
Verifying : 32:bind-9.9.4-29.el7_2.3.x86_64 5/9
Verifying : 32:bind-license-9.9.4-29.el7_2.2.noarch 6/9
Verifying : 32:bind-libs-9.9.4-29.el7_2.2.x86_64 7/9
Verifying : 32:bind-utils-9.9.4-29.el7_2.2.x86_64 8/9
Verifying : 32:bind-libs-lite-9.9.4-29.el7_2.2.x86_64 9/9
Installed:
bind.x86_64 32:9.9.4-29.el7_2.3
Updated:
bind-utils.x86_64 32:9.9.4-29.el7_2.3
Dependency Updated:
bind-libs.x86_64 32:9.9.4-29.el7_2.3
bind-libs-lite.x86_64 32:9.9.4-29.el7_2.3
bind-license.noarch 32:9.9.4-29.el7_2.3
Complete!
vSchool.id 98
Lab 2 : Konfigurasi BIND
Tujuan :
● Konfigurasi DNS sehingga client bisa di ping menggunakan domain
Edit file konfigurasi /etc/named.conf sebagai berikut.
[vschool@localhost ~]$ sudo vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8)
DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration
files.
// Disable IPv6 DNS jika tidak Tambahkan listening IP
difungsikan. server.
options {
listen-on port 53 { 127.0.0.1; 192.168.1.254;};
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
vSchool.id 99
allow-query { localhost; 192.168.1.0/24;}; Tambahkan query network
yang mengakses DNS
/* server
- If you are building an AUTHORITATIVE DNS server, do NOT enable
recursion.
- If you are building a RECURSIVE (caching) DNS server, you need
to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST
enable access
control to limit queries to your legitimate users. Failing to
do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
/* Path to ISC DLV key */

bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
vSchool.id 100
zone "vschool.com" IN {
type master;
file "forward.vschool";
allow-update {none; };
}; Setting zone domain
vschool.com
zone "1.168.192.in-addr.arpa" IN {
type master;
file "reverse.vschool";
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Melakukan konfigurasi file forward.vschool dan reverse.vschool

sesuai dengan ketetapan di file /etc/named.conf.
[vschool@localhost ~]$ sudo vim /var/named/forward.vschool
@ IN SOA master.vschool.com. root.vschool.world. (

2014071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL1
)
@ IN NS master.vschool.com.
master IN A 192.168.1.254
jono IN A 192.168.1.2
budi IN A 192.168.1.3
tuti IN A 192.168.1.4
[vschool@localhost ~]$ sudo vim /var/named/reverse.vschool
@ IN SOA master.vschool.com. root.vschool.com. (

2014071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
vSchool.id 101
86400 ;Minimum TTL
)
254 IN PTR master.vschool.com.
2 IN PTR jono.vschool.com.
3 IN PTR budi.vschool.com.
4 IN PTR tuti.vschool.com.
Tambahkan permit service dns dalam firewall server sebagai berikut.
[vschool@localhost ~]$ sudo firewall-cmd --add-service=dns --permanent

success
success
dhcpv6-client dns http https ssh
Lakukan restart service bind.
[vschool@localhost ~]$ sudo service named restart

Redirecting to /bin/systemctl restart named.service
Langkah terahir adalah melakukan test, lakukan test menggunakan ping.
vSchool.id 102
Lab 3 : BIND Forwarder
Tujuan :
● Konfigurasi forwarder agar client bisa akses internet menggunakan

DNS lokal
Edit file konfigurasi di /var/named.conf tambahkan option forwarders.
//
// named.conf
//
// DNS
//
//files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.254;};
vSchool.id 103
allow-query { localhost; 192.168.1.0/24;};
/*
recursion.
to enable
recursion.
enable access
do so will
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;

forwarders {
8.8.8.8; Untuk ke internet akan di forward
8.8.4.4; ke DNS berikut
};
};
logging {
severity dynamic;
};
vSchool.id 104
};
zone "." IN {
type hint;
file "named.ca";
};
type master;
};
type master;
};
Kemudian restart service bind.

Selanjutnya kita lakukan test dari client ping ke internet dan salah satu domain
di lokal seperti berikut.
vSchool.id 105
vSchool.id 106
Lab 4 : BIND CNAME (Canonical Name)
Tujuan :
● Membuat pengaliasan domain server ke www dan ftp
Edit file konfigurasi forward yang sudah dibuat sebelumnya,

/var/named/forward.vschool.

2014071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
master IN A 192.168.1.254
ftp IN CNAME master.vschool.com.
www IN CNAME master.vschool.com.
jono IN A 192.168.1.2
budi IN A 192.168.1.3
tuti IN A 192.168.1.4
Jangan lupa untuk restart service BIND.

vSchool.id 107
Selanjutnya kita bisa lakukan testing.
vSchool.id 108
Lab 5 : Slave DNS Server
Tujuan :
● Install bind pada server slave.
● Integrasi DNS server slave dengan DNS server master.
● Client bisa melakukan request resolve domain ke DNS server slave.
Konfigurasi server master :
Edit konfigurasi file /etc/named.conf pada master server sebaga berikut.
//
// named.conf
//
DNS
//
files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.254;};
vSchool.id 109
/*
recursion.
to enable
recursion.
enable access control to limit queries to your legitimate users.
Failing to do so will
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;

forwarders { Permit transfer database dns

8.8.8.8; ke IP server slave.
8.8.4.4;
};
allow-transfer { localhost; 192.168.1.253;};
};
logging {
severity dynamic;
vSchool.id 110
};
};
zone "." IN {
type hint;
file "named.ca";
};
type master;
};
type master;
};
Kemudian menambahkan domain server slave pada file forward dan reverse,
sebagai berikut.

2014071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
master IN A 192.168.1.254
ftp IN CNAME master.vschool.com.
www IN CNAME master.vschool.com.
slave IN A 192.168.1.253
jono IN A 192.168.1.2
budi IN A 192.168.1.3
tuti IN A 192.168.1.4
vSchool.id 111
[vschool@localhost ~]$ sudo vim /var/named/reverse.vschool
@ IN SOA master.vschool.com. root.vschool.com. (

2014071001 ;Serial
3600 ;Refresh
1800 ;Retry
604800 ;Expire
86400 ;Minimum TTL
)
254 IN PTR master.vschool.com. Reverse domain untuk server
253 IN PTR slave.vschool.com. slave.
2 IN PTR jono.vschool.com.
3 IN PTR budi.vschool.com.
4 IN PTR tuti.vschool.com.
Jangan lupa restart service DNS.

Konfigurasi Server Slave :
Edit konfigurasi bind di file /etc/named.conf.
//
// named.conf
//
DNS
//
files.
//
options {
vSchool.id 112
IP listening untuk server
slave.
listen-on port 53 { 127.0.0.1; 192.168.1.253;};

Disable service DNS IPv6 jika
tidak difungsikan.
Network yang diperbolehkan
/* akses DNS.
recursion.
to enable
recursion.
enable access
do so will
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;

forwarders {
8.8.8.8; DNS forwarding untuk ke
8.8.4.4; internet.
};
vSchool.id 113
};
logging {
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
type slave;
masters { 192.168.1.254; }; Sinkronisasi forwarding
file "slaves/forward.vschool"; domain dari server master.
notify no;
};
type slave;
Sinkronisasi reverse domain
masters { 192.168.1.254; };
dari server master
file "slaves/reverse.vschool";
notify no;
};
Seperti biasa, lakukan restart service DNS.

Setelah restart service berhasil maka server slave akan sinkronisasi dengan
server master. Kita bisa cek di directory /var/named/slaves.
[vschool@localhost ~]$ sudo ls /var/named/slaves -ls

total 8
4 -rw-r--r--. 1 named named 659 Mar 23 20:33 forward.vschool
4 -rw-r--r--. 1 named named 671 Mar 23 20:33 reverse.vschool
vSchool.id 114
Lakukan test dari client menggunakan DNS server slave, seperti berikut.
vSchool.id 115
MariaDB
vSchool.id 116
Lab 1 : Install MariaDB
Tujuan :
● Melakukan instalasi paket MariaDB
Buat sebuah repository untuk MariaDN version 10.0 sebagai berikut.
[vschool@localhost ~]$ sudo vim /etc/yum.repos.d/mariadb.repo
# MariaDB 10.0 RedHat repository list - created 2016-05-02 07:24 UTC

# http://mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.0/rhel7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
Instalasi paket mariadb seperti berikut.
[vschool@localhost ~]$ sudo yum -y install mariadb-server

oaded plugins : langpacks, product-id, search-disabled-repos,
nginx | 2.9 kB 00:00

---> Package mariadb-server.x86_64 1:5.5.47-1.el7_2 will be installed
--> Processing Dependency: mariadb(x86-64) = 1:5.5.47-1.el7_2 for package:
1:mariadb-server-5.5.47-1.el7_2.x86_64
--> Processing Dependency: perl-DBI for package:
--> Processing Dependency: perl-DBD-MySQL for package:
--> Processing Dependency: perl(Data::Dumper) for package:
--> Processing Dependency: perl(DBI) for package:
---> Package mariadb.x86_64 1:5.5.47-1.el7_2 will be installed
---> Package perl-DBD-MySQL.x86_64 0:4.023-5.el7 will be installed
vSchool.id 117
---> Package perl-DBI.x86_64 0:1.627-4.el7 will be installed
--> Processing Dependency: perl(RPC::PlServer) >= 0.2001 for package:
perl-DBI-1.627-4.el7.x86_64
--> Processing Dependency: perl(RPC::PlClient) >= 0.2000 for package:
perl-DBI-1.627-4.el7.x86_64
---> Package perl-Data-Dumper.x86_64 0:2.145-3.el7 will be installed
---> Package perl-PlRPC.noarch 0:0.2020-14.el7 will be installed
--> Processing Dependency: perl(Net::Daemon) >= 0.13 for package:
perl-PlRPC-0.2020-14.el7.noarch
--> Processing Dependency: perl(Net::Daemon::Test) for package:
--> Processing Dependency: perl(Net::Daemon::Log) for package:
--> Processing Dependency: perl(Compress::Zlib) for package:
---> Package perl-IO-Compress.noarch 0:2.061-2.el7 will be installed
--> Processing Dependency: perl(Compress::Raw::Zlib) >= 2.061 for package:
perl-IO-Compress-2.061-2.el7.noarch
--> Processing Dependency: perl(Compress::Raw::Bzip2) >= 2.061 for
package: perl-IO-Compress-2.061-2.el7.noarch
---> Package perl-Net-Daemon.noarch 0:0.48-5.el7 will be installed
---> Package perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 will be
installed
---> Package perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 will be
installed
=====================================================================
=====================================================================
Installing:
mariadb-server x86_64 1:5.5.47-1.el7_2 rhel-7-server-rpms 11 M
mariadb x86_64 1:5.5.47-1.el7_2 rhel-7-server-rpms 8.6 M
perl-Compress-Raw-Bzip2 x86_64 2.061-3.el7 hel-7-server-rpms 32 k
perl-Compress-Raw-Zlib x86_64 1:2.061-4.el7 rhel-7-server-rpms 57 k
perl-DBD-MySQL x86_64 4.023-5.el7 rhel-7-server-rpms 140 k
perl-DBI x86_64 1.627-4.el7 rhel-7-server-rpms 802 k
perl-Data-Dumper x86_64 2.145-3.el7 rhel-7-server-rpms 47 k
vSchool.id 118
perl-IO-Compress noarch 2.061-2.el7 rhel-7-server-rpms 260 k
perl-Net-Daemon noarch 0.48-5.el7 rhel-7-server-rpms 51 k
perl-PlRPC noarch 0.2020-14.el7 rhel-7-server-rpms 36 k
Transaction Summary
=====================================================================
Total download size: 21 M

(1/10): mariadb-5.5.47-1.el7_2.x86_64.rpm | 8.6 MB 00:46
(2/10): perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64.rpm | 32 kB 00:04
(3/10): perl-Compress-Raw-Zlib-2.061-4.el7.x86_64.rpm | 57 kB 00:03
(4/10): perl-DBD-MySQL-4.023-5.el7.x86_64.rpm | 140 kB 00:01
(5/10): perl-DBI-1.627-4.el7.x86_64.rpm | 802 kB 00:03
(6/10): perl-Data-Dumper-2.145-3.el7.x86_64.rpm | 47 kB 00:02
(7/10): perl-IO-Compress-2.061-2.el7.noarch.rpm | 260 kB 00:03
(8/10): perl-Net-Daemon-0.48-5.el7.noarch.rpm | 51 kB 00:00
(9/10): perl-PlRPC-0.2020-14.el7.noarch.rpm | 36 kB 00:00
(10/10): mariadb-server-5.5.47-1.el7_2.x86_64.rpm | 11 MB 01:17
---------------------------------------------------------------------
Total 272 kB/s | 21 MB 01:17
Running transaction
Installing : perl-Data-Dumper-2.145-3.el7.x86_64 1/10
Installing : 1:mariadb-5.5.47-1.el7_2.x86_64 2/10
Installing : perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64 3/10
Installing : 1:perl-Compress-Raw-Zlib-2.061-4.el7.x86_64 4/10
Installing : perl-IO-Compress-2.061-2.el7.noarch 5/10
Installing : perl-Net-Daemon-0.48-5.el7.noarch 6/10
Installing : perl-PlRPC-0.2020-14.el7.noarch 7/10
Installing : perl-DBI-1.627-4.el7.x86_64 8/10
Installing : perl-DBD-MySQL-4.023-5.el7.x86_64 9/10
Installing : 1:mariadb-server-5.5.47-1.el7_2.x86_64 10/10
Verifying : perl-DBI-1.627-4.el7.x86_64 1/10
Verifying : perl-Net-Daemon-0.48-5.el7.noarch 2/10
Verifying : perl-Data-Dumper-2.145-3.el7.x86_64 3/10
Verifying : perl-PlRPC-0.2020-14.el7.noarch 4/10
Verifying : 1:perl-Compress-Raw-Zlib-2.061-4.el7.x86_64 5/10
Verifying : perl-Compress-Raw-Bzip2-2.061-3.el7.x86_64 6/10
Verifying : 1:mariadb-server-5.5.47-1.el7_2.x86_64 7/10
vSchool.id 119
Verifying : perl-IO-Compress-2.061-2.el7.noarch 8/10
Verifying : perl-DBD-MySQL-4.023-5.el7.x86_64 9/10
Verifying : 1:mariadb-5.5.47-1.el7_2.x86_64 10/10
Installed:
mariadb-server.x86_64 1:5.5.47-1.el7_2
mariadb.x86_64 1:5.5.47-1.el7_2
perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7
perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7
perl-DBD-MySQL.x86_64 0:4.023-5.el7
perl-DBI.x86_64 0:1.627-4.el7
perl-Data-Dumper.x86_64 0:2.145-3.el7
perl-IO-Compress.noarch 0:2.061-2.el7
perl-Net-Daemon.noarch 0:0.48-5.el7
perl-PlRPC.noarch 0:0.2020-14.el7
Complete!
Konfigurasi initial setting MariaDB untuk set root password. Menggunakan

command mysql_secure_installation.
[vschool@localhost ~]$ sudo mysql_secure_installation

/bin/mysql_secure_installation: line 379: find_mysql_client: command not
found
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):

OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y

New password:
Re-enter new password:
vSchool.id 120
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y

... Success!
Normally, root should only be allowed to connect from 'localhost'. This

ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y

... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y

- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
vSchool.id 121
Untuk masih ke shell MariaDB gunakan perintah mysql -u root -p.
[vschool@localhost ~]$ sudo mysql -u root -p

Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 14
Server version: 5.5.47-MariaDB MariaDB Server
Copyright (c) 2000, 2015, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.
MariaDB [(none)]> select user,host,password from mysql.user;

+------+-----------+-------------------------------------------+
| user | host | password |
+------+-----------+-------------------------------------------+
| root | localhost | *8E1DB907926B7FC032199286210F28557C57D5CC |
| root | 127.0.0.1 | *8E1DB907926B7FC032199286210F28557C57D5CC |
| root | ::1 | *8E1DB907926B7FC032199286210F28557C57D5CC |
+------+-----------+-------------------------------------------+
3 rows in set (0.00 sec)
MariaDB [(none)]> show databases;

+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
+--------------------+
MariaDB [(none)]> exit

Bye
vSchool.id 122
Lab 2 : Install phpMyAdmin
Tujuan :
● Install phpMyAdmin.
● Konfigurasi phpMyAdmin agar bisa dilakukan remote via Web.
Download dan install repository dari EPEL fedora project untuk install paket
phpMyAdmin.
[vschool@localhost ~]$ sudo wget https://dl.fedoraproject.org/pub/epel/

epel-release-latest-7.noarch.rpm
[vschool@localhost ~]$ sudo rpm -i epel-release-latest-7.noarch.rpm
Mengaktifkan repositori optional dari RHEL sebagai berikut.
[root@localhost ~]# subscription-manager repos --enable=rhel-7-server

-optional-rpms
Kemudian install paket phpMyAdmin.
[vschool@localhost ~]$ sudo yum install phpMyAdmin php php-mbstring

php-pear php-mysql php-mcript

rhel-7-server-optional-rpms/7Server/x86_64/primary_db | 3.1 MB 00:05
(1/2): rhel-7-server-optional-rpms/7Server/x86_64/group_gz | 6.2 kB
00:02
(2/2): rhel-7-server-optional-rpms/7Server/x86_64/updatein | 830 kB
00:04
---> Package phpMyAdmin.noarch 0:4.4.15.5-1.el7 will be installed
--> Processing Dependency: php-mysqli >= 5.3.7 for package:
phpMyAdmin-4.4.15.5-1.el7.noarch
--> Processing Dependency: php-mbstring >= 5.3.7 for package:
--> Processing Dependency: php-gd >= 5.3.7 for package:
vSchool.id 123
--> Processing Dependency: php-tcpdf-dejavu-sans-fonts for package:
--> Processing Dependency: php-tcpdf for package:
--> Processing Dependency: php-php-gettext for package:
---> Package php-gd.x86_64 0:5.4.16-36.el7_1 will be installed
--> Processing Dependency: libt1.so.5()(64bit) for package:
php-gd-5.4.16-36.el7_1.x86_64
---> Package php-mbstring.x86_64 0:5.4.16-36.el7_1 will be installed
---> Package php-mysql.x86_64 0:5.4.16-36.el7_1 will be installed
--> Processing Dependency: php-pdo(x86-64) = 5.4.16-36.el7_1 for package:
php-mysql-5.4.16-36.el7_1.x86_64
---> Package php-php-gettext.noarch 0:1.0.11-12.el7 will be installed
---> Package php-tcpdf.noarch 0:6.2.11-1.el7 will be installed
--> Processing Dependency: php-tidy for package:
php-tcpdf-6.2.11-1.el7.noarch
--> Processing Dependency: php-bcmath for package:
php-tcpdf-6.2.11-1.el7.noarch
---> Package php-tcpdf-dejavu-sans-fonts.noarch 0:6.2.11-1.el7 will be
installed
---> Package php-bcmath.x86_64 0:5.4.16-36.el7_1 will be installed
---> Package php-pdo.x86_64 0:5.4.16-36.el7_1 will be installed
---> Package php-tidy.x86_64 0:5.4.16-4.el7 will be installed
--> Processing Dependency: libtidy-0.99.so.0()(64bit) for package:
php-tidy-5.4.16-4.el7.x86_64
---> Package t1lib.x86_64 0:5.1.2-14.el7 will be installed
---> Package libtidy.x86_64 0:0.99.0-31.20091203.el7 will be installed
=====================================================================
=====================================================================
Installing:
phpMyAdmin noarch 4.4.15.5-1.el7 epel 4.7 M
libtidy x86_64 0.99.0-31.20091203.el7 epel 132 k
php-bcmath x86_64 5.4.16-36.el7_1 rhel-7-server-optional-rpms 56 k
php-gd x86_64 5.4.16-36.el7_1 rhel-7-server-rpms 126 k
vSchool.id 124
php-mbstring x86_64 5.4.16-36.el7_1 rhel-7-server-optional-rpms 503 k
php-mysql x86_64 5.4.16-36.el7_1 rhel-7-server-rpms 99 k
php-pdo x86_64 5.4.16-36.el7_1 rhel-7-server-rpms 97 k
php-php-gettext noarch 1.0.11-12.el7 epel 22 k
php-tcpdf noarch 6.2.11-1.el7 epel 2.1 M
php-tcpdf-dejavu-sans-fonts noarch 6.2.11-1.el7 epel 257 k
php-tidy x86_64 5.4.16-4.el7 epel 22 k
t1lib x86_64 5.1.2-14.el7 rhel-7-server-rpms 166 k
Transaction Summary
=====================================================================

warning:
/var/cache/yum/x86_64/7Server/epel/packages/libtidy-0.99.0-31.2009120
3.el7.x86_64.rpm: Header V3 RSA/SHA256 Signature, key ID 352c64e5: NOKEY
Public key for libtidy-0.99.0-31.20091203.el7.x86_64.rpm is not
installed
(1/12): libtidy-0.99.0-31.20091203.el7.x86_64.rpm | 132 kB 00:04
(2/12): php-bcmath-5.4.16-36.el7_1.x86_64.rpm | 56 kB 00:05
(3/12): php-mysql-5.4.16-36.el7_1.x86_64.rpm | 99 kB 00:05
(4/12): php-gd-5.4.16-36.el7_1.x86_64.rpm | 126 kB 00:05
(5/12): php-mbstring-5.4.16-36.el7_1.x86_64.r | 503 kB 00:06
(6/12): php-php-gettext-1.0.11-12.el7.noarch.rpm | 22 kB 00:01
(7/12): php-pdo-5.4.16-36.el7_1.x86_64.rpm | 97 kB 00:03
(8/12): php-tcpdf-6.2.11-1.el7.noarch.rpm | 2.1 MB 00:03
(9/12): php-tidy-5.4.16-4.el7.x86_64.rpm | 22 kB 00:03
(10/12): t1lib-5.1.2-14.el7.x86_64.rpm | 166 kB 00:02
(11/12): php-tcpdf-dejavu-sans-fonts-6.2.11-1.el7.noarch.r | 257 kB
00:08
(12/12): phpMyAdmin-4.4.15.5-1.el7.noarch.rpm | 4.7 MB 02:32
---------------------------------------------------------------------
Total 53 kB/s | 8.2 MB 02:39
Retrieving key from file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
Importing GPG key 0x352C64E5:
Userid : "Fedora EPEL (7) <epel@fedoraproject.org>"
Fingerprint: 91e9 7d7c 4a5e 96f1 7f3e 888f 6a2f aea2 352c 64e5
Package : epel-release-7-5.noarch (installed)
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
vSchool.id 125
Running transaction
Installing : php-mbstring-5.4.16-36.el7_1.x86_64 1/12
Installing : php-php-gettext-1.0.11-12.el7.noarch 2/12
Installing : php-bcmath-5.4.16-36.el7_1.x86_64 3/12
Installing : php-pdo-5.4.16-36.el7_1.x86_64 4/12
Installing : php-mysql-5.4.16-36.el7_1.x86_64 5/12
Installing : libtidy-0.99.0-31.20091203.el7.x86_64 6/12
Installing : php-tidy-5.4.16-4.el7.x86_64 7/12
Installing : t1lib-5.1.2-14.el7.x86_64 8/12
Installing : php-gd-5.4.16-36.el7_1.x86_64 9/12
Installing : php-tcpdf-6.2.11-1.el7.noarch 10/12
Installing : php-tcpdf-dejavu-sans-fonts-6.2.11-1.el7.noarch 11/12
Installing : phpMyAdmin-4.4.15.5-1.el7.noarch 12/12
Verifying : php-tidy-5.4.16-4.el7.x86_64 1/12
Verifying : t1lib-5.1.2-14.el7.x86_64 2/12
Verifying : php-mbstring-5.4.16-36.el7_1.x86_64 3/12
Verifying : php-tcpdf-dejavu-sans-fonts-6.2.11-1.el7.noarch 4/12
Verifying : php-php-gettext-1.0.11-12.el7.noarch 5/12
Verifying : libtidy-0.99.0-31.20091203.el7.x86_64 6/12
Verifying : php-pdo-5.4.16-36.el7_1.x86_64 7/12
Verifying : php-gd-5.4.16-36.el7_1.x86_64 8/12
Verifying : php-bcmath-5.4.16-36.el7_1.x86_64 9/12
Verifying : php-mysql-5.4.16-36.el7_1.x86_64 10/12
Verifying : phpMyAdmin-4.4.15.5-1.el7.noarch 11/12
Verifying : php-tcpdf-6.2.11-1.el7.noarch 12/12
Installed:
phpMyAdmin.noarch 0:4.4.15.5-1.el7
libtidy.x86_64 0:0.99.0-31.20091203.el7
php-bcmath.x86_64 0:5.4.16-36.el7_1
php-gd.x86_64 0:5.4.16-36.el7_1
php-mbstring.x86_64 0:5.4.16-36.el7_1
php-mysql.x86_64 0:5.4.16-36.el7_1
php-pdo.x86_64 0:5.4.16-36.el7_1
php-php-gettext.noarch 0:1.0.11-12.el7
php-tcpdf.noarch 0:6.2.11-1.el7
php-tcpdf-dejavu-sans-fonts.noarch 0:6.2.11-1.el7
php-tidy.x86_64 0:5.4.16-4.el7
t1lib.x86_64 0:5.1.2-14.el7
Complete!
vSchool.id 126
Edit file konfigurasi utama phpMyAdmin.
[vschool@localhost ~]$ sudo vim /etc/httpd/conf.d/phpMyAdmin.conf
# phpMyAdmin - Web based MySQL browser written in php

#
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be
considered
# dangerous unless properly secured by SSL
Alias /phpMyAdmin /usr/share/phpMyAdmin

Alias /phpmyadmin /usr/share/phpMyAdmin
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1 192.168.1.0/24
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1 192.168.1.0/24
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
vSchool.id 127
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
Pastikan service http sudah dipermit oleh firewall, cek firewall sebagai berikut.
[vschool@localhost ~]$ sudo firewall-cmd --list-services

dhcpv6-client dns http https samba ssh
Restart service httpd.
[vschool@localhost ~]$ sudo systemctl restart httpd
Akses dari PC remote dengan menggunakan browser ke alamat

http://www.vschool.com/phpmyadmin.
vSchool.id 128
Masukkan username dan password dari database MariaDB.
vSchool.id 129
Lab 3 : Database Replication
Tujuan :
● Replikasi database dari server master ke server slave.
Server Master :
Edit konfigurasi MariaDB untuk menambahkan binary log dan server ID untuk
replikasi database.
[vschool@master ~]$ sudo vim /etc/my.cnf
[mysqld]
character-set-server=utf8
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security
# risks
symbolic-links=0
log-bin=mysql-bin
server-id=101
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
Setelah edit lakukan restart service MariaDB.
[vschool@master ~]$ sudo systemctl restart mariadb
vSchool.id 130
Permit service MariaDB pada firewall server.
[vschool@master ~]$ sudo firewall-cmd --add-service=mysql --permanent

success
[vschool@master ~]$ sudo firewall-cmd --reload
success
[vschool@master ~]$ sudo firewall-cmd --list-services
dhcpv6-client dns http https mysql samba ssh
Buat sebuah user yang digunakan untuk otentikasi antara server master dan
slave.
[vschool@master ~]$ sudo mysql -u root -p

Enter password:
Server version: 5.5.47-MariaDB-log MariaDB Server
statement.
MariaDB [(none)]> grant replication slave on *.* to vschool@'%' identified

by 'idnmantab';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;


Bye
Backup database dari server Master kemudian lakukan transfer database ke

server Slave.

Enter password:
vSchool.id 131
statement.
MariaDB [(none)]> flush tables with read lock;

MariaDB [(none)]> show master status;

+------------------+----------+--------------+------------------+
| File | Position | Binlog_Do_DB | Binlog_Ignore_DB |
+------------------+----------+--------------+------------------+
| mysql-bin.000001 | 465 | | |
+------------------+----------+--------------+------------------+
1 row in set (0.00 sec)

Bye
[vschool@master ~]$ sudo mysqldump -u root -p --all-databases

--lock-all-tables --events > mysql_dump.sql
Enter password:
[vschool@master ~]$ sudo scp mysql_dump.sql slave.vschool.com:/tmp/
The authenticity of host 'slave.vschool.com (192.168.1.253)' can't be
established.
ECDSA key fingerprint is
17:1e:8a:d7:f7:cf:a0:11:32:1e:b9:4f:6a:dc:64:30.
Are you sure you want to continue connecting (yes/no)? yes.
root@slave.vschool.com's password:
mysql_dump.sql 100% 503KB
502.6KB/s 00:00

Enter password:
statement.
MariaDB [(none)]> unlock tables;

vSchool.id 132
Bye
Server Slave:
Edit file konfigurasi MariaDB pada server slave dengan server ID yang
berbeda. Kemudian jadikan slave server sebagai Read-Only, artinya pada
slave server tidak bisa melakukan edit database dan hanya menerima
sinkronisasi database dari server master.
[vschool@master ~]$ sudo vim /etc/my.cnf
[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security
# risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
log-bin=mysql-bin
server-id=102
read_only=1
report-host=master.vschool.com
Restart service MariaDB pada server slave.
[vschool@slave ~]$ sudo systemctl restart mariadb
Permit service MariaDB pada firewall server.
[vschool@slave ~]$ sudo firewall-cmd --add-service=mysql --permanent

success
[vschool@slave ~]$ sudo firewall-cmd --reload
success
[vschool@slave ~]$ sudo firewall-cmd --list-services
dhcpv6-client dns http https mysql samba ssh
Import database yang sudah diterima dari server master.
[vschool@slave ~]$ mysql -u root -p < /tmp/mysql_dump.sql
vSchool.id 133
Mengaktifkan replikasi database di server slave.
[vschool@slave ~]$ sudo mysql -u root -p

Enter password:
statement.
MariaDB [(none)]> change master to
-> master_host='192.168.1.254',
-> master_user='vschool',
-> master_password='idnmantab',
-> master_log_file='mysql-bin.000001',
-> master_log_pos=465;
MariaDB [(none)]> start slave;

Pastikan status server slave adalah ‘Waitting for master to send event’.
MariaDB [(none)]> show slave status\G

*************************** 1. row ***************************
Slave_IO_State: Waiting for master to send event
Master_Host: 192.168.1.254
Master_User: vschool
Master_Port: 3306
Connect_Retry: 60
Master_Log_File: mysql-bin.000003
Read_Master_Log_Pos: 245
Relay_Log_File: mariadb-relay-bin.000004
Relay_Log_Pos: 529
Relay_Master_Log_File: mysql-bin.000003
Slave_IO_Running: Yes
Slave_SQL_Running: Yes
Replicate_Do_DB:
Replicate_Ignore_DB:
Replicate_Do_Table:
Replicate_Ignore_Table:
vSchool.id 134
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 245
Relay_Log_Space: 1109
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: No
Master_SSL_CA_File:
Master_SSL_CA_Path:
Master_SSL_Cert:
Master_SSL_Cipher:
Master_SSL_Key:
Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno: 0
Last_IO_Error:
Last_SQL_Errno: 0
Last_SQL_Error:
Replicate_Ignore_Server_Ids:
Master_Server_Id: 101
1 row in set (0.00 sec)
Untuk test coba buat beberapa database baru pada server master, jika
replikasi berjalan semestinya maka server slave secara otomatis akan
sinkronisasi database ke server master.
vSchool.id 135
Server Master
Server Slave
vSchool.id 136
Lab 4 : MariaDB Galera Cluster
Tujuan :
● Membuat cluster database sebagai active-active server menggunakan dua

server.
Install paket MariaDB galera server di kedua server.
$ sudo yum -y install MariaDB-Galera-server
Start service mysql kemudian membuat sebuah user baru pada database
yang digunakan sebagai otentikasi cluster. Buat di kedua server.
$ sudo mysql -u root -p

Enter password:
Server version: 10.0.24-MariaDB-wsrep MariaDB Server,
wsrep_25.13.raf7f02e
statement.
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'cluster'@'%' IDENTIFIED

BY 'rahasia' WITH GRANT OPTION;
MariaDB [(none)]> FLUSH PRIVILEGES;


Bye
vSchool.id 137
Konfigurasi firewall di kedua server untuk permit clustering database.
$ sudo firewall-cmd --add-port=4567/tcp --permanent

success
success
success
$ sudo firewall-cmd --reload
success
$ sudo firewall-cmd --list-services
dhcpv6-client dns http https mysql ssh
$ sudo firewall-cmd --list-ports
4567/tcp 4568/tcp 4444/tcp
Konfigurasi SElinux untuk permit konfigurasi cluster database. Lakukan

dikedua server.
$ sudo setenforce 0
Stop service mysql terlebih dahulu untuk edit file konfigurasi galera.
$ sudo systemctl stop mysql
Konfigurasi galera pada server master adalah seperti dibawah ini.
[vschool@master ~]$ sudo vim /etc/my.cnf.d/server.cnf
#
# These groups are read by MariaDB server.
# Use it for options that only the server (but not clients) should see
#
# See the examples of server my.cnf files in /usr/share/mysql/
#
# this is read by the standalone daemon and embedded servers

[server]
# this is only for the mysqld standalone daemon

[mysqld]
#
# * Galera-related settings
#
vSchool.id 138
[galera]
# Mandatory settings
wsrep_provider=/usr/lib64/galera/libgalera_smm.so
wsrep_cluster_address='gcomm://192.168.1.254,192.168.1.253'
binlog_format=row
default_storage_engine=InnoDB
innodb_autoinc_lock_mode=2
bind-address=0.0.0.0
wsrep_cluster_name='Database_cluster'
wsrep_node_address='192.168.1.254'
wsrep_sst_method=rsync
wsrep_sst_auth=cluster:rahasia
Konfigurasi di server slave adalah sebagai berikut.
[vschool@slave ~]$ sudo vim /etc/my.cnf.d/server.cnf
#
# These groups are read by MariaDB server.
# Use it for options that only the server (but not clients) should see
#
# See the examples of server my.cnf files in /usr/share/mysql/
#
# this is read by the standalone daemon and embedded servers

[server]
# this is only for the mysqld standalone daemon

[mysqld]
#
# * Galera-related settings
#
[galera]
# Mandatory settings
wsrep_provider=/usr/lib64/galera/libgalera_smm.so
wsrep_cluster_address='gcomm://192.168.1.254,192.168.1.253'
binlog_format=row
default_storage_engine=InnoDB
innodb_autoinc_lock_mode=2
bind-address=0.0.0.0
wsrep_cluster_name='Database_cluster'
wsrep_node_address='192.168.1.253'
wsrep_sst_method=rsync
vSchool.id 139
wsrep_sst_auth=cluster:rahasia
Langkah berikutnya aktifkan cluster pada mysql di masing-masing server.

Untuk server master lakukan inisialisasi cluster menggunakan perintah berikut.
[vschool@master ~]$ sudo /etc/init.d/mysql start --wsrep-new-cluster
Keterangan :
--wsrep-new-cluster menjadikan server master sebagai primary server
pada cluster.
Pada server slave tinggal diaktifkan service mysql-nya.
[vschool@slave ~]$ sudo systemctl start mysql
Jika terdapat error pada saat mengaktifkan service mysql kita bisa melihat
informasi log tersebut di file /var/lib/mysql/<hostname>.err.
Untuk mengetahui server sudah join ke dalam cluster kita bisa menggunakan
perintah berikut pada shell mysql.
[vschool@slave ~]$ sudo mysql -u root -p

Enter password:
Server version: 10.0.24-MariaDB-wsrep MariaDB Server,
wsrep_25.13.raf7f02e
statement.
MariaDB [(none)]> show status like 'wsrep_%';

+------------------------------+------------------------------------+
| Variable_name | Value |
+------------------------------+------------------------------------+
| wsrep_local_state_uuid | 7f9b15e8-fa6c-11e5-a0b3-37918903ca71
|
| wsrep_protocol_version | 7 |
| wsrep_last_committed | 15 |
| wsrep_replicated | 0 |
| wsrep_replicated_bytes | 0 |
| wsrep_repl_keys | 0 |
vSchool.id 140
| wsrep_repl_keys_bytes | 0 |
| wsrep_repl_data_bytes | 0 |
| wsrep_repl_other_bytes | 0 |
| wsrep_received | 4 |
| wsrep_received_bytes | 1175 |
| wsrep_local_commits | 0 |
| wsrep_local_cert_failures | 0 |
| wsrep_local_replays | 0 |
| wsrep_local_send_queue | 0 |
| wsrep_local_send_queue_max | 1 |
| wsrep_local_send_queue_min | 0 |
| wsrep_local_send_queue_avg | 0.000000 |
| wsrep_local_recv_queue | 0 |
| wsrep_local_recv_queue_max | 1 |
| wsrep_local_recv_queue_min | 0 |
| wsrep_local_recv_queue_avg | 0.000000 |
| wsrep_local_cached_downto | 14 |
| wsrep_flow_control_paused_ns | 0 |
| wsrep_flow_control_paused | 0.000000 |
| wsrep_flow_control_sent | 0 |
| wsrep_flow_control_recv | 0 |
| wsrep_cert_deps_distance | 1.000000 |
| wsrep_apply_oooe | 0.000000 |
| wsrep_apply_oool | 0.000000 |
| wsrep_apply_window | 1.000000 |
| wsrep_commit_oooe | 0.000000 |
| wsrep_commit_oool | 0.000000 |
| wsrep_commit_window | 1.000000 |
| wsrep_local_state | 4 |
| wsrep_local_state_comment | Synced |
| wsrep_cert_index_size | 1 |
| wsrep_causal_reads | 0 |
| wsrep_cert_interval | 0.000000 |
| wsrep_incoming_addresses | 192.168.1.254:3306,192.168.1.253:3306 |
| wsrep_evs_delayed | |
| wsrep_evs_evict_list | |
| wsrep_evs_repl_latency | 0/0/0/0/0 |
| wsrep_evs_state | OPERATIONAL |
| wsrep_gcomm_uuid | 1ec07de2-facd-11e5-85a1-0f7601878be0 |
| wsrep_cluster_conf_id | 2 |
| wsrep_cluster_size | 2 |
| wsrep_cluster_state_uuid | 7f9b15e8-fa6c-11e5-a0b3-37918903ca71
|
| wsrep_cluster_status | Primary |
vSchool.id 141
| wsrep_connected | ON |
| wsrep_local_bf_aborts | 0 |
| wsrep_local_index | 1 |
| wsrep_provider_name | Galera |
| wsrep_provider_vendor | Codership Oy <info@codership.com> |
| wsrep_provider_version | 25.3.14(r3560) |
| wsrep_ready | ON |
| wsrep_thread_count | 2 |
+------------------------------+------------------------------------+
Lakukan test untuk mengujicoba cluster berhasil.
Sebagai contoh server master menambahkan database baru (cluster,

cluster123, cluster1234, cluster12345).
vSchool.id 142
Lihat di server slave.
Nah, berhasil. Coba lakukan sebaliknya buat database di server slave

kemudian cek database di server master.
vSchool.id 143
SAMBA
vSchool.id 144
Lab 1 : Install Samba
Tujuan :
● Install samba.
● Konfigurasi firewall untuk Samba.
● Aktifkan samba secara permanent.
Sebelum melakukan install paket samba, update repository terlebih dahulu

menggunakan perintah yum update -y.
[vschool@localhost ~]$ sudo yum update -y
Install paket samba dan samba-client.
[vschool@localhost ~]$ sudo yum -y install samba samba-client

subscription-manager
---> Package samba.x86_64 0:4.2.3-12.el7_2 will be installed
---> Package samba-client.x86_64 0:4.2.3-12.el7_2 will be installed
=====================================================================
=====================================================================
Installing:
samba x86_64 4.2.3-12.el7_2 rhel-7-server-rpms 602 k
samba-clientx86_64 4.2.3-12.el7_2 rhel-7-server-rpms 496 k
Transaction Summary
=====================================================================
Install 2 Packages

(1/2) : samba-client-4.2.3-12.el7_2.x86_64.rpm | 496 kB 00:00:06
vSchool.id 145
(2/2) : samba-4.2.3-12.el7_2.x86_64.rpm | 602 kB 00:00:06
---------------------------------------------------------------------
Total
158 kB/s | 1.1 MB 00:00:06
Running transaction
Installing : samba-client-4.2.3-12.el7_2.x86_64 1/2
Installing : samba-4.2.3-12.el7_2.x86_64 2/2
Verifying : samba-4.2.3-12.el7_2.x86_64 1/2
Verifying : samba-client-4.2.3-12.el7_2.x86_64 2/2
Installed:
samba.x86_6 0:4.2.3-12.el7_2
samba-client.x86_64 0:4.2.3-12.el7_2
Complete!
Tambahkan service samba agar dipermit oleh firewall.
[vschool@localhost ~]$ sudo firewall-cmd --add-service=samba --permanent

success
success
[vschool@localhost ~]$ sudo firewall-cmd --list-services
dhcpv6-client dns samba ssh
Start service samba dan aktifkan secara permanent.
[vschool@localhost ~]$ sudo systemctl start smb

[vschool@localhost ~]$ sudo systemctl start nmb
[vschool@localhost ~]$ sudo systemctl enable smb
[vschool@localhost ~]$ sudo systemctl enable nmb
vSchool.id 146
Lab 2 : Full Access Shared Folder
Tujuan :
● Membuat sharing folder dengan akses full oleh semua user dan guest.
Buat sebuah directory yang digunakan sharing sebagai contoh /home/share.
[vschool@localhost ~]$ sudo mkdir /home/share
Ubah permission directory tersebut ke full akses (777) siapapun boleh Read,
Write dan Execution.
[vschool@localhost ~]$ sudo chmod 777 /home/share/
Aktifkan file sharing dengan konfigurasi pada file samba

/etc/samba/smb.conf.
[vschool@localhost ~]$ sudo vim /etc/samba/smb.conf
#======================= Global Settings =============================
[global]
unix charset = UTF-8
# ----------------------- Network-Related Options ---------------------
#
# workgroup = the Windows NT domain name or workgroup name, for example,
# MYGROUP.
#
# server string = the equivalent of the Windows NT Description field.
#
# netbios name = used to specify a server name that is not tied to the
# hostname.
#
# interfaces = used to configure Samba to listen on multiple network
# interfaces.
# If you have multiple interfaces, you can use the "interfaces =" option
# to
# configure which of those interfaces Samba listens on. Never omit the
# localhost
# interface (lo).
#
# hosts allow = the hosts allowed to connect. This option can also be used
vSchool.id 147
# max protocol = used to define the supported protocol. The default is
# NT1. You
# can set it to SMB2 if you want experimental SMB2 support.
#
workgroup = WORKGROUP
server string = Samba Server Version %v
; netbios name = MYSERVER
; interfaces = lo eth0 192.168.12.2/24 192.168.13.2/24

hosts allow = 127. 192.168.1.
; max protocol = SMB2
# ----------------------- Standalone Server Option ---------------

#
# security = the mode Samba runs in. This can be set to user, share
# (deprecated), or server (deprecated).
#
# passdb backend = the backend used to store user information in. New
# installations should use either tdbsam or ldapsam. No additional
# configuration
# is required for tdbsam. The "smbpasswd" utility is available for
# backwards
# compatibility.
#
security = user
passdb backend = tdbsam
map to guest = Bad User
#======================== Share Definitions ========================
[homes]
comment = Home Directories
browseable = no
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
[printers]
comment = All Printers
vSchool.id 148
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
# Un-comment the following and create the netlogon directory for Domain
# Logons:
; [netlogon]
; comment = Network Logon Service
; path = /var/lib/samba/netlogon
; guest ok = yes
; writable = no
; share modes = no
# Un-comment the following to provide a specific roving profile share.

# The default is to use the user's home directory:
; [Profiles]
; path = /var/lib/samba/profiles
; browseable = no
; guest ok = yes
# A publicly accessible directory that is read only, except for users in

# the "staff" group (which have write permissions):
; [public]
; comment = Public Stuff
; path = /home/samba
; public = yes
; writable = yes
; printable = no
; write list = +staff
[share]
path = /home/share
writable = yes
guest ok = yes
create mode = 0777
directory mode = 0777
share modes = yes
vSchool.id 149
Agar samba tidak ter-block oleh SELinux maka gunakan perintah berikut.
[vschool@localhost ~]$ sudo chcon -t samba_share_t /home/share/
Setelah semua konfigurasi dilakukan, jangan lupa untuk restart service samba.
[vschool@localhost ~]$ sudo systemctl restart smb

[vschool@localhost ~]$ sudo systemctl restart nmb
[vschool@localhost ~]$ sudo systemctl enable smb

[vschool@localhost ~]$ sudo systemctl enable nmb
Test dari PC Windows, buka windows explorer kemudian buka sharing folder
pada address \\master.vschool.com\share seperti pada gambar dibawah.
vSchool.id 150
Lab 3 : Limited Access Shared Folder
Tujuan :
● Membuat sharing folder dengan pembatasan akses ke user tertentu saja.
Membuat sebuah group user katakanlah staffit, jadi kita buat sebuah sharing
folder hanya untuk kelompok staff IT saja.
[vschool@localhost ~]$ sudo groupadd staffit
Buat sebuah folder untuk group staffit dan atur permissionya.
[vschool@localhost ~]$ sudo mkdir /samba/staffit

[vschool@localhost ~]$ sudo chgrp staffit /samba/staffit/
[vschool@localhost ~]$ sudo chmod 770 /samba/staffit/
Kelompokkan user ke dalam group staffit.
[vschool@localhost ~]$ sudo useradd tuti

[vschool@localhost ~]$ sudo usermod -G staffit tuti
[vschool@localhost ~]$ sudo smbpasswd -a tuti
New SMB password:
Retype new SMB password:
Added user tuti.
Edit file konfigurasi utama samba (/etc/samba/smb.conf) kemudian

tambahkan pada baris terakhir path folder yang akan disharing.
[vschool@localhost ~]$ sudo vim /etc/samba/smb.conf
[share]
path = /home/share
writable = yes
guest ok = yes
create mode = 0777
share modes = yes
[staffit]
path = /samba/staffit/
writable = yes
vSchool.id 151
create mode = 0770
share modes = yes
guest ok = no
valid users = @staffit
Lakukan pelabelan pada folder sharing agar tidak terblock oleh SELinux
menggunakan perintah berikut.
[vschool@localhost ~]$ sudo setsebool -P samba_enable_home_dirs on

[vschool@localhost ~]$ sudo chcon -t samba_share_t /samba/staffit/
Restart service samba.
[vschool@localhost ~]$ sudo systemctl restart smb

[vschool@localhost ~]$ sudo systemctl restart nmb
Selanjutnya kita test dari client Windows dengan mengakses ke server Samba
dengan alamat \\master.vschool.com\staffit seperti berikut.
vSchool.id 152
Isikan username dan password sesuai dengan user yang tergabung dalam
group staffit, jika otentikasi berhasil maka kita bisa mengcopy dari dan ke
folder sharing tersebut.
vSchool.id 153
Lab 4 : Block File di Samba
Tujuan :
● Melakukan blocking copy extensi file di folder sharing samba.
Lakukan edit file konfigurasi samba sebagai berikut.
[vschool@master ~]$ sudo vim /etc/samba/smb.conf
[staffit]
path = /samba/staffit
veto files = /*.exe/
delete veto files = yes
writable = yes
create mode = 0770
share modes = yes
guest ok = no
valid users = @staffit
Restart service samba.
[vschool@master ~]$ sudo systemctl restart smb

[vschool@master ~]$ sudo systemctl restart nmb
Lakukan sebuah kopi file ber-ekstensi .exe maka akan terjadi seperti gambar
dibawah ini.
vSchool.id 154
PROXY
vSchool.id 155
Lab 1 : Install Paket Squid
Tujuan :
● Melakukan instalasi paket squid.
● Mengaktifkan squid.
Paket yang cukup populer digunakan untuk fungsi proxy server adalah Squid,
paket ini sudah tersedia di repositori RedHat. Install paket menggunakan yum
seperti berikut.
[vschool@master ~]$ sudo yum -y install squid

epel/x86_64/metalink | 4.8 kB 00:00
mariadb | 2.9 kB 00:00
rhel-7-server-rpms/7Server/x86_64/updateinfo | 1.1 MB 00:11
---> Package squid.x86_64 7:3.3.8-26.el7 will be installed
--> Processing Dependency: libecap.so.2()(64bit) for package:
7:squid-3.3.8-26.el7.x86_64
---> Package libecap.x86_64 0:0.2.0-9.el7 will be installed
=====================================================================
=====================================================================
Installing:
squid x86_64 7:3.3.8-26.el7 rhel-7-server-rpms 2.6 M
libecap x86_64 0.2.0-9.el7 rhel-7-server-rpms 20 k
Transaction Summary
=====================================================================
Install 1 Package (+1 Dependent package)
vSchool.id 156
(1/2): libecap-0.2.0-9.el7.x86_64.rpm | 20 kB 00:05
(2/2): squid-3.3.8-26.el7.x86_64.rpm | 2.6 MB 01:47
---------------------------------------------------------------------
Total 25 kB/s | 2.6 MB 01:47
Running transaction
Installing : libecap-0.2.0-9.el7.x86_64 1/2
Installing : 7:squid-3.3.8-26.el7.x86_64 2/2
rhel-7-server-rpms/7Server/x86_64/productid | 1.7 kB 00:00
Verifying : 7:squid-3.3.8-26.el7.x86_64 1/2
Verifying : libecap-0.2.0-9.el7.x86_64 2/2
Installed:
squid.x86_64 7:3.3.8-26.el7
libecap.x86_64 0:0.2.0-9.el7
Complete!
Start service squid dan aktifkan secara permanent.
[vschool@master ~]$ sudo systemctl start squid

[vschool@master ~]$ sudo systemctl enable squid
vSchool.id 157
Lab 2: Konfigurasi Squid
Tujuan :
● Melakukan konfigurasi squid.
● Test proxy dari user.
File konfigurasi utama proxy squid ada di file /etc/squid/squid.conf
[vschool@master ~]$ sudo vim /etc/squid/squid.conf
#
# Recommended minimum configuration:
#
# Example rule allowing access from your local networks.

# Adapt to list your (internal) IP networks from where browsing
# should be allowed
acl localnet src 10.0.0.0/8 # RFC1918 possible internal network
acl localnet src fc00::/7 # RFC 4193 local private network range
acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged)
machines
acl SSL_ports port 443

acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
vSchool.id 158
http_access deny !Safe_ports
# Deny CONNECT to other than secure SSL ports

http_access deny CONNECT !SSL_ports
# Only allow cachemgr access from localhost

http_access allow localhost manager
http_access deny manager
# We strongly recommend the following be uncommented to protect innocent

# web applications running on the proxy server who think the only
# one who can access services on "localhost" is a local user
#http_access deny to_localhost
#
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#

# Adapt localnet in the ACL section to list your (internal) IP networks
# from where browsing should be allowed
http_access allow localnet
http_access allow localhost
# And finally deny all other access to this proxy

http_access deny all
# Squid normally listens to port 3128

http_port 3128
# Uncomment and adjust the following to add a disk cache directory.

cache_dir ufs /var/spool/squid 100 16 256
# Leave coredumps in the first cache dir

coredump_dir /var/spool/squid
#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
vSchool.id 159
# squid server hostname
visible_hostname proxy.vschool.com
# cache administrator
cache_mgr admin@vschool.com
Restart service squid.
[vschool@master ~]$ sudo systemctl restart squid
Setelah proxy siap digunakan selanjutnya adalah mengarahkan user agar

menggunakan proxy server dengan setting pada web browsernya. Seperti
pada gambar berikut apabila menggunakan Browser Firefox
vSchool.id 160
Berikut bila menggunakan browser Windows Explorer.
vSchool.id 161
Lakukan browsing seperti contoh berikut.
Disaat user melakukan browsing kita bisa melihat proses caching proxy pada
file log /var/log/squid/access.log seperti berikut.
[vschool@master ~]$ sudo tail -f /var/log/squid/access.log
1459988226.575 823 192.168.1.3 TCP_MISS/200 127598 GET

http://cdn.jivosite.com/js/chat_en_US.js? - HIER_DIRECT/148.251.7.108
application/x-javascript
1459988227.797 1119 192.168.1.3 TCP_MISS/200 74379 GET
http://cdn.jivosite.com/css/main.css? - HIER_DIRECT/148.251.7.108
text/css
vSchool.id 162
1459988230.778 20016 192.168.1.3 TCP_MISS/200 14252 CONNECT
pubads.g.doubleclick.net:443 - HIER_DIRECT/74.125.68.157 -
1459988230.778 21049 192.168.1.3 TCP_MISS/200 334285 CONNECT
s.ytimg.com:443 - HIER_DIRECT/216.58.200.110 -
1459988230.787 20542 192.168.1.3 TCP_MISS/200 313005 CONNECT
i.ytimg.com:443 - HIER_DIRECT/74.125.200.139 -
1459988230.787 19005 192.168.1.3 TCP_MISS/200 17863 CONNECT
tpc.googlesyndication.com:443 - HIER_DIRECT/216.58.200.97 -
1459988230.787 21706 192.168.1.3 TCP_MISS/200 51724 CONNECT
www.youtube.com:443 - HIER_DIRECT/74.125.200.190 -
1459988230.787 17859 192.168.1.3 TCP_MISS/200 876 CONNECT
www.youtube.com:443 - HIER_DIRECT/74.125.200.190 -
1459988230.787 20264 192.168.1.3 TCP_MISS/200 42914 CONNECT
fonts.gstatic.com:443 - HIER_DIRECT/74.125.200.94 -
1459988230.816 20563 192.168.1.3 TCP_MISS/200 31942 CONNECT
yt3.ggpht.com:443 - HIER_DIRECT/74.125.200.132 -
1459988262.037 1313 192.168.1.3 TCP_MISS/200 6363 GET
http://vschool.id/ - HIER_DIRECT/104.152.168.20 text/html
1459988263.088 962 192.168.1.3 TCP_MISS/200 1785 GET
http://code.jivosite.com/script/widget/pvOjYE9ZO0 -
HIER_DIRECT/54.246.110.153 application/x-javascript
Untuk melihat seberapa besar cache yang sudah ditampung pada proxy
server bisa di cek pada directory /var/spool/squid.
[vschool@master ~]$ sudo du -sh /var/spool/squid/

13M /var/spool/squid/
vSchool.id 163
Lab 3: Transparent Proxy
Tujuan :
● Memaksa user untuk menggunakan proxy server
Salah satu fungsi proxy server adalah untuk melakukan cache web sehingga
user tidak perlu keluar ke jaringan internet untuk dapat mengakses ke web
yang dituju, cukup mengambil dari cache proxy. Namun pada lab sebelumnya
kekuranganya adalah user dapat memilih untuk menggunakan proxy atau
tidak. Untuk mengatasi hal tersebut kita bisa menggunakan transparent proxy
yaitu pemaksaan user agar menggunakan proxy.
Salah satu cara untuk memaksa user menggunakan proxy adalah
menerapkan filtering pada router, dengan mengijinkan akses ke internet oleh
proxy server saja.
Contoh berikut adalah penerapan filtering pada router Cisco menggunakan
ACL.
Building configuration...
Current configuration : 1081 bytes

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Gateway
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
ip name-server 192.168.1.254
!
!
!
!
vSchool.id 164
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip access-group PROXY in
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
!
ip access-list extended PROXY
permit ip host 192.168.1.254 any
deny ip any any
Jadi apabila kita kita tidak menggunakan proxy lokal pada pengaturan web
browser maka kita tidak akan bisa mengakses ke internet.
vSchool.id 165
vSchool.id 166
Lab 4: Proxy Basic Authentication
Tujuan :
● Memberikan otentikasi pada user yang ingin koneksi ke internet.
Edit file konfigurasi squid sebagai berikut.
auth_param basic program /usr/lib64/squid/basic_ncsa_auth /

/etc/squid/.htpasswd
auth_param basic children 5
auth_param basic realm Harap Masukkan Password
auth_param basic credentialsttl 5 hours
acl password proxy_auth REQUIRED
http_access allow password
Buat user untuk digunakan sebagai proses otentikasi proxy.
[vschool@master ~]$ sudo htpasswd -c /etc/squid/.htpasswd coba

New password:
Adding password for user coba
[vschool@master ~]$ sudo systemctl restart squid
Kemudian bila user melakukan akses internet maka akan tampil otentikasi
sebagai berikut.
vSchool.id 167
vSchool.id 168
Lab 5: Squid Web Filter
Tujuan :
● Melakukan filtering website menggunakan squid
Edit file konfigurasi squid untuk menambahkan filtering website sebagai

berikut.
#
#

# should be allowed
# machines

# blocked domain list

acl blocked dstdomain "/etc/squid/block"
http_access deny blocked
vSchool.id 169
Buat sebuah file yang berisikan list domain yang akan diblock.
[vschool@master ~]$ sudo vim /etc/squid/block
www.youtube.com
www.facebook.com
www.twitter.com
twitter.com
www.kaskus.com
kaskus.com
www.kaskus.co.id
kaskus.co.id
[vschool@master ~]$ sudo service squid restart

Redirecting to /bin/systemctl restart squid.service
Selanjutnya lakukan test dari user dengan mengakses ke sala satu list domain
yang terblock sebagai berikut.
vSchool.id 170
Bila akan melakukan block url regex tambahkan pada file konfigurasi squid
sebagi berikut.

#

# should be allowed
machines

# blocked domain list

# blocked url
acl blockurl url_regex -i "/etc/squid/url"
http_access deny blockurl
vSchool.id 171
Buat sebuah file yang berisikan url regex yang diblock.
[vschool@master ~]$ sudo vim /etc/squid/url
Download
download

Lakukan test pada user dengan mengaksess website yang memiliki unsur url
download seperti berikut.
vSchool.id 172
Untuk melakukan block file download edit konfigurasi squid sebagai berikut.
#
#

# should be allowed
# machines

# block domain list

# block url
#acl blockurl url_regex -i "/etc/squid/url"
#http_access deny blockurl
# block download
acl file urlpath_regex -i "/etc/squid/file"
http_access deny file
vSchool.id 173
Buat sebuah file yang berisikan daftar tipe file yang terblock.
[vschool@master ~]$ sudo vim /etc/squid/file
\.exe$
\.avi$
\.mkv$
\.flv$
\.mp4$
\.iso$

Lakukan test dari user dengan melakukan download file dengan salah satu
extension yang diblock.
vSchool.id 174
Storage
vSchool.id 175
Lab 1 : Konfigurasi Raid 1
Tujuan :
● Konfigurasi storage server sebagai RAID 1
Melihat informasi storage existing dengan menggunakan perintah df -h dan

fdisk -l sebagai berikut.
[vschool@master ~]$ sudo df -h

Filesystem Size Used Avail Use% Mounted on
/dev/mapper/rhel-root 48G 10G 38G 21% /
devtmpfs 482M 0 482M 0% /dev
tmpfs 497M 104K 497M 1% /dev/shm
tmpfs 497M 7,0M 490M 2% /run
tmpfs 497M 0 497M 0% /sys/fs/cgroup
/dev/sda1 497M 210M 288M 43% /boot
tmpfs 100M 20K 100M 1% /run/user/1000
[vschool@master ~]$ sudo fdisk -l
Disk /dev/sda: 53.7 GB, 53687091200 bytes, 104857600 sectors

Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x0005ed58
Device Boot Start End Blocks Id System

/dev/sda1 * 2048 1026047 512000 83 Linux
/dev/sda2 1026048 104857599 51915776 8e Linux LVM
Disk /dev/sdb: 53.7 GB, 53687091200 bytes, 104857600 sectors

Disk /dev/sdc: 53.7 GB, 53687091200 bytes, 104857600 sectors

vSchool.id 176
Disk /dev/mapper/rhel-root: 51.0 GB, 50964987904 bytes, 99540992 sectors
Disk /dev/mapper/rhel-swap: 2147 MB, 2147483648 bytes, 4194304 sectors

Membuat partisi RAID 1 sebagai berikut.
[vschool@master ~]$ sudo parted --script /dev/sdb “mklabel gpt”

[vschool@master ~]$ sudo parted --script /dev/sdc “mklabel gpt”
[vschool@master ~]$ sudo parted --script /dev/sdb “mkpart primary 0% 100%”
[vschool@master ~]$ sudo parted --script /dev/sdc “mkpart primary 0% 100%”
[vschool@master ~]$ sudo parted --script /dev/sdb “set 1 raid on”
[vschool@master ~]$ sudo parted --script /dev/sdc “set 1 raid on”
[vschool@master ~]$ sudo mdadm --create /dev/md0 --level=raid1

--raid-devices=2 /dev/sdb1 /dev/sdc1
mdadm: Note: this array has metadata at the start and
may not be suitable as a boot device. If you plan to
store '/boot' on this device please ensure that
your boot-loader understands md/v1.x metadata, or use
--metadata=0.90
Continue creating array? y
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md0 started.
Lihat proses sinkronisasi antara disk 1 dan disk 2 sebagai berikut.
[vschool@master ~]$ sudo cat /proc/mdstat

Personalities : [raid1]
md0 : active raid1 sdc1[1] sdb1[0]
52393984 blocks super 1.2 [2/2] [UU]
[==>..................] resync = 10.0% (5285824/52393984)
finish=7.0min speed=110952K/sec
unused devices: <none>
vSchool.id 177
Bila proses sinkronisasi sudah selesai.
[vschool@master ~]$ sudo cat /proc/mdstat

Personalities : [raid1]
md0 : active raid1 sdc1[1] sdb1[0]
52393984 blocks super 1.2 [2/2] [UU]
unused devices: <none>
Edit file konfigurasi /etc/sysconfig/raid-check sebagai berikut, agar sistem

secara rutin mengecek kondisi raid.
[vschool@master ~]$ sudo vim /etc/sysconfig/raid-check
# To check devs /dev/md0 and /dev/md3, use "md0 md3"

CHECK_DEVS="md0"
REPAIR_DEVS=""
SKIP_DEVS=""
MAXCONCURRENT=
Melihat disk RAID yang baru saja terbentuk.
[vschool@master ~]$ sudo fdisk -l
Disk /dev/sda: 53.7 GB, 53687091200 bytes, 104857600 sectors

Disk label type: dos
Disk identifier: 0x0005ed58
Device Boot Start End Blocks Id System

/dev/sda1 * 2048 1026047 512000 83 Linux
/dev/sda2 1026048 104857599 51915776 8e Linux LVM
WARNING: fdisk GPT support is currently new, and therefore in an
experimental phase. Use at your own discretion.
Disk /dev/sdb: 53.7 GB, 53687091200 bytes, 104857600 sectors

Disk label type: gpt
vSchool.id 178
# Start End Size Type Name
1 2048 104855551 50G Linux RAID primary
WARNING: fdisk GPT support is currently new, and therefore in an
experimental phase. Use at your own discretion.
Disk /dev/sdc: 53.7 GB, 53687091200 bytes, 104857600 sectors

Disk label type: gpt
# Start End Size Type Name

1 2048 104855551 50G Linux RAID primary
Disk /dev/mapper/rhel-root: 51.0 GB, 50964987904 bytes, 99540992 sectors

Disk /dev/mapper/rhel-swap: 2147 MB, 2147483648 bytes, 4194304 sectors

Disk /dev/md0: 53.7 GB, 53651439616 bytes, 104787968 sectors

Membuat file sistem pada disk RAID.
[vschool@master ~]$ sudo mkfs.xfs /dev/md0

[vschool@master ~]$ sudo mkdir /media/raid1
[vschool@master ~]$ sudo mount /dev/md0 /media/raid1/
[vschool@master ~]$ chmod 777 /media/raid1/
vSchool.id 179
Agar disk RAID ter-mounting secara otomatis pada saat startup system edit
pada file konfigurasi /etc/fstab.
[vschool@master ~]$ sudo vim /etc/fstab
#
# /etc/fstab
# Created by anaconda on Fri Apr 1 01:44:46 2016
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more
info
#
/dev/mapper/rhel-root / xfs defaults 0 0
UUID=5042a81d-da0e-4602-9437-8f3330d5d4f6 /boot xfs
defaults 0 0
/dev/mapper/rhel-swap swap swap defaults 0 0
/dev/md0 /media/raid1 xfx defaults 0 0
vSchool.id 180
Zimbra Mail Server
vSchool.id 181
Lab 1 : Install Zimbra
Tujuan :
● Melakukan instalasi Zimbra Mail Server
Ada beberapa initial setup yang harus dilakukan sebelum melakukan instalasi
Zimbra Mail Server, antara lain :
Konfigurasi /etc/hosts dan /etc/hostname sebagai berikut.
[vschool@master ~]$ sudo vim /etc/hosts

192.168.1.254 mail.vschool.com mail
[vschool@mail ~]$ sudo vim /etc/hostname

mail.vschool.com
Rubah SELINUX dari enforcing ke disabled di file /etc/sysconfig/selinux.
[vschool@mail ~]$ sudo vim /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.

# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes
are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
Stop service MTA sebagai berikut.
[vschool@mail ~]$ sudo systemctl stop postfix

[vschool@mail ~]$ sudo systemctl disable postfix
vSchool.id 182
Install beberapa paket sebagai berikut.
[vschool@master ~]$ sudo yum -y install perl-core unzip libaio nmap-ncat

sysstat openssh-clients
Setelah install lakukan reboot system Linux karena sebelumnya kita

mengganti hostname dan SELINUX.
[vschool@master ~]$ sudo reboot
Setelah selesai proses reboot system sudah siap untuk melakukan instalasi
Zimbra Mail Server.
Download terlebih dahulu paket software Zimbra pada website official Zimbra
Mail Server. Download dan letakkan pada sebuah direktori sebagai contoh
pada direktori /tmp.
[vschool@mail ~]$ cd /tmp/

[vschool@mail tmp]$ ls
systemd-private-04d8553e74494a00a38561b44d343d22-cups.service-BzztKR
systemd-private-04d8553e74494a00a38561b44d343d22-httpd.service-BcYQZa
systemd-private-04d8553e74494a00a38561b44d343d22-named.service-oDCbMi
systemd-private-04d8553e74494a00a38561b44d343d22-nginx.service-iY8rXV
systemd-private-323e9c51dbd74025824350c4b115b284-cups.service-ODYlOf
tracker-extract-files.1000
yum.log
yum_save_tx.2016-04-16.02-28._oI2IY.yumtx
yum_save_tx.2016-04-16.20-42.R_Fjzr.yumtx
yum_save_tx.2016-04-17.03-03.GltQoJ.yumtx
zcs-8.6.0_GA_1153.RHEL7_64.2014121515111.tgz
Ekstract file archive Zimbra.
[vschool@master tmp]$ tar -zxvf zcs-8.6.0_GA_1153.RHEL7_64.2014121515

1110.tgz
[vschool@master tmp]$ cd zcs-8.6.0_GA_1153.RHEL7_64.20141215151110/
[vschool@mail zcs-8.6.0_GA_1153.RHEL7_64.20141215151110]$
vSchool.id 183
Install zimbra.
[vschool@mail zcs-8.6.0_GA_1153.RHEL7_64.20141215151110]
$ sudo ./install.sh
Operations logged to /tmp/install.log.5067

Checking for existing installation...
zimbra-ldap...NOT FOUND
zimbra-logger...NOT FOUND
zimbra-mta...NOT FOUND
zimbra-dnscache...NOT FOUND
zimbra-snmp...NOT FOUND
zimbra-store...NOT FOUND
zimbra-apache...NOT FOUND
zimbra-spell...NOT FOUND
zimbra-convertd...NOT FOUND
zimbra-memcached...NOT FOUND
zimbra-proxy...NOT FOUND
zimbra-archiving...NOT FOUND
zimbra-core...NOT FOUND
PLEASE READ THIS AGREEMENT CAREFULLY BEFORE USING THE SOFTWARE.

ZIMBRA, INC. ("ZIMBRA") WILL ONLY LICENSE THIS SOFTWARE TO YOU IF YOU
FIRST ACCEPT THE TERMS OF THIS AGREEMENT. BY DOWNLOADING OR INSTALLING
THE SOFTWARE, OR USING THE PRODUCT, YOU ARE CONSENTING TO BE BOUND BY
THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS OF THIS
AGREEMENT, THEN DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.
License Terms for the Zimbra Collaboration Suite:

http://www.zimbra.com/license/zimbra-public-eula-2-5.html
Do you agree with the terms of the software license agreement? [N] y
Checking for prerequisites...

FOUND: NPTL
FOUND: nmap-ncat-6.40-7
FOUND: sudo-1.8.6p7-16
FOUND: libidn-1.28-4
FOUND: gmp-6.0.0-11
vSchool.id 184
FOUND: libaio-0.3.109-13
FOUND: libstdc++-4.8.5-4
FOUND: unzip-6.0-15
FOUND: perl-core-5.16.3-286
Checking for suggested prerequisites...

FOUND: perl-5.16.3
FOUND: sysstat
FOUND: sqlite
Prerequisite check complete.
Checking for installable packages
Found zimbra-core
Found zimbra-ldap
Found zimbra-logger
Found zimbra-mta
Found zimbra-dnscache
Found zimbra-snmp
Found zimbra-store
Found zimbra-apache
Found zimbra-spell
Found zimbra-memcached
Found zimbra-proxy
Select the packages to install
Install zimbra-ldap [Y] y
Install zimbra-logger [Y] y
Install zimbra-mta [Y] y
Install zimbra-dnscache [Y] y
Install zimbra-snmp [Y] y
Install zimbra-store [Y] y
Install zimbra-apache [Y] y
Install zimbra-spell [Y] y
vSchool.id 185
Install zimbra-memcached [Y] y
Install zimbra-proxy [Y] y

Checking required space for zimbra-core
Checking space for zimbra-store
Checking required packages for zimbra-store
zimbra-store package check complete.
Installing:
zimbra-core
zimbra-ldap
zimbra-logger
zimbra-mta
zimbra-dnscache
zimbra-snmp
zimbra-store
zimbra-apache
zimbra-spell
zimbra-memcached
zimbra-proxy
The system will be modified. Continue? [N] y
Removing /opt/zimbra
Removing zimbra crontab entry...done.
Cleaning up zimbra init scripts...done.
Cleaning up /etc/ld.so.conf...done.
Cleaning up /etc/security/limits.conf...done.
Finished removing Zimbra Collaboration Server.
Installing packages
zimbra-core......zimbra-core-8.6.0_GA_1153.RHEL7_64-20141215151110.x8
6_64.rpm...done
zimbra-ldap......zimbra-ldap-8.6.0_GA_1153.RHEL7_64-20141215151110.x8
6_64.rpm...done
zimbra-logger......zimbra-logger-8.6.0_GA_1153.RHEL7_64-2014121515111
0.x86_64.rpm...done
zimbra-mta......zimbra-mta-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_
vSchool.id 186
64.rpm...done
zimbra-dnscache......zimbra-dnscache-8.6.0_GA_1153.RHEL7_64-201412151
51110.x86_64.rpm...done
zimbra-snmp......zimbra-snmp-8.6.0_GA_1153.RHEL7_64-20141215151110.x8
6_64.rpm...done
zimbra-store......zimbra-store-8.6.0_GA_1153.RHEL7_64-20141215151110.
x86_64.rpm...done
zimbra-apache......zimbra-apache-8.6.0_GA_1153.RHEL7_64-2014121515111
0.x86_64.rpm...done
zimbra-spell......zimbra-spell-8.6.0_GA_1153.RHEL7_64-20141215151110.
x86_64.rpm...done
zimbra-memcached......zimbra-memcached-8.6.0_GA_1153.RHEL7_64-2014121
5151110.x86_64.rpm...done
zimbra-proxy......zimbra-proxy-8.6.0_GA_1153.RHEL7_64-20141215151110.
x86_64.rpm...done
Operations logged to /tmp/zmsetup04212016-220939.log
Installing LDAP configuration database...done.
Setting defaults...
DNS ERROR resolving MX for mail.vschool.com

It is suggested that the domain name have an MX record configured in DNS
Change domain name? [Yes] yes
Create domain: [mail.vschool.com] vschool.com
MX: mail.vschool.com (192.168.1.252)
Interface: 127.0.0.1
Interface: ::1
Interface: 192.168.1.252
Interface: 10.0.2.11
Interface: 192.168.122.1
done.
Checking for port conflicts
Port conflict detected: 53 (zimbra-dnscache)
Port conflicts detected! - Press Enter/Return key to continue
Main menu
vSchool.id 187
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-logger: Enabled
4) zimbra-mta: Enabled
5) zimbra-dnscache: Enabled
6) zimbra-snmp: Enabled
7) zimbra-store: Enabled
+Create Admin User: yes
+Admin user to create: admin@vschool.com
******* +Admin Password UNSET
+Anti-virus quarantine user:
virus-quarantine.t5k0lyzn@vschool.com
+Enable automated spam training: yes
+Spam training user: spam.4rs8aj4b@vschool.com
+Non-spam(Ham) training user: ham.kdytx5zk@vschool.com
+SMTP host: mail.vschool.com
+Web server HTTP port: 8080
+Web server HTTPS port: 8443
+Web server mode: https
+IMAP server port: 7143
+IMAP server SSL port: 7993
+POP server port: 7110
+POP server SSL port: 7995
+Use spell check server: yes
+Spell server URL:
http://mail.vschool.com:7780/aspell.php
+Enable version update checks: TRUE
+Enable version update notifications: TRUE
+Version update notification email: admin@vschool.com
+Version update source email: admin@vschool.com
+Install mailstore (service webapp): yes
+Install UI (zimbra,zimbraAdmin webapps): yes
8) zimbra-spell: Enabled
9) zimbra-proxy: Enabled
10) Default Class of Service Configuration:
s) Save config to file
x) Expand menu
q) Quit
Address unconfigured (**) items (? - help) 7
Store configuration
vSchool.id 188
1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: admin@vschool.com
** 4) Admin Password UNSET
5) Anti-virus quarantine user:
6) Enable automated spam training: yes
7) Spam training user: spam.4rs8aj4b@vschool.com
8) Non-spam(Ham) training user: ham.kdytx5zk@vschool.com
9) SMTP host: mail.vschool.com
10) Web server HTTP port: 8080
11) Web server HTTPS port: 8443
12) Web server mode: https
13) IMAP server port: 7143
14) IMAP server SSL port: 7993
15) POP server port: 7110
16) POP server SSL port: 7995
17) Use spell check server: yes
18) Spell server URL:
19) Enable version update checks: TRUE
20) Enable version update notifications: TRUE
21) Version update notification email: admin@vschool.com
22) Version update source email: admin@vschool.com
23) Install mailstore (service webapp): yes
24) Install UI (zimbra,zimbraAdmin webapps): yes
Select, or 'r' for previous menu [r] 4
Password for admin@vschool.com (min 6 characters): [gUzPFCRTsq]

Idnmantab123
Store configuration
1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: admin@vschool.com
4) Admin Password set
5) Anti-virus quarantine user:
6) Enable automated spam training: yes
7) Spam training user: spam.4rs8aj4b@vschool.com
8) Non-spam(Ham) training user: ham.kdytx5zk@vschool.com
vSchool.id 189
9) SMTP host: mail.vschool.com
10) Web server HTTP port: 8080
11) Web server HTTPS port: 8443
12) Web server mode: https
13) IMAP server port: 7143
14) IMAP server SSL port: 7993
15) POP server port: 7110
16) POP server SSL port: 7995
17) Use spell check server: yes
18) Spell server URL:
19) Enable version update checks: TRUE
20) Enable version update notifications: TRUE
21) Version update notification email: admin@vschool.com
22) Version update source email: admin@vschool.com
23) Install mailstore (service webapp): yes
24) Install UI (zimbra,zimbraAdmin webapps): yes
Select, or 'r' for previous menu [r] r
Main menu
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-logger: Enabled
4) zimbra-mta: Enabled
5) zimbra-dnscache: Enabled
6) zimbra-snmp: Enabled
7) zimbra-store: Enabled
8) zimbra-spell: Enabled
9) zimbra-proxy: Enabled
10) Default Class of Service Configuration:
s) Save config to file
x) Expand menu
q) Quit
*** CONFIGURATION COMPLETE - press 'a' to apply

Select from menu, or press 'a' to apply config (? - help) a
Save configuration data to a file? [Yes] yes
Save config in file: [/opt/zimbra/config.15428]
Saving config in /opt/zimbra/config.15428...done.
The system will be modified - continue? [No] yes
Operations logged to /tmp/zmsetup04212016-220939.log
Setting local config values...done.
vSchool.id 190
Initializing core config...Setting up CA...done.
Deploying CA to /opt/zimbra/conf/ca ...done.
Creating SSL zimbra-store certificate...done.
Creating new zimbra-ldap SSL certificate...done.
Creating new zimbra-mta SSL certificate...done.
Creating new zimbra-proxy SSL certificate...done.
Installing mailboxd SSL certificates...done.
Installing MTA SSL certificates...done.
Installing LDAP SSL certificate...done.
Installing Proxy SSL certificate...done.
Initializing ldap...done.
Setting replication password...done.
Setting Postfix password...done.
Setting amavis password...done.
Setting nginx password...done.
Setting BES searcher password...done.
Creating server entry for mail.vschool.com...done.
Setting Zimbra IP Mode...done.
Saving CA in ldap ...done.
Saving SSL Certificate in ldap ...done.
Setting spell check URL...done.
Setting service ports on mail.vschool.com...done.
Setting zimbraFeatureTasksEnabled=TRUE...done.
Setting zimbraFeatureBriefcasesEnabled=TRUE...done.
Setting Master DNS IP address(es)...done.
Setting DNS cache tcp lookup preference...done.
Setting DNS cache udp lookup preference...done.
Setting DNS tcp upstream preference...done.
Setting TimeZone Preference...done.
Initializing mta config...done.
Setting services on mail.vschool.com...done.
Adding mail.vschool.com to zimbraMailHostPool in default COS...done.
Creating domain vschool.com...done.
Setting default domain name...done.
Creating domain vschool.com...already exists.
Creating admin account admin@vschool.com...done.
Creating root alias...done.
Creating postmaster alias...done.
Creating user spam.4rs8aj4b@vschool.com...done.
Creating user ham.kdytx5zk@vschool.com...done.
Creating user virus-quarantine.t5k0lyzn@vschool.com...done.
Setting spam training and Anti-virus quarantine accounts...done.
Initializing store sql database...done.
Setting zimbraSmtpHostname for mail.vschool.com...done.
vSchool.id 191
Configuring SNMP...done.
Setting up syslog.conf...done.
Starting servers...done.
Installing common zimlets...
com_zimbra_adminversioncheck...done.
com_zimbra_attachcontacts...done.
com_zimbra_attachmail...
com_zimbra_attachmail...done.
com_zimbra_bulkprovision...done.
com_zimbra_cert_manager...done.
com_zimbra_clientuploader...done.
com_zimbra_date...done.
com_zimbra_email...done.
com_zimbra_mailarchive...done.
com_zimbra_phone...done.
com_zimbra_proxy_config...done.
com_zimbra_srchhighlighter...done.
com_zimbra_tooltip...done.
com_zimbra_url...done.
com_zimbra_viewmail...done.
com_zimbra_webex...done.
com_zimbra_ymemoticons...done.
Finished installing common zimlets.
Restarting mailboxd...done.
Creating galsync account for default domain...done.
You have the option of notifying Zimbra of your installation.

This helps us to track the uptake of Zimbra Collaboration Server.
The only information that will be transmitted is:
The VERSION of zcs installed (8.6.0_GA1153_RHEL7_64)
The ADMIN EMAIL ADDRESS created (admin@vschool.com)
Notify Zimbra of your installation? [Yes] no

Notification skipped
Setting up zimbra crontab...done.
Moving /tm/zmsetup04242015-212139.log to /opt/zimbra/log
Configuration complete - press return to exit
vSchool.id 192
Permit port service pada firewall yang terkait dengan aplikasi Zimbra, seperti
berikut.
[vschool@mail ~]$ sudo firewall-cmd --add-port=7143/tcp --permanent

success
success
success
success
success
success
success
success
[vschool@mail ~]$ sudo firewall-cmd --reload
success
vSchool.id 193
Lab 2 : Configure and Manage Zimbra
Tujuan :
● Membuat account user Zimbra Mail Server
● Melakukan pengetesan kirim email
Setelah instalasi Zimbra Mail Server berhasil maka kita bisa membuka Zimbra
Web Admin sebagai berikut. https://mail.vschool.com:7071/zimbraAdmin
Setelah masuk sebagai admin kita bisa membuat account pengguna email
pada menu Home > Manage > Accounts.
vSchool.id 194
Klik option > New
Isikan informasi account yang akan dibuat seperti username dan password.
Setelah buat beberapa account kemudian untuk login sebagai pengguna email
adalah dengan masuk ke alamat https://mail.vschool.com:8443, isikan
username dan password pengguna email.
vSchool.id 195
Apabila baru pertama login pengguna email diminta untuk mengubah
password default-nya.
vSchool.id 196
Berikut tampilan inbox dari user email.
Berikut contoh pengiriman email dari user siti ke user budi.
vSchool.id 197
Berikut contoh penerimaan email user budi dari user siti.
vSchool.id 198

RHEL

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

RHEL

Transféré par

Droits d'auteur :

Formats disponibles

Daftar Isi

Lab 1 : Register account......................................................................................................... 4

Lab 1 : Setting IP Address.................................................................................................... 18

Lab 1 : Registering Subscription......................................................................................... 22

Lab 1 : Checking Update System........................................................................................31

Lab 1 : Install Apache (httpd)............................................................................................... 47

Lab 1 : Install paket Nginx.................................................................................................... 78

DNS (Domain Name Server) Server............................................................................................95

Lab 1 : Install BIND................................................................................................................ 96

Lab 1 : Install MariaDB........................................................................................................117

Lab 1 : Install Samba.......................................................................................................... 145

Lab 1 : Install Paket Squid..................................................................................................156

Zimbra Mail Server....................................................................................................................... 181

Lab 1 : Install Zimbra...........................................................................................................182

Lab 1 : Konfigurasi Raid 1..................................................................................................176

Red hat menyediakan free trial subscription selama 30 hari, setelah

Klik Request An Evaluation.

Berikut beberapa langkah deployment sistem Linux Red Hat. Download

Pilih menu Software Selection untuk menentukan paket instalasi, ada

● Minimal install ● Basic web server

● Infrastruktur server ● Virtualization host

● File and print server ● Server with GUI

Selanjutnya konfigurasi partisi, bila ingin mengikuti pengaturan default

Selanjutnya menambahkan satu user, bila user tersebut sebagai administrator

● Konfigurasi IP static pada server

● Konfigurasi IP dynamic pada server

Mulai dari rilis 7 Red Hat menggunakan penamaan “predictable network

Penamaan tersebut memiliki 2 karakter awal yang menunjukkan jenis interface,

● wl, untuk wireless LAN

● ww, untuk wireless wide area network

Kemudian beberapa attribute-nya, antara lain :

● p, untuk nomor periperal

● s, untuk nomor slot

[vschool@localhost ~]$ vim /etc/sysconfig/network-scripts/ifcfg-enp0s3

Bila konfigurasi IP menggunakan DHCP tulis script sebagai berikut.

[vschool@localhost ~]$ systemctl restart network

Subscription merupakan mekanisme dari Red Hat untuk mengatur inventori

Gunakan perintah berikut untuk melakukan register sistem.

[root@master ~]# subscription-manager register

Untuk menampilkan subscription yang tersedia pada sistem kita gunakan

[root@master ~]# subscription-manager list --available

Subscription Name: 30 Day Red Hat Enterprise Linux Server Self-Supported

Untuk menggunakan subscription yang tersedia adalah dengan memasukan

[root@master ~]# subscription-manager attach --pool=[pool_ id]

[root@master ~]# subscription-manager attach --pool=8a85f98153b99a5b0

Bila ingin attach subscription secara otomatis gunakan perintah berikut.

[root@master ~]# subscription-manager attach --auto

Untuk verifikasi subscription yang digunakan adalah sebagai berikut.

[root@master ~]# subscription-manager list --consumed

Ketika sistem sudah ter-subscribe kemudian kita bisa mengatur repository

[vschool@master ~]$ sudo yum repolist

[root@master ~]# subscription-manager repos --list

Repo ID: rhel-7-server-rhn-tools-beta-debug-rpms

Repo ID: rhel-7-server-rhn-tools-debug-rpms

Repo ID: rhel-7-server-supplementary-beta-source-rpms

Repo ID: rhel-7-server-beta-source-rpms

Repo ID: rhel-7-server-extras-source-rpms

Repo ID: rh-gluster-3-client-for-rhel-7-server-rpms

[root@master ~]# subscription-manager repos --enable [repo_ID]

[root@master ~]# subscription-manager repos --enable rhel-7-server-

Untuk menon-aktifkan repositori menggunakan perintah berikut.

[root@master ~]# subscription-manager repos --disable [repo_ID]

Untuk menghapus subscription gunakan langkah-langkah sebagai berikut.

[root@master ~]# subscription-manager list --consumed