Académique Documents
Professionnel Documents
Culture Documents
Daftar Isi..............................................................................................................................................1
Registration........................................................................................................................................ 3
Network Setting..............................................................................................................................14
Subscription..................................................................................................................................... 21
Yum................................................................................................................................................... 30
Apache (httpd).................................................................................................................................46
Nginx................................................................................................................................................ 77
vSchool.id 1
Lab 3 : BIND Forwarder......................................................................................................103
Lab 4 : BIND CNAME (Canonical Name)........................................................................107
Lab 5 : Slave DNS Server.................................................................................................. 109
MariaDB.......................................................................................................................................... 116
SAMBA........................................................................................................................................... 144
PROXY............................................................................................................................................155
Storage.......................................................................................................................................... 175
vSchool.id 2
Registration
vSchool.id 3
Lab 1 : Register account
● Register account Red Hat
Agar sistem operasi Red Hat dapat berfungsi kita harus punya sebuah
suscription. Untuk mendapatkan subscription tersebut kita harus memebelinya
ke Red Hat authorized partner, namun demikian tersedia juga subscription
berupa evaluation (trial) selama 30 hari. Untuk mendapatkannya kita harus
membuat account di official Red Hat (http://www.redhat.com).
Berikut beberapa langkah untuk melakukan pembuatan account di website
Red Hat.
Buka website official Red Hat di http://www.redhat.com, klik icon user
kemudian klik Register.
Isi form sesuai data diri, sebagai catatan untuk mendapatkan subscription
evaluation kita harus menggunakan email bisnis bukan email pribadi seperti
(gmail, yahoo, dll).
vSchool.id 4
vSchool.id 5
vSchool.id 6
Lab 2 : Subscription Evaluation
● Request subscription evaluation
Buka website redhat dan login, kemudian klik ke menu Products &
Services > Red Hat Enterprise Linux.
vSchool.id 7
Klik Continue di Red Hat Enterprise Linux.
vSchool.id 8
Yang terakhir klik Agree And Started.
vSchool.id 9
Installation
vSchool.id 10
Lab 1 : Install Red Hat
● Melakukan instalasi Red Hat
Bila install pada server fisik burning file ISO tersebut ke sebuah DVD. Atau
gunakan langsung file ISO bila install diatas Virtual Machine (VM)
vSchool.id 11
Pilih bahasa selama proses instalasi. Default English (US).
vSchool.id 12
Pilih paket instalasi, default Minimal install, bila ingin tampilan server dengan
GUI pilih paket Server with GUI.
vSchool.id 13
Selanjutnya wajib kita masukkan password untuk root.
vSchool.id 14
Tunggu proses instalasinya sampai selesai.
Setelah selesai, masuk menu License Agreement dan beri centang pada I
accept the license agreement.
vSchool.id 15
Selanjutnya klik Finish configuration.
vSchool.id 16
Network Setting
vSchool.id 17
Lab 1 : Setting IP Address
Tujuan :
vSchool.id 18
Berikut konfigurasi IP dengan mengedit file konfigurasi
/etc/sysconfig/network-script/ifcfg-*.
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=enp0s3
IPADDR=172.20.10.10
NETMASK=255.255.255.0
GATEWAY=172.20.10.1
DNS1=8.8.8.8
UUID=25ce1a79-3872-44f4-9faf-bfe68d269058
DEVICE=enp0s3
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=dhcp
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=enp0s3
UUID=25ce1a79-3872-44f4-9faf-bfe68d269058
DEVICE=enp0s3
ONBOOT=yes
vSchool.id 19
Restart service network agar konfigurasi IP tereksekusi.
vSchool.id 20
Subscription
vSchool.id 21
Lab 1 : Registering Subscription
Tujuan :
● Register subscription
vSchool.id 22
Subscription Type: Instance Based
Ends: 04/25/2016
System Type: Physical
Contoh :
vSchool.id 23
Service Type: L1-L3
Status Details: Subscription is current
Subscription Type: Instance Based
Starts: 03/27/2016
Ends: 04/25/2016
System Type: Physical
vSchool.id 24
Lab 2 : Manage Repository
Tujuan :
● Mengatur repository
Untuk melihat semua daftar repositori yang tersedia pada sistem subscription
Red Hat adalah sebagai berikut.
vSchool.id 25
Repo ID: rhel-7-server-v2vwin-1-debug-rpms
Repo Name: Red Hat Virt V2V Tool for RHEL 7 (Debug RPMs)
Repo URL:
https://cdn.redhat.com/content/dist/rhel/server/7/$releasever/$basear
ch/v2vwin/debug
Enabled: 0
vSchool.id 26
Repo ID: rhel-7-server-rpms
Repo Name: Red Hat Enterprise Linux 7 Server (RPMs)
Repo URL:
https://cdn.redhat.com/content/dist/rhel/server/7/$releasever/$basear
ch/os
Enabled: 1
Dari semua list repositori ada yang aktif dengan nilai Enabled = 1 dan disable
dengan nilai Enabled = 0. Untuk mengaktifkan repositori gunakan perintah
berikut.
Contoh :
vSchool.id 27
Lab 3 : Remove Subscription
Tujuan :
● Menghapus subscription
vSchool.id 28
Bila sudah mengetahui serial number dari subscription yang digunakan hapus
dengan perintah berikut.
vSchool.id 29
Yum
vSchool.id 30
Lab 1 : Checking Update System
Tujuan :
RPM (Red Hat Package Manager) merupakan tools yang berfungsi untuk
memperoleh informasi mengenai ketersediaan paket dari repositori, install dan
uninstall serta update sistem,
Untuk melihat paket apabila sudah tersedia update gunakan perintah dibawah
ini.
vSchool.id 31
pytalloc.x86_64 2.1.5-1.el7_2 rhel-7-server-rpms
samba-client-libs.x86_64 4.2.10-6.el7_2 rhel-7-server-rpms
samba-common.noarch 4.2.10-6.el7_2 rhel-7-server-rpms
samba-common-libs.x86_64 4.2.10-6.el7_2 rhel-7-server-rpms
samba-common-tools.x86_64 4.2.10-6.el7_2 rhel-7-server-rpms
samba-libs.x86_64 4.2.10-6.el7_2 rhel-7-server-rpms
vSchool.id 32
Lab 2 : Update System
Tujuan :
Kita dapat melakukan update pada semua paket yang sudah tersedia atau
bisa juga update per-single paket. Dan jika terdapat dependensi dari satu
paket maka akan ikut ter-update juga.
Untuk melakukan update pada satu paket gunakan perintah berikut.
vSchool.id 33
samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency:
libsamdb-common-samba4.so(SAMBA_4.2.10)(64bit) for package:
samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency:
libsamba3-util-samba4.so(SAMBA_4.2.10)(64bit) for package:
samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency:
libsamba-sockets-samba4.so(SAMBA_4.2.10)(64bit) for package:
samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency:
libsamba-security-samba4.so(SAMBA_4.2.10)(64bit) for package:
samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency:
libsamba-modules-samba4.so(SAMBA_4.2.10)(64bit) for package:
samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency:
libsamba-debug-samba4.so(SAMBA_4.2.10)(64bit) for package:
samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: libreplace-samba4.so(SAMBA_4.2.10)(64bit)
for package: samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: libndr-samba4.so(SAMBA_4.2.10)(64bit) for
package: samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: libndr-samba-samba4.so(SAMBA_4.2.10)(64bit)
for package: samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: libldbsamba-samba4.so(SAMBA_4.2.10)(64bit)
for package: samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: libevents-samba4.so(SAMBA_4.2.10)(64bit) for
package: samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: liberrors-samba4.so(SAMBA_4.2.10)(64bit) for
package: samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency:
libdcerpc-samba-samba4.so(SAMBA_4.2.10)(64bit) for package:
samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: libdbwrap-samba4.so(SAMBA_4.2.10)(64bit) for
package: samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: libcliauth-samba4.so(SAMBA_4.2.10)(64bit)
for package: samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: libcli-ldap-samba4.so(SAMBA_4.2.10)(64bit)
for package: samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency:
libcli-ldap-common-samba4.so(SAMBA_4.2.10)(64bit) for package:
samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: libcli-cldap-samba4.so(SAMBA_4.2.10)(64bit)
vSchool.id 34
for package: samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: libauthkrb5-samba4.so(SAMBA_4.2.10)(64bit)
for package: samba-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency:
libauth-sam-reply-samba4.so(SAMBA_4.2.10)(64bit) for package:
samba-libs-4.2.10-6.el7_2.x86_64
--> Running transaction check
---> Package libwbclient.x86_64 0:4.2.3-12.el7_2 will be updated
--> Processing Dependency: libwbclient = 4.2.3-12.el7_2 for package:
samba-common-libs-4.2.3-12.el7_2.x86_64
---> Package libwbclient.x86_64 0:4.2.10-6.el7_2 will be an update
---> Package samba-client-libs.x86_64 0:4.2.3-12.el7_2 will be updated
--> Processing Dependency: samba-client-libs = 4.2.3-12.el7_2 for package:
libsmbclient-4.2.3-12.el7_2.x86_64
--> Processing Dependency:
libcli-smb-common-samba4.so(SAMBA_4.2.3)(64bit) for package:
libsmbclient-4.2.3-12.el7_2.x86_64
--> Processing Dependency:
libdcerpc-samba-samba4.so(SAMBA_4.2.3)(64bit) for package:
libsmbclient-4.2.3-12.el7_2.x86_64
--> Processing Dependency: liberrors-samba4.so(SAMBA_4.2.3)(64bit) for
package: libsmbclient-4.2.3-12.el7_2.x86_64
--> Processing Dependency: libgse-samba4.so(SAMBA_4.2.3)(64bit) for
package: libsmbclient-4.2.3-12.el7_2.x86_64
--> Processing Dependency: liblibcli-lsa3-samba4.so(SAMBA_4.2.3)(64bit)
for package: libsmbclient-4.2.3-12.el7_2.x86_64
--> Processing Dependency: liblibsmb-samba4.so(SAMBA_4.2.3)(64bit) for
package: libsmbclient-4.2.3-12.el7_2.x86_64
--> Processing Dependency: libmsrpc3-samba4.so(SAMBA_4.2.3)(64bit) for
package: libsmbclient-4.2.3-12.el7_2.x86_64
--> Processing Dependency: libreplace-samba4.so(SAMBA_4.2.3)(64bit) for
package: libsmbclient-4.2.3-12.el7_2.x86_64
--> Processing Dependency: libsamba-debug-samba4.so(SAMBA_4.2.3)(64bit)
for package: libsmbclient-4.2.3-12.el7_2.x86_64
--> Processing Dependency:
libsamba-security-samba4.so(SAMBA_4.2.3)(64bit) for package:
libsmbclient-4.2.3-12.el7_2.x86_64
--> Processing Dependency: libsecrets3-samba4.so(SAMBA_4.2.3)(64bit)
for package: libsmbclient-4.2.3-12.el7_2.x86_64
--> Processing Dependency: libsmbregistry-samba4.so(SAMBA_4.2.3)(64bit)
for package: libsmbclient-4.2.3-12.el7_2.x86_64
--> Processing Dependency:
libutil-cmdline-samba4.so(SAMBA_4.2.3)(64bit) for package:
libsmbclient-4.2.3-12.el7_2.x86_64
vSchool.id 35
---> Package samba-client-libs.x86_64 0:4.2.10-6.el7_2 will be an update
--> Processing Dependency: samba-common = 4.2.10-6.el7_2 for package:
samba-client-libs-4.2.10-6.el7_2.x86_64
--> Processing Dependency: samba-common = 4.2.10-6.el7_2 for package:
samba-client-libs-4.2.10-6.el7_2.x86_64
---> Package samba-common-tools.x86_64 0:4.2.3-12.el7_2 will be updated
---> Package samba-common-tools.x86_64 0:4.2.10-6.el7_2 will be an update
--> Running transaction check
---> Package libsmbclient.x86_64 0:4.2.3-12.el7_2 will be updated
---> Package libsmbclient.x86_64 0:4.2.10-6.el7_2 will be an update
---> Package samba-common.noarch 0:4.2.3-12.el7_2 will be updated
---> Package samba-common.noarch 0:4.2.10-6.el7_2 will be an update
---> Package samba-common-libs.x86_64 0:4.2.3-12.el7_2 will be updated
---> Package samba-common-libs.x86_64 0:4.2.10-6.el7_2 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
=====================================================================
Package Arch Version Repository Size
=====================================================================
Updating:
samba-libs x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 260 k
Updating for dependencies:
Libsmbclient x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 119 k
libwbclient x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 96 k
samba-client-libs x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 4.3 M
samba-common noarch 4.2.10-6.el7_2 rhel-7-server-rpms 272 k
samba-common-libs x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 157 k
samba-common-tools x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 444 k
Transaction Summary
=====================================================================
Upgrade 1 Package (+6 Dependent packages)
vSchool.id 36
Apabila kita akan melakukan update seluruh sistem linux gunakan perintah
berikut.
Dependencies Resolved
=====================================================================
Package Arch Version Repository Size
=====================================================================
Updating:
libldb x86_64 1.1.25-1.el7_2 rhel-7-server-rpms 125 k
Libsmbclient x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 119 k
libtalloc x86_64 2.1.5-1.el7_2 rhel-7-server-rpms 34 k
vSchool.id 37
libtdb x86_64 1.3.8-1.el7_2 rhel-7-server-rpms 45 k
libtevent x86_64 0.9.26-1.el7_2 rhel-7-server-rpms 33 k
libwbclient x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 96 k
pytalloc x86_64 2.1.5-1.el7_2 rhel-7-server-rpms 14 k
samba-client-libs x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 4.3 M
samba-common noarch 4.2.10-6.el7_2 rhel-7-server-rpms 272 k
samba-common-libs x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 157 k
samba-common-tools x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 444 k
samba-libs x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 260 k
Transaction Summary
=====================================================================
Upgrade 12 Packages
vSchool.id 38
---> Package samba-common.noarch 0:4.2.10-6.el7_2 will be an update
---> Package samba-common-libs.x86_64 0:4.2.3-12.el7_2 will be updated
---> Package samba-common-libs.x86_64 0:4.2.10-6.el7_2 will be an update
---> Package samba-common-tools.x86_64 0:4.2.3-12.el7_2 will be updated
---> Package samba-common-tools.x86_64 0:4.2.10-6.el7_2 will be an update
---> Package samba-libs.x86_64 0:4.2.3-12.el7_2 will be updated
---> Package samba-libs.x86_64 0:4.2.10-6.el7_2 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
=====================================================================
Package Arch Version Repository Size
=====================================================================
Updating:
libldb x86_64 1.1.25-1.el7_2 rhel-7-server-rpms 125 k
Libsmbclient x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 119 k
libtalloc x86_64 2.1.5-1.el7_2 rhel-7-server-rpms 34 k
libtdb x86_64 1.3.8-1.el7_2 rhel-7-server-rpms 45 k
libtevent x86_64 0.9.26-1.el7_2 rhel-7-server-rpms 33 k
libwbclient x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 96 k
pytalloc x86_64 2.1.5-1.el7_2 rhel-7-server-rpms 14 k
samba-client-libs x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 4.3 M
samba-common noarch 4.2.10-6.el7_2 rhel-7-server-rpms 272 k
samba-common-libs x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 157 k
samba-common-tools x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 444 k
samba-libs x86_64 4.2.10-6.el7_2 rhel-7-server-rpms 260 k
Transaction Summary
=====================================================================
Upgrade 12 Packages
vSchool.id 39
Lab 3 : Update System Off-line
Tujuan :
Pertama, buat sebuah direktori sebagai tempat mounting file ISO redhat.
Mount ISO image ke direktori yang baru saja dibuat sebagai berikut.
Note : /tmp/ merupakan direktori dimana file ISO berada, mungkin kita
meletakkan pada direktori yang lain. Kemudian opsi -o loop digunakan agar
file dimounting sebagai block device.
vSchool.id 40
[vschool@master ~]$ sudo vim /etc/yum.repos.d/offline.repo
[InstallMedia]
name=Red Hat Enterprise Linux 7.2
mediaid=1446216863.790260
metadata_expire=-1
gpgcheck=0
cost=500
baseurl=file:///media/rhel/
vSchool.id 41
Lab 4 : Management Paket
Tujuan :
● Install paket
● Download paket
● Remove paket
Contoh :
vSchool.id 42
Untuk melihat paket yang terinstall dan available pada sistem Linux kita
gunakan perintah berikut.
Untuk melihat paket yang terinstall sesuai yang ingin kita cari gunakan
perintah seperti contoh berikut.
Contoh :
vSchool.id 43
URL : http://www.samba.org/
License : GPLv3+ and LGPLv3+
Description : Samba is the standard Windows interoperability suite of
programs
: for Linux and Unix.
Contoh :
Dependencies Resolved
=====================================================================
Package Arch Version Repository Size
=====================================================================
Installing:
haproxy x86_64 1.5.14-3.el7 InstallMedia 833 k
Transaction Summary
=====================================================================
Install 1 Package
vSchool.id 44
Selanjutnya bila kita hanya akan download paket software tanpa
menginstallnya gunakan peritntah berikut.
Dependencies Resolved
=====================================================================
Package Arch Version Repository Size
=====================================================================
Installing:
haproxy x86_64 1.5.14-3.el7 InstallMedia 833 k
Transaction Summary
=====================================================================
Install 1 Package
vSchool.id 45
Apache (httpd)
vSchool.id 46
Lab 1 : Install Apache (httpd)
Tujuan :
vSchool.id 47
--> Finished Dependency Resolution
Dependencies Resolved
=====================================================================
Package Arch Version Repository Size
=====================================================================
Installing:
httpd x86_64 2.4.6-40.el7.centos base 2.7 M
Installing for dependencies:
apr x86_64 1.4.8-3.el7 base 103 k
apr-util x86_64 1.5.2-6.el7 base 92 k
httpd-tools x86_64 2.4.6-40.el7.centos base 82 k
mailcap noarch 2.1.41-2.el7 base 31 k
Transaction Summary
=====================================================================
Install 1 Package (+4 Dependent packages)
vSchool.id 48
Installed:
httpd.x86_64 0:2.4.6-40.el7.centos
Dependency Installed:
apr.x86_64 0:1.4.8-3.el7 apr-util.x86_64
0:1.5.2-6.el7
httpd-tools.x86_64 0:2.4.6-40.el7.centos mailcap.noarch
0:2.1.41-2.el7
Complete!
vSchool.id 49
Lab 2 : Konfigurasi Apache
Tujuan :
vSchool.id 50
# interpreted as '/log/access_log'.
#
# ServerRoot: The top of the directory tree under which the server's
# configuration, error, and log files are kept.
#
# Do not add a slash at the end of the directory path. If you point
# ServerRoot at a non-local disk, be sure to specify a local disk on the
# Mutex directive, if file-based mutexes are used. If you wish to share
the
# same ServerRoot for multiple httpd daemons, you will need to change at
# least PidFile.
#
ServerRoot "/etc/httpd"
#
# Listen: Allows you to bind Apache to specific IP addresses and/or
# ports, instead of the default. See also the <VirtualHost>
# directive.
#
# Change this to Listen on specific IP addresses as shown below to
# prevent Apache from glomming onto all bound IP addresses.
#
#Listen 12.34.56.78:80
Listen 80 Default port http adalah 80, kita bisa mengubah
ke port yang lainnya
#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a
DSO you
# have to place corresponding `LoadModule' lines at this location so the
# directives contained in it are actually available _before_ they are used.
# Statically compiled modules (those listed by `httpd -l') do not need
# to be loaded here.
#
# Example:
# LoadModule foo_module modules/mod_foo.so
#
Include conf.modules.d/*.conf
#
# If you wish httpd to run as a different user or group, you must run
# httpd as root initially and it will switch.
vSchool.id 51
#
# User/Group: The name (or #number) of the user/group to run httpd as.
# It is usually good practice to create a dedicated user and group for
# running httpd, as with most system services.
#
User apache
Group apache
#
# ServerAdmin: Your address, where problems with the server should be
# e-mailed. This address appears on some server-generated pages, such
# as error documents. e.g. admin@your-domain.com
#
ServerAdmin info@vschool.com
Diisi dengan alamat email dari admin web server
#
# ServerName gives the name and port that the server uses to identify
itself.
# This can often be determined automatically, but we recommend you specify
# it explicitly to prevent problems during startup.
#
# If your host doesn't have a registered DNS name, enter its IP address
here.
#
ServerName www.vschool.com:80
Alamat domain web server
#
# Deny access to the entirety of your server's filesystem. You must
# explicitly permit access to web content directories in other
# <Directory> blocks below.
#
<Directory />
vSchool.id 52
AllowOverride none
Require all denied
</Directory>
#
# Note that from this point forward you must specifically allow
# particular features to be enabled - so if something's not working as
# you might expect, make sure that you have specifically enabled it
# below.
#
#
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/var/www/html"
Direcotry utama untuk menampung
source code web
#
# Relax access to content within /var/www.
#
<Directory "/var/www">
AllowOverride None
# Allow open access:
Require all granted
</Directory>
vSchool.id 53
#
# AllowOverride controls what directives may be placed in .htaccess
files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
#
# Controls who can get stuff from this server.
#
Require all granted
</Directory>
#
# DirectoryIndex: sets the file that Apache will serve if a directory
# is requested.
#
<IfModule dir_module>
DirectoryIndex index.html index.cgi index.php
</IfModule>
Set file index pada web yang
# dieksekusi oleh web server
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ".ht*">
Require all denied
</Files>
#
# ErrorLog: The location of the error log file.
# If you do not specify an ErrorLog directive within a <VirtualHost>
# container, error messages relating to that virtual host will be
# logged here. If you *do* define an error logfile for a <VirtualHost>
# container, that host's errors will be logged there and not here.
#
ErrorLog "logs/error_log"
#
# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
vSchool.id 54
LogLevel warn
<IfModule log_config_module>
#
# The following directives define some format nicknames for use with
# a CustomLog directive (see below).
#
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\"" combined
LogFormat "%h %l %u %t \"%r\" %>s %b" common
<IfModule logio_module>
# You need to enable mod_logio.c to use %I and %O
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\" %I %O" combinedio
</IfModule>
#
# The location and format of the access logfile (Common Logfile Format).
# If you do not define any access logfiles within a <VirtualHost>
# container, they will be logged here. Contrariwise, if you *do*
# define per-<VirtualHost> access logfiles, transactions will be
# logged therein and *not* in this file.
#
#CustomLog "logs/access_log" common
#
# If you prefer a logfile with access, agent, and referer information
# (Combined Logfile Format) you can use the following directive.
#
CustomLog "logs/access_log" combined
</IfModule>
<IfModule alias_module>
#
# Redirect: Allows you to tell clients about documents that used to
# exist in your server's namespace, but do not anymore. The client
# will make a new request for the document at its new location.
# Example:
# Redirect permanent /foo http://www.example.com/bar
#
# Alias: Maps web paths into filesystem paths and is used to
# access content that does not live under the DocumentRoot.
vSchool.id 55
# Example:
# Alias /webpath /full/filesystem/path
#
# If you include a trailing / on /webpath then the server will
# require it to be present in the URL. You will also likely
# need to provide a <Directory> section to allow access to
# the filesystem path.
#
# ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the target directory are treated as applications and
# run by the server when requested rather than as documents sent to
the
# client. The same rules about trailing "/" apply to ScriptAlias
# directives as to Alias.
#
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
</IfModule>
#
# "/var/www/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory "/var/www/cgi-bin">
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
#
# TypesConfig points to the file containing the list of mappings from
# filename extension to MIME-type.
#
TypesConfig /etc/mime.types
#
# AddType allows you to add to or override the MIME configuration
# file specified in TypesConfig for specific file types.
#
#AddType application/x-gzip .tgz
#
vSchool.id 56
# AddEncoding allows you to have certain browsers uncompress
# information on the fly. Note: Not all browsers support this.
#
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
#
# If the AddEncoding directives above are commented-out, then you
# probably should define those extensions to indicate media types:
#
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
#
# AddHandler allows you to map certain file extensions to "handlers":
# actions unrelated to filetype. These can be either built into the
#server
# or added with the Action directive (see below)
#
# To use CGI scripts outside of ScriptAliased directories:
# (You will also need to add "ExecCGI" to the "Options" directive.)
#
#AddHandler cgi-script .cgi
#
# Specify a default charset for all content served; this enables
# interpretation of all content as UTF-8 by default. To use the
# default browser choice (ISO-8859-1), or to allow the META tags
# in HTML content to override this choice, comment out this
# directive:
#
AddDefaultCharset UTF-8
vSchool.id 57
<IfModule mime_magic_module>
#
# The mod_mime_magic module allows the server to use various hints
from the
# contents of the file itself to determine its type. The MIMEMagicFile
# directive tells the module where the hint definitions are located.
#
MIMEMagicFile conf/magic
</IfModule>
#
# Customizable error responses come in three flavors:
# 1) plain text 2) local redirects 3) external redirects
#
# Some examples:
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html
#
#
# EnableMMAP and EnableSendfile: On systems that support it,
# memory-mapping or the sendfile syscall may be used to deliver
# files. This usually improves server performance, but must
# be turned off when serving from networked-mounted
# filesystems or if support for these functions is otherwise
# broken on your system.
# Defaults if commented: EnableMMAP On, EnableSendfile Off
#
#EnableMMAP off
EnableSendfile on
# Supplemental configuration
#
# Load config files in the "/etc/httpd/conf.d" directory, if any.
IncludeOptional conf.d/*.conf
vSchool.id 58
Aktifkan service Apache menggunakan perintah berikut.
Karena secara default CentOS akan menolak semua jenis trafik yang masuk
kecuali ssh dan dhcp seperti informasi berikut ini.
Maka langkah berikutnya adalah kita harus menambahkan service http agar
masuk kedalam list service menggunakan perintah berikut.
vSchool.id 59
Lab 3 : Membuat Sample Website
Tujuan :
Membuat halaman HTML pada server kemudian akses web dari client.
<html>
<title>vschool.com</title>
<body>
<div style="width: 100%; font-size :40px; text-align:
center">
HALAMAN TEST
</div>
</body>
</html>
vSchool.id 60
Lab 4 : SSL Website
Tujuan :
vSchool.id 61
What you are about to enter is what is called a Distinguished Name or a
DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:ID
State or Province Name (full name) []:Jakarta
Locality Name (eg, city) [Default City]:Jakarta
Organization Name (eg, company) [Default Company Ltd]:vschool
Organizational Unit Name (eg, section) []:server
Common Name (eg, your name or your server's hostname) []:vschool.com
Email Address []:info@vschool.com
#
# When we also provide SSL we have to listen to the
# the HTTPS port in addition.
#
Listen 443 https
##
## SSL Global Context
vSchool.id 62
##
## All SSL configuration in this context applies both to
## the main server and all SSL-enabled virtual hosts.
##
#
# Use "SSLCryptoDevice" to enable any supported hardware
# accelerators. Use "openssl engine -v" to list supported
# engine names. NOTE: If you enable an accelerator and the
# server does not start, consult the error logs and ensure
# your accelerator is functioning properly.
#
SSLCryptoDevice builtin
#SSLCryptoDevice ubsec
##
vSchool.id 63
## SSL Virtual Host Context
##
Sesuaikan document
<VirtualHost _default_:443>
root web server
# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html"
Rubah ke nama
ServerName www.vschool.com:443
server-nya
# Use separate log files for the SSL virtual host; note that LogLevel
# is not inherited from httpd.conf.
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
vSchool.id 64
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/server.crt Lokasi file .crt yang sudah
dibuat sebelumnya
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/certs/server.key
Lokasi file .key yang sudah
# Server Certificate Chain: dibuat sebelumnya
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
# Access Control:
# With SSLRequire you can do per-directory access control based
on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
vSchool.id 65
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
vSchool.id 66
</Directory>
</VirtualHost>
vSchool.id 67
Jangan lupa untuk membuka service https pada server agar dapat diakses
dari client, sebagai berikut.
Setelah itu coba kita akses dari client menggunakan browser dengan alamat
https://192.168.1.254.
vSchool.id 68
Kemudian klik ‘Confirm Security Exception’.
Setelah itu akan tampil website menggunakan protocol https sebagai berikut.
vSchool.id 69
Lab 5 : Web Basic Authentication
Tujuan :
<Directory /var/www/html>
AuthType Basic
AuthName "Basic Authentication"
AuthUserFile /etc/httpd/conf/.htpasswd
require valid-user
</Directory>
vSchool.id 70
Dari gambar diatas ketika kita coba akses maka akan diminta user dan
password. Isikan dengan username budi dan password yang sudah dibuat
sebelumnya. Ketika otentikasi berhasil barulah akan muncul halaman web.
vSchool.id 71
Lab 6 : Userdir
Tujuan :
#
# UserDir: The name of the directory that is appended onto a user's home
# directory if a ~user request is received.
#
# The path to the end user account 'public_html' directory must be
# accessible to the webserver userid. This usually means that ~userid
# must have permissions of 711, ~userid/public_html must have permissions
# of 755, and documents contained therein must be world-readable.
# Otherwise, the client will only receive a "403 Forbidden" message.
#
<IfModule mod_userdir.c>
#
# UserDir is disabled by default since it can confirm the presence
# of a username on the system (depending on home directory
# permissions).
#
#UserDir disabled
#
# To enable requests to /~user/ to serve the user's public_html
# directory, remove the "UserDir disabled" line above, and uncomment
# the following line instead:
#
UserDir public_html
</IfModule>
#
# Control access to UserDir directories. The following is an example
# for a site where these directories are restricted to read-only.
#
vSchool.id 72
<Directory "/home/*/public_html">
AllowOverride All
Options None
Require method GET POST OPTIONS
</Directory>
Pindah ke user root untuk membuat sebuah user baru, sebagai contoh user
budi.
<html>
<title>Budi</title>
<body>
<div style="width: 100%; font-size :40px; text-align:
center">
HALAMAN TEST WEBSITE BUDI
</div>
</body>
</html>
vSchool.id 73
Lakukan test dari client dengan mengakses ke alamat
192.168.1.254/~budi/ sebagai berikut.
vSchool.id 74
Lab 7 : Virtual Hosting
Tujuan :
<VirtualHost *:80>
DocumentRoot /home/budi/public_html
ServerName www.budi.com
ServerAdmin webmaster@budi.com
ErrorLog logs/virtual.host-error_log
CustomLog logs/virtual.host-access_log combined
</VirtualHost>
vSchool.id 75
vSchool.id 76
Nginx
vSchool.id 77
Lab 1 : Install paket Nginx
Tujuan :
Karena sebelumnya sudah install paket httpd maka hapus dulu menggunakan
perintah yum.
Buat file repository terlebih dahulu bisa diambil dari website official Nginx
sebelum melakukan instalasi paket Nginx. Buat file repo tersebut pada
direktori /etc/yum.repos.d/.
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/rhel/7/$basearch/
gpgcheck=0
enabled=1
Setelah selesai install paket, edit file konfigurasi utama dari Nginx pada
directory /etc/nginx/nginx.conf.
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
vSchool.id 78
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local]
"$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name www.vschool.com;
root /usr/share/nginx/html;
location / {
}
vSchool.id 79
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
}
Directory utama untuk menampung source code web pada Nginx adalah di
/usr/share/nginx/html. Buatlah web simple pada directory tersebut.
vSchool.id 80
<html>
<title>vschool.com</title>
<body>
<div style="width: 100%; font-size :40px; text-align:
center">
HALAMAN TEST
</div>
</body>
</html>
vSchool.id 81
Lab 2 : SSL Nginx
Tujuan :
vSchool.id 82
Country Name (2 letter code) [XX]:ID
State or Province Name (full name) []:DKI Jakarta
Locality Name (eg, city) [Default City]:Jakarta Barat
Organization Name (eg, company) [Default Company Ltd]:vSchool
Organizational Unit Name (eg, section) []:Server
Common Name (eg, your name or your server's hostname) []:www.vschool.com
Email Address []:info@vschool.com
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local]
"$request" '
vSchool.id 83
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl;
server_name www.vschool.com;
root /usr/share/nginx/html;
ssl_certificate /etc/pki/tls/certs/vschool.crt;
ssl_certificate_key /etc/pki/tls/certs/vschool.key;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
vSchool.id 84
Jangan lupa restart service Nginx.
vSchool.id 85
Lab 3 : Usedir Nginx
Tujuan :
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local]
"$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
vSchool.id 86
directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
index index.html index.htm
autoindex on;
}
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl;
server_name www.vschool.com;
root /usr/share/nginx/html;
ssl_certificate /etc/pki/tls/certs/vschool.crt;
ssl_certificate_key /etc/pki/tls/certs/vschool.key;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
vSchool.id 87
Untuk mengakses website punya budi gunakan alamat
http://192.168.1.254/~budi.
vSchool.id 88
Lab 4 : Basic Web Authentication Nginx
Tujuan :
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local]
"$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
vSchool.id 89
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
location ~ ^/~(.+?)(/.*)?$ {
alias /home/$1/public_html$2;
index index.html index.htm
autoindex on;
}
auth_basic "Masukkan Password";
auth_basic_user_file "/etc/nginx/.htpasswd";
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl;
server_name www.vschool.com;
root /usr/share/nginx/html;
ssl_certificate /etc/pki/tls/certs/vschool.crt;
ssl_certificate_key /etc/pki/tls/certs/vschool.key;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
vSchool.id 90
Buat user dan password untuk otentikasi web.
Jika sukses lakukan test akses web, maka harusnya muncul otentikasi terlebih
dahulu sebelum web terbuka.
vSchool.id 91
Lab 5 : NginX Load Balancer
Tujuan :
user nginx;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
vSchool.id 92
upstream backends {
server nginx1.vschool.com:80;
server nginx2.vschool.com:80;
}
}
server {
listen 80;
server_name www.vschool.com;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
proxy_set_header Host $http_host;
#charset koi8-r;
#access_log /var/log/nginx/log/host.access.log main;
location / {
# root /usr/share/nginx/html;
# index index.html index.htm;
proxy_pass http://backends;
}
vSchool.id 93
Akses dari browser client dengan menuju ke alamat domain NginX
loadbalancer seperti contoh berikut.
vSchool.id 94
DNS (Domain Name Server) Server
vSchool.id 95
Lab 1 : Install BIND
Tujuan :
Dependencies Resolved
=====================================================================
vSchool.id 96
Package Arch Version Repository
Size
=====================================================================
Installing:
bind x86_64 32:9.9.4-29.el7_2.3 updates 1.8 M
Updating:
bind-utils x86_64 32:9.9.4-29.el7_2.3 updates 200 k
Updating for dependencies:
bind-libs x86_64 32:9.9.4-29.el7_2.3 updates 1.0 M
bind-libs-lite x86_64 32:9.9.4-29.el7_2.3 updates 724 k
bind-license noarch 32:9.9.4-29.el7_2.3 updates 82 k
Transaction Summary
=====================================================================
Install 1 Package
Upgrade 1 Package (+3 Dependent packages)
vSchool.id 97
Verifying : 32:bind-9.9.4-29.el7_2.3.x86_64 5/9
Verifying : 32:bind-license-9.9.4-29.el7_2.2.noarch 6/9
Verifying : 32:bind-libs-9.9.4-29.el7_2.2.x86_64 7/9
Verifying : 32:bind-utils-9.9.4-29.el7_2.2.x86_64 8/9
Verifying : 32:bind-libs-lite-9.9.4-29.el7_2.2.x86_64 9/9
Installed:
bind.x86_64 32:9.9.4-29.el7_2.3
Updated:
bind-utils.x86_64 32:9.9.4-29.el7_2.3
Dependency Updated:
bind-libs.x86_64 32:9.9.4-29.el7_2.3
bind-libs-lite.x86_64 32:9.9.4-29.el7_2.3
bind-license.noarch 32:9.9.4-29.el7_2.3
Complete!
vSchool.id 98
Lab 2 : Konfigurasi BIND
Tujuan :
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8)
DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration
files.
// Disable IPv6 DNS jika tidak Tambahkan listening IP
difungsikan. server.
options {
listen-on port 53 { 127.0.0.1; 192.168.1.254;};
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
vSchool.id 99
allow-query { localhost; 192.168.1.0/24;}; Tambahkan query network
yang mengakses DNS
/* server
- If you are building an AUTHORITATIVE DNS server, do NOT enable
recursion.
- If you are building a RECURSIVE (caching) DNS server, you need
to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST
enable access
control to limit queries to your legitimate users. Failing to
do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
vSchool.id 100
zone "vschool.com" IN {
type master;
file "forward.vschool";
allow-update {none; };
}; Setting zone domain
vschool.com
zone "1.168.192.in-addr.arpa" IN {
type master;
file "reverse.vschool";
allow-update {none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
@ IN NS master.vschool.com.
master IN A 192.168.1.254
jono IN A 192.168.1.2
budi IN A 192.168.1.3
tuti IN A 192.168.1.4
vSchool.id 101
86400 ;Minimum TTL
)
@ IN NS master.vschool.com.
254 IN PTR master.vschool.com.
2 IN PTR jono.vschool.com.
3 IN PTR budi.vschool.com.
4 IN PTR tuti.vschool.com.
vSchool.id 102
Lab 3 : BIND Forwarder
Tujuan :
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8)
// DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration
//files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.254;};
# listen-on-v6 port 53 { ::1; };
vSchool.id 103
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24;};
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable
recursion.
- If you are building a RECURSIVE (caching) DNS server, you need
to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST
enable access
control to limit queries to your legitimate users. Failing to
do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable no;
dnssec-validation no;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
forwarders {
8.8.8.8; Untuk ke internet akan di forward
8.8.4.4; ke DNS berikut
};
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
vSchool.id 104
};
zone "." IN {
type hint;
file "named.ca";
};
zone "vschool.com" IN {
type master;
file "forward.vschool";
allow-update {none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "reverse.vschool";
allow-update {none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Selanjutnya kita lakukan test dari client ping ke internet dan salah satu domain
di lokal seperti berikut.
vSchool.id 105
vSchool.id 106
Lab 4 : BIND CNAME (Canonical Name)
Tujuan :
@ IN NS master.vschool.com.
master IN A 192.168.1.254
ftp IN CNAME master.vschool.com.
www IN CNAME master.vschool.com.
jono IN A 192.168.1.2
budi IN A 192.168.1.3
tuti IN A 192.168.1.4
Jangan lupa untuk restart service BIND.
vSchool.id 107
Selanjutnya kita bisa lakukan testing.
vSchool.id 108
Lab 5 : Slave DNS Server
Tujuan :
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8)
DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration
files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.254;};
vSchool.id 109
# listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; 192.168.1.0/24;};
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable
recursion.
- If you are building a RECURSIVE (caching) DNS server, you need
to enable
recursion.
- If your recursive DNS server has a public IP address, you MUST
enable access control to limit queries to your legitimate users.
Failing to do so will
cause your server to become part of large scale DNS amplification
attacks. Implementing BCP38 within your network would greatly
reduce such attack surface
*/
recursion yes;
dnssec-enable yes;
dnssec-validation yes;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
vSchool.id 110
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "vschool.com" IN {
type master;
file "forward.vschool";
allow-update {none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "reverse.vschool";
allow-update {none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Kemudian menambahkan domain server slave pada file forward dan reverse,
sebagai berikut.
@ IN NS master.vschool.com.
master IN A 192.168.1.254
ftp IN CNAME master.vschool.com.
www IN CNAME master.vschool.com.
slave IN A 192.168.1.253
jono IN A 192.168.1.2
budi IN A 192.168.1.3
tuti IN A 192.168.1.4
vSchool.id 111
[vschool@localhost ~]$ sudo vim /var/named/reverse.vschool
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8)
DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration
files.
//
options {
vSchool.id 112
IP listening untuk server
slave.
dnssec-enable no;
dnssec-validation no;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
forwarders {
8.8.8.8; DNS forwarding untuk ke
8.8.4.4; internet.
};
vSchool.id 113
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "vschool.com" IN {
type slave;
masters { 192.168.1.254; }; Sinkronisasi forwarding
file "slaves/forward.vschool"; domain dari server master.
notify no;
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
Sinkronisasi reverse domain
masters { 192.168.1.254; };
dari server master
file "slaves/reverse.vschool";
notify no;
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
Setelah restart service berhasil maka server slave akan sinkronisasi dengan
server master. Kita bisa cek di directory /var/named/slaves.
vSchool.id 114
Lakukan test dari client menggunakan DNS server slave, seperti berikut.
vSchool.id 115
MariaDB
vSchool.id 116
Lab 1 : Install MariaDB
Tujuan :
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.0/rhel7-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1
vSchool.id 117
---> Package perl-DBI.x86_64 0:1.627-4.el7 will be installed
--> Processing Dependency: perl(RPC::PlServer) >= 0.2001 for package:
perl-DBI-1.627-4.el7.x86_64
--> Processing Dependency: perl(RPC::PlClient) >= 0.2000 for package:
perl-DBI-1.627-4.el7.x86_64
---> Package perl-Data-Dumper.x86_64 0:2.145-3.el7 will be installed
--> Running transaction check
---> Package perl-PlRPC.noarch 0:0.2020-14.el7 will be installed
--> Processing Dependency: perl(Net::Daemon) >= 0.13 for package:
perl-PlRPC-0.2020-14.el7.noarch
--> Processing Dependency: perl(Net::Daemon::Test) for package:
perl-PlRPC-0.2020-14.el7.noarch
--> Processing Dependency: perl(Net::Daemon::Log) for package:
perl-PlRPC-0.2020-14.el7.noarch
--> Processing Dependency: perl(Compress::Zlib) for package:
perl-PlRPC-0.2020-14.el7.noarch
--> Running transaction check
---> Package perl-IO-Compress.noarch 0:2.061-2.el7 will be installed
--> Processing Dependency: perl(Compress::Raw::Zlib) >= 2.061 for package:
perl-IO-Compress-2.061-2.el7.noarch
--> Processing Dependency: perl(Compress::Raw::Bzip2) >= 2.061 for
package: perl-IO-Compress-2.061-2.el7.noarch
---> Package perl-Net-Daemon.noarch 0:0.48-5.el7 will be installed
--> Running transaction check
---> Package perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7 will be
installed
---> Package perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7 will be
installed
--> Finished Dependency Resolution
Dependencies Resolved
=====================================================================
Package Arch Version Repository Size
=====================================================================
Installing:
mariadb-server x86_64 1:5.5.47-1.el7_2 rhel-7-server-rpms 11 M
Installing for dependencies:
mariadb x86_64 1:5.5.47-1.el7_2 rhel-7-server-rpms 8.6 M
perl-Compress-Raw-Bzip2 x86_64 2.061-3.el7 hel-7-server-rpms 32 k
perl-Compress-Raw-Zlib x86_64 1:2.061-4.el7 rhel-7-server-rpms 57 k
perl-DBD-MySQL x86_64 4.023-5.el7 rhel-7-server-rpms 140 k
perl-DBI x86_64 1.627-4.el7 rhel-7-server-rpms 802 k
perl-Data-Dumper x86_64 2.145-3.el7 rhel-7-server-rpms 47 k
vSchool.id 118
perl-IO-Compress noarch 2.061-2.el7 rhel-7-server-rpms 260 k
perl-Net-Daemon noarch 0.48-5.el7 rhel-7-server-rpms 51 k
perl-PlRPC noarch 0.2020-14.el7 rhel-7-server-rpms 36 k
Transaction Summary
=====================================================================
Install 1 Package (+9 Dependent packages)
vSchool.id 119
Verifying : perl-IO-Compress-2.061-2.el7.noarch 8/10
Verifying : perl-DBD-MySQL-4.023-5.el7.x86_64 9/10
Verifying : 1:mariadb-5.5.47-1.el7_2.x86_64 10/10
Installed:
mariadb-server.x86_64 1:5.5.47-1.el7_2
Dependency Installed:
mariadb.x86_64 1:5.5.47-1.el7_2
perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7
perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7
perl-DBD-MySQL.x86_64 0:4.023-5.el7
perl-DBI.x86_64 0:1.627-4.el7
perl-Data-Dumper.x86_64 0:2.145-3.el7
perl-IO-Compress.noarch 0:2.061-2.el7
perl-Net-Daemon.noarch 0:0.48-5.el7
perl-PlRPC.noarch 0:0.2020-14.el7
Complete!
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
vSchool.id 120
Password updated successfully!
Reloading privilege tables..
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
vSchool.id 121
Untuk masih ke shell MariaDB gunakan perintah mysql -u root -p.
Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.
vSchool.id 122
Lab 2 : Install phpMyAdmin
Tujuan :
● Install phpMyAdmin.
Download dan install repository dari EPEL fedora project untuk install paket
phpMyAdmin.
vSchool.id 123
--> Processing Dependency: php-tcpdf-dejavu-sans-fonts for package:
phpMyAdmin-4.4.15.5-1.el7.noarch
--> Processing Dependency: php-tcpdf for package:
phpMyAdmin-4.4.15.5-1.el7.noarch
--> Processing Dependency: php-php-gettext for package:
phpMyAdmin-4.4.15.5-1.el7.noarch
--> Running transaction check
---> Package php-gd.x86_64 0:5.4.16-36.el7_1 will be installed
--> Processing Dependency: libt1.so.5()(64bit) for package:
php-gd-5.4.16-36.el7_1.x86_64
---> Package php-mbstring.x86_64 0:5.4.16-36.el7_1 will be installed
---> Package php-mysql.x86_64 0:5.4.16-36.el7_1 will be installed
--> Processing Dependency: php-pdo(x86-64) = 5.4.16-36.el7_1 for package:
php-mysql-5.4.16-36.el7_1.x86_64
---> Package php-php-gettext.noarch 0:1.0.11-12.el7 will be installed
---> Package php-tcpdf.noarch 0:6.2.11-1.el7 will be installed
--> Processing Dependency: php-tidy for package:
php-tcpdf-6.2.11-1.el7.noarch
--> Processing Dependency: php-bcmath for package:
php-tcpdf-6.2.11-1.el7.noarch
---> Package php-tcpdf-dejavu-sans-fonts.noarch 0:6.2.11-1.el7 will be
installed
--> Running transaction check
---> Package php-bcmath.x86_64 0:5.4.16-36.el7_1 will be installed
---> Package php-pdo.x86_64 0:5.4.16-36.el7_1 will be installed
---> Package php-tidy.x86_64 0:5.4.16-4.el7 will be installed
--> Processing Dependency: libtidy-0.99.so.0()(64bit) for package:
php-tidy-5.4.16-4.el7.x86_64
---> Package t1lib.x86_64 0:5.1.2-14.el7 will be installed
--> Running transaction check
---> Package libtidy.x86_64 0:0.99.0-31.20091203.el7 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
=====================================================================
Package Arch Version Repository Size
=====================================================================
Installing:
phpMyAdmin noarch 4.4.15.5-1.el7 epel 4.7 M
Installing for dependencies:
libtidy x86_64 0.99.0-31.20091203.el7 epel 132 k
php-bcmath x86_64 5.4.16-36.el7_1 rhel-7-server-optional-rpms 56 k
php-gd x86_64 5.4.16-36.el7_1 rhel-7-server-rpms 126 k
vSchool.id 124
php-mbstring x86_64 5.4.16-36.el7_1 rhel-7-server-optional-rpms 503 k
php-mysql x86_64 5.4.16-36.el7_1 rhel-7-server-rpms 99 k
php-pdo x86_64 5.4.16-36.el7_1 rhel-7-server-rpms 97 k
php-php-gettext noarch 1.0.11-12.el7 epel 22 k
php-tcpdf noarch 6.2.11-1.el7 epel 2.1 M
php-tcpdf-dejavu-sans-fonts noarch 6.2.11-1.el7 epel 257 k
php-tidy x86_64 5.4.16-4.el7 epel 22 k
t1lib x86_64 5.1.2-14.el7 rhel-7-server-rpms 166 k
Transaction Summary
=====================================================================
Install 1 Package (+11 Dependent packages)
vSchool.id 125
Transaction test succeeded
Running transaction
Installing : php-mbstring-5.4.16-36.el7_1.x86_64 1/12
Installing : php-php-gettext-1.0.11-12.el7.noarch 2/12
Installing : php-bcmath-5.4.16-36.el7_1.x86_64 3/12
Installing : php-pdo-5.4.16-36.el7_1.x86_64 4/12
Installing : php-mysql-5.4.16-36.el7_1.x86_64 5/12
Installing : libtidy-0.99.0-31.20091203.el7.x86_64 6/12
Installing : php-tidy-5.4.16-4.el7.x86_64 7/12
Installing : t1lib-5.1.2-14.el7.x86_64 8/12
Installing : php-gd-5.4.16-36.el7_1.x86_64 9/12
Installing : php-tcpdf-6.2.11-1.el7.noarch 10/12
Installing : php-tcpdf-dejavu-sans-fonts-6.2.11-1.el7.noarch 11/12
Installing : phpMyAdmin-4.4.15.5-1.el7.noarch 12/12
Verifying : php-tidy-5.4.16-4.el7.x86_64 1/12
Verifying : t1lib-5.1.2-14.el7.x86_64 2/12
Verifying : php-mbstring-5.4.16-36.el7_1.x86_64 3/12
Verifying : php-tcpdf-dejavu-sans-fonts-6.2.11-1.el7.noarch 4/12
Verifying : php-php-gettext-1.0.11-12.el7.noarch 5/12
Verifying : libtidy-0.99.0-31.20091203.el7.x86_64 6/12
Verifying : php-pdo-5.4.16-36.el7_1.x86_64 7/12
Verifying : php-gd-5.4.16-36.el7_1.x86_64 8/12
Verifying : php-bcmath-5.4.16-36.el7_1.x86_64 9/12
Verifying : php-mysql-5.4.16-36.el7_1.x86_64 10/12
Verifying : phpMyAdmin-4.4.15.5-1.el7.noarch 11/12
Verifying : php-tcpdf-6.2.11-1.el7.noarch 12/12
Installed:
phpMyAdmin.noarch 0:4.4.15.5-1.el7
Dependency Installed:
libtidy.x86_64 0:0.99.0-31.20091203.el7
php-bcmath.x86_64 0:5.4.16-36.el7_1
php-gd.x86_64 0:5.4.16-36.el7_1
php-mbstring.x86_64 0:5.4.16-36.el7_1
php-mysql.x86_64 0:5.4.16-36.el7_1
php-pdo.x86_64 0:5.4.16-36.el7_1
php-php-gettext.noarch 0:1.0.11-12.el7
php-tcpdf.noarch 0:6.2.11-1.el7
php-tcpdf-dejavu-sans-fonts.noarch 0:6.2.11-1.el7
php-tidy.x86_64 0:5.4.16-4.el7
t1lib.x86_64 0:5.1.2-14.el7
Complete!
vSchool.id 126
Edit file konfigurasi utama phpMyAdmin.
<Directory /usr/share/phpMyAdmin/>
AddDefaultCharset UTF-8
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1 192.168.1.0/24
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
<Directory /usr/share/phpMyAdmin/setup/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
Require ip 127.0.0.1 192.168.1.0/24
Require ip ::1
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
vSchool.id 127
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
Pastikan service http sudah dipermit oleh firewall, cek firewall sebagai berikut.
vSchool.id 128
Masukkan username dan password dari database MariaDB.
vSchool.id 129
Lab 3 : Database Replication
Tujuan :
Server Master :
Edit konfigurasi MariaDB untuk menambahkan binary log dan server ID untuk
replikasi database.
[mysqld]
character-set-server=utf8
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security
# risks
symbolic-links=0
log-bin=mysql-bin
server-id=101
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
#
# include all files from the config directory
#
!includedir /etc/my.cnf.d
vSchool.id 130
Permit service MariaDB pada firewall server.
Buat sebuah user yang digunakan untuk otentikasi antara server master dan
slave.
Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.
vSchool.id 131
Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.
Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.
vSchool.id 132
MariaDB [(none)]> exit
Bye
Server Slave:
Edit file konfigurasi MariaDB pada server slave dengan server ID yang
berbeda. Kemudian jadikan slave server sebagai Read-Only, artinya pada
slave server tidak bisa melakukan edit database dan hanya menerima
sinkronisasi database dari server master.
[mysqld]
character-set-server=utf8
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security
# risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd
log-bin=mysql-bin
server-id=102
read_only=1
report-host=master.vschool.com
vSchool.id 133
Mengaktifkan replikasi database di server slave.
Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.
MariaDB [(none)]> change master to
-> master_host='192.168.1.254',
-> master_user='vschool',
-> master_password='idnmantab',
-> master_log_file='mysql-bin.000001',
-> master_log_pos=465;
Query OK, 0 rows affected (0.42 sec)
Pastikan status server slave adalah ‘Waitting for master to send event’.
vSchool.id 134
Replicate_Wild_Do_Table:
Replicate_Wild_Ignore_Table:
Last_Errno: 0
Last_Error:
Skip_Counter: 0
Exec_Master_Log_Pos: 245
Relay_Log_Space: 1109
Until_Condition: None
Until_Log_File:
Until_Log_Pos: 0
Master_SSL_Allowed: No
Master_SSL_CA_File:
Master_SSL_CA_Path:
Master_SSL_Cert:
Master_SSL_Cipher:
Master_SSL_Key:
Seconds_Behind_Master: 0
Master_SSL_Verify_Server_Cert: No
Last_IO_Errno: 0
Last_IO_Error:
Last_SQL_Errno: 0
Last_SQL_Error:
Replicate_Ignore_Server_Ids:
Master_Server_Id: 101
1 row in set (0.00 sec)
Untuk test coba buat beberapa database baru pada server master, jika
replikasi berjalan semestinya maka server slave secara otomatis akan
sinkronisasi database ke server master.
vSchool.id 135
Server Master
Server Slave
vSchool.id 136
Lab 4 : MariaDB Galera Cluster
Tujuan :
Start service mysql kemudian membuat sebuah user baru pada database
yang digunakan sebagai otentikasi cluster. Buat di kedua server.
Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.
vSchool.id 137
Konfigurasi firewall di kedua server untuk permit clustering database.
$ sudo setenforce 0
Stop service mysql terlebih dahulu untuk edit file konfigurasi galera.
#
# These groups are read by MariaDB server.
# Use it for options that only the server (but not clients) should see
#
# See the examples of server my.cnf files in /usr/share/mysql/
#
vSchool.id 138
[galera]
# Mandatory settings
wsrep_provider=/usr/lib64/galera/libgalera_smm.so
wsrep_cluster_address='gcomm://192.168.1.254,192.168.1.253'
binlog_format=row
default_storage_engine=InnoDB
innodb_autoinc_lock_mode=2
bind-address=0.0.0.0
wsrep_cluster_name='Database_cluster'
wsrep_node_address='192.168.1.254'
wsrep_sst_method=rsync
wsrep_sst_auth=cluster:rahasia
#
# These groups are read by MariaDB server.
# Use it for options that only the server (but not clients) should see
#
# See the examples of server my.cnf files in /usr/share/mysql/
#
#
# * Galera-related settings
#
[galera]
# Mandatory settings
wsrep_provider=/usr/lib64/galera/libgalera_smm.so
wsrep_cluster_address='gcomm://192.168.1.254,192.168.1.253'
binlog_format=row
default_storage_engine=InnoDB
innodb_autoinc_lock_mode=2
bind-address=0.0.0.0
wsrep_cluster_name='Database_cluster'
wsrep_node_address='192.168.1.253'
wsrep_sst_method=rsync
vSchool.id 139
wsrep_sst_auth=cluster:rahasia
Keterangan :
--wsrep-new-cluster menjadikan server master sebagai primary server
pada cluster.
Jika terdapat error pada saat mengaktifkan service mysql kita bisa melihat
informasi log tersebut di file /var/lib/mysql/<hostname>.err.
Untuk mengetahui server sudah join ke dalam cluster kita bisa menggunakan
perintah berikut pada shell mysql.
Type 'help;' or '\h' for help. Type '\c' to clear the current input
statement.
vSchool.id 140
| wsrep_repl_keys_bytes | 0 |
| wsrep_repl_data_bytes | 0 |
| wsrep_repl_other_bytes | 0 |
| wsrep_received | 4 |
| wsrep_received_bytes | 1175 |
| wsrep_local_commits | 0 |
| wsrep_local_cert_failures | 0 |
| wsrep_local_replays | 0 |
| wsrep_local_send_queue | 0 |
| wsrep_local_send_queue_max | 1 |
| wsrep_local_send_queue_min | 0 |
| wsrep_local_send_queue_avg | 0.000000 |
| wsrep_local_recv_queue | 0 |
| wsrep_local_recv_queue_max | 1 |
| wsrep_local_recv_queue_min | 0 |
| wsrep_local_recv_queue_avg | 0.000000 |
| wsrep_local_cached_downto | 14 |
| wsrep_flow_control_paused_ns | 0 |
| wsrep_flow_control_paused | 0.000000 |
| wsrep_flow_control_sent | 0 |
| wsrep_flow_control_recv | 0 |
| wsrep_cert_deps_distance | 1.000000 |
| wsrep_apply_oooe | 0.000000 |
| wsrep_apply_oool | 0.000000 |
| wsrep_apply_window | 1.000000 |
| wsrep_commit_oooe | 0.000000 |
| wsrep_commit_oool | 0.000000 |
| wsrep_commit_window | 1.000000 |
| wsrep_local_state | 4 |
| wsrep_local_state_comment | Synced |
| wsrep_cert_index_size | 1 |
| wsrep_causal_reads | 0 |
| wsrep_cert_interval | 0.000000 |
| wsrep_incoming_addresses | 192.168.1.254:3306,192.168.1.253:3306 |
| wsrep_evs_delayed | |
| wsrep_evs_evict_list | |
| wsrep_evs_repl_latency | 0/0/0/0/0 |
| wsrep_evs_state | OPERATIONAL |
| wsrep_gcomm_uuid | 1ec07de2-facd-11e5-85a1-0f7601878be0 |
| wsrep_cluster_conf_id | 2 |
| wsrep_cluster_size | 2 |
| wsrep_cluster_state_uuid | 7f9b15e8-fa6c-11e5-a0b3-37918903ca71
|
| wsrep_cluster_status | Primary |
vSchool.id 141
| wsrep_connected | ON |
| wsrep_local_bf_aborts | 0 |
| wsrep_local_index | 1 |
| wsrep_provider_name | Galera |
| wsrep_provider_vendor | Codership Oy <info@codership.com> |
| wsrep_provider_version | 25.3.14(r3560) |
| wsrep_ready | ON |
| wsrep_thread_count | 2 |
+------------------------------+------------------------------------+
57 rows in set (0.00 sec)
vSchool.id 142
Lihat di server slave.
vSchool.id 143
SAMBA
vSchool.id 144
Lab 1 : Install Samba
Tujuan :
● Install samba.
Dependencies Resolved
=====================================================================
Package Arch Version Repository Size
=====================================================================
Installing:
samba x86_64 4.2.3-12.el7_2 rhel-7-server-rpms 602 k
samba-clientx86_64 4.2.3-12.el7_2 rhel-7-server-rpms 496 k
Transaction Summary
=====================================================================
Install 2 Packages
vSchool.id 145
(2/2) : samba-4.2.3-12.el7_2.x86_64.rpm | 602 kB 00:00:06
---------------------------------------------------------------------
Total
158 kB/s | 1.1 MB 00:00:06
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : samba-client-4.2.3-12.el7_2.x86_64 1/2
Installing : samba-4.2.3-12.el7_2.x86_64 2/2
Verifying : samba-4.2.3-12.el7_2.x86_64 1/2
Verifying : samba-client-4.2.3-12.el7_2.x86_64 2/2
Installed:
samba.x86_6 0:4.2.3-12.el7_2
samba-client.x86_64 0:4.2.3-12.el7_2
Complete!
vSchool.id 146
Lab 2 : Full Access Shared Folder
Tujuan :
● Membuat sharing folder dengan akses full oleh semua user dan guest.
Ubah permission directory tersebut ke full akses (777) siapapun boleh Read,
Write dan Execution.
[global]
unix charset = UTF-8
# ----------------------- Network-Related Options ---------------------
#
# workgroup = the Windows NT domain name or workgroup name, for example,
# MYGROUP.
#
# server string = the equivalent of the Windows NT Description field.
#
# netbios name = used to specify a server name that is not tied to the
# hostname.
#
# interfaces = used to configure Samba to listen on multiple network
# interfaces.
# If you have multiple interfaces, you can use the "interfaces =" option
# to
# configure which of those interfaces Samba listens on. Never omit the
# localhost
# interface (lo).
#
# hosts allow = the hosts allowed to connect. This option can also be used
vSchool.id 147
# max protocol = used to define the supported protocol. The default is
# NT1. You
# can set it to SMB2 if you want experimental SMB2 support.
#
workgroup = WORKGROUP
server string = Samba Server Version %v
security = user
passdb backend = tdbsam
map to guest = Bad User
[homes]
comment = Home Directories
browseable = no
writable = yes
; valid users = %S
; valid users = MYDOMAIN\%S
[printers]
comment = All Printers
vSchool.id 148
path = /var/spool/samba
browseable = no
guest ok = no
writable = no
printable = yes
# Un-comment the following and create the netlogon directory for Domain
# Logons:
; [netlogon]
; comment = Network Logon Service
; path = /var/lib/samba/netlogon
; guest ok = yes
; writable = no
; share modes = no
[share]
path = /home/share
writable = yes
guest ok = yes
create mode = 0777
directory mode = 0777
share modes = yes
vSchool.id 149
Agar samba tidak ter-block oleh SELinux maka gunakan perintah berikut.
Setelah semua konfigurasi dilakukan, jangan lupa untuk restart service samba.
Test dari PC Windows, buka windows explorer kemudian buka sharing folder
pada address \\master.vschool.com\share seperti pada gambar dibawah.
vSchool.id 150
Lab 3 : Limited Access Shared Folder
Tujuan :
Membuat sebuah group user katakanlah staffit, jadi kita buat sebuah sharing
folder hanya untuk kelompok staff IT saja.
[share]
path = /home/share
writable = yes
guest ok = yes
create mode = 0777
directory mode = 0777
share modes = yes
[staffit]
path = /samba/staffit/
writable = yes
vSchool.id 151
create mode = 0770
directory mode = 0770
share modes = yes
guest ok = no
valid users = @staffit
Lakukan pelabelan pada folder sharing agar tidak terblock oleh SELinux
menggunakan perintah berikut.
Selanjutnya kita test dari client Windows dengan mengakses ke server Samba
dengan alamat \\master.vschool.com\staffit seperti berikut.
vSchool.id 152
Isikan username dan password sesuai dengan user yang tergabung dalam
group staffit, jika otentikasi berhasil maka kita bisa mengcopy dari dan ke
folder sharing tersebut.
vSchool.id 153
Lab 4 : Block File di Samba
Tujuan :
[staffit]
path = /samba/staffit
veto files = /*.exe/
delete veto files = yes
writable = yes
create mode = 0770
directory mode = 0770
share modes = yes
guest ok = no
valid users = @staffit
Lakukan sebuah kopi file ber-ekstensi .exe maka akan terjadi seperti gambar
dibawah ini.
vSchool.id 154
PROXY
vSchool.id 155
Lab 1 : Install Paket Squid
Tujuan :
● Mengaktifkan squid.
Paket yang cukup populer digunakan untuk fungsi proxy server adalah Squid,
paket ini sudah tersedia di repositori RedHat. Install paket menggunakan yum
seperti berikut.
Dependencies Resolved
=====================================================================
Package Arch Version Repository Size
=====================================================================
Installing:
squid x86_64 7:3.3.8-26.el7 rhel-7-server-rpms 2.6 M
Installing for dependencies:
libecap x86_64 0.2.0-9.el7 rhel-7-server-rpms 20 k
Transaction Summary
=====================================================================
Install 1 Package (+1 Dependent package)
vSchool.id 156
Total download size: 2.6 M
Installed size: 8.6 M
Downloading packages:
(1/2): libecap-0.2.0-9.el7.x86_64.rpm | 20 kB 00:05
(2/2): squid-3.3.8-26.el7.x86_64.rpm | 2.6 MB 01:47
---------------------------------------------------------------------
Total 25 kB/s | 2.6 MB 01:47
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : libecap-0.2.0-9.el7.x86_64 1/2
Installing : 7:squid-3.3.8-26.el7.x86_64 2/2
rhel-7-server-rpms/7Server/x86_64/productid | 1.7 kB 00:00
Verifying : 7:squid-3.3.8-26.el7.x86_64 1/2
Verifying : libecap-0.2.0-9.el7.x86_64 2/2
Installed:
squid.x86_64 7:3.3.8-26.el7
Dependency Installed:
libecap.x86_64 0:0.2.0-9.el7
Complete!
vSchool.id 157
Lab 2: Konfigurasi Squid
Tujuan :
#
# Recommended minimum configuration:
#
#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
vSchool.id 158
http_access deny !Safe_ports
#
#
# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS
#
vSchool.id 159
# squid server hostname
visible_hostname proxy.vschool.com
# cache administrator
cache_mgr admin@vschool.com
vSchool.id 160
Berikut bila menggunakan browser Windows Explorer.
vSchool.id 161
Lakukan browsing seperti contoh berikut.
Disaat user melakukan browsing kita bisa melihat proses caching proxy pada
file log /var/log/squid/access.log seperti berikut.
vSchool.id 162
1459988230.778 20016 192.168.1.3 TCP_MISS/200 14252 CONNECT
pubads.g.doubleclick.net:443 - HIER_DIRECT/74.125.68.157 -
1459988230.778 21049 192.168.1.3 TCP_MISS/200 334285 CONNECT
s.ytimg.com:443 - HIER_DIRECT/216.58.200.110 -
1459988230.787 20542 192.168.1.3 TCP_MISS/200 313005 CONNECT
i.ytimg.com:443 - HIER_DIRECT/74.125.200.139 -
1459988230.787 19005 192.168.1.3 TCP_MISS/200 17863 CONNECT
tpc.googlesyndication.com:443 - HIER_DIRECT/216.58.200.97 -
1459988230.787 21706 192.168.1.3 TCP_MISS/200 51724 CONNECT
www.youtube.com:443 - HIER_DIRECT/74.125.200.190 -
1459988230.787 17859 192.168.1.3 TCP_MISS/200 876 CONNECT
www.youtube.com:443 - HIER_DIRECT/74.125.200.190 -
1459988230.787 20264 192.168.1.3 TCP_MISS/200 42914 CONNECT
fonts.gstatic.com:443 - HIER_DIRECT/74.125.200.94 -
1459988230.816 20563 192.168.1.3 TCP_MISS/200 31942 CONNECT
yt3.ggpht.com:443 - HIER_DIRECT/74.125.200.132 -
1459988262.037 1313 192.168.1.3 TCP_MISS/200 6363 GET
http://vschool.id/ - HIER_DIRECT/104.152.168.20 text/html
1459988263.088 962 192.168.1.3 TCP_MISS/200 1785 GET
http://code.jivosite.com/script/widget/pvOjYE9ZO0 -
HIER_DIRECT/54.246.110.153 application/x-javascript
Untuk melihat seberapa besar cache yang sudah ditampung pada proxy
server bisa di cek pada directory /var/spool/squid.
vSchool.id 163
Lab 3: Transparent Proxy
Tujuan :
Salah satu fungsi proxy server adalah untuk melakukan cache web sehingga
user tidak perlu keluar ke jaringan internet untuk dapat mengakses ke web
yang dituju, cukup mengambil dari cache proxy. Namun pada lab sebelumnya
kekuranganya adalah user dapat memilih untuk menggunakan proxy atau
tidak. Untuk mengatasi hal tersebut kita bisa menggunakan transparent proxy
yaitu pemaksaan user agar menggunakan proxy.
Salah satu cara untuk memaksa user menggunakan proxy adalah
menerapkan filtering pada router, dengan mengijinkan akses ke internet oleh
proxy server saja.
Contoh berikut adalah penerapan filtering pada router Cisco menggunakan
ACL.
Building configuration...
vSchool.id 164
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
ip access-group PROXY in
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
!
ip access-list extended PROXY
permit ip host 192.168.1.254 any
deny ip any any
Jadi apabila kita kita tidak menggunakan proxy lokal pada pengaturan web
browser maka kita tidak akan bisa mengakses ke internet.
vSchool.id 165
vSchool.id 166
Lab 4: Proxy Basic Authentication
Tujuan :
Kemudian bila user melakukan akses internet maka akan tampil otentikasi
sebagai berikut.
vSchool.id 167
vSchool.id 168
Lab 5: Squid Web Filter
Tujuan :
#
# Recommended minimum configuration:
#
vSchool.id 169
Buat sebuah file yang berisikan list domain yang akan diblock.
www.youtube.com
www.facebook.com
www.twitter.com
twitter.com
www.kaskus.com
kaskus.com
www.kaskus.co.id
kaskus.co.id
Selanjutnya lakukan test dari user dengan mengakses ke sala satu list domain
yang terblock sebagai berikut.
vSchool.id 170
Bila akan melakukan block url regex tambahkan pada file konfigurasi squid
sebagi berikut.
# blocked url
acl blockurl url_regex -i "/etc/squid/url"
http_access deny blockurl
vSchool.id 171
Buat sebuah file yang berisikan url regex yang diblock.
Download
download
Lakukan test pada user dengan mengaksess website yang memiliki unsur url
download seperti berikut.
vSchool.id 172
Untuk melakukan block file download edit konfigurasi squid sebagai berikut.
#
# Recommended minimum configuration:
#
# block url
#acl blockurl url_regex -i "/etc/squid/url"
#http_access deny blockurl
# block download
acl file urlpath_regex -i "/etc/squid/file"
http_access deny file
vSchool.id 173
Buat sebuah file yang berisikan daftar tipe file yang terblock.
\.exe$
\.avi$
\.mkv$
\.flv$
\.mp4$
\.iso$
Lakukan test dari user dengan melakukan download file dengan salah satu
extension yang diblock.
vSchool.id 174
Storage
vSchool.id 175
Lab 1 : Konfigurasi Raid 1
Tujuan :
vSchool.id 176
Disk /dev/mapper/rhel-root: 51.0 GB, 50964987904 bytes, 99540992 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
vSchool.id 177
Bila proses sinkronisasi sudah selesai.
vSchool.id 178
# Start End Size Type Name
1 2048 104855551 50G Linux RAID primary
WARNING: fdisk GPT support is currently new, and therefore in an
experimental phase. Use at your own discretion.
vSchool.id 179
Agar disk RAID ter-mounting secara otomatis pada saat startup system edit
pada file konfigurasi /etc/fstab.
#
# /etc/fstab
# Created by anaconda on Fri Apr 1 01:44:46 2016
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more
info
#
/dev/mapper/rhel-root / xfs defaults 0 0
UUID=5042a81d-da0e-4602-9437-8f3330d5d4f6 /boot xfs
defaults 0 0
/dev/mapper/rhel-swap swap swap defaults 0 0
/dev/md0 /media/raid1 xfx defaults 0 0
vSchool.id 180
Zimbra Mail Server
vSchool.id 181
Lab 1 : Install Zimbra
Tujuan :
Ada beberapa initial setup yang harus dilakukan sebelum melakukan instalasi
Zimbra Mail Server, antara lain :
vSchool.id 182
Install beberapa paket sebagai berikut.
Setelah selesai proses reboot system sudah siap untuk melakukan instalasi
Zimbra Mail Server.
Download terlebih dahulu paket software Zimbra pada website official Zimbra
Mail Server. Download dan letakkan pada sebuah direktori sebagai contoh
pada direktori /tmp.
vSchool.id 183
Install zimbra.
[vschool@mail zcs-8.6.0_GA_1153.RHEL7_64.20141215151110]
$ sudo ./install.sh
Do you agree with the terms of the software license agreement? [N] y
vSchool.id 184
FOUND: libaio-0.3.109-13
FOUND: libstdc++-4.8.5-4
FOUND: unzip-6.0-15
FOUND: perl-core-5.16.3-286
Found zimbra-core
Found zimbra-ldap
Found zimbra-logger
Found zimbra-mta
Found zimbra-dnscache
Found zimbra-snmp
Found zimbra-store
Found zimbra-apache
Found zimbra-spell
Found zimbra-memcached
Found zimbra-proxy
vSchool.id 185
Install zimbra-memcached [Y] y
Installing:
zimbra-core
zimbra-ldap
zimbra-logger
zimbra-mta
zimbra-dnscache
zimbra-snmp
zimbra-store
zimbra-apache
zimbra-spell
zimbra-memcached
zimbra-proxy
Removing /opt/zimbra
Removing zimbra crontab entry...done.
Cleaning up zimbra init scripts...done.
Cleaning up /etc/ld.so.conf...done.
Cleaning up /etc/security/limits.conf...done.
Installing packages
zimbra-core......zimbra-core-8.6.0_GA_1153.RHEL7_64-20141215151110.x8
6_64.rpm...done
zimbra-ldap......zimbra-ldap-8.6.0_GA_1153.RHEL7_64-20141215151110.x8
6_64.rpm...done
zimbra-logger......zimbra-logger-8.6.0_GA_1153.RHEL7_64-2014121515111
0.x86_64.rpm...done
zimbra-mta......zimbra-mta-8.6.0_GA_1153.RHEL7_64-20141215151110.x86_
vSchool.id 186
64.rpm...done
zimbra-dnscache......zimbra-dnscache-8.6.0_GA_1153.RHEL7_64-201412151
51110.x86_64.rpm...done
zimbra-snmp......zimbra-snmp-8.6.0_GA_1153.RHEL7_64-20141215151110.x8
6_64.rpm...done
zimbra-store......zimbra-store-8.6.0_GA_1153.RHEL7_64-20141215151110.
x86_64.rpm...done
zimbra-apache......zimbra-apache-8.6.0_GA_1153.RHEL7_64-2014121515111
0.x86_64.rpm...done
zimbra-spell......zimbra-spell-8.6.0_GA_1153.RHEL7_64-20141215151110.
x86_64.rpm...done
zimbra-memcached......zimbra-memcached-8.6.0_GA_1153.RHEL7_64-2014121
5151110.x86_64.rpm...done
zimbra-proxy......zimbra-proxy-8.6.0_GA_1153.RHEL7_64-20141215151110.
x86_64.rpm...done
Operations logged to /tmp/zmsetup04212016-220939.log
Installing LDAP configuration database...done.
Setting defaults...
Interface: 127.0.0.1
Interface: ::1
Interface: 192.168.1.252
Interface: 10.0.2.11
Interface: 192.168.122.1
done.
Checking for port conflicts
Port conflict detected: 53 (zimbra-dnscache)
Port conflicts detected! - Press Enter/Return key to continue
Main menu
vSchool.id 187
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-logger: Enabled
4) zimbra-mta: Enabled
5) zimbra-dnscache: Enabled
6) zimbra-snmp: Enabled
7) zimbra-store: Enabled
+Create Admin User: yes
+Admin user to create: admin@vschool.com
******* +Admin Password UNSET
+Anti-virus quarantine user:
virus-quarantine.t5k0lyzn@vschool.com
+Enable automated spam training: yes
+Spam training user: spam.4rs8aj4b@vschool.com
+Non-spam(Ham) training user: ham.kdytx5zk@vschool.com
+SMTP host: mail.vschool.com
+Web server HTTP port: 8080
+Web server HTTPS port: 8443
+Web server mode: https
+IMAP server port: 7143
+IMAP server SSL port: 7993
+POP server port: 7110
+POP server SSL port: 7995
+Use spell check server: yes
+Spell server URL:
http://mail.vschool.com:7780/aspell.php
+Enable version update checks: TRUE
+Enable version update notifications: TRUE
+Version update notification email: admin@vschool.com
+Version update source email: admin@vschool.com
+Install mailstore (service webapp): yes
+Install UI (zimbra,zimbraAdmin webapps): yes
8) zimbra-spell: Enabled
9) zimbra-proxy: Enabled
10) Default Class of Service Configuration:
s) Save config to file
x) Expand menu
q) Quit
Store configuration
vSchool.id 188
1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: admin@vschool.com
** 4) Admin Password UNSET
5) Anti-virus quarantine user:
virus-quarantine.t5k0lyzn@vschool.com
6) Enable automated spam training: yes
7) Spam training user: spam.4rs8aj4b@vschool.com
8) Non-spam(Ham) training user: ham.kdytx5zk@vschool.com
9) SMTP host: mail.vschool.com
10) Web server HTTP port: 8080
11) Web server HTTPS port: 8443
12) Web server mode: https
13) IMAP server port: 7143
14) IMAP server SSL port: 7993
15) POP server port: 7110
16) POP server SSL port: 7995
17) Use spell check server: yes
18) Spell server URL:
http://mail.vschool.com:7780/aspell.php
19) Enable version update checks: TRUE
20) Enable version update notifications: TRUE
21) Version update notification email: admin@vschool.com
22) Version update source email: admin@vschool.com
23) Install mailstore (service webapp): yes
24) Install UI (zimbra,zimbraAdmin webapps): yes
Store configuration
1) Status: Enabled
2) Create Admin User: yes
3) Admin user to create: admin@vschool.com
4) Admin Password set
5) Anti-virus quarantine user:
virus-quarantine.t5k0lyzn@vschool.com
6) Enable automated spam training: yes
7) Spam training user: spam.4rs8aj4b@vschool.com
8) Non-spam(Ham) training user: ham.kdytx5zk@vschool.com
vSchool.id 189
9) SMTP host: mail.vschool.com
10) Web server HTTP port: 8080
11) Web server HTTPS port: 8443
12) Web server mode: https
13) IMAP server port: 7143
14) IMAP server SSL port: 7993
15) POP server port: 7110
16) POP server SSL port: 7995
17) Use spell check server: yes
18) Spell server URL:
http://mail.vschool.com:7780/aspell.php
19) Enable version update checks: TRUE
20) Enable version update notifications: TRUE
21) Version update notification email: admin@vschool.com
22) Version update source email: admin@vschool.com
23) Install mailstore (service webapp): yes
24) Install UI (zimbra,zimbraAdmin webapps): yes
Main menu
1) Common Configuration:
2) zimbra-ldap: Enabled
3) zimbra-logger: Enabled
4) zimbra-mta: Enabled
5) zimbra-dnscache: Enabled
6) zimbra-snmp: Enabled
7) zimbra-store: Enabled
8) zimbra-spell: Enabled
9) zimbra-proxy: Enabled
10) Default Class of Service Configuration:
s) Save config to file
x) Expand menu
q) Quit
vSchool.id 190
Initializing core config...Setting up CA...done.
Deploying CA to /opt/zimbra/conf/ca ...done.
Creating SSL zimbra-store certificate...done.
Creating new zimbra-ldap SSL certificate...done.
Creating new zimbra-mta SSL certificate...done.
Creating new zimbra-proxy SSL certificate...done.
Installing mailboxd SSL certificates...done.
Installing MTA SSL certificates...done.
Installing LDAP SSL certificate...done.
Installing Proxy SSL certificate...done.
Initializing ldap...done.
Setting replication password...done.
Setting Postfix password...done.
Setting amavis password...done.
Setting nginx password...done.
Setting BES searcher password...done.
Creating server entry for mail.vschool.com...done.
Setting Zimbra IP Mode...done.
Saving CA in ldap ...done.
Saving SSL Certificate in ldap ...done.
Setting spell check URL...done.
Setting service ports on mail.vschool.com...done.
Setting zimbraFeatureTasksEnabled=TRUE...done.
Setting zimbraFeatureBriefcasesEnabled=TRUE...done.
Setting Master DNS IP address(es)...done.
Setting DNS cache tcp lookup preference...done.
Setting DNS cache udp lookup preference...done.
Setting DNS tcp upstream preference...done.
Setting TimeZone Preference...done.
Initializing mta config...done.
Setting services on mail.vschool.com...done.
Adding mail.vschool.com to zimbraMailHostPool in default COS...done.
Creating domain vschool.com...done.
Setting default domain name...done.
Creating domain vschool.com...already exists.
Creating admin account admin@vschool.com...done.
Creating root alias...done.
Creating postmaster alias...done.
Creating user spam.4rs8aj4b@vschool.com...done.
Creating user ham.kdytx5zk@vschool.com...done.
Creating user virus-quarantine.t5k0lyzn@vschool.com...done.
Setting spam training and Anti-virus quarantine accounts...done.
Initializing store sql database...done.
Setting zimbraSmtpHostname for mail.vschool.com...done.
vSchool.id 191
Configuring SNMP...done.
Setting up syslog.conf...done.
Starting servers...done.
Installing common zimlets...
com_zimbra_adminversioncheck...done.
com_zimbra_attachcontacts...done.
com_zimbra_attachmail...
com_zimbra_attachmail...done.
com_zimbra_bulkprovision...done.
com_zimbra_cert_manager...done.
com_zimbra_clientuploader...done.
com_zimbra_date...done.
com_zimbra_email...done.
com_zimbra_mailarchive...done.
com_zimbra_phone...done.
com_zimbra_proxy_config...done.
com_zimbra_srchhighlighter...done.
com_zimbra_tooltip...done.
com_zimbra_url...done.
com_zimbra_viewmail...done.
com_zimbra_webex...done.
com_zimbra_ymemoticons...done.
Finished installing common zimlets.
Restarting mailboxd...done.
Creating galsync account for default domain...done.
vSchool.id 192
Permit port service pada firewall yang terkait dengan aplikasi Zimbra, seperti
berikut.
vSchool.id 193
Lab 2 : Configure and Manage Zimbra
Tujuan :
Setelah instalasi Zimbra Mail Server berhasil maka kita bisa membuka Zimbra
Web Admin sebagai berikut. https://mail.vschool.com:7071/zimbraAdmin
Setelah masuk sebagai admin kita bisa membuat account pengguna email
pada menu Home > Manage > Accounts.
vSchool.id 194
Klik option > New
Isikan informasi account yang akan dibuat seperti username dan password.
Setelah buat beberapa account kemudian untuk login sebagai pengguna email
adalah dengan masuk ke alamat https://mail.vschool.com:8443, isikan
username dan password pengguna email.
vSchool.id 195
Apabila baru pertama login pengguna email diminta untuk mengubah
password default-nya.
vSchool.id 196
Berikut tampilan inbox dari user email.
vSchool.id 197
Berikut contoh penerimaan email user budi dari user siti.
vSchool.id 198