Detach old device (storage) from server
Follow command below
zpool replace -f <pool> <old device> <new device>
zpool replace -f backupvm /dev/sdc1 /dev/sdd
irham taufik Agustus 06, 2023 Proxmox, Server No comments
1. Move HDD/SAS to new server
2. Check pool with command "zpool import"
3. Command "zpool import -f namepool" (Eg: zpool import -f pooltest)
4. If you backup file datastore.cfg (/etc/proxmox-backup/datastore.cfg) restore to new server or you add manually
DONE
Ref: https://openzfs.github.io/openzfs-docs/msg/ZFS-8000-EY/
irham taufik Mei 05, 2023 Proxmox, Server No comments
1. convert raw to vmdk
qemu-img convert -p -f raw -O vmdk /folder/kvm_virtual_machine.raw /folder/kvm_virtual_machine.vmdk
-p: presenting the conversion progress
-f: format of the source image
-O: format of the target image
2. if another virtual hard disk please adjust
irham taufik Mei 05, 2023 Server No comments
# Increase the Physical Volume (pv) to max size
pvresize /dev/sda3
# Expand the Logical Volume (LV) to max size to match
lvresize -l +100%FREE /dev/mapper/ubuntu--vg-ubuntu--lv
# Expand the filesystem itself
resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv
irham taufik Mei 02, 2023 Network, Server No comments
1. Enable IP Forwarding
- sysctl net.ipv4.ip_forward=1
2. Add Rule
- iptables -t nat -A PREROUTING -p tcp -d 192.168.23.1 --dport 5544 -j DNAT --to-destination 192.168.2.11:554
3. Ask IPtables to Masquerade
- iptables -t nat -A POSTROUTING ! -s 127.0.0.1 -j MASQUERADE
4. Check config
- iptables -t nat -L
5. Save config
- sudo iptables-save
6. Delete if needed
- sudo iptables -t nat -L --line-numbers
- iptables -t nat -D PREROUTING 1
irham taufik April 29, 2023 Nginx, Server No comments
1. Install certbot and nginx plugin
- sudo apt install certbot python3-certbot-nginx -y
2. confirm your web before install SSL
- sudo nano /etc/nginx/sites-available/test.com
3. Check syntax errors
- sudo nginx -t
4. Reload nginx
- sudo systemctl reload nginx
5. Check firewal, if active allow https
- sudo ufw status
- sudo ufw allow 'Nginx Full'
- sudo ufw delete allow 'Nginx HTTP
6. Obtaining an SSL Certificate
- sudo certbot --nginx -d test.com -d www.test.com
7. verify auto renewal
- sudo systemctl status certbot.timer
8. Test renewal proccess
- sudo certbot renew --dry-run
DONE
NOTE: - First, pointing yourdomain. example: www.test.com test.com to public ip address
- For another domain, follow just step 6
irham taufik April 29, 2023 Nginx, Server No comments
1. update & upgrade os
- sudo apt update && apt upgrade -y
2. Install nginx
- sudo apt install nginx -y
3. Allow firewall if enable
- sudo ufw allow 'Nginx HTTP'
4. Check status nginx
- systemctl status nginx
5. Config server block for your domain
- sudo nano /etc/nginx/sites-available/test.com
server {
listen 80;
listen [::]:80;
server_name test.com www.test.com;
location / {
proxy_pass http://192.168.0.100;
include proxy_params;
}
}
6. Enable configuration
- sudo ln -s /etc/nginx/sites-available/test.com /etc/nginx/sites-enabled/
7. Check syntax errors
- sudo nginx -t
8. If no problem, restart nginx
- sudo systemctl restart nginx
DONE
irham taufik April 27, 2023 Proxmox, Server No comments
Requirement
- 3 node
- ZFS local per node
Cluster Node
- Create cluster node
- Copy join infomation
- Click join cluster and paste join infomation
- Enter password and join
- Repeat another node
Setup HA
- Click Add
- Choice VM with enter VM id
Setup Replication
- Click Add
- Enter VM id, target: node 2, Schedule: */1
- Repeat another node
DONE
Testing Failover with force shutdown node 1 (VM Running), waiting 2-3 minute. If VM swap to another node, config success.
irham taufik April 24, 2023 Server, Zimbra No comments
1. Generate DKIM https://dmarcly.com/tools/dkim-record-generator
- Domain: mail.yourdomain.com
- DKIM selector: key1
- DKIM key length: 2048
2. Add new record at cloudflare
- Type: TXT Name: key1._domainkey Content: "v=DKIM1; h=sha256; k=rsa; s=email; " "p=MIIBIjANBgkqhkiG9*****47/dk/Hg" "RUtXY55ENGs693W7ad4VDew6Uwr+2DVHN6****b+wIDAQAB"
3. Verify config https://mxtoolbox.com/dkim.aspx
- Domain Name: yourdomain.com
- Selector: key1
irham taufik April 24, 2023 Server, Zimbra No comments
1. Setup domain
- Type: A Host: mail Value: public IP
- Type: MX Host: @ Value: mail.youdomain.com
2. Update & Upgrade your Ubuntu Server
- sudo -i
- apt update && apt upgrade -y
3. Set Hostname & host
- hostnamectl set-hostname mail.yourdomain.com
- sudo -i
- nano /etc/hosts
PublicIP mail.yourdomain.com
4. Install DNSmasq & disable systemd-resolve
- systemctl disable systemd-resolved
- systemctl stop systemd-resolved
- ls -lh /etc/resolv.conf
- rm -f /etc/resolv.conf
- nano /etc/resolv.conf
nameserver 8.8.8.8
- apt install dnsmasq -y
5. Config DNSmasq
- cp /etc/dnsmasq.conf /etc/dnsmasq.conf.bak
- nano /etc/dnsmasq.conf
server= PublicIP
domain= yourdomain.com
mx-host= yourdomain.com, mail.yourdomain.com, 5
mx-host= mail.yourdomain.com, mail.yourdomain.com, 5
listen-address=127.0.0.1
- dig -t A mail.yourdomain.com
- dig -t MX yourdomain.com
6. Install Zimbra
- wget https://files.zimbra.com/downloads/8.8.15_GA/zcs-8.8.15_GA_4179.UBUNTU20_64.20211118033954.tgz
- tar xvzf zcs-8.8.15_GA_4179.UBUNTU20_64.20211118033954.tgz
- cd zcs-8.8.15_GA_4179.UBUNTU20_64.20211118033954
- ./install.sh (choice Y, waiting full done)
7. Set admin password
- choice zimbra-store
- choice Admin Password (set password)
- r (back to menu)
- a (to apply)
- yes
8. Done, access with browser
- https://mail.yourdomain.com:7071 (Zimbra Admin, for create account etc)
- https://mail.yourdomain.com (Web mail GUI)
irham taufik April 23, 2023 Server, Zimbra No comments
Source:
https://community.letsencrypt.org/t/zimbra-certbot-letsencrypt-certificate-and-private-key-do-not-match/188530/2
https://forums.zimbra.org/viewtopic.php?t=69645
https://inguide.in/how-to-install-free-ssl-certificate-on-zimbra-mail-server/
irham taufik Juli 27, 2022 Network, Server No comments
config ipsec site to site strongswan
======================
/etc/ipsec.secrets
# This file holds shared secrets or RSA private keys for authentication.
# RSA private key for this host, authenticating it to any other host
# which knows the public part.
publicip-site1 publicip-site2 : PSK "secret"
===============
/etc/ipsec.conf
config setup
charondebug="all"
uniqueids=yes
conn site1-to-site2
type=tunnel
auto=start
keyexchange=ikev2
authby=secret
left=public-ip-site1
leftsubnet=192.168.0.0/29
right=public-ip-site2
rightsubnet=192.168.1.0/29
ike=aes256-sha256-modp1024
esp=aes256
aggressive=no
keyingtries=%forever
ikelifetime=28800s
lifetime=3600s
dpddelay=30s
dpdtimeout=120s
dpdaction=restart
irham taufik Desember 02, 2017 Server No comments
irham taufik Oktober 22, 2017 Server, VirtualBox No comments