1. Router 1 export db userman
- /tools user-manager database save name=filename
2. Download file
3. Upload file db to router 2
4. Router 2 import db userman
- /tools user-manager database load name=filename
5. Check userman for verify
Jumat, 12 Mei 2023
Jumat, 05 Mei 2023
Convert virtual disk vm using qemu-img
irham taufik Mei 05, 2023 Proxmox, Server No comments
1. convert raw to vmdk
qemu-img convert -p -f raw -O vmdk /folder/kvm_virtual_machine.raw /folder/kvm_virtual_machine.vmdk
-p: presenting the conversion progress
-f: format of the source image
-O: format of the target image
2. if another virtual hard disk please adjust
ubuntu--vg-ubuntu--lv consume the entire disk space available
irham taufik Mei 05, 2023 Server No comments
# Increase the Physical Volume (pv) to max size
pvresize /dev/sda3
# Expand the Logical Volume (LV) to max size to match
lvresize -l +100%FREE /dev/mapper/ubuntu--vg-ubuntu--lv
# Expand the filesystem itself
resize2fs /dev/mapper/ubuntu--vg-ubuntu--lv
Kamis, 04 Mei 2023
Selasa, 02 Mei 2023
Simple Port Forwarding Ubuntu
irham taufik Mei 02, 2023 Network, Server No comments
1. Enable IP Forwarding
- sysctl net.ipv4.ip_forward=1
2. Add Rule
- iptables -t nat -A PREROUTING -p tcp -d 192.168.23.1 --dport 5544 -j DNAT --to-destination 192.168.2.11:554
3. Ask IPtables to Masquerade
- iptables -t nat -A POSTROUTING ! -s 127.0.0.1 -j MASQUERADE
4. Check config
- iptables -t nat -L
5. Save config
- sudo iptables-save
6. Delete if needed
- sudo iptables -t nat -L --line-numbers
- iptables -t nat -D PREROUTING 1
Sabtu, 29 April 2023
Install SSL Let's Encrypt on Ubuntu - nginx web server
irham taufik April 29, 2023 Nginx, Server No comments
1. Install certbot and nginx plugin
- sudo apt install certbot python3-certbot-nginx -y
2. confirm your web before install SSL
- sudo nano /etc/nginx/sites-available/test.com
3. Check syntax errors
- sudo nginx -t
4. Reload nginx
- sudo systemctl reload nginx
5. Check firewal, if active allow https
- sudo ufw status
- sudo ufw allow 'Nginx Full'
- sudo ufw delete allow 'Nginx HTTP
6. Obtaining an SSL Certificate
- sudo certbot --nginx -d test.com -d www.test.com
7. verify auto renewal
- sudo systemctl status certbot.timer
8. Test renewal proccess
- sudo certbot renew --dry-run
DONE
NOTE: - First, pointing yourdomain. example: www.test.com test.com to public ip address
- For another domain, follow just step 6
Nginx Reverse Proxy on Ubuntu
irham taufik April 29, 2023 Nginx, Server No comments
1. update & upgrade os
- sudo apt update && apt upgrade -y
2. Install nginx
- sudo apt install nginx -y
3. Allow firewall if enable
- sudo ufw allow 'Nginx HTTP'
4. Check status nginx
- systemctl status nginx
5. Config server block for your domain
- sudo nano /etc/nginx/sites-available/test.com
server {
listen 80;
listen [::]:80;
server_name test.com www.test.com;
location / {
proxy_pass http://192.168.0.100;
include proxy_params;
}
}
6. Enable configuration
- sudo ln -s /etc/nginx/sites-available/test.com /etc/nginx/sites-enabled/
7. Check syntax errors
- sudo nginx -t
8. If no problem, restart nginx
- sudo systemctl restart nginx
DONE
Kamis, 27 April 2023
HA and Failover Proxmox
irham taufik April 27, 2023 Proxmox, Server No comments
Requirement
- 3 node
- ZFS local per node
Cluster Node
- Create cluster node
- Copy join infomation
- Click join cluster and paste join infomation
- Enter password and join
- Repeat another node
Setup HA
- Click Add
- Choice VM with enter VM id
Setup Replication
- Click Add
- Enter VM id, target: node 2, Schedule: */1
- Repeat another node
DONE
Testing Failover with force shutdown node 1 (VM Running), waiting 2-3 minute. If VM swap to another node, config success.
Senin, 24 April 2023
Config DKIM for Zimbra Mail Server with cloudflare DNS
irham taufik April 24, 2023 Server, Zimbra No comments
1. Generate DKIM https://dmarcly.com/tools/dkim-record-generator
- Domain: mail.yourdomain.com
- DKIM selector: key1
- DKIM key length: 2048
2. Add new record at cloudflare
- Type: TXT Name: key1._domainkey Content: "v=DKIM1; h=sha256; k=rsa; s=email; " "p=MIIBIjANBgkqhkiG9*****47/dk/Hg" "RUtXY55ENGs693W7ad4VDew6Uwr+2DVHN6****b+wIDAQAB"
3. Verify config https://mxtoolbox.com/dkim.aspx
- Domain Name: yourdomain.com
- Selector: key1
Config Nat 1:1 Public IP to Private IP Mikrotik
irham taufik April 24, 2023 Mikrotik, Network No comments
1. Add Public IP to Public interface
- /ip address add address=202.25.212.12/28 interface=Public
2. Add rule internal server allow access from external network (internet)
- /ip firewall nat add chain=dstnat dst-address=202.25.212.12 action=dst-nat to-addresses=192.168.0.120
3. add rule internal server can talk with outer network (source ip address translated to 192.168.0.120)
- /ip firewall nat add chain=srcnat src-address=192.168.0.120 action=src-nat to-addresses=202.25.212.12
NOTE: if it doesn't work put the rule at the top
DONE