konfigurasi server latihan LKS 2015 (klaten)

Setelah install debian

1.       #nano /etc/apt/source.list

2.       #nano /etc/network/interface

ð  Tambahkan IP eth1 dan netmask nya saja

ð  Pada dns-name-server tambahkan IP eth1

ð  #service networking restart

3.       #apt-get install resolvconf

4.       #nano /etc/resolv.conf

5.       Samakan hostname

ð  Nano /etc/hosts

ð  echo jogsa.net > /etc/hostname

ð  /etc/init.d/hostname.sh

ð  Hostname && hostname -f

6.       Install DHCP (CD 2)

ð  #apt-get install isc-dhcp-server

ð  Nano /etc/dhcp/dhcp.conf

ð  Nano /etc/default/isc-dhcp-server

ð  Service isc-dhcp-server start

7.       #nano  /etc/sysctl.conf

ð  Ctrl+w forwarding => hilangkan (#)

8.       #sysctl –p

9.       Iptables  -t nat  -A POSTROUTING  -o eth1  -j MASQUERADE

10.   Web server

ð  #apt-get install apache2 php5

ð  #nano /var/www/html/test.php

ð  #apt-get install  mysql-server

ð  #apt-get install phpmyadmin

11.   DNS

ð  #apt-get install bind9

ð  #cd /etc/bind/

ð  #nano named.conf.local

ð  #cp db.local db.jogsa

ð  #cp db.127 db.192

ð  #nano db.jogsa

ð  #nano db.192

ð  #service bind9 restart

ð  cek

12.   SSH

ð  Ganti port SSH

ð  #nano /etc/ssh/sshd_config

ð  #service SSH restart

13.   Samba

ð  #apt-get install samba

ð  #nano /etc/samba/smb.conf

[smk.net]

path = /home/aku

browseable = yes

writeable = yes

guest ok = no

public = no

read only = no

security = user

ð  #smbpasswd –a aku

ð  #service samba restart

ð  Cek

14.   Ftp

ð  #apt-get install proftpd

ð  #nano /etc/proftpd/proftpd.conf

ð  #adduser aku

ð  #service proftpd restart

ð  cek

15.   virtual host

ð  #cd /var/www/html

ð  #mkdir portal

ð  #nano /var/www/html/portal/index.html

ð  #cd /etc/apache2/site-available/

ð  #cp 000 (tab) portal

ð  #nano portal => isikan ServerAdmin webmaster@localhost

·         ServerName jogsa.edu

·         ServerAlias portal.jogsa.edu

·         DocumentRoot /var/www/porta

ð  #mv portal portal.conf

ð  a2site portal.conf

ð  service apache2 force-reload

ð  cek

16.   Mail server (CD 1)

ð  #apt-get install postfix courier-pop courier-imap

ð  #maildirmake /etc/skel/Maildir

ð  #nano /etc/postfix/main.cf                 {tambhkn : home_mailbox = Maildir/ }

ð  #dpkg-reconfigure postfix

ð  #service postfix | courier-pop | courier-imap | bind9 | restart

ð  #adduser

ð  #apt-get install squirrelmail

ð  #nano /etc/apache2/apache2.conf                 { tmbhkn : include “/etc/squirrelmail/apache.conf” }

ð  #ln –s /usr/share/squirrelmail/ /var/www/html/mail

ð  Cek

ð  #cd /etc/apache2/sites-available

ð  #cp 000 (tab) mail

ð  #nano mail

ð  #a2ensite mail

ð  #service apache2 restart

ð  cek

17.   NTP Server

ð  #apt-get  install ntp ntpdate

ð  #nano /etc/ntp.conf

o   Ctrl+w ,  server 0.deb (tambhkn : server 127.127.1.0 )

o   Ctrl+w , restrict 192.168 (tmbhkn : IP  | nomodify notrap )

ð  #Service ntp restart

ð  #ntpq –p

ð  #ntpdate –u 127.0.0.1

ð  Jika ganti wktu #date –set 10:11:00  atau #date –set 2015-01-20

ð  Cek

18.   HTTPS

ð  #openssl req -new -x509 -days 365 -nodes -out /etc/apache2/apache2.pem –keyout /etc/apache2/apache2.pem

Country Name (2 letter code) [AU]:ID

State or Province Name (full name) [Some-State]:East Java

Locality Name (eg, city) []:Klaten

Organization Name (eg, company) [Internet Widgits Pty Ltd]:BLC

Organizational Unit Name (eg, section) []:

Common Name (e.g. server FQDN or YOUR name) []:smk.net

Email Address []:admin@smk.net

ð  #a2enmod ssl

ð  #service apache2 restart

ð  #nano /etc/apache2/ports.conf

ð  #nano /etc/apache2/sites-available/00 (TAB)

<VirtualHost *:443>

ServerName smk.net

ServerAlias www.smk.net

SSLEngine on

SSLCertificateFile /etc/apache2/apache2.pem

</VirtualHost

ð  #service apache2 restart

ð  Cek  https://192.168.20.1

19.   Proxy & nat

1.       #apt-get install squid3 (3 u/ deb.8)

2.       #nano /etc/squid/squid.conf

ð  http_port 3128

·         tambahkan “transparent”

ð  cache_mgr

·         hilangkan (#) edit => “cache_mgr admin@smk.net”

ð  visible_hostname

·         hilangkan (#) edit => “visible_hostname smk.net”

ð  cache_dir ufs /var

·         hilangkan (#) “cache_dir ufs /var/spool/squid 100 16 256”

ð  cache_mem

·         hilangkan (#) ubah mjdi “cache_mem 32MB”

ð  http_access deny all

·         beri tanda # pada “http_access deny all” biasanya terdapat 2 bagian yang sama (harus teliti).

            ð  acl CONNECT

acl local src 192.168.137.0/24 (IP SERVER)

acl blokir dstdomain "/etc/squid3/blokir"

acl blokkey url_regex -i "/etc/squid3/kata.txt"

http_access deny blokir

http_access deny blokkey

http_access allow local

ð  #nano /etc/squid/blokir

kaskus.com

www.kaskus.com

 => #nano /etc/squid/kata.txt

xxx

xx

x

kaskus

situsterlarang

xxxx

xxxxx

=>   #squid3 –z

=>   Cek

ð  #nano  /etc/sysctl.conf

Ctrl+w forwarding => hilangkan (#)

ð  #sysctl –p

ð  #Iptables  -t nat  -A POSTROUTING  -o eth1  -j MASQUERADE

ð  Jika akan membelokkan

#iptables -t nat -A PREROUTING -p tcp -i eth1 -s 192.168.100.0/26 --dport 80 –j REDIRECT --to-port 3128