Welcome to my blog :)

rss

Rabu, 22 Desember 2010

SERVER DEBIAN

KONFIGURASI NETWORK CARD
>konfigurasi network
#nano /etc/network/interfaces

# The primary network interface
allow-hotplug eth0
iface eth0 inet static
        address 192.168.1.1
        netmask 255.255.255.240
        network 192.168.1.0
        broadcast 192.168.1.15
        gateway 192.168.1.1
        # dns-* options are implemented by the resolvconf package, if installed
        dns-nameservers 192.168.1.1
        dns-search server.net

>>untuk keluar dan save tekan tombol ctrl+x >y (yes)


>Konfigurasi Hosts
#nano /etc/hosts

127.0.0.1         localhost
192.168.1.1     server.net      server

# The following lines are desirable for IPv6 capable hosts
::1     ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

>>untuk keluar dan save tekan tombol ctrl+x >y (yes)

#nano /etc/resolv.conf

search server.net
domain server.net
nameserver 192.168.1.1

>>untuk keluar dan save tekan tombol ctrl+x >y (yes)

>kemudian restart network dengan cara:
#/etc/init.d/networking restart
Reconfiguring network interfaces...done


2. KONFIGURASI NAME SERVER
File /etc/hosts ini berisi daftar penerjemahan nama mesin ke alamat IP mesin yang bisa digunakan juga untuk
melakukan penerjemahan slsmst IP ke nama. Dengan memiliki file ini, mesin Linux dapat menggunakan nama yang
lebih mudah diingat untuk memanggil atau mengakses mesin lain dalam jaringan,
  • Edit file /etc/ hosts
bafadhiro :~# editor /etc/ hosts
127.0.0.1 localhost
192.168.0.1 bafadhiro.alideb.com bafadhiro

# The following lines are desirable for IPv6 capable hosts
::1 ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

3. KONFIGURASI IP ADDRESS
  • Edit file /etc/resolv.conf
bafadhiro :~# editor /etc/resolv.conf
search alideb.com
nameserver 192.168.0.1

4. DNS

Domain Name Server (DNS) digunakan untuk translasi dari IP address ke nama host yang lebih mudah diingat atau sebaliknya.
  • Manginstall DNS
bafadhiro :~# apt-get install bind
  • Menambah scripts pada file /etc/bind/named.conf atau pada file /etc/bind/named.conf.local untuk membuat zone forward dan zone reverse.
anda konfigurasi pada
bafadhiro :~# editor /etc/bind/named.conf
// This is the primary configuration file for the BIND DNS server named.
//
// Please read /usr/share/doc/bind/README.Debian for information on the
// structure of BIND configuration files in Debian for BIND versions 8.2.1
// and later, *BEFORE* you customize this configuration file.
//

include "/etc/bind/named.conf.options";

// reduce log verbosity on issues outside our control
logging {
category lame-servers { null; };
category cname { null; };
};

// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
type master;
file "/etc/bind/db.local";
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};

Tambahkan berikut :
zone "kel4.net" {
type master;
file "foward";
};

zone "0.110.200.in-addr.arpa" {
type master;
file "reverse";
};

// add local zone definitions here
include "/etc/bind/named.conf.local";
atau anda konfigurasi pada
bafadhiro :~# editor /etc/bind/named.conf. local
//
// Add local zone definitions here.
  • Membuat file baru untuk zone forward pada direktori /var/cache/bind/
bafadhiro :~# editor /var/cache/bind/forward
Ketikkan scripts dibawah ini :
@ IN SOA ns.alideb.com. admin.alideb.com. (
2008022401
28800
14400
3600000
86400 )
@ IN NS ns.alideb.com.
IN MX 10 mail.alideb.com.
ns IN A 192.168.0.1
www IN A 192.168.0.1
ftp IN A 192.168.0.1
mail IN A 192.168.0.1
  • Membuat file baru untuk zone reverse pada direktori /var/cache/bind/
bafadhiro :~# editor /var/cache/bind/reverse
Ketikkan scripts dibawah ini :
@ IN SOA ns.alideb.com. admin.alideb.com. (
2008022402
28800
14400
3600000
86400 )
IN NS ns.alideb.com.
1 IN PTR ns.alideb.com.

NS.menyatakan Name Server yang berlaku.@ IN NS ns.alideb.com.
A.menyatakan Address Internet atau alamat IP dari mesin yang ditangani oleh DNS
@ IN A 192.168.0.1
alideb IN A 192.168.0.1
CNAME,menyatakan nama Alias (Canonical Name). Contoh berikut ini menyatakan bahwa mail adalah nama alias dari alideb
mail IN CNAME alideb.

PTR,menyatakan pointer, yaitu reversed-address. Contoh berikut ini menyatakan bahwa IP 192.168.0.1 dipetakan ke nama domian atau subdomain alideb
alideb IN A 192.168.0.1
1.0.168.192.in-addr.arpa.
IN PTR alideb.
MX,menyatakan Mail Exchanger, digunakan untuk menunjuk mail server yang menangani email domain atau subdomain ini. Contoh berikut ini menentukankan bahwa email untuk mail.alideb.com akan diterima oleh mail server dengan prioritas lebih tinggi (mail.alideb.com). Angka yang lebih kecil merupakan prioritas yang lebih tinggi. Angka yang dimaksud adalah kolom ke-3 pada MX. Mail server pada prioritas selanjutnya akan dihubungi apabila mail server sebelumnya down atau crash
digital IN MX 0 mail.alideb.com.
IN MX 10 mail.alideb.com.

HINFO,memberikan keterangan tentang perangkat keras yang digunakan serveralideb IN HINFO "Intel pentium 4 class"
TXT.menyatakan infomasi umumalideb IN TXT "tempatku : bangil"

  • Menambahkan nomor DNS Server pada file /etc/bind/named.conf.options untuk dijadikan sebagai forwarders atau DNS lokal
bafadhiro :~# editor /etc/bind/named.conf.options
Ketikkan nomor DNS yang ada dibawah forwarders dan buang tanda // didepan scripts tersebut.
options {
directory "/var/cache/bind";

// from bind 9:
// [fetch-glue] is obsolete. In BIND 8, fetch-glue yes caused the
// server to attempt to fetch glue resource records it didn't have
// when constructing the additional data section of a response.
// This is now considered a bad idea and BIND 9 never does it.

fetch-glue no;

// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.

// query-source address * port 53;

// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.

// forwarders {
// 0.0.0.0;
// };
};
  • Mensetting Resolver pada file /etc/resolv.conf
bafadhiro :~# editor /etc/resolv.conf
search alideb.com
nameserver 192.168.0.1
nameserver 202.134.0.155
nameserver 202.134.1.10
  • Merestart layanan bind
bafadhiro :~# /etc/init.d/bind restart
  • Mengetes DNS yang sudah di konfigurasi
bafadhiro :~# nslookup
>ns.alideb.com
Server: 192.168.0.1
Address: 192.168.0.1#53

Name: ns.alideb.com
Address: 192.168.0.1

bafadhiro :~# nslookup
>192.168.0.1
Server: 192.168.0.1
Address: 192.168.0.1#53

1.0.168.192.in-addr.arpa name = ns.alideb.com.


5. WEB SERVER
  • Menginstall paket yang dibutuhkan yaitu apache2
bafadhiro :~# apt-get install apache2 php5 links2
  • Mengetik perintah a2enmod agar web server yang di konfigurasi multi user
bafadhiro :~# a2enmod userdir
  • Membuat folder public_html pada direktori /etc/skel agar setiap user yang dibuat mempunyai public_html
bafadhiro : /etc/skel # mkdir public_html
  • Merestart layanan apache2
bafadhiro :~# /etc/init.d/apache2 restart
  • Mengetes web server yang sudah di konfigurasi
bafadhiro :~# links www.alideb.com
  • Untuk mengubah setingan anda dapat mengkonfigurasi file /etc/apache2/sites-enabled/000-default
bafadhiro :~# editor /etc/apache2/sites-enabled/000-default
NameVirtualHost 192.168.0.1
<VirtualHost 192.168.0.1>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
RedirectMatch ^/$ /apache2-default/
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog /var/log/apache2/access.log combined
ServerSignature On
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>

</VirtualHost> 


6. WEB SCURE
  • Menginstall paket yang dibutuhkan yaitu apache2 php5 libapache2-mod-php5
bafadhiro :~# apt-get install apache2 php5 links2 libapache2-mod-php5
  • Mengcopy file /etc/apache2/sites-available/default menjadi /etc/apache2/sites-available/website-ssl
bafadhiro :~# cp /etc/apache2/sites-available/default /etc/apache2/sites-available/website-ssl
  • Membuat link untuk mengaktifkan modul ssl pada saat apache di load
bafadhiro :~# a2ensite website-ssl
  • Mengaktifkan modul php5
bafadhiro :~# a2enmod php5
  • Mengaktifkan modul ssl
bafadhiro :~# a2enmod ssl
  • Mengedit file /etc/apache2/sites-enabled/website-ssl
bafadhiro :~# editor /etc/apache2/sites-enabled/website-ssl
Tambahkan port 443 dan scripts dibawah ini
NameVirtualHost *
<VirtualHost *>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
# This directive allows us to have apache2's default start page
# in /apache2-default/, but still have / go to the right place
RedirectMatch ^/$ /apache2-default/
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog /var/log/apache2/access.log combined
ServerSignature On

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>

</VirtualHost>
  • Membuat directory ssl di dalam directory /etc/apache2
bafadhiro :~# mkdir /etc/apache2/ssl
  • Membuat sertifikat SSL
bafadhiro :~# openssl req $@ -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.pem
 
jika anda mendapatkan masalah ketika menggunakan perintah openssl anda harus mengintal paket tersebut biasany paket tersebut terdapat dalam disk2 dan disk1 sehingga anda harus mengenalkan disk2 ke os anda dengan cara
bafadhiro :~# apt-cdrom add
  • Menambahkan port listen untuk SSL pda file /etc/apache2/ports.conf
bafadhiro :~# editor /etc/apache2/ports.conf
listen 80
  • Merestart layanan apache2
bafadhiro :~# /etc/init.d/apache2 restart
  • Mengetes web server yang sudah di konfigurasi
bafadhiro :~# links2 https://www.alideb.com
pada web browse akantampil pesan berikut



7. FTP SERVER
1. Memberikan ip untuk server FTP
#vim /etc/network/interfaces
address 192.168.1.1
netmask 255.255.255.0
broadcast 192.168.1.255
network 192.168.1.0
2. Menginstall packet (vsftpd /Very Secure FTP Daemond)
#apt-get install vsftpd
3. Mengkonfigurasi FTP Server
#vim /etc/vsftpd.conf
#
anonymous_enable=NO (mendisable user anonymous)
#Uncomment this to enable any form of FTP write command.
local_enable=YES (mengaktifkan user lokal_
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd’s)
#local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages – messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using “root” for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command “SIZE /big/file” in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
4. Menjalankan vsftpd
#/etc/init.d/vsftpd restart
5. Menguji server ftp
#telnet localhost 21
kelau pesan yang muncul conected to localhost —> server sudah jalan
Kalau pesan conection refused ——> server tidak jalan
6. Mencoba upload/download file
#ftp localhost atau #ftp nomor_ip komputer
masukkan user
masukkan password
untuk upload —>put atau mput
untuk download —>get atau mget
untuk pindah direktori —-> cd
untuk melihat isi direktor —>ls
Kalau di windows pakai filezilla atau wsftp
Letak file
login user system maka letak file di /home/user
login anonymous maka letak file di /home/ftp


8. DHCP SERVER
1. Install paket dhcp server
# apt-get install dhcp3-server
2. Konfigurasi dhcp server
# mcedit  /etc/dhcp3/dhcp.conf
Konfigurasi utama DHCP Server terletak pada /etc/dhcp3/dhcpd.conf.
optiondomain-name-servers 192.168.254.1;
subnet 192.168.254.0 netmask 255.255.255.0 {
range 192.168.254.1 192.168.254.10;
optiondomain-name-servers 192.168.254.1;
option domain-name “testing.com”;
option routers 192.168.254.1;
option broadcast-address 192.168.252.15;
default-lease-time 3600;
max-lease-time 7200;
}
keterangan: pada baris pertama merupakan subnet dan netmask, baris kedua adalah range ip address yang kita alokasikan untuk klien, baris ketiga pemberian DNS untuk klien, baris keempat adalah name buat klien, baris kelima merupakan router ip, baris keenam merupakan broadcast ip, baris ketujuh adalah default waktu sewa dan baris terakhir maksimum waktu sewa.
3. Konfigurasi interface default
# mcedit /etc/default/dhcp
Konfigurasi utama DHCP server terletak pada /etc/default/dhcp
INTERFACE=”eth0″
(interface yang digubakan sbg dhcp server)
Restart DHCP server
$ /etc/init.d/dhcp3-server restart jika tidak ada error, berarti konfigurasi telah benar
4. Konfigurasi interface card
auto eth0
iface eth0 inet static
address 192.168.254.1
netmask 255.255.255.0
network 192.168.254.0
broadcast 192.168.254.255
gateway 192.168.254.1
5. Client konfigurasi
Rubah file berikut
# mcedit /etc/network/interfaces
masukkan konfigurasi:
auto eth0
iface eth0 inet dhcp
kemudian restart service networking
# /etc/init.d/networking restart
kemudian cek IP address
# ifconfig


9. MAIL SERVER
  • Menginstall paket yang dibutuhkan yaitu postfix, courier-imap, squirrelmail
bafadhiro :~# apt-get install postfix squirrelmail
Pilih Ok
Pilih Internet Site
Isikan mail.kel4.net

Pilih Yes


CATATAN
Apabila muncul kesalahan


Remove program
exim4
exim4-config
exim4-daemon-light
exim4-base
bafadhiro :~# Apt-get remove --purge exim4 exim4-config exim4-daemon-light exim4-base
Mengedit file /etc/postfix/main.cf
bafadhiro :~# editor /etc/postfix/main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version

# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = bafadhiro.alideb.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = mail.alideb.com, bafadhiro.alideb.com, localhost.alideb.com, localhost
relayhost =
mynetworks = 127.0.0.0/8
mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
home_mailbox = Maildir/


9. INSTALASI DOVECOT POP3/IMAP SERVER
 
Instalasi dovecot POP3/IMAP menggunakan perintah berikut.
bafadhiro :~# apt-get install dovecot-imapd dovecot-pop3d dovecot-common
perhatian pada sebagian cd paket dovecot-pop3d terdapat pada disk 2 /dvd2
pada saat kita memasukan dvd debian disk ke 2 debian tidak mengenali isi cd tersebut oleh karna itu kita perlu meng add dvd disk 2 dengan cara
bafadhiro :~# apt-cdrom add
Edit baris berikut pada file konfigurasi
bafadhiro :~# editor /etc/dovecot/dovecot.conf
 
Berikut yang harus diganti pada Instalasi Dovecot POP3/IMAP Server
protocols =    (21)
#disable_plaintext_auth = yes    (46)
pop3_uidl_format = %08Xu%08Xv    (602)
#   mail_location = mbox:~/mail:INBOX=/var/mail/%u    (203)
auth default {    (738)
  mechanisms = plain    (741)
  passdb pam {    (777)
}    (806)
  userdb passwd {    (875)
  }    (876)
  #socket listen {    (948)
    #client {    (961)
      # The client socket is generally safe to export to everyone. Typical use    (962)
      # is to export it to your SMTP server so it can do SMTP AUTH lookups    (963)
      # using it.    (964)
      #path = /var/run/dovecot/auth-client    (965)
      #mode = 0660    (966)
    #}    (967 / 969)
  #}    (968 / 970)


Menjadi
Ubalah kata kata diatas hingga menjadi kata seperti dibawah ini
protocols = pop3 imap
disable_plaintext_auth = no
pop3_uidl_format= %08Xu%08Xv
mail_location = mbox:~/mail:INBOX=/var/mail/%u
auth default2 {
mechanisms = plain login
passdb pam {
}
userdb passwd {
}
socket listen {
  client {
    # The client socket is generally safet to everyone. Typical use    (962)
    # is to export it to your SMTP server so it can do SMTP AUTH lookups    (963)
    # using it.
       path = /var/run/dovecot/auth-client
       mode = 0660
       user = postfix
       group = postfix
10. MENSETTING SQUIRRELMAIL

bafadhiro :~# /etc/squirrelmail/conf.pl
Tekan 2 > enter

kemudian tekan 1 > enter
untuk mensetting domain. Isikan alideb.com


Tekan r > enter

tekan d > enter untuk mensetting spesific IMAP Server.

Isikan courier.

 Tekan s > enter untuk menyimpan konfigurasi.



Tekan q > enter untuk keluar

Membuat symlink untuk apache2 ada 2 cara
Cara 1
bafadhiro :~# ln –s /etc/squirrelmail/apache.conf /etc/apache2/conf.d/squirrelmail.conf
Cara 2   
atau tambahkan kata Include /etc/squirrelmail/apache.conf ke dalam file  /etc/apache2/apache2.conf
#<IfModule mod_info.c>
    #
    # Allow remote server configuration reports, with the URL of
    #  http://servername/server-info (requires that mod_info.c be loaded).
    # Change the ".example.com" to match your domain to enable.
    #
    #<Location /server-info>
    #    SetHandler server-info
    #    Order deny,allow
    #    Deny from all
    #    Allow from .example.com
    #</Location>
#</IfModule>

# Include the virtual host configurations:
Include /etc/apache2/sites-enabled/

Membuat Directory Maildir untuk menyimpan e-mail yang masuk pada directory /etc/skel
bafadhiro : /etc/skel# maildirmake Maildir
Restart layanan postfix, courier-imap dan apache2
bafadhiro :~# /etc/init.d/postfix restart
bafadhiro :~# /etc/init.d/ dovecot restart
bafadhiro :~# /etc/init.d/apache2 restart
Mengetest mail server yang sudah dikonfigurasi
bafadhiro :~# links www.alideb.com/squirrelmail 

        Tampilan pada program links                    tampilan pada web browser
Diposting oleh booss_oemar di 17.36 0 komentar
Langganan: Postingan (Atom)