Jekyll2019-12-03T06:02:26+00:00/Menulis agar tak hilang ingatanMuslim - DevOps - System Admin - Network EngineerTohir[DOC] Simple Docker for Productivity (Cross DB ePuskesmas)2019-12-03T00:00:00+00:002019-12-03T00:00:00+00:00/document/doc-sharing-session-phpmyadmin-portainer-docker-mysql<p>Berikut adalah arsip dokumen yang penulis pakai di sesi sharing dengan tim developers beberapa bulan awal 2019 yang lalu di PT Infokes Indonesia.</p>
<embed src="/assets/arsip/Sharing_session_Docker_for_Cross_DB.pdf" width="100%" height="100%" type="application/pdf" />TohirBerikut adalah arsip dokumen yang penulis pakai di sesi sharing dengan tim developers beberapa bulan awal 2019 yang lalu di PT Infokes Indonesia.Membuat Web Aplikasi Sederhana Menggunakan PHP-FPM, Nginx, MariaDB dan Docker2019-03-01T00:00:00+00:002019-03-01T00:00:00+00:00/docker/membuat-web-aplikasi-berbasis-php-fpm-dengan-nginx-dan-mariadb-docker-compose<p>Anda bisa menggunakan contoh konfigurasi berikut jika ingin membuat aplikasi sederhana menggunakan php-fpm, nginx, dan mariadb dengan docker compose</p>
<h2 id="struktur">Struktur</h2>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>sharing3-php-nginx-compose$ tree -a
.
├── docker-compose.yml
├── .env
├── nginx
│ ├── nginx.conf
│ └── site.conf
├── php
│ ├── Dockerfile
│ └── www.conf
└── www
├── conn.php
└── index.php
</code></pre></div></div>
<h2 id="berkas-berkas">Berkas-berkas</h2>
<h3 id="env">.env</h3>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">MYSQL_ROOT_PASSWORD</span><span class="o">=</span>root
<span class="nv">MYSQL_DATABASE</span><span class="o">=</span>dummy
<span class="nv">MYSQL_USER</span><span class="o">=</span>dummy
<span class="nv">MYSQL_PASSWORD</span><span class="o">=</span>dummy
</code></pre></div></div>
<h3 id="docker-composeyml">docker-compose.yml</h3>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="na">version</span><span class="pi">:</span> <span class="s1">'</span><span class="s">3'</span>
<span class="na">services</span><span class="pi">:</span>
<span class="na">php</span><span class="pi">:</span>
<span class="na">build</span><span class="pi">:</span>
<span class="na">context</span><span class="pi">:</span> <span class="s">./php</span>
<span class="na">ports</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s2">"</span><span class="s">9000:9000"</span>
<span class="na">volumes</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">./www:/var/www/html</span>
<span class="pi">-</span> <span class="s">./php/www.conf:/etc/php/7.1/fpm/pool.d/www.conf</span>
<span class="na">environment</span><span class="pi">:</span>
<span class="na">MYSQL_USER</span><span class="pi">:</span> <span class="s">${MYSQL_USER}</span>
<span class="na">MYSQL_PASSWORD</span><span class="pi">:</span> <span class="s">${MYSQL_PASSWORD}</span>
<span class="na">nginx</span><span class="pi">:</span>
<span class="na">image</span><span class="pi">:</span> <span class="s">nginx:1.14.2</span>
<span class="na">ports</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s2">"</span><span class="s">8080:80"</span>
<span class="na">volumes</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">./www:/var/www/html:rw</span>
<span class="pi">-</span> <span class="s">./nginx/site.conf:/etc/nginx/sites-enabled/site.conf</span>
<span class="pi">-</span> <span class="s">./nginx/nginx.conf:/etc/nginx/nginx.conf</span>
<span class="na">depends_on</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">php</span>
<span class="na">dba</span><span class="pi">:</span>
<span class="na">image</span><span class="pi">:</span> <span class="s">mariadb:10.3</span>
<span class="na">ports</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s2">"</span><span class="s">3306:3306"</span>
<span class="na">depends_on</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">php</span>
<span class="na">environment</span><span class="pi">:</span>
<span class="na">MYSQL_ROOT_PASSWORD</span><span class="pi">:</span> <span class="s">${MYSQL_ROOT_PASSWORD}</span>
<span class="na">MYSQL_DATABASE</span><span class="pi">:</span> <span class="s">${MYSQL_DATABASE}</span>
<span class="na">MYSQL_USER</span><span class="pi">:</span> <span class="s">${MYSQL_USER}</span>
<span class="na">MYSQL_PASSWORD</span><span class="pi">:</span> <span class="s">${MYSQL_PASSWORD}</span>
</code></pre></div></div>
<h3 id="nginxnginxconf">nginx/nginx.conf</h3>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>user www-data<span class="p">;</span>
worker_processes auto<span class="p">;</span>
events <span class="o">{</span>
<span class="o">}</span>
http <span class="o">{</span>
include mime.types<span class="p">;</span>
default_type application/octet-stream<span class="p">;</span>
include /etc/nginx/sites-enabled/<span class="k">*</span><span class="p">;</span>
<span class="o">}</span>
</code></pre></div></div>
<h3 id="nginxsiteconf">nginx/site.conf</h3>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>server <span class="o">{</span>
index index.php<span class="p">;</span>
autoindex on<span class="p">;</span>
server_name php-docker.local<span class="p">;</span>
error_log /var/log/nginx/error.log<span class="p">;</span>
access_log /var/log/nginx/access.log<span class="p">;</span>
root /var/www/html<span class="p">;</span>
location / <span class="o">{</span>
try_files <span class="nv">$uri</span> /index.php<span class="nv">$is_args$args</span><span class="p">;</span>
<span class="o">}</span>
location ~ <span class="o">[</span>^/]<span class="se">\.</span>php<span class="o">(</span>/|<span class="nv">$)</span> <span class="o">{</span>
fastcgi_split_path_info ^<span class="o">(</span>.+?<span class="se">\.</span>php<span class="o">)(</span>/.<span class="k">*</span><span class="o">)</span><span class="nv">$;</span>
<span class="k">if</span> <span class="o">(!</span><span class="nt">-f</span> <span class="nv">$document_root$fastcgi_script_name</span><span class="o">)</span> <span class="o">{</span>
<span class="k">return </span>404<span class="p">;</span>
<span class="o">}</span>
fastcgi_param HTTP_PROXY <span class="s2">""</span><span class="p">;</span>
fastcgi_pass php:9000<span class="p">;</span>
fastcgi_index index.php<span class="p">;</span>
fastcgi_read_timeout 600<span class="p">;</span>
include fastcgi_params<span class="p">;</span>
fastcgi_param SCRIPT_FILENAME <span class="nv">$document_root$fastcgi_script_name</span><span class="p">;</span>
fastcgi_param PATH_INFO <span class="nv">$fastcgi_path_info</span><span class="p">;</span>
<span class="o">}</span>
<span class="o">}</span>
</code></pre></div></div>
<h3 id="phpdockerfile">php/Dockerfile</h3>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>FROM php:7.1-fpm
RUN docker-php-ext-install mysqli
</code></pre></div></div>
<h3 id="phpwwwconf">php/www.conf</h3>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="o">[</span>www]
user <span class="o">=</span> www-data
group <span class="o">=</span> www-data
listen <span class="o">=</span> php:9000
pm <span class="o">=</span> dynamic
pm.max_children <span class="o">=</span> 5
pm.start_servers <span class="o">=</span> 2
pm.min_spare_servers <span class="o">=</span> 1
pm.max_spare_servers <span class="o">=</span> 3
</code></pre></div></div>
<h3 id="wwwindexphp">www/index.php</h3>
<div class="language-php highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="cp"><?php</span>
<span class="k">echo</span> <span class="s2">"Hallo, world!"</span><span class="p">;</span>
<span class="cp">?></span>
</code></pre></div></div>
<h3 id="wwwconnphp">www/conn.php</h3>
<div class="language-php highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="cp"><?php</span>
<span class="nv">$host</span> <span class="o">=</span> <span class="s1">'dba'</span><span class="p">;</span>
<span class="nv">$user</span> <span class="o">=</span> <span class="nb">getenv</span><span class="p">(</span><span class="s1">'MYSQL_USER'</span><span class="p">);</span>
<span class="nv">$pass</span> <span class="o">=</span> <span class="nb">getenv</span><span class="p">(</span><span class="s1">'MYSQL_PASSWORD'</span><span class="p">);</span>
<span class="nv">$conn</span> <span class="o">=</span> <span class="nb">mysqli_connect</span><span class="p">(</span><span class="nv">$host</span><span class="p">,</span> <span class="nv">$user</span><span class="p">,</span> <span class="nv">$pass</span><span class="p">);</span>
<span class="k">if</span> <span class="p">(</span><span class="o">!</span><span class="nv">$conn</span><span class="p">)</span> <span class="p">{</span>
<span class="k">exit</span><span class="p">(</span><span class="s1">'Kenksi ke dba gagal!: '</span><span class="o">.</span><span class="nx">mysqli_connect_error</span><span class="p">()</span><span class="o">.</span><span class="nx">PHP_EOL</span><span class="p">);</span>
<span class="p">}</span>
<span class="k">echo</span> <span class="s1">'Koneksi ke dba berhasil!'</span><span class="o">.</span><span class="nx">PHP_EOL</span><span class="p">;</span>
<span class="cp">?></span>
</code></pre></div></div>
<h2 id="build">Build</h2>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">$ </span>docker-compose up
Creating sharing3phpnginxcompose_php_1 ...
Creating sharing3phpnginxcompose_php_1 ... <span class="k">done
</span>Creating sharing3phpnginxcompose_dba_1 ...
Creating sharing3phpnginxcompose_dba_1
Creating sharing3phpnginxcompose_nginx_1 ...
Creating sharing3phpnginxcompose_dba_1 ... <span class="k">done
</span>Attaching to sharing3phpnginxcompose_php_1, sharing3phpnginxcompose_nginx_1, sharing3phpnginxcompose_dba_1
...
</code></pre></div></div>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">$ </span>docker ps <span class="nt">-a</span>
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ec39c09888f0 nginx:1.14.2 <span class="s2">"nginx -g 'daemon of…"</span> 2 minutes ago Up About a minute 0.0.0.0:8080->80/tcp sharing3phpnginxcompose_nginx_1
4e2a60141e17 mariadb:10.3 <span class="s2">"docker-entrypoint.s…"</span> 2 minutes ago Up About a minute 0.0.0.0:3306->3306/tcp sharing3phpnginxcompose_dba_1
a99d429f7d5a sharing3phpnginxcompose_php <span class="s2">"docker-php-entrypoi…"</span> 2 minutes ago Up 2 minutes 0.0.0.0:9000->9000/tcp sharing3phpnginxcompose_php_1
</code></pre></div></div>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">$ </span>docker-compose ps
Name Command State Ports
<span class="nt">------------------------------------------------------------------------------------------------</span>
sharing3phpnginxcompose_dba_1 docker-entrypoint.sh mysqld Up 0.0.0.0:3306->3306/tcp
sharing3phpnginxcompose_nginx_1 nginx <span class="nt">-g</span> daemon off<span class="p">;</span> Up 0.0.0.0:8080->80/tcp
sharing3phpnginxcompose_php_1 docker-php-entrypoint php-fpm Up 0.0.0.0:9000->9000/tcp
</code></pre></div></div>
<h2 id="test">Test</h2>
<p>Cek ip address yang didapatkan oleh network container</p>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">$ </span>docker network <span class="nb">ls
</span>NETWORK ID NAME DRIVER SCOPE
...
98dce301e4d1 sharing3phpnginxcompose_default bridge <span class="nb">local</span>
</code></pre></div></div>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">$ </span><span class="nb">echo</span> <span class="si">$(</span>docker network inspect sharing3phpnginxcompose_default | <span class="nb">grep </span>Gateway | <span class="nb">grep</span> <span class="nt">-o</span> <span class="nt">-E</span> <span class="s1">'[0-9\.]+'</span><span class="si">)</span>
172.19.0.1
</code></pre></div></div>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">$ </span>curl 172.19.0.1:8080
Hallo, world!
</code></pre></div></div>
<div class="language-shell highlighter-rouge"><div class="highlight"><pre class="highlight"><code>curl 172.19.0.1:8080/conn.php
Koneksi ke dba berhasil!
</code></pre></div></div>TohirAnda bisa menggunakan contoh konfigurasi berikut jika ingin membuat aplikasi sederhana menggunakan php-fpm, nginx, dan mariadb dengan docker composeGitlab-Ci untuk multiple database Laravel di satu Image Docker2018-10-10T00:00:00+00:002018-10-10T00:00:00+00:00/tutorial/Konfigurasi-mysql-multiple-databases-gitlab-ci-docker-images-one<p>Berhubung sedang tidak mood ngasih pengantar, langsung saja: saya lampirkan .env.gitlab, .env.gitlab2 dan .gitlab-ci.yml</p>
<h2 id="envgitlab">.env.gitlab</h2>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="s">APP_NAME="Project-Riset"</span>
<span class="s">APP_ENV=local</span>
<span class="s">APP_KEY=base64:/QNANSDFFsskdfkfSsdidnfnaSdfoauMYY=</span>
<span class="s">APP_DEBUG=true</span>
<span class="s">APP_LOG_LEVEL=debug</span>
<span class="s">APP_URL=http://127.0.0.1:8000</span>
<span class="s">DB_CONNECTION_CENTER=center</span>
<span class="s">DB_HOST_CENTER=mysql</span>
<span class="s">DB_PORT_CENTER=3306</span>
<span class="s">DB_DATABASE_CENTER=database_1_riset</span>
<span class="s">DB_USERNAME_CENTER=root</span>
<span class="s">DB_PASSWORD_CENTER=1234</span>
<span class="s">DB_CONNECTION=mysql</span>
<span class="s">DB_HOST=mysql</span>
<span class="s">DB_PORT=3306</span>
<span class="s">DB_DATABASE=database_1_riset</span>
<span class="s">DB_USERNAME=root</span>
<span class="s">DB_PASSWORD=1234</span>
<span class="s">BROADCAST_DRIVER=log</span>
<span class="s">CACHE_DRIVER=array</span>
<span class="s">SESSION_DRIVER=file</span>
<span class="s">QUEUE_DRIVER=sync</span>
</code></pre></div></div>
<h2 id="envgitlab2">.env.gitlab2</h2>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="s">DB_CONNECTION=mysql</span>
<span class="s">DB_HOST=mysql</span>
<span class="s">DB_PORT=3306</span>
<span class="s">DB_DATABASE=database_2_riset</span>
<span class="s">DB_USERNAME=root</span>
<span class="s">DB_PASSWORD=1234</span>
<span class="s">CACHE_DRIVER=array</span>
</code></pre></div></div>
<h2 id="gitlab-ciyml">.gitlab-ci.yml</h2>
<div class="language-yaml highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="na">image</span><span class="pi">:</span> <span class="s">alpine:latest</span>
<span class="na">stages</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">test</span>
<span class="pi">-</span> <span class="s">build</span>
<span class="pi">-</span> <span class="s">deploy</span>
<span class="na">test</span><span class="pi">:</span>
<span class="na">stage</span><span class="pi">:</span> <span class="s">test</span>
<span class="na">tags</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">php</span>
<span class="na">only</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">master</span>
<span class="na">image</span><span class="pi">:</span> <span class="s">infokes/php7.1-epus</span>
<span class="na">variables</span><span class="pi">:</span>
<span class="na">WITH_XDEBUG</span><span class="pi">:</span> <span class="s2">"</span><span class="s">1"</span>
<span class="na">DOCKER_DRIVER</span><span class="pi">:</span> <span class="s">overlay2</span>
<span class="na">MYSQL_USER</span><span class="pi">:</span> <span class="s">root</span>
<span class="na">MYSQL_ROOT_PASSWORD</span><span class="pi">:</span> <span class="m">1234</span>
<span class="na">MYSQL_DATABASES</span><span class="pi">:</span> <span class="s">database_1_riset</span>
<span class="na">services</span><span class="pi">:</span>
<span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">mariadb:10.3</span>
<span class="na">alias</span><span class="pi">:</span> <span class="s">mysql</span>
<span class="na">before_script</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">apk update && apk add mariadb-client</span>
<span class="pi">-</span> <span class="s">echo "SET GLOBAL sql_mode='NO_ENGINE_SUBSTITUTION';" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql</span>
<span class="pi">-</span> <span class="s">echo "CREATE DATABASE IF NOT EXISTS database_1_riset DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql</span>
<span class="pi">-</span> <span class="s">echo "CREATE DATABASE IF NOT EXISTS database_2_riset DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql</span>
<span class="pi">-</span> <span class="s">echo "GRANT ALL PRIVILEGES ON *.* TO '${MYSQL_USER}'@'%' WITH GRANT OPTION;FLUSH PRIVILEGES;" | mysql --user=root --password="$MYSQL_ROOT_PASSWORD" --host=mysql</span>
<span class="c1"># Install all project dependencies</span>
<span class="pi">-</span> <span class="s">composer install</span>
<span class="c1"># Copy .env</span>
<span class="pi">-</span> <span class="s">cp /builds/tohir/project_laravel_riset_multidb/.env.gitlab /builds/tohir/project_laravel_riset_multidb/.env</span>
<span class="pi">-</span> <span class="s">cp /builds/tohir/project_laravel_riset_multidb/.env.gitlab /builds/tohir/project_laravel_riset_multidb/.env.testing</span>
<span class="pi">-</span> <span class="s">cp /builds/tohir/project_laravel_riset_multidb/.env.gitlab2 /builds/tohir/project_laravel_riset_multidb/.env.testing2</span>
<span class="c1"># Migration</span>
<span class="pi">-</span> <span class="s">php artisan migrate --seed --force</span>
<span class="pi">-</span> <span class="s">php artisan migrate --seed --force --env=testing2</span>
<span class="na">script</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">vendor/bin/codecept run unit,api,functional</span>
<span class="na">build</span><span class="pi">:</span>
<span class="na">stage</span><span class="pi">:</span> <span class="s">build</span>
<span class="na">tags</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">gitpush</span>
<span class="na">image</span><span class="pi">:</span> <span class="s">infokes/git-push-ci</span>
<span class="na">only</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">master</span>
<span class="na">before_script</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">eval $(ssh-agent -s)</span>
<span class="pi">-</span> <span class="s">echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null</span>
<span class="pi">-</span> <span class="s">mkdir -p ~/.ssh</span>
<span class="pi">-</span> <span class="s">chmod 700 ~/.ssh</span>
<span class="pi">-</span> <span class="s">ssh-keyscan 10.10.10.10 >> ~/.ssh/known_hosts</span>
<span class="pi">-</span> <span class="s">chmod 644 ~/.ssh/known_hosts</span>
<span class="pi">-</span> <span class="s">git config --global user.email "tohirin07@gmail.com"</span>
<span class="pi">-</span> <span class="s">git config --global user.name "Tohir"</span>
<span class="na">script</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">git checkout </span><span class="m">5.0</span>
<span class="pi">-</span> <span class="s">git-push git@10.10.10.10:tohir/project_laravel_riset_multidb.git </span><span class="m">5.0</span>
<span class="s">deploy:2dev:</span>
<span class="s">stage</span><span class="pi">:</span> <span class="s">deploy</span>
<span class="s">tags</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">gitpull</span>
<span class="pi">-</span> <span class="s">migrate</span>
<span class="na">image</span><span class="pi">:</span> <span class="s">infokes/git-update-apl-ci</span>
<span class="na">only</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s2">"</span><span class="s">5.0"</span>
<span class="na">before_script</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">eval $(ssh-agent -s)</span>
<span class="pi">-</span> <span class="s">echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null</span>
<span class="pi">-</span> <span class="s">mkdir -p ~/.ssh</span>
<span class="pi">-</span> <span class="s">chmod 700 ~/.ssh</span>
<span class="pi">-</span> <span class="s">ssh-keyscan -p 212 200.200.x.x >> ~/.ssh/known_hosts</span>
<span class="pi">-</span> <span class="s">chmod 644 ~/.ssh/known_hosts</span>
<span class="pi">-</span> <span class="s">git config --global user.email "tohirin07@gmail.com"</span>
<span class="pi">-</span> <span class="s">git config --global user.name "Tohir"</span>
<span class="na">script</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">ssh -t -p 212 tohir@200.xxx.xxx.xxx '/home/tohir/sh/dev.sh'</span>
<span class="s">deploy:2dev-bpjs:</span>
<span class="s">stage</span><span class="pi">:</span> <span class="s">deploy</span>
<span class="s">tags</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">gitpull</span>
<span class="pi">-</span> <span class="s">migrate</span>
<span class="na">image</span><span class="pi">:</span> <span class="s">infokes/git-update-apl-ci</span>
<span class="na">only</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">bpjs-v3</span>
<span class="na">before_script</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">eval $(ssh-agent -s)</span>
<span class="pi">-</span> <span class="s">echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - > /dev/null</span>
<span class="pi">-</span> <span class="s">mkdir -p ~/.ssh</span>
<span class="pi">-</span> <span class="s">chmod 700 ~/.ssh</span>
<span class="pi">-</span> <span class="s">ssh-keyscan -p 212 200.xxx.xxx.xxx >> ~/.ssh/known_hosts</span>
<span class="pi">-</span> <span class="s">chmod 644 ~/.ssh/known_hosts</span>
<span class="pi">-</span> <span class="s">git config --global user.email "tohirin07@gmail.com"</span>
<span class="pi">-</span> <span class="s">git config --global user.name "Tohir"</span>
<span class="na">script</span><span class="pi">:</span>
<span class="pi">-</span> <span class="s">ssh -t -p 212 tohir@200.200.x.x '/home/tohir/sh/dev-bpjs.sh'</span>
</code></pre></div></div>
<p>Sekian, semoga bisa menjadi rujukan.</p>TohirBerhubung sedang tidak mood ngasih pengantar, langsung saja: saya lampirkan .env.gitlab, .env.gitlab2 dan .gitlab-ci.yml .env.gitlab ```yaml APP_NAME=”Project-Riset” APP_ENV=local APP_KEY=base64:/QNANSDFFsskdfkfSsdidnfnaSdfoauMYY= APP_DEBUG=true APP_LOG_LEVEL=debug APP_URL=http://127.0.0.1:8000Konversi Sistem Bilangan dengan BC (Base Converter)2018-06-15T00:00:00+00:002018-06-15T00:00:00+00:00/tutorial/Konversi-Sistem-Bilangan-dengan-BC-Base-Converter-Linux<p>BC atau Base Converter di Linux bagi saya sangat bermanfaat dan sangat menghemat waktu dibanding melakukan perhitungan secara manual ketika ingin melakukan konversi sistem bilangan dari base awal ke base tujuan.</p>
<p>Berikut adalah contoh penggunaan BC untuk konversi bilangan desimal ke biner, oktal dan heksadesimal di console linux,</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c">## Konversi base10 (desimal) ke base2 (biner)</span>
wiros4bleng@212:~<span class="nv">$ </span><span class="nb">echo</span> <span class="s1">'obase=2; 10'</span> | bc
1010
<span class="c">## Konversi base10 (desimal) ke base8 (oktal)</span>
wiros4bleng@212:~<span class="nv">$ </span><span class="nb">echo</span> <span class="s1">'obase=8; 10'</span> | bc
12
<span class="c">## Konversi base10 (desimal) ke base16 (heksadesimal)</span>
wiros4bleng@212:~<span class="nv">$ </span><span class="nb">echo</span> <span class="s1">'obase=16; 10'</span> | bc
A
</code></pre></div></div>
<p>Sebaliknya, untuk konversi bilangan biner, oktal dan heksadesimal ke desimal,</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c">## Konversi base2 (biner) ke base10 (desimal)</span>
wiros4bleng@212:~<span class="nv">$ </span><span class="nb">echo</span> <span class="s2">"ibase=2; 1101"</span> | bc
13
<span class="c">## Konversi base8 (oktal) ke base10 (desimal)</span>
wiros4bleng@212:~<span class="nv">$ </span><span class="nb">echo</span> <span class="s2">"ibase=8; 777"</span> | bc
511
<span class="c">## Konversi base16 (heksadesimal) ke base10 (desimal)</span>
wiros4bleng@212:~<span class="nv">$ </span><span class="nb">echo</span> <span class="s2">"ibase=16; AA"</span> | bc
170
</code></pre></div></div>
<p>Secara default, output (obase) maupun input (ibase) dari BC adalah bilangan basis 10 atau desimal. Sehingga untuk bilangan apapun jika dikonversi ke bilangan desimal, cukup tentukan ibase-nya. Sebaliknya untuk bilangan desimal jika dikonversi ke bilangan apapun, cukup tentukan obase-nya. Sedangkan untuk bilangan apapun ke bilangan apapun (termasuk desimal juga sebenarnya), baik ibase maupun obase-nya harus ditentukan. Berikut contohnya:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c">## Konversi dari bilangan desimal ke base4:</span>
wiros4bleng@212:~<span class="nv">$ </span><span class="nb">echo</span> <span class="s2">"obase=4; 23"</span> | bc
113
<span class="c">## Konversi dari bilangan desimal ke base6:</span>
wiros4bleng@212:~<span class="nv">$ </span><span class="nb">echo</span> <span class="s2">"obase=6; 23"</span> | bc
35
<span class="c">## Konversi bilangan biner ke oktal</span>
wiros4bleng@212:~<span class="nv">$ </span><span class="nb">echo</span> <span class="s2">"ibase=2;obase=8; 1010101"</span> | bc
125
<span class="c">## Konversi bilangan oktal ke biner</span>
wiros4bleng@212:~<span class="nv">$ </span><span class="nb">echo</span> <span class="s2">"obase=2;ibase=8; 125"</span> | bc
1010101
<span class="c">## Konversi bilangan biner ke heksadesimal</span>
wiros4bleng@212:~<span class="nv">$ </span><span class="nb">echo</span> <span class="s2">"obase=16;ibase=2; 1111111111"</span> | bc
3FF
<span class="c">## Konversi bilangan heksadesimal ke biner</span>
wiros4bleng@212:~<span class="nv">$ </span><span class="nb">echo</span> <span class="s2">"ibase=16;obase=2; AAA"</span> | bc
101010101010
<span class="c">## Konversi bilangan heksadesimal ke oktal</span>
wiros4bleng@212:~<span class="nv">$ </span><span class="nb">echo</span> <span class="s2">"ibase=16;obase=8; AAA"</span> | bc
5252
<span class="c">## Konversi bilangan oktal ke heksadesimal</span>
wiros4bleng@212:~<span class="nv">$ </span><span class="nb">echo</span> <span class="s2">"obase=16; ibase=8; 17"</span> | bc
F
</code></pre></div></div>TohirBC atau Base Converter di Linux bagi saya sangat bermanfaat dan sangat menghemat waktu dibanding melakukan perhitungan secara manual ketika ingin melakukan konversi sistem bilangan dari base awal ke base tujuan.Enable Highlighting/Warna Editor Nano di Ubuntu2018-06-01T00:00:00+00:002018-06-01T00:00:00+00:00/server/Enable-Highlighting-Nano-di-Ubuntu<p>Dibandigkan dengan editor lainnya seperti vi dan vim, editor nano sangat gampang bagi pemula, sehingga penggunanya pun begitu banya, terutama dari keluarga pengguna Ubuntu. Di sisi lainnya, ada banyak kekurangan pada editor nano, di antaranya secara default highlighting nano dalam keadaan tidak aktif secara keseluruhan.</p>
<p>Langsung saja, cara pasangnya:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">cd</span> ~ <span class="o">&&</span> git clone https://github.com/AbhishekGhosh/nano-syntax-highlighting-iNano-.git
<span class="nb">cd </span>nano-syntax<span class="k">*</span> <span class="o">&&</span> <span class="nb">sudo </span>make install-global <span class="nv">TEXT</span><span class="o">=</span>white
vi ~/.nanorc
</code></pre></div></div>
<p>Paste:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>include <span class="s2">"/usr/local/share/nano/ALL.nanorc"</span>
</code></pre></div></div>
<p><img src="/assets/images/nano-highlighting-ubuntu.png" alt="" /></p>
<p>Bisa dilihat di file <code class="highlighter-rouge">/etc/nginx/nginx.conf</code> dan <code class="highlighter-rouge">/etc/nginx/sites-enables/default</code> pada gambar di atas. Untuk kustomisasi pemilihan warna dll sesuai kebutuhan, bisa diedit di file <code class="highlighter-rouge">/usr/local/share/nano/ALL.nanorc</code></p>TohirDibandigkan dengan editor lainnya seperti vi dan vim, editor nano sangat gampang bagi pemula, sehingga penggunanya pun begitu banya, terutama dari keluarga pengguna Ubuntu. Di sisi lainnya, ada banyak kekurangan pada editor nano, di antaranya secara default highlighting nano dalam keadaan tidak aktif secara keseluruhan.[Nginx Beautifier] Merapikan Konfigurasi Nginx dengan Nginxfmt2018-05-15T00:00:00+00:002018-05-15T00:00:00+00:00/server/Nginxbeauty-Merapikan-config-Nginx-dengan-Nginxfmt<p>Bagi kita manusia, kadang harus begitu manual untuk bisa mengkonfigurasi sesuai serapi mungkin, termasuk dalam hal ini konfigurasi web server nginx. Sehingga adanya tools akan sangat bermanfaat bagi kita untuk lebih efisien dan menghemat waktu.</p>
<p>Ada banyak tools baik online maupun offline yang dapat kita manfaatkan untuk merapikan konfigurasi nginx, diantaranya:</p>
<ul>
<li>Nginxbeautifier, versi onlinenya bisa dilihat di https://nginxbeautifier.com/</li>
<li>Nginxfmt, lihat detailnya di https://pypi.org/project/nginxfmt/</li>
</ul>
<p>Untuk Nginxfmt, pemasangan dan cara pakainya sangat gampang,</p>
<h2 id="instalasi">Instalasi</h2>
<p><code class="highlighter-rouge">pip install nginxfmt</code></p>
<h2 id="cara-pakai">Cara pakai</h2>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>usage: nginxfmt [-h] [-v] [-b] config_files [config_files ...]
Script formats nginx configuration file.
positional arguments:
config_files configuration files to format
optional arguments:
-h, --help show this help message and exit
-v, --verbose show formatted file names
-b, --backup-original
backup original config file
</code></pre></div></div>
<p>Contoh:</p>
<ul>
<li>nginxfmt /etc/nginx/sites-available/*</li>
</ul>TohirBagi kita manusia, kadang harus begitu manual untuk bisa mengkonfigurasi sesuai serapi mungkin, termasuk dalam hal ini konfigurasi web server nginx. Sehingga adanya tools akan sangat bermanfaat bagi kita untuk lebih efisien dan menghemat waktu.Install Google Font di Linux2018-05-10T00:00:00+00:002018-05-10T00:00:00+00:00/desktop/install-google-font-di-linux<h2 id="download-font-yang-diinginkan">Download font yang diinginkan</h2>
<p>Link https://fonts.google.com/?selection.family=Lato</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">cd</span> ~/Downloads/
wget <span class="nt">-O</span> lato.zip https://fonts.google.com/download?family<span class="o">=</span>Lato
</code></pre></div></div>
<h2 id="install-google-fonts-di-ubuntu">Install Google Fonts di Ubuntu</h2>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">cd</span> /usr/share/fonts
<span class="nb">sudo mkdir </span>googlefonts
<span class="nb">sudo </span>unzip <span class="nt">-d</span> googlefonts ~/Downloads/lato.zip
<span class="nb">sudo chmod</span> <span class="nt">-R</span> <span class="nt">--reference</span><span class="o">=</span>opentype googlefonts
</code></pre></div></div>
<h2 id="daftarkan-font-ke-sistem">Daftarkan font ke sistem</h2>
<p>sudo fc-cache -fv</p>
<h2 id="cek-bahwa-font-berhasil-diinstall">Cek bahwa font berhasil diinstall</h2>
<p>fc-match Lato</p>TohirDownload font yang diinginkan Link https://fonts.google.com/?selection.family=LatoContoh Konfigurasi Server Block Laravel5 di Nginx2018-05-01T00:00:00+00:002018-05-01T00:00:00+00:00/tutorial/contoh-configurasi-server-block-laravel-di-nginx<p>Berikut adalah contoh Konfigurasi server blok nginx untuk Laravel5 sebagai domain induk dan sub direktori</p>
<h2 id="laravel5-sebagai-domain-induk-di-nginx">Laravel5 Sebagai Domain Induk di Nginx</h2>
<div class="language-py highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">server</span> <span class="p">{</span>
<span class="n">listen</span> <span class="mi">80</span><span class="p">;</span>
<span class="n">server_name</span> <span class="n">laravelqu</span><span class="o">.</span><span class="n">mastohir</span><span class="o">.</span><span class="n">com</span><span class="p">;</span>
<span class="n">root</span> <span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">html</span><span class="o">/</span><span class="n">laravel5</span><span class="o">/</span><span class="n">public</span><span class="p">;</span>
<span class="n">index</span> <span class="n">index</span><span class="o">.</span><span class="n">php</span><span class="p">;</span>
<span class="n">location</span> <span class="o">/</span> <span class="p">{</span>
<span class="n">try_files</span> <span class="err">$</span><span class="n">uri</span> <span class="err">$</span><span class="n">uri</span><span class="o">/</span> <span class="o">/</span><span class="n">index</span><span class="o">.</span><span class="n">php</span><span class="err">?$</span><span class="n">query_string</span><span class="p">;</span>
<span class="p">}</span>
<span class="c1"># Remove trailing slash to please routing system.
</span> <span class="k">if</span> <span class="p">(</span><span class="err">!</span><span class="o">-</span><span class="n">d</span> <span class="err">$</span><span class="n">request_filename</span><span class="p">)</span> <span class="p">{</span>
<span class="n">rewrite</span> <span class="o">^/</span><span class="p">(</span><span class="o">.+</span><span class="p">)</span><span class="o">/</span><span class="err">$</span> <span class="o">/</span><span class="err">$</span><span class="mi">1</span> <span class="n">permanent</span><span class="p">;</span>
<span class="p">}</span>
<span class="c1"># PHP FPM configuration.
</span> <span class="n">location</span> <span class="o">~*</span> \<span class="o">.</span><span class="n">php</span><span class="err">$</span> <span class="p">{</span>
<span class="n">fastcgi_pass</span> <span class="n">unix</span><span class="p">:</span><span class="o">/</span><span class="n">run</span><span class="o">/</span><span class="n">php</span><span class="o">/</span><span class="n">php7</span><span class="mf">.1</span><span class="o">-</span><span class="n">fpm</span><span class="o">.</span><span class="n">sock</span><span class="p">;</span>
<span class="n">fastcgi_index</span> <span class="n">index</span><span class="o">.</span><span class="n">php</span><span class="p">;</span>
<span class="n">fastcgi_split_path_info</span> <span class="o">^</span><span class="p">(</span><span class="o">.+</span>\<span class="o">.</span><span class="n">php</span><span class="p">)(</span><span class="o">.*</span><span class="p">)</span><span class="err">$</span><span class="p">;</span>
<span class="n">include</span> <span class="o">/</span><span class="n">etc</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">fastcgi_params</span><span class="p">;</span>
<span class="c1">#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
</span> <span class="n">fastcgi_intercept_errors</span> <span class="n">off</span><span class="p">;</span>
<span class="n">fastcgi_buffer_size</span> <span class="mi">64</span><span class="n">k</span><span class="p">;</span>
<span class="n">fastcgi_buffers</span> <span class="mi">512</span> <span class="mi">64</span><span class="n">k</span><span class="p">;</span>
<span class="p">}</span>
<span class="p">}</span>
</code></pre></div></div>
<h2 id="laravel5-sebagai-sub-direktori-di-nginx">Laravel5 Sebagai Sub Direktori di Nginx</h2>
<div class="language-py highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="n">server</span> <span class="p">{</span>
<span class="n">listen</span> <span class="mi">80</span><span class="p">;</span>
<span class="n">server_name</span> <span class="n">localhost</span><span class="p">;</span>
<span class="n">root</span> <span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">html</span><span class="p">;</span>
<span class="n">index</span> <span class="n">index</span><span class="o">.</span><span class="n">php</span><span class="p">;</span>
<span class="n">location</span> <span class="o">/</span> <span class="p">{</span>
<span class="n">try_files</span> <span class="err">$</span><span class="n">uri</span> <span class="err">$</span><span class="n">uri</span><span class="o">/</span> <span class="o">/</span><span class="n">index</span><span class="o">.</span><span class="n">php</span><span class="err">?$</span><span class="n">uri</span><span class="o">&</span><span class="err">$</span><span class="n">args</span><span class="p">;</span>
<span class="p">}</span>
<span class="n">location</span> <span class="o">~</span> <span class="p">[</span><span class="o">^/</span><span class="p">]</span>\<span class="o">.</span><span class="n">php</span><span class="p">(</span><span class="o">/|</span><span class="err">$</span><span class="p">)</span> <span class="p">{</span>
<span class="n">fastcgi_split_path_info</span> <span class="o">^</span><span class="p">(</span><span class="o">.+</span><span class="err">?</span>\<span class="o">.</span><span class="n">php</span><span class="p">)(</span><span class="o">/.*</span><span class="p">)</span><span class="err">$</span><span class="p">;</span>
<span class="k">if</span> <span class="p">(</span><span class="err">!</span><span class="o">-</span><span class="n">f</span> <span class="err">$</span><span class="n">document_root</span><span class="err">$</span><span class="n">fastcgi_script_name</span><span class="p">)</span> <span class="p">{</span>
<span class="k">return</span> <span class="mi">404</span><span class="p">;</span>
<span class="p">}</span>
<span class="c1"># Mitigate https://httpoxy.org/ vulnerabilities
</span> <span class="n">fastcgi_param</span> <span class="n">HTTP_PROXY</span> <span class="s">""</span><span class="p">;</span>
<span class="c1">#fastcgi_pass 127.0.0.1:9000;
</span> <span class="n">fastcgi_pass</span> <span class="n">unix</span><span class="p">:</span><span class="o">/</span><span class="n">run</span><span class="o">/</span><span class="n">php</span><span class="o">/</span><span class="n">php7</span><span class="mf">.1</span><span class="o">-</span><span class="n">fpm</span><span class="o">.</span><span class="n">sock</span><span class="p">;</span>
<span class="n">fastcgi_index</span> <span class="n">index</span><span class="o">.</span><span class="n">php</span><span class="p">;</span>
<span class="n">fastcgi_read_timeout</span> <span class="mi">600</span><span class="p">;</span>
<span class="n">include</span> <span class="n">fastcgi_params</span><span class="p">;</span>
<span class="p">}</span>
<span class="c1"># sub directory of codeigniter
</span> <span class="n">location</span> <span class="o">/</span><span class="n">codeigniter</span> <span class="p">{</span>
<span class="n">try_files</span> <span class="err">$</span><span class="n">uri</span> <span class="err">$</span><span class="n">uri</span><span class="o">/</span> <span class="o">/</span><span class="n">codeigniter</span><span class="o">/</span><span class="n">index</span><span class="o">.</span><span class="n">php</span><span class="err">?$</span><span class="n">uri</span><span class="o">&</span><span class="err">$</span><span class="n">args</span><span class="p">;</span>
<span class="p">}</span>
<span class="c1"># end codeigniter
</span>
<span class="c1"># sub directory of laravel5
</span> <span class="n">location</span> <span class="o">^~</span> <span class="o">/</span><span class="n">laravel5</span> <span class="p">{</span>
<span class="n">alias</span> <span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">html</span><span class="o">/</span><span class="n">laravel5</span><span class="o">/</span><span class="n">public</span><span class="p">;</span>
<span class="n">try_files</span> <span class="err">$</span><span class="n">uri</span> <span class="err">$</span><span class="n">uri</span><span class="o">/</span> <span class="o">@</span><span class="n">laravel5</span><span class="p">;</span>
<span class="n">location</span> <span class="o">~</span> \<span class="o">.</span><span class="n">php</span> <span class="p">{</span>
<span class="n">include</span> <span class="n">snippets</span><span class="o">/</span><span class="n">fastcgi</span><span class="o">-</span><span class="n">php</span><span class="o">.</span><span class="n">conf</span><span class="p">;</span>
<span class="n">fastcgi_pass</span> <span class="n">unix</span><span class="p">:</span><span class="o">/</span><span class="n">run</span><span class="o">/</span><span class="n">php</span><span class="o">/</span><span class="n">php7</span><span class="mf">.1</span><span class="o">-</span><span class="n">fpm</span><span class="o">.</span><span class="n">sock</span><span class="p">;</span>
<span class="n">fastcgi_param</span> <span class="n">SCRIPT_FILENAME</span> <span class="o">/</span><span class="n">usr</span><span class="o">/</span><span class="n">share</span><span class="o">/</span><span class="n">nginx</span><span class="o">/</span><span class="n">html</span><span class="o">/</span><span class="n">laravel5</span><span class="o">/</span><span class="n">public</span><span class="o">/</span><span class="n">index</span><span class="o">.</span><span class="n">php</span><span class="p">;</span>
<span class="p">}</span>
<span class="p">}</span>
<span class="n">location</span> <span class="o">@</span><span class="n">laravel5</span> <span class="p">{</span>
<span class="n">rewrite</span> <span class="o">/</span><span class="n">laravel5</span><span class="o">/</span><span class="p">(</span><span class="o">.*</span><span class="p">)</span><span class="err">$</span> <span class="o">/</span><span class="n">laravel5</span><span class="o">/</span><span class="n">index</span><span class="o">.</span><span class="n">php</span><span class="err">?</span><span class="o">/</span><span class="err">$</span><span class="mi">1</span> <span class="n">last</span><span class="p">;</span>
<span class="p">}</span>
<span class="c1"># end laravel5
</span>
<span class="p">}</span>
</code></pre></div></div>TohirBerikut adalah contoh Konfigurasi server blok nginx untuk Laravel5 sebagai domain induk dan sub direktoriIntegrasi ModSecurity dengan rule OWASP dan CWAF2018-04-02T00:00:00+00:002018-04-02T00:00:00+00:00/tutorial/how-to-integrated-modsecurity-with-owasp-and-cwaf-comodo<p>Supaya nyambung, silakan ikut tulisan sebelumnya; <a href="/tutorial/how-to-install-nginx-compiler-with-modsecurity/">Instal Nginx dengan Module ModSecurity dan More Header di Ubuntu Server</a></p>
<h2 id="1-integrasi-rule-owasp-modesecurity-di-nginx">1. Integrasi Rule OWASP ModeSecurity di NGINX</h2>
<h3 id="konfigurasi-rules-owasp">Konfigurasi Rules OWASP</h3>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">cd</span> /usr/local/src <span class="o">&&</span> <span class="nb">cp </span>ModSecurity/modsecurity.conf-recommended /etc/nginx/conf/modsecurity.conf
<span class="nb">cd</span> /usr/local/src <span class="o">&&</span> git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git
<span class="nb">cd</span> /usr/local/src <span class="o">&&</span> <span class="nb">cp</span> <span class="nt">-R</span> owasp-modsecurity-crs/rules/ /etc/nginx/conf/
<span class="nb">cd</span> /usr/local/src <span class="o">&&</span> <span class="nb">cp</span> <span class="nt">-R</span> owasp-modsecurity-crs/crs-setup.conf.example /etc/nginx/conf/crs-setup.conf
</code></pre></div></div>
<p>Buka file dengan cara: <code class="highlighter-rouge">nano /etc/nginx/conf/modsecurity.conf</code></p>
<p>Paste di baling bawah:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="c">#Load OWASP Config</span>
Include crs-setup.conf
<span class="c">#Load all other Rules</span>
Include rules/<span class="k">*</span>.conf
<span class="c">#Disable rule by ID from error message</span>
<span class="c">#SecRuleRemoveById 920350</span>
</code></pre></div></div>
<h3 id="integrasi-rules-owasp">Integrasi Rules OWASP</h3>
<p>Load konfigurasi dan rules di server blok Nginx, <code class="highlighter-rouge">nano /etc/nginx/sites-enabled/default</code></p>
<p>Atur:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>server <span class="o">{</span>
.....
modsecurity on<span class="p">;</span>
location / <span class="o">{</span>
modsecurity_rules_file /etc/nginx/conf/modsecurity.conf<span class="p">;</span>
.....
<span class="o">}</span>
<span class="o">}</span>
</code></pre></div></div>
<h2 id="2-integrasi-rules-comodo-waf-dengan-modsecurity-menggunakan-cwaf-agent">2. Integrasi rules Comodo WAF dengan ModSecurity Menggunakan CWAF Agent</h2>
<h3 id="instalasi-cwaf-agent">Instalasi CWAF Agent</h3>
<p>Unduh file cwaf_client_install.sh. Pastikan sudah mendaftar akun di https://waf.comodo.com karena nanti akan diminta login ketika menjalankan bash cwaf_client_install.sh.</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">cd</span> /usr/local/src <span class="o">&&</span> wget https://waf.comodo.com/cpanel/cwaf_client_install.sh <span class="o">&&</span> bash cwaf_client_install.sh
</code></pre></div></div>
<p>Baca dengan seksama dan ikuti langkah-langkahnya, lihat gambar di bawah, terakhir test dan restart nginx</p>
<p><img src="/assets/images/cwaf/1.Mulai-instalasi-cwaf.png" alt="mulain install" /></p>
<p><img src="/assets/images/cwaf/2.CWAF-sedang-melakukan-pengecekan-jenis-dan-versi-Web-Server.png" alt="cek versi web server" /></p>
<p><img src="/assets/images/cwaf/3.pengecekan-dan-install-module-yang-diperlukan.png" alt="cwaf cek dan otomatis install modul yang diperlukan" /></p>
<p><img src="/assets/images/cwaf/4.atur-dimana-letak-instalasi-cwaf.png" alt="satur letak direktori instalasi cwaf" /></p>
<p><img src="/assets/images/cwaf/5.masukan-email-dan-password.png" alt="Input user dan password akun Comodo" /></p>
<p><img src="/assets/images/cwaf/6.done.png" alt="Selesai" /></p>
<h3 id="konfigurasi-cwaf">Konfigurasi CWAF</h3>
<p><code class="highlighter-rouge">cd /usr/local/src && cp ModSecurity/modsecurity.conf-recommended /etc/nginx/conf/modsecurity-cwaf.conf</code></p>
<p>Buka dengan cara <code class="highlighter-rouge">nano /etc/nginx/conf/modsecurity.conf</code>, kemudian paste di baris paling bawah: <code class="highlighter-rouge">Include /usr/local/src/cwaf/etc/cwaf.conf</code></p>
<h3 id="integrasi-rules-cwaf">Integrasi Rules CWAF</h3>
<p>Load konfigurasi dan rules di server blok Nginx, <code class="highlighter-rouge">nano /etc/nginx/sites-enabled/default</code></p>
<p>Atur:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>server <span class="o">{</span>
.....
modsecurity on<span class="p">;</span>
location / <span class="o">{</span>
modsecurity_rules_file /etc/nginx/conf/modsecurity-cwaf.conf<span class="p">;</span>
.....
<span class="o">}</span>
<span class="o">}</span>
</code></pre></div></div>
<h2 id="catatan">Catatan</h2>
<ul>
<li>Pilih salah satu rules; owasp atau cwaf di implementasi di server block/location nginx</li>
<li><code class="highlighter-rouge">modsecurity_rules_file /etc/nginx/conf/modsecurity.conf;</code> untuk rules owasp</li>
<li><code class="highlighter-rouge">modsecurity_rules_file /etc/nginx/conf/modsecurity-cwaf.conf;</code> untuk rules cwaf</li>
</ul>TohirSupaya nyambung, silakan ikut tulisan sebelumnya; Instal Nginx dengan Module ModSecurity dan More Header di Ubuntu ServerInstal Nginx dengan Module ModSecurity dan More Header di Ubuntu Server2018-04-01T00:00:00+00:002018-04-01T00:00:00+00:00/tutorial/how-to-install-nginx-compiler-with-modsecurity<p>Berikut instalasi nginx compiler dengan module modsecurity dan more-header</p>
<h2 id="requirements-1">Requirements 1</h2>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>apt <span class="nb">install </span>apache2-dev autoconf automake build-essential bzip2 checkinstall devscripts flex g++ gcc git graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat libaio-dev libaio1 libass-dev libatomic-ops-dev libavcodec-dev libavdevice-dev libavfilter-dev libavformat-dev libavutil-dev libbz2-dev libcdio-cdda1 libcdio-paranoia1 libcdio13 libcurl4-openssl-dev libfaac-dev libfreetype6-dev libgd-dev libgeoip-dev libgeoip1 libgif-dev libgpac-dev libgsm1-dev libjack-jackd2-dev libjpeg-dev libjpeg-progs libjpeg8-dev liblmdb-dev libmp3lame-dev libncurses5-dev libopencore-amrnb-dev libopencore-amrwb-dev libpam0g-dev libpcre3 libpcre3-dev libperl-dev libpng12-dev libpng12-0 libpng12-dev libreadline-dev librtmp-dev libsdl1.2-dev libssl-dev libssl1.0.0 libswscale-dev libtheora-dev libtiff5-dev libtool libva-dev libvdpau-dev libvorbis-dev libxml2-dev libxslt-dev libxslt1-dev libxslt1.1 libxvidcore-dev libxvidcore4 libyajl-dev make openssl perl pkg-config <span class="nb">tar </span>texi2html unzip zip zlib1g-dev
</code></pre></div></div>
<h2 id="requirements-2">Requirements 2</h2>
<ul>
<li>ModSecurity</li>
<li>ModSecurity-nginx</li>
<li>headers-more-nginx-module</li>
<li>nginx-1.14.0</li>
<li>openssl-1.1.0f</li>
<li>pcre-8.42</li>
<li>zlib-1.2.11</li>
</ul>
<h2 id="instalasi">Instalasi</h2>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nv">$ </span><span class="nb">sudo </span>su
<span class="c"># PCRE version 4.4 - 8.40</span>
<span class="nb">cd</span> /usr/src <span class="o">&&</span> wget https://ftp.pcre.org/pub/pcre/pcre-8.42.tar.gz <span class="o">&&</span> <span class="nb">tar </span>xzvf pcre-8.42.tar.gz
<span class="c"># zlib version 1.1.3 - 1.2.11</span>
<span class="nb">cd</span> /usr/src <span class="o">&&</span> wget http://www.zlib.net/zlib-1.2.11.tar.gz <span class="o">&&</span> <span class="nb">tar </span>xzvf zlib-1.2.11.tar.gz
<span class="c"># OpenSSL version 1.0.2 - 1.1.0</span>
<span class="nb">cd</span> /usr/src <span class="o">&&</span> wget https://www.openssl.org/source/openssl-1.1.0f.tar.gz <span class="o">&&</span> <span class="nb">tar </span>xzvf openssl-1.1.0f.tar.gz
<span class="c"># headers-more-nginx-module</span>
<span class="nb">cd</span> /usr/src <span class="o">&&</span> git clone https://github.com/openresty/headers-more-nginx-module.git
<span class="c"># ModSecurity-nginx</span>
<span class="nb">cd</span> /usr/src <span class="o">&&</span> git clone https://github.com/SpiderLabs/ModSecurity-nginx.git
<span class="c"># ModSecurity</span>
<span class="nb">cd</span> /usr/src <span class="o">&&</span> git clone https://github.com/SpiderLabs/ModSecurity
<span class="nb">cd </span>ModSecurity
git checkout <span class="nt">-b</span> v3/master origin/v3/master
sh build.sh
git submodule init
git submodule update
./configure
make
make <span class="nb">install</span>
<span class="c"># Nginx 1.14.0 (Latest Stable)</span>
<span class="nb">cd</span> /usr/src <span class="o">&&</span> wget http://nginx.org/download/nginx-1.14.0.tar.gz <span class="o">&&</span> <span class="nb">tar </span>nginx-1.14.0.tar.gz
<span class="nb">cd </span>nginx-1.14.0/
./configure <span class="nt">--prefix</span><span class="o">=</span>/usr/share/nginx <span class="se">\</span>
<span class="nt">--sbin-path</span><span class="o">=</span>/usr/sbin/nginx <span class="se">\</span>
<span class="nt">--modules-path</span><span class="o">=</span>/usr/lib/nginx/modules <span class="se">\</span>
<span class="nt">--conf-path</span><span class="o">=</span>/etc/nginx/nginx.conf <span class="se">\</span>
<span class="nt">--error-log-path</span><span class="o">=</span>/var/log/nginx/error.log <span class="se">\</span>
<span class="nt">--http-log-path</span><span class="o">=</span>/var/log/nginx/access.log <span class="se">\</span>
<span class="nt">--pid-path</span><span class="o">=</span>/run/nginx.pid <span class="se">\</span>
<span class="nt">--lock-path</span><span class="o">=</span>/var/lock/nginx.lock <span class="se">\</span>
<span class="nt">--user</span><span class="o">=</span>www-data <span class="se">\</span>
<span class="nt">--group</span><span class="o">=</span>www-data <span class="se">\</span>
<span class="nt">--build</span><span class="o">=</span>PangeranSableng <span class="se">\</span>
<span class="nt">--http-client-body-temp-path</span><span class="o">=</span>/var/lib/nginx/body <span class="se">\</span>
<span class="nt">--http-fastcgi-temp-path</span><span class="o">=</span>/var/lib/nginx/fastcgi <span class="se">\</span>
<span class="nt">--http-proxy-temp-path</span><span class="o">=</span>/var/lib/nginx/proxy <span class="se">\</span>
<span class="nt">--http-scgi-temp-path</span><span class="o">=</span>/var/lib/nginx/scgi <span class="se">\</span>
<span class="nt">--http-uwsgi-temp-path</span><span class="o">=</span>/var/lib/nginx/uwsgi <span class="se">\</span>
<span class="nt">--with-openssl</span><span class="o">=</span>../openssl-1.1.0f <span class="se">\</span>
<span class="nt">--with-openssl-opt</span><span class="o">=</span>enable-ec_nistp_64_gcc_128 <span class="se">\</span>
<span class="nt">--with-openssl-opt</span><span class="o">=</span>no-nextprotoneg <span class="se">\</span>
<span class="nt">--with-openssl-opt</span><span class="o">=</span>no-weak-ssl-ciphers <span class="se">\</span>
<span class="nt">--with-openssl-opt</span><span class="o">=</span>no-ssl3 <span class="se">\</span>
<span class="nt">--with-pcre</span><span class="o">=</span>../pcre-8.42 <span class="se">\</span>
<span class="nt">--with-pcre-jit</span> <span class="se">\</span>
<span class="nt">--with-zlib</span><span class="o">=</span>../zlib-1.2.11 <span class="se">\</span>
<span class="nt">--with-compat</span> <span class="se">\</span>
<span class="nt">--with-file-aio</span> <span class="se">\</span>
<span class="nt">--with-threads</span> <span class="se">\</span>
<span class="nt">--with-http_addition_module</span> <span class="se">\</span>
<span class="nt">--with-http_auth_request_module</span> <span class="se">\</span>
<span class="nt">--with-http_dav_module</span> <span class="se">\</span>
<span class="nt">--with-http_flv_module</span> <span class="se">\</span>
<span class="nt">--with-http_geoip_module</span> <span class="se">\</span>
<span class="nt">--with-http_gunzip_module</span> <span class="se">\</span>
<span class="nt">--with-http_gzip_static_module</span> <span class="se">\</span>
<span class="nt">--with-http_image_filter_module</span> <span class="se">\</span>
<span class="nt">--with-http_mp4_module</span> <span class="se">\</span>
<span class="nt">--with-http_random_index_module</span> <span class="se">\</span>
<span class="nt">--with-http_realip_module</span> <span class="se">\</span>
<span class="nt">--with-http_slice_module</span> <span class="se">\</span>
<span class="nt">--with-http_ssl_module</span> <span class="se">\</span>
<span class="nt">--with-http_sub_module</span> <span class="se">\</span>
<span class="nt">--with-http_stub_status_module</span> <span class="se">\</span>
<span class="nt">--with-http_v2_module</span> <span class="se">\</span>
<span class="nt">--with-http_secure_link_module</span> <span class="se">\</span>
<span class="nt">--with-http_xslt_module</span> <span class="se">\</span>
<span class="nt">--with-mail</span> <span class="se">\</span>
<span class="nt">--with-mail_ssl_module</span> <span class="se">\</span>
<span class="nt">--with-stream</span> <span class="se">\</span>
<span class="nt">--with-stream_realip_module</span> <span class="se">\</span>
<span class="nt">--with-stream_ssl_module</span> <span class="se">\</span>
<span class="nt">--with-stream_ssl_preread_module</span> <span class="se">\</span>
<span class="nt">--with-debug</span> <span class="se">\</span>
<span class="nt">--add-module</span><span class="o">=</span>../ModSecurity-nginx/ <span class="se">\</span>
<span class="nt">--add-module</span><span class="o">=</span>../headers-more-nginx-module <span class="se">\</span>
<span class="nt">--with-cc-opt</span><span class="o">=</span><span class="s1">'-g -O2 -fdebug-prefix-map=/build/nginx-6kZD6z/nginx-1.14.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2'</span> <span class="se">\</span>
<span class="nt">--with-ld-opt</span><span class="o">=</span><span class="s1">'-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC'</span>
make
make <span class="nb">install</span>
<span class="c">#test Nginx</span>
<span class="nb">sudo </span>nginx <span class="nt">-t</span> <span class="o">&&</span> <span class="nb">sudo </span>nginx <span class="nt">-V</span>
2>&1 nginx <span class="nt">-V</span> | <span class="nb">tr</span> <span class="s1">' '</span> <span class="s1">'\n'</span>
</code></pre></div></div>
<h2 id="konfigurasi">Konfigurasi</h2>
<h3 id="konfig-dan-enable-service">Konfig dan enable service</h3>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>nano /etc/systemd/system/nginx.service
</code></pre></div></div>
<p>Paste:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="o">[</span>Unit]
<span class="nv">Description</span><span class="o">=</span>A high performance web server and a reverse proxy server
<span class="nv">After</span><span class="o">=</span>network.target
<span class="o">[</span>Service]
<span class="nv">Type</span><span class="o">=</span>forking
<span class="nv">PIDFile</span><span class="o">=</span>/run/nginx.pid
<span class="nv">ExecStartPre</span><span class="o">=</span>/usr/sbin/nginx <span class="nt">-t</span> <span class="nt">-q</span> <span class="nt">-g</span> <span class="s1">'daemon on; master_process on;'</span>
<span class="nv">ExecStart</span><span class="o">=</span>/usr/sbin/nginx <span class="nt">-g</span> <span class="s1">'daemon on; master_process on;'</span>
<span class="nv">ExecReload</span><span class="o">=</span>/usr/sbin/nginx <span class="nt">-g</span> <span class="s1">'daemon on; master_process on;'</span> <span class="nt">-s</span> reload
<span class="nv">ExecStop</span><span class="o">=</span>-/sbin/start-stop-daemon <span class="nt">--quiet</span> <span class="nt">--stop</span> <span class="nt">--retry</span> QUIT/5 <span class="nt">--pidfile</span> /run/nginx.pid
<span class="nv">TimeoutStopSec</span><span class="o">=</span>5
<span class="nv">KillMode</span><span class="o">=</span>mixed
<span class="o">[</span>Install]
<span class="nv">WantedBy</span><span class="o">=</span>multi-user.target
</code></pre></div></div>
<p>Test:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>systemctl start nginx.service <span class="o">&&</span> <span class="nb">sudo </span>systemctl <span class="nb">enable </span>nginx.service
</code></pre></div></div>
<h3 id="allow-ufw">Allow ufw</h3>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>nano /etc/ufw/applications.d/nginx
</code></pre></div></div>
<p>Paste:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="o">[</span>Nginx HTTP]
<span class="nv">title</span><span class="o">=</span>Web Server <span class="o">(</span>Nginx, HTTP<span class="o">)</span>
<span class="nv">description</span><span class="o">=</span>Small, but very powerful and efficient web server
<span class="nv">ports</span><span class="o">=</span>80/tcp
<span class="o">[</span>Nginx HTTPS]
<span class="nv">title</span><span class="o">=</span>Web Server <span class="o">(</span>Nginx, HTTPS<span class="o">)</span>
<span class="nv">description</span><span class="o">=</span>Small, but very powerful and efficient web server
<span class="nv">ports</span><span class="o">=</span>443/tcp
<span class="o">[</span>Nginx Full]
<span class="nv">title</span><span class="o">=</span>Web Server <span class="o">(</span>Nginx, HTTP + HTTPS<span class="o">)</span>
<span class="nv">description</span><span class="o">=</span>Small, but very powerful and efficient web server
<span class="nv">ports</span><span class="o">=</span>80,443/tcp
</code></pre></div></div>
<p>Test:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo </span>ufw app list
</code></pre></div></div>
<h3 id="allow-service-in-initd">Allow service in init.d</h3>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code>wget https://raw.github.com/JasonGiedymin/nginx-init-ubuntu/master/nginx <span class="nt">-O</span> /etc/init.d/nginx
<span class="nb">chmod</span> +x /etc/init.d/nginx
update-rc.d nginx defaults
</code></pre></div></div>
<p>Test:</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">sudo chmod</span> +x /etc/init.d/nginx
/etc/init.d/nginx status
</code></pre></div></div>
<h2 id="full-clean-uninstall">Full Clean Uninstall</h2>
<p>backup /usr/share/nginx/
backup /etc/nginx
backup /var/log/nginx
Delete manual</p>
<div class="language-bash highlighter-rouge"><div class="highlight"><pre class="highlight"><code><span class="nb">rm</span> <span class="nt">-rf</span> /usr/sbin/nginx <span class="o">&&</span> <span class="nb">rm</span> <span class="nt">-rf</span> /usr/lib/nginx/modules <span class="o">&&</span> <span class="nb">rm</span> <span class="nt">-rf</span> /var/lib/nginx <span class="o">&&</span> <span class="nb">rm</span> <span class="nt">-rf</span> /etc/nginx <span class="o">&&</span> <span class="nb">rm</span> <span class="nt">-rf</span> /usr/share/nginx <span class="o">&&</span> <span class="nb">rm</span> <span class="nt">-rf</span> /var/log/nginx
</code></pre></div></div>TohirBerikut instalasi nginx compiler dengan module modsecurity dan more-header Requirements 1 sudo apt install apache2-dev autoconf automake build-essential bzip2 checkinstall devscripts flex g++ gcc git graphicsmagick-imagemagick-compat graphicsmagick-libmagick-dev-compat libaio-dev libaio1 libass-dev libatomic-ops-dev libavcodec-dev libavdevice-dev libavfilter-dev libavformat-dev libavutil-dev libbz2-dev libcdio-cdda1 libcdio-paranoia1 libcdio13 libcurl4-openssl-dev libfaac-dev libfreetype6-dev libgd-dev libgeoip-dev libgeoip1 libgif-dev libgpac-dev libgsm1-dev libjack-jackd2-dev libjpeg-dev libjpeg-progs libjpeg8-dev liblmdb-dev libmp3lame-dev libncurses5-dev libopencore-amrnb-dev libopencore-amrwb-dev libpam0g-dev libpcre3 libpcre3-dev libperl-dev libpng12-dev libpng12-0 libpng12-dev libreadline-dev librtmp-dev libsdl1.2-dev libssl-dev libssl1.0.0 libswscale-dev libtheora-dev libtiff5-dev libtool libva-dev libvdpau-dev libvorbis-dev libxml2-dev libxslt-dev libxslt1-dev libxslt1.1 libxvidcore-dev libxvidcore4 libyajl-dev make openssl perl pkg-config tar texi2html unzip zip zlib1g-dev