Category Archives: Linux

Cara untuk mengetahui Proses Listening Port – Port tertentu di system

Netstat

[1] Menggunakan netstat, install packet net-tools

apt install net-tools

[2] Melihat port – port yang aktif digunakan

# netstat -tulpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name 
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2652/mysqld 
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1308/vsftpd 
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 8587/sshd 
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2571/master 
tcp6 0 0 :::80 :::* LISTEN 1301/httpd 
tcp6 0 0 :::22 :::* LISTEN 8587/sshd 
tcp6 0 0 ::1:25 :::* LISTEN 2571/master 
tcp6 0 0 :::443 :::* LISTEN 1301/httpd 

# netstat -tulpn | grep 80
tcp6 0 0 :::80 :::* LISTEN 1301/httpd

[3] Melihat semua Listing ports TCP dan UDP

# netstat -a | more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State 
tcp 0 0 0.0.0.0:mysql 0.0.0.0:* LISTEN 
tcp 0 0 0.0.0.0:ftp 0.0.0.0:* LISTEN 
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 
tcp 0 0 web.zotma:ssh 10.10.19.12:60726 ESTABLISHED
tcp6 0 0 [::]:http [::]:* LISTEN 
tcp6 0 0 [::]:ssh [::]:* LISTEN 
tcp6 0 0 localhost:smtp [::]:* LISTEN 
tcp6 0 0 [::]:https [::]:* LISTEN 
tcp6 0 0 web.zotma:https 10.10.19.12:58568 ESTABLISHED
tcp6 0 0 web.zotma:https 10.10.7.21:16723 TIME_WAIT 
tcp6 0 0 web.zotma:https 10.10.19.12:58554 TIME_WAIT 
tcp6 0 0 web.zotma:https 10.10.7.21:16710 TIME_WAIT 
tcp6 0 0 web.zotma:https 10.10.19.12:58564 FIN_WAIT2 
raw6 0 0 [::]:ipv6-icmp [::]:* 7 
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 19054 public/pickup
unix 2 [ ACC ] STREAM LISTENING 19058 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 10002 /run/lvm/lvmetad.sock
et
unix 2 [ ACC ] STREAM LISTENING 19068 private/rewrite
unix 2 [ ACC ] STREAM LISTENING 19071 private/bounce

[4] Show TCP Ports connections

# netstat -at
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State 
tcp 0 0 0.0.0.0:mysql 0.0.0.0:* LISTEN 
tcp 0 0 0.0.0.0:ftp 0.0.0.0:* LISTEN 
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 
tcp 0 208 web.zotma:ssh 10.10.19.12:60726 ESTABLISHED
tcp6 0 0 [::]:http [::]:* LISTEN 
tcp6 0 0 [::]:ssh [::]:* LISTEN 
tcp6 0 0 localhost:smtp [::]:* LISTEN 
tcp6 0 0 [::]:https [::]:* LISTEN 
tcp6 0 0 web.zotma:https 10.10.19.12:58732 TIME_WAIT 
tcp6 0 0 web.zotma:https 10.10.19.12:58738 TIME_WAIT 
tcp6 0 0 web.zotma:https 10.10.7.21:16909 TIME_WAIT 
tcp6 0 0 web.zotma:https 10.10.7.21:16919 TIME_WAIT

[5] Show UDP Ports connections

netstat -au
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State 
udp 0 0 *:mdns *:* 
udp 0 0 *:42400 *:* 
udp 0 0 *:bootps *:* 
udp 0 0 *:bootps *:* 
udp 0 0 *:55521 *:* 
udp 0 0 localhost:35243 localhost:35243 ESTABLISHED
udp 0 0 *:ipp *:* 
udp6 0 0 [::]:44107 [::]:* 
udp6 0 0 [::]:mdns [::]:*

[6] Show all Listening Connections

netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State 
tcp 0 0 0.0.0.0:mysql 0.0.0.0:* LISTEN 
tcp 0 0 0.0.0.0:ftp 0.0.0.0:* LISTEN 
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 
tcp6 0 0 [::]:http [::]:* LISTEN 
tcp6 0 0 [::]:ssh [::]:* LISTEN 
tcp6 0 0 localhost:smtp [::]:* LISTEN 
tcp6 0 0 [::]:https [::]:* LISTEN 
raw6 0 0 [::]:ipv6-icmp [::]:* 7 
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node Path
unix 2 [ ACC ] STREAM LISTENING 19054 public/pickup
unix 2 [ ACC ] STREAM LISTENING 19058 public/cleanup
unix 2 [ ACC ] STREAM LISTENING 10002 /run/lvm/lvmetad.socket
unix 2 [ ACC ] STREAM LISTENING 19068 private/rewrite

[7] Show all TCP Listening Ports

# netstat -lt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State 
tcp 0 0 0.0.0.0:mysql 0.0.0.0:* LISTEN 
tcp 0 0 0.0.0.0:ftp 0.0.0.0:* LISTEN 
tcp 0 0 0.0.0.0:ssh 0.0.0.0:* LISTEN 
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN 
tcp6 0 0 [::]:http [::]:* LISTEN 
tcp6 0 0 [::]:ssh [::]:* LISTEN 
tcp6 0 0 localhost:smtp [::]:* LISTEN 
tcp6 0 0 [::]:https [::]:* LISTEN

[8] Show all UDP Listening Ports

netstat -lu
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State 
udp 0 0 *:mdns *:* 
udp 0 0 *:42400 *:* 
udp 0 0 userlocal:domain *:* 
udp 0 0 *:bootps *:* 
udp 0 0 *:bootps *:* 
udp 0 0 *:55521 *:* 
udp 0 0 *:ipp *:* 
udp6 0 0 [::]:44107 [::]:* 
udp6 0 0 [::]:mdns [::]:*

[9] Show Statistics Protocol TCP/UDP

TCP :

# netstat -st
IcmpMsg:
 InType3: 67
 InType8: 2
 OutType0: 2
 OutType3: 71
Tcp:
 106 active connections openings
 3826 passive connection openings
 0 failed connection attempts
 21 connection resets received
 1 connections established
 42378 segments received
 51180 segments send out
 598 segments retransmited
 0 bad segments received.
 55 resets sent
UdpLite:
TcpExt:
 19 invalid SYN cookies received
 3803 TCP sockets finished time wait in fast timer
 3804 delayed acks sent
 Quick ack mode was activated 12 times
 5767 packet headers predicted
 15270 acknowledgments not containing data payload received
 2899 predicted acknowledgments
 54 times recovered from packet loss by selective acknowledgements
 4 congestion windows recovered without slow start after partial ack
 TCPLostRetransmit: 40
 401 fast retransmits
 121 forward retransmits
 23 retransmits in slow start
 66 other TCP timeouts
 TCPLossProbes: 128
 TCPLossProbeRecovery: 5
 25 SACK retransmits failed
 12 DSACKs sent for old packets
 6 connections reset due to unexpected data
 3 connections reset due to early user close
 TCPSpuriousRTOs: 4
 TCPSackShiftFallback: 1028
 TCPDeferAcceptDrop: 3813
 TCPRcvCoalesce: 296
 TCPSpuriousRtxHostQueues: 1
 TCPAutoCorking: 2410
 TCPSynRetrans: 3
 TCPOrigDataSent: 33107
 TCPHystartTrainDetect: 31
 TCPHystartTrainCwnd: 572
 TCPHystartDelayDetect: 14
 TCPHystartDelayCwnd: 253
IpExt:
 InBcastPkts: 46375
 InOctets: 15471738
 OutOctets: 32197082
 InBcastOctets: 7371334
 InNoECTPkts: 107073

UDP :

# netstat -su
IcmpMsg:
 InType3: 67
 InType8: 2
 OutType0: 2
 OutType3: 71
Udp:
 0 packets received
 67 packets to unknown port received.
 0 packet receive errors
 261 packets sent
 0 receive buffer errors
 0 send buffer errors
UdpLite:
IpExt:
 InBcastPkts: 46378
 InOctets: 15477053
 OutOctets: 32206459
 InBcastOctets: 7371632
 InNoECTPkts: 107124

[10] Menampilkan nama service dengan PID

# netstat -tp
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name 
tcp 0 224 web.zotma:ssh 10.10.19.12:60726 ESTABLISHED 8757/sshd: root@pts 
tcp6 0 0 web.zotma:https 10.10.7.21:17455 TIME_WAIT - 
tcp6 0 0 web.zotma:https 10.10.19.12:58916 TIME_WAIT - 
tcp6 0 0 web.zotma:https 10.10.7.21:17456 ESTABLISHED -

[11] Melihat Network Interface Transactions

# netstat -i
Kernel Interface table
Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
enp2s0 1500 200366 0 0 0 52389 0 0 0 BMRU
lo 65536 281 0 0 0 281 0 0 0 LRU

[12] Melihat Informasi IPv4 dan IPv6

# netstat -g
IPv6/IPv4 Group Memberships
Interface RefCnt Group
--------------- ------ ---------------------
lo 1 224.0.0.1
enp2s0 1 224.0.0.1
lo 1 ff02::1
lo 1 ff01::1
enp2s0 1 ff02::1:ff27:6bf9
enp2s0 1 ff02::1
enp2s0 1 ff01::1

[13] Finding Listening Programs

# netstat -ap | grep https
tcp6 0 0 [::]:https [::]:* LISTEN 1301/httpd 
tcp6 0 0 web.zotma:https 10.10.19.23:33088 TIME_WAIT - 
tcp6 0 0 web.zotma:https 10.10.19.25:18649 TIME_WAIT - 
tcp6 0 0 web.zotma:https 10.10.19.25:18639 TIME_WAIT - 
tcp6 0 0 web.zotma:https 10.10.19.23:33096 TIME_WAIT -

 

lsof

Install lsof :

$ sudo apt-get install lsof

Command – command lsof

$ lsof --help
lsof: illegal option character: -
lsof: -e not followed by a file system path: "lp"
lsof 4.89
 latest revision: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/
 latest FAQ: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/FAQ
 latest man page: ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/lsof_man
 usage: [-?abhKlnNoOPRtUvVX] [+|-c c] [+|-d s] [+D D] [+|-E] [+|-e s] [+|-f[gG]]
 [-F [f]] [-g [s]] [-i [i]] [+|-L [l]] [+m [m]] [+|-M] [-o [o]] [-p s]
 [+|-r [t]] [-s [p:s]] [-S [t]] [-T [t]] [-u s] [+|-w] [-x [fl]] [--] [names]
Defaults in parentheses; comma-separated set (s) items; dash-separated ranges.
 -?|-h list help -a AND selections (OR) -b avoid kernel blocks
 -c c cmd c ^c /c/[bix] +c w COMMAND width (9) +d s dir s files
 -d s select by FD set +D D dir D tree *SLOW?* +|-e s exempt s *RISKY*
 -i select IPv[46] files -K list tasKs (threads) -l list UID numbers
 -n no host names -N select NFS files -o list file offset
 -O no overhead *RISKY* -P no port names -R list paRent PID
 -s list file size -t terse listing -T disable TCP/TPI info
 -U select Unix socket -v list version info -V verbose search
 +|-w Warnings (+) -X skip TCP&UDP* files -Z Z context [Z]
 -- end option scan 
 -E display endpoint info +E display endpoint info and files
 +f|-f +filesystem or -file names +|-f[gG] flaGs 
 -F [f] select fields; -F? for help 
 +|-L [l] list (+) suppress (-) link counts < l (0 = all; default = 0)
 +m [m] use|create mount supplement
 +|-M portMap registration (-) -o o o 0t offset digits (8)
 -p s exclude(^)|select PIDs -S [t] t second stat timeout (15)
 -T qs TCP/TPI Q,St (s) info
 -g [s] exclude(^)|select and print process group IDs
 -i i select by IPv[46] address: [46][proto][@host|addr][:svc_list|port_list]
 +|-r [t[m<fmt>]] repeat every t seconds (15); + until no files, - forever.
 An optional suffix to t is m<fmt>; m must separate t from <fmt> and
 <fmt> is an strftime(3) format for the marker line.
 -s p:s exclude(^)|select protocol (p = TCP|UDP) states by name(s).
 -u s exclude(^)|select login|UID set s
 -x [fl] cross over +d|+D File systems or symbolic Links
 names select named files or files on named file systems
Anyone can list all files; /dev warnings disabled; kernel ID check disabled.

Contoh menggunakan command -i

$ lsof -i :5900
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
remmina 4281 space 19u IPv4 52692 0t0 TCP 10.10.1.93:33538->10.1.1.70:5900 (ESTABLISHED)

 

fuser

Install psmisc :

$ sudo apt-get install psmisc

$ fuser
No process specification given
Usage: fuser [-fMuvw] [-a|-s] [-4|-6] [-c|-m|-n SPACE] [-k [-i] [-SIGNAL]] NAME...
 fuser -l
 fuser -V
Show which processes use the named files, sockets, or filesystems.

-a,--all display unused files too
 -i,--interactive ask before killing (ignored without -k)
 -k,--kill kill processes accessing the named file
 -l,--list-signals list available signal names
 -m,--mount show all processes using the named filesystems or block device
 -M,--ismountpoint fulfill request only if NAME is a mount point
 -n,--namespace SPACE search in this name space (file, udp, or tcp)
 -s,--silent silent operation
 -SIGNAL send this signal instead of SIGKILL
 -u,--user display user IDs
 -v,--verbose verbose output
 -w,--writeonly kill only processes with write access
 -V,--version display version information
 -4,--ipv4 search IPv4 sockets only
 -6,--ipv6 search IPv6 sockets only
 - reset options

udp/tcp names: [local_port][,[rmt_host][,[rmt_port]]]

Cheers – Andito Yugo Wicaksono

 

 

 

Membuat Banner Messages SSH Login

[1] Buat file banner, contoh membuat banner di

# vi /etc/banner.net

=Jika anda memiliki akses silahkan login=

[2] Ubah sshd_config file dan enable banners

# vi /etc/ssh/sshd_config
Banner /etc/banner.net

[3] Restart sshd service

# systemctl restart sshd

[4] Coba login ke server yang sudah di setting banner nya

$ ssh 10.10.1.10 -l root
=Jika anda memiliki akses silahkan login=
root@10.10.1.10's password:

 

SSH Warning Message untuk Users setelah Login

[1] Tambahkan Warning Message di file

# vi /etc/motd
Pergunakan hak akses anda sejujur mungkin

[2] ssh ke server

root@10.10.1.10's password: 
Last login: Tue Aug 8 09:31:50 2017 from 10.10.1.10
Pergunakan hak akses anda sejujur mungkin

Cheers – Andito Yugo Wicaksono

 

 

mod_security

Menggunakan mod_security module untuk konfigurasi Web Application Firewall (WAF).

[1] Install mod_security

yum -y install mod_security

[2] Setelah selesai installasi, konfigurasi file mod_security di direktori dan setting menjadi enabled. Setelah settingan selesai lalu tambahkan rules.

# cat /etc/httpd/conf.d/mod_security.conf 
<IfModule mod_security2.c>
 # ModSecurity Core Rules Set configuration
 IncludeOptional modsecurity.d/*.conf
 IncludeOptional modsecurity.d/activated_rules/*.conf
 
 # Default recommended configuration
 SecRuleEngine On
 SecRequestBodyAccess On
 SecRule REQUEST_HEADERS:Content-Type "text/xml" \
......................................................
.....................................................

[3] Di bawah ini contoh rules sederhana

# default action when matching rules
SecDefaultAction "phase:2,deny,log,status:406"

# "etc/passwd" is included in request URI
SecRule REQUEST_URI "etc/passwd" "id:'500001'"
SecRule REQUEST_URI "home" "id:'500005'"

# "../" is included in request URI
SecRule REQUEST_URI "\.\./" "id:'500002'"

# "<SCRIPT" is included in arguments
SecRule ARGS "<[Ss][Cc][Rr][Ii][Pp][Tt]" "id:'500003'"

# "SELECT FROM" is included in arguments
SecRule ARGS "[Ss][Ee][Ll][Ee][Cc][Tt][[:space:]]+[Ff][Rr][Oo][Mm]" "id:'500004'"

--------------------------------------------------------------------
# Restart httpd
systemctl restart httpd

[4] Akses web yang di block rule

[5] General rules disediakan dari official repository dan mudah untuk menerapkannya. Tapi mungkin anda perlu menyesuaikannya untuk situs web anda sendiri agar tidak memblokir permintaan yang diperlukan.

yum -y install mod_security_crs
cd /usr/lib/modsecurity.d/base_rules
ll
modsecurity_35_bad_robots.data
modsecurity_35_scanners.data
modsecurity_40_generic_attacks.data
modsecurity_41_sql_injection_attacks.data
modsecurity_50_outbound.data
modsecurity_50_outbound_malware.data
modsecurity_crs_20_protocol_violations.conf
modsecurity_crs_21_protocol_anomalies.conf
modsecurity_crs_23_request_limits.conf
modsecurity_crs_30_http_policy.conf
modsecurity_crs_35_bad_robots.conf
modsecurity_crs_40_generic_attacks.conf
modsecurity_crs_41_sql_injection_attacks.conf
modsecurity_crs_41_xss_attacks.conf
modsecurity_crs_42_tight_security.conf
modsecurity_crs_45_trojans.conf
modsecurity_crs_47_common_exceptions.conf
modsecurity_crs_48_local_exceptions.conf.example
modsecurity_crs_49_inbound_blocking.conf
modsecurity_crs_50_outbound.conf
modsecurity_crs_59_outbound_blocking.conf
modsecurity_crs_60_correlation.conf

Cheers.
Andito Yugo Wicaksono

 

 

Install Vmware Player 12 di Ubuntu 16.04

[1] Sebelum installasi Vmware dilakukan, sebaiknya update system ubuntu terlebih dahulu

sudo apt-get update

 

[2] Install packet – packet yang di butuhkan untuk installasi Vmware Player 12

sudo apt install build-essential gcc
sudo apt install libcanberra-gtk-modul

 

[3] Download Vmware Player 12 Package di Link ini

Ubah permission file nya

sudo chmod +x VMware-Player-12.5.7-5813279.x86_64.bundle

 

[4] Install Vmware Player 12

sudo ./VMware-Player-12.5.7-5813279.x86_64.bundle

Jika mengalami masalah seperti di bawah ini ” Vmware kernel module error ” setelah di install muncul seperti di bawah ini :Langkah yang harus di lakukan adalah

sudo apt-get install linux-headers-generic
sudo apt-get install build-essential
# Setelah proses selesai lalu lakukan restart system

 

[5] Buka Vmware Player

Masukkan email untuk aktivasi Vmware Player, setelah masukkan email pilih OK

Semoga bermanfaat.
Andito Yugo Wicaksono

Services ( CentOS )

[1] Melihat list service – service yang sedang running.

# systemctl -t service
UNIT LOAD ACTIVE SUB DESCRIPTION
auditd.service loaded active running Security Auditing Service
crond.service loaded active running Command Scheduler
dbus.service loaded active running D-Bus System Message Bus
firewalld.service loaded active running firewalld - dynamic firewall 
getty@tty1.service loaded active running Getty on tty1
httpd.service loaded active running The Apache HTTP Server
irqbalance.service loaded active running irqbalance daemon
mariadb.service loaded active running MariaDB database server
network.service loaded active exited LSB: Bring up/down networking
NetworkManager.service loaded active running Network Manager
polkit.service loaded active running Authorization Manager
postfix.service loaded active running Postfix Mail Transport Agent
........................................................................................................
........................................................................................................
rsyslog.service loaded active running System Logging Service
sshd.service loaded active running OpenSSH server daemon
systemd-update-utmp.service loaded active exited Update UTMP about System Boot
systemd-user-sessions.service loaded active exited Permit User Sessions
systemd-vconsole-setup.service loaded active exited Setup Virtual Console
tuned.service loaded active running Dynamic System Tuning Daemon
vsftpd.service loaded active running Vsftpd ftp daemon
wpa_supplicant.service loaded active running WPA Supplicant daemon
xinetd.service loaded active running Xinetd A Powerful Replacement

LOAD = Reflects whether the unit definition was properly loaded.
ACTIVE = The high-level unit activation state, i.e. generalization of SUB.
SUB = The low-level unit activation state, values depend on unit type.

[2] List semua services

# systemctl list-unit-files -t service
UNIT FILE STATE 
arp-ethers.service disabled
auditd.service enabled 
autovt@.service disabled
blk-availability.service disabled
...
...
systemd-vconsole-setup.service static 
tcsd.service disabled
teamd@.service static 
tftp.service static 
tuned.service enabled 
vsftpd.service enabled 
vsftpd@.service disabled
wpa_supplicant.service disabled
xinetd.service enabled

148 unit files listed.

[3] Stop dan turn OFF auto-start setting service jika tidak diperlukan lagi. Contoh service yang akan di eksekusi

# systemctl stop firewalld
# systemctl disable firewalld
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.

[4] Start dan enbale auto-start service yang di perlukan.

# systemctl start firewalld
# systemctl enable firewalld
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/basic.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.

[5] Ada beberapa service SysV yang di kontrol oleh chkconfig, berikut contohnya

# chkconfig --list

Note: This output shows SysV services only and does not include native
 systemd services. SysV configuration data might be overridden by native
 systemd configuration.

If you want to list systemd services use 'systemctl list-unit-files'.
 To see services enabled on particular target use
 'systemctl list-dependencies [target]'.

netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off

xinetd based services:
 chargen-dgram: off
 chargen-stream: off
 daytime-dgram: off
 daytime-stream: off
 discard-dgram: off
 discard-stream: off
 echo-dgram: off
 echo-stream: off
 tcpmux-server: off
 tftp: off
 time-dgram: off
 time-stream: off


# Contoh untuk turn OFF auto-start setting untuk netconsole
chkconfig netconsole off

# Contoh untuk turn ON auto-start setting untuk netconsole
chkconfig netconsole on

Cheers…
Andito Yugo Wicaksono

 

HAProxy : HTTP Load Balancing

Pengertian Load Balance khususnya dalam jaringan komputer berarti teknik untuk membagi beban Traffic ke dalam beberapa link. Hal ini dilakukan jika di dalam jaringan terdapat beberapa Link. Untuk Load Balancer yang berbentuk Hardware sebagai perangkat fisik yang khusus di desain sebagai load balancer, tidak termasuk server yang terinstall aplikasi load balancer atau perangkat router yang memiliki fitur balancing, sebagai contoh adalah perangkat F5 Link Controller, ASM (WAF), dan Load Traffic Manager (LTM). Sedangkan dari open source ada beberapa pilihan yang bisa kita gunakan diantaranya seperti HAProxy yang didesain khusus sebagai load balancing, Pound, Pen, LVS, dan Nginx.

Disini saya akan membahas tentang HAProxy yang akan digunakan untuk fungsi http Load Balancing.

Contoh topologi untuk Load Balancer menggunakan HAProxy

Installasi dan konfigurasi HAProxy

[1] Install HAProxy

yum install epel-release -y
yum -y install haprox

[2] Konfigurasi HAProxy

# Backup konfigurasi
mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.org

# Buat Konfigurasi baru
global
 # for logging section
 log 127.0.0.1 local2 info
 chroot /var/lib/haproxy
 pidfile /var/run/haproxy.pid

# max per-process number of connections
 maxconn 256

# process' user and group
 user haproxy
 group haproxy

# makes the process fork into background
 daemon

defaults
 # running mode
 mode http

# use global settings
 log global

# get HTTP request log
 option httplog

# timeout if backends do not reply
 timeout connect 10s

# timeout on client side
 timeout client 30s

# timeout on server side
 timeout server 30s

# define frontend ( set any name for "http-in" section )

frontend http-in

# listen 80
 bind *:80

# set default backend
 default_backend backend_servers

# send X-Forwarded-For header
 option forwardfor

# define backend

backend backend_servers

# balance with roundrobin
 balance roundrobin

# define backend servers
 server server01 10.1.19.10:80 check
 server server02 10.1.19.20:80 check

--------------------------------------
# Start haproxy
systemctl start haproxy
systemctl enable haproxy

[3] Konfigurasi rsyslog untuk log HAProxy

vi /etc/rsyslog.conf
# Tambahkan seperti di bawah ini
$ModLoad imudp
$UDPServerRun 514
$AllowedSender UDP, 127.0.0.1

# Tambahkan di baris ke 56
*.info;mail.none;authpriv.none;cron.none,local2.none
 /var/log/messages

local2.* /var/log/haproxy.log

# Restart rsyslog
systemctl restart rsyslog

[4] Ubah httpd settings di Backend server untuk logging X-Forwarded-For header

vi /etc/httpd/conf/httpd.conf
# Di baris 196 ubah log format nya menjadi seperti di bawah ini

LogFormat "\"%{X-Forwarded-For}i\"
%l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
[root@www ~]# systemctl restart httpd

[5] Test Load Balance server

Untuk server 1 menggunakan halaman Test Page, dan server 2 menggunakan format tanggal.

Setting git menggunakan proxy

Tips dan trik cara setting git menggunakan proxy server.

Di bawah ini adalah cara untuk menambahkan git config global di linux

git config --global http.proxy http://username:password@proxydomain:port
git config --global https.proxy http://username:password@proxydomain:port


Unset Proxy jika sudah disetting

git config --global --unset http.proxy
git config --global --unset https.proxy

Error yang umumnya muncul

502: URL/IP is unreachable from your network.
407: Proxy authentication Denied.
80 : Proxy has not been set properly.