Let’s Encrypt SSL Certificate di Webserver NGINX (Ubuntu & Debian)

apt-get -y install git
cd /usr/local/
git clone https://github.com/letsencrypt/letsencrypt
git clone https://github.com/certbot/certbot
cd /usr/local/certbot/
./certbot-auto certonly –agree-tos –rsa-key-size 4096 –renew-by-default -m saya@domain.com –webroot -w /var/www/ -d saya.domain.com –renew-by-default

====================

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/saya.domain.com/fullchain.pem. Your cert
will expire on 2016-10-20. To obtain a new or tweaked version of
this certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
“certbot-auto renew”
– If you lose your account credentials, you can recover through
e-mails sent to saya@domain.com.
– Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

=====================

Konfigurasi di Webserver NGINX

vi /etc/nginx/sites-available/default

=====================
ssl on;
ssl_certificate /etc/letsencrypt/live/saya.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/saya.domain.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ‘EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH’;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
=====================

mkdir /etc/nginx/ssl
cd /etc/nginx/ssl
openssl dhparam -out dhparams.pem 2048
/etc/init.d/nginx restart

Kemudian testing SSL di
https://www.ssllabs.com/ssltest/analyze.html

FDSocket closed dari Bacula Server ke Bacula Client

Gue bingung bacula-client config normal dan gak ada error, ditelnet ke localhost port lokal juga masuk tapi kok error koneksi ke bacula-client dari server bacula.

Dari client ke localhost

# telnet localhost 9102
Trying ::1…
Trying 127.0.0.1…
Connected to localhost.
Escape character is ‘^]’.
^]
telnet> quit
Connection closed.

Dari server ke client

# telnet 1.1.1.1 9102
Trying 1.1.1.1…
telnet: Unable to connect to remote host: Connection refused

Solusi

Setelah diselidiki ternyata LISTENnya cuma 127.0.0.1 bukan 0.0.0.0

root@hris:/etc/bacula# netstat -tulpn | grep LISTEN | grep 9102
tcp 0 0 127.0.0.1:9102 0.0.0.0:* LISTEN 20526/bacula-fd

Akhirnya biar jadi 0.0.0.0 (All IP address), kasih komentar aja bagian FDAddress nya

FileDaemon { # this is me
Name = hris-fd
FDport = 9102 # where we listen for the director
WorkingDirectory = /var/lib/bacula
Pid Directory = /var/run/bacula
Maximum Concurrent Jobs = 20
# FDAddress = 127.0.0.1
}

Bacula error UA Hello from client atau Unable to authenticate console “*UserAgent*”

Pesan Email Bacula error

ERROR in authenticate.c:415 Unable to authenticate console “*UserAgent*” at client:127.0.0.1:36131.

atau

ERROR in authenticate.c:303 UA Hello from client:127.0.0.1:36131 is invalid. Len=0

Solusi sementara, tambahkan !error pada messages bacula-dir.conf

Messages {
Name = Standard
mailcommand = “/usr/sbin/bsmtp -h 12.12.12.12 -f \”\(Bacula\) \\” -s \”Bacula: %t %e of %c %l\” %r”
operatorcommand = “/usr/sbin/bsmtp -h 12.12.12.12 -f \”\(Bacula\) \\” -s \”Bacula: Intervention needed for %j\” %r”
mail = root@mramedia.com = all, !skipped, !error
operator = root@mramedia.com = mount
console = all, !skipped, !saved
append = “/var/log/bacula/bacula.log” = all, !skipped
catalog = all
}

Error -bash: ./trafr: No such file or directory

root@jupiter:/usr/local/bin# ll
total 12
drwxr-xr-x 2 root root 4096 Jun 1 13:59 ./
drwxr-xr-x 10 root root 4096 Jun 1 12:09 ../
-rw-r–r– 1 root root 2629 Jun 1 13:53 trafr.tgz
root@jupiter:/usr/local/bin# tar xzf trafr.tgz
root@jupiter:/usr/local/bin# ll
total 20
drwxr-xr-x 2 root root 4096 Jun 1 13:59 ./
drwxr-xr-x 10 root root 4096 Jun 1 12:09 ../
-rwxr-xr-x 1 1003 root 4764 Mär 17 2004 trafr*
-rw-r–r– 1 root root 2629 Jun 1 13:53 trafr.tgz
root@jupiter:/usr/local/bin# ./trafr
-bash: ./trafr: No such file or directory

Masalah utama karena program TRAFR itu aplikasi 32 Bit, sedangkan anda menggunakan OS 64 Bit yang tidak mendukung 32bit compatibility libraries

Untuk melihatnya bisa dengan ketik

$file ./trafr
./trafr: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.2.0, stripped

Di ubuntu 14.04 , solusinya
$sudo dpkg –add-architecture i386
$sudo apt-get update
$sudo apt-get install libc6:i386

Setelah itu anda mendapatkan hasil seperti
$sudo ./trafr
usage: trafr [ip_addr]
-s write output to stdout. pipe it into tcpdump for example:
./trafr -s | /usr/sbin/tcpdump -r –
ip_addr use to filter one source router by ip address

Kalau pakai ubuntu versi lama, silakan pakai cara
#apt-get install ia32-libs

Kalau anda menggunakan Centos 6 atau RHEL 6, silakan pakai cara
$sudo yum install glibc.i686

Disconnected : No supported authentication methods available

error-ssh

  1. Log into the Ubuntu virtual machine in the Openstack.
  2. Open /etc/ssh/sshd_config with a text editor.
  3. Locate the line Password Authentication and change No to Yes.
  4. Locate and change the line Challenge Response Authentication from No to Yes.
  5. Save the file.
  6. Restart the SSH Service by using the command, service ssh restart You should be able to open a SSH connection to the virtual machine.

Unable to install Perl Switch.pm module

Jika error seperti website di
https://www.veritas.com/support/en_US/article.000023772

Lakukan instalasi seperti dibawah

If you want to install the Switch.pm Perl module into your system Perl config, there are two methods of installing it:

Install it through the Ubuntu repositories.
Install the .pm through CPAN.
At this time, both will provide the current version of this module(2.16).

Installing Switch.pm using the Ubuntu repositories:

From the command-line, the installation can be completed by running the following command from the terminal (Ctrl-Alt-t):

sudo apt-get install libswitch-perl
Within Synaptic, right-click on the libswitch-perl package, select Mark for installation, then click on the Apply button.
Within the Ubuntu Software Center (USC), search for the phrase libswitch-perl, highlight the package and select install:
Installing Switch.pm using CPAN: If you would prefer to install this via cpan, follow these instructions:

Open a terminal(Ctrl-Alt-t).
Enter the command cpan.
At the prompt cpan[1]>, type install Switch.
Once completed, Type exit.
The Switch.pm Perl module will now be available for you to use in your scripts.

Jika sudah selesai, lakukan instalasi ./installralus

Kemudian lakukan patch dikarenakan ada bug di VRTSralus yang tidak dapat dijalankan di ubuntu 14.04 keatas / debian 7 keatas

lakukan instruksi seperti website dibawah

http://web.archive.org/web/20140417140141/http://blog.redweb.at/2012/08/howto-backupexec-2012-linux-agent-and-kernel-3-0-debian/#comment-209

kemudian jika sudah jalankan servicenya “/etc/init.d/VRTSralus.init start” kemudian cek port nya apakah sudah terbuka atau belum “lsof -i tcp:10000”