Create user SFTP pada Linux

sudo groupadd sftpgroup
sudo groupadd sftpusers

sudo mkdir -p /home/sftp-data/mbsapp
sudo chown root:root /home/sftp-data
sudo chmod 755 /home/sftp-data
sudo chown root:sftpgroup /home/sftp-data/mbsapp
sudo chmod 770 /home/sftp-data/mbsapp

sudo useradd -d /home/sftp-data/ -s /usr/sbin/nologin -g sftpgroup sftpcaesar
passwd sftpcaesar
*****

sudo useradd -d /home/sftp-data/ -s /usr/sbin/nologin -g sftpgroup sftpkiky
passwd sftpkiky
*****

sudo useradd -d /home/sftp-data/ -s /usr/sbin/nologin -g sftpgroup sftpmumu
passwd sftpmumu
*****

pico /etc/ssh/sshd_config

Match Group sftpgroup
    ChrootDirectory /home/sftp-data
    ForceCommand internal-sftp
    X11Forwarding no
    AllowTcpForwarding no

Backup vm dari proxmox agar bisa di restore pada proxmox yang berbeda

pilih VM yang akan di backup pada UI proxmox 

File backup akan tersimpan di /var/lib/vz/dump/ atau storage yang dipilih

Transfer Backup ke Proxmox Tujuan dari proxmox sumber

proxmox sumber : 192.168.11.89
proxmox tujuan   : 192.168.146.2

scp /var/lib/vz/dump/vzdump-qemu-110-2025_03_10-14_38_26.vma.lzo root@192.168.146.2:/var/lib/vz/dump/

 

Restore VM di Proxmox Tujuan

qmrestore /var/lib/vz/dump/vzdump-qemu-110-2025_03_10-14_38_26.vma.lzo 111

 

sumber tambahan https://www-tecmint-com.translate.goog/proxmox-backup-restore-vm/?_x_tr_sl=en&_x_tr_tl=id&_x_tr_hl=id&_x_tr_pto=tc

Cara Resize Vm Proxmox

 Cara Resize Vm Proxmox

1. Lewat web Proxmox masuk ke Vm yg mau di resize misal di tambah 500 GB
2. kalo lewat cli qm resize 201 scsi0 +500G
3. qm list
4. masuk Ke Vm nya lalu install dulu parted yg baru
5. yum install parted
6. Ikuti partisi berikut

[root@localhost ~]# parted /dev/sda
GNU Parted 3.1
Using /dev/sda
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) print
Model: QEMU QEMU HARDDISK (scsi)
Disk /dev/sda: 215GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start   End     Size    Type     File system  Flags
 1      1049kB  1075MB  1074MB  primary  xfs          boot
 2      1075MB  34.4GB  33.3GB  primary               lvm

(parted) resizepart 2 100%
(parted) print
Model: QEMU QEMU HARDDISK (scsi)
Disk /dev/sda: 215GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start   End     Size    Type     File system  Flags
 1      1049kB  1075MB  1074MB  primary  xfs          boot
 2      1075MB  215GB   214GB   primary               lvm

(parted) quit

[root@localhost ~]#

Show current disk at VM

[root@localhost ~]# df -h
Filesystem               Size  Used Avail Use% Mounted on
/dev/mapper/centos-root   30G  1.1G   29G   4% /
devtmpfs                 3.9G     0  3.9G   0% /dev
tmpfs                    3.9G     0  3.9G   0% /dev/shm
tmpfs                    3.9G  8.5M  3.9G   1% /run
tmpfs                    3.9G     0  3.9G   0% /sys/fs/cgroup
/dev/sda1               1014M  142M  873M  14% /boot
tmpfs                    783M     0  783M   0% /run/user/1000
[root@localhost ~]#

show current Phisycal Volume

[root@localhost ~]# pvdisplay
  --- Physical volume ---
  PV Name               /dev/sda2
  VG Name               centos
  PV Size               <31.00 GiB / not usable 3.00 MiB
  Allocatable           yes (but full)
  PE Size               4.00 MiB
  Total PE              7935
  Free PE               0
  Allocated PE          7935
  PV UUID               dWzC8B-TkO9-hiHN-Oodx-c2d-nzQ-zrJfGN

[root@localhost ~]#

Resize Phisycal Volume

[root@localhost ~]# pvresize /dev/sda2
  Physical volume "/dev/sda2" changed
  1 physical volume(s) resized / 0 physical volume(s) not resized
[root@localhost ~]# 
[root@localhost ~]# pvdisplay
  --- Physical volume ---
  PV Name               /dev/sda2
  VG Name               centos
  PV Size               <199.00 GiB / not usable 2.00 MiB
  Allocatable           yes
  PE Size               4.00 MiB
  Total PE              50943
  Free PE               43008
  Allocated PE          7935
  PV UUID               dWzC8B-TkO9-hiHN-Oodx-c2d-nzQ-zrJfGN

[root@localhost ~]#

Resize Logical Volume

[root@localhost ~]# lvresize --extents +100%FREE --resizefs /dev/centos/root
  Size of logical volume centos/root changed from <30.00 GiB (7679 extents) to <198.00 GiB (50687 extents).
  Logical volume centos/root successfully resized.
meta-data=/dev/mapper/centos-root isize=512    agcount=5, agsize=1965568 blks
         =                       sectsz=512   attr=2, projid32bit=1
         =                       crc=1        finobt=0 spinodes=0
data     =                       bsize=4096   blocks=7863296, imaxpct=25
         =                       sunit=0      swidth=0 blks
naming   =version 2              bsize=4096   ascii-ci=0 ftype=1
log      =internal               bsize=4096   blocks=3839, version=2
         =                       sectsz=512   sunit=0 blks, lazy-count=1
realtime =none                   extsz=4096   blocks=0, rtextents=0
data blocks changed from 7863296 to 51903488
[root@localhost ~]#

Test

show current disk

[root@localhost ~]# df -Th
Filesystem              Type      Size  Used Avail Use% Mounted on
/dev/mapper/centos-root xfs       198G  1.1G  197G   1% /
devtmpfs                devtmpfs  3.9G     0  3.9G   0% /dev
tmpfs                   tmpfs     3.9G     0  3.9G   0% /dev/shm
tmpfs                   tmpfs     3.9G  8.5M  3.9G   1% /run
tmpfs                   tmpfs     3.9G     0  3.9G   0% /sys/fs/cgroup
/dev/sda1               xfs      1014M  142M  873M  14% /boot
tmpfs                   tmpfs     783M     0  783M   0% /run/user/1000
[root@localhost ~]# sumber : https://hendro-wibiksono.web.id/2020/04/10/cara-resize-vm-proxmox/ 

Melihat charset pada pada database, table dan column di MySQL

 

 

SELECT SCHEMA_NAME, DEFAULT_CHARACTER_SET_NAME, DEFAULT_COLLATION_NAME
FROM information_schema.SCHEMATA;

SELECT TABLE_NAME
FROM information_schema.TABLES
WHERE TABLE_SCHEMA = 'sms';

SELECT TABLE_NAME, ENGINE, TABLE_COLLATION, TABLE_ROWS, DATA_LENGTH, INDEX_LENGTH
FROM information_schema.TABLES
WHERE TABLE_SCHEMA = 'sms';

SELECT COLUMN_NAME, CHARACTER_SET_NAME, COLLATION_NAME
FROM information_schema.COLUMNS
WHERE TABLE_SCHEMA = 'sms' AND TABLE_NAME = 'outbox';

Menambah Ukuran Partisi LVM di Ubuntu Server

Menambah Ukuran Partisi LVM di Ubuntu Server. Ketika saya melakukan instalasi Ubuntu Server dengan mode guided partitioning with LVM, ternyata ukuran partisi sistemnya nya hanya sekitar seperempat dari total kapasitas hardisk yang tersedia. Nah, di artikel ini saya akan sharing bagaimana cara menambah ukuran partisi di sistem, yang dalam kasus ini saya akan menggunakan seluruh sisa kapasitas yang belum terpakai.

Jika kalian tidak mengubah pengaturan default saat instalasi, nama logical group dan logical volumenya harusnya sama dengan screenshot diatas.

Untuk meresize partisi LVM di Ubuntu Server jalankan perintah

sudo lvextend -l +100%FREE /dev/ubuntu-vg/ubuntu-lv

resize2fs /dev/ubuntu-vg/ubuntu-lv

Sekarang cek lagi partisi sistem di Ubuntu kalian, harusnya sudah bertambah.

Oke itu saja artikel kali ini.

sumber : https://www.linuxsec.org/2020/08/menambah-ukuran-partisi-lvm-di-ubuntu.html

Remove Server Name From Apache Response Header (Apache/xxx ) Ubuntu

1. Open Apache Config File

Open terminal and run the following command to open Apache main configuration file.

CentOS/Fedora:

$ sudo vi /etc/httpd/conf/httpd.conf

Ubuntu/Debian:

$ sudo vi /etc/apache2/apache2.conf

Bonus Read : How to Enable GZIP Compression in Apache

2. Turn Off Server Signature

Add/modify the following lines to hide server information in Apache.

ServerSignature Off
ServerTokens Prod

ServerSignature – appears at the bottom of server generated pages such as error pages, directory listings, etc. It takes On/Off/EMail values, where EMail shows a “mailto:” reference to Site Admin’s email.

ServerTokens – ServerTokens decides what Apache will send back in response headers. It takes the following values

ServerTokens Full (or not specified)
Response to clients: Server: Apache/2.4.2 (Unix) PHP/4.2.2 MyMod/1.2

ServerTokens Prod[uctOnly]
Response to clients: Server: Apache

ServerTokens Major
Response to clients: Server: Apache/2

ServerTokens Minor
Response to clients: Server: Apache/2.4

ServerTokens Min[imal]
Response to clients: Server: Apache/2.4.2

ServerTokens OS
Response to clients: Server: Apache/2.4.2 (Unix)

Bonus Read : How to Install mod_evasive in Apache

If you want to disable server signature in WordPress or turn off server signature in CPanel, then you will have to remove Apache server using .htaccess file, since you may not have access to Apache’s main configuration file.

Open CPanel, locate .htaccess file and edit it. Add the following 2 lines to .htaccess file

ServerSignature Off
ServerTokens Prod

Bonus Read : How to Move Apache Web Root to New Location

3. Restart Apache Server

Restart Apache Server to apply changes

$ sudo systemctl restart apache2 #SystemD
$ sudo service apache2 restart #SysVInit

Disable TLS 1.0 and 1.1 in Apache

Check Enabled SSL/TLS Versions

Online Tools

You can quickly check the versions of SSL/TLS your website supports by visiting CDN77’s TLS Checker and entering the domain name you’d like to check. As can be seen below, https://example.com currently disables SSL versions 2 and 3, but enables all versions of TLS (including the deprecated TLS 1.1 and 1.0):

Nmap

You can also check for the SSL/TLS versions and ciphers supported by a website with the open-source nmap command-line tool:

nmap --script ssl-enum-ciphers -p <PORT> <DOMAIN NAME>

The default port for SSL/TLS is 443

. The command below will generate a report for example.com:

$ nmap --script ssl-enum-ciphers -p 443 example.com

Starting Nmap 7.80 ( https://nmap.org ) at 2020-08-25 13:10 EDT

Nmap scan report for example.com (93.184.216.34)

Host is up (0.031s latency).

Other addresses for example.com (not scanned): 2606:2800:220:1:248:1893:25c8:1946

PORT STATE SERVICE

443/tcp open https

| ssl-enum-ciphers:

| TLSv1.0:

| ciphers:

| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A

| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A

| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A

| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A

| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A

| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A

| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A

| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A

| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A

| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A

| TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 2048) - A

| TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) - A

| compressors:

| NULL

| cipher preference: server

| TLSv1.1:

| ciphers:

| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A

| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A

| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A

| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A

| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A

| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A

| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A

| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A

| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A

| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A

| TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 2048) - A

| TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) - A

| compressors:

| NULL

| cipher preference: server

| TLSv1.2:

| ciphers:

| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A

| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A

| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A

| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A

| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A

| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A

| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A

| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A

| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A

| TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A

| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A

| TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A

| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A

| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (dh 2048) - A

| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (dh 2048) - A

| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A

| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (rsa 2048) - A

| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A

| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (rsa 2048) - A

| TLS_DHE_RSA_WITH_SEED_CBC_SHA (dh 2048) - A

| TLS_RSA_WITH_SEED_CBC_SHA (rsa 2048) - A

| compressors:

| NULL

| cipher preference: server

|_ least strength: A

Nmap done: 1 IP address (1 host up) scanned in 3.88 seconds

Server Configuration

Apache

To disable TLS 1.0 and 1.1 in Apache, you will need to edit the configuration file containing the SSLProtocol

directive for your website. This file may be located in different places depending on your platform, version, or other installation details. Some possible locations are:

• /usr/local/apache2/conf/extra/httpd-ssl.conf
  (default Apache installation)
• /etc/apache2/mods-enabled/ssl.conf
  (Ubuntu/Debian)
• /private/etc/apache2/extra/httpd-ssl.conf
  (macOS)

When you have located the correct configuration file, look for a line beginning with SSLProtocol

. This example, from a default macOS Apache installation, disables SSLv3 with the operator but enables TLS 1.0 and 1.1:

SSLProtocol all -SSLv3

You can disable all obsolete versions of SSL/TLS supported by Apache by specifying them as follows:

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

The configuration above enables TLS 1.2, as well as TLS 1.3 if it is available in your environment.

Apache and Virtual Hosts

Apache can run more than one web site on a single server. These virtual hosts may be based on IP number, port, or domain name, and may include settings that override the base configuraton for Apache. For this reason, you should check the settings for each virtual host in your configuration files, especially if your changes to the base SSL/TLS configuration do not seem to be working.

For versions of Apache prior to 2.4.42 (built/linked against OpenSSL before 1.1.1), it was not possible to specify different SSL/TLS protocols for name-based virtual hosts sharing the same base IP number and port – the SSLProtocol

of the first virtual host was applied to all others. Beginning with Apache 2.4.42/OpenSSL 1.1.1, the SSLProtocol of each name-based virtual host is honored when the Server Name Indication (SNI) is provided by the client during the SSL/TLS handshake.

Once you have made your configuration changes, reload Apache to put them into effect. For more information on the SSLProtocol directive, please refer to Apache’s documentation.

sumber : https://www.ssl.com/guide/disable-tls-1-0-and-1-1-apache-nginx/