Rabu, 27 September 2023

bridge broker mosquitto

 edit mosquitto.conf


tambahkan :



connection my_bridge

address aliwafa.id:1884

start_type automatic

remote_username ali

remote_password Admin*46835Intek

topic SMC/RND/# both 0


Diposting oleh di Tidak ada komentar:

Senin, 25 September 2023

install anydesk ubuntu 22.04 using set password

 wget -qO - https://keys.anydesk.com/repos/DEB-GPG-KEY | sudo gpg --dearmor -o /etc/apt/keyrings/anydesk.gpg

 echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/anydesk.gpg] \
http://deb.anydesk.com/ all main" | sudo tee /etc/apt/sources.list.d/anydesk.list > \
/dev/null
 
sudo apt update
 
sudo apt install anydesk
 
 
reboot
 
sudo nano sudo apt install anydesk
sudo nano /etc/gdm3/custom.conf
  • WaylandEnable=false
  • AutomaticLoginEnable = true
  • AutomaticLogin = $USERNAME
 
reboot
 
Diposting oleh di Tidak ada komentar:

Minggu, 03 September 2023

cara membuat beberapa broker dalam satu OS private server

cp /etc/mosquitto/mosquitto.conf /etc/mosquitto/mosquitto2.conf


mosquitto_passwd -c /etc/mosquitto/pwfile2 username_untuk_broker_baru

masukkan password 2 kali


buat file penyimpanan baru agar broker pertama tidak saling terhubung

mkdir /var/lib/mosquitto2/ && sudo chown mosquitto: /var/lib/mosquitto2

sudo mkdir /var/run/mosquitto2/ && sudo chown mosquitto: /var/run/mosquitto2



lalu edit pada mosquitto2.conf menjadi

**********************************************

#pid_file /var/run/mosquitto2/mosquitto2.pid


persistence true

persistence_location /var/lib/mosquitto2/


log_dest file /var/log/mosquitto/mosquitto2.log


include_dir /etc/mosquitto/conf.d

listener 1884


listener 9002

protocol websockets

allow_anonymous false

password_file /etc/mosquitto/pwfile2


*********************************************


catatan di atas adalah bahwa port diganti menjadi 1884 yang secara default adalah 1883 untuk protokol mqtt dan 9001 pada protokol websocket

jangan lupa untuk membuka firewall untuk port 1884 dan 9002

dengan:

ufw allow 1884

ufw allow 9002



lalu untuk menjalankan broker baru gunakan :

mosquitto -c mosquitto2.conf


jika terjadi error Unable to open log file /var/log/mosquitto/


lakukan :

chown -R mosquitto: /var/log/mosquitto/

atau 

sudo mkdir -m 777 mosquitto -> pada folder yang bermasalah


buat service untuk autostart

lakukan:

nano /etc/systemd/system/mosquitto2.service
lalu ini dengan:

***********************************************************

[Unit]

Description=Insite MQTT Broker


[Service]

#ExecStart=/usr/local/sbin/mosquitto -c /etc/mosquitto/mosquitto2.conf

ExecStart=/sbin/mosquitto -c /etc/mosquitto/mosquitto2.conf

Restart=always


[Install]

WantedBy=multi-user.target


*********************************************************

lalu :

systemctl enable mosquitto2.service

systemctl daemon-reload


reboot

pada percobaan dilakukan dengan akses root

sebelumnya lakukan :

sudo su

Diposting oleh di Tidak ada komentar:

Rabu, 23 Agustus 2023

github server

backup from https://www.git-scm.com/book/en/v2/Git-on-the-Server-Setting-Up-the-Server 

First, you create a git user account and a .ssh directory for that user.

$ sudo adduser git
$ su git
$ cd
$ mkdir .ssh && chmod 700 .ssh
$ touch .ssh/authorized_keys && chmod 600 .ssh/authorized_keys

Next, you need to add some developer SSH public keys to the authorized_keys file for the git user. Let’s assume you have some trusted public keys and have saved them to temporary files. Again, the public keys look something like this:

$ cat /tmp/id_rsa.john.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCB007n/ww+ouN4gSLKssMxXnBOvf9LGt4L
ojG6rs6hPB09j9R/T17/x4lhJA0F3FR1rP6kYBRsWj2aThGw6HXLm9/5zytK6Ztg3RPKK+4k
Yjh6541NYsnEAZuXz0jTTyAUfrtU3Z5E003C4oxOj6H0rfIF1kKI9MAQLMdpGW1GYEIgS9Ez
Sdfd8AcCIicTDWbqLAcU4UpkaX8KyGlLwsNuuGztobF8m72ALC/nLF6JLtPofwFBlgc+myiv
O7TCUSBdLQlgMVOFq1I2uPWQOkOWQAHukEOmfjy2jctxSDBQ220ymjaNsHT4kgtZg2AYYgPq
dAv8JggJICUvax2T9va5 gsg-keypair

You just append them to the git user’s authorized_keys file in its .ssh directory:

$ cat /tmp/id_rsa.john.pub >> ~/.ssh/authorized_keys
$ cat /tmp/id_rsa.josie.pub >> ~/.ssh/authorized_keys
$ cat /tmp/id_rsa.jessica.pub >> ~/.ssh/authorized_keys

Now, you can set up an empty repository for them by running git init with the --bare option, which initializes the repository without a working directory:

$ cd /srv/git
$ mkdir project.git
$ cd project.git
$ git init --bare
Initialized empty Git repository in /srv/git/project.git/

Then, John, Josie, or Jessica can push the first version of their project into that repository by adding it as a remote and pushing up a branch. Note that someone must shell onto the machine and create a bare repository every time you want to add a project. Let’s use gitserver as the hostname of the server on which you’ve set up your git user and repository. If you’re running it internally, and you set up DNS for gitserver to point to that server, then you can use the commands pretty much as is (assuming that myproject is an existing project with files in it):

# on John's computer
$ cd myproject
$ git init
$ git add .
$ git commit -m 'Initial commit'
$ git remote add origin git@gitserver:/srv/git/project.git
$ git push origin master

At this point, the others can clone it down and push changes back up just as easily:

$ git clone git@gitserver:/srv/git/project.git
$ cd project
$ vim README
$ git commit -am 'Fix for README file'
$ git push origin master

With this method, you can quickly get a read/write Git server up and running for a handful of developers.

You should note that currently all these users can also log into the server and get a shell as the git user. If you want to restrict that, you will have to change the shell to something else in the /etc/passwd file.

You can easily restrict the git user account to only Git-related activities with a limited shell tool called git-shell that comes with Git. If you set this as the git user account’s login shell, then that account can’t have normal shell access to your server. To use this, specify git-shell instead of bash or csh for that account’s login shell. To do so, you must first add the full pathname of the git-shell command to /etc/shells if it’s not already there:

$ cat /etc/shells   # see if git-shell is already in there. If not...
$ which git-shell   # make sure git-shell is installed on your system.
$ sudo -e /etc/shells  # and add the path to git-shell from last command

Now you can edit the shell for a user using chsh <username> -s <shell>:

$ sudo chsh git -s $(which git-shell)

Now, the git user can still use the SSH connection to push and pull Git repositories but can’t shell onto the machine. If you try, you’ll see a login rejection like this:

$ ssh git@gitserver
fatal: Interactive git shell is not enabled.
hint: ~/git-shell-commands should exist and have read and execute access.
Connection to gitserver closed.

At this point, users are still able to use SSH port forwarding to access any host the git server is able to reach. If you want to prevent that, you can edit the authorized_keys file and prepend the following options to each key you’d like to restrict:

no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty

The result should look like this:

$ cat ~/.ssh/authorized_keys
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCB007n/ww+ouN4gSLKssMxXnBOvf9LGt4LojG6rs6h
PB09j9R/T17/x4lhJA0F3FR1rP6kYBRsWj2aThGw6HXLm9/5zytK6Ztg3RPKK+4kYjh6541N
YsnEAZuXz0jTTyAUfrtU3Z5E003C4oxOj6H0rfIF1kKI9MAQLMdpGW1GYEIgS9EzSdfd8AcC
IicTDWbqLAcU4UpkaX8KyGlLwsNuuGztobF8m72ALC/nLF6JLtPofwFBlgc+myivO7TCUSBd
LQlgMVOFq1I2uPWQOkOWQAHukEOmfjy2jctxSDBQ220ymjaNsHT4kgtZg2AYYgPqdAv8JggJ
ICUvax2T9va5 gsg-keypair

no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDEwENNMomTboYI+LJieaAY16qiXiH3wuvENhBG...

Now Git network commands will still work just fine but the users won’t be able to get a shell. As the output states, you can also set up a directory in the git user’s home directory that customizes the git-shell command a bit. For instance, you can restrict the Git commands that the server will accept or you can customize the message that users see if they try to SSH in like that. Run git help shell for more information on customizing the shell.





0) prerequisites :

- have a server running openssh with a static IP address and port 22 allowed

- have git installed. It's usually already there by default, otherwise run

$ sudo apt install git


1) create a git user

$ sudo adduser git

2) for more security, restrict the user git to have a limited shell :

$ sudo nano /etc/passwd

change git:x:1000:1000::/home/git:/bin/bash  (details may change)

to git:x:1000:1000::/home/git:/usr/bin/git-shell

(or run which git-shell to see where it̢۪s installed)

3) create a directory where to put the git project, here called "project"

$ sudo mkdir -p /home/git/gitprojects/project.git

4) Initialise the repository

$ cd /home/git/gitprojects/project.git

$ git --bare init

5) You can now use the repository from a remote computer, connecting via ssh

$ git remote add origin git@static-IP-address:gitprojects/project.git

$ git push origin master

6) you can also clone

$ git clone git@static-IP-address:gitprojects/project.git

For all these operations, you will be asked for the password of the user "git" on the server

7) for more security and more convenience, you can also configure authentication by RSA keys

$ su git && cd ~

$ mkdir .ssh

$ nano .ssh/authorized_keys

paste here the RSA public keys of the users who are going to connect. Alternatively, if you have the key as a file, you can do

$ cat /tmp/id_rsa_foobar.pub >> ~/.ssh/authorized_keys

Diposting oleh di Tidak ada komentar:

Minggu, 21 Mei 2023

mysql

 cara mengelola mysql

/etc/mysql/mysql.conf.d/mysqld.cnf ini untuk config authorized

kali aja bisa di edit


https://askubuntu.com/questions/640899/how-do-i-uninstall-mysql-completely


whereis mysql

nano /etc/systemd/system/mysql.service.d/override.conf

[Service] ExecStart= ExecStart=/usr/sbin/mysqld --skip-grant-tables --skip-networking #untuk reset password

systemctl restart mysql




locate mysql

/etc/apparmor.d/abstractions/mysql

/snap/core20/1328/etc/apparmor.d/abstractions/mysql

/snap/core20/1328/usr/share/bash-completion/completions/mysql

/snap/core20/1328/usr/share/bash-completion/completions/mysqladmin

/usr/lib/python3/dist-packages/sos/report/plugins/mysql.py

/usr/lib/python3/dist-packages/sos/report/plugins/__pycache__/mysql.cpython-38.pyc

/usr/share/bash-completion/completions/mysql

/usr/share/bash-completion/completions/mysqladmin

/usr/share/vim/vim81/syntax/mysql.vim




locate apache

/etc/apparmor.d/abstractions/apache2-common

/snap/core20/1328/etc/apparmor.d/abstractions/apache2-common

/snap/core20/1328/usr/share/bash-completion/completions/apache2ctl

/usr/lib/python3/dist-packages/sos/report/plugins/apache.py

/usr/lib/python3/dist-packages/sos/report/plugins/__pycache__/apache.cpython-38.pyc

/usr/share/bash-completion/completions/apache2ctl

/usr/share/vim/vim81/syntax/apache.vim

/usr/share/vim/vim81/syntax/apachestyle.vim




locate php

/etc/apparmor.d/abstractions/php

/etc/apparmor.d/abstractions/php5

/snap/core20/1328/etc/apparmor.d/abstractions/php

/snap/core20/1328/etc/apparmor.d/abstractions/php5

/usr/lib/modules/5.4.0-149-generic/kernel/drivers/pci/hotplug/acpiphp_ibm.ko

/usr/share/mime/application/x-php.xml

/usr/share/nano/php.nanorc

/usr/share/vim/vim81/autoload/phpcomplete.vim

/usr/share/vim/vim81/compiler/php.vim

/usr/share/vim/vim81/ftplugin/php.vim

/usr/share/vim/vim81/indent/php.vim

/usr/share/vim/vim81/syntax/php.vim




sudo systemctl restart php8.1-fpm

sudo systemctl restart nginx





Diposting oleh di Tidak ada komentar:
Langganan: Komentar (Atom)