Pasang SSL GoDaddy pada Zimbra 8

  1. Muatnaik fail ssl yang diperlukan ke server zimbra

    cp domain.key commercial.key
    cp intermediate/gd_bundle-g2-g1.crt commercial_ca.crt
    scp Certificate/numbers-digits.crt commercial.key commercial_ca.crt zimbra-IP:/tmp

  2. Periksa ssl

    su - zimbra
    /opt/zimbra/bin/zmcertmgr verifycrt comm /opt/zimbra/ssl/zimbra/commercial/commercial.key /tmp/numbers-digits.crt /tmp/commercial_ca.crt

  3. Pasangkan ssl

    /opt/zimbra/bin/zmcertmgr deploycrt comm /tmp/number-digits.crt /tmp/commercial_ca.crt

  4. Mulakan semula zimbra
    zmcontrol restart
Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Setting SSL (letsencrypt) nginx Citadel

  1. Tukar port HTTPS Citadel ke 2001 dengan arahan

    dpkg-reconfigure citadel-webcit

  2. Pasang SSL truecrypt dengan merujuk kepada artikel https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04
  3. Edit /etc/nginx/sites-enabled/citadel seperti berikut:
    server {
    
            server_name domain.com citadel.domain.com;
            listen 443 ssl http2;
            listen [::]:443 ssl http2;
            include snippets/ssl-domain.com.conf;
            include snippets/ssl-params.conf;
    
            error_log /var/log/nginx/citadel-error.log;
            access_log /var/log/nginx/citadel-access.log;
    
            root /usr/share/citadel-webcit;
    # optional:
    #      listen 192.168.1.1:443
    # instead depending on your setup...
            # Main location
            location /webcit/ {
                proxy_pass         https://127.0.0.1:2001/;
                proxy_redirect     off;
    
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    
                client_max_body_size       10m;
                client_body_buffer_size    128k;
    
                proxy_connect_timeout      90;
                proxy_send_timeout         90;
                proxy_read_timeout         90;
    
                proxy_buffer_size          4k;
                proxy_buffers              4 32k;
                proxy_busy_buffers_size    64k;
                proxy_temp_file_write_size 64k;
            }
            location /listsub/ {
                proxy_pass         https://127.0.0.1:2001;
                proxy_redirect     off;
    
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    
                client_max_body_size       10m;
                client_body_buffer_size    128k;
    
                proxy_connect_timeout      90;
                proxy_send_timeout         90;
                proxy_read_timeout         90;
    
                proxy_buffer_size          4k;
                proxy_buffers              4 32k;
                proxy_busy_buffers_size    64k;
                proxy_temp_file_write_size 64k;
            }
            location /groupdav/ {
                proxy_pass         https://127.0.0.1:2001/;
                proxy_redirect     off;
    
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    
                client_max_body_size       10m;
                client_body_buffer_size    128k;
    
                proxy_connect_timeout      90;
                proxy_send_timeout         90;
                proxy_read_timeout         90;
    
                proxy_buffer_size          4k;
                proxy_buffers              4 32k;
                proxy_busy_buffers_size    64k;
                proxy_temp_file_write_size 64k;
            }
            location /freebusy/ {
                proxy_pass         https://127.0.0.1:2001/;
                proxy_redirect     off;
    
                proxy_set_header   Host             $host;
                proxy_set_header   X-Real-IP        $remote_addr;
                proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;
    
                client_max_body_size       10m;
                client_body_buffer_size    128k;
    
                proxy_connect_timeout      90;
                proxy_send_timeout         90;
                proxy_read_timeout         90;
    
                proxy_buffer_size          4k;
                proxy_buffers              4 32k;
                proxy_busy_buffers_size    64k;
                proxy_temp_file_write_size 64k;
            }
    }

Sumber:
http://www.citadel.org/doku.php/faq:installation:apacheproxy
https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Ralat Clamd CentOS 5 LibClamAV Error: mpool_malloc()

Apabila email tidak sampai ke mailbox dan log MailScanner (maillog) terdapat ralat berikut:

Oct 23 22:32:06 email MailScanner[21705]: Virus and Content Scanning: Starting
Oct 23 22:32:06 email MailScanner[21705]: Clamd::ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON :: .
Oct 23 22:32:07 email MailScanner[21705]: Virus Scanning: Clamd found 1 infections
Oct 23 22:32:07 email MailScanner[21705]: Virus Scanning: No virus scanners worked, so message batch was abandoned and re-tried!

Kemudian cuba restart clamd, ralat berikut pula muncul

LibClamAV Error: mpool_malloc(): Attempt to allocate 8388608 bytes. Please report to http://bugs.clamav.net

Kemaskini clamav untuk selesaikan masalah ini.

yum --disablerepo=\* --enablerepo=rpmforge update clam\*

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Pelayan SNMP CentOS 6

Andaian:

IP = 10.0.0.10
Email support = email@domain

Pasang snmpd net-snmp

yum install -y net-snmp-utils
chkconfig snmpd on

/etc/snmp/snmpd.conf

rocommunity public
syslocation Rack Server IT
syscontact Domain Support <email@domain>
dontLogTCPWrappersConnects yes
rocommunity public default

/etc/sysconfig/snmpd.options (untuk membenarkan akses dari pelayan lain)

# snmpd command line options
OPTIONS="-Lsd -Lf /dev/null -p /var/run/snmpd.pid -a -x 127.0.0.1 10.0.0.10"

Mulakan semula snmpd

service snmpd restart

Uji dengan

snmpwalk -v2c -cpublic 127.0.0.1

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Padam semua spam dari pengguna spesifik Zimbra

Simpan sebagai postfix-delete.pl

Cara guna
perl postfix-delete.pl user@domain.com

Kod:

#!/usr/bin/perl

$REGEXP = shift || die "no email-adress given (regexp-style, e.g. bl.*\@yahoo.com)!";

@data = qx</opt/zimbra/postfix/sbin/postqueue -p>;
for (@data) {
  if (/^(\w+)(\*|\!)?\s/) {
     $queue_id = $1;
  }
  if($queue_id) {
    if (/$REGEXP/i) {
      $Q{$queue_id} = 1;
      $queue_id = "";
    }
  }
}

#open(POSTSUPER,"|cat") || die "couldn't open postsuper" ;
open(POSTSUPER,"|/opt/zimbra/postfix/sbin/postsuper -d -") || die "couldn't open postsuper" ;

foreach (keys %Q) {
  print POSTSUPER "$_\n";
};
close(POSTSUPER);

Sumber:

http://www.cyberciti.biz/tips/howto-postfix-flush-mail-queue.html

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Contoh setting munin dengan nginx + spawn-fcgi

Hasilnya, munin boleh diakses pada www.domain.com (contoh)

/etc/init.d/munin-fcgi

PATH=/usr/local/bin/:/usr/local/sbin:$PATH
DAEMON=$(which spawn-fcgi)
FCGI_GRAPH_SOCK=/var/run/munin/fastcgi-munin-graph.sock
FCGI_HTML_SOCK=/var/run/munin/fastcgi-munin-html.sock
WWW_USER=www-data
FCGI_USER=www-data
FCGI_GROUP=www-data
FCGI_SPAWN_GRAPH=/usr/lib/munin/cgi/munin-cgi-graph
FCGI_SPAWN_HTML=/usr/lib/munin/cgi/munin-cgi-html
PIDFILE_GRAPH=/var/run/munin/fastcgi-munin-graph.pid
PIDFILE_HTML=/var/run/munin/fastcgi-munin-html.pid
DESC="Munin FCGI for Graph and HTML"
test -x $DAEMON || exit 0
test -x $FCGI_SPAWN_GRAPH || exit 0
test -x $FCGI_SPAWN_HTML || exit 0
start() {
  $DAEMON -s $FCGI_GRAPH_SOCK -U $WWW_USER -u $FCGI_USER -g $FCGI_GROUP -P $PIDFILE_GRAPH $FCGI_SPAWN_GRAPH 2> /dev/null || echo "Graph Already running"
  $DAEMON -s $FCGI_HTML_SOCK  -U $WWW_USER -u $FCGI_USER -g $FCGI_GROUP -P $PIDFILE_HTML $FCGI_SPAWN_HTML 2> /dev/null || echo "HTML Already running"
}
stop() {
  kill -QUIT `cat $PIDFILE_GRAPH` || echo "Graph not running"
  kill -QUIT `cat $PIDFILE_HTML` || echo "HTML Not running"
}
restart() {
  kill -HUP `cat $PIDFILE_GRAPH` || echo "Can't reload Graph"
  kill -HUP `cat $PIDFILE_HTML` || echo "Can't reload HTML"
}
case "$1" in
  start)
    echo "Starting $DESC: "
    start
  ;;
  stop)
    echo "Stopping $DESC: "
    stop
  ;;
  restart|reload)
    echo "Restarting $DESC: "
    stop
    sleep 1
    start
  ;;
  *)
    echo "Usage: $SCRIPTNAME {start|stop|restart|reload}" >&amp;2
    exit 3
  ;;
esac
exit $?

/etc/munin/munin.conf

dbdir   /var/lib/munin
htmldir /var/cache/munin/www
logdir /var/log/munin
rundir  /var/run/munin
tmpldir /etc/munin/templates
staticdir /etc/munin/static
includedir /etc/munin/munin-conf.d
[www.domain.com]
    address 127.0.0.1
    use_node_name yes

/etc/nginx/sites-enabled/munin

server {
        listen 80;
        root /var/cache/munin/www;
        index index.html index.htm;
        server_name www.domin.com;
        auth_basic "Administrator Login";
        auth_basic_user_file /var/www/.htpasswd;
location /nginx_status {
        stub_status on;
        access_log   off;
        allow 127.0.0.1;
        deny all;
        }
location ^~ /munin-cgi/munin-cgi-graph/ {
    fastcgi_split_path_info ^(/munin-cgi/munin-cgi-graph)(.*);
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_pass unix:/var/run/munin/fastcgi-munin-graph.sock;
    include fastcgi_params;
}
location  ^~ /munin-cgi/munin-cgi-html/ {
    fastcgi_split_path_info ^(/munin-cgi/munin-cgi-html)(.*);
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_pass unix:/var/run/munin/fastcgi-munin-html.sock;
    include fastcgi_params;
}
}

Rujukan:

Nginx configuration for Munin


http://serverfault.com/questions/670535/munin-nginx-no-dynazoom-into-graphs
https://www.howtoforge.com/tutorial/server-monitoring-with-munin-and-monit-on-ubuntu-14-04/

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Pasang vSphere CLI pada Ubuntu 14.04

Muaturun dan pasang vSphere CLI terbaharu

tar -xvf Downloads/VMware-vSphere-CLI-6.0.0-2503617.x86_64.tar.gz
cd vmware-vsphere-cli-distrib/
sudo ./vmware-install.pl

Jika berlaku ralat module SOAP Lite, muaturun dan pasang secara manual

tar -xvf Downloads/SOAP-Lite-1.19.tar.gz
SOAP-Lite-1.19/
perl Makefile.PL
make
make test
sudo make install

Jika ada masalah memasang modul perl, guna arahan berikut berdasarkan modul yang diperlukan

sudo cpan Nama::Modul

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)