SA Bagus

This is my journey  Prepare: Knowledge & practical VM, Cloud, Linux Commands, Webserver. Your AWS Account  1.  Create an instance on AWS Make sure the server can be accessed using SSH command e.g: ansible-user can access the server using passwordless for ansible management.  ssh-copy-id ansible-user@192.168.1.1 ansible-user has access to sudo. usermod -aG sudo ansible-user Run: ansible-playbook  playbook.yml  -i hosts --ask-become-pass 2. DNS Configuration Point your domain name to IP Example: bagussa.my.id IN A 192.168.1.1 www.bagussa.my.id IN A 192.168.1.1 3. Run the below Ansible Playbook for getting he certificate using Let's Encrypt  Let's Encrypt Ansible Role: git clone Hosts file: Run: ansible-playbook letsencrypt-issue.yml -i hosts --ask-become-pass  4. Run the below Ansible Playbook for installing the wordpress and apache2 Wordpress Ansible role: git clone https://github.com/bagussa/wordpress-ansible-role.git Hosts file: change ansible_host with your own server IP

Post kali ini mungkin tidak secara langsung membahas soal dari cloud computing, namun bisa bermanfaat untuk melakukan pengecekkan environment cloud sehingga mempermudah dalam melakukan troubleshooting dan menghadapi challenge yang ada. Berikut adalah perintah-perintah AWS yang cukup berguna untuk membangun dan mengecek networking di Cloud seperti Subnet, Security Group, VPC, Internet Gateway, Route, dll. Sebelum itu pastikan kita sudah cukup punya knowledge tentang apa itu AWS, nama-nama layanannya, Availability Zones, Data center, Region, Identity Management & Permission. Siapkan AWS-CLI https://learnubuntu.com/install-aws-cli/ Siapkan access key untuk menggunakan aws-cli dan berikan permission pada IAM user yang akan digunakan, misalnya untuk latihan kali ini AmazonEC2FullAccess, namun jika untuk real production bisa diberikan permission seminimal mungkin/custom sesuai dengan kebutuhan untuk security. Config dengan perintah: aws configure root@workstation:/home/bagussa# aws confi

Misalnya ada Kisi-kisi seperti berikut, apa si yang sebelumnya di lombakan juga kisi-kisi di bidang ITNSA karena beberapa hal mempunya kemiripan namun di cloud computing lebih ke layanan vendor cloud yang sudah di web based sedangkan di ITNA bener-bener dari scratch seperti setup Server, Software bawaan seperti Nginx untuk load balancer, sedangkan di AWS bisa menggunakan fitur ALB, dan layanan lainnya yang sudah dalam bentuk packaging web-based. Berikut saya tulisan dalam bentuk Versus, mungkin perlu dicatat gak semuanya feature apple to apple, namun ini sebagai gambaran jika kita mau self hosted vs menggunakan layanan dari Cloud. Kisi-kisi LKS Bidang Lomba Cloud Computing KISI - KISI KATEGORI SPESIFIKASI  Compute Cloud Computing vs ITNSA 1. EC2 vs Guest OS di VirtualBox, Proxmox, VMware 2. Load Balancing vs Nginx, Haproxy 3. Auto Scaling  vs   Manual/Scripting launch new vm. 4. Network and Security vs IPTables,NFTables 5. Elastic Beanstalk 6. Lambda Containers  1. Elastic Contain

Purpose : We want to protect the origin server from being hit directly over the internet so we make sure only CDN/WAF connect to the backend also known as Origin Protection. Scenario:   https://www.indusface.com/blog/fundamentals-of-origin-server-protection/ CDN+WAF---->GCP Load Balancer --->VM Nginx Solution: Modify Nginx Configuration ... location / {      allow 100.100.100.0/24 ; //Change with your CDN/WAF source IP that connects to the backend.     deny all; } ... set_real_ip_from 1.1.1.1/32; // Change with your LB Public IP address set_real_ip_from 130.211.0.0/22; // Private IP range for GCP Load Balancers set_real_ip_from 35.191.0.0/16; //Private IP range for GCP Load Balancers real_ip_header X-Forwarded-For;  real_ip_recursive on; ... Save and restart the services. Check the Log tail -f /var/log/nginx/access.log tail -f /var/log/nginx/error.log If there is client over the internet hit directly IP the load balancer, it will be blocked by Nginx (403 Forbidden) you should see

https://www.techtarget.com/whatis/definition/troubleshooting   1. Contact the team, because the point of view from another peer is helpful. 2. Contact the vendor, if we have support, use it very well. 3. Contact the service owner, they know their features well. 4. Use Statistics from the monitoring tool very well, it is helpful as data for troubleshooting. 5. Back to basic knowledge sometimes is a good practice. 

Here are step by step to reset wordpress password if forgot the password. Make sure you have access to the databases.  mysql> use wordpress; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed mysql> show tables; +-----------------------+ | Tables_in_wordpress   | +-----------------------+ | wp_commentmeta        | | wp_comments           | | wp_links              | | wp_options            | | wp_postmeta           | | wp_posts              | | wp_term_relationships | | wp_term_taxonomy      | | wp_termmeta           | | wp_terms              | | wp_usermeta           | | wp_users              | +-----------------------+ 12 rows in set (0.00 sec) mysql>  Generate a New Password Hash: WordPress uses a salted MD5 hash for passwords. You can generate a new password hash. Here is example python script import bcrypt def generate_wordpress_hash(password):     # Generate a random salt and h

Qemu is one of the virtualizations technology, with qemu we can make a virtualization OS. It can be installed on the MacOS as well. Install Qemu brew install qemu Check installed version qemu-system-x86_64 --version Create a virtual disk for a VM. e.g: mkdir -p ~/MY/VM/DEBIAN qemu-img create -f qcow2  ~/MY/VM/DEBIAN/debian-vm1 .qcow2 40G Output: Formatting 'debian-vm1.qcow2', fmt=qcow2 cluster_size=65536 extended_l2=off compression_type=zlib size=42949672960 lazy_refcounts=off refcount_bits=16 Boot from ISO for installation. Download the installer ISO file and place it to the same directory. Once ISO file is downloaded we can start to installing the VM: qemu-system-x86_64 -m 2G -vga virtio -display default,show-cursor=on -usb -device usb-tablet -smp 2 -cdrom debian-12.2.0-amd64-netinst.iso -drive file= debian-vm1.qcow2 ,if=virtio Run VM in the bridge network qemu-system-x86_64 debian-vm1.qcow2 \ -smp cpus= 2 -m 2G \ -nic vmnet-bridged,ifname= en0 Command options qemu-syst