Cara Menggunakan Certbot dengan Cloudflare API di Apache

1. Install Certbot dan Plugin Cloudflare

Pastikan server Anda telah menginstal Certbot dan plugin DNS Cloudflare dengan perintah berikut:

sudo apt update
sudo apt install certbot python3-certbot-dns-cloudflare -y

2. Buat API Token di Cloudflare

1. Masuk ke Cloudflare Dashboard.
2. Buka menu API Tokens dan klik Create Token.
3. Pilih Custom Token dengan izin:
• Zone → DNS → Edit
• Zone → Zone → Read
4. Klik Create Token dan salin API Token.

3. Simpan API Token di Server

Buat file untuk menyimpan kredensial Cloudflare:

sudo nano /root/.cloudflare.ini

Isi file dengan:

dns_cloudflare_api_token = YOUR_CLOUDFLARE_API_TOKEN

Ubah izin file agar lebih aman:

sudo chmod 600 /root/.cloudflare.ini

4. Generate Sertifikat SSL

Gunakan perintah berikut untuk meminta sertifikat:

sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /root/.cloudflare.ini -d example.com

5. Menambahkan SSL ke Apache Secara Manual

Edit file VirtualHost Apache:

sudo nano /etc/apache2/sites-available/example.com-le-ssl.conf

Tambahkan konfigurasi berikut:

<VirtualHost *:443>
    ServerName example.com

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem

    DocumentRoot /var/www/html
    <Directory /var/www/html>
        AllowOverride All
    </Directory>
</VirtualHost>

5.1 Mengaktifkan Konfigurasi SSL di Apache

Jalankan perintah berikut untuk mengaktifkan situs dan modul SSL:

sudo a2ensite example.com-le-ssl.conf
sudo a2enmod ssl
sudo systemctl reload apache2

6. Perpanjangan Otomatis SSL

Tambahkan cronjob untuk memperbarui sertifikat secara otomatis:

sudo crontab -e

Tambahkan baris berikut:

0 2 * * * certbot renew --quiet --dns-cloudflare --dns-cloudflare-credentials /root/.cloudflare.ini --deploy-hook "systemctl reload apache2"

Selamat! SSL sekarang akan diperbarui otomatis. 🚀

Read More

Advantages of HHVM Web Server

HHVM (HipHop Virtual Machine) was initially developed by Facebook as an alternative execution engine for PHP, aiming for better performance compared to the standard PHP interpreter. However, since PHP 7 significantly improved its performance, HHVM has shifted its focus to the Hack programming language.

Key Advantages of HHVM

• Just-In-Time (JIT) Compilation: HHVM uses JIT compilation to convert PHP or Hack code directly into machine code, improving execution speed.
• High Performance for Large-Scale Applications: Designed to handle high-traffic applications efficiently, making it ideal for large-scale platforms like Facebook.
• Lower Resource Consumption: Compared to PHP-FPM, HHVM can reduce CPU and RAM usage in some cases, especially when using Hack.
• Standalone Web Server Mode: HHVM can run as an independent web server without requiring Nginx or Apache, reducing overhead.
• Optimized for Hack: Since shifting its focus, HHVM is now more efficient for Hack-based development, offering better type safety compared to PHP.

Disadvantages of HHVM

• No Longer Focused on PHP: Since version 4, HHVM only supports Hack and is no longer compatible with newer PHP versions.
• Less Popular Outside Facebook's Ecosystem: Its usage has declined since PHP 7 and 8 improved significantly.
• Limited Compatibility: Many modern PHP frameworks no longer support HHVM, making it less flexible than PHP-FPM.

If you are still using PHP and need high performance, a better solution is PHP-FPM with OPcache or a combination of Nginx + PHP-FPM + Redis/Memcached for caching. However, if you want to explore Hack and build large-scale applications, HHVM can be a viable option.

Read More

Configure DHCP in Ubuntu Cloud Image on Proxmox

How to Configure DHCP in Ubuntu Cloud Image on Proxmox

If you want your Ubuntu Cloud image to automatically obtain an IP address via DHCP on boot, you can include the network configuration in the image itself. Here are two methods to achieve this:

Method 1: Using Cloud-Init (Recommended)

Ubuntu Cloud images usually use cloud-init for initial configuration. You can create a user-data file with the following settings:

#cloud-config
network:
  version: 2
  ethernets:
    enp18:
      dhcp4: true
      dhcp6: false
    

Steps:

1. Create a cloud-init drive and include the user-data file.
2. Ensure your VM in Proxmox has a cloud-init drive attached.
3. When the VM boots, it will automatically use DHCP.

Method 2: Directly Modify the Image

If you prefer to edit the image directly without relying on cloud-init, follow these steps:

1. Mount the Ubuntu Cloud Image

guestmount -a ubuntu-cloud.img -m /dev/sda1 /mnt
    

2. Edit Netplan Configuration

Open the Netplan configuration file and update it as follows:

network:
  ethernets:
    enp18:
      dhcp4: true
      dhcp6: false
  version: 2
    

3. Unmount and Save Changes

umount /mnt
    

Which Method Should You Use?

• If you frequently deploy multiple VMs, cloud-init is more flexible and recommended.
• If you only need a fixed configuration, directly editing the image is simpler.

Now, your Ubuntu Cloud image will automatically obtain an IP address via DHCP upon boot. 🚀

Read More

How to Move a VM from Old Proxmox to New Proxmox

To move a VM from an old Proxmox server to a new one so it can run immediately, there are several methods you can use.

Method 1: Backup and Restore (Recommended)

1. Log in to the Old Proxmox:

   ssh root@old-proxmox

2. Backup VM using vzdump:

   vzdump <VM_ID> --mode stop --compress zstd --storage local

3. Transfer Backup to New Proxmox:

   scp /var/lib/vz/dump/vzdump-qemu-<VM_ID>-<timestamp>.zst root@new-proxmox:/var/lib/vz/dump/

4. Restore Backup on New Proxmox:

   qmrestore /var/lib/vz/dump/vzdump-qemu-<VM_ID>-<timestamp>.zst <NEW_VM_ID>

5. Start the VM:

   qm start <NEW_VM_ID>

Method 2: Direct Migration (If in a Cluster)

1. Check Cluster:

   pvecm status

2. Directly Migrate VM:

   qm migrate <VM_ID> new-proxmox --online

Method 3: Manually Copy Disk Image

1. Check VM Disk Location:

   qm config <VM_ID>

2. Transfer Disk to New Proxmox:

   rsync -av --progress /var/lib/lvm/vm-100-disk-0 root@new-proxmox:/var/lib/lvm/

3. Attach Disk to New VM:

   qm set <NEW_VM_ID> --scsi0 local-lvm:vm-NEW_VM_ID-disk-0

Conclusion

• Backup & Restore: The safest & recommended method.
• Direct Migration: Fast if within a cluster.
• Manual Disk Copy: Useful for large backups.

Read More

Optimizing AdGuard Home Caching for Maximum Performance

AdGuard Home has a DNS caching feature that can speed up DNS responses and reduce the load on the main server. Here are the steps to optimize caching in AdGuard Home.

1. Open AdGuard Home Settings

Access the AdGuard Home dashboard via a browser:

http://IP-SERVER:3000

2. Adjust Caching Parameters

Go to the Settings → DNS Settings menu, then find the Cache Size section.

Increase the cache value to improve performance:

• Cache size: 4096 (or higher if RAM allows)
• Cache TTL min: 600 (10 minutes)
• Cache TTL max: 86400 (1 day)

3. Enable Aggressive Caching

Scroll down and enable the Optimized Cache option to speed up DNS lookups.

4. Save Changes

Click the Save button to apply the settings.

5. Test Caching Performance

Use the following command in the terminal to test caching:

dig google.com @127.0.0.1

Run this command multiple times and observe if the response becomes faster.

Conclusion

With this optimization, AdGuard Home will work more efficiently as a DNS cache, reducing latency and speeding up internet access.

Read More

Install BIND9 DNS as a DNS Forwarder and Cache on Ubuntu 22.04

Tutorial: Install BIND9 DNS as a DNS Forwarder and Cache on Ubuntu 22.04

BIND9 (Berkeley Internet Name Domain) is one of the most widely used DNS software. In this tutorial, we will install and configure BIND9 as a DNS forwarder and cache that connects directly to the root DNS servers on Ubuntu 22.04.

Step 1: Update the System

First, ensure your system is up-to-date by running the following commands:

sudo apt update
sudo apt upgrade -y

Step 2: Install BIND9

Install BIND9 using the apt package manager:

sudo apt install bind9 bind9-utils bind9-doc -y

Step 3: Configure BIND9 as a Forwarder and Cache

After installation, we need to configure BIND9 to function as a DNS forwarder and cache.

1. Backup the Default Configuration

Before making changes, it’s recommended to back up the default configuration files:

sudo cp /etc/bind/named.conf.options /etc/bind/named.conf.options.bak

2. Edit the BIND9 Configuration File

Open the BIND9 configuration file with a text editor like nano:

sudo nano /etc/bind/named.conf.options

3. Add Forwarder and Cache Configuration

Add or edit the following section in the configuration file:

options {
    directory "/var/cache/bind";

    // Listen on all interfaces
    listen-on { any; };
    listen-on-v6 { any; };

    // Enable DNS caching
    recursion yes;
    allow-recursion { any; };

    // Use root hints for DNS resolution
    dnssec-validation auto;

    // Forward queries to upstream DNS servers
    forwarders {
        8.8.8.8;
        8.8.4.4;
    };

    // Enable DNSSEC validation
    dnssec-enable yes;
    dnssec-lookaside auto;

    // Cache settings
    max-cache-size 256M;
    max-cache-ttl 86400;
    max-ncache-ttl 3600;
};

You can replace 8.8.8.8 and 8.8.4.4 with other DNS servers of your choice.

4. Download Root Hints

BIND9 requires a root hints file for DNS resolution. The root hints file is already included in the BIND9 installation, but you can update it manually if needed:

sudo wget -O /etc/bind/db.root https://www.internic.net/domain/named.cache

Step 4: Restart and Enable BIND9

After completing the configuration, restart BIND9 and enable it to start on boot:

sudo systemctl restart named
sudo systemctl enable named

Step 5: Test the Configuration

To ensure BIND9 is working correctly, you can test it using the dig command:

dig @127.0.0.1 google.com

If the configuration is successful, you will see the DNS query result from BIND9.

Step 6: Configure Clients to Use BIND9

Finally, configure your clients or devices to use BIND9 as the DNS server. You can change the DNS settings on your router or on individual devices.

Conclusion

By following this tutorial, you have successfully installed and configured BIND9 as a DNS forwarder and cache on Ubuntu 22.04. BIND9 will help improve the speed and reliability of your DNS resolution.

Read More

Install Unbound DNS as a DNS Forwarder and Cache on Ubuntu 22.04

Tutorial: Install Unbound DNS as a DNS Forwarder and Cache on Ubuntu 22.04

Unbound is a lightweight, fast, and secure DNS resolver. In this tutorial, we will install and configure Unbound as a DNS forwarder and cache that connects directly to the root DNS servers on Ubuntu 22.04.

Step 1: Update the System

First, ensure your system is up-to-date by running the following commands:

sudo apt update
sudo apt upgrade -y

Step 2: Install Unbound

Install Unbound using the apt package manager:

sudo apt install unbound -y

Step 3: Configure Unbound

After installation, we need to configure Unbound to function as a DNS forwarder and cache.

1. Backup the Default Configuration

Before making changes, it’s recommended to back up the default configuration file:

sudo cp /etc/unbound/unbound.conf /etc/unbound/unbound.conf.bak

2. Edit the Unbound Configuration File

Open the Unbound configuration file with a text editor like nano:

sudo nano /etc/unbound/unbound.conf

3. Add Forwarder and Cache Configuration

Add or edit the following section in the configuration file:

server:
    # Listen on all interfaces
    interface: 0.0.0.0
    interface: ::0

    # Enable DNS caching
    cache-min-ttl: 3600
    cache-max-ttl: 86400

    # Use root hints for DNS resolution
    root-hints: "/var/lib/unbound/root.hints"

    # Enable prefetching to improve performance
    prefetch: yes

    # Enable DNSSEC validation
    auto-trust-anchor-file: "/var/lib/unbound/root.key"
    val-override-date: 0

    # Forward queries to upstream DNS servers
    forward-zone:
        name: "."
        forward-addr: 8.8.8.8
        forward-addr: 8.8.4.4

You can replace 8.8.8.8 and 8.8.4.4 with other DNS servers of your choice.

4. Download Root Hints

Unbound requires a root hints file for DNS resolution. Download the root hints file using the following command:

sudo wget -O /var/lib/unbound/root.hints https://www.internic.net/domain/named.cache

Step 4: Restart and Enable Unbound

After completing the configuration, restart Unbound and enable it to start on boot:

sudo systemctl restart unbound
sudo systemctl enable unbound

Step 5: Test the Configuration

To ensure Unbound is working correctly, you can test it using the dig command:

dig @127.0.0.1 google.com

If the configuration is successful, you will see the DNS query result from Unbound.

Step 6: Configure Clients to Use Unbound

Finally, configure your clients or devices to use Unbound as the DNS server. You can change the DNS settings on your router or on individual devices.

Conclusion

By following this tutorial, you have successfully installed and configured Unbound as a DNS forwarder and cache on Ubuntu 22.04. Unbound will help improve the speed and security of your DNS resolution.

Read More