https://console.idcloudhost.com/referral/r4jbm6
#Setting Awal
root@vps:~# apt-get -y update && apt-get -y upgrade && apt-get -y install sudo
root@vps:~# sudo visudo
=======================================================================
www-data ALL=NOPASSWD: ALL #Tambah pada baris paling bawah
=======================================================================
root@vps:~# crontab -e
-----------------------------------------------------------------------
no crontab for root - using an empty one
Select an editor. To change later, run 'select-editor'.
1. /bin/ed
2. /usr/bin/vim.basic
Choose 1-2 []: 2
crontab: installing new crontab
-----------------------------------------------------------------------
root@vps:~# echo "/usr/sbin/nologin" >> /etc/shells #Membuat parameter group yg tdk bsa akses shell/console/terminal. Biasanya user yang dibuat untuk akses ftp, pop3, smtp, dll.
root@vps:~# groupadd ftpaccess #Menambahkan group utk user yang bisa akses ftp
root@vps:~# useradd -m -e $(date +%m/%d/%Y --date='1 month') -p $(perl -e 'print crypt($ARGV[0], "password")' passwordanda) -g ftpaccess -s /usr/sbin/nologin usernameanda #Menambahkan user selama 1 bulan, dengan akses ftp dan tidak bisa akses shell/console/terminal.
#Ubah timezone "Asia/Jakarta"
root@vps:~# dpkg-reconfigure tzdata
#Cek Modul PPP jika sudah aktif
root@vps:~# cat /dev/ppp
cat: /dev/ppp: No such device or address
#Cek Modul PPP jika belum aktif
root@vps:~# cat /dev/ppp
"Permission denied"
#Cek Modul TUN/TAP jika sudah aktif
root@vps:~# cat /dev/net/tun
cat: /dev/net/tun: File descriptor in bad state
#Cek Modul TUN/TAP jika belum aktif
root@vps:~# cat /dev/net/tun
cat: /dev/net/tun: No such file or directory
#Install HTTP Proxy Server
root@vps:~# apt-get -y update && apt-get -y upgrade
root@vps:~# apt-get -y install squid3 apache2-utils
root@vps:~# cp /etc/squid3/squid.conf /etc/squid3/squid.conf.bak
root@vps:~# wget http://agustianra.hol.es/scripts/squid.conf -O /etc/squid3/squid.conf
=======================================================================
auth_param basic program /usr/lib/squid3/basic_ncsa_auth /etc/squid3/squid_passwd
auth_param basic children 5
auth_param basic realm NamaProxyAnda Squid HTTP Proxy Server
auth_param basic credentialsttl 2 hour
acl ncsa_users proxy_auth REQUIRED
acl localnet src 10.0.0.0/8
acl localnet src 172.16.0.0/12
acl localnet src 192.168.0.0/16
acl localnet src fc00::/7
acl localnet src fe80::/10
acl SSL_ports port 443
acl Safe_ports port 80 #http
acl Safe_ports port 21 #ftp
acl Safe_ports port 443 #https
acl Safe_ports port 70 #gopher
acl Safe_ports port 210 #wais
acl Safe_ports port 1025-65535 #unregistered ports
acl Safe_ports port 280 #http-mgmt
acl Safe_ports port 488 #gss-http
acl Safe_ports port 591 #filemaker
acl Safe_ports port 777 #multiling http
acl CONNECT method CONNECT
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access allow localhost manager
http_access deny manager
http_access allow localnet
http_access allow localhost
http_access allow ncsa_users
http_access deny all
http_port 8080 #port HTTP Proxy Server
coredump_dir /var/spool/squid3
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern (Release|Packages(.gz)*)$ 0 20% 2880
refresh_pattern . 0 20% 4320
forwarded_for off
request_header_access Allow allow all
request_header_access Authorization allow all
request_header_access WWW-Authenticate allow all
request_header_access Proxy-Authorization allow all
request_header_access Proxy-Authenticate allow all
request_header_access Cache-Control allow all
request_header_access Content-Encoding allow all
request_header_access Content-Length allow all
request_header_access Content-Type allow all
request_header_access Date allow all
request_header_access Expires allow all
request_header_access Host allow all
request_header_access If-Modified-Since allow all
request_header_access Last-Modified allow all
request_header_access Location allow all
request_header_access Pragma allow all
request_header_access Accept allow all
request_header_access Accept-Charset allow all
request_header_access Accept-Encoding allow all
request_header_access Accept-Language allow all
request_header_access Content-Language allow all
request_header_access Mime-Version allow all
request_header_access Retry-After allow all
request_header_access Title allow all
request_header_access Connection allow all
request_header_access Proxy-Connection allow all
request_header_access User-Agent allow all
request_header_access Cookie allow all
request_header_access All deny all
=======================================================================
root@vps:~# service squid3 restart
root@vps:~# tail -f /var/log/squid3/access.log #cek log client access http proxy
root@vps:~# htpasswd -c /etc/squid3/squid_passwd usernameanda #hanya untuk awal saja ketika file squid_passwd BELUM terbuat
root@vps:~# htpasswd -b /etc/squid3/squid_passwd usernameanda passwordanda #ketika file password SUDAH terbuat
#Install PPTP VPN Server
root@vps:~# apt-get -y update && apt-get -y upgrade
root@vps:~# apt-get -y install pptpd
root@vps:~# mv /etc/pptpd.conf /etc/pptpd.conf.bak
root@vps:~# wget http://agustianra.hol.es/scripts/pptpd.conf -O /etc/pptpd.conf
=======================================================================
option /etc/ppp/pptpd-options
logwtmp
localip 10.0.0.1
remoteip 10.0.0.100-200
=======================================================================
root@vps:~# mv /etc/ppp/pptpd-options /etc/ppp/pptpd-options.bak
root@vps:~# wget http://agustianra.hol.es/scripts/pptpd-options -O /etc/ppp/pptpd-options
=======================================================================
name pptpd
refuse-pap
refuse-chap
refuse-mschap
require-mschap-v2
require-mppe-128
ms-dns 8.8.8.8
#ms-dns 8.8.4.4
proxyarp
nodefaultroute
lock
nobsdcomp
mtu 1490
mru 1490
=======================================================================
root@vps:~# mv /etc/sysctl.conf /etc/sysctl.conf.bak
root@vps:~# wget http://agustianra.hol.es/scripts/sysctl.conf -O /etc/sysctl.conf
=======================================================================
net.ipv4.ip_forward=1
=======================================================================
root@vps:~# sysctl -p
root@vps:~# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE #untuk VPS modul KVM dan XEN
root@vps:~# iptables -A FORWARD -i eth0 -o ppp0 -m state --state RELATED,ESTABLISHED -j ACCEPT #untuk VPS modul KVM dan XEN
root@vps:~# iptables -A FORWARD -i ppp0 -o eth0 -j ACCEPT #untuk VPS modul KVM dan XEN
root@vps:~# iptables -t nat -A POSTROUTING -j SNAT --to-source {ISI IP PUBLIC ANDA} #untuk VPS modul OpenVZ
root@vps:~# service pptpd restart
root@vps:~# tail -f /var/log/syslog #cek log client access PPTP VPN
root@vps:~# mv /etc/ppp/chap-secrets /etc/ppp/chap-secrets.bak
root@vps:~# echo "usernameanda pptpd passwordanda *" >> /etc/ppp/chap-secrets #menambahkan user & pass untuk akses VPN
Tidak ada komentar:
Posting Komentar