Tutorial, Internet, Hardware, Software, Os, Linux, Android, Security, Mikrotik

18 December, 2010

Install Server LPSE (Apache, Tomcat, dan PostgreSQL)

Software yang dibutuhkan harus sudah terinstal. Software tersebut antara lain :
• Apache 2.x (mod_jk, mod_security, mod_evasive, mod_deflate)
• Apache-tomcat 6.x
• Java SDK 1.6.x
• Postgresql 8.x
Karena distro yg saya pakai RHEL 5.5 jadi untuk install langsung saja jalanin perintah yum
yum install postgresql httpd php
untuk java saya download yg source, tinggal ekstrak aja ke /usr/local/src
lalu berikan hak akses
chmod 777 /usr/local/src/jdk1.6.0/bin/*
1. Konfigurasi database
a. Edit baris berikut di postgresql.conf menjadi :
listen_addresses = ‘*’
port = 5432
b. Tambahkan baris berikut di pg_hba.conf :
host all all 192.168.0.1/24 trust
asumsi 192.168.0.1 sebagai server aplikasi
c. Restart postgresql dengan perintah berikut :
service postgresql restart
d. Buat user di database :
root@lpse:/# su postgres
postgres@lpse:$ /usr/bin/psql
postgres=# create user epns;
CREATE ROLE
postgres=# create user secman;
CREATE ROLE

e. Buat database production :
root@lpse:/# su postgres
postgres@lpse:$ createdb –U postgres epns-prod –O epns
postgres@lpse:$ createdb –U postgres secman-prod –O secman

f. Import database :
root@lpse:/# su postgres
postgres@lpse:$ psql
postgres=# \cd /home/sysadmin
postgres=# \c epns-prod
epns-prod=# \i epns_master_prod_220.sql
epns-prod=# \i 7_upgrade_to_R5b.sql
postgres=# \c secman-prod
secman-prod=# \i secman_master_prod_220.sql

g. Ubah password user :
root@lpse:/# su postgres
postgres@lpse:$ psql
postgres=# ALTER USER epns PASSWORD ‘passwordku’;
ALTER ROLE
postgres=# ALTER USER secman PASSWORD ‘passwordku’;
ALTER ROLE

2. Konfigurasi Aplikasi :
a. copy source aplikasi LPSE ke /usr/local/src
cp -R /home/sysadmin/lpse/appserv/epns-prod/ /usr/local/src/
b. Set konfigurasi koneksi database :
saya asumsikan database berada dalam server yg sama yaitu 192.168.0.1
edit file /usr/local/src/epns-prod/eproc/WEB-INF/classes/application.properties menjadi seperti berikut :
secman.jdbc.driverClassName=org.postgresql.Driver
secman.jdbc.url=jdbc:postgresql://192.168.0.1/secman-prod
secman.jdbc.username=secman
secman.jdbc.password=[password user secman]
secman.jdbc.validationQuery=SELECT 1
jdbc.driverClassName=org.postgresql.Driver
jdbc.url=jdbc:postgresql://192.168.0.1/epns-prod
jdbc.username=epns
jdbc.password=[password user epns]
jdbc.validationQuery=SELECT 1
jdbc.validationQuery=SELECT 1

c. Install tomcat :
Copy source tomcat ke /usr/local/src
cp -R /home/sysadmin/lpse/src/apache-tomcat-production/ /usr/local/src/
d. setting path home java
edit file /etc/profile, tambahkan baris berikut :
export JRE_HOME=/usr/local/src/jdk1.6.0/
export JAVA_HOME=/usr/local/src/jdk1.6.0/
e. ubah port AJP13 menjadi 7009
edit file /usr/local/src/apache-tomcat-production/conf/server.xml
[Connector port="7009" protocol="AJP/1.3" redirectPort="8443" /]
f. Tutup port 8080
edit file /usr/local/src/apache-tomcat-production/conf/server.xml berikan tanda komentar pada baris berikut :
[Connector executor="tomcatThreadPool"
port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" /]
g. Arahkan tomcat ke path aplikasi LPSE berada
edit file /usr/local/src/apache-tomcat-production/conf/server.xml tambahkan baris berikut :
[Context path="/eproc" docBase="/usr/local/src/epns-prod/eproc" reloadable="false"] [/Context]
[Listener className="org.apache.jk.config.ApacheConfig"
modJk="/etc/httpd/modules/mod_jk.so"
workersConfig="/etc/httpd/workers.properties" /]
h. Buat konfigurasi workers.properties untuk menghubungkan tomcat dengan apache
nano /etc/httpd/workers.properties
ps=/
worker.list=worker1 worker2
worker.worker1.port=8089
worker.worker1.host=localhost
worker.worker1.type=ajp13
worker.worker1.lbfactor=1
worker.worker2.port=7079
worker.worker2.host=localhost
worker.worker2.type=ajp13
worker.worker2.lbfactor=2
worker.loadbalancer.type=lb
worker.loadbalancer.balanced_workers=worker1 worker2
worker.inprocess.type=jni
worker.inprocess.class_path=$(workers.tomcat_home)$(ps)lib$(ps)catalina.jar
worker.inprocess.cmd_line=start
worker.inprocess.jvm_lib=$(workers.java_home)$(ps)jre$(ps)lib$(ps)
i386$(ps)classic$(ps)libjvm.so
worker.inprocess.stdout=$(workers.tomcat_home)$(ps)logs$(ps)inprocess.stdout
worker.inprocess.stderr=$(workers.tomcat_home)$(ps)logs$(ps)inprocess.stderr
i. tambahkan baris berikut pada httpd.conf untuk redirect website
Alias /eproc /usr/local/src/epns-prod/eproc
RedirectMatch ^/$ /eproc/app
j. edit file mod_jk.conf seperti berikut :
LoadModule jk_module modules/mod_jk.so
JkWorkersFile /etc/httpd/workers.properties
JkLogFile /var/log/httpd/mod_jk.log
JkLogLevel info
JkLogStampFormat “[%a %b %d %H:%M:%S %Y] “
JkMount /eproc* worker1
k. install dan konfigurasi module security
yum mod_evasive mod_security
edit mod_evasive.conf :
[IfModule mod_evasive20.c /]
DOSHashTableSize 6194
DOSPageCount 25
DOSSiteCount 80
DOSPageInterval 1
DOSSiteInterval 1
DOSBlockingPeriod 10
[/IfModule]
edit mod_security.conf :
SecAuditEngine RelevantOnly
SecRequestBodyAccess On
SecResponseBodyAccess On
SecAuditLogParts ABCFHZ
SecAuditLog /home/logs_apache_tomcat/security/audit_apache.log
SecDebugLog /home/logs_apache_tomcat/security/modsec_debug.log
SecDebugLogLevel 3
SecDefaultAction log,auditlog,deny,status:403,phase:2,t:none
SecRuleEngine On
SecServerSignature “Netscape-Enterprise/6.0 PHP5.2.0 mod_asp/3.4.5″
SecRule ARGS “\.\./”
SecRule ARGS “<[[:space:]]*script"
SecRule ARGS “<(.|\n)+>“
SecRule REQUEST_BODY “(document\.cookie|Set-Cookie|SessionID=)”
SecRule REQUEST_BODY “<[^>]*meta*\”?[^>]*>”
SecRule REQUEST_BODY “<[^>]*style*\”?[^>]*>”
SecRule REQUEST_BODY “<[^>]*script*\”?[^>]*>”
SecRule REQUEST_BODY “<[^>]*iframe*\”?[^>]*>”
SecRule REQUEST_BODY “<[^>]*object*\”?[^>]*>”
SecRule REQUEST_BODY “<[^>]*img*\”?[^>]*>”
SecRule REQUEST_BODY “<[^>]*applet*\”?[^>]*>”
SecRule REQUEST_BODY “<[^>]*form*\”?[^>]*>”
SecRule REQUEST_HEADERS:User-Agent “Nikto” “log,deny,status:403,msg:’Nikto Scanners Identified’”
SecRule HTTP_HOST “\x25″
SecRule HTTP_HOST “^$” “log,allow,msg:’no http host’”
SecRule HTTP_USER_AGENT “^$” “log,allow,msg:’No user agent’”
SecRule REQUEST_BODY “/^(etc|bin|sbin|tmp|var|opt|dev|kernel|exe)$/”
SecRule ARGS “delete[[:space:]]+from”
SecRule ARGS “insert[[:space:]]+into”
SecRule ARGS “select.+from”
SecRule ARGS “\<\!--\#"
SecRule ARGS “((=))[^\n]*(<)[^\n]+(>)”
SecRule REQUEST_BODY “(\’|\”)”
SecRule REQUEST_BODY “!^[\x20-\x7f]+$”
SecRule REQUEST_URI “^/(bin|cgi|cgi(\.cgi|-91[45]|-sys|-local|s|-win|-exe|-home|-perl)|(mp|web)cgi|(ht|ows-)bin|scripts|fcgi-bin)/”
SecRule REQUEST_BODY “/bin/ps”
SecRule ARGS “wget\x20″
SecRule ARGS “uname\x20-a”
SecRule REQUEST_BODY “/nessus_is_probing_you_”
SecRule REQUEST_URI “^OR 1=1–*”
edit mod_deflate.conf :
LoadModule deflate_module /usr/lib/apache2/modules/mod_deflate.so
SetOutputFilter DEFLATE
DeflateBufferSize 65536
DeflateCompressionLevel 9
DeflateFilterNote Input instream
DeflateFilterNote Output outstream
DeflateFilterNote Ratio ratio
DeflateMemLevel 9
DeflateWindowSize 15
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch “Windows 98″ gzip-only-text/html
BrowserMatch “MSIE [45]” gzip-only-text/html
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \.(?:gif|jpeg|jpe|jpg|png|ico|t?gz|zip|rar|pdf|doc|xls|dat)$ no-gzip dont-vary
LogFormat ‘”%r” %{outstream}n/%{instream}n (%{ratio}n%%)’ deflate
CustomLog /var/log/apache2/deflate_log deflate
l. restart service httpd lalu start tomcat
service httpd restart
/usr/local/src/apache-tomcat-production/bin/startup.sh
jika ingin apache dan tomcat start saat booting lakukan langkah berikut :
chkconfig httpd on
edit file /etc/rc.local tambahkan baris berikut :
/usr/local/src/apache-tomcat-production/bin/startup.sh

instalasi tomcat
Instalasi tomcat dilakukan dengan mengcopy tomcat dari cd installer atau source ke aplikasi      server (direkomendasikan dicopy ke direktori /usr/local/src)
Set pada direktori tomcat/bin/catalina.sh untuk JAVA_HOME diarahkan ke jdk1.6.0                         (JAVA_HOME=/usr/local/src/jdk1.6.0)
Konfigurasi untuk aplikasi terdapat dua bagian yaitu aplikasi untuk latihan dan production :
Latihan
Copy tomcat ke direktori /usr/local/src  rename menjadi /usr/local/src/apache-tomcat-latihan
Set apache-tomcat-latihan/conf/server.xml ubah port AJP13 menjadi 8009'
redirectPort="8443" />
Set  apache-tomcat-latihan/conf/server.xml tutup port 8080 
Set context path dan docbase
    "/home/appserv/epns-   latihan/latihan"

Set JAVA_HOME pada file apache-tomcat-latihan/bin/catalina.sh
  JAVA_HOME = /usr/local/src/jdk1.6.0

Production
Copy tomcat ke direktori /usr/local/src  rename menjadi /usr/local/src/apache-tomcat-latihan
Set apache-tomcat-latihan/conf/server.xml ubah port AJP13 menjadi 7009

Tutup port 8080 seperti pada latihan
Set context path dan docbase   

Set JAVA_HOME pada file apache-tomcat-latihan/bin/catalina.sh
   JAVA_HOME = /usr/local/src/jdk1.6.0

MENJALANKAN TOMCAT
Jalankan perintah /usr/local/src/apache-tomcat-latihan/bin/catalina.sh run. Perintah ini menjalankan tomcat dalam keadaan debug. Bila sudah bisa maka akan terlihat
INFO: JK: ajp13 listening on /0.0.0.0:8009

Atau bisa dilihat dengan perintah #netstat –an , bila port 8009 sudah listening, maka tomcat siap di startup.
 *.8009             *.*                0      0 49152      0 LISTEN

Jalankan perintah /usr/local/src/apache-tomcat-production/bin/catalina.sh run. Perintah ini menjalankan tomcat dalam keadaan debug. Bila sudah bisa maka akan terlihat
 INFO: JK: ajp13 listening on /0.0.0.0:7009

Atau bisa dilihat dengan perintah #netstat –an , bila port 7009 sudah listening, maka tomcat siap di startup.
   *.7009             *.*                0      0 49152      0 LISTEN

Sumber : http://adiseno.cilacaponline.web.id/blog/?p=233
                http://portal.pengadaannasional-bappenas.go.id/index.php/setup-development-server/121-setupdevelopmentserver-tomcat

3 comments:

  1. pak gimana caranya install mod_jk, mod_security, mod_evasive, mod_deflate ????
    saya rencana mau install lpse pake CentOS Linux 5.4 ???
    mohon bantuannya... :)

    ReplyDelete
  2. http://waroong.net/blog/teknologi/hardware/komputasi-awan/ << sekilas tentang komputasi awan untuk server masa kini. Murah dan Bagus

    ReplyDelete

Terima kasih atas komentarnya