Edit ‘podman’

Edit ‘freshrss’: hapus info informasi sensitif
Create ‘freshrss’: kubernet yaml
2024-02-03 01:03:54 +07:00 · 2024-02-02 17:26:07 +00:00 · 2024-02-02 17:22:33 +00:00 · 2024-02-01 19:19:00 +00:00 · 2024-02-01 19:18:04 +00:00 · 2024-02-01 17:52:15 +00:00
5 changed files with 111 additions and 6 deletions
--- a/btrfs.myco
+++ b/btrfs.myco
@ -1,5 +1,5 @@
 Dari [[enwiki>Btrfs]]:
-> Sebuah format penyimpanan komputer yang menggabungkan sistem berkas yang didasarkan pada prinsip salin-tulis (COW) dengan manajer volume logis (jangan disamakan dengan LVM Linux), yang dikembangkan bersama. Didirikan oleh Chris Mason pada tahun 2007 untuk digunakan di Linux, dan sejak November 2013, format on-disk sistem file ini telah dinyatakan stabil di kernel Linux.
+> Sebuah format penyimpanan komputer yang menggabungkan sistem berkas yang didasarkan pada prinsip salin-tulis (COW) dengan manajer volume logis (jangan disamakan dengan LVM Linux), yang dikembangkan bersama. Pertama kali dikembangkan oleh Chris Mason pada tahun 2007 untuk digunakan di Linux, dan sejak November 2013, format on-disk sistem file ini telah dinyatakan stabil di kernel Linux.

 = Btrfs dan Inode
 Dari [[https://www.thegeekdiary.com/command-df-i-shows-inode0-on-btrfs-file-system/ | The Geek Diary]]:
--- a/cloudflare/restore_original_ip.myco
+++ b/cloudflare/restore_original_ip.myco
@ -1,12 +1,12 @@
 Mengingat Cloudflare bertindak sebagai reverse proxy dari situs, maka peladen web //server// asal secara default akan me-//log// alamat IP cloudflare bukan alamat asli pengunjung situs. 

-
-= Enable mod_remoteip by issuing the following command:
+= Apache
+== Enable mod_remoteip by issuing the following command:
 ```
 sudo a2enmod remoteip
 ```
-= Tambahkan RemoteIPHeader CF-Connecting-IP

+== Tambahkan RemoteIPHeader CF-Connecting-IP
 ```
 ...
 RemoteIPHeader CF-Connecting-IP
@ -15,7 +15,8 @@ ErrorLog ${APACHE_LOG_DIR}/error.log
 CustomLog ${APACHE_LOG_DIR}/access.log combined
 ...
 ```
-= Tambahkan //trusted proxy//
+
+== Tambahkan //trusted proxy//
 Setelah itu tambahkan alamat IP Cloudflare ke daftar proksi tepercaya (//trusted proxy//) di `/etc/apache2/conf-available/remoteip.conf`.

 ```
@ -44,5 +45,25 @@ RemoteIPTrustedProxy 192.0.2.21 2a06:98c0::/29
 RemoteIPTrustedProxy 192.0.2.22 2c0f:f248::/32
 ```

+= Caddy
+Di direktori `/etc/caddy/Caddyfile.d/` buat `10-trusted_proxy.caddyfile`. Masukkan semua alamat IP Cloudflare ke `trusted_proxies``.
+```
+{
+	servers {
+		# all traffic come from cloudflare cdn
+		trusted_proxies cloudlfare [cloudflare-ip-address]
+	}
+}
+```
+
+Kemudian  tambahkan `X-Forwarded-For` dan `CF-Connecting IP` ke konfigurasi situs.
+```
+yoursite.com {
+	# forward request to golang backend
+	reverse_proxy [::]:8080
+	encode gzip
+	client_ip_headers X-Forwarded-For Cf-Connecting-IP
+}
+```
 = Referensi
 [[https://developers.cloudflare.com/support/troubleshooting/restoring-visitor-ips/restoring-original-visitor-ips/ | Restoring original visitor IPs]] di Cloudflare Docs.
--- a/freshrss.myco
+++ b/freshrss.myco
@ -0,0 +1,56 @@
+**FreshRSS** adalah agregator umpan web sumber terbuka.
+
+= Kubernets YAML
+```
+# Save the output of this file and use kubectl create -f to import
+# it into Kubernetes.
+#
+# Created with podman-4.9.0
+apiVersion: v1
+kind: Pod
+metadata:
+  annotations:
+    bind-mount-options: /home/freshrss/app:Z
+  creationTimestamp: "2024-02-02T15:54:50Z"
+  labels:
+    app: freshrss
+  name: freshrss
+spec:
+  containers:
+  - args:
+    - mariadbd
+    env:
+    - name: MARIADB_DATABASE
+      value: freshrss
+    - name: MARIADB_ROOT_PASSWORD
+      value: 
+    - name: MARIADB_USER
+      value: freshrss_user
+    - name: MARIADB_PASSWORD
+      value: 
+    image: docker.io/library/mariadb:latest
+    name: freshrss-db
+    ports:
+    - containerPort: 80
+      hostPort: 8000
+    volumeMounts:
+    - mountPath: /var/lib/mysql
+      name: home-freshrss-db-host-0
+  - env:
+    - name: TZ
+      value: Etc/UTC
+    image: lscr.io/linuxserver/freshrss:latest
+    name: freshrss-app
+    volumeMounts:
+    - mountPath: /config
+      name: home-freshrss-app-host-0
+  volumes:
+  - hostPath:
+      path: /home/freshrss/db
+      type: Directory
+    name: home-freshrss-db-host-0
+  - hostPath:
+      path: /home/freshrss/app
+      type: Directory
+    name: home-freshrss-app-host-0
+```
--- a/podman.myco
+++ b/podman.myco
@ -41,4 +41,8 @@ Kemudian masukkan:
 ```
 [containers]
 rootless_networking = "cni"
-```
+```
+
+= Kenapa tidak bisa menggunakan sudo dengan Podman //rootless//?
+> All of this still doesn't explain why you cannot use sudo and su with rootless containers. The answer is that sudo and su do not create a login session. There are many historical reasons for this, most stemming from the fact that sudo and su are somewhat irregular (one user becoming another user, instead of a fresh login). See this GitHub issue for details. Given this, rootless Podman cannot be used with sudo and su unless loginctl enable-linger is used to force a persistent user session to be created for the user.
+-- [[https://www.redhat.com/sysadmin/sudo-rootless-podman | Why can't I use sudo with rootless Podman?]]
--- a/ssh.myco
+++ b/ssh.myco
@ -5,3 +5,27 @@ sudo chown -R username:username /home/username/.ssh
 sudo chmod 0700 /home/username/.ssh
 sudo chmod 0600 /home/username/.ssh/authorized_keys
 ```
+= Menyalin kunci ke peladen
+Dari manual ssh-copy-id:
+
+```
+NAME
+       ssh-copy-id — use locally available keys to authorise logins on a remote machine
+
+SYNOPSIS
+       ssh-copy-id [-f] [-n] [-s] [-i [identity_file]] [-p port] [-o ssh_option] [user@]hostname
+       ssh-copy-id -h | -?
+
+DESCRIPTION
+       ssh-copy-id  is  a  script that uses ssh(1) to log into a remote machine (presumably using a login password, so password authentication should be enabled, unless you've done some
+       clever use of multiple identities).  It assembles a list of one or more fingerprints (as described below) and tries to log in with each key, to see if any of them are already in‐
+       stalled (of course, if you are not using ssh-agent(1) this may result in you being repeatedly prompted for pass-phrases).  It then assembles a list of those that  failed  to  log
+       in,  and  using ssh, enables logins with those keys on the remote server.  By default it adds the keys by appending them to the remote user's ~/.ssh/authorized_keys (creating the
+       file, and directory, if necessary).  It is also capable of detecting if the remote system is a NetScreen, and using its ‘set ssh pka-dsa key ...’ command instead.
+```
+
+Skrip ini menginstal kunci SSH pada server sebagai kunci resmi. Tujuannya adalah untuk menyediakan akses tanpa memerlukan kata sandi untuk setiap login. Hal ini memfasilitasi login otomatis tanpa kata sandi dan sistem masuk tunggal menggunakan protokol SSH.
+
+```
+ssh-copy-id -i ~/.ssh/mykey user@host
+```
Author	SHA1	Message	Date
nawan	c5f84caceb	Edit ‘podman’	2024-02-03 01:03:54 +07:00
nawan	8e9cb450ce	Edit ‘freshrss’: hapus info informasi sensitif	2024-02-02 17:26:07 +00:00
nawan	40f8057ba9	Create ‘freshrss’: kubernet yaml	2024-02-02 17:22:33 +00:00
nawan	9eed0c91d8	Edit ‘cloudflare/restore_original_ip’: perbaiki identasi	2024-02-01 19:19:00 +00:00
nawan	91da6b19a0	Edit ‘cloudflare/restore_original_ip’: konfigurasi caddy	2024-02-01 19:18:04 +00:00
nawan	8e738d3770	Edit ‘btrfs’: perbaiki terjemahan	2024-02-01 17:52:15 +00:00
nawan	49e42295b4	Edit ‘ssh’: cara menambahkan kunci ssh ke peladen	2024-02-01 13:58:21 +00:00