How to Set Up Fullchain SSL with Sectigo Certificate on Nginx: A Step-by-Step Guide

 To set up a fullchain SSL using your Sectigo SSL certificate in Nginx, follow these steps:

1. Prepare Your Certificate Files

   - You should have received the following files from Sectigo:

     - Your Domain Certificate (e.g., your_domain.crt)

     - Intermediate Certificate(s) (e.g., SectigoRSAOrganizationValidationSecureServerCA.crt)

     - Private Key (e.g., your_domain.key)

   - Combine your domain certificate and the intermediate certificate(s) into a single fullchain.crt file:

bash$cat your_domain.crt My_CA_Bundle.ca-bundle 
AAACertificateServices.crt > fullchain.crt

  

2. Upload the Files to Your Server

   - Upload the following files to your server (e.g., in `/etc/nginx/ssl/`):

     - `fullchain.crt`

     - `your_domain.key`

3. Configure Nginx

   - Edit your Nginx configuration file (usually located at `/etc/nginx/nginx.conf` or `/etc/nginx/sites-available/your_domain.conf`).

   - Add or update the `server` block to include the SSL configuration:

     ```nginx

     server {

         listen 443 ssl;

         server_name your_domain.com;

         ssl_certificate /etc/nginx/ssl/fullchain.crt;

         ssl_certificate_key /etc/nginx/ssl/your_domain.key;

         ssl_protocols TLSv1.2 TLSv1.3;

         ssl_ciphers HIGH:!aNULL:!MD5;

         location / {

             root /var/www/your_domain;

             index index.html index.htm;

         }

     }

     ```

   - If you want to redirect HTTP traffic to HTTPS, add this `server` block:

     ```nginx

     server {

         listen 80;

         server_name your_domain.com;

         return 301 https://$host$request_uri;

     }

     ```

4. Test the Nginx Configuration

   - Test the Nginx configuration to ensure there are no syntax errors:

     ```bash

     sudo nginx -t

     ```

 5. Reload Nginx

   - If the test is successful, reload Nginx to apply the changes:

     ```bash

     sudo systemctl reload nginx

     ```

6. Verify the SSL Installation

   - Visit your website using `https://your_domain.com` and ensure the SSL certificate is working correctly.

   - You can also use tools like [SSL Labs' SSL Test](https://www.ssllabs.com/ssltest/) to verify the installation.

7. Optional: Enable HSTS (HTTP Strict Transport Security)

   - To enforce HTTPS and improve security, add the following line inside the `server` block for port 443:

     ```nginx

     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

     ```

8. Optional: Automate Certificate Renewal

   - If your certificate is not auto-renewed, set up a cron job or script to handle renewal and reload Nginx when the certificate is updated.

Check your SSL setup, https://www.sslshopper.com/ssl-checker.html

That's it! Your Nginx server should now be serving your site with the Sectigo SSL certificate.

Mini/Micro Server

 Sedang mencair Mini/Micro server, makin banyak CPU Core nya makin baik. 

MicroServer G10 Plus Xeon E-2224 32GB 4TB 240G KM UPS 900VA P19752-371 

Harga 25 juta, Intel® Xeon® E-2224 (3.4GHz/4-core/71W), https://multipro.id/MicroServer-G10-Plus-Xeon-E-2224-32GB-4TB-240G-KM-UPS-900VA-P19752-371

Customer Support Tickets Analysis

 ...

Referensi

1.  How to manually analyze customer support tickets, https://www.sentisum.com/customer-feedback/customer-support-ticket-analysis
2.  Top 10 Customer Service Metrics: An Analytics Perspective [Infographics] , https://blog.happyfox.com/top-10-customer-service-metrics-an-analytical-perspective/
3.  What Kind of Analysis You Can Perform On a Ticket Management System, https://commence.com/blog/2019/12/03/ticket-management-system-analysis/
4. Power Up Your Ticket Management System with Machine Learning, https://monkeylearn.com/blog/ticket-data-analysis/
5. Lessons learned from analyzing 7 million customer support tickets, https://www.jitbit.com/news/255-lessons-learned-from-analyzing-7-million-customer-support-tickets/ 
6. Geckoboard dashboard, https://github.com/mirianbr/geckoboard-cs
   

Tuning Server dengan Apache Benchmark (ab)

 ...

Referensi

1. How to use Apache Benchmark (ab) to login to a site, https://stackoverflow.com/questions/25339972/how-to-use-apache-benchmark-ab-to-login-to-a-site

Monitoring Nginx dengan Grafana Dashboard

sudo apt install curl gnupg2 ca-certificates lsb-release debian-archive-keyring
 

 curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor     | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
 

gpg --dry-run --quiet --import --import-options import-show /usr/share/keyrings/nginx-archive-keyring.gpg

 

echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/debian `lsb_release -cs` nginx"     | sudo tee /etc/apt/sources.list.d/nginx.list
 

echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
    | sudo tee /etc/apt/preferences.d/99nginx

 

sudo apt update && sudo apt upgrade

 

mkdir software

 

sudo apt-get source nginx 

sudo apt-get build-dep nginx

cd nginx/

sudo dpkg -i  lib*.deb

sudo dpkg -i nginx-core_1.18.0-6.1_amd64.deb nginx-common_1.18.0-6.1_all.deb nginx_1.18.0-6.1_all.deb

 

git clone https://github.com/vozlt/nginx-module-vts.git

 

cd /usr/local/src/nginx-1.18.0/

sudo ./configure --with-compat --add-dynamic-module=/home/cendikia/software/nginx-module-vts/

sudo make modules

 

sudo cp objs/ngx_http_vhost_traffic_status_module.so /etc/nginx/modules/
 

Untuk prometheus, kita tidak perlu menggunakan export, karena nginx-module-vts sudah mendukung format untuk prometheus, yg dapat diakses pada alamat :
http://localhost/status/format/prometheus

Konfigurasi prometheus

 /etc/prometheus/prometheus.yml 

scrape_configs:
  # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
  - job_name: 'prometheus'

    # Override the global default and scrape targets from this job every 5 seconds.
    scrape_interval: 5s
    scrape_timeout: 5s

    # metrics_path defaults to '/metrics'
    # scheme defaults to 'http'.

    static_configs:
      - targets: ['localhost:9090']

  - job_name: node
    # If prometheus-node-exporter is installed, grab stats about the local
    # machine by default.
    static_configs:
      - targets: ['localhost:9100']

  - job_name: 'nginx-vts'
    metrics_path: '/status/format/prometheus'
    static_configs:
      - targets: ['localhost']

Grafana

Untuk Grafana kita menggunakan Dashboard berikut : 

https://grafana.com/grafana/dashboards/14824

 

Referensi

1. Monitoring Nginx dengan Prometheus dan Grafana, https://nothinux.id/monitoring-nginx-dengan-prometheus-dan-grafana/
2. Nginx Virtual Host Traffic Status Module to Monitor Nginx,  https://serverdiary.com/web-server/nginx-virtual-host-traffic-status-module-to-monitor-nginx/
   

Apache HTTP dengan MPM Event dan PHP-FPM

 ..

Referensi

1. How To Configure Apache HTTP with MPM Event and PHP-FPM on Ubuntu 18.04, https://www.digitalocean.com/community/tutorials/how-to-configure-apache-http-with-mpm-event-and-php-fpm-on-ubuntu-18-04
2. Move On MPM Prefork ke MPM Event, Sebuah Catatan, https://pdsi.unisayogya.ac.id/move-on-mpm-prefork-ke-mpm-event-sebuah-catatan/
3. How To Secure Apache with Let's Encrypt on Debian 10, https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-debian-10

Server Blade ThinkSystem SR530

 ...

Referensi

1. Lenovo ThinkSystem SR530 Server (Xeon SP Gen 1), https://lenovopress.com/lp0639-thinksystem-sr530-server-xeon-sp-gen1