Arsip Troubleshooting
Sistem dokumentasi error log dan instruksi perbaikan.
Membuat DNS baru untuk server on premise
contoh : Server yang akan dibuat adalah server 172.16.70.81 yang akan dibuat DNS https://kardex-bicara.simgroup.co.id
Step 1: SSH ke server Load Balance ip 172.16.70.98
Step 2: masuk direktori config nginx di /etc/nginx/conf.d
Step 3: buat file conf dns nya yaitu kardex-bicara.simgroup.co.id.conf
root@load-balance:/etc/nginx/conf.d# nano kardex-bicara.simgroup.co.id.conf dan copy baris dibawah ini:
server {
server_name sys.db.bi-bicara.simgroup.co.id www.sys.db.bi-bicara.simgroup.co.id;
access_log /var/log/nginx/reverse-access-inbound.log;
error_log /var/log/nginx/reverse-error-inbound.log;
location / {
proxy_pass http://172.16.70.81:7399;
proxy_redirect off;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host sys.db.bi-bicara.simgroup.co.id;
proxy_connect_timeout 5000s;
proxy_read_timeout 5000s;
}
}
Step 4: setelah itu buat cek conf dan reload service nginxnya
nginx -t # output harus OK
Step5: reload service nginx
systemctl reload nginx.service
step6: Buat records DNS baru dicloudflare -> https://dash.cloudflare.com/eae3ffda149a6f25f33c9543ebd74bf8/simgroup.co.id/dns/records -> add records
di set seperti ini jika ip local mengarah ke load balance:
jika ip cloud set nya berbeda IPv4 address mengarak ke ip publik, cek ip publiknya di alibaba cloude di instance detail server nya
Step 7: lalu buat https dengan jalankan perintah di server loadbalance ip 172.16.70.98
certbot --nginx -d kardex-bicara.simgroup.co.id
certbot --nginx -d sdmonitoring.simgroup.co.id
output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator nginx, Installer nginx Obtaining a new certificate Performing the following challenges: http-01 challenge for kardex-bicara.simgroup.co.id Waiting for verification... Cleaning up challenges Deploying Certificate to VirtualHost /etc/nginx/conf.d/kardex-bicara.simgroup.co.id.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration.
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2 Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/kardex-bicara.simgroup.co.id.conf
Congratulations! You have successfully enabled https://kardex-bicara.simgroup.co.id
You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=kardex-bicara.simgroup.co.id
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/kardex-bicara.simgroup.co.id/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/kardex-bicara.simgroup.co.id/privkey.pem Your cert will expire on 2026-05-05. To obtain a new or tweaked version of this certificate in the future, simply run certbot again with the "certonly" option. To non-interactively renew all of your certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
jika server dari cloud alibaba kirimkan filenya untuk di upload ke uaf:
alu ambil filenya disini sesuai dengan nama nya
/etc/letsencrypt/live/
lalu kita ambil file:
-fullchain.pem
-privkey.pem