Scribd
Upload
30 views7 pages

Lks Kalsel 2024 Itnsa MB Actual en

The document outlines the competition guidelines for the IT Network Systems Administration event at the 2024 Lomba Kompetensi Siswa in South Kalimantan. It includes detailed instructions for configuring server environments, DNS, web servers, email servers, and security measures across two sites, Utara and Selatan. Participants are required to set up various services and ensure proper network configurations according to specified requirements.

Uploaded by

DEMON CH
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
30 views7 pages

Lks Kalsel 2024 Itnsa MB Actual en

The document outlines the competition guidelines for the IT Network Systems Administration event at the 2024 Lomba Kompetensi Siswa in South Kalimantan. It includes detailed instructions for configuring server environments, DNS, web servers, email servers, and security measures across two sites, Utara and Selatan. Participants are required to set up various services and ensure proper network configurations according to specified requirements.

Uploaded by

DEMON CH
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

LOMBA KOMPETENSI SISWA (LKS)

SEKOLAH MENENGAH KEJURUAN


TINGKAT PROVINSI KALIMANTAN SELATAN TAHUN
2024

TEST PROJECT
CLIENT-SERVER ENVIRONMENT

Bidang Lomba
IT NETWORK SYSTEMS ADMINISTRATION
Introduction
Login credentials
Debian 12
Username : root/user
Password : P@ssw0rd

Windows Server 2022


Username : Administrator
Password : P@ssw0rd

System environments
utara.site
Region/Timezone : Asia/Makassar

selatan.site
Region/Timezone : Asia/Jakarta

Date: 01.05.24 Version: 1.0


2 of 7
Instructions to the Competitor
Part 1. Utara Site
Configure the system environment timezone, and hostname, IP address according to the
appendix

DHCP Server
● Configure the DHCP service in FW-UTARA by referring to the below table

Option Value
Subnet /24
Range 192.168.10.100 -
192.168.10.200
Domain Name Server 192.168.10.11
Domain Name utara.site
Gateway 192.168.10.1

● Configure static DHCP IP Address for LINSRV2 192.168.10.12

DNS Server
● Set up the utara.site domain on LINSRV1 using Bind9
● The server works as the master DNS server.
● Add domain records.

Type Record Value


NS utara.site ns1.utara.site
ns2.utara.site
A ns1 192.168.10.11
ns2 192.168.10.12
LINSRV1 192.168.10.11
LINSRV2 192.168.10.12
www 103.10.70.110
file 192.168.10.12
MX utara.site 10, mail.utara.site
● Configure name server forwarder so can resolve domain selatan.site
● The target address is “103.10.70.120”
● Set up the utara.site domain on LINSRV2
● The server works as the slave DNS server from LINSRV1

Date: 01.05.24 Version: 1.0


3 of 7
Certificate Authority
● Set up root certificate authority on LINSRV2 using OpenSSL on directory /root/ca.
● Create Root Certificate cacert.pem and cacert.key with attributes should be set as follows.
● Country Code: ID
● Organization: LKS
● Common Name: LKS Provinsi 2024 CA
● Create additional certificate

Issued Certificate Note


CN = mail.utara.site Mail Server
CN = www.utara.site Web
CN = file.utara.site Web
CN = www.selatan.site Web

WEB Server
● Configure web server on LINSRV1 using apache2
● Create a virtual host HTTP only for serving www.utara.site
● The website page should display “Hello World from utara site”
● Add the HTTP header “X-Served-By” with the server hostname as the value
● Configure web server on LINSRV2 using nginx
● Create a virtual host HTTP only for serving www.utara.site
● The website page should display “Hello World from utara site”
● Add the HTTP header “X-Served-By” with the server hostname as the value
● Create a virtual host on LINSRV2 for serving file.utara.site
● Enable HTTPS using the Certificate Authority from CA
● Redirect all HTTP requests to HTTPS.
● This virtual host is set as a file server for directory /data/file/
● Add basic authentication using username rahasia with password P@ssw0rd
● Make sure LINCLT can access without any warning

Email Server with SMTP and IMAP


● Install and configure Postfix and Dovecot on LINSRV1
● Use the domain utara.site so that email can be sent to [email protected] email address.
● Enable SMTP with negotiable TLS on port 25
● Enable IMAP with negotiable TLS on port 143
● Use certificates from CA
● Enable web-based email using Roundcube
● Make it accessible using the domain mail.utara.site.
● Enable HTTPS access using a certificate CA
● Make sure LINCLT can access the web-based email Roundcube
● Create two mail users: [email protected] and [email protected] with password P@ssw0rd
● Send a test mail from [email protected] to [email protected].
● Create email alias [email protected] should be received by [email protected]
● Send a test mail from [email protected] to [email protected]

Date: 01.05.24 Version: 1.0


4 of 7
SSH
● Install and configure the SSH Server on LINSRV2
● Create a user file with the password P@ssw0rd and set the home directory to /data/file/
● Make sure to configure the file user not to be able to use sudo and become root
● Configure the user “user” in LNXCLT SSH to [email protected] without a password and use
key-based SSH authentication
● Change SSH port default to 2024

Load Balancer HAProxy


● Configure HTTP/HTTPS load balancer for www.utara.site, which is hosted by LINSRV1 and
LINSRV2
● Use a certificate from CA
● Use round-robin as an algorithm
● Make sure LINCLT can access without any warning

Firewall
● Make sure that the firewall operates in stateful mode
● Configure DNAT for DNS using external IP.
● Configure utara.site can ping to 103.10.70.120

Date: 01.05.24 Version: 1.0


5 of 7
Part 2. Selatan Site
Configure the system environment timezone, and hostname, IP address according to the
appendix. Enable WINSRV pingable.

Active Directory
● Configure this server as the initial domain controller (new forest) for selatan.site

DNS Server
● Configure DNS for selatan.site
● Create a reverse Zone for the 172.16.20.0/24 network
● Add domain records.

Type Record Value


NS selatan.site ns.selatan.site
A ns 172.16.20.11
www 103.10.70.120
manager 172.16.20.11
● Configure name server forwarder so we can resolve domain utara.site
● The target address is “103.10.70.110”

Web Server
● Install IIS web service
● Create web for host www.selatan.site
● Path C:\inetpub\wwwroot
● The website page should display “Hello World from selatan site”
● Create internal web with host manager.selatan.site
● Path C:\inetpub\manager
● The website page should display “Hello Managers !”
● Enable basic authentication and allow user ‘manager’ with password P@ssw0rd

Windows Backup
● Create folder C:\backups
● Create a backup job to backup folder C:\inetpub\wwwroot at 4 PM daily.

Load Balancer Nginx


● Configure HTTP/HTTPS reverse proxy on FW-SELATAN for www.selatan.site which is hosted by
WINSRV
● User certificate from CA
● Make sure LINCLT can access without any warning

Firewall
● Make sure that the firewall operates in stateful mode
● Configure DNAT for DNS using external IP.
● Configure selatan.site can ping to 103.10.70.110

Date: 01.05.24 Version: 1.0


6 of 7
Appendix
Topology

System Table
Device IP OS
LINCLT DHCP Debian 12 GUI
LINSRV1 192.168.10.11/24 Debian 12 CLI
LINSRV2 192.168.10.12/24 (DHCP static) Debian 12 CLI
FW-UTARA 192.168.10.1/24 Debian 12 CLI
103.10.70.110/23
FW-SELATAN 172.16.20.1/24 Debian 12 CLI
103.10.70.120/23
WINSRV 172.16.20.11/24 Windows Server 2022 Desktop

Date: 01.05.24 Version: 1.0


7 of 7

You might also like