How To Enable DNSSEC Domain Feature With Cloudflare

Hello guys, you may have seen about this feature in the features in your domain. DNSSEC as the name combination from DNS & SEC, The first time I got to know it I thought it must have to do with DNS security in a way from the word DNS and SECurity right… Hehe. But actually dnssec stands for “Domain Name System Security Extension” and don’t worry i mistaken either. In short way, this feature is a form of authentication security from the domain to the server, if the data that communicates from the domain and the server shoul validate if the data is really from the appropriate server. basically, it uses the some kind of key sign so to pass each other that it becomes more secure.

Ok, right off the boat, to use DNSSEC on Cloudflare is really easy, just copy and paste the key from Cloudflare to your domain manager (depending on your domain registrar). For example, you can log in to your Cloudflare dashboard and look for the menu as below.

Select the DNS tab > Scroll down until you find this menu

After you find the menu as above, then you can immediately click “Enable DNSSEC”. Then you will be presented on the page as below.

Key view for DNSSEC

After the display appears as above, then we will enter the key code above to connect to our domain manager, where we buy the domain. For example, if you buy a domain at GoDaddy, Namecheap, Bluehost.. etc. then you just enter it in the domain manager then select DNSSEC menu at your domain registrar. Below is an example of the registrar that I use, the name is Namesilo, so for example, as shown below.

Input all according to the details on Cloudflare

As you guys above, we just need to enter the key code obtained from Cloudflare in the DDNSSEC menu on our respective registar. Make sure everything is correct and if successful on the DNS tab and the DNSSEC menu will appear as below.

DDNSSEC is already active

Well, it’s really easy, right, with this DDNSEC firut adding security to our DNS so that it is not easily hijacked (if im not mistaken, it’s called DNS forged). So your domain is more secure. Good Luck!

Differences in USB Cable Type A, B, C, Micro, Mini

Do you have gadgets, laptop phones, printers? then you must have been aware of the USB interface. Yep, usb stands for Universal Serial Bus which is used for data and power transmission in today’s technological devices. In line with its development, this USB interface has undergone many physical changes as well as and for each change also has its own compatibility2. both from the USB version (e.g. USB 1.1, 2.0, 3.0, 3.1) and also the power output that can be streamed on the interface. okay let’s just start from the first one:

  • USB Type A
USB Type A Port Display

It is the most common type of USB used on many devices, usually used as a base. This USB Type A for now also has 2 versions, namely the standard type and the SuperSpeed type. For the standard type it has 4 pins on its port that supports up to USB 2.0 bandwidth (480Mbps) and in Super Speed it has an 8 pin connector that supports up to USB 3.2 (5Gbps-20Gbps).

  • USB Type B
USB Type B Port Display

This type of USB is usually used in printer devices, scanners and which is somewhat similar to the scenario. This USB is a rather wide box that can be compatible with USB 1.1 to 3.x data transmission depending on the other end (usually Type A).

  • USB Type C
USB Type C Port Display

It is the latest version of the USB interface whose use can be reversed up or down because it has symmetrical dimensions. This type supports bandwidth up to USB 3.2 (20Gbps) and it looks like it will also support USB 4.0 in the future. USB Type C also supports power delivery (depending on the manufacturer wants to prioritize bandwidth or power) which can deliver up to 240W of power (*for now). So it is not surprising that this interface is the most commonly found for all devices today, be it laptops, smartphones, monitors, tablets. etc. Because it is the most versatile USB interface for both high bandwidth data transmission and high power transmission.

  • Mini USB
Mini USB Port Display

Is a USB interface that is often used before switching to a capacitive screen. we can find it on old mobile phones released in 2006 and also consoles such as PSP. Supports bandwidth up to 480Mbps or USB 2.0. In 2007 it was considered obsolete because its dimensions were too large for the latest generation of thinner mobile devices, then subsequently replaced by micro USB which we will discuss below.

  • Micro USB
Micro USB Port Display

Next is Micro USB, this type of port is quite long used until now it is still used even though it has been widely replaced by USB Type C. The advantage of this port is that its dimensions are smaller than mini USB and have the same features as Mini USB.

So that’s the all interface that i know (i think). Actually, there is another Micro USB SuperSpeed which is a high-bandwidth version of micro USB that can support data transmission up to 6Gbps which is commonly on the hard disk enclosure, which is currently also starting to be replaced by USB type C. Ok, maybe that’s it, hopefully it helps!

Difference between Condenser Microphone & Dynamic Microphone

Have you ever wanted to buy a microphone but you are confused because of the type, the microphones sold in the marketplace generally have 2 types like this title. So both Dynamic and Condenser Microphone have different ways of working & different needs as well. Before we discuss the differences, we start first from the similarities, a part that make the mic able to pickup our voice, that is the Diaphragm (diaphragm). So diaphragms are simply like small speakers made of sheets (usually plastic), magnets and copper windings (coils) as conductors of electricity. The way it works by listening acoustic vibrations that will cause the Diaphragm (diaphragm) to vibrate which will then be converted into electrical energy.

Diaphragms (diaphragms) are generally 2 types:

  • Large Diaphragm ( large diaphragm)

As the name implies, this diaphragm has a large size with inconsistent polar pattern characteristics but has a high sensitivity that allows it to capture a wider spectrum of sounds. Microphones with this diaphragms can be found in the studio, recording vocal sounds, bass drums and sometimes for room recording to get a more vintage sound.

  • Small Diaphragm (small diaphragm)

Microphone with this Diaphragm is also commonly called “pencil microphone” which is very powerful for capturing sounds with high frequencies and has a consistent polar pattern (characterized by the size of the diaphragm and its mass / weight). Therefore you will usually find this microphone recording on snare drums, pianos and acoustic guitars.

OK here we already know the basis of the microphone, the next thing is . What is the difference between a dynamic microphone and a condenser microphone?

  • Dynamic Microphone

Dynamic microphones can generally pick up various sound signals without fear that the Diaphragm will be damaged due to the low level of sensitivity and has a high built-in gain, so you will usually find this mic for live scenarios / use in open spaces directly. Even so, this microphone is also suitable for studio use for drums, brass instruments, guitar amplifiers. etc. Usually to catch a loud sound.

  • Condenser Microphone

Unlike dynamic microphones, Condenser Microphones are usually more sensitive to sound vibrations. So the use of this microphone if you blow your mic too much on the capsule diaphragm condenser, then the sound produced will be distorted (due to its sensitivity). This mic can also be used for live scenarios sometimes, but this mic is often used in studio rooms where you can get a sound with a wide and more natural tone range.

So which microphone is suitable for me?

As explained above, it all comes back to your recording needs. If you want to record loud sounds such as loud vocals, snare drums, keyboards and metal instruments then I recommend choosing Dynamic Microphone. But if you want to record sounds that are not loud such as vocals, bass drums, acoustic guitars, pianos then condenser microphone in my opinion will be more suitable.

Water Cooling vs Air Cooling For PC?

It is very common that all CPU/GPU/SOC chips can be very hot and therefore every purchase of a semicondutor chip will be equipped with a cooling system for PCs, mobile phones, servers and other electronic equipment/components. That is why the importance of using a cooling system that suits each need, which for PC will be divided into two category, which is Liquid or Water Cooling & Air Cooling. After that, the question arises which is the best of the two cooling systems?

Well, for this question, the answer is maybe you can guess it, it depends. Why does it depend, because each cooling system, both liquid cooling & air cooling, has its own advantages and disadvantages that you can consider. For that we will start from the basics, how the cooling of each system works, starting from the heat transfer from beginning to end. We start from the most common, the air cooling or cooling systems with air as medium.

CPU Cooler from be quiet!
  • Air Cooling / Cooling System with Air

The air cooling system is the oldest system and until now it is still used because of its effectiveness & cheaper because it uses air as a medium. Furthermore, cooling air coolers will usually be easier to install and apply, even by beginners. Generally, air coolers can handle CPU / GPU cooling from low end system to high end as well (the optimal one usually uses a combination of base and copper pipes connected to an aluminum heatsink). The disadvantage of this system is the size of the heatsink which is rather large and wide (although there is a low profile version) when compared to a liquid cooler, it has such as a water block that is in direct contact with the heat source (more space-saving). So sometimes for air cooling system it’s not very good in terms of PC CPU aesthetics (subjective).

CPU Cooler dary Corsair Hydro
  • Water or Liquid Cooling System

Water Cooler or also known as Liquid Cooler is the latest cooling technology system that involves liquid to transfer heat directly through the Water Block / Metal Base which is in direct contact with the CPU / GPU. This method is allegedly more efficient in transferring heat from the chip core, although the high end air cooler can match the efficiency of the liquid cooler in terms of lowering the temperature for improved performance this day. At this system, the liquid cooler requires a radiator to remove heat from the liquid which later when it cools down will flow again to the chip to absorb heat again (Many radiator has various variants from 120mm, 240mm, to even larger ones). With this system, the liquid cooler can absorb heat and dissipate heat more optimally, so the chip will have headroom to improve performance again. The disadvantage of Liquid Cooler is that it is more expensive than Air Cooler, despite the installation of Liquid Cooler can make your system better in terms of aesthetics (because it does not use a heatsink in a PC) and again your PC will be quieter (not noisy, because there are fewer fans installed).

So which system is suitable for me?
So the point will depend on your budget & the preferences of the system you want to achieve. If you have a budget that is not too high and don’t bother about noise & do some overclocking on your system then Air Cooler is the answer. But if you want the best performance both for overclocking, silent and aesthetic systems, maybe you will like liquid coolers.

RJ45 Cat5, Cat5e, Cat6, Cat6a, Cat7, Cat8 Cable? What’s the Difference?

Hello everyone, have you ever wanted to know the difference from the various internet cables or also called LAN (ethernet cable) the most used cables to connect our PC today? When we search at the marketplace, there will be a lot of choices from the most expensive to even the cheapest, but are they all the same? The answer is NO! , each type of cable has its own data bandwidth with different specifications. Well, here I will explain one by one from cat5 internet cable to Cat 8. OK, let’s just start:

1. CAT 5 (CAT5) Cable

Cat5 cables were first introduced for high-speed data transmission made with multi-pair cables (4 pairs of twisted cables, in the amount of 8 wires). This cable can handle a bandwidth of 10/100Mbps and can be set as long as 100 meters. This generation of cables is also often referred to as Fast Ethernet. In general, Cat5 cables are designed to handle up to 100MHz.

Cable frequency: 100Mhz
Bandwitdth Max: 100Mbps
Max Length: 100 Meters

2. CAT 5e Cable (CAT5e)

Cat5e cables were introduced as an “enchance” version of the previous version with the improvisation of a stricter standard, the IEEE Standart. The Cat5e version has less noise than the previous version which has the potential to reduce crosstalk (Crosstalk is interference interference from other adjacent cables). Unlike Cat5, cat5e versions can handle up to 1000Mbps more bandwidth and are often referred to as gigabit ethernet. At about the same price as the Cat5, the Cat5e has replaced the Cat5 now (the Cat5 is no longer in production at the moment). For speeds of 1000Mbps/1GBps, Cat5e cables run at frequencies of 100-250Mhz.

Cable frequency: 100Mhz – 250Mhz
Bandwitdth Max: 1000Mbps
Max Length: 100 Meters

CAT 6 (CAT6) Cable

Cat6 cables were introduced as a new generation, featuring better wiring specifications to avoid crosstalk and less noise than previous versions. The updated wiring design can be seen physically, FYI Cat5e version has 1.5 – 2 rounds of spiral cables per CM, but in other hand Cat6 has a minimum of 2 rounds of spiral cables or more per CM & for additional for Cat6 there is also a separator per pair of cables. The Cat6 version is designed to be able to handle 1Gbps bandwidth at a distance of 100 meters with a minimum frequency of 250Mhz. If the Cat6 cable has a length of less than 55 meters, the supported bandwidth can reach up to 10Gbps (depending on the level of crosstalk & noise on the cable). For the general price, Cat6 is slightly more expensive than Cat5e due to stricter cable specifications.

Cable frequency: 250Mhz – 550Mhz
Bandwitdth Max: 1Gbps at 100 Meters / 10 Gbps at 55 Meters and below
Max Length: 100 Meters

CAT 6 Cable (CAT6a)

Cat6a cables are introduced as Augmented versions when compared to previous versions, in cat6a versions have a thicker protective layer that reduces crosstalk interference and noise that occurs. With the specifications developed, Cat6a cables can handle bandwidth of up to 10Gbps on 100 meters of cables running with a frequency of 500Mhz. Cat6a generally has a slightly higher price than the Cat6 version & the Cat6a version has a thicker shield (the downside of cable is less flexible), Cat6a Cables are suitable for use in industrial / commercial environments.

Cable frequency: 500Mhz – 550Mhz
Bandwitdth Max: 10Gbps
Max Length: 100 Meters

CAT 7 (CAT7) Cable

Cat7 cables were introduced as the latest generation of the Cat6a version which also supports 10Gbps bandwidth, but in addition to that Cat7 physically also gets better shielding protection than the previous version with a newer “Class F” standart. With the addition of additional shielding, the Cat7 has less crosstalk interfence dampening & noise when compared to the previous version. With this feature, Cat7 cables can accommodate bandwidth up to 10Gbps stably with a frequency of 600Mhz. Even with the new specification standards on the Cat7, Cat6a performance has identical performance to the Cat7 at a lower price than the Cat7. In general, Cat6a is often used for Surveillance / Multimedia systems (surveillance systems related to CCTV and Audio Visual cameras) be it Cat6a STP / FTP, Cat7 is generally more suitable for use in Data Centers and corporate networks that require stable data transmission.

Cable frequency: 600Mhz
Bandwitdth Max: 10Gbps
Max Length: 100 Meters

CAT 8 (CAT8) Cable

Cat8 cables were introduced as the latest generation of previous versions but so were the most different from previous versions. Cat8 cables can handle 25Gbps to 40Gbps bandwidth with a frequency of 2000Mhz. Even though it has an amazing bandwidth speed, the cat8 cable length is only limited to 30 meters. Although very different from the previous version, just like the previous version of the cable, the Cat8 Cable is also compatible with the previous version. For now, cat8 cables are the fastest data transmission cables that use the RJ45 connector.

Cable frequency: 2000Mhz
Bandwitdth Max: 25-40Gbps
Max Length: 30 Meters

So that’s the comparison of ethernet cables on the market today. My advice is, if you are confused about which one to choose, I suggest buying it as needed and make sure your device supports the data transmission speed according to the cable specifications above.

Nginx + Cloudflare Web Server Configuration On Raspberry Pi 4 (Part 3)

Hello back again all, previously we have configured cloudflare & SSL integration. In this part 3 we will have a lot of configurations in ubuntu. Before starting to make sure you have checked the steps below.

  • ISP router is already in port forward to your Server IP (Must open port 80 &443)
  • You can use DDNS for those whose ISPs use Public Dynamic IP (for example, Indihome ISP). if not you can see my previous tutorial about it
  • Make sure there is no firewall on your ubuntu that blocks ports 80 & 443

Ok I assume you have prepared everything and now you can turn on your Ubuntu Server and login Super User, just type sudo su in your terminal and login. After that we will start with the nginx webserver installation, for the installation you can use the command below.

apt update
apt install nginx

After the installation process is complete you can use the commands below to Stop, Start & Enable to make sure nginx is always running every time your server is turned on. For the Command, you can see below.

systemctl stop nginx.service
systemctl start nginx.service
systemctl enable nginx.service

Now your nginx webserver is already installed. If you are connected to the internet and get a Public IP (and make sure ports 80 &443 are open) you can immediately open the domain that you have integrated in Cloudflare in the previous part using your browser, If successful then the browser will display a welcome to nginx page as below.

if this page will appear it means it has been successful, your webserver is connected to the domain

If using a domain name can’t connect but using a Public IP can connect means that your Public IP is not connected to your domain in Cloudflare, you can enter the Public IP that you got from your ISP (Make sure your ISP provides a Public IP instead of a Private IP) and then enter the Public IP into your domain’s DNS settings in your cloudflare account (You can also use Cloudflare DDNS if the Public IP you get from a Dynamic type ISP). If it is still not connected, you can also troubleshoot by paying attention to the point point below.

  • Check the IP you got from your ISP instead of a Private IP
  • Check whether the port forwarding on ports 80 & 443 is already open, then what is the IP of your Ubuntu Server is the same as the IP settings in Port Forwarding
  • Check your Ubuntu Server firewall whether it is open port 80 & 443
  • Check your domain nameservers if they are connected to Cloudflare

Ok from here I assume your domain is already connected. Next we will configure nginx then install the database (here I use MariaDB) & PHP. We start by installing Maria DB as a database server, to install MariaDB you can run the command below.

apt-get install mariadb-server mariadb-client

After the installation process is complete you can use the commands below to Stop, Start & Enable to ensure MariaDB is always running every time your server is turned on. For the Command, you can see below.

systemctl stop mysql.service
systemctl start mysql.service
systemctl enable mysql.service

The next step we will install MariaDB, to go to the secure installation stage you can enter the command below and later you enter your root password.

mysql_secure_installation

After the question prompt appears, you can enter the answer according to the guide below.

Enter current password for root (enter for none): (Just press enter)
Set root password? [Y/n]: Y
New password: (Enter password)
Re-enter new password: (Repeat enter password)
Remove anonymous users? [Y/n]: Y
Disallow root login remotely? [Y/n]: Y
Remove test database and access to it? [Y/n]: Y
Reload privilege tables now? [Y/n]: Y

Ok the database has been installed, next we install PHP. For installation, you can enter the command below (the command in this bwah will install the latest version of the stable version of the verbaru version in the ubuntu repository).

apt install php-fpm php-mysql

Next we will edit the PHP configuration file. In this configuration has optimal settings for the wordpress CMS. Because in this project at least the scenario is that the webserver can’t run a wordpress CMS (because wordpress CMS is the most widely used). Then because we install the latest version you must first check what version is on your server then you can edit the configuration file, for the command you can see below.

ls /etc/php/
(after that it will appear directory version, to have me version 7.4 . you can replace it with the version you have)
nano /etc/php/7.4/fpm/php.ini
(After that replace some lines according to the configuration below)
file_uploads = On
allow_url_fopen = On
short_open_tag = On
memory_limit = 256M
cgi.fix_pathinfo = 0
upload_max_filesize = 100M
max_execution_time = 360

Ok done, for every time you change php settings.ini don’t forget to restart your nginx webserver. You can restart nginx with the command below.

systemctl restart nginx.service

The next step we just fill in the content & create a serverblock on our webserver. You can fill in with website content that you already have before or you can create a website from 0, you can also install your favorite CMS such as wordpress. For wordpress users, if you want to move your website you can use the WP duplicator plugin (in my opinion the easiest migration). Maybe I will make a tutorial in the next article, but in my experience it is easiest and move the full site with all the linked databases (this website is moved using the WP Duplicator plugin). OK, if that’s the case, you can enter your website content in the directory below

mkdir /var/www/namadomain.com
(your domainname changes your domain, then paste the website content in the new directory)
(Then run the command below to give the web server permission)
chown -R www-data:www-data /var/www/html/namadomain.com/
chmod -R 755 /var/www/html/namadomain.com/

Next for the last step we will create a serverblock on nginx to make the website content in the directory can be opened according to the domain name. On the serverblock, make sure the certificate pem key that we have stored in part 2 before is in accordance with the domain name. Ok to create a serverblock configuration file in nginx, you can run the command below

nano /etc/nginx/sites-available/domainname.com

after that paste the configuration below and replace it with your domain name & also replace php fpm with the version you are using.

server {
listen 80;
listen [::]]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;

server_name namadomain.com www.namadomain.com; 
root /var/www/domainname.com; 
index index.php index.html index.htm; 

ssl_certificate /etc/ssl/certs/domainname.com.pem; 
ssl_certificate_key /etc/ssl/private/domainname.com.pem; 
ssl_client_certificate /etc/ssl/certs/origin-pull-ca.pem; 
ssl_verify_client on; 

client_max_body_size 100M; 

autoindex off; 

location / { 
    try_files $uri $uri/ /index.php?$args; 
} 
location~.php${ 
     include snippets/fastcgi-php.conf; 
     fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; 
     fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 
     include fastcgi_params; 
} 
}

After saving the configuration file above, to enable the above settings you can run the command below

ln -s /etc/nginx/sites-available/domainname.com /etc/nginx/sites-enabled/
systemctl restart nginx.service

And finally done, your domain and website content have been online on the internet. You can check directly in the browser by entering the domain name you set in this tutorial 🙂

How to Open Port 80, 443, 22 Firewall Ubuntu 20.04 With UFW

Hello everyone, maybe you already know that every time you install Ubuntu 20.04 it is included with an application firewall called UFW (uncomplicated firewall) which by default it has been disabled. Well, in this article, we can use UFW to protect our PC / Server and only open certain important ports such as port 80 (webserver), 443 (SSL webserver) and 22 (for remote SSH). Okay, let’s get started, but before you do. you can first check your UFW status whether it is active or not with the command below:

ufw status
or
ufw status verbose

next to enable ufw, enter this command below
ufw enable

1. Web Server

To open port 80 (HTTP)

ufw allow http
or
ufw allow 80

To open port 443 (HTTPS)

ufw allow https
or
ufw allow 443

(Optional) You can also set the webserver to only be accessible by certain IPs or also only open certain ports such as TCP / UDP. For example, you can see below

only open port 80 with the TCP protocol only
ufw allow 80/tcp
only open port 80 on certain IPs (e.g. 192.168.77.22)
ufw allow from 192.168.77.22 to any port 80

2. SSH

To open port 22 (SSH)

ufw allow ssh
or
ufw allow 22

(Optional) You can also set SSH to only be accessible by certain IPs as well as above (usually I set according to the local IP connected to the network, so that it cannot be accessed on the internet)

only open port 22 on certain IPs (for example 192.168.77.22)
ufw allow from 192.168.77.22 to any port 22

3. Other Custom Ports

  • FTP: 21
  • Telnet: 23
  • Winbox: 8291 (mikrotik)

(TIPS) And then the last one, for example, you made a mistake and want to delete the firewall settings that you have made, you can use the command below.

command to see all the rules
ufw status numbered

then there will be a number on the left, and you can delete the rule according to the number listed. for example you want to delete rule number 2 you can use the command
ufw delete 2

Nginx + Cloudflare Web Server Configuration On Raspberry Pi 4 (Part 2)

Hello, welcome to part 2, make sure you have seen part 1 before going to this stage. At least you already have a domain that is already connected to your Cloudflare dashboard. Ok, right off the boat, for part 2 this time we will configure Cloudflare SSL, Optimization to security. Then you can open your domain that connected to the Cloudflare dashboard and on the menu click the “SSL / TLS” tab as below:

In SSL / TLS settings select Full (strict) for best security

In the SSL / TLS settings select Full (strict). Here we will send and receive data from encrypted from Cloudflare for best security, avoiding sniffing and spoofing on our local network. And also Cloudflare will encrypt the data to the browser connected to Cloudflare so that the data is more secure. For this method we need an origin certificate from Cloudflare which we will later install on our webserver later, you can download it in the SSL / TLS tab > Origin Server as shown below:

here I have made it before for this web, you can create a certificate if there is no

As shown above I have activated for my 2 domains. Before creating a certificate, don’t forget to turn on Authenticated Origin Pulls and after that you can click create certificate and a display will appear as below:

Choose RSA (2048), the domain you want & certificate validity is up to you

Furthermore, for the private key type, select RSA then in the Hostname list here will automatically apply SSL to your domain, for default he will apply to the main domain and first-level subdomains (sub.domain.com will use SSL but not sub.sub.domain.com). Furthermore, the certificate validity is up to you, I am going to use 15 years so that I don’t change the SSL certificatefor 15 years. When everything is done, you can click on Create then Cloudflare will generate 2 certificates which we will have to save later. For example, as shown below:

Cloudflare will generate origin certificate & private key

After you find the display above, don’t rush to the close because we have to save the two certificates. Make sure the Key Format is in PEM form for the certificate. Maybe you can first save all these certificates as backups later, then you can start turning on your Raspberry Pi 4 which has installed OS (for me, I use Ubuntu Server 20.04) and Login Super User then we can start implementing SSL to our webserver.

  1. For Origin Certificate you can save it in the directory /etc/ssl/certs/ , with the file name = domainname.com.pem
    Easier: nano /etc/ssl/certs/domainname.com.pem
    then paste the Origin Certificate
  2. For the Private Key you can save it in the directory /etc/ssl/private/ , with the file name = domain name.com.pem
    Easier: nano /etc/ssl/private/domainname.com.pem
    then paste the Private Key
  3. Then for the last step since we enabled Authenticated Origin Pulls, we have to download the Origin Pulls Certificate. You can search in this URL with the file name origin-pull-ca.pem and enter it in the directory /etc/ssl/certs/
    It’s easier:
    cd /etc/ssl/certs/
    wget https://support.cloudflare.com/hc/en-us/article_attachments/201243967/origin-pull-ca.pem

Next we will change all incoming requests using HTTPS, and for that we have to enable Always Use HTTPS & Automatic HTTPS Rewrites on THE SSL/TLS > Edge Certificate. You can see the example image below:

Enable Always Use HTTPS
Enable Automatic HTTPS Rewrites

And finally finished for the Cloudflare integration problem & SSL Certificate men. Next, we just have to configure the Ubuntu Server to connect to cloudflare CDN. So here I end Part 2 here, and for part 3 later we will fully use our Raspberry Pi 4 so make sure you are ready. You can remotely use SSH or directly configure it later, and oh yes, make sure your router has you port forwarded to your rapberry pi and have opened ports 80 & 443. Ok, if you see you in part 3, friends 🙂

Nginx + Cloudflare Web Server Configuration On Raspberry Pi 4 (Part 1)

Hello all, in this article I will share my experience of configuring a webserver using raspberry pi 4 (a continuation of the past article). Ok for our webserver this time will use Cloudflare + Linux Ubuntu Server 20.04 (or above it may still be possible) with raspberry pi 4 which is connected to a direct boot USB SSD / NVME (if you miss it can see this article). Now the next equipment that you can prepare in this project includes:

  • Raspberry Pi 4 with Ubuntu Server OS 20.04 (or another version if you decide to use other varian of linux) then you have to download and install it tutorial can be seen here
  • ISP routers that are already in port Forwarding 80 & 443 (if you use indihome)
  • SSD/NVME along with USB adapter connected to raspberry pi 4 in USB 3.0
  • Domain Name (can .com .net .info etc. freely)

Ok, let’s get started, here is the webserver that we will set up using Cloudflare as a CDN. Because Cloudflare provides a CDN for free that can speed up the performance of our webserver. The first time if you don’t have a cloudflare account you can register here and if you have logged in, you have to add the domain you already have in Cloudflare and connect it as the example below.

click on + add site, to add a domain

After clicking on the add site, a display will appear as below to enter your domain

enter your domain name in the form and press add site afterwards

If you have finished entering the domain then you will be faced with a pricing table as below, for this project you choose a free plan as shown below then click continue after it is finished

select free plan (bottom) and then click continue

next Cloudflare will import your DNS settings in the domain that is currently in use, so that when you change the nameserver to cloudflare your domain is still online and points to the same DNS. For this stage you can just let it go or edit it if you want to change the host, after that you click continue until you are on the page as shown below.

at this stage, you can change your domain server name and point to Cloudflare’s NS

After that, at this stage you have to change your domain nameserver to a cloudflare nameserver to connect your domain to the Cloudflare CDN. In this step, it won’t make your website down anyway, because Cloudflare has imported your domain’s DNS settings before. To change the nameserver you can change on your domain manager, for example, I bought this domain at namesilo and then I have to change it through namesilo. You can see an example below.

this is the nameserver setting in namesilo, you can change according to where you registered the domain

After you have finished changing the nameservers according to the page in Cloudflare then you can click “Done, check nameservers”. Nameserver switching usually takes 1×24 hours depending on the policy of the domain refgistrar you are registering for, but usually it takes more than a few minutes to hours. Ok, if it is complete and successful then your domain will appear on your Cloudflare dashboard with a green check mark as shown below.

if it has appeared on the Cloudflare dashboard like this, then your domain is successfully connected

Ok here we have finished connecting the domain to Cloudflare and we can continue in part 2 because it is quite long if it is made into 1 post. Part 2 will include configuring Cloudflare and activating the Cloudflare SSL feature for your domain. You can proceed to part 2 by clicking below.

DDNS Configuration Cloudflare DDClient Ubuntu 20.04 Free

Hello everyone, have you ever had trouble having an ISP with a dynamic IP public? Yes, I’m one of them back then but it’s not anymore since I activated Cloudflare Free DDNS.. hahaha. To use this, you are required to have a domain connected to Cloudflare (using the cloudflare nameserver) after it we can use the API from Cloudflare, to change our IP in Cloudflare so the IP will be the same as the linux server we use (we use DDClient, and this is the linux package). For this project, what I use is:

  • Ubuntu Linux server 20.04 (other Linux can do it too, as long it can install DDClient)
  • Indihome ISP (Other ISPs is able to use this too, as long it had Dynamic IP)
  • Domains that are already connected in the Cloudflare account (name server point to cloudflare)
  • The router is already Port Forwarded to server (I happen to use the F609 type)

Ok, let’s just start with that, first make sure you have opened the linux terminal on your computer. Furthermore, also make sure you are already a Super User in the terminal, if you don’t know you can type sudo su in the terminal and enter your respective passwords (if your using one). Well after that we will start the installation and i assume you guys use Ubuntu 20.04 as well (if you using other varian of linux, the command depend on the respective OS). Ok for the DDClient installation you can enter the command below:

apt install ddclient libdata-validate-ip-perl

Well, wait until the installation is complete, and when it’s finished we need to patch it with the latest version. Maybe someone asks why it should be patched? because the DDClient in the ubuntu repository is already deprecated version & also it does not support the DDNS API from Cloudflare so we patch it with the latest version. Ok, for the command, i will using wget (you can use other tools too, as long you get the files).

wget https://github.com/ddclient/ddclient/archive/v3.9.1.tar.gz
tar -xf v3.9.1.tar.gz
cp v3.9.1/ddclient /usr/sbin/ddclient
rm -rf v3.9.1.tar.gz ddclient-3.9.1/
mkdir /etc/ddclient
mv /etc/ddclient.conf /etc/ddclient/

Ok now you have finished patching, then you can edit the DDClient configuration file in the directory below (I use nano, you can use another text editor as well as you want)

nano -w /etc/ddclient/ddclient.conf

Now if you have opened it, you want to be able to use Cloudflare DDNS, you are required to have an API token from Cloudflare. To request the API Key, you can click this link: https://dash.cloudflare.com/profile/api-tokens . Now from there you can create tokens. An example of the picture is kek below gan.

if you have opened the cloudflare url above, there will be this display. just click Create Token

Now if you have clicked Create Token we will be faced again to what to create api for. Now because here we want to be able to change the IP to the domain using the API as a link, we need an API that can edit the dns zone in Cloudflare in real time. There is already provided the template directly from Cloudflare, we just select the Edit DNS zone and click on Use Template. An example of the picture is below.

we need an API to edit DNS so we select the Edit DNS zone yak

Well when it’s done we are faced again on another page. Here we just need to include which domains we want to use this API. If I use it for all my domains on Cloudflare, so I choose all zones (you can adjust it to what you want). for contah the picture is below.

just edit in the include zone, here my API can edit all zones (Include All Zones)

After you finish creating, an API key will appear and then you save it to notepad or where it is (because it only appears 1 time this time, so you should keep the API Key good). After you simplify, this API key will be needed for the DDClient configuration so don’t lose it first. Ok we’re done with the API Key, next we go back to the terminal again and we open the DDClient configuration file. Here I use nano to open the file (you can use another tool jg). Open the DDclient configuration file directory in the following way.

nano -w /etc/ddclient/ddclient.conf

After you open it, there will be a default configuration of the DDClient. You can cheat on my configuration that I tested myself working stable (I’ve been using it for almost 4 months) and it’s still working now. For the configuration later, you just need to change the domain name with yours & also your API Key. For an example of the configuration, you can see below.

# Configuration file for ddclient generated by barugan
#
# /etc/ddclient.conf
# How offten to check ip address
daemon=360
# Using Cloudflare protocol
protocol=cloudflare
# Tell ddclient to get real ip address
use=web, web=checkip.dyndns.org
# Credentials for Cloudflare api
ssl=yes
server=api.cloudflare.com/client/v4
[email protected]
password=(fill in API Key Here)
zone=domainname.com
# Domain for namadomain.com update
, *.namadomain.com

So that’s the DDClient file settings. There you can see that there is a daemon = 360, so the max DDClient will refresh the IP every 360 seconds or 5 minutes. You can set the daemon time as you want too (but ane suggest 5 minutes is not bad anyway). Well here we have finished for all the configurations & it’s time to test whether DDclient is already running as we want. To get rid of it, you can use the command below.

ddclient -daemon=0 -verbose -noquiet

If it is already run, it will appear whether the update is successful or not. If successful, there is usually a success letter as shown below.

deliberately censored gan, but the point is that if it is successful, it looks like that, yes

Now if you are successful, you can check whether the DDClient is already running in the background or not. To check the status, you can use this command.

service ddclient status

Well, later, if you run, an Active (Running) display will appear. But if it is not active, you can restart the DDClient with the ddclient restart command service . For an example if DDClient is already active, you can see the image below.

if it’s already running, it means it’s been successful.

Ok, so that’s how to use free DDNS from Cloudflare and hopefully it will be useful for you 🙂