Ta yaya zan saita OpenLiteSpeed don juyar da wakili zuwa Nextcloud akan hanyar sadarwar ciki?
Abin mamaki, bincike akan Habré don OpenLiteSpeed ba ya ba da komai! Ina gaggawar gyara wannan rashin adalci, saboda LSWS sabar gidan yanar gizo ce mai kyau. Ina son shi don saurin sa da kyakkyawan tsarin gudanarwar gidan yanar gizo:
Ko da yake OpenLiteSpeed ya fi shahara a matsayin "Mai haɓakawa na WordPress", a cikin labarin yau zan nuna takamaiman amfani da shi. Wato reverse proxying of requests (reverse proxy). Kun ce ya fi kowa amfani da nginx don wannan? Zan yarda. Amma yana da zafi sosai mun kamu da soyayya da LSWS!
Proxying yayi kyau, amma a ina? A cikin ƙaramin sabis na ban mamaki - Nextcloud. Muna amfani da Nextcloud don ƙirƙirar "gizagi masu raba fayil" masu zaman kansu. Ga kowane abokin ciniki, muna ware VM daban tare da Nextcloud, kuma ba ma son fallasa su “a waje”. Madadin haka, muna yin buƙatun wakili ta hanyar wakili na gaba ɗaya. Wannan maganin yana ba da damar:
1) cire uwar garken da aka adana bayanan abokin ciniki daga Intanet kuma
2) ajiye ip-adiresoshin.
Hoton yana kama da wannan:
A bayyane yake cewa tsarin ya sauƙaƙe, saboda tsarin ayyukan ayyukan yanar gizo ba shine batun labarin yau ba.
Har ila yau, a cikin wannan labarin, zan ƙetare shigarwa da tsari na asali na girgije na gaba, musamman tun da Habré yana da kayan aiki akan wannan batu. Amma tabbas zan nuna saitunan, ba tare da wanda Nextcloud ba zai yi aiki a bayan wakili ba.
An ba:
An shigar da Nextcloud akan mai masaukin baki 1 kuma an saita shi don yin aiki akan http (ba tare da SSL ba), yana da cibiyar sadarwar gida kawai da adireshin IP na "launin toka" 172.16.22.110.
Bari mu saita OpenLiteSpeed a kan mai watsa shiri 2. Yana da musaya guda biyu, na waje (yana kallon Intanet) da na ciki tare da adireshin IP akan hanyar sadarwa 172.16.22.0/24
Adireshin IP na waje mai watsa shiri 2 shine sunan DNS cloud.connect.link
Aiki:
Samu daga Intanet ta hanyar haɗin yanar gizo'' (SSL) zuwa Nextcloud akan hanyar sadarwa ta ciki.
- Shigar da OpenLiteSpeed a kan Ubuntu 18.04.2.
Bari mu ƙara wurin ajiya:
wget-O |sudo bash
sudo apt-samun sabuntawa
shigar, run:
sudo apt-samun shigar openlitespeed
sudo /usr/local/lsws/bin/lswsctrl farawa
- Karamin saitin bangon wuta.
sudo ufw damar ssh
sudo ufw tsoho ba da izinin fita
sudo ufw tsoho ya musanta shigowa
sudo ufw damar http
sudo ufw izininhttps
sudo ufw izinin daga mai masaukin ku na gudanarwa zuwa kowane tashar jiragen ruwa 7080
sudo ufw damar - Saita OpenLiteSpeed a matsayin wakili na baya.
Bari mu ƙirƙiri kundayen adireshi a ƙarƙashin Virtualhost.cd /usr/local/lsws/
sudo mkdirc girgije.connect.link
cd cloud.connect.link/
sudo mkdir {conf, html, logs}
sudo chown lsadm:lsadm ./conf/
Bari mu daidaita mai masaukin baki daga mahaɗin yanar gizo na LSWS.
Buɗe sarrafa url
Shigar da kalmar wucewa ta asali: admin/123456
Ƙara runduna mai kama-da-wane (Masu Runduna na gani> Ƙara).
Lokacin ƙarawa, saƙon kuskure zai bayyana - fayil ɗin daidaitawa ya ɓace. Wannan al'ada ce, ana warware ta ta danna Danna don ƙirƙirar.
A cikin Babban shafin, saka Tushen Rubutun (ko da yake ba a buƙata ba, saitin ba zai tashi ba tare da shi ba). The Domain Name, idan ba a kayyade, za a dauka daga Virtual Mai watsa shiri Name, wanda muka sanya sunan yankin mu.
Yanzu lokaci ya yi da za mu tuna cewa ba mu da sabar yanar gizo kawai ba, amma wakili na baya. Saitunan da ke biyowa zasu gaya wa LSWS abin da za a wakilci da kuma inda. A cikin saitunan Virtualhost, buɗe shafin External App kuma ƙara sabon aikace-aikacen nau'in uwar garken gidan yanar gizo:
Ƙayyade suna da adireshin. Kuna iya ƙayyade suna na sabani, amma kuna buƙatar tunawa da shi, zai zo da amfani a matakai na gaba. Adireshin shine inda Nextcloud ke zaune a cikin hanyar sadarwa na ciki:
A cikin saitunan mai masaukin baki iri ɗaya, buɗe shafin Context kuma ƙirƙirar sabon mahallin nau'in wakili:
Ƙayyade sigogi: URI = /, Sabar Yanar Gizo = nextcloud_1 (suna daga mataki na baya)
Sake kunna LSWS. Ana yin wannan tare da dannawa ɗaya daga mahaɗin yanar gizo, abubuwan al'ajabi! (mai ɗaukar linzamin kwamfuta na gado yana magana a cikina)
- Mun sanya takardar shaidar, saita https.
za mu bar shi, yarda cewa mun riga mun sami shi kuma mu kwanta tare da maɓallin a cikin /etc/letsencrypt/live/cloud.connect.link directory.
Bari mu ƙirƙiri "mai sauraro" (Masu sauraro> Ƙara), bari mu kira shi "https". Nuna shi zuwa tashar jiragen ruwa 443 kuma lura cewa zai kasance Amintacce:
A cikin shafin SSL, saka hanyar zuwa maɓalli da takaddun shaida:
An ƙirƙiri “mai sauraro”, yanzu a cikin sashin Taswirar Mai watsa shiri na Virtual za mu ƙara mai masaukin baki zuwa gare shi:
Idan LSWS zai zama wakili zuwa sabis ɗaya kawai, ana iya kammala saitin. Amma muna shirin yin amfani da shi don aika buƙatun zuwa "misali" daban-daban dangane da sunan yankin. Kuma duk yankuna za su sami takaddun shaida. Don haka, kuna buƙatar zuwa saitunan Virtualhost kuma sake saka maɓalli da takaddun shaida a cikin shafin SSL. A nan gaba, ya kamata a yi wannan ga kowane sabon mai masaukin baki.
Ya rage don saita sake rubuta url ta yadda za a aika buƙatun http zuwa https.
(Ta hanyar, yaushe wannan zai ƙare? Lokaci yayi da masu bincike da sauran software za su je zuwa https ta tsohuwa, kuma su tura zuwa babu-SSL da hannu idan ya cancanta).
Kunna Kunna Sake rubutawa kuma rubuta Dokokin Sake rubutawa:
Sake rubutawa % {SERVER_PORT} 80
RewriteRule ^(.*) $ [R=301,L]
Saboda wani bakon rashin fahimta, ba shi yiwuwa a yi amfani da Sake rubuta dokoki tare da sake farawa Graceful da aka saba. Don haka, za mu sake farawa LSWS ba da alheri ba, amma cikin rashin kunya da inganci:
sudo systemctl sake kunnawa lsws.service
Don sa uwar garke ta saurari tashar jiragen ruwa 80, bari mu ƙirƙiri wani Mai sauraro. Bari mu kira shi http, saka tashar jiragen ruwa na 80 kuma ba za ta kasance mai tsaro ba:
Ta hanyar kwatankwacin saitin mai sauraren https, bari mu haɗa mai watsa shirye-shiryen mu zuwa gare shi.
Yanzu LSWS za ta saurari tashar 80 kuma ta aika buƙatun zuwa 443 daga gare ta, ta sake rubuta url.
A ƙarshe, Ina ba da shawarar rage matakin shiga LSWS, wanda aka saita zuwa Debug ta tsohuwa. A cikin wannan yanayin, rajistan ayyukan suna ninka cikin saurin walƙiya! Ga mafi yawan lokuta, matakin Gargaɗi ya isa. Je zuwa Kanfigareshan Sabar> Shiga:
Wannan yana kammala daidaitawar OpenLiteSpeed a matsayin wakili na baya. Har yanzu, sake kunna LSWS, bi hanyar haɗin kuma ga:
Domin Nextcloud ya bar mu mu shiga, muna buƙatar ƙara yankin girgije.connect.link zuwa jerin amintattun. Mu je gyara config.php. Na shigar Nextcloud ta atomatik lokacin shigar da Ubuntu kuma saitin yana nan: /var/snap/nextcloud/current/nextcloud/config.
Ƙara ma'aunin 'cloud.connect.link' zuwa maɓallin amintaccen_domains:
'trusted_domains' =>
tsararru (
0 => '172.16.22.110',
1 => 'cloud.connect.link',
),
Bugu da ari, a cikin wannan saitin, dole ne ka saka adireshin IP na wakilin mu. Ina jawo hankalin ku ga gaskiyar cewa dole ne a ƙayyade adireshin wanda yake bayyane ga uwar garken Nextcloud, watau. IP na LSWS interface na gida. Ba tare da wannan matakin ba, haɗin yanar gizo na Nextcloud yana aiki, amma aikace-aikacen ba su da izini.
'trusted_proxies' =>
tsararru (
0 => '172.16.22.100',
),
Mai girma, bayan haka za mu iya shiga cikin keɓancewar izini:
An warware matsalar! Yanzu kowane abokin ciniki zai iya amfani da "girgizar fayil" a amince da url na kansa, uwar garken tare da fayiloli ya rabu da Intanet, abokan ciniki na gaba za su karɓi duk abin da ke daidai kuma ba za a shafa ƙarin adireshin IP guda ɗaya ba.
Bugu da ƙari, za ku iya amfani da wakili na baya don sadar da abun ciki na tsaye, amma a cikin yanayin Nextcloud, wannan ba zai ba da ƙararrawar haɓakar sauri ba. Don haka na zaɓi ne kuma na zaɓi.
Na yi farin cikin raba wannan labarin, ina fatan zai kasance da amfani ga wani. Idan kun san ƙarin kyawawan hanyoyi masu inganci don magance matsalar, zan yi godiya ga sharhi!
source: www.habr.com