Na dade ina son in taba hannuna a kan ayyukan Intanet ta hanyar kafa sabar gidan yanar gizo daga karce da sakewa zuwa Intanet. A cikin wannan labarin ina so in raba gwaninta na canza na'ura mai ba da hanya tsakanin hanyoyin sadarwa na gida daga na'ura mai aiki sosai zuwa uwar garken kusan cikakke.
Duk abin ya fara ne da gaskiyar cewa TP-Link TL-WR1043ND na'ura mai ba da hanya tsakanin hanyoyin sadarwa, wanda ya yi aiki da aminci, ya daina biyan bukatun cibiyar sadarwar gida; Ina son band ɗin 5 GHz da saurin samun fayiloli akan na'urar ajiya da aka haɗa da na'ura mai ba da hanya tsakanin hanyoyin sadarwa. . Bayan duba ta hanyar tattaunawa na musamman (4pda, ixbt), rukunin yanar gizon da ke da bita da kuma kallon nau'ikan shagunan gida, na yanke shawarar siyan Keenetic Ultra.
Kyakkyawan sake dubawa daga masu mallakar sun yi aiki don goyon bayan wannan takamaiman na'urar:
- babu matsaloli tare da zafi mai zafi (a nan dole ne mu watsar da samfuran Asus);
- Amintaccen aiki (a nan na ketare TP-Link);
- mai sauƙin saitawa (Na ji tsoron ba zan iya ɗaukar shi ba kuma na ketare Microtik).
Dole ne in yarda da rashin amfani:
- babu WiFi6, Ina so in dauki kayan aiki tare da ajiyar wuri don gaba;
- 4 tashar jiragen ruwa LAN, Ina son ƙarin, amma wannan ba rukunin gida bane.
Sakamakon haka, mun sami wannan “uwar garken”:
- a gefen hagu shine tashar tashar Rostelecom;
- a hannun dama shine na'ura mai ba da hanya tsakanin hanyoyin sadarwa na gwaji;
- 2 GB m.128 SSD da ke kwance, an sanya shi a cikin akwatin USB3 daga Aliexpress, an haɗa shi da na'ura mai ba da hanya tsakanin hanyoyin sadarwa tare da waya, yanzu an ɗora shi da kyau a bango;
- a gaba shine igiya mai tsawo tare da soket ɗin da ba a haɗa su ba, waya daga gare ta tana zuwa UPS mai tsada;
- a bangon bango akwai tarin igiyoyi guda biyu masu murdawa - a matakin sake gyara ɗakin, nan da nan na shirya kwasfa na RJ45 a wuraren da ya kamata a kasance da kayan aikin, don kada in dogara ga ɗimbin Wifi.
Don haka, muna da kayan aiki, muna buƙatar saita shi:
- Saitin farko na na'ura mai ba da hanya tsakanin hanyoyin sadarwa yana ɗaukar kusan mintuna 2, muna nuna sigogin haɗin kai ga mai ba da sabis (tashar tashar gani na ta canza zuwa yanayin gada, haɗin PPPoE yana ɗaga na'ura mai ba da hanya tsakanin hanyoyin sadarwa), sunan cibiyar sadarwar WiFi da kalmar wucewa - a zahiri shi ke nan. , na'ura mai ba da hanya tsakanin hanyoyin sadarwa ya fara aiki.
Mun saita isar da tashoshin jiragen ruwa na waje zuwa tashar jiragen ruwa na na'ura mai ba da hanya tsakanin hanyoyin sadarwa da kanta a cikin "Dokokin Sadarwar - Gabatarwa":
Yanzu za mu iya matsawa zuwa sashin "ci gaba", abin da nake so daga na'ura mai ba da hanya tsakanin hanyoyin sadarwa:
- ayyuka na ƙaramin NAS don cibiyar sadarwar gida;
- yin ayyukan sabar gidan yanar gizo don shafuka masu zaman kansu da yawa;
- Ayyukan girgije na sirri don samun damar bayanan sirri daga ko'ina cikin duniya.
Ana aiwatar da na farko ta amfani da kayan aikin da aka gina, ba tare da buƙatar ƙoƙari mai yawa ba:
- Muna ɗaukar drive ɗin da aka yi niyya don wannan rawar (flash drive, katin ƙwaƙwalwar ajiya a cikin mai karanta kati, rumbun kwamfutarka ko SSD a cikin akwatin waje kuma mu tsara shi zuwa Ext4 ta amfani da (Ba ni da kwamfuta tare da Linux a hannu, yana yiwuwa tare da kayan aikin da aka gina). Kamar yadda na fahimta, a lokacin aiki tsarin yana rubuta rajistan ayyukan kawai zuwa faifan diski, don haka idan kun iyakance su bayan kafa tsarin, zaku iya amfani da katunan ƙwaƙwalwar ajiya idan kuna shirin rubuta da yawa kuma sau da yawa zuwa drive - SSD ko HDD ya fi kyau.
Bayan haka, muna haɗa tuƙi zuwa na'ura mai ba da hanya tsakanin hanyoyin sadarwa kuma mu kiyaye shi akan allon tsarin tsarin
Danna kan "USB drives da printers" zuwa sashin "Aikace-aikace" kuma saita rabon a cikin "Windows Network" sashe:
Kuma muna da hanyar sadarwar da za a iya amfani da su daga kwamfutocin Windows, suna haɗawa azaman faifai idan ya cancanta: net use y: \ 192.168.1.1SSD / nace: eh.
Gudun irin wannan ingantaccen NAS ya isa don amfanin gida; akan waya yana amfani da gigabit gabaɗaya, akan WiFi gudun yana kusan megabits 400-500.
Saita ajiya yana ɗaya daga cikin matakan da ake buƙata don saita uwar garken, to muna buƙatar:
- da adireshin IP na tsaye (zaku iya yin ba tare da wannan ta amfani da Dynamic DNS ba, amma na riga na sami IP na tsaye, don haka ya zama sauƙin amfani. - , muna karɓar bakuncin DNS da wasiku akan yankinmu);
- kuma ƙara bayanan da ke nuna IP ɗin ku:
Yana ɗaukar sa'o'i da yawa don yankin da saitunan wakilai na DNS suyi tasiri, don haka muna kafa na'ura mai ba da hanya tsakanin hanyoyin sadarwa.
Da farko, muna buƙatar shigar da ma'ajin Entware, daga abin da za mu iya shigar da buƙatun da suka dace akan na'ura mai ba da hanya tsakanin hanyoyin sadarwa. Na yi amfani , kawai bai loda kunshin shigarwa ta hanyar FTP ba, amma ƙirƙirar babban fayil kai tsaye a kan hanyar sadarwar da aka haɗa a baya kuma ta kwafi fayil ɗin a can ta hanyar da aka saba.
Bayan samun dama ta hanyar SSH, canza kalmar wucewa tare da umarnin passwd kuma shigar da duk fakitin da suka dace tare da opkg shigar [kunshin sunayen] umarni:
A lokacin saitin, an shigar da fakiti masu zuwa akan na'ura mai ba da hanya tsakanin hanyoyin sadarwa (fitarwa na opkg jerin umarnin da aka shigar):
Jerin fakitin
ruwa - 5.0-3
busybox - 1.31.1-1
daurin - 20190110-2
ca-takardun shaida - 20190110-2
coreutils - 8.31-1
coreutils-mktemp - 8.31-1
cron - 4.1-3
nuni - 7.69.0-1
diffutils - 3.7-2
Laraba - 2019.78-3
entware-sakin - 1.0-2
abubuwan gano - 4.7.0-1
glib2 - 2.58.3-5
grep - 3.4-1
ldconfig - 2.27-9
libtar - 2.4.48-2
libblkid - 2.35.1-1
libc - 2.27-9
libcurl - 7.69.0-1
libffi - 3.2.1-4
libgcc - 8.3.0-9
libiconv-cikakken - 1.11.1-4
libintl-cikakken - 0.19.8.1-2
liblua - 5.1.5-7
libmbedtls - 2.16.5-1
libmount - 2.35.1-1
la'ananne - 6.2-1
libncursesw - 6.2-1
libndm - 1.1.10-1a
libopenssl - 1.1.1d-2
libopenssl-conf - 1.1.1d-2
libpcap - 1.9.1-2
libpcre - 8.43-2
libpcre2 - 10.34-1
libpthread - 2.27-9
libreadline - 8.0-1a
shafi - 2.27-9
libslang2 - 2.3.2-4
libssh2 - 1.9.0-2
libssp - 8.3.0-9
libstdcpp - 8.3.0-9
libuid - 2.35.1-1
libxml2 - 2.9.10-1
yankunan - 2.27-9
mc - 4.8.23-2
ndmq - 1.0.2-5a
nginx - 1.17.8-1
openssl-util - 1.1.1d-2
opkg — 2019-06-14-dcbc142e-2
zaɓi-ndmsv2 - 1.0-12
php7 - 7.4.3-1
php7-mod-openssl - 7.4.3-1
akwatin kifaye - 1.31.1-2
Bayani: 6.2-1
zalib - 1.2.11-3
zoneinfo-asia - 2019c-1
zoneinfo-Turai - 2019c-1
Wataƙila akwai wani abu mai ban mamaki a nan, amma akwai sarari da yawa akan tuƙi, don haka ban damu da duba shi ba.
Bayan shigar da fakitin, muna saita nginx, Na gwada shi tare da yankuna biyu - na biyu an daidaita shi tare da https, kuma a yanzu akwai stub. Ana amfani da tashar jiragen ruwa na ciki 81 da 433 maimakon 80 da 443, tunda kwamitin gudanarwa na na'ura mai ba da hanya tsakanin hanyoyin sadarwa yana rataye a tashoshin jiragen ruwa na yau da kullun.
da dai sauransu/nginx/nginx.conf
user nobody;
worker_processes 1;
#error_log /opt/var/log/nginx/error.log;
#error_log /opt/var/log/nginx/error.log notice;
#error_log /opt/var/log/nginx/error.log info;
#pid /opt/var/run/nginx.pid;
events {
worker_connections 64;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log /opt/var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 81;
server_name milkov.su www.milkov.su;
return 301 https://milkov.su$request_uri;
}
server {
listen 433 ssl;
server_name milkov.su;
#SSL support
include ssl.conf;
location / {
root /opt/share/nginx/html;
index index.html index.htm;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
</spoiler>
<spoiler title="etc/nginx/ssl.conf">
ssl_certificate /opt/etc/nginx/certs/milkov.su/fullchain.pem;
ssl_certificate_key /opt/etc/nginx/certs/milkov.su/privkey.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
ssl_dhparam /opt/etc/nginx/dhparams.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_stapling on;Domin shafin ya yi aiki ta hanyar https, na yi amfani da sanannun rubutun rashin ruwa, shigar da shi ta amfani da shi . Wannan tsari bai haifar da matsala ba, kawai na yi tuntuɓe a kan gaskiyar cewa a cikin rubutun rubutun don aiki akan na'ura mai ba da hanya tsakanin hanyoyin sadarwa /opt/etc/ssl/openssl.cnf:
[openssl_conf]
#engines=enginesKuma na lura cewa samar da dhparams.pem tare da umurnin "openssl dhparam -out dhparams.pem 2048" akan na'ura mai ba da hanya tsakanin hanyoyin sadarwa yana ɗaukar fiye da sa'o'i 2, idan ba don alamar ci gaba ba, da na yi rashin haƙuri kuma na sake kunnawa.
Bayan karɓar takaddun shaida, sake kunna nginx tare da umarnin "/opt/etc/init.d/S80nginx zata sake farawa". A ka'ida, saitin ya cika, amma babu gidan yanar gizon tukuna - idan muka sanya fayil ɗin index.html a cikin /share/nginx/html directory, za mu ga stub.
index.html
<!DOCTYPE html>
<html>
<head>
<title>Тестовая страничка!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Тестовая страничка!</h1>
<p>Это простая статическая тестовая страничка, абсолютно ничего интересного.</p>
</body>
</html>Don sanya bayanai da kyau, yana da sauƙi ga wanda ba ƙwararru kamar ni ba ya yi amfani da shirye-shiryen da aka ƙera; bayan dogon bincike ta cikin kasidu daban-daban, na sami - akwai kyakkyawan zaɓi na samfuran kyauta waɗanda ba sa buƙatar sifa (wanda ba kasafai ba ne akan Intanet; yawancin samfuran lasisin suna buƙatar ku adana hanyar haɗi zuwa albarkatun da aka samo su).
Mun zaɓi samfurin da ya dace - akwai waɗanda suke don lokuta daban-daban, zazzage ma'ajin kuma buɗe shi a cikin /share/nginx/html directory, kuna iya yin hakan daga kwamfutarku, sannan ku gyara samfurin (a nan kuna buƙatar ƙaramin ilimi). na HTML don kada ya karya tsarin) da kuma maye gurbin zane-zane kamar yadda aka nuna a cikin hoton da ke ƙasa.
Summary: na'ura mai ba da hanya tsakanin hanyoyin sadarwa ya dace sosai don ɗaukar gidan yanar gizon haske akan shi, bisa ƙa'ida - idan ba ku tsammanin babban kaya, zaku iya. , da kuma gwaji tare da ƙarin hadaddun ayyuka (Ina duban nextcloud/owncloud, da alama an sami nasarar shigarwa akan irin wannan kayan aikin). Ikon shigar da fakiti yana ƙaruwa da amfaninsa - alal misali, lokacin da ya zama dole don kare tashar tashar RDP ta PC akan hanyar sadarwar gida, na shigar da ƙwanƙwasa na'ura mai ba da hanya tsakanin hanyoyin sadarwa - kuma an buɗe tashar isar da tashar zuwa PC ne kawai bayan buga tashar jiragen ruwa.
Me yasa na'ura mai ba da hanya tsakanin hanyoyin sadarwa kuma ba PC na yau da kullun ba? Na'ura mai ba da hanya tsakanin hanyoyin sadarwa tana ɗaya daga cikin ƴan kayan aikin kwamfuta waɗanda ke aiki ba dare ba rana a cikin gidaje da yawa; na'ura mai ba da hanya tsakanin hanyoyin sadarwa yawanci shiru ne kuma wurin haske wanda bai wuce ziyarar ɗari a rana ba ba zai dame shi ko kaɗan ba.
source: www.habr.com