Hey Habr!
Bubar aku nemoni kahanan sing kudu kerja ing jaringan perusahaan kanthi akses sing ora lengkap menyang Internet lan, kaya sing bisa ditebak saka judhul, Telegram diblokir. Aku yakin yen kahanan iki wis dikenal kanggo akeh.
Aku bisa nindakake tanpa utusan cepet, nanging Telegram sing dibutuhake kanggo kerja. Sampeyan ora bisa nginstal klien ing mesin kerja, lan uga ora bisa nggunakake laptop pribadi. Solusi liyane misale jek nggunakake
Untunge, Webogram minangka proyek sumber terbuka sing kode sumber kasedhiya
Instalasi lan peluncuran dhewe ora angel, nanging ing kahanan operasi ing jaringan kanthi akses diblokir menyang server Telegram, sampeyan bakal luwih kuciwa tinimbang sukses, amarga versi web ngirim panjaluk menyang server Telegram saka mesin pangguna.
Untunge, iki fix sing cukup prasaja (nanging ora ketok). Aku pengin ngelingake yen aku dudu penulis solusi iki. Aku bisa nemokake ing
Ing ngisor potong sampeyan bakal nemokake persiyapan langkah demi langkah saka pangilon Webogram lan persiyapan panjaluk proxy menyang server Telegram nggunakake nginx.
Minangka conto, aku milih sing anyar diinstal lan nganyari Ubuntu Server 18.04.3.
Pènget: Tutorial iki ora bakal kalebu instruksi kanggo nyetel domain ing nginx. Sampeyan kudu nindakake iki dhewe. Tutorial kasebut nganggep yen sampeyan wis ngonfigurasi domain nganggo ssl, lan server kasebut dhewe sing arep dikonfigurasi nduweni akses menyang server Telegram (kanthi cara apa wae sing disenengi)
Ayo nganggep yen ip server iki yaiku 10.23.0.3, lan jeneng domain yaiku mywebogram.localhost
Adhedhasar konvensi kasebut, aku bakal menehi conto konfigurasi. Aja lali ngganti nilai sampeyan dhewe.
Dadi ayo miwiti:
Kanggo mbukak Webogram, kita butuh nodejs. Kanthi gawan, yen kita nginstal saka repositori Ubuntu, kita bakal entuk nodejs versi 8.x. Kita kudu 12.x:
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
sudo apt update && sudo apt -y install nodejs
Kita milih papan ing ngendi Webogram bakal adhedhasar.
Contone, ayo diselehake ing root direktori ngarep. Kanggo nindakake iki, tiron repositori resmi menyang server kita:
cd ~ && git clone https://github.com/zhukov/webogram.git
Langkah sabanjure yaiku nginstal kabeh dependensi sing dibutuhake kanggo mbukak aplikasi:
cd webogram && npm install
Ayo nyoba test run. Jalanake printah:
npm start
Sawise iku, kita nyoba mbukak ing browser
http://10.23.0.3:8000/app/index.html
Yen nganti saiki sampeyan wis nindakake kabeh kanthi bener, kaca wewenang Webogram bakal mbukak.
Saiki kita kudu ngatur aplikasi kanggo mbukak minangka layanan. Kanggo nindakake iki, ayo nggawe file
sudo touch /lib/systemd/system/webogram.service
bukak ing editor apa wae lan wenehi tampilan ing ngisor iki (ketik dalan menyang WorkDirectory)
[Unit]
Description=Webogram mirror
[Service]
WorkingDirectory=/home/tg/webogram
ExecStart=/usr/bin/npm start
SuccessExitStatus=143
TimeoutStopSec=10
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
Banjur kita mbukak printah ing ngisor iki:
Nglamar owah-owahan
sudo systemctl daemon-reload
Aktifake autorun:
sudo systemctl enable webogram.service
Ayo miwiti layanan:
sudo systemctl start webogram.service
Sawise ngrampungake langkah-langkah kasebut, Webogram bakal terus kasedhiya ing port 8000.
Amarga kita bakal nyetel akses menyang Webogram liwat nginx, kita bakal nutup port 8000 kanggo panjalukan saka njaba.
Kita nggunakake sarana udf kanggo iki (utawa cara sing trep kanggo sampeyan):
sudo ufw deny 8000
Yen sampeyan isih arep nggunakake udf, nanging ora aktif ing server, tambahake aturan liyane (supaya kabeh ora rusak) lan aktifake udf:
sudo ufw allow ssh
sudo ufw allow 80
sudo ufw allow 443
sudo ufw enable
Sabanjure, ayo miwiti ngganti konfigurasi nginx.
Kaya sing dakelingake ing ndhuwur, dianggep yen domain karo ssl wis dikonfigurasi ing server sampeyan. Aku mung bakal narik kawigaten sampeyan babagan apa sing kudu ditambahake menyang file konfigurasi domain supaya bisa digunakake kanthi bener:
server {
...
location ^~ /pluto/apiw1/ {
proxy_pass https://pluto.web.telegram.org/apiw1/;
}
location ^~ /venus/apiw1/ {
proxy_pass https://venus.web.telegram.org/apiw1/;
}
location ^~ /aurora/apiw1/ {
proxy_pass https://aurora.web.telegram.org/apiw1/;
}
location ^~ /vesta/apiw1/ {
proxy_pass https://vesta.web.telegram.org/apiw1/;
}
location ^~ /flora/apiw1/ {
proxy_pass https://flora.web.telegram.org/apiw1/;
}
location ^~ /pluto-1/apiw1/ {
proxy_pass https://pluto-1.web.telegram.org/apiw1/;
}
location ^~ /venus-1/apiw1/ {
proxy_pass https://venus-1.web.telegram.org/apiw1/;
}
location ^~ /aurora-1/apiw1/ {
proxy_pass https://aurora-1.web.telegram.org/apiw1/;
}
location ^~ /vesta-1/apiw1/ {
proxy_pass https://vesta-1.web.telegram.org/apiw1/;
}
location ^~ /flora-1/apiw1/ {
proxy_pass https://flora-1.web.telegram.org/apiw1/;
}
location ^~ /DC1/ {
proxy_pass http://149.154.175.10:80/;
}
location ^~ /DC2/ {
proxy_pass http://149.154.167.40:80/;
}
location ^~ /DC3/ {
proxy_pass http://149.154.175.117:80/;
}
location ^~ /DC4/ {
proxy_pass http://149.154.175.50:80/;
}
location ^~ /DC5/ {
proxy_pass http://149.154.167.51:80/;
}
location ^~ /DC6/ {
proxy_pass http://149.154.175.100:80/;
}
location ^~ /DC7/ {
proxy_pass http://149.154.167.91:80/;
}
location ^~ /DC8/ {
proxy_pass http://149.154.171.5:80/;
}
location / {
auth_basic "tg";
auth_basic_user_file /etc/nginx/passwd.htpasswd;
proxy_pass http://localhost:8000/;
proxy_read_timeout 90s;
proxy_connect_timeout 90s;
proxy_send_timeout 90s;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
Apa sing ditambahake menyang konfigurasi nginx:
- Kita ngganti lokasi root, sing bakal njaluk proxy menyang port 8000, sing Webogram nanggapi
- We nutup lokasi ROOT nggunakake dhasar-auth. Iki minangka langkah simbolis murni kanggo nutup aplikasi kita saka prying mata lan bot. (Lan uga kanggo nyegah masalah karo pamblokiran)
- Sekelompok lokasi kanthi proxy_path ing server Telegram persis minangka titik pungkasan sing bakal ditindakake panyuwunan.
Uga, ayo nggawe file /etc/nginx/passwd.htpasswd;
supaya nginx duwe soko kanggo mriksa sandhi pangguna.
sudo apt install apache2-utils
sudo htpasswd -c /etc/nginx/passwd.htpasswd tg
Wiwiti maneh nginx:
sudo systemctl restart nginx
Saiki Webogram mung bakal kasedhiya ing
Ana sethitik kiwa: kita bakal nggawe owah-owahan cilik kanggo project dhewe.
Bukak file ing editor ~/webogram/app/js/lib/mtproto.js
Lan nggawa wiwitan menyang wangun ing ngisor iki:
/*!
* Webogram v0.7.0 - messaging web application for MTProto
* https://github.com/zhukov/webogram
* Copyright (C) 2014 Igor Zhukov <[email protected]>
* https://github.com/zhukov/webogram/blob/master/LICENSE
*/
angular.module('izhukov.mtproto', ['izhukov.utils'])
.factory('MtpDcConfigurator', function () {
var sslSubdomains = ['pluto', 'venus', 'aurora', 'vesta', 'flora']
var dcOptions = Config.Modes.test
? [
{id: 1, host: 'mywebogram.localhost/DC1', port: 80},
{id: 2, host: 'mywebogram.localhost/DC2', port: 80},
{id: 3, host: 'mywebogram.localhost/DC3', port: 80}
]
: [
{id: 1, host: 'mywebogram.localhost/DC4', port: 80},
{id: 2, host: 'mywebogram.localhost/DC5', port: 80},
{id: 3, host: 'mywebogram.localhost/DC6', port: 80},
{id: 4, host: 'mywebogram.localhost/DC7', port: 80},
{id: 5, host: 'mywebogram.localhost/DC8', port: 80}
]
var chosenServers = {}
function chooseServer (dcID, upload) {
if (chosenServers[dcID] === undefined) {
var chosenServer = false,
i, dcOption
if (Config.Modes.ssl || !Config.Modes.http) {
var subdomain = sslSubdomains[dcID - 1] + (upload ? '-1' : '')
var path = Config.Modes.test ? 'apiw_test1' : '/apiw1/'
chosenServer = 'https://mywebogram.localhost/' + subdomain + path
return chosenServer
}
for (i = 0; i < dcOptions.length; i++) {
dcOption = dcOptions[i]
if (dcOption.id == dcID) {
chosenServer = 'http://' + dcOption.host + '/apiw1'
break
}
}
chosenServers[dcID] = chosenServer
}
...
Sawise iki, sampeyan kudu refresh kaca aplikasi ing browser.
Bukak konsol browser lan deleng panjalukan jaringan aplikasi. Yen kabeh bisa digunakake lan panjaluk XHR menyang server sampeyan, mula kabeh wis rampung kanthi bener, lan Webogram saiki diproksi liwat nginx.
Muga-muga tutorial iki bisa migunani kanggo wong liya kajaba aku.
Matur nuwun kanthi sanget kanggo kabeh sing maca nganti pungkasan.
Yen ana sing duwe kesulitan utawa aku nggawe ora akurat, aku bakal seneng njawab lan nyoba mbantu sampeyan ing komentar utawa PM.
Source: www.habr.com