Nkhaniyi idzakhala yothandiza kwa iwo omwe:
- amadziwa kuti Client Cert ndi chiyani ndipo amamvetsetsa chifukwa chake amafunikira ma websockets pa Safari yam'manja;
- Ndikufuna kufalitsa mautumiki apa intaneti kwa anthu ochepa kapena kwa ine ndekha;
- amaganiza kuti chilichonse chachitika kale ndi winawake, ndipo akufuna kuti dziko lapansi likhale losavuta komanso lotetezeka.
Mbiri ya ma websockets idayamba pafupifupi zaka 8 zapitazo. Poyamba, njira zinkagwiritsidwa ntchito ngati zopempha zazitali za http (kwenikweni mayankho): msakatuli wa wogwiritsa ntchito adatumiza pempho kwa seva ndikudikirira kuti ayankhe chinachake, atatha kuyankha adagwirizanitsanso ndikudikirira. Koma kenako ma websockets adawonekera.
Zaka zingapo zapitazo, tidapanga kukhazikitsa kwathu mu PHP yoyera, yomwe singagwiritse ntchito zopempha za https, chifukwa ichi ndiye cholumikizira. Osati kale kwambiri, pafupifupi ma seva onse a pa intaneti adaphunzira zopempha za proxy pa https ndi kugwirizana kwa chithandizo: kukweza.
Izi zikachitika, ma websockets adakhala pafupifupi ntchito yosasinthika ya mapulogalamu a SPA, chifukwa ndizosavuta kupereka zomwe zili kwa wogwiritsa ntchito poyambira seva (kutumiza uthenga kuchokera kwa wogwiritsa ntchito wina kapena kutsitsa mtundu watsopano wa chithunzi, chikalata, mafotokozedwe. kuti wina akukonza pano) .
Ngakhale Satifiketi Yamakasitomala yakhalapo kwanthawi yayitali, imakhalabe yosathandizidwa, chifukwa imabweretsa mavuto ambiri poyesa kuyilambalala. Ndipo (mwina :slightly_smiling_face: ) ndichifukwa chake asakatuli a IOS (onse kupatula Safari) sakufuna kuigwiritsa ntchito ndikuyipempha kuchokera ku sitolo ya satifiketi yakomweko. Zikalata zili ndi zabwino zambiri poyerekeza ndi makiyi olowera / pass kapena ssh kapena kutseka madoko ofunikira kudzera pa firewall. Koma izi siziri zomwe zikunena.
Pa iOS, njira yokhazikitsira satifiketi ndiyosavuta (osati popanda tsatanetsatane), koma nthawi zambiri imachitika molingana ndi malangizo, omwe ali ambiri pa intaneti komanso omwe amapezeka kwa osatsegula a Safari okha. Tsoka ilo, Safari sadziwa momwe angagwiritsire ntchito Client Π‘ert pazitsulo zapaintaneti, koma pali malangizo ambiri pa intaneti momwe angapangire satifiketi yotere, koma pochita izi sizingatheke.
Kuti timvetsetse ma websockets, tidagwiritsa ntchito dongosolo ili: vuto/hypothesis/ solution.
Vuto: palibe chithandizo cha socket zapaintaneti poyitanitsa zopempha kuzinthu zomwe zimatetezedwa ndi satifiketi ya kasitomala pa msakatuli wa Safari wa IOS ndi mapulogalamu ena omwe athandizira satifiketi.
Zongopeka:
- Ndi zotheka kukonza zosiyana zotere kuti mugwiritse ntchito ziphaso (podziwa kuti sipadzakhala) ku ma websockets azinthu zamkati / zakunja.
- Kwa ma websockets, mutha kupanga kulumikizana kwapadera, kotetezeka komanso kotetezedwa pogwiritsa ntchito magawo osakhalitsa omwe amapangidwa panthawi yanthawi zonse (yosakhala yapaintaneti).
- Magawo akanthawi atha kukhazikitsidwa pogwiritsa ntchito seva imodzi ya proxy web (ma module omangidwa ndi ntchito zokha).
- Zizindikiro zaakanthawi kochepa zakhazikitsidwa kale ngati ma module a Apache okonzeka.
- Ma tokeni amgawo akanthawi atha kukhazikitsidwa mwa kupanga mwanzeru dongosolo lolumikizana.
Mkhalidwe wowoneka pambuyo pa kukhazikitsidwa.
Cholinga cha ntchito: kasamalidwe ka mautumiki ndi zomangamanga ziyenera kupezeka kuchokera pa foni yam'manja pa IOS popanda mapulogalamu owonjezera (monga VPN), ogwirizana komanso otetezeka.
Cholinga chowonjezera: kupulumutsa nthawi ndi zothandizira / kuchuluka kwa mafoni (ntchito zina zopanda socket zimatulutsa zopempha zosafunikira) ndikutumiza mwachangu zinthu pa intaneti yam'manja.
Momwe mungayang'anire?
1. Masamba otsegula:
β Π½Π°ΠΏΡΠΈΠΌΠ΅Ρ, https://teamcity.yourdomain.com Π² ΠΌΠΎΠ±ΠΈΠ»ΡΠ½ΠΎΠΌ Π±ΡΠ°ΡΠ·Π΅ΡΠ΅ Safari (Π΄ΠΎΡΡΡΠΏΠ΅Π½ ΡΠ°ΠΊΠΆΠ΅ Π² Π΄Π΅ΡΠΊΡΠΎΠΏΠ½ΠΎΠΉ Π²Π΅ΡΡΠΈΠΈ) β Π²ΡΠ·ΡΠ²Π°Π΅Ρ ΡΡΠΏΠ΅ΡΠ½ΠΎΠ΅ ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΠΊ Π²Π΅Π±-ΡΠΎΠΊΠ΅ΡΠ°ΠΌ.
β Π½Π°ΠΏΡΠΈΠΌΠ΅Ρ, https://teamcity.yourdomain.com/admin/admin.html?item=diagnostics&tab=webSβ¦β ΠΏΠΎΠΊΠ°Π·ΡΠ²Π°Π΅Ρ ping/pong.
β Π½Π°ΠΏΡΠΈΠΌΠ΅Ρ, https://rancher.yourdomain.com/p/c-84bnv:p-vkszd/workload/deployment:danidb:phβ¦-> viewlogs β ΠΏΠΎΠΊΠ°Π·ΡΠ²Π°Π΅Ρ Π»ΠΎΠ³ΠΈ ΠΊΠΎΠ½ΡΠ΅ΠΉΠ½Π΅ΡΠ°.2. Kapena mu developer console:
Kuyesa kwa Hypothesis:
1. Ndi zotheka kukonza zosiyana zotere kuti mugwiritse ntchito ziphaso (podziwa kuti sipadzakhala) kumasoketi amtundu wazinthu zamkati / zakunja.
2 mayankho adapezeka apa:
a) Pa mlingo
<Location sock*> SSLVerifyClient optional </Location>
<Location /> SSLVerifyClient require </Location>
sinthani mulingo wofikira.
Njira iyi ili ndi ma nuances awa:
- Chitsimikizo cha satifiketi chimachitika pambuyo pa pempho ku gwero la proxied, ndiko kuti, kugwirana chanza kwa positi. Izi zikutanthauza kuti woyimirayo adzatsegula kaye ndikudula pempho ku ntchito yotetezedwa. Izi ndi zoipa, koma osati zotsutsa;
- Mu http2 protocol. Idakali pano, ndipo opanga osatsegula sakudziwa momwe angagwiritsire ntchito #info about tls1.3 http2 post handshake (sikugwira ntchito pano) ;
- Sizikudziwika bwino momwe mungagwirizanitse ntchitoyi.
b) Pamlingo woyambira, lolani ssl popanda satifiketi.
SSLVerifyClient amafuna => SSLVerifyClient mwachisawawa, koma izi zimachepetsa chitetezo cha seva ya proxy, popeza kugwirizanitsa koteroko kudzakonzedwa popanda chiphaso. Komabe, mutha kukananso mwayi wopeza ma proxied ndi malangizo awa:
RewriteEngine on
RewriteCond %{SSL:SSL_CLIENT_VERIFY} !=SUCCESS
RewriteRule .? - [F]
ErrorDocument 403 "You need a client side certificate issued by CAcert to access this site"
Zambiri zatsatanetsatane zitha kupezeka m'nkhani yokhudza ssl:
Zosankha zonse ziwiri zidayesedwa, njira "b" idasankhidwa chifukwa cha kusinthasintha kwake komanso kugwirizana ndi http2 protocol.
Kuti amalize kutsimikizira lingaliro ili, zidatengera kuyesa kochulukirapo pakukonza; mapangidwe awa adayesedwa:
ngati = amafuna = lembaninso
Zotsatira zake ndi mamangidwe otsatirawa:
SSLVerifyClient optional
RewriteEngine on
RewriteCond %{SSL:SSL_CLIENT_VERIFY} !=SUCCESS
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule .? - [F]
#ErrorDocument 403 "You need a client side certificate issued by CAcert to access this site"
#websocket for safari without cert auth
<If "%{SSL:SSL_CLIENT_VERIFY} != 'SUCCESS'">
<If "%{HTTP:Upgrade} = 'websocket'">
...
#Π·Π°ΠΌΠ΅ΡΠ°Π΅ΠΌ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΡ ΠΏΠΎ Π²Π»Π°Π΄Π΅Π»ΡΡΡ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠ° Π½Π° Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΡ ΠΏΠΎ Π½ΠΎΠΌΠ΅ΡΡ ΠΏΡΠΎΡΠΎΠΊΠΎΠ»Π°
SSLUserName SSl_PROTOCOL
</If>
</If>
Poganizira za chilolezo chomwe chinalipo ndi eni satifiketi, koma ndi chiphaso chomwe sichinapezeke, ndidafunikira kuyika satifiketi yomwe sinalipo ngati imodzi mwazosintha zomwe zilipo SSl_PROTOCOL (m'malo mwa SSL_CLIENT_S_DN_CN), zambiri pazolembedwa:
2. Pa ma websockets, mutha kupanga kulumikizana kwapadera, kotetezeka komanso kotetezedwa pogwiritsa ntchito magawo osakhalitsa omwe amapangidwa panthawi yanthawi zonse (yosakhala yapaintaneti).
Kutengera zomwe zachitika m'mbuyomu, muyenera kuwonjezera gawo lowonjezera pazokonzekera kuti mukonzekere zizindikiro zosakhalitsa za kulumikizana kwa socket pa intaneti nthawi zonse (zosakhala za intaneti).
#ΠΏΠΎΠ΄Π³ΠΎΡΠΎΠ²ΠΊΠ° ΠΏΠ΅ΡΠ΅Π΄Π°ΡΠ° ΡΠ΅Π±Π΅ Π‘ookie ΡΠ΅ΡΠ΅Π· ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»ΡΡΠΊΠΈΠΉ Π±ΡΠ°ΡΠ·Π΅Ρ
<If "%{SSL:SSL_CLIENT_VERIFY} = 'SUCCESS'">
<If "%{HTTP:Upgrade} != 'websocket'">
Header set Set-Cookie "websocket-allowed=true; path=/; Max-Age=100"
</If>
</If>
#ΠΏΡΠΎΠ²Π΅ΡΠΊΠ° Cookie Π΄Π»Ρ ΡΡΡΠ°Π½ΠΎΠ²Π»Π΅Π½ΠΈΡ Π²Π΅Π±-ΡΠΎΠΊΠ΅Ρ ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ
<source lang="javascript">
<If "%{SSL:SSL_CLIENT_VERIFY} != 'SUCCESS'">
<If "%{HTTP:Upgrade} = 'websocket'">
#check for exists cookie
#get and check
SetEnvIf Cookie "websocket-allowed=(.*)" env-var-name=$1
#or rewrite rule
RewriteCond %{HTTP_COOKIE} !^.*mycookie.*$
#or if
<If "%{HTTP_COOKIE} =~ /(^|; )cookie-names*=s*some-val(;|$)/ >
</If
</If>
</If>
Kuyesedwa kunawonetsa kuti imagwira ntchito. Ndizotheka kusamutsa ma Cookies kwa inu kudzera pa msakatuli wa wosuta.
3. Magawo akanthawi atha kukhazikitsidwa pogwiritsa ntchito seva imodzi ya proxy web (ma module omangidwa ndi ntchito).
Monga tidazindikira kale, Apache ili ndi magwiridwe antchito ambiri omwe amakupatsani mwayi wopanga zomanga. Komabe, timafunikira njira zotetezera zambiri zomwe zili mumsakatuli wa wogwiritsa ntchito, kotero timakhazikitsa zomwe tiyenera kusunga ndi chifukwa chake, ndi ntchito zotani zomwe tidzagwiritse ntchito:
- Tikufuna chizindikiro chomwe sichingadziwike mosavuta.
- Tikufuna chizindikiro chomwe chili ndi vuto lomwe lamangidwamo komanso kuthekera koyang'ana kutha kwa seva.
- Tikufuna chizindikiro chomwe chidzagwirizanitsidwa ndi mwiniwake wa satifiketi.
Izi zimafuna ntchito ya hashing, mchere, ndi tsiku loti mukalamba chizindikiro. Kutengera zolembedwa tapeza zonse m'bokosi sha1 ndi %{TIME}.
Zotsatira zake zidakhala izi:
#Π½Π΅Ρ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠ°, ΠΈ ΠΎΠ±ΡΠ°ΡΠ΅Π½ΠΈΠ΅ ΠΊ websocket
<If "%{SSL:SSL_CLIENT_VERIFY} != 'SUCCESS'">
<If "%{HTTP:Upgrade} = 'websocket'">
SetEnvIf Cookie "zt-cert-sha1=([^;]+)" zt-cert-sha1=$1
SetEnvIf Cookie "zt-cert-uid=([^;]+)" zt-cert-uid=$1
SetEnvIf Cookie "zt-cert-date=([^;]+)" zt-cert-date=$1
#ΡΠΎΠ»ΡΠΊΠΎ ΡΠ°ΠΊ ΠΌΠΎΠΆΠ½ΠΎ ΡΠ°Π±ΠΎΡΠ°ΡΡ Ρ ΠΏΠ΅ΡΠ΅ΠΌΠ΅Π½Π½ΡΠΌΠΈ, ΠΏΠΎΠ»ΡΡΠ΅Π½Π½ΡΠΌΠΈ Π² env-Π°Ρ
Π² ΡΡΠΎΡ ΠΌΠΎΠΌΠ΅Π½Ρ Π²ΡΠ΅ΠΌΠ΅Π½ΠΈ, Π±ΠΎΠ»Π΅Π΅ ΠΎΠ½ΠΈ Π½ΠΈΠ³Π΄Π΅ Π½Π΅ Π΄ΠΎΡΡΡΠΏΠ½Ρ Π΄Π»Ρ ΡΡΠ½ΠΊΡΠΈΠΈ Ρ
Π΅ΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ (ΠΏΠΎ ΠΎΡΠ΄Π΅Π»ΡΠ½ΠΎΡΡΠΈ ΠΌΠΎΠΆΠ½ΠΎ, Π½ΠΎ Π½Π΅ Π²ΠΌΠ΅ΡΡΠ΅, Π΄Π° ΠΈ Π΅ΡΡ Ρ Ρ
Π΅ΡΠΈΡΠΎΠ²Π°Π½ΠΈΠ΅ΠΌ)
<RequireAll>
Require expr %{sha1:salt1%{env:zt-cert-date}salt3%{env:zt-cert-uid}salt2} == %{env:zt-cert-sha1}
Require expr %{env:zt-cert-sha1} =~ /^.{40}$/
</RequireAll>
</If>
</If>
#Π΅ΡΡΡ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°Ρ, Π·Π°ΠΏΡΠ°ΡΠΈΠ²Π°Π΅ΡΡΡ Π½Π΅ websocket
<If "%{SSL:SSL_CLIENT_VERIFY} = 'SUCCESS'">
<If "%{HTTP:Upgrade} != 'websocket'">
SetEnvIf Cookie "zt-cert-sha1=([^;]+)" HAVE_zt-cert-sha1=$1
SetEnv zt_cert "path=/; HttpOnly;Secure;SameSite=Strict"
#ΠΠΎΠ²ΡΠ΅ ΠΊΡΠΊΠΈ ΡΡΠ°Π²ΡΡΡΡ, Π΅ΡΠ»ΠΈ ΡΡΠ°ΡΡΡ
Π½Π΅Ρ
Header add Set-Cookie "expr=zt-cert-sha1=%{sha1:salt1%{TIME}salt3%{SSL_CLIENT_S_DN_CN}salt2};%{env:zt_cert}" env=!HAVE_zt-cert-sha1
Header add Set-Cookie "expr=zt-cert-uid=%{SSL_CLIENT_S_DN_CN};%{env:zt_cert}" env=!HAVE_zt-cert-sha1
Header add Set-Cookie "expr=zt-cert-date=%{TIME};%{env:zt_cert}" env=!HAVE_zt-cert-sha1
</If>
</If>
Cholinga chakwaniritsidwa, koma pali mavuto ndi kutha kwa seva (mungagwiritse ntchito Cookie wazaka), zomwe zikutanthauza kuti zizindikiro, ngakhale zotetezeka kuti zigwiritsidwe ntchito mkati, ndizosatetezeka ku mafakitale (misala).
4. Zizindikiro za kanthawi kochepa zakhala zikugwiritsidwa ntchito ngati ma modules apache okonzeka.
Vuto limodzi lofunikira lidatsalira kuchokera kubwereza koyambirira - kulephera kuwongolera ukalamba wamazikoni.
Tikuyang'ana gawo lokonzekera lomwe limachita izi, molingana ndi mawu: apache token json two factor auth
Inde, pali ma module okonzeka, koma onse amamangiriridwa kuzinthu zinazake ndipo ali ndi zinthu zakale monga kuyambitsa gawo ndi ma Cookies owonjezera. Ndiko kuti, osati kwa kanthawi.
Zinatitengera maola asanu kufufuza, zomwe sizinapereke zotsatira za konkire.
5. Zizindikiro za nthawi yochepa zimatha kukhazikitsidwa mwa kupanga mwanzeru dongosolo la kuyanjana.
Ma module okonzeka ndi ovuta kwambiri, chifukwa timangofunika ntchito zingapo.
Izi zikunenedwa, vuto ndi tsikuli ndikuti ntchito zomangidwa ndi Apache sizimalola kupanga tsiku lamtsogolo, ndipo palibe masamu owonjezera / kuchotsa muzochita zomwe zamangidwa pofufuza kuti zatha.
Ndiko kuti, simungathe kulemba:
(%{env:zt-cert-date} + 30) > %{DATE}
Mutha kufananiza manambala awiri okha.
Ndikuyang'ana njira yothetsera vuto la Safari, ndidapeza nkhani yosangalatsa:
Imalongosola chitsanzo cha kachidindo mu Lua kwa Nginx, ndipo zomwe, monga momwe zinakhalira, zimabwereza kwambiri malingaliro a gawo la kasinthidwe lomwe takhazikitsa kale, kupatula kugwiritsa ntchito njira ya hmac salting ya hashing ( izi sizinapezeke mu Apache).
Zinadziwika kuti Lua ndi chilankhulo chomveka bwino, ndipo ndizotheka kuchita zinthu zosavuta kwa Apache:
Nditaphunzira kusiyana ndi Nginx ndi Apache:
Ndi ntchito zomwe zilipo kuchokera kwa wopanga chilankhulo cha Lua:
Tinapeza njira yokhazikitsira zosintha za env mufayilo yaing'ono ya Lua kuti tiyike tsiku lamtsogolo kuti tifananize ndi lomwe lilipo.
Umu ndi momwe script yosavuta ya Lua imawonekera:
require 'apache2'
function handler(r)
local fmt = '%Y%m%d%H%M%S'
local timeout = 3600 -- 1 hour
r.notes['zt-cert-timeout'] = timeout
r.notes['zt-cert-date-next'] = os.date(fmt,os.time()+timeout)
r.notes['zt-cert-date-halfnext'] = os.date(fmt,os.time()+ (timeout/2))
r.notes['zt-cert-date-now'] = os.date(fmt,os.time())
return apache2.OK
end
Ndipo umu ndi momwe zimagwirira ntchito zonse, ndikukhathamiritsa kwa kuchuluka kwa Ma cookie ndikusintha chizindikiro pamene theka la nthawi lifika Cookie (chizindikiro) chakale chisanathe:
SSLVerifyClient optional
#LuaScope thread
#generate event variables zt-cert-date-next
LuaHookAccessChecker /usr/local/etc/apache24/sslincludes/websocket_token.lua handler early
#Π·Π°ΠΏΡΠ΅ΡΠ°Π΅ΠΌ Π±Π΅Π· ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠ° ΡΡΠΎ-ΡΠΎ Π΅ΡΡ, ΠΊΡΠΎΠΌΠ΅ webscoket
RewriteEngine on
RewriteCond %{SSL:SSL_CLIENT_VERIFY} !=SUCCESS
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule .? - [F]
#ErrorDocument 403 "You need a client side certificate issued by CAcert to access this site"
#websocket for safari without certauth
<If "%{SSL:SSL_CLIENT_VERIFY} != 'SUCCESS'">
<If "%{HTTP:Upgrade} = 'websocket'">
SetEnvIf Cookie "zt-cert=([^,;]+),([^,;]+),[^,;]+,([^,;]+)" zt-cert-sha1=$1 zt-cert-date=$2 zt-cert-uid=$3
<RequireAll>
Require expr %{sha1:salt1%{env:zt-cert-date}salt3%{env:zt-cert-uid}salt2} == %{env:zt-cert-sha1}
Require expr %{env:zt-cert-sha1} =~ /^.{40}$/
Require expr %{env:zt-cert-date} -ge %{env:zt-cert-date-now}
</RequireAll>
#Π·Π°ΠΌΠ΅ΡΠ°Π΅ΠΌ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΡ ΠΏΠΎ Π²Π»Π°Π΄Π΅Π»ΡΡΡ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠ° Π½Π° Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΡ ΠΏΠΎ Π½ΠΎΠΌΠ΅ΡΡ ΠΏΡΠΎΡΠΎΠΊΠΎΠ»Π°
SSLUserName SSl_PROTOCOL
SSLOptions -FakeBasicAuth
</If>
</If>
<If "%{SSL:SSL_CLIENT_VERIFY} = 'SUCCESS'">
<If "%{HTTP:Upgrade} != 'websocket'">
SetEnvIf Cookie "zt-cert=([^,;]+),[^,;]+,([^,;]+)" HAVE_zt-cert-sha1=$1 HAVE_zt-cert-date-halfnow=$2
SetEnvIfExpr "env('HAVE_zt-cert-date-halfnow') -ge %{TIME} && env('HAVE_zt-cert-sha1')=~/.{40}/" HAVE_zt-cert-sha1-found=1
Define zt-cert "path=/;Max-Age=%{env:zt-cert-timeout};HttpOnly;Secure;SameSite=Strict"
Define dates_user "%{env:zt-cert-date-next},%{env:zt-cert-date-halfnext},%{SSL_CLIENT_S_DN_CN}"
Header set Set-Cookie "expr=zt-cert=%{sha1:salt1%{env:zt-cert-date-next}sal3%{SSL_CLIENT_S_DN_CN}salt2},${dates_user};${zt-cert}" env=!HAVE_zt-cert-sha1-found
</If>
</If>
SetEnvIfExpr "env('HAVE_zt-cert-date-halfnow') -ge %{TIME} && env('HAVE_zt-cert-sha1')=~/.{40}/" HAVE_zt-cert-sha1-found=1
ΡΠ°Π±ΠΎΡΠ°Π΅Ρ,
Π° ΡΠ°ΠΊ ΡΠ°Π±ΠΎΡΠ°ΡΡ Π½Π΅ Π±ΡΠ΄Π΅Ρ
SetEnvIfExpr "env('HAVE_zt-cert-date-halfnow') -ge env('zt-cert-date-now') && env('HAVE_zt-cert-sha1')=~/.{40}/" HAVE_zt-cert-sha1-found=1
Chifukwa LuaHookAccessChecker idzatsegulidwa pokhapokha mutayang'ana malo okhudzana ndi chidziwitso ichi kuchokera ku Nginx.
Lumikizani ku gwero.
Chinthu chinanso.
Nthawi zambiri, zilibe kanthu kuti malangizowo alembedwa bwanji mu kasinthidwe ka Apache (mwinanso Nginx), chifukwa pamapeto pake zonse zidzasankhidwa malinga ndi dongosolo la pempho la wogwiritsa ntchito, lomwe likugwirizana ndi dongosolo lokonzekera. Lua scripts.
Kumaliza:
Mawonekedwe atatha kukhazikitsidwa (cholinga):
kasamalidwe ka ntchito ndi zomangamanga zimapezeka kuchokera pafoni yam'manja pa IOS popanda mapulogalamu owonjezera (VPN), ogwirizana komanso otetezeka.
Cholinga chakwaniritsidwa, ma websockets amagwira ntchito ndipo amakhala ndi chitetezo chocheperako kuposa satifiketi.
Source: www.habr.com