Kodi ndingakhazikitse bwanji OpenLiteSpeed kuti ndisinthe projekiti ku Nextcloud pa netiweki yamkati?
Chodabwitsa n'chakuti, kusaka kwa Habré kwa OpenLiteSpeed sikupereka kalikonse! Ndifulumira kukonza chisalungamo ichi, chifukwa LSWS ndi seva yabwino pa intaneti. Ndimakonda chifukwa cha liwiro lake komanso mawonekedwe ake apamwamba pa intaneti:
Ngakhale OpenLiteSpeed ndi yotchuka kwambiri ngati WordPress "accelerator", m'nkhani yamasiku ano ndikuwonetsa kugwiritsa ntchito kwake. Ndiye kubwezeredwa kwa zopempha (reverse proxy). Mukunena kuti ndizofala kugwiritsa ntchito nginx pa izi? Ndivomera. Koma zimawawa kwambiri tidakondana ndi LSWS!
Kuyimilira kuli bwino, koma kuti? Muutumiki wocheperako - Nextcloud. Timagwiritsa ntchito Nextcloud kupanga "mtambo wogawana mafayilo" mwachinsinsi. Kwa kasitomala aliyense, timagawa VM yosiyana ndi Nextcloud, ndipo sitikufuna kuwawonetsa "kunja". M'malo mwake, timapempha ma proxy kudzera pa proxy yofanana. Yankho ili limalola:
1) chotsani seva yomwe deta ya kasitomala imasungidwa pa intaneti ndi
2) sungani ma ip-adilesi.
Chithunzicho chikuwoneka motere:
Zikuwonekeratu kuti chiwembucho ndi chosavuta, chifukwa bungwe la mautumiki apa intaneti si mutu wankhani yamasiku ano.
Komanso m'nkhaniyi ndisiya kuyika ndikusintha koyambira kwamtambo wotsatira, makamaka popeza Habré ali ndi zida pamutuwu. Koma ndikuwonetsa zosintha, popanda Nextcloud sigwira ntchito kumbuyo kwa proxy.
Kupatsidwa:
Nextcloud imayikidwa pa host 1 ndikukonzedwa kuti igwire ntchito pa http (popanda SSL), ili ndi mawonekedwe amtundu wamba komanso "imvi" IP adilesi 172.16.22.110.
Tiyeni tikonze OpenLiteSpeed pa host 2. Ili ndi zolumikizira ziwiri, zakunja (zowoneka pa intaneti) komanso zamkati ndi adilesi ya IP pa netiweki 172.16.22.0/24
Adilesi ya IP ya Host 2 yakunja ndi dzina la DNS cloud.connect.link
Ntchito:
Pezani pa intaneti kudzera pa ulalo '' (SSL) kupita ku Nextcloud pa netiweki yamkati.
- Kuyika OpenLiteSpeed pa Ubuntu 18.04.2.
Tiyeni tiwonjezere posungira:
wget -O | sudo bas
sudo apt-get update
install, run:
sudo apt-get kukhazikitsa openlitespeed
sudo /usr/local/lsws/bin/lswsctrl kuyamba
- Kukonzekera kocheperako kwa firewall.
sudo ufw mulole ssh
sudo ufw default amalola kutuluka
sudo ufw default amakana kulowa
sudo ufw kulola http
sudo ufw allowhttps
sudo ufw kulola kuchokera woyang'anira wanu ku doko lililonse 7080
sudo ufw kuthandiza - Khazikitsani OpenLiteSpeed ngati woyimira kumbuyo.
Tiyeni tipange zolemba pansi pa virtualhost.cd /usr/local/lsws/
sudo mkdirc cloud.connect.link
cd cloud.connect.link/
sudo mkdir {conf,html, logs}
sudo chown lsadm:lsadm ./conf/
Tiyeni tikonze zolandila kuchokera pa intaneti ya LSWS.
Tsegulani kasamalidwe ka ulalo
Lowetsani / achinsinsi anu: admin/123456
Onjezani wolandila (Virtual Hosts> Onjezani).
Powonjezera, uthenga wolakwika udzawonekera - fayilo yokonzekera ikusowa. Izi ndizabwinobwino, zimathetsedwa ndikudina Dinani kuti mupange.
Mu General tabu, tchulani Document Root (ngakhale sizofunika, kasinthidwe sikungachoke popanda izo). Dzina la Domain, ngati silinatchulidwe, lichotsedwa ku Virtual Host Name, lomwe tidatchula dzina lathu lachidziwitso.
Tsopano ndi nthawi yoti tikumbukire kuti tilibe seva yapaintaneti yokha, koma yoyimira kumbuyo. Zokonda zotsatirazi zidzauza LSWS zomwe zingayimire komanso kuti. M'makonzedwe a virtualhost, tsegulani tabu ya External App ndikuwonjezera pulogalamu yatsopano yamtundu wa seva:
Tchulani dzina ndi adilesi. Mutha kutchula dzina losasintha, koma muyenera kukumbukira, likhala lothandiza pamasitepe otsatirawa. Adilesi ndi yomwe Nextcloud imakhala mu netiweki yamkati:
M'makonzedwe omwewo, tsegulani Context tabu ndikupanga mtundu watsopano wamtundu wa Proxy:
Tchulani magawo: URI = /, Seva ya pa intaneti = nextcloud_1 (dzina kuchokera pa sitepe yapitayi)
Yambitsaninso LSWS. Izi zimachitika ndikudina kamodzi kuchokera pa intaneti, zozizwitsa! (wonyamula mbewa cholowa amalankhula mwa ine)
- Timayika satifiketi, konzani https.
tidzazisiya, kuvomereza kuti tili nazo kale ndikugona ndi kiyi mu /etc/letsencrypt/live/cloud.connect.link directory.
Tiyeni tipange "womvera" (Omvera> Onjezani), tiyeni titchule "https". Lozani ku doko 443 ndipo dziwani kuti zikhala Zotetezeka:
Patsamba la SSL, tchulani njira yopita ku kiyi ndi satifiketi:
"Womvera" wapangidwa, tsopano mu gawo la Virtual Host Mappings tidzawonjezera wolandira wathu kwa izo:
Ngati LSWS ingokhala proxy ku ntchito imodzi, kasinthidwe katha kumalizidwa. Koma tikukonzekera kuzigwiritsa ntchito potumiza zopempha ku "zochitika" zosiyanasiyana kutengera dzina la domain. Ndipo madera onse adzakhala ndi ziphaso zawo. Chifukwa chake, muyenera kupita ku virtualhost config ndikutchulanso fungulo lake ndi satifiketi mu tabu ya SSL. M'tsogolomu, izi ziyenera kuchitidwa kwa wolandira watsopano aliyense.
Zimatsalira kukonza url kulembedwanso kuti zopempha za http zitumizidwe ku https.
(Mwa njira, izi zidzatha liti? Ndi nthawi yoti asakatuli ndi mapulogalamu ena apite ku https mwachisawawa, ndikupita ku No-SSL pamanja ngati kuli kofunikira).
Yatsani Yambitsani Kulembanso ndi kulemba Malamulo Olembanso:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ } [R=301,L]
Chifukwa cha kusamvetsetsana kwachilendo, ndizosatheka kugwiritsa ntchito malamulo a Lembaninso ndikuyambiranso mwachizolowezi Graceful. Chifukwa chake, tiyambitsanso LSWS osati mwaulemu, koma mwamwano komanso moyenera:
sudo systemctl kuyambitsanso lsws.service
Kuti seva imvetsere ku port 80, tiyeni tipange Womvera wina. Tiyeni tiyitchule kuti http, tchulani doko la 80 komanso kuti silikhala Lotetezeka:
Pofananiza ndi makonda a omvera a https, tiyeni tilumikizane nawo.
Tsopano LSWS imvera pa port 80 ndikutumiza zopempha ku 443 kuchokera pamenepo, ndikulembanso ulalo.
Pomaliza, ndikupangira kutsitsa mulingo wodula mitengo wa LSWS, womwe umayikidwa ku Debug mwachisawawa. Munjira iyi, zipika zimachulukana pa liwiro la mphezi! Nthawi zambiri, mlingo wa Chenjezo ndi wokwanira. Pitani ku Kusintha kwa Seva> Log:
Izi zimamaliza kasinthidwe ka OpenLiteSpeed ngati woyimira kumbuyo. Apanso, yambitsaninso LSWS, tsatirani ulalo ndi kuwona:
Kuti Nextcloud itilowetse, tiyenera kuwonjezera domain cloud.connect.link pamndandanda wodalirika. Tiyeni tipite kusintha config.php. Ndinayika Nextcloud pokhapokha ndikuyika Ubuntu ndipo config ili pano: /var/snap/nextcloud/current/nextcloud/config.
Onjezani magawo a 'cloud.connect.link' ku kiyi ya trusted_domains:
'trusted_domains' =>
gulu (
0 => '172.16.22.110', '
1 => 'cloud.connect.link',
),
Kuphatikiza apo, mukusintha komweko, muyenera kufotokoza adilesi ya IP ya projekiti yathu. Ndikuwonetsani kuti adilesiyo iyenera kufotokozedwa yomwe ikuwoneka ku seva ya Nextcloud, i.e. IP ya mawonekedwe a LSWS akomweko. Popanda sitepe iyi, mawonekedwe a intaneti a Nextcloud amagwira ntchito, koma mapulogalamu saloledwa.
'trusted_proxies' =>
gulu (
0 => '172.16.22.100', '
),
Chabwino, pambuyo pake tikhoza kulowa mu mawonekedwe ovomerezeka:
Vuto lathetsedwa! Tsopano kasitomala aliyense atha kugwiritsa ntchito "mtambo wa fayilo" mosamala pa ulalo wake, seva yokhala ndi mafayilo imasiyanitsidwa ndi intaneti, makasitomala amtsogolo adzalandira chilichonse chimodzimodzi ndipo palibe adilesi imodzi yowonjezera ya IP yomwe ingakhudzidwe.
Kuphatikiza apo, mutha kugwiritsa ntchito woyimira kumbuyo kuti mupereke zomwe zili zokhazikika, koma kwa Nextcloud, izi sizipereka chiwonjezeko chowoneka bwino. Kotero ndizosankha komanso zosafunikira.
Ndine wokondwa kugawana nkhaniyi, ndikhulupilira kuti ikhala yothandiza kwa wina. Ngati mukudziwa njira zowoneka bwino komanso zothandiza zothetsera vutoli, ndikuthokozani chifukwa cha ndemanga!
Source: www.habr.com