Chinyorwa chichabatsira kune avo:
- inoziva kuti Client Cert chii uye inonzwisisa kuti nei ichida mawebhusaiti pane mobile Safari;
- Ndinoda kushambadza webhusaiti kune vanhu vashoma denderedzwa kana ini chete;
- anofunga kuti zvese zvakatoitwa nemumwe munhu, uye anoda kuita kuti nyika ive nyore uye yakachengeteka.
Nhoroondo yewebsockets yakatanga anenge makore 8 apfuura. Kare, nzira dzakashandiswa nenzira yezvikumbiro zve http (chaizvoizvo mhinduro): bhurawuza remushandisi rakatumira chikumbiro kune sevha uye rakamirira kuti ripindure chimwe chinhu, mushure memhinduro yakabatana zvakare uye yakamirira. Asi pakabva paonekwa ma websockets.
Makore mashoma apfuura, isu takagadzira isu pachedu kuita mune yakachena PHP, isingakwanise kushandisa https zvikumbiro, sezvo iyi ndiyo yekubatanidza layer. Munguva pfupi yapfuura, anenge ese maseva ewebhu akadzidza kuita zvikumbiro zveproxy pamusoro pe https uye kutsigira kubatana: kusimudzira.
Izvi pazvaitika, mawebhusaiti akave anenge akasarudzika sevhisi yeSPA zvikumbiro, nekuti zviri nyore sei kupa zvemukati kumushandisi panguva yekutanga sevha (kutumira meseji kubva kune mumwe mushandisi kana kudhawunirodha vhezheni itsva yemufananidzo, gwaro, mharidzo. kuti mumwe munhu ari kugadzirisa parizvino).
Kunyangwe Setifiketi yeMutengi yanga iripo kwenguva yakati rebei, ichiri kuramba isina kutsigirwa, sezvo ichigadzira matambudziko mazhinji kana uchiedza kuidarika. Uye (zvichida :slightly_smiling_face: ) ndosaka mabrowser eIOS (ese kunze kweSafari) asingade kuishandisa nekukumbira kubva kuchitoro chezvitupa. Zvitupa zvine zvakawanda zvakanaka zvichienzaniswa nekupinda/kupfuura kana ssh makiyi kana kuvhara madoko anodiwa kuburikidza nefirewall. Asi hazvisi izvo zviri pamusoro peizvi.
PaIOS, maitiro ekuisa chitupa ari nyore (kwete pasina zvirevo), asi kazhinji anoitwa maererano nemirayiridzo, iyo yakawanda paInternet uye inongowanikwa yeSafari browser. Nehurombo, Safari haizive mashandisiro eClient Π‘ert yezvigadziko zvewebhu, asi pane mirairo yakawanda paInternet yekuti ungagadzira sei chitupa chakadaro, asi mukuita izvi hazvigoneke.
Kuti tinzwisise websockets, takashandisa chirongwa chinotevera: dambudziko/hypothesis/mhinduro.
Dambudziko: hapana tsigiro yezvigadziko zvewebhu kana proxy zvikumbiro kune zviwanikwa zvinodzivirirwa nechitupa chemutengi paSafari mobile browser yeIOS uye mamwe maapplication akagonesa rutsigiro rwechitupa.
Mafungiro:
- Zvinogoneka kugadzirisa kusarudzika kwakadai kushandisa zvitupa (uchiziva kuti hapazovipo) kune websockets yemukati / yekunze proxied zviwanikwa.
- Kune mawebsockets, unogona kugadzira yakasarudzika, yakachengeteka uye inodzivirirwa yekubatanidza uchishandisa zvenguva pfupi zvikamu zvinogadzirwa panguva yakajairika (isina-websocket) browser yekukumbira.
- Zvikamu zvenguva pfupi zvinogona kuitwa uchishandisa imwe proxy web server (yakavakirwa-mukati mamodule uye mabasa chete).
- Yenguva pfupi ma tokens akatoitwa seakagadzirira-akagadzirwa maApache module.
- Yenguva pfupi maratidziro echikamu anogona kuitwa nekugadzira zvine musoro dhizaini yekudyidzana.
Inooneka mamiriro mushure mekushandiswa.
Chinangwa chebasa: manejimendi emasevhisi uye zvivakwa zvinofanirwa kuwanikwa kubva parunhare mbozha paIOS pasina mamwe mapurogiramu (seVPN), akabatana uye akachengeteka.
Chimwe chinangwa: kuchengetedza nguva uye zviwanikwa / foni traffic (mamwe masevhisi asina webhu soketi anogadzira zvikumbiro zvisingakoshi) nekukurumidza kuendesa zvirimo paInternet nhare.
Maitiro ekutarisa?
1. Kuvhura mapeji:
β Π½Π°ΠΏΡΠΈΠΌΠ΅Ρ, https://teamcity.yourdomain.com Π² ΠΌΠΎΠ±ΠΈΠ»ΡΠ½ΠΎΠΌ Π±ΡΠ°ΡΠ·Π΅ΡΠ΅ Safari (Π΄ΠΎΡΡΡΠΏΠ΅Π½ ΡΠ°ΠΊΠΆΠ΅ Π² Π΄Π΅ΡΠΊΡΠΎΠΏΠ½ΠΎΠΉ Π²Π΅ΡΡΠΈΠΈ) β Π²ΡΠ·ΡΠ²Π°Π΅Ρ ΡΡΠΏΠ΅ΡΠ½ΠΎΠ΅ ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ ΠΊ Π²Π΅Π±-ΡΠΎΠΊΠ΅ΡΠ°ΠΌ.
β Π½Π°ΠΏΡΠΈΠΌΠ΅Ρ, https://teamcity.yourdomain.com/admin/admin.html?item=diagnostics&tab=webSβ¦β ΠΏΠΎΠΊΠ°Π·ΡΠ²Π°Π΅Ρ ping/pong.
β Π½Π°ΠΏΡΠΈΠΌΠ΅Ρ, https://rancher.yourdomain.com/p/c-84bnv:p-vkszd/workload/deployment:danidb:phβ¦-> viewlogs β ΠΏΠΎΠΊΠ°Π·ΡΠ²Π°Π΅Ρ Π»ΠΎΠ³ΠΈ ΠΊΠΎΠ½ΡΠ΅ΠΉΠ½Π΅ΡΠ°.2. Kana mune yekuvandudza console:
Hypothesis kuongororwa:
1. Zvinogoneka kugadzirisa kusarudzika kwakadai kushandisa zvitupa (uchiziva kuti hapazovipo) kumawebhu sockets emukati / ekunze proxied zviwanikwa.
2 mhinduro dzakawanikwa pano:
a) Padanho
<Location sock*> SSLVerifyClient optional </Location>
<Location /> SSLVerifyClient require </Location>
shandura mukana wekuwana.
Iyi nzira ine nuances inotevera:
- Kusimbiswa kweSitifiketi kunoitika mushure mekukumbira kune proxied sosi, kureva, post chikumbiro kubata maoko. Izvi zvinoreva kuti proxy inotanga kurodha uye yobva yacheka chikumbiro kune iyo yakachengetedzwa sevhisi. Izvi zvakaipa, asi kwete kutsoropodza;
- Mune iyo http2 protocol. Ichiri mugwara, uye vagadziri vebrowser havazive maitiro ekuishandisa #info nezve tls1.3 http2 post handshake (isiri kushanda izvozvi) ;
- Hazvisi pachena nzira yekubatanidza iyi kugadzirisa.
b) Padanho rekutanga, bvumidza ssl isina chitupa.
SSLVerifyClient inoda => SSLVerifyClient inosarudza, asi izvi zvinoderedza kuchengetedzwa kwevhavha yeproxy, sezvo kubatana kwakadaro kuchagadziriswa pasina chitupa. Nekudaro, iwe unogona kuramba zvakare kuwana kune proxied masevhisi neinotevera rairo:
RewriteEngine on
RewriteCond %{SSL:SSL_CLIENT_VERIFY} !=SUCCESS
RewriteRule .? - [F]
ErrorDocument 403 "You need a client side certificate issued by CAcert to access this site"
Ruzivo rwakadzama runogona kuwanikwa muchinyorwa nezve ssl:
Sarudzo dzese dziri mbiri dzakaedzwa, sarudzo "b" yakasarudzwa nekuda kwekuita kwayo uye kuenderana neiyo http2 protocol.
Kupedzisa kusimbiswa kweiyi hypothesis, zvakatora kuyedza kwakawanda nekumisikidzwa; magadzirirwo anotevera akaedzwa:
kana = zvinoda = nyorazve
Mhedzisiro iyi inotevera dhizaini:
SSLVerifyClient optional
RewriteEngine on
RewriteCond %{SSL:SSL_CLIENT_VERIFY} !=SUCCESS
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule .? - [F]
#ErrorDocument 403 "You need a client side certificate issued by CAcert to access this site"
#websocket for safari without cert auth
<If "%{SSL:SSL_CLIENT_VERIFY} != 'SUCCESS'">
<If "%{HTTP:Upgrade} = 'websocket'">
...
#Π·Π°ΠΌΠ΅ΡΠ°Π΅ΠΌ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΡ ΠΏΠΎ Π²Π»Π°Π΄Π΅Π»ΡΡΡ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠ° Π½Π° Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΡ ΠΏΠΎ Π½ΠΎΠΌΠ΅ΡΡ ΠΏΡΠΎΡΠΎΠΊΠΎΠ»Π°
SSLUserName SSl_PROTOCOL
</If>
</If>
Tichifunga nezve mvumo yaivepo nemuridzi wechitupa, asi nechitupa chisipo, ndaifanira kuwedzera muridzi wechitupa asipo nenzira yeimwe yemhando dziripo SSl_PROTOCOL (pachinzvimbo cheSSL_CLIENT_S_DN_CN), zvimwe zvakawanda muzvinyorwa:
2. Kune mawebsockets, unogona kugadzira yakasarudzika, yakachengeteka uye yakadzivirirwa yekubatanidza uchishandisa masesheni enguva pfupi anogadzirwa panguva yenguva dzose (isina-websocket) browser chikumbiro.
Zvichienderana nezvakaitika kare, iwe unofanirwa kuwedzera chimwe chikamu kune chigadziriso kuitira kuti ugadzirire ma tokens echinguvana ewebhu socket yekubatanidza panguva yenguva dzose (isina-web socket) chikumbiro.
#ΠΏΠΎΠ΄Π³ΠΎΡΠΎΠ²ΠΊΠ° ΠΏΠ΅ΡΠ΅Π΄Π°ΡΠ° ΡΠ΅Π±Π΅ Π‘ookie ΡΠ΅ΡΠ΅Π· ΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΠ΅Π»ΡΡΠΊΠΈΠΉ Π±ΡΠ°ΡΠ·Π΅Ρ
<If "%{SSL:SSL_CLIENT_VERIFY} = 'SUCCESS'">
<If "%{HTTP:Upgrade} != 'websocket'">
Header set Set-Cookie "websocket-allowed=true; path=/; Max-Age=100"
</If>
</If>
#ΠΏΡΠΎΠ²Π΅ΡΠΊΠ° Cookie Π΄Π»Ρ ΡΡΡΠ°Π½ΠΎΠ²Π»Π΅Π½ΠΈΡ Π²Π΅Π±-ΡΠΎΠΊΠ΅Ρ ΡΠΎΠ΅Π΄ΠΈΠ½Π΅Π½ΠΈΡ
<source lang="javascript">
<If "%{SSL:SSL_CLIENT_VERIFY} != 'SUCCESS'">
<If "%{HTTP:Upgrade} = 'websocket'">
#check for exists cookie
#get and check
SetEnvIf Cookie "websocket-allowed=(.*)" env-var-name=$1
#or rewrite rule
RewriteCond %{HTTP_COOKIE} !^.*mycookie.*$
#or if
<If "%{HTTP_COOKIE} =~ /(^|; )cookie-names*=s*some-val(;|$)/ >
</If
</If>
</If>
Testing yakaratidza kuti inoshanda. Zvinogoneka kuendesa Cookies kwauri kuburikidza nebrowser yemushandisi.
3. Zvirongwa zvenguva pfupi zvinogona kushandiswa uchishandisa imwe proxy web server (chete yakavakwa-mukati modules uye mabasa).
Sezvatakamboona, Apache ine zvakawanda zvemukati mashandiro ayo anotendera iwe kuti ugadzire zvine mamiriro ekuvaka. Nekudaro, isu tinoda nzira dzekuchengetedza ruzivo rwedu rwuri mubrowser yemushandisi, saka tinoona chekuchengeta uye nei, uye ndeapi mabasa akavakirwa-mukati atichashandisa:
- Tinoda chiratidzo chisingagone kunyorwa nyore nyore.
- Tinoda chiratidzo chine obsolescence yakavakirwa mukati mayo uye kugona kutarisa kupera pane server.
- Tinoda chiratidzo chichabatanidzwa nemuridzi wechitupa.
Izvi zvinoda hashing basa, munyu, uye zuva rekuchembera chiratidzo. Kubva pane zvinyorwa tine zvese kunze kwebhokisi sha1 uye %{TIME}.
Mhedzisiro yaive iyi dhizaini:
#Π½Π΅Ρ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠ°, ΠΈ ΠΎΠ±ΡΠ°ΡΠ΅Π½ΠΈΠ΅ ΠΊ websocket
<If "%{SSL:SSL_CLIENT_VERIFY} != 'SUCCESS'">
<If "%{HTTP:Upgrade} = 'websocket'">
SetEnvIf Cookie "zt-cert-sha1=([^;]+)" zt-cert-sha1=$1
SetEnvIf Cookie "zt-cert-uid=([^;]+)" zt-cert-uid=$1
SetEnvIf Cookie "zt-cert-date=([^;]+)" zt-cert-date=$1
#ΡΠΎΠ»ΡΠΊΠΎ ΡΠ°ΠΊ ΠΌΠΎΠΆΠ½ΠΎ ΡΠ°Π±ΠΎΡΠ°ΡΡ Ρ ΠΏΠ΅ΡΠ΅ΠΌΠ΅Π½Π½ΡΠΌΠΈ, ΠΏΠΎΠ»ΡΡΠ΅Π½Π½ΡΠΌΠΈ Π² env-Π°Ρ
Π² ΡΡΠΎΡ ΠΌΠΎΠΌΠ΅Π½Ρ Π²ΡΠ΅ΠΌΠ΅Π½ΠΈ, Π±ΠΎΠ»Π΅Π΅ ΠΎΠ½ΠΈ Π½ΠΈΠ³Π΄Π΅ Π½Π΅ Π΄ΠΎΡΡΡΠΏΠ½Ρ Π΄Π»Ρ ΡΡΠ½ΠΊΡΠΈΠΈ Ρ
Π΅ΡΠΈΡΠΎΠ²Π°Π½ΠΈΡ (ΠΏΠΎ ΠΎΡΠ΄Π΅Π»ΡΠ½ΠΎΡΡΠΈ ΠΌΠΎΠΆΠ½ΠΎ, Π½ΠΎ Π½Π΅ Π²ΠΌΠ΅ΡΡΠ΅, Π΄Π° ΠΈ Π΅ΡΡ Ρ Ρ
Π΅ΡΠΈΡΠΎΠ²Π°Π½ΠΈΠ΅ΠΌ)
<RequireAll>
Require expr %{sha1:salt1%{env:zt-cert-date}salt3%{env:zt-cert-uid}salt2} == %{env:zt-cert-sha1}
Require expr %{env:zt-cert-sha1} =~ /^.{40}$/
</RequireAll>
</If>
</If>
#Π΅ΡΡΡ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°Ρ, Π·Π°ΠΏΡΠ°ΡΠΈΠ²Π°Π΅ΡΡΡ Π½Π΅ websocket
<If "%{SSL:SSL_CLIENT_VERIFY} = 'SUCCESS'">
<If "%{HTTP:Upgrade} != 'websocket'">
SetEnvIf Cookie "zt-cert-sha1=([^;]+)" HAVE_zt-cert-sha1=$1
SetEnv zt_cert "path=/; HttpOnly;Secure;SameSite=Strict"
#ΠΠΎΠ²ΡΠ΅ ΠΊΡΠΊΠΈ ΡΡΠ°Π²ΡΡΡΡ, Π΅ΡΠ»ΠΈ ΡΡΠ°ΡΡΡ
Π½Π΅Ρ
Header add Set-Cookie "expr=zt-cert-sha1=%{sha1:salt1%{TIME}salt3%{SSL_CLIENT_S_DN_CN}salt2};%{env:zt_cert}" env=!HAVE_zt-cert-sha1
Header add Set-Cookie "expr=zt-cert-uid=%{SSL_CLIENT_S_DN_CN};%{env:zt_cert}" env=!HAVE_zt-cert-sha1
Header add Set-Cookie "expr=zt-cert-date=%{TIME};%{env:zt_cert}" env=!HAVE_zt-cert-sha1
</If>
</If>
Chinangwa chave chaitwa, asi kune matambudziko ne server obsolescence (unogona kushandisa Cookie ane gore), izvo zvinoreva kuti zviratidzo, kunyange zvakachengeteka kushandiswa kwemukati, hazvina kuchengetedzeka kune indasitiri (yakawanda) kushandiswa.
4. Zviratidziro zvenguva pfupi zvakatoitwa seakagadzirira-akagadzirwa maApache modules.
Rimwe dambudziko rakakosha rakasara kubva kune yakapfuura iteration - kusakwanisa kudzora kuchembera kwechiratidzo.
Isu tiri kutsvaga yakagadzirira-yakagadzirwa module inoita izvi, zvinoenderana nemashoko: apache chiratidzo json two factor auth.
Ehe, kune akagadzirira-akagadzirwa mamodule, asi ese akasungirirwa kune chaiwo zviito uye ane maartifacts muchimiro chekutanga chikamu uye mamwe maCookies. Ndiko kuti, kwete kwechinguva.
Zvakatitorera maawa mashanu kutsvaga, izvo zvisina kupa mhedzisiro yekongiri.
5. Zviratidziro zvenguva pfupi zvinogona kushandiswa nekugadzirisa zvine musoro chimiro chekubatana.
Yakagadzirirwa-yakagadzirwa ma modules akaomarara, nekuti isu tinongoda mashoma emabasa.
Izvo zviri kutaurwa, dambudziko nemusi nderekuti maApache akavakirwa-mukati mabasa haabvumidze kugadzira zuva kubva kune ramangwana, uye hapana masvomhu yekuwedzera/kubvisa mumabasa akavakirwa-mukati kana uchitarisa kusashanda.
Ndiko kuti, haugone kunyora:
(%{env:zt-cert-date} + 30) > %{DATE}
Iwe unogona chete kuenzanisa nhamba mbiri.
Ndichiri kutsvaga workaround yedambudziko reSafari, ndakawana chinyorwa chinonakidza:
Inotsanangura muenzaniso wekodhi muLua yeNginx, uye iyo, sezvazvakazoitika, inodzokorora zvakanyanya kufunga kweiyo chikamu chegadziriro yatakatoita, kunze kwekushandiswa kweiyo hmac salting nzira ye hashing ( izvi hazvina kuwanikwa muApache).
Zvakava pachena kuti Lua mutauro une pfungwa dzakajeka, uye zvinokwanisika kuita chinhu chiri nyore kuApache:
Mushure mekudzidza mutsauko neNginx neApache:
Uye mabasa anowanikwa kubva kumugadziri wemutauro weLua:
Isu takawana nzira yekuseta env vhezheni mune diki Lua faira kuitira kuti tiise zuva kubva mune ramangwana kuti tienzanise neyazvino.
Izvi ndizvo zvinotaridzika seRua script:
require 'apache2'
function handler(r)
local fmt = '%Y%m%d%H%M%S'
local timeout = 3600 -- 1 hour
r.notes['zt-cert-timeout'] = timeout
r.notes['zt-cert-date-next'] = os.date(fmt,os.time()+timeout)
r.notes['zt-cert-date-halfnext'] = os.date(fmt,os.time()+ (timeout/2))
r.notes['zt-cert-date-now'] = os.date(fmt,os.time())
return apache2.OK
end
Uye aya ndiwo mashandiro azvinoita zvese muhuwandu, nekugadzirisa kwenhamba yeCookies uye kutsiva kwechiratidzo kana hafu yenguva yasvika iyo yekare Cookie (chiratidzo) isati yapera:
SSLVerifyClient optional
#LuaScope thread
#generate event variables zt-cert-date-next
LuaHookAccessChecker /usr/local/etc/apache24/sslincludes/websocket_token.lua handler early
#Π·Π°ΠΏΡΠ΅ΡΠ°Π΅ΠΌ Π±Π΅Π· ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠ° ΡΡΠΎ-ΡΠΎ Π΅ΡΡ, ΠΊΡΠΎΠΌΠ΅ webscoket
RewriteEngine on
RewriteCond %{SSL:SSL_CLIENT_VERIFY} !=SUCCESS
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule .? - [F]
#ErrorDocument 403 "You need a client side certificate issued by CAcert to access this site"
#websocket for safari without certauth
<If "%{SSL:SSL_CLIENT_VERIFY} != 'SUCCESS'">
<If "%{HTTP:Upgrade} = 'websocket'">
SetEnvIf Cookie "zt-cert=([^,;]+),([^,;]+),[^,;]+,([^,;]+)" zt-cert-sha1=$1 zt-cert-date=$2 zt-cert-uid=$3
<RequireAll>
Require expr %{sha1:salt1%{env:zt-cert-date}salt3%{env:zt-cert-uid}salt2} == %{env:zt-cert-sha1}
Require expr %{env:zt-cert-sha1} =~ /^.{40}$/
Require expr %{env:zt-cert-date} -ge %{env:zt-cert-date-now}
</RequireAll>
#Π·Π°ΠΌΠ΅ΡΠ°Π΅ΠΌ Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΡ ΠΏΠΎ Π²Π»Π°Π΄Π΅Π»ΡΡΡ ΡΠ΅ΡΡΠΈΡΠΈΠΊΠ°ΡΠ° Π½Π° Π°Π²ΡΠΎΡΠΈΠ·Π°ΡΠΈΡ ΠΏΠΎ Π½ΠΎΠΌΠ΅ΡΡ ΠΏΡΠΎΡΠΎΠΊΠΎΠ»Π°
SSLUserName SSl_PROTOCOL
SSLOptions -FakeBasicAuth
</If>
</If>
<If "%{SSL:SSL_CLIENT_VERIFY} = 'SUCCESS'">
<If "%{HTTP:Upgrade} != 'websocket'">
SetEnvIf Cookie "zt-cert=([^,;]+),[^,;]+,([^,;]+)" HAVE_zt-cert-sha1=$1 HAVE_zt-cert-date-halfnow=$2
SetEnvIfExpr "env('HAVE_zt-cert-date-halfnow') -ge %{TIME} && env('HAVE_zt-cert-sha1')=~/.{40}/" HAVE_zt-cert-sha1-found=1
Define zt-cert "path=/;Max-Age=%{env:zt-cert-timeout};HttpOnly;Secure;SameSite=Strict"
Define dates_user "%{env:zt-cert-date-next},%{env:zt-cert-date-halfnext},%{SSL_CLIENT_S_DN_CN}"
Header set Set-Cookie "expr=zt-cert=%{sha1:salt1%{env:zt-cert-date-next}sal3%{SSL_CLIENT_S_DN_CN}salt2},${dates_user};${zt-cert}" env=!HAVE_zt-cert-sha1-found
</If>
</If>
SetEnvIfExpr "env('HAVE_zt-cert-date-halfnow') -ge %{TIME} && env('HAVE_zt-cert-sha1')=~/.{40}/" HAVE_zt-cert-sha1-found=1
ΡΠ°Π±ΠΎΡΠ°Π΅Ρ,
Π° ΡΠ°ΠΊ ΡΠ°Π±ΠΎΡΠ°ΡΡ Π½Π΅ Π±ΡΠ΄Π΅Ρ
SetEnvIfExpr "env('HAVE_zt-cert-date-halfnow') -ge env('zt-cert-date-now') && env('HAVE_zt-cert-sha1')=~/.{40}/" HAVE_zt-cert-sha1-found=1
Nekuti LuaHookAccessChecker inongoitwa chete mushure mekuwana macheki zvichienderana neruzivo urwu kubva kuNginx.
Link kune source.
Chimwezve chinhu.
Kazhinji, hazvina basa kuti mirairo yakanyorwa sei muApache (pamwe zvakare Nginx) gadziriso, nekuti pakupedzisira zvese zvichange zvakarongedzwa zvichienderana nehurongwa hwechikumbiro kubva kumushandisi, icho chinoenderana nechirongwa chekugadzirisa. Lua zvinyorwa.
Kupedzisa:
Inooneka mamiriro mushure mekuita (chinangwa):
manejimendi emasevhisi uye zvivakwa anowanikwa kubva nharembozha paIOS pasina mamwe mapurogiramu (VPN), akabatana uye akachengeteka.
Chinangwa chave kuwanikwa, zvigadziko zvewebhu zvinoshanda uye zvine mwero wekuchengetedza kwete pasi pechitupa.
Source: www.habr.com