Ndingagadzirisa sei OpenLiteSpeed kudzosera proxy kuNextcloud iri pane yangu yemukati network?
Zvinoshamisa kuti kutsvaga paHabré yeOpenLiteSpeed hakuburitse chero chinhu! Ini ndinokurumidza kugadzirisa kusarongeka uku, nekuti LSWS yakakodzera webhu server. Ini ndinoida nekumhanya kwayo uye fancy web management interface:
Zvisinei nekuti OpenLiteSpeed inonyanyo zivikanwa se "accelerator" yeWordPress, mune chinyorwa chanhasi ini ndicharatidza kushandiswa kwayo chaiko. Kureva, reverse proxying yezvikumbiro. Ungati zvakajairika kushandisa nginx pane izvi? Ndichabvuma. Asi takadanana chaizvo neLSWS!
Proxying ok, asi kupi? Sevhisi inoshamisa zvakaenzana ndeye Nextcloud. Isu tinoshandisa Nextcloud kugadzira yakavanzika "faira-kugovera makore". Kune mutengi wega wega, tinogovera VM yakaparadzana neNextcloud, uye hatidi kuvafumura "kunze". Pane kudaro, isu tinokumbira mumiririri kuburikidza neyakajairwa reverse proxy. Iyi mhinduro inokubvumira kuti:
1) bvisa sevha iyo data yemutengi inochengetwa kubva paInternet uye
2) chengetedza IP kero.
Dhayagiramu inoratidzika seiyi:
Zviri pachena kuti dhayagiramu iri nyore, nekuti kuronga webhu sevhisi zvivakwa haisi musoro wechinyorwa chanhasi.
Zvakare mune ino chinyorwa ini ndichasiya kuisirwa uye yekutanga kumisikidzwa kweinoteveracloud, kunyanya sezvo paine zvinhu zviri pamusoro peiyi nyaya paHabré. Asi ini zvirokwazvo ndichakuratidza zvigadziriso pasina izvo Nextcloud isingashande kuseri kweproxy.
Zvapiwa:
Nextcloud yakaiswa pane host 1 uye yakagadzirirwa kushanda kuburikidza ne http (isina SSL), ine chete yemuno network interface uye "grey" IP kero 172.16.22.110.
Ngatigadzirisei OpenLiteSpeed pane host 2. Iine mainterface maviri, yekunze (inoona Internet) uye yemukati ine IP kero pane network 172.16.22.0/24
Iyo DNS zita cloud.connect.link inotungamira kune IP kero yekunze interface ye host 2
Basa:
Wana kubva kuInternet uchishandisa chinongedzo '' (SSL) paNextcloud pane yemukati network.
- Kuisa OpenLiteSpeed pa Ubuntu 18.04.2.
Ngatiwedzerei repository:
wget -O - |sudo bash
sudo apt-get update
install, run:
sudo apt-tora kuisa openlitespeed
sudo /usr/local/lsws/bin/lswsctrl kutanga
- Ngatimisei firewall shoma.
sudo ufw bvumira ssh
sudo ufw default bvumira kubuda
sudo ufw default kuramba kupinda
sudo ufw bvumira http
sudo ufw bvumira https
sudo ufw bvumira kubva manejimendi yako kune chero chiteshi 7080
sudo ufw shandisa - Ngatigadzirise OpenLiteSpeed senge reverse proxy.
Ngatigadzire madhairekitori eiyo virtualhost.cd /usr/local/lsws/
sudo mkdirc cloud.connect.link
cd cloud.connect.link/
sudo mkdir {conf,html, logs}
sudo chown lsadm:lsadm ./conf/
Ngatigadzirise iyo virtualhost kubva kuLSWS web interface.
Kuvhura URL manejimendi
Default login/password: admin/123456
Wedzera a virtual host (Virtual Hosts> Wedzera).
Paunenge uchiwedzera, meseji yekukanganisa ichaonekwa ichiratidza kuti faira rekugadzirisa haripo. Izvi zvakajairika uye zvinogona kugadziriswa nekudzvanya Tinya kuti ugadzire.
MuGeneral tab, tsanangura Document Root (kunyangwe isiri kudikanwa, iyo config haizobva isina iyo). Zita reZita, kana risina kutaurwa, richatorwa kubva kuVirtual Host Name, iro ratakadaidza zita renzvimbo yedu.
Iye zvino yave nguva yekuyeuka kuti isu hatingove newebhu server, asi reverse proxy. Aya anotevera marongero achaudza LSWS kuti ndeipi proxy uye kupi. Mune iyo virtualhost marongero, vhura iyo Yekunze App tab uye wedzera chishandiso chitsva cheWeb server mhando:
Tinoratidza zita nekero. Iwe unogona kutsanangura zita rinopokana, asi iwe unofanirwa kurirangarira; zvichave zvinobatsira mumatanho anotevera. Kero ndipo panogara Nextcloud pane yemukati network:
Mune imwecheteyo virtualhost marongero, vhura iyo Context tebhu uye gadzira mamiriro matsva emhando yeProxy:
Rondedzera paramita: URI = /, Webhu server = nextcloud_1 (zita kubva padanho rapfuura)
Tangazve LSWS. Izvi zvinoitwa nekudzvanya kamwe chete kubva pawebhu interface, zvishamiso! (mutakuri wembeva ari mandiri anotaura)
- Isu tinoisa chitupa uye tinogadzirisa https.
isu tichaisiya uye tinobvumirana kuti isu tatova nayo uye inorara pamwe chete nekiyi mu /etc/letsencrypt/live/cloud.connect.link directory.
Ngatigadzirei "muteereri" (Vatereri> Wedzera), idaidze "https". Ngatinongedzei kuchiteshi 443 uye tizive kuti ichave Yakachengeteka:
MuSSL tab, ratidza nzira inoenda kukiyi uye chitupa:
Iyo "muteereri" yagadzirwa, ikozvino muVirtual Host Mappings chikamu isu tichawedzera yedu chaiyo yekugamuchira kwairi:
Kana LSWS ichingoita proxy kune imwe chete sevhisi, iyo gadziriso inogona kupedzwa. Asi isu tinoronga kuishandisa kupfuudza zvikumbiro kune "zviremera" zvakasiyana zvichienderana nezita rezita. Uye ese madomasi achave neawo zvitupa. Naizvozvo, iwe unofanirwa kuenda kune iyo virtualhost config uye zvakare tsanangura kiyi yayo uye chitupa muSSL tab. Mune ramangwana, izvi zvinofanirwa kuitwa kune yega yega yega virtual host.
Chasara ndechekugadzirisa url kunyorazve kuti http zvikumbiro zvitariswe ku https.
(Nenzira, izvi zvichapera rinhi? Inguva yekuti mabhurawuza uye mamwe masoftware aenderere mberi kune https, uye kumberi kune kwete-SSL nemaoko kana zvichidikanwa).
Batidza Gonesa Kunyorazve uye nyora pasi Nyora Patsva Mitemo:
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ } [R=301,L]
Nekuda kwekusanzwisisa kunoshamisa, haugone kushandisa Nyorazve mitemo uchishandisa yakajairwa Graceful restart. Naizvozvo, ngatitangeizve LSWS kwete nenyasha, asi zvine hukasha uye zvinobudirira:
sudo systemctl tangazve lsws.service
Kuti sevha iteerere kuchiteshi 80, isu tichagadzira imwe Mutereri. Ngatiidaidzei http, ratidza chiteshi che80 uye chokwadi chekuti ichave isina-Kuchengetedzeka:
Nekufananidza nekumisikidza mutereri we https, ngationei mepu yedu yekugamuchira iyo.
Iye zvino LSWS ichateerera port 80 uye kutumira zvikumbiro kubva kwairi kuenda ku443, kunyorazve url.
Chekupedzisira, ini ndinokurudzira kudzikisa iyo LSWS yekutema nhanho, iyo yakagadzirirwa kuDebug nekukasira. Mune iyi modhi, matanda anowedzera nekumhanya kwemheni! Kune dzakawanda zviitiko, iyo Yambiro nhanho yakakwana. Enda kuServer Configuration> Log:
Izvi zvinopedzisa kumisikidzwa kweOpenLiteSpeed senge reverse proxy. Zvekare isu tinotangazve LSWS, tevera chinongedzo uye tinoona:
Kuti Nextcloud ititendere kupinda, isu tinofanirwa kuwedzera iyo domain cloud.connect.link kune runyorwa rwevanovimba. Handei tinogadzirisa config.php. Ini ndakaisa Nextcloud otomatiki kana ndichiisa Ubuntu uye iyo config iri pano: /var/snap/nextcloud/current/nextcloud/config.
Wedzera iyo 'cloud.connect.link' parameter kune trusted_domains kiyi:
'trusted_domains' =>
rondedzero (
0 => '172.16.22.110',
1 => 'cloud.connect.link',
),
Tevere, mune imwechete config iwe unofanirwa kutsanangura iyo IP kero yeproxy yedu. Ndokumbira utarise kuti kero inofanirwa kutsanangurwa seyo inoonekwa kune Nextcloud server, i.e. LSWS yemuno interface IP. Pasina danho iri, iyo Nextcloud web interface inoshanda, asi zvikumbiro hazvina mvumo.
'trusted_proxies' =>
rondedzero (
0 => '172.16.22.100',
),
Zvakanaka, mushure meizvi tinogona kusvika kune yekubvumidza interface:
Dambudziko ragadziriswa! Iye zvino mutengi wega wega anogona kushandisa zvakachengeteka "file cloud" achishandisa URL yavo yega, sevha ine mafaira yakaparadzaniswa kubva paInternet, vatengi venguva yemberi vachagamuchira zvose zvakafanana uye hapana imwe kero ye IP ichakuvadzwa.
Pamusoro pezvo, iwe unogona kushandisa reverse proxy kuendesa static zvemukati, asi mune yeNextcloud izvi hazvizope kuwedzera kunooneka kwekumhanya. Saka izvi ndezvekusarudza uye hazvidiwi.
Ndafara kugovera nyaya iyi, ndinovimba ichabatsira mumwe munhu. Kana iwe uchiziva dzimwe nzira dzakanaka uye dzinoshanda dzekugadzirisa dambudziko iri, ndingatenda nemhinduro dzako!
Source: www.habr.com