Waxaan muddo dheer rabay in aan "gacmahayga taabto" adeegyada internetka aniga oo dejinaya server-ka webka oo xoqan oo u sii daaya internetka. Maqaalkan waxaan rabaa in aan la wadaago waayo-aragnimadayda ku saabsan beddelka router guriga oo ka yimid qalab aad u shaqeynaya una beddelaya server buuxa.
Waxaas oo dhami waxay ku bilowdeen xaqiiqda ah in TP-Link TL-WR1043ND router, kaas oo si daacad ah ugu adeegay, uusan hadda buuxin baahiyaha shabakadda guriga; Waxaan rabay band 5 GHz iyo helitaanka degdeg ah ee faylasha qalabka kaydinta ee ku xiran router. . Ka dib markii aan eegay golayaasha gaarka ah (4pda, ixbt), goobo leh dib u eegis iyo fiirinta noocyada kala duwan ee dukaamada maxaliga ah, waxaan go'aansaday inaan iibsado Keenetic Ultra.
Dib u eegis wanaagsan oo ka yimid milkiilayaasha ayaa ka shaqeeyay doorka qalabkan gaarka ah:
- wax dhibaato ah ma leh kulaylka (halkan waa inaan iska dhaafno alaabada Asus);
- isku halaynta shaqada (halkan waxaan ka gudbay TP-Link);
- fududahay in la dejiyo (Waxaan ka baqay inaan xamili waayay oo aan ka gudbay Microtik).
Waxaan ku qasbanaay inaan la imaado qasaaraha:
- maya WiFi6, Waxaan rabay in aan qaato qalab leh kayd mustaqbalka;
- 4 dekedo LAN, waxaan rabay wax badan, laakiin tani hadda maaha qaybta guriga.
Natiijo ahaan, waxaan helnay "server"kan:
- dhanka bidix waxaa ku yaal terminaalka indhaha ee Rostelecom;
- dhanka midig waa routerkeena tijaabada ah;
- 2 GB m.128 SSD oo jiifa, oo lagu dhejiyay sanduuqa USB3 ee Aliexpress, wuxuu ku xiran yahay router oo leh fiilo, hadda si fiican ayaa loogu dhejiyaa derbiga;
- xagga hore waxa ku yaal xadhig fidineed oo leh godad si madaxbanaan u go'ay, fiilada ka soo baxdaa waxay u socotaa UPS aan qaali ahayn;
- Dhabarka dambe waxaa jira farabadan oo fiilooyinka lamaanaha ah - marxaladda dib-u-cusboonaysiinta guriga, waxaan isla markiiba qorsheeyey saldhigyada RJ45 ee meelihii qalabku yaalay, si aysan ugu tiirsanaanin in WiFi la daadiyo.
Markaa, waxaanu haysanaa qalabkii, waxaanu u baahanahay inaanu habayntiisa:
- Qalabaynta bilowga ah ee router-ku waxay qaadataa qiyaastii 2 daqiiqo, waxaan ku tusineynaa xuduudaha isku xirka bixiyaha (terminal my optical wuxuu u beddelay qaabka buundada, xiriirka PPPoE wuxuu kor u qaadayaa router), magaca shabakadda WiFi iyo erayga sirta ah - asal ahaan taasi waa sidaas. , router-ku wuu bilaabmaa oo shaqeeyaa.
Waxaan dejinay u gudbinta dekedaha dibadda dekedaha router laftiisa qaybta "Sharciga Shabakadda - Gudbinta":
Hadda waxaan u gudbi karnaa qaybta "horumarsan", waxa aan ka rabay router:
- shaqeynta NAS yar ee shabakada guriga;
- qabashada hawlaha server-ka ee dhowr bog oo gaar ah;
- shaqaynta daruuraha shakhsi ahaaneed ee helitaanka xogta shakhsi ahaaneed meel kasta oo adduunka ah.
Midka ugu horreeya waxaa lagu fuliyaa iyadoo la adeegsanayo qalab la dhisay, iyada oo aan loo baahnayn dadaal badan:
- Waxaan ku qaadanaa wadista loogu talagalay doorkan (flash drive, kaadhka xusuusta ee kaarka akhristaha, darawalka adag ama SSD sanduuqa dibadda ah oo u qaabaynno Ext4 annagoo adeegsanayna (Ma haysto kombuyuutar gacanta ku haya Linux, waxaa suurtogal ah qalab lagu dhex dhisay). Sida aan u fahmay, inta lagu jiro hawlgalka nidaamku wuxuu ku qoraa kaliya log-yada flash-ka, markaa haddii aad xaddiddo ka dib markaad dejiso nidaamka, waxaad sidoo kale isticmaali kartaa kaararka xusuusta haddii aad qorsheyneyso inaad wax badan ku qorto iyo inta badan darawalka - SSD ama HDD ayaa ka fiican.
Taas ka dib, waxaan ku xireynaa darawalka router waxaanan ku ilaalineynaa shaashadda nidaamka nidaamka
Guji "USB drives and printers" qaybta "Applications" oo u habbee qaybta "Shabakadda Windows" qaybta:
Oo waxaan haysanaa kheyraad shabakadeed oo laga isticmaali karo kombiyuutarada Windows, isku xira disk ahaan haddii loo baahdo: net use y: \ 192.168.1.1SSD / joogto ah: haa
Xawaaraha NAS ee la hagaajiyay ayaa ku filan isticmaalka guriga; Silig wuxuu isticmaalaa gigabit oo dhan, Wi-Fi xawaaruhu waa qiyaastii 400-500 megabits.
Dejinta kaydinta waa mid ka mid ah tallaabooyinka lagama maarmaanka ah si loo habeeyo server-ka, markaa waxaan u baahanahay:
- iyo ciwaanka IP-ga ee taagan (waxaad ku samayn kartaa tan la'aanteed adoo isticmaalaya Dynamic DNS, laakiin waxaan horay u haystay IP-ka taagan, markaa way fududahay in la isticmaalo - , Waxaan helnaa martigelinta DNS iyo boostada boggayaga);
- oo ku dar diiwaanno tilmaamaya IP-gaaga:
Waxay qaadataa dhowr saacadood in domainka iyo dejinta ergada DNS ay dhaqan galaan, marka waxaan isla mar ahaantaana dejineynaa router-ka.
Marka hore, waxaan u baahanahay inaan rakibno kaydka Entware, kaas oo aan ku rakibi karno xirmooyinka lagama maarmaanka ah ee router. Waan ka faa’iidaystay , kaliya ma soo dhejin xirmada rakibaadda iyada oo loo marayo FTP, laakiin waxay si toos ah u abuurtay fayl si toos ah darawalkii hore ee isku xirnaanta oo koobiyay faylka halkaas sida caadiga ah.
Markaad marin u hesho SSH, ku beddel erayga sirta ah amarka passwd oo ku rakib dhammaan baakadaha lagama maarmaanka u ah opkg install [package names] command:
Inta lagu jiro dejinta, xirmooyinka soo socda ayaa lagu rakibay router-ka (wax soo saarka liiska opkg-ku rakiban):
Liiska baakadaha
bashka - 5.0-3
busybox - 1.31.1-1
xirmo - 20190110-2
shahaadooyinka - 20190110-2
coreutils - 8.31-1
coreutils-mktemp - 8.31-1
cron - 4.1-3
curl - 7.69.0-1
diffutils - 3.7-2
hoos u dhac - 2019.78-3
entware-sii dayn - 1.0-2
Findutils - 4.7.0-1
glib2 - 2.58.3-5
grep - 3.4-1
ldconfig - 2.27-9
libatr - 2.4.48-2
libblkid - 2.35.1-1
libc - 2.27-9
libcurl - 7.69.0-1
libffi - 3.2.1-4
libgcc - 8.3.0-9
libiconv-full - 1.11.1-4
libintl-buuxa - 0.19.8.1-2
liblua - 5.1.5-7
libbedtls - 2.16.5-1
libmount - 2.35.1-1
libncures - 6.2-1
libncursesw - 6.2-1
libndm - 1.1.10-1a
libopenssl - 1.1.1d-2
libopenssl-conf - 1.1.1d-2
libpcap - 1.9.1-2
libpcre - 8.43-2
libpcre2 - 10.34-1
libpthread - 2.27-9
libreadline - 8.0-1a
librt - 2.27-9
libslang2 - 2.3.2-4
libssh2 - 1.9.0-2
libssp - 8.3.0-9
libstdcpp - 8.3.0-9
libuid - 2.35.1-1
libxml2 - 2.9.10-1
meelaha - 2.27-9
mc - 4.8.23-2
ndmq - 1.0.2-5a
nginx - 1.17.8-1
openssl-util - 1.1.1d-2
opkg — 2019-06-14-dcbc142e-2
door-ndmsv2 - 1.0-12
php7 - 7.4.3-1
php7-mod-openssl - 7.4.3-1
miskiinka - 1.31.1-2
terminfo - 6.2-1
zlib - 1.2.11-3
zoneinfo-asia - 2019c-1
zoneinfo-Yurub - 2019c-1
Waxaa laga yaabaa inay jiraan wax aad u sarreeya halkan, laakiin waxaa jiray boos badan oo wadista, markaa iskuma dhibin inaan eego.
Ka dib markii la rakibo xirmooyinka, waxaan dejineynaa nginx, waxaan isku dayay laba domains - kan labaad waxaa lagu qaabeeyey https, iyo hadda waxaa jira stub. Dekadaha gudaha 81 iyo 433 ayaa la isticmaalaa halkii ay ka ahaan lahaayeen 80 iyo 443, maadaama maamulaha routerku uu ku xidhan yahay dekedaha caadiga ah.
iwm/nginx/nginx.conf
user nobody;
worker_processes 1;
#error_log /opt/var/log/nginx/error.log;
#error_log /opt/var/log/nginx/error.log notice;
#error_log /opt/var/log/nginx/error.log info;
#pid /opt/var/run/nginx.pid;
events {
worker_connections 64;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log /opt/var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 81;
server_name milkov.su www.milkov.su;
return 301 https://milkov.su$request_uri;
}
server {
listen 433 ssl;
server_name milkov.su;
#SSL support
include ssl.conf;
location / {
root /opt/share/nginx/html;
index index.html index.htm;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
</spoiler>
<spoiler title="etc/nginx/ssl.conf">
ssl_certificate /opt/etc/nginx/certs/milkov.su/fullchain.pem;
ssl_certificate_key /opt/etc/nginx/certs/milkov.su/privkey.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
ssl_dhparam /opt/etc/nginx/dhparams.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_stapling on;Si ay goobta ugu shaqeyso iyada oo loo marayo https, waxaan isticmaalay qoraalka fuuqbaxa ee caanka ah, ku rakibida isticmaalaya . Nidaamkani wax dhib ah ma keenin, kaliya waxaan ku turunturoodey xaqiiqda ah in qoraalka qoraalka ah ee ka shaqeynaya router-kayga /opt/etc/ssl/openssl.cnf:
[openssl_conf]
#engines=enginesOo waxaan ogsoonahay in soo saarista dhparams.pem oo leh amarka "openssl dhparam -out dhparams.pem 2048" ee router-kayga waxay qaadataa in ka badan 2 saacadood, haddii aysan ahayn tusaha horumarka, waxaan ka lumi lahaa dulqaad iyo dib u kicin.
Ka dib markaad hesho shahaadooyinka, dib u bilaw nginx oo leh amarka "/opt/etc/init.d/S80nginx dib u bilow". Mabda 'ahaan, habayntu waa dhammaatay, laakiin weli ma jiro degel internet - haddii aan gelinno faylka index.html tusaha / share/nginx/html, waxaan arki doonaa stub.
index.html
<!DOCTYPE html>
<html>
<head>
<title>Тестовая страничка!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Тестовая страничка!</h1>
<p>Это простая статическая тестовая страничка, абсолютно ничего интересного.</p>
</body>
</html>Si loo meeleeyo macluumaadka si qurux badan, way u fududdahay qofka aan xirfadda lahayn ee aniga oo kale ah inuu isticmaalo habab diyaarsan; Baadhitaan dheer ka dib buugag kala duwan, waxaan helay - waxaa jira xulasho wanaagsan oo ah qaab-dhismeedka bilaashka ah oo aan u baahnayn u-jeedin (taas oo naadir ku ah internetka, inta badan moodooyinka liisanka ku jira waxay u baahan yihiin inaad kaydiso isku xirka kheyraadka laga helay).
Waxaan dooranaa template ku haboon - waxaa jira kuwo loogu talagalay xaalado kala duwan, soo dejiso kaydka oo ka soo saar / share / nginx / html directory, waxaad tan ka samayn kartaa kombiyuutarkaaga, ka dibna tafatir template (halkan waxaad u baahan doontaa aqoon yar). ee HTML si aysan u jabin qaab dhismeedka) oo beddel sawirada sida ka muuqata shaxanka hoose.
Soo koobid: router-ku aad ayuu ugu habboon yahay martigelinta degel iftiin leh, mabda 'ahaan - haddii aadan fileynin culeys weyn, waad awoodi kartaa , oo tijaabi mashaariic aad u adag (waxaan eegayaa nextcloud/owncloud, waxaad mooddaa in lagu rakibay qalab noocaas ah). Awoodda lagu rakibo xirmooyinka waxay kordhisaa faa'iidadeeda - tusaale ahaan, markii ay lagama maarmaan ahayd in la ilaaliyo dekedda RDP ee kombuyuutarka ee shabakadda maxalliga ah, waxaan ku rakibay garaaca router - iyo gudbinta dekedda ee kombuyuutarka ayaa la furay kaliya ka dib markii ay garaacday dekedda.
Waa maxay sababta router oo aan ahayn PC-ga caadiga ah? Router-ku waa mid ka mid ah qalabka kombiyuutarada ee ka shaqeeya saacad kasta guryo badan; router gurigu inta badan waa aamusnaan iyo goobta iftiinka leh ee wax ka yar boqol booqasho maalintiiba ma dhibayso gabi ahaanba.
Source: www.habr.com