Hey Xabr!
Yaqinda men Internetga to'liq kirish imkoni bo'lmagan korporativ tarmoq ichida ishlash kerak bo'lgan vaziyatga tushib qoldim va sarlavhadan taxmin qilganingizdek, unda Telegram bloklangan edi. Ishonchim komilki, bu holat ko'pchilikka tanish.
Men messenjerlarsiz ham qila olaman, lekin ish uchun menga Telegram kerak edi. Mijozni ish mashinasiga o'rnatish va shaxsiy noutbukdan foydalanish mumkin emas edi. Yana bir yechim uni ishlatish kabi ko'rinadi
Yaxshiyamki, Webogram ochiq kodli loyiha bo'lib, uning manba kodi mavjud
O'rnatish va ishga tushirishning o'zi qiyin emas, ammo Telegram serverlariga kirish bloklangan tarmoq ichida ishlash sharoitida muvaffaqiyatdan ko'ra hafsalamiz pir bo'ladi, chunki veb-versiya Telegram serverlariga foydalanuvchi mashinasidan so'rovlar yuboradi.
Yaxshiyamki, bu juda oddiy (lekin unchalik aniq emas) tuzatish. Men sizni ogohlantirmoqchimanki, men ushbu yechimning muallifi emasman. Men uni ichidan topishga muvaffaq bo'ldim
Kesim ostida siz Webogram oynangizni bosqichma-bosqich sozlash va nginx yordamida Telegram serverlariga uning so'rovlarini proksi-server orqali yuborishni o'rnatishni topasiz.
Misol tariqasida men yangi o'rnatilgan va yangilangan Ubuntu Server 18.04.3 ni tanladim.
Ogohlantirish: Ushbu qo'llanma nginx-da domenni sozlash bo'yicha ko'rsatmalarni o'z ichiga olmaydi. Buni o'zingiz qilishingiz kerak. Qo'llanmada siz allaqachon ssl bilan domenni sozlaganligingiz va uni sozlashni rejalashtirgan serverning o'zi Telegram serverlariga kirish huquqiga ega ekanligi ko'rsatilgan (siz xohlagan tarzda)
Faraz qilaylik, ushbu serverning IP-si 10.23.0.3, domen nomi esa mywebogram.localhost.
Ushbu konventsiyalarga asoslanib, men konfiguratsiyalarga misollar keltiraman. Qadriyatlarni o'zingizga o'zgartirishni unutmang.
Shunday qilib, boshlaymiz:
Webogramni ishga tushirish uchun bizga nodejs kerak. Odatiy bo'lib, agar biz uni Ubuntu omborlaridan o'rnatsak, biz nodejs 8.x versiyasini olamiz. Bizga 12.x kerak:
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
sudo apt update && sudo apt -y install nodejs
Biz Webogramimiz joylashgan joyni tanlaymiz.
Masalan, uni uy katalogining ildiziga joylashtiramiz. Buning uchun rasmiy omborni serverimizga klonlang:
cd ~ && git clone https://github.com/zhukov/webogram.git
Keyingi qadam dasturni ishga tushirish uchun zarur bo'lgan barcha bog'liqliklarni o'rnatishdir:
cd webogram && npm install
Keling, sinovdan o'taylik. Buyruqni ishga tushiring:
npm start
Shundan so'ng biz uni brauzerda ochishga harakat qilamiz
http://10.23.0.3:8000/app/index.html
Agar shu nuqtaga qadar siz hamma narsani to'g'ri bajargan bo'lsangiz, Webogram avtorizatsiya sahifasi ochiladi.
Endi biz dasturni xizmat sifatida ishlash uchun sozlashimiz kerak. Buning uchun fayl yaratamiz
sudo touch /lib/systemd/system/webogram.service
uni istalgan muharrirda oching va unga quyidagi ko'rinishni bering (WorkDirectory yo'lingizni kiriting)
[Unit]
Description=Webogram mirror
[Service]
WorkingDirectory=/home/tg/webogram
ExecStart=/usr/bin/npm start
SuccessExitStatus=143
TimeoutStopSec=10
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
Keyin biz quyidagi buyruqlarni bajaramiz:
O'zgarishlarni qo'llash
sudo systemctl daemon-reload
Avtomatik ishga tushirishni yoqish:
sudo systemctl enable webogram.service
Xizmatni boshlaylik:
sudo systemctl start webogram.service
Qadamlarni bajarganingizdan so'ng, Webogram 8000 portida mavjud bo'lib qoladi.
Biz nginx orqali Webogramimizga kirishni o'rnatganimiz sababli, tashqaridan kelgan so'rovlar uchun 8000 portni yopamiz.
Buning uchun biz udf yordam dasturidan foydalanamiz (yoki siz uchun qulay bo'lgan har qanday usul):
sudo ufw deny 8000
Agar siz hali ham udf-dan foydalanishga qaror qilsangiz, lekin u serverda o'chirilgan bo'lsa, qo'shimcha qoidalar qo'shing (hamma narsa buzilmasligi uchun) va udf-ni yoqing:
sudo ufw allow ssh
sudo ufw allow 80
sudo ufw allow 443
sudo ufw enable
Keyinchalik, nginx konfiguratsiyasini o'zgartirishni boshlaylik.
Yuqorida ogohlantirganimdek, serveringizda ssl bilan domen allaqachon sozlangan deb taxmin qilinadi. Men sizning e'tiboringizni faqat domen konfiguratsiya fayli to'g'ri ishlashi uchun unga nima qo'shish kerakligiga qarataman:
server {
...
location ^~ /pluto/apiw1/ {
proxy_pass https://pluto.web.telegram.org/apiw1/;
}
location ^~ /venus/apiw1/ {
proxy_pass https://venus.web.telegram.org/apiw1/;
}
location ^~ /aurora/apiw1/ {
proxy_pass https://aurora.web.telegram.org/apiw1/;
}
location ^~ /vesta/apiw1/ {
proxy_pass https://vesta.web.telegram.org/apiw1/;
}
location ^~ /flora/apiw1/ {
proxy_pass https://flora.web.telegram.org/apiw1/;
}
location ^~ /pluto-1/apiw1/ {
proxy_pass https://pluto-1.web.telegram.org/apiw1/;
}
location ^~ /venus-1/apiw1/ {
proxy_pass https://venus-1.web.telegram.org/apiw1/;
}
location ^~ /aurora-1/apiw1/ {
proxy_pass https://aurora-1.web.telegram.org/apiw1/;
}
location ^~ /vesta-1/apiw1/ {
proxy_pass https://vesta-1.web.telegram.org/apiw1/;
}
location ^~ /flora-1/apiw1/ {
proxy_pass https://flora-1.web.telegram.org/apiw1/;
}
location ^~ /DC1/ {
proxy_pass http://149.154.175.10:80/;
}
location ^~ /DC2/ {
proxy_pass http://149.154.167.40:80/;
}
location ^~ /DC3/ {
proxy_pass http://149.154.175.117:80/;
}
location ^~ /DC4/ {
proxy_pass http://149.154.175.50:80/;
}
location ^~ /DC5/ {
proxy_pass http://149.154.167.51:80/;
}
location ^~ /DC6/ {
proxy_pass http://149.154.175.100:80/;
}
location ^~ /DC7/ {
proxy_pass http://149.154.167.91:80/;
}
location ^~ /DC8/ {
proxy_pass http://149.154.171.5:80/;
}
location / {
auth_basic "tg";
auth_basic_user_file /etc/nginx/passwd.htpasswd;
proxy_pass http://localhost:8000/;
proxy_read_timeout 90s;
proxy_connect_timeout 90s;
proxy_send_timeout 90s;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
Nginx konfiguratsiyasiga nima qo'shamiz:
- Biz Webogram javob beradigan 8000 portiga proksi-so'rov yuboradigan ildiz manzilini o'zgartiramiz
- Basic-auth yordamida ildiz o'rnini yopamiz. Bu bizning ilovamizni begona ko'zlar va botlardan yopish uchun oddiy ramziy qadamdir. (Shuningdek, blokirovka bilan bog'liq muammolarni oldini olish uchun)
- Telegram serveridagi proxy_path bilan bir qator manzillar bizning so'rovlarimizni proksi-server orqali yuboradigan so'nggi nuqtalarimizdir.
Bundan tashqari, fayl yarataylik /etc/nginx/passwd.htpasswd;
Shunday qilib, nginx foydalanuvchi parollarini tekshirish uchun biror narsaga ega.
sudo apt install apache2-utils
sudo htpasswd -c /etc/nginx/passwd.htpasswd tg
Nginx-ni qayta ishga tushiring:
sudo systemctl restart nginx
Endi Webogram faqat quyidagi manzilda mavjud bo'ladi
Oz qoldi: biz loyihaning o'ziga kichik o'zgarishlar kiritamiz.
Faylni muharrirda oching ~/webogram/app/js/lib/mtproto.js
Va uning boshlanishini quyidagi shaklga keltiring:
/*!
* Webogram v0.7.0 - messaging web application for MTProto
* https://github.com/zhukov/webogram
* Copyright (C) 2014 Igor Zhukov <[email protected]>
* https://github.com/zhukov/webogram/blob/master/LICENSE
*/
angular.module('izhukov.mtproto', ['izhukov.utils'])
.factory('MtpDcConfigurator', function () {
var sslSubdomains = ['pluto', 'venus', 'aurora', 'vesta', 'flora']
var dcOptions = Config.Modes.test
? [
{id: 1, host: 'mywebogram.localhost/DC1', port: 80},
{id: 2, host: 'mywebogram.localhost/DC2', port: 80},
{id: 3, host: 'mywebogram.localhost/DC3', port: 80}
]
: [
{id: 1, host: 'mywebogram.localhost/DC4', port: 80},
{id: 2, host: 'mywebogram.localhost/DC5', port: 80},
{id: 3, host: 'mywebogram.localhost/DC6', port: 80},
{id: 4, host: 'mywebogram.localhost/DC7', port: 80},
{id: 5, host: 'mywebogram.localhost/DC8', port: 80}
]
var chosenServers = {}
function chooseServer (dcID, upload) {
if (chosenServers[dcID] === undefined) {
var chosenServer = false,
i, dcOption
if (Config.Modes.ssl || !Config.Modes.http) {
var subdomain = sslSubdomains[dcID - 1] + (upload ? '-1' : '')
var path = Config.Modes.test ? 'apiw_test1' : '/apiw1/'
chosenServer = 'https://mywebogram.localhost/' + subdomain + path
return chosenServer
}
for (i = 0; i < dcOptions.length; i++) {
dcOption = dcOptions[i]
if (dcOption.id == dcID) {
chosenServer = 'http://' + dcOption.host + '/apiw1'
break
}
}
chosenServers[dcID] = chosenServer
}
...
Shundan so'ng, brauzerda dastur sahifasini yangilashingiz kerak.
Brauzer konsolini oching va ilovaning tarmoq so'rovlariga qarang. Agar hamma narsa ishlayotgan bo'lsa va XHR so'rovlari serveringizga tushsa, unda hamma narsa to'g'ri bajarilgan va Webogram endi nginx orqali proksilangan.
Umid qilamanki, ushbu qo'llanma mendan boshqa kimgadir foydali bo'ladi.
Oxirigacha o'qigan barchaga katta rahmat.
Agar kimdir biron bir qiyinchilikka duch kelsa yoki men biron bir noaniqlik qilsam, men javob berishdan xursand bo'laman va sharhlarda yoki PMda sizga yordam berishga harakat qilaman.
Manba: www.habr.com