Ndiyimisela njani i-OpenLiteSpeed ukubuyisela umva ummeleli kwi-Nextcloud kwinethiwekhi yangaphakathi?
Okumangalisayo kukuba, ukukhangela kwi-Habré ye-OpenLiteSpeed akuniki nto! Ndikhawulezisa ukulungisa le ntswela-bulungisa, kuba i-LSWS ngumncedisi wewebhu onesidima. Ndiyayithanda ngesantya sayo kunye nojongano oluhle lolawulo lwewebhu:
Nangona i-OpenLiteSpeed idume kakhulu njenge "accelerator" ye-WordPress, kwinqaku lanamhlanje ndiza kukubonisa ukusetyenziswa kwayo ngokuthe ngqo. Oku kukuthi ukubuyisela umva ummeli wezicelo (ummeli wokubuyisela umva). Uthi kuqhelekile ukusebenzisa i-nginx kule nto? Ndiya kuvuma. Kodwa kubuhlungu kakhulu ukuba siye sathandana neLSWS!
Ukwenza ummeli kulungile, kodwa phi? Akukho nkonzo incinci imangalisayo-i-Nextcloud. Sisebenzisa i-Nextcloud ukwenza "amafu okwabelana ngefayile" yabucala. Kumthengi ngamnye, sabela i-VM eyahlukileyo kunye ne-Nextcloud, kwaye asifuni ukuyiveza "ngaphandle". Endaweni yoko, sicela ummeli nge-common reverse reverse. Esi sisombululo sivumela:
1) susa umncedisi apho idatha yomxhasi igcinwa kwi-Intanethi kwaye
2) gcina iidilesi ze-ip.
Umzobo ujongeka ngoluhlobo:
Kucacile ukuba iskimu senziwe lula, kuba umbutho wesiseko seenkonzo zewebhu awukho isihloko senqaku lanamhlanje.
Kwakhona kweli nqaku ndiya kushiya ufakelo kunye noqwalaselo olusisiseko lwefu elandelayo, ngakumbi kuba uHabré unezixhobo kulo mbandela. Kodwa ngokuqinisekileyo ndiya kubonisa useto, ngaphandle kokuba i-Nextcloud ayiyi kusebenza emva kommeleli.
Nikiwe:
I-Nextcloud ifakwe kwi-host 1 kwaye ilungiselelwe ukuba isebenze ngaphezulu kwe-http (ngaphandle kwe-SSL), inonxibelelwano lwenethiwekhi yendawo kuphela kunye nedilesi ye-IP "engwevu" 172.16.22.110.
Masiqwalasele i-OpenLiteSpeed kwi-host 2. Ineendlela ezimbini zokujongana, zangaphandle (zijonge kwi-Intanethi) kunye nezangaphakathi kunye nedilesi ye-IP kwinethiwekhi 172.16.22.0/24
Idilesi ye-IP yojongano lomamkeli wesi-2 ligama le-DNS elithi cloud.connect.link
Umsebenzi:
Fumana kwi-Intanethi ngekhonkco '' (SSL) ukuya kwi-Nextcloud kwinethiwekhi yangaphakathi.
- Ukufaka i-OpenLiteSpeed ku-Ubuntu 18.04.2.
Makhe songeze indawo yokugcina:
wget -O | sudo bash
sudo apt-get update
faka, qhuba:
sudo apt-fumana ukufaka i-openlitespeed
sudo /usr/local/lsws/bin/lswsctrl qala
- Ukuseta i-firewall encinci.
sudo ufw vumela i-ssh
sudo ufw engagqibekanga ivumela ephumayo
sudo ufw engagqibekanga yala engenayo
Sudo ufw vumela http
sudo ufw ukuvumelahttps
sudo ufw vumela ukusuka umphathi wakho wabaphathi nakweliphi na izibuko 7080
sudo ufw inceda - Seta i-OpenLiteSpeed njenge-proxy ebuyela umva.
Masenze abalawuli phantsi kwe-virtualhost.cd /usr/local/lsws/
sudo mkdirc cloud.connect.link
cd cloud.connect.link/
sudo mkdir {conf,html,logs}
sudo chown lsadm:lsadm ./conf/
Masiqwalasele umamkeli wenyani ukusuka kujongano lwewebhu lwe-LSWS.
Vula ulawulo lwe-url
Ukungena ngokusisigxina/igama lokugqitha: admin/123456
Yongeza umamkeli obonakalayo (Iinginginya ezizizo > Yongeza).
Xa ukongeza, umyalezo wephutha uya kuvela - ifayile yoqwalaselo ilahlekile. Oku kuqhelekile, kusombululwe ngokunqakraza ukwenza.
Kwi-General tab, khankanya iNgcambu yoXwebhu (nangona ingafuneki, uqwalaselo aluyi kuthatha ngaphandle kwalo). Igama leDomain, ukuba alichazwanga, liya kuthathwa kwiGama loMamkeli Obonakalayo, esilithiye igama lesizinda sethu.
Ngoku lixesha lokukhumbula ukuba asinayo nje iseva yewebhu, kodwa i-proxy ebuyela umva. Ezi zicwangciso zilandelayo ziya kuxelela i-LSWS ukuba imele ntoni kwaye phi. Kuseto lwe-virtualhost, vula ithebhu ye-App yangaphandle kwaye wongeze usetyenziso olutsha lohlobo lweseva yeWebhu:
Chaza igama kunye nedilesi. Ungakhankanya igama elingenasizathu, kodwa kufuneka ulikhumbule, liya kuba luncedo kumanyathelo alandelayo. Idilesi yile apho i-Nextcloud ihlala khona kwinethiwekhi yangaphakathi:
Kwisetingi ezifanayo zomamkeli, vula Umxholo isithuba kwaye wenze umxholo omtsha wohlobo lweProxy:
Chaza iiparamitha: URI = /, Umncedisi weWebhu = nextcloud_1 (igama elisuka kwinyathelo langaphambili)
Qala kwakhona i-LSWS. Oku kwenziwa ngonqakrazo olunye kujongano lwewebhu, imimangaliso! (umthwali wempuku welifa uthetha kum)
- Sibeka isatifikethi, qwalasela i-https.
siya kuyishiya, sivume ukuba sele sinayo kwaye silale nesitshixo kwi/etc/letsencrypt/live/cloud.connect.link directory.
Masenze "umphulaphuli" (Abaphulaphuli> Yongeza), masiyibize ngokuthi "https". Yalathe kwi-port 443 kwaye uqaphele ukuba iya kuKhuselwa:
Kwisithuba se-SSL, khankanya umendo oya kwisitshixo kunye nesatifikethi:
"Umphulaphuli" wenziwa, ngoku kwicandelo le-Virtual Host Mappings siyakongeza umamkeli wethu kulo:
Ukuba i-LSWS iya kuba ngummeli kwinkonzo enye kuphela, uqwalaselo lungagqitywa. Kodwa siceba ukuyisebenzisa ukuthumela izicelo "kwiimeko" ezahlukeneyo ngokuxhomekeke kwigama lesizinda. Kwaye zonke iindawo ziya kuba neziqinisekiso zazo. Ke ngoko, kufuneka uye kuqwalaselo lwe-virtualhost kwaye kwakhona ucacise isitshixo sayo kunye nesatifikethi kwithebhu ye-SSL. Kwixesha elizayo, oku kufuneka kwenziwe kumamkeli ngamnye omtsha onenyani.
Kuhlala kuqwalaselwe ukubhalwa kwakhona kwe-url ukuze izicelo ze-http ziqwalaselwe ku-https.
(Ngendlela, kuya kuphela nini oku? Lixesha lokuba izikhangeli kunye nezinye iisoftware ziye kwi-https ngokungagqibekanga, kwaye zigqithise kwi-no-SSL ngesandla ukuba kuyimfuneko).
Layita Yenza ukuBhala kwakhona kwaye ubhale kwakhona iMithetho:
Phinda ubhale uGciniwe%{SERVER_PORT} 80
Phinda ubhale umgaqo ^(.*)$ } [R=301,L]
Ngenxa yokungaqondani okungaqhelekanga, akunakwenzeka ukusebenzisa imithetho yokuphinda ubhale ngokuqala ngokutsha okuqhelekileyo kweGraceful. Ke ngoko, siya kuphinda siqalise i-LSWS hayi ngobubele, kodwa ngobukrwada nangokufanelekileyo:
sudo systemctl qala kwakhona lsws.service
Ukwenza umncedisi amamele izibuko 80, masidale omnye uMphulaphuli. Masiyibize nge-http, cacisa izibuko le-80 kwaye ayizukuKhuseleka:
Ngothelekiso kunye nesetingi yomphulaphuli we-https, masincamathisele umamkeli wethu kuyo.
Ngoku i-LSWS iya kuphulaphula kwi-port 80 kwaye ithumele izicelo ku-443 ukusuka kuyo, iphinda ibhale i-url.
Ukuqukumbela, ndincoma ukuthoba inqanaba lokungena kwi-LSWS, ebekwe kwi-Debug ngokungagqibekanga. Kule modi, iinkuni ziphindaphindeka ngesantya sombane! Kwiimeko ezininzi, inqanaba lesilumkiso lanele. Yiya kuLungiselelo lweSeva> Log:
Oku kugqiba ukucwangciswa kwe-OpenLiteSpeed njenge-proxy ebuyela umva. Kwakhona, qala kwakhona i-LSWS, landela ikhonkco kwaye ubone:
Ukuze i-Nextcloud isivumele ukuba singene, kufuneka songeze isizinda se-cloud.connect.link kuluhlu oluthembekileyo. Masiyokuhlela i-config.php. Ndifake i-Nextcloud ngokuzenzekelayo xa ufaka Ubuntu kwaye uqwalaselo lukhona apha: /var/snap/nextcloud/current/nextcloud/config.
Yongeza i-'cloud.connect.link' ipharamitha kwisitshixo se-trusted_domains:
'trusted_domains' =>
uluhlu (
0 => '172.16.22.110',
1 => 'cloud.connect.link',
),
Ngaphaya koko, kuqwalaselo olufanayo, kufuneka ucacise idilesi ye-IP yommeli wethu. Nditsala ingqalelo yakho kwinto yokuba idilesi kufuneka icaciswe leyo ibonakala kumncedisi weNextcloud, okt. I-IP yojongano lwendawo lwe-LSWS. Ngaphandle kweli nyathelo, i-Nextcloud web interface isebenza, kodwa izicelo azigunyaziswanga.
'trusted_proxies' =>
uluhlu (
0 => '172.16.22.100',
),
Kulungile, emva koko sinokungena kwi-interface yogunyaziso:
Ingxaki isonjululwe! Ngoku umxhasi ngamnye unokusebenzisa ngokukhuselekileyo "ilifu lefayile" kwi-url yakhe yobuqu, umncedisi oneefayile uhlukaniswe kwi-Intanethi, abathengi bexesha elizayo baya kufumana yonke into efanayo kwaye akukho dilesi ye-IP eyongezelelweyo iya kuchaphazeleka.
Ukongeza, ungasebenzisa i-proxy ebuyela umva ukuhambisa umxholo omileyo, kodwa kwimeko ye-Nextcloud, oku akuyi kunika ukwanda okubonakalayo kwisantya. Ngoko ke kuyakhethwa kwaye kuyakhethwa.
Ndiyavuya ukwabelana ngeli bali, ndiyathemba ukuba liya kuba luncedo emntwini. Ukuba uyazazi iindlela ezintle nezisebenzayo zokusombulula ingxaki, ndiya kuba nombulelo ngamagqabantshintshi!
umthombo: www.habr.com