Ukusingatha iwebhusayithi kumzila wakho wasekhaya

Sekuyisikhathi eside ngifuna "ukuthinta izandla zami" ezinsizeni ze-inthanethi ngokusetha iseva yewebhu kusukela ekuqaleni futhi ngiyikhiphe iye ku-inthanethi. Kulesi sihloko ngifuna ukwabelana ngolwazi lwami lokuguqula irutha yasekhaya isuka kudivayisi esebenza kakhulu ibe yiseva ecishe iphelele.

Konke kwaqala ngokuthi irutha ye-TP-Link TL-WR1043ND, eyayisebenze ngokwethembeka, yayingasahlangabezani nezidingo zenethiwekhi yasekhaya; Ngangifuna ibhendi engu-5 GHz nokufinyelela okusheshayo kumafayela kudivayisi yokugcina exhunywe kumzila. . Ngemva kokubheka izinkundla ezikhethekile (4pda, ixbt), amasayithi anokubuyekezwa nokubheka izinhlobonhlobo zezitolo zasendaweni, nginqume ukuthenga i-Keenetic Ultra.

Izibuyekezo ezinhle ezivela kubanikazi zisebenzele le divayisi ethile:

• azikho izinkinga ngokushisa ngokweqile (lapha kwakudingeka silahle imikhiqizo ye-Asus);
• ukuthembeka kokusebenza (lapha nginqamule i-TP-Link);
• kulula ukusetha (ngangesaba ukuthi angikwazi ukuyiphatha futhi ngeqa iMicrotik).

Kwadingeka ngibhekane nokungalungi:

• ayikho i-WiFi6, bengifuna ukuthatha imishini enendawo yokugcina isikhathi esizayo;
• 4 LAN port, bengifuna okwengeziwe, kodwa lesi akusesona isigaba sasekhaya.

Ngenxa yalokho, sithole le "seva":

• ngakwesobunxele i-optical terminal ye-Rostelecom;
• kwesokudla irutha yethu yokuhlola;
• i-2 GB m.128 SSD elele nxazonke, efakwe ebhokisini le-USB3 esuka ku-Aliexpress, ixhunywe kumzila ngocingo, manje ifakwe kahle odongeni;
• ngaphambili kunentambo yokunweba enamasokhethi anqanyuliwe ngokuzimela, ucingo olusuka kuyo luya ku-UPS engabizi;
• ngemuva kunenqwaba yezintambo ezisontekile - esigabeni sokuvuselela ifulethi, ngahlela masinyane amasokhethi e-RJ45 ezindaweni lapho imishini kwakufanele ibe khona, ukuze inganciki ekubhujisweni kwe-WiFi.

Ngakho, sinemishini, sidinga ukuyilungisa:

• Ukusetha kokuqala kwe-router kuthatha imizuzu emi-2, sibonisa imingcele yokuxhuma kumhlinzeki (itheminali yami yokubona ishintshelwa kumodi yebhuloho, uxhumano lwe-PPPoE luphakamisa umzila), igama lenethiwekhi ye-WiFi kanye nephasiwedi - ngokuyisisekelo yilokho , irutha iyaqala futhi isebenze.

Setha ukudluliselwa kwezimbobo zangaphandle kumachweba werutha ngokwayo esigabeni esithi “Imithetho Yenethiwekhi - Ukudlulisela phambili”:

Manje sesingadlulela engxenyeni "ethuthukisiwe", engangikufuna kumzila:

1. ukusebenza kwe-NAS encane yenethiwekhi yasekhaya;
2. ukwenza imisebenzi yeseva yewebhu kumakhasi amaningana ayimfihlo;
3. ukusebenza kwefu lomuntu siqu lokufinyelela idatha yomuntu siqu kusuka noma yikuphi emhlabeni.

Eyokuqala isetshenziswa kusetshenziswa amathuluzi akhelwe ngaphakathi, ngaphandle kokudinga umzamo omkhulu:

• Sithatha idrayivu ehloselwe le ndima (i-flash drive, imemori khadi kusifundi sekhadi, i-hard drive noma i-SSD ebhokisini langaphandle bese siyifometha ku-Ext4 sisebenzisa. I-MiniTool Partition Wizard Edition Free (Anginayo ikhompuyutha ene-Linux eduze, kungenzeka ngamathuluzi akhelwe ngaphakathi). Njengoba ngikuqonda, ngesikhathi sokusebenza uhlelo lubhala izingodo kuphela ku-flash drive, ngakho-ke uma uzikhawulela ngemuva kokusetha uhlelo, ungasebenzisa futhi imemori khadi uma uhlela ukubhala okuningi futhi kaningi ku-drive - i-SSD noma I-HDD ingcono.

Ngemuva kwalokhu, sixhuma idrayivu ku-router futhi siyibheke esikrinini sokuqapha uhlelo

Chofoza ku-“USB drives and printers” ukuze uye esigabeni esithi “Applications” bese usetha umthombo owabiwe esigabeni esithi “Network”. Windows»:

Futhi sinomthombo wenethiwekhi ongasetshenziswa kumakhompyutha angaphansi Windows, ukuyixhuma njengediski uma kudingeka: ​​ukusetshenziswa kwenethi y: \192.168.1.1SSD /persistent:yes

Ijubane laleyo NAS ethuthukisiwe lanele ukusetshenziswa kwasekhaya; phezu kwentambo isebenzisa yonke igigabit, phezu kwe-WiFi isivinini singama-megabits angu-400-500.

Ukusetha isitoreji ngesinye sezinyathelo ezidingekayo ukuze ulungiselele iseva, bese sidinga:
- thenga isizinda kanye nekheli le-IP elimile (ungakwenza ngaphandle kwalokhu ngokusebenzisa i-DNS yeDynamic, kodwa ngase ngine-IP emile, ngakho-ke kube lula ukuyisebenzisa. izinsiza zamahhala ze-Yandex - ngokudlulisela isizinda lapho, sithola ukusingathwa kwe-DNS kanye ne-imeyili esizindeni sethu);

- lungisa amaseva e-DNS bese wengeza amarekhodi A akhomba ku-IP yakho:

Kuthatha amahora ambalwa ukuthi isizinda kanye nezilungiselelo zokuthunyelwa kwe-DNS ziqale ukusebenza, ngakho-ke sisetha umzila kanye kanye.

Okokuqala, sidinga ukufaka inqolobane ye-Entware, lapho singafaka khona amaphakheji adingekayo kumzila. Ngasizakala ngalo myalelo, ayizange ilayishe iphakheji yokufaka nge-FTP, kodwa idale ifolda ngokuqondile kudrayivu yenethiwekhi exhunywe ngaphambili futhi yakopisha ifayela lapho ngendlela evamile.

Uma usuthole ukufinyelela nge-SSH, shintsha iphasiwedi ngomyalo we-passwd bese ufaka wonke amaphakheji adingekayo ngomyalo we-opkg install [amagama ephakheji]:

Ngesikhathi sokusetha, amaphakheji alandelayo afakwe kumzila (okukhiphayo komyalo ofakwe ohlwini lwe-opkg):

Uhlu lwamaphakheji
bash - 5.0-3
busybox - 1.31.1-1
i-ca-bundle - 20190110-2
ca-izitifiketi - 20190110-2
coreutils - 8.31-1
i-coreutils-mktemp - 8.31-1
cron - 4.1-3
curl - 7.69.0-1
ama-diffutils - 3.7-2
i-dropbear - 2019.78-3
ukukhishwa kwe-entware - 1.0-2
ukuthola - 4.7.0-1
glib2 - 2.58.3-5
grep - 3.4-1
ldconfig - 2.27-9
i-libattr - 2.4.48-2
libblkid - 2.35.1-1
libc - 2.27-9
i-libcurl - 7.69.0-1
i-libffi - 3.2.1-4
libgcc - 8.3.0-9
i-libiconv-igcwele - 1.11.1-4
i-libintl-igcwele - 0.19.8.1-2
i-liblue - 5.1.5-7
i-libmbedtls - 2.16.5-1
libmount - 2.35.1-1
ama-libncurses - 6.2-1
libncursesw - 6.2-1
libndm - 1.1.10-1a
libopenssl - 1.1.1d-2
libopenssl-conf - 1.1.1d-2
i-libpcap - 1.9.1-2
i-libpcre - 8.43-2
libpcre2 - 10.34-1
i-libpthread - 2.27-9
i-libreadline - 8.0-1a
i-librt - 2.27-9
libslang2 - 2.3.2-4
libssh2 - 1.9.0-2
i-libssp - 8.3.0-9
libstdcpp - 8.3.0-9
libuid - 2.35.1-1
libxml2 - 2.9.10-1
izindawo - 2.27-9
mc - 4.8.23-2
ndmq - 1.0.2-5a
nginx - 1.17.8-1
i-openssl-util - 1.1.1d-2
opkg — 2019-06-14-dcbc142e-2
ukukhetha-ndmsv2 - 1.0-12
php7 - 7.4.3-1
php7-mod-openssl - 7.4.3-1
ibhokisi elimpofu - 1.31.1-2
imininingwane - 6.2-1
zlib - 1.2.11-3
indawo info-asia - 2019c-1
i-zoneinfo-europe - 2019c-1

Mhlawumbe kwakukhona into engafanele lapha, kodwa kwakukhona isikhala esiningi ku-drive, ngakho-ke angizange ngizihluphe ngokuyibheka.

Ngemva kokufaka amaphakheji, silungiselela i-nginx, ngizame ngezizinda ezimbili - eyesibili ihlelwe nge-https, futhi okwamanje kukhona i-stub. Izimbobo zangaphakathi 81 kanye ne-433 zisetshenziswa esikhundleni sika-80 no-443, njengoba iphaneli yokulawula umzila ilenga ezimbobeni ezijwayelekile.

njll/nginx/nginx.conf

user  nobody;
worker_processes  1;
#error_log  /opt/var/log/nginx/error.log;
#error_log  /opt/var/log/nginx/error.log  notice;
#error_log  /opt/var/log/nginx/error.log  info;
#pid        /opt/var/run/nginx.pid;

events {
    worker_connections  64;
}

http {
    include       mime.types;
    default_type  application/octet-stream;
    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';
    #access_log  /opt/var/log/nginx/access.log main;
    sendfile        on;
    #tcp_nopush     on;
    #keepalive_timeout  0;
    keepalive_timeout  65;
    #gzip  on;

server {
    listen 81;
    server_name milkov.su www.milkov.su;
    return 301 https://milkov.su$request_uri;
}

server {
        listen 433 ssl;
        server_name milkov.su;
        #SSL support
        include ssl.conf;
        location / {
            root   /opt/share/nginx/html;
            index  index.html index.htm;
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
            }
        }
}
</spoiler>
<spoiler data-gt-translate-attributes='["title"]' title="etc/nginx/ssl.conf">
ssl_certificate /opt/etc/nginx/certs/milkov.su/fullchain.pem;
ssl_certificate_key /opt/etc/nginx/certs/milkov.su/privkey.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
ssl_dhparam /opt/etc/nginx/dhparams.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_stapling on;

Ukuze isiza sisebenze nge-https, ngisebenzise iskripthi esaziwayo esiphelelwe amanzi, ngisifaka ngisisebenzisa lomyalo. Le nqubo ayizange idale ubunzima, ngakhubeka kuphela eqinisweni lokuthi embhalweni weskripthi sokusebenza kumzila wami. udinga ukuphawula umugqa kufayela /opt/etc/ssl/openssl.cnf:

[openssl_conf]
#engines=engines

Futhi ngiyaqaphela ukuthi ukukhiqiza i-dhparams.pem ngomyalo othi “openssl dhparam -out dhparams.pem 2048” kumzila wami kuthatha amahora angaphezu kwama-2, uma kungenjalo ngenkomba yenqubekelaphambili, ngabe ngilahlekelwe isineke futhi ngiqalise kabusha.

Ngemva kokuthola izitifiketi, qala kabusha i-nginx ngomyalo othi “/opt/etc/init.d/S80nginx restart”. Empeleni, ukusetha kuqedile, kodwa akukabikho iwebhusayithi - uma sibeka ifayela le-index.html ku-directory /share/nginx/html, sizobona i-stub.

index.html

<!DOCTYPE html>
<html>
<head>
<title>Тестовая страничка!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Тестовая страничка!</h1>
<p>Это простая статическая тестовая страничка, абсолютно ничего интересного.</p>
</body>
</html>

Ukubeka ulwazi kahle, kulula kumuntu ongeyena uchwepheshe njengami ukuthi asebenzise izifanekiso esezilungile; ngemva kokusesha isikhathi eside kumakhathalogi ahlukahlukene, ngathola templatemo.com - kukhona ukukhetha okuhle kwezifanekiso zamahhala ezingadingi ukuchazwa (okuyivelakancane ku-inthanethi; izifanekiso eziningi ezikulayisense zidinga ukuthi ulondoloze isixhumanisi kunsiza ezitholwe kuyo).

Sikhetha ithempulethi efanelekile - kukhona ezinhlobonhlobo zamacala, landa ingobo yomlando bese uyikhipha ohlwini lwemibhalo /share/nginx/html, ungakwenza lokhu kusuka kukhompyutha yakho, bese uhlela ithempulethi (lapha uzodinga ulwazi oluncane). ye-HTML ukuze ungaphuli isakhiwo) bese ubuyisela ihluzo njengoba kukhonjisiwe esithombeni esingezansi.

Isifinyezo: i-router ifaneleka kakhulu ukubamba iwebhusayithi ekhanyayo kuyo, ngokuyisisekelo - uma ungalindele umthwalo omkhulu, ungakwazi faka futhi php, futhi uhlole amaphrojekthi ayinkimbinkimbi (ngibheka i-nextcloud/owncloud, kubonakala kunokufakwa okuphumelelayo kuhadiwe enjalo). Amandla okufaka amaphakheji akhulisa ukusetshenziswa kwawo - isibonelo, lapho kudingekile ukuvikela ichweba le-RDP le-PC kunethiwekhi yendawo, ngifake i-knock ku-router - futhi ukuthunyelwa kwechweba ku-PC kwavulwa kuphela ngemva kokungqongqoza kwechweba.

Kungani i-router hhayi i-PC evamile? Irutha ingenye yezingcezu ezimbalwa zekhompuyutha zezingxenyekazi zekhompuyutha ezisebenza ubusuku nemini ezindlini eziningi; umzila wasekhaya ngokuvamile awusho lutho futhi isayithi elikhanyayo elinokuvakasha okungaphansi kwekhulu ngosuku ngeke liyikhathaze nhlobo.

Source: www.habr.com