# Twister on self-hosted server This how-to is write for unix like operating system. ## Require For all : * A computer can run every time * A http proxy If you wan't access with all world : * Public ip * Domain name (optional) ## Install You can follow install methode of your operating systeme. Recommend : * Use a specific user for twister ``` useradd -m -U -s /bin/false twister ``` ## Running You can run twister as you like, but this sh script is pretty fun : ```sh #!/bin/sh twisterd_user="twister" twisterd_path="/home/twister/twister-core.git/twisterd" twisterd_arg="-rpcuser=user -rpcpassword=pwd -rpcallowip=127.0.0.1" if [ 1 -ne $# ] then echo $0 "argument is (start|stop|restart|help)" elif [ "$1" = "start" ] then su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} -daemon" elif [ "$1" = "stop" ] then su -s /bin/sh $twisted_user -lc "${twisterd_path} ${twisterd_arg} stop" elif [ "$1" = "restart" ] then su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} stop" sleep 5 su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} -daemon" else echo $0 "argument is (start|stop|restart|help)" fi ``` ## Nginx proxy Nginx vhost setting, set allow / deny or auth_* for specify who can connect to your twister instance : TODO : Add http authetification settings ``` upstream twister { server 127.0.0.1:28332; # Default twister port } server { listen 80; # listen 443; # Require ssl certificate server_name twister.exemple.com; # your host name server_tokens off; # don't show the version number, a security best practice # allow ip.ad.re.ss/mask # For allow ip can access of twister instance # deny ip.ad.re.ss/mask # For deny ip can access of twister instance # auth_basic "Restricted"; # Change this if you want string if you wan't # auth_basic_user_file htpasswd; # Your htpasswd filename use apache2 tools for generate this file # individual nginx logs for this vhost access_log /var/log/nginx/access.log.d/twister.log; error_log /var/log/nginx/error.log.d/twister.log; # Redirection location / { proxy_redirect off; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://twister; } } ``` Now you can go to twister.exemple.com/index.html or twister.exemple.com/home.html, twister.exemple.com isn't good way you or other can't do any think. ## Apache proxy I supose here we want all request to twister to be secure by https, so I redirect http request to https ``` # The redirection from http to https DocumentRoot /var/www/ ServerName twister.example.com RewriteEngine on RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 CustomLog /var/log/apache2/twister-access.log combined ErrorLog /var/log/apache2/twister-error.log # The real part of the configuration ServerAdmin webmaster@localhost # Edit with your dns ServerName twister.example.com # Set DocumentRoot to twister html directory to let apache # serve static contents DocumentRoot /path/to/twister-html/ # Usage of a custom log path CustomLog /var/log/apache2/twister-access.log combined ErrorLog /var/log/apache2/twister-error.log # Enable SSL SSLEngine on SSLCertificateFile /etc/apache2/ssl/twister.example.com/ssl.crt SSLCertificateKeyFile /etc/apache2/ssl/twister.example.com/ssl.key SSLCertificateChainFile /etc/apache2/ssl/chain.crt # we use url rewriting for proxying RewriteEngine on # redirect / to /index.html if the request is # a GET request. Call to the API seems to be all POST RewriteCond %{THE_REQUEST} GET RewriteRule ^/$ /index.html [L] # proxy POST request to / to twister RewriteCond %{THE_REQUEST} POST RewriteRule ^/$ http://127.0.0.1:28332/ [P,QSA] # Authentication AuthUserFile /some/secure/path/.htpassword AuthGroupFile /dev/null AuthName "Accès sécurisé" AuthType Basic Require user twister ``` Now making the password file (add -c option if you are creating the file): ``` twister@example:~$ htpasswd /some/secure/path/.htpassword twister New password: mon_jolie_mot_de_passe Re-type new password: mon_jolie_mot_de_passe Adding password for user twister twister@example:~$ cat /some/secure/path/.htpassword twister:$apr1$WpQNVebq$y4DyXYs06D2naWaDF0buM0 ``` For the authentication to work, we need to use the same user and password in the /some/secure/path/.htpassword file and in the ``.twister/twister.conf``. We also need to increse the maximum number of concurrent threads serving twister. I put 100 by guess (default is 4), it works for me without increasing the load on my server. My ``.twister/twister.conf`` : ``` twister@example:~/.twister$ cat twister.conf rpcuser=twister rpcpassword=mon_jolie_mot_de_passe rpcthreads=100 rpcallowip=127.0.0.1 ```