# Twister 在自托管的服务器上 This how-to is write for unix like operating system. ## 需求 总的来说 : * 一个随时开机的计算机 * 一个http代理 如果您想让全球都能访问 : * 公网IP * 域名 (可选) ## 安装 您可以参考您的系统的安装方式 建议 : * 为twister建立一个特殊的用户 ``` useradd -m -U -s /bin/false twister ``` ## 运行 您可以使用如下sh脚本运行 ```sh #!/bin/sh twisterd_user="twister" twisterd_path="/home/twister/twister-core.git/twisterd" twisterd_arg="-rpcuser=user -rpcpassword=pwd -rpcallowip=127.0.0.1" if [ 1 -ne $# ] then echo $0 "argument is (start|stop|restart|help)" elif [ "$1" = "start" ] then su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} -daemon" elif [ "$1" = "stop" ] then su -s /bin/sh $twisted_user -lc "${twisterd_path} ${twisterd_arg} stop" elif [ "$1" = "restart" ] then su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} stop" sleep 5 su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} -daemon" else echo $0 "argument is (start|stop|restart|help)" fi ``` ## Nginx 代理 Nginx 虚拟主机设定, 设置允许 / 拒绝 或者 认证_* 来定义谁可以访问您的twister托管 : 待办 : 添加HTTP认证选项 ``` upstream twister { server 127.0.0.1:28332; # Default twister port } server { listen 80; # listen 443; # Require ssl certificate server_name twister.exemple.com; # your host name server_tokens off; # don't show the version number, a security best practice # allow ip.ad.re.ss/mask # For allow ip can access of twister instance # deny ip.ad.re.ss/mask # For deny ip can access of twister instance # auth_basic "Restricted"; # Change this if you want string if you wan't # auth_basic_user_file htpasswd; # Your htpasswd filename use apache2 tools for generate this file # individual nginx logs for this vhost access_log /var/log/nginx/access.log.d/twister.log; error_log /var/log/nginx/error.log.d/twister.log; # Redirection location / { proxy_redirect off; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://twister; } } ``` 现在您可以到twister.example.com/index.html 或者 twister.example.com/home.html 但是 twister.example.com不是一个好主意 ## Apache 代理 我想让twister请求更安全一些,所以我重定向http到https了 ``` # 重定向从 http 到 https DocumentRoot /var/www/ ServerName twister.example.com RewriteEngine on RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 CustomLog /var/log/apache2/twister-access.log combined ErrorLog /var/log/apache2/twister-error.log # 真实的配置部分 ServerAdmin webmaster@localhost # Edit with your dns ServerName twister.example.com # Set DocumentRoot to twister html directory to let apache # serve static contents DocumentRoot /path/to/twister-html/ # Usage of a custom log path CustomLog /var/log/apache2/twister-access.log combined ErrorLog /var/log/apache2/twister-error.log # Enable SSL SSLEngine on SSLCertificateFile /etc/apache2/ssl/twister.example.com/ssl.crt SSLCertificateKeyFile /etc/apache2/ssl/twister.example.com/ssl.key SSLCertificateChainFile /etc/apache2/ssl/chain.crt # we use url rewriting for proxying RewriteEngine on # redirect / to /index.html if the request is # a GET request. Call to the API seems to be all POST RewriteCond %{THE_REQUEST} GET RewriteRule ^/$ /index.html [L] # proxy POST request to / to twister RewriteCond %{THE_REQUEST} POST RewriteRule ^/$ http://127.0.0.1:28332/ [P,QSA] # Authentication AuthUserFile /some/secure/path/.htpassword AuthGroupFile /dev/null AuthName "Accès sécurisé" AuthType Basic Require user twister ``` 现在来制作一个密码文件 (使用 -c 选项来创建文件): ``` twister@example:~$ htpasswd /some/secure/path/.htpassword twister New password: mon_jolie_mot_de_passe Re-type new password: mon_jolie_mot_de_passe Adding password for user twister twister@example:~$ cat /some/secure/path/.htpassword twister:$apr1$WpQNVebq$y4DyXYs06D2naWaDF0buM0 ``` 为了使认证能生效,需要使用和 /some/secure/path/.htpassword 文件以及 ``.twister/twister.conf`` 文件相同的密码。我们还需要增加服务twister并发线程的最大数目,我加到100了,我觉得这也不会增加服务器负担。 我的 ``.twister/twister.conf`` : ``` twister@example:~/.twister$ cat twister.conf rpcuser=twister rpcpassword=mon_jolie_mot_de_passe rpcthreads=100 rpcallowip=127.0.0.1 ```