# Twister 在自托管的服务器上
This how-to is write for unix like operating system.
## 需求
总的来说 :
* 一个随时开机的计算机
* 一个http代理
如果您想让全球都能访问 :
* 公网IP
* 域名 (可选)
## 安装
您可以参考您的系统的安装方式
建议 :
* 为twister建立一个特殊的用户
```
useradd -m -U -s /bin/false twister
```
## 运行
您可以使用如下sh脚本运行
```sh
#!/bin/sh
twisterd_user="twister"
twisterd_path="/home/twister/twister-core.git/twisterd"
twisterd_arg="-rpcuser=user -rpcpassword=pwd -rpcallowip=127.0.0.1"
if [ 1 -ne $# ]
then
echo $0 "argument is (start|stop|restart|help)"
elif [ "$1" = "start" ]
then
su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} -daemon"
elif [ "$1" = "stop" ]
then
su -s /bin/sh $twisted_user -lc "${twisterd_path} ${twisterd_arg} stop"
elif [ "$1" = "restart" ]
then
su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} stop"
sleep 5
su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} -daemon"
else
echo $0 "argument is (start|stop|restart|help)"
fi
```
## Nginx 代理
Nginx 虚拟主机设定, 设置允许 / 拒绝 或者 认证_* 来定义谁可以访问您的twister托管 :
待办 :
添加HTTP认证选项
```
upstream twister {
server 127.0.0.1:28332; # Default twister port
}
server {
listen 80; #
listen 443; # Require ssl certificate
server_name twister.exemple.com; # your host name
server_tokens off; # don't show the version number, a security best practice
# allow ip.ad.re.ss/mask # For allow ip can access of twister instance
# deny ip.ad.re.ss/mask # For deny ip can access of twister instance
# auth_basic "Restricted"; # Change this if you want string if you wan't
# auth_basic_user_file htpasswd; # Your htpasswd filename use apache2 tools for generate this file
# individual nginx logs for this vhost
access_log /var/log/nginx/access.log.d/twister.log;
error_log /var/log/nginx/error.log.d/twister.log;
# Redirection
location / {
proxy_redirect off;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://twister;
}
}
```
现在您可以到twister.example.com/index.html 或者 twister.example.com/home.html 但是 twister.example.com不是一个好主意
## Apache 代理
我想让twister请求更安全一些,所以我重定向http到https了
```
# 重定向从 http 到 https
DocumentRoot /var/www/
ServerName twister.example.com
RewriteEngine on
RewriteRule ^(.*)$ https://%{HTTP_HOST}$1
CustomLog /var/log/apache2/twister-access.log combined
ErrorLog /var/log/apache2/twister-error.log
# 真实的配置部分
ServerAdmin webmaster@localhost
# Edit with your dns
ServerName twister.example.com
# Set DocumentRoot to twister html directory to let apache
# serve static contents
DocumentRoot /path/to/twister-html/
# Usage of a custom log path
CustomLog /var/log/apache2/twister-access.log combined
ErrorLog /var/log/apache2/twister-error.log
# Enable SSL
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/twister.example.com/ssl.crt
SSLCertificateKeyFile /etc/apache2/ssl/twister.example.com/ssl.key
SSLCertificateChainFile /etc/apache2/ssl/chain.crt
# we use url rewriting for proxying
RewriteEngine on
# redirect / to /index.html if the request is
# a GET request. Call to the API seems to be all POST
RewriteCond %{THE_REQUEST} GET
RewriteRule ^/$ /index.html [L]
# proxy POST request to / to twister
RewriteCond %{THE_REQUEST} POST
RewriteRule ^/$ http://127.0.0.1:28332/ [P,QSA]
# Authentication
AuthUserFile /some/secure/path/.htpassword
AuthGroupFile /dev/null
AuthName "Accès sécurisé"
AuthType Basic
Require user twister
```
现在来制作一个密码文件 (使用 -c 选项来创建文件):
```
twister@example:~$ htpasswd /some/secure/path/.htpassword twister
New password: mon_jolie_mot_de_passe
Re-type new password: mon_jolie_mot_de_passe
Adding password for user twister
twister@example:~$ cat /some/secure/path/.htpassword
twister:$apr1$WpQNVebq$y4DyXYs06D2naWaDF0buM0
```
为了使认证能生效,需要使用和 /some/secure/path/.htpassword 文件以及 ``.twister/twister.conf`` 文件相同的密码。我们还需要增加服务twister并发线程的最大数目,我加到100了,我觉得这也不会增加服务器负担。
我的 ``.twister/twister.conf`` :
```
twister@example:~/.twister$ cat twister.conf
rpcuser=twister
rpcpassword=mon_jolie_mot_de_passe
rpcthreads=100
rpcallowip=127.0.0.1
```