Table of Contents

Twister on self-hosted server

This how-to is write for unix like operating system.

Require

For all :

If you wan't access with all world :

Install

You can follow install methode of your operating systeme.

Recommend :

useradd -m -U -s /bin/false twister

Running

You can run twister as you like, but this sh script is pretty fun :

#!/bin/sh

twisterd_user="twister"
twisterd_path="/home/twister/twister-core.git/twisterd"
twisterd_arg="-rpcuser=user -rpcpassword=pwd -rpcallowip=127.0.0.1"

if [ 1 -ne $#  ]
then
    echo $0 "argument is (start|stop|restart|help)"
elif [ "$1" = "start" ]
then
    su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} -daemon"
elif [ "$1" = "stop" ]
then
    su -s /bin/sh $twisted_user -lc "${twisterd_path} ${twisterd_arg} stop"
elif [ "$1" = "restart" ]
then
    su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} stop"
    sleep 5
    su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} -daemon"
else
    echo $0 "argument is (start|stop|restart|help)"
fi

Nginx proxy

Nginx vhost setting, set allow / deny or auth_* for specify who can connect to your twister instance :

TODO : Add http authetification settings

upstream twister {
  server 127.0.0.1:28332; # Default twister port
}

server { 
  listen 80;         # 
  listen 443;        # Require ssl certificate 
  server_name twister.exemple.com;     # your host name
  server_tokens off;     # don't show the version number, a security best practice

  # allow ip.ad.re.ss/mask # For allow ip can access of twister instance
  # deny ip.ad.re.ss/mask # For deny ip can access of twister instance

  # auth_basic          "Restricted"; # Change this if you want string if you wan't
  # auth_basic_user_file  htpasswd; # Your htpasswd filename use apache2 tools for generate this file 

  # individual nginx logs for this vhost
  access_log  /var/log/nginx/access.log.d/twister.log;
  error_log   /var/log/nginx/error.log.d/twister.log;

  # Redirection
  location / {
    proxy_redirect     off;

    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_set_header   Host              $http_host;
    proxy_set_header   X-Real-IP         $remote_addr;

    proxy_pass http://twister;
  }
}

Now you can go to twister.exemple.com/index.html or twister.exemple.com/home.html, twister.exemple.com isn't good way you or other can't do any think.

Apache proxy

I supose here we want all request to twister to be secure by https, so I redirect http request to https

# The redirection from http to https
<VirtualHost *:80>
        DocumentRoot /var/www/
        ServerName twister.example.com
        <IfModule mod_rewrite.c>
                RewriteEngine on
                RewriteRule ^(.*)$ https://%{HTTP_HOST}$1
        </IfModule>

        CustomLog /var/log/apache2/twister-access.log combined
        ErrorLog /var/log/apache2/twister-error.log
</VirtualHost>

# The real part of the configuration
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        # Edit with your dns
        ServerName twister.example.com

        # Set DocumentRoot to twister html directory to let apache
        # serve static contents
        DocumentRoot /path/to/twister-html/

        # Usage of a custom log path
        CustomLog /var/log/apache2/twister-access.log combined
        ErrorLog  /var/log/apache2/twister-error.log

        # Enable SSL
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/twister.example.com/ssl.crt
        SSLCertificateKeyFile /etc/apache2/ssl/twister.example.com/ssl.key
        SSLCertificateChainFile /etc/apache2/ssl/chain.crt

        # we use url rewriting for proxying
        RewriteEngine on

        # redirect / to /index.html if the request is
        # a GET request. Call to the API seems to be all POST
        RewriteCond %{THE_REQUEST} GET
        RewriteRule ^/$ /index.html [L]

        # proxy POST request to / to twister 
        RewriteCond %{THE_REQUEST} POST
        RewriteRule ^/$ http://127.0.0.1:28332/ [P,QSA]

        # Authentication
        <Location />
                AuthUserFile /some/secure/path/.htpassword
                AuthGroupFile /dev/null
                AuthName "Accès sécurisé"
                AuthType Basic
                <LIMIT GET POST>
                        Require user twister
                </LIMIT>
        </Location>
</VirtualHost>

Now making the password file (add -c option if you are creating the file):

twister@example:~$ htpasswd /some/secure/path/.htpassword twister
New password: mon_jolie_mot_de_passe
Re-type new password: mon_jolie_mot_de_passe
Adding password for user twister

twister@example:~$ cat /some/secure/path/.htpassword
twister:$apr1$WpQNVebq$y4DyXYs06D2naWaDF0buM0

For the authentication to work, we need to use the same user and password in the /some/secure/path/.htpassword file and in the .twister/twister.conf. We also need to increse the maximum number of concurrent threads serving twister. I put 100 by guess (default is 4), it works for me without increasing the load on my server.

My .twister/twister.conf :

twister@example:~/.twister$ cat twister.conf 
rpcuser=twister
rpcpassword=mon_jolie_mot_de_passe
rpcthreads=100
rpcallowip=127.0.0.1