目录

Twister 在自托管的服务器上

This how-to is write for unix like operating system.

需求

总的来说 :

如果您想让全球都能访问 :

安装

您可以参考您的系统的安装方式

建议 :

useradd -m -U -s /bin/false twister

运行

您可以使用如下sh脚本运行

#!/bin/sh

twisterd_user="twister"
twisterd_path="/home/twister/twister-core.git/twisterd"
twisterd_arg="-rpcuser=user -rpcpassword=pwd -rpcallowip=127.0.0.1"

if [ 1 -ne $#  ]
then
    echo $0 "argument is (start|stop|restart|help)"
elif [ "$1" = "start" ]
then
    su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} -daemon"
elif [ "$1" = "stop" ]
then
    su -s /bin/sh $twisted_user -lc "${twisterd_path} ${twisterd_arg} stop"
elif [ "$1" = "restart" ]
then
    su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} stop"
    sleep 5
    su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} -daemon"
else
    echo $0 "argument is (start|stop|restart|help)"
fi

Nginx 代理

Nginx 虚拟主机设定, 设置允许 / 拒绝 或者 认证_* 来定义谁可以访问您的twister托管 :

待办 : 添加HTTP认证选项

upstream twister {
  server 127.0.0.1:28332; # Default twister port
}

server { 
  listen 80;         # 
  listen 443;        # Require ssl certificate 
  server_name twister.exemple.com;     # your host name
  server_tokens off;     # don't show the version number, a security best practice

  # allow ip.ad.re.ss/mask # For allow ip can access of twister instance
  # deny ip.ad.re.ss/mask # For deny ip can access of twister instance

  # auth_basic          "Restricted"; # Change this if you want string if you wan't
  # auth_basic_user_file  htpasswd; # Your htpasswd filename use apache2 tools for generate this file 

  # individual nginx logs for this vhost
  access_log  /var/log/nginx/access.log.d/twister.log;
  error_log   /var/log/nginx/error.log.d/twister.log;

  # Redirection
  location / {
    proxy_redirect     off;

    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_set_header   Host              $http_host;
    proxy_set_header   X-Real-IP         $remote_addr;

    proxy_pass http://twister;
  }
}

现在您可以到twister.example.com/index.html 或者 twister.example.com/home.html 但是 twister.example.com不是一个好主意

Apache 代理

我想让twister请求更安全一些,所以我重定向http到https了

# 重定向从 http 到 https
<VirtualHost *:80>
        DocumentRoot /var/www/
        ServerName twister.example.com
        <IfModule mod_rewrite.c>
                RewriteEngine on
                RewriteRule ^(.*)$ https://%{HTTP_HOST}$1
        </IfModule>

        CustomLog /var/log/apache2/twister-access.log combined
        ErrorLog /var/log/apache2/twister-error.log
</VirtualHost>

# 真实的配置部分
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        # Edit with your dns
        ServerName twister.example.com

        # Set DocumentRoot to twister html directory to let apache
        # serve static contents
        DocumentRoot /path/to/twister-html/

        # Usage of a custom log path
        CustomLog /var/log/apache2/twister-access.log combined
        ErrorLog  /var/log/apache2/twister-error.log

        # Enable SSL
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/twister.example.com/ssl.crt
        SSLCertificateKeyFile /etc/apache2/ssl/twister.example.com/ssl.key
        SSLCertificateChainFile /etc/apache2/ssl/chain.crt

        # we use url rewriting for proxying
        RewriteEngine on

        # redirect / to /index.html if the request is
        # a GET request. Call to the API seems to be all POST
        RewriteCond %{THE_REQUEST} GET
        RewriteRule ^/$ /index.html [L]

        # proxy POST request to / to twister 
        RewriteCond %{THE_REQUEST} POST
        RewriteRule ^/$ http://127.0.0.1:28332/ [P,QSA]

        # Authentication
        <Location />
                AuthUserFile /some/secure/path/.htpassword
                AuthGroupFile /dev/null
                AuthName "Accès sécurisé"
                AuthType Basic
                <LIMIT GET POST>
                        Require user twister
                </LIMIT>
        </Location>
</VirtualHost>

现在来制作一个密码文件 (使用 -c 选项来创建文件):

twister@example:~$ htpasswd /some/secure/path/.htpassword twister
New password: mon_jolie_mot_de_passe
Re-type new password: mon_jolie_mot_de_passe
Adding password for user twister

twister@example:~$ cat /some/secure/path/.htpassword
twister:$apr1$WpQNVebq$y4DyXYs06D2naWaDF0buM0

为了使认证能生效,需要使用和 /some/secure/path/.htpassword 文件以及 .twister/twister.conf 文件相同的密码。我们还需要增加服务twister并发线程的最大数目,我加到100了,我觉得这也不会增加服务器负担。

我的 .twister/twister.conf :

twister@example:~/.twister$ cat twister.conf 
rpcuser=twister
rpcpassword=mon_jolie_mot_de_passe
rpcthreads=100
rpcallowip=127.0.0.1