====== Differences ====== This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
using:howto:twister_on_your_self-host_server [2014/02/11 16:07] natir Update control script |
using:howto:twister_on_your_self-host_server [2014/03/20 01:31] samir |
||
---|---|---|---|
Line 60: | Line 60: | ||
## Nginx proxy | ## Nginx proxy | ||
- | Nginx vhost setting, set allow or deny for specify who can connect to your twister instance : | + | Nginx vhost setting, set allow / deny or auth_* for specify who can connect to your twister instance : |
TODO : | TODO : | ||
Line 78: | Line 78: | ||
# allow ip.ad.re.ss/mask # For allow ip can access of twister instance | # allow ip.ad.re.ss/mask # For allow ip can access of twister instance | ||
# deny ip.ad.re.ss/mask # For deny ip can access of twister instance | # deny ip.ad.re.ss/mask # For deny ip can access of twister instance | ||
+ | |||
+ | # auth_basic "Restricted"; # Change this if you want string if you wan't | ||
+ | # auth_basic_user_file htpasswd; # Your htpasswd filename use apache2 tools for generate this file | ||
# individual nginx logs for this vhost | # individual nginx logs for this vhost | ||
Line 96: | Line 99: | ||
``` | ``` | ||
+ | |||
+ | Now you can go to twister.exemple.com/index.html or twister.exemple.com/home.html, twister.exemple.com isn't good way you or other can't do any think. | ||
## Apache proxy | ## Apache proxy | ||
+ | I supose here we want all request to twister to be secure by https, so I redirect http request to https | ||
+ | |||
+ | ``` | ||
+ | # The redirection from http to https | ||
+ | <VirtualHost *:80> | ||
+ | DocumentRoot /var/www/ | ||
+ | ServerName twister.example.com | ||
+ | <IfModule mod_rewrite.c> | ||
+ | RewriteEngine on | ||
+ | RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 | ||
+ | </IfModule> | ||
+ | |||
+ | CustomLog /var/log/apache2/twister-access.log combined | ||
+ | ErrorLog /var/log/apache2/twister-error.log | ||
+ | </VirtualHost> | ||
+ | |||
+ | # The real part of the configuration | ||
+ | <VirtualHost *:443> | ||
+ | ServerAdmin webmaster@localhost | ||
+ | # Edit with your dns | ||
+ | ServerName twister.example.com | ||
+ | | ||
+ | # Set DocumentRoot to twister html directory to let apache | ||
+ | # serve static contents | ||
+ | DocumentRoot /path/to/twister-html/ | ||
+ | | ||
+ | # Usage of a custom log path | ||
+ | CustomLog /var/log/apache2/twister-access.log combined | ||
+ | ErrorLog /var/log/apache2/twister-error.log | ||
+ | | ||
+ | # Enable SSL | ||
+ | SSLEngine on | ||
+ | SSLCertificateFile /etc/apache2/ssl/twister.example.com/ssl.crt | ||
+ | SSLCertificateKeyFile /etc/apache2/ssl/twister.example.com/ssl.key | ||
+ | SSLCertificateChainFile /etc/apache2/ssl/chain.crt | ||
+ | |||
+ | # we use url rewriting for proxying | ||
+ | RewriteEngine on | ||
+ | | ||
+ | # redirect / to /index.html if the request is | ||
+ | # a GET request. Call to the API seems to be all POST | ||
+ | RewriteCond %{THE_REQUEST} GET | ||
+ | RewriteRule ^/$ /index.html [L] | ||
+ | | ||
+ | # proxy POST request to / to twister | ||
+ | RewriteCond %{THE_REQUEST} POST | ||
+ | RewriteRule ^/$ http://127.0.0.1:28332/ [P,QSA] | ||
+ | | ||
+ | # Authentication | ||
+ | <Location /> | ||
+ | AuthUserFile /some/secure/path/.htpassword | ||
+ | AuthGroupFile /dev/null | ||
+ | AuthName "Accès sécurisé" | ||
+ | AuthType Basic | ||
+ | <LIMIT GET POST> | ||
+ | Require user twister | ||
+ | </LIMIT> | ||
+ | </Location> | ||
+ | </VirtualHost> | ||
+ | ``` | ||
+ | |||
+ | Now making the password file (add -c option if you are creating the file): | ||
+ | ``` | ||
+ | twister@example:~$ htpasswd /some/secure/path/.htpassword twister | ||
+ | New password: mon_jolie_mot_de_passe | ||
+ | Re-type new password: mon_jolie_mot_de_passe | ||
+ | Adding password for user twister | ||
+ | |||
+ | twister@example:~$ cat /some/secure/path/.htpassword | ||
+ | twister:$apr1$WpQNVebq$y4DyXYs06D2naWaDF0buM0 | ||
+ | ``` | ||
+ | |||
+ | For the authentication to work, we need to use the same user and password in the /some/secure/path/.htpassword file and in the ``.twister/twister.conf``. We also need to increse the maximum number of concurrent threads serving twister. I put 100 by guess (default is 4), it works for me without increasing the load on my server. | ||
+ | |||
+ | My ``.twister/twister.conf`` : | ||
+ | ``` | ||
+ | twister@example:~/.twister$ cat twister.conf | ||
+ | rpcuser=twister | ||
+ | rpcpassword=mon_jolie_mot_de_passe | ||
+ | rpcthreads=100 | ||
+ | rpcallowip=127.0.0.1 | ||
+ | ``` | ||
</markdown> | </markdown> |