====== Differences ====== This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
using:howto:twister_on_your_self-host_server [2014/02/11 15:38] natir Correct error in title |
using:howto:twister_on_your_self-host_server [2014/05/20 13:11] (current) erkan_yilmaz typo |
||
---|---|---|---|
Line 1: | Line 1: | ||
<markdown> | <markdown> | ||
- | # Twister on self-host server | + | # Twister on self-hosted server |
This how-to is write for unix like operating system. | This how-to is write for unix like operating system. | ||
Line 9: | Line 9: | ||
* A computer can run every time | * A computer can run every time | ||
+ | * A http proxy | ||
If you wan't access with all world : | If you wan't access with all world : | ||
Line 40: | Line 41: | ||
if [ 1 -ne $# ] | if [ 1 -ne $# ] | ||
then | then | ||
- | echo $0 "argument is (start|stop|restart|help)" | + | echo $0 "argument is (start|stop|restart|help)" |
elif [ "$1" = "start" ] | elif [ "$1" = "start" ] | ||
then | then | ||
- | su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} -daemon" | + | su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} -daemon" |
elif [ "$1" = "stop" ] | elif [ "$1" = "stop" ] | ||
then | then | ||
- | su -s /bin/sh $twisted_user -lc "${twisterd_path} ${twisterd_arg} stop" | + | su -s /bin/sh $twisted_user -lc "${twisterd_path} ${twisterd_arg} stop" |
elif [ "$1" = "restart" ] | elif [ "$1" = "restart" ] | ||
then | then | ||
- | su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} stop" | + | su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} stop" |
- | sleep 5 | + | sleep 5 |
- | su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} -daemon" | + | su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} -daemon" |
else | else | ||
- | echo $0 "argument is (start|stop|restart|help)" | + | echo $0 "argument is (start|stop|restart|help)" |
fi | fi | ||
``` | ``` | ||
Line 59: | Line 60: | ||
## Nginx proxy | ## Nginx proxy | ||
- | Nginx vhost setting, set allow or deny for specify who can connect to your twister instance : | + | Nginx vhost setting, set allow / deny or auth_* for specify who can connect to your twister instance : |
TODO : | TODO : | ||
Line 77: | Line 78: | ||
# allow ip.ad.re.ss/mask # For allow ip can access of twister instance | # allow ip.ad.re.ss/mask # For allow ip can access of twister instance | ||
# deny ip.ad.re.ss/mask # For deny ip can access of twister instance | # deny ip.ad.re.ss/mask # For deny ip can access of twister instance | ||
+ | |||
+ | # auth_basic "Restricted"; # Change this if you want string if you wan't | ||
+ | # auth_basic_user_file htpasswd; # Your htpasswd filename use apache2 tools for generate this file | ||
# individual nginx logs for this vhost | # individual nginx logs for this vhost | ||
Line 95: | Line 99: | ||
``` | ``` | ||
+ | |||
+ | Now you can go to twister.exemple.com/index.html or twister.exemple.com/home.html, twister.exemple.com isn't good way you or other can't do any think. | ||
## Apache proxy | ## Apache proxy | ||
+ | I supose here we want all request to twister to be secure by https, so I redirect http request to https | ||
+ | |||
+ | ``` | ||
+ | # The redirection from http to https | ||
+ | <VirtualHost *:80> | ||
+ | DocumentRoot /var/www/ | ||
+ | ServerName twister.example.com | ||
+ | <IfModule mod_rewrite.c> | ||
+ | RewriteEngine on | ||
+ | RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 | ||
+ | </IfModule> | ||
+ | |||
+ | CustomLog /var/log/apache2/twister-access.log combined | ||
+ | ErrorLog /var/log/apache2/twister-error.log | ||
+ | </VirtualHost> | ||
+ | |||
+ | # The real part of the configuration | ||
+ | <VirtualHost *:443> | ||
+ | ServerAdmin webmaster@localhost | ||
+ | # Edit with your dns | ||
+ | ServerName twister.example.com | ||
+ | | ||
+ | # Set DocumentRoot to twister html directory to let apache | ||
+ | # serve static contents | ||
+ | DocumentRoot /path/to/twister-html/ | ||
+ | | ||
+ | # Usage of a custom log path | ||
+ | CustomLog /var/log/apache2/twister-access.log combined | ||
+ | ErrorLog /var/log/apache2/twister-error.log | ||
+ | | ||
+ | # Enable SSL | ||
+ | SSLEngine on | ||
+ | SSLCertificateFile /etc/apache2/ssl/twister.example.com/ssl.crt | ||
+ | SSLCertificateKeyFile /etc/apache2/ssl/twister.example.com/ssl.key | ||
+ | SSLCertificateChainFile /etc/apache2/ssl/chain.crt | ||
+ | |||
+ | # we use url rewriting for proxying | ||
+ | RewriteEngine on | ||
+ | | ||
+ | # redirect / to /index.html if the request is | ||
+ | # a GET request. Call to the API seems to be all POST | ||
+ | RewriteCond %{THE_REQUEST} GET | ||
+ | RewriteRule ^/$ /index.html [L] | ||
+ | | ||
+ | # proxy POST request to / to twister | ||
+ | RewriteCond %{THE_REQUEST} POST | ||
+ | RewriteRule ^/$ http://127.0.0.1:28332/ [P,QSA] | ||
+ | | ||
+ | # Authentication | ||
+ | <Location /> | ||
+ | AuthUserFile /some/secure/path/.htpassword | ||
+ | AuthGroupFile /dev/null | ||
+ | AuthName "Accès sécurisé" | ||
+ | AuthType Basic | ||
+ | <LIMIT GET POST> | ||
+ | Require user twister | ||
+ | </LIMIT> | ||
+ | </Location> | ||
+ | </VirtualHost> | ||
+ | ``` | ||
+ | |||
+ | Now making the password file (add -c option if you are creating the file): | ||
+ | ``` | ||
+ | twister@example:~$ htpasswd /some/secure/path/.htpassword twister | ||
+ | New password: mon_jolie_mot_de_passe | ||
+ | Re-type new password: mon_jolie_mot_de_passe | ||
+ | Adding password for user twister | ||
+ | |||
+ | twister@example:~$ cat /some/secure/path/.htpassword | ||
+ | twister:$apr1$WpQNVebq$y4DyXYs06D2naWaDF0buM0 | ||
+ | ``` | ||
+ | |||
+ | For the authentication to work, we need to use the same user and password in the /some/secure/path/.htpassword file and in the ``.twister/twister.conf``. We also need to increse the maximum number of concurrent threads serving twister. I put 100 by guess (default is 4), it works for me without increasing the load on my server. | ||
+ | |||
+ | My ``.twister/twister.conf`` : | ||
+ | ``` | ||
+ | twister@example:~/.twister$ cat twister.conf | ||
+ | rpcuser=twister | ||
+ | rpcpassword=mon_jolie_mot_de_passe | ||
+ | rpcthreads=100 | ||
+ | rpcallowip=127.0.0.1 | ||
+ | ``` | ||
</markdown> | </markdown> |