====== 差别 ====== 这里会显示出您选择的修订版和当前版本之间的差别。
— |
zh:使用:如何:在您自托管的服务器上使用twister [2014/09/28 03:29] (当前版本) xiaolan 创建 |
||
---|---|---|---|
行 1: | 行 1: | ||
+ | <markdown> | ||
+ | # Twister 在自托管的服务器上 | ||
+ | This how-to is write for unix like operating system. | ||
+ | |||
+ | ## 需求 | ||
+ | |||
+ | 总的来说 : | ||
+ | |||
+ | * 一个随时开机的计算机 | ||
+ | * 一个http代理 | ||
+ | |||
+ | 如果您想让全球都能访问 : | ||
+ | |||
+ | * 公网IP | ||
+ | * 域名 (可选) | ||
+ | |||
+ | ## 安装 | ||
+ | |||
+ | 您可以参考您的系统的安装方式 | ||
+ | |||
+ | 建议 : | ||
+ | |||
+ | * 为twister建立一个特殊的用户 | ||
+ | |||
+ | ``` | ||
+ | useradd -m -U -s /bin/false twister | ||
+ | ``` | ||
+ | |||
+ | ## 运行 | ||
+ | |||
+ | 您可以使用如下sh脚本运行 | ||
+ | |||
+ | ```sh | ||
+ | #!/bin/sh | ||
+ | |||
+ | twisterd_user="twister" | ||
+ | twisterd_path="/home/twister/twister-core.git/twisterd" | ||
+ | twisterd_arg="-rpcuser=user -rpcpassword=pwd -rpcallowip=127.0.0.1" | ||
+ | |||
+ | if [ 1 -ne $# ] | ||
+ | then | ||
+ | echo $0 "argument is (start|stop|restart|help)" | ||
+ | elif [ "$1" = "start" ] | ||
+ | then | ||
+ | su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} -daemon" | ||
+ | elif [ "$1" = "stop" ] | ||
+ | then | ||
+ | su -s /bin/sh $twisted_user -lc "${twisterd_path} ${twisterd_arg} stop" | ||
+ | elif [ "$1" = "restart" ] | ||
+ | then | ||
+ | su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} stop" | ||
+ | sleep 5 | ||
+ | su -s /bin/sh $twisterd_user -lc "${twisterd_path} ${twisterd_arg} -daemon" | ||
+ | else | ||
+ | echo $0 "argument is (start|stop|restart|help)" | ||
+ | fi | ||
+ | ``` | ||
+ | |||
+ | ## Nginx 代理 | ||
+ | |||
+ | Nginx 虚拟主机设定, 设置允许 / 拒绝 或者 认证_* 来定义谁可以访问您的twister托管 : | ||
+ | |||
+ | 待办 : | ||
+ | 添加HTTP认证选项 | ||
+ | |||
+ | ``` | ||
+ | upstream twister { | ||
+ | server 127.0.0.1:28332; # Default twister port | ||
+ | } | ||
+ | |||
+ | server { | ||
+ | listen 80; # | ||
+ | listen 443; # Require ssl certificate | ||
+ | server_name twister.exemple.com; # your host name | ||
+ | server_tokens off; # don't show the version number, a security best practice | ||
+ | |||
+ | # allow ip.ad.re.ss/mask # For allow ip can access of twister instance | ||
+ | # deny ip.ad.re.ss/mask # For deny ip can access of twister instance | ||
+ | |||
+ | # auth_basic "Restricted"; # Change this if you want string if you wan't | ||
+ | # auth_basic_user_file htpasswd; # Your htpasswd filename use apache2 tools for generate this file | ||
+ | |||
+ | # individual nginx logs for this vhost | ||
+ | access_log /var/log/nginx/access.log.d/twister.log; | ||
+ | error_log /var/log/nginx/error.log.d/twister.log; | ||
+ | |||
+ | # Redirection | ||
+ | location / { | ||
+ | proxy_redirect off; | ||
+ | |||
+ | proxy_set_header X-Forwarded-Proto $scheme; | ||
+ | proxy_set_header Host $http_host; | ||
+ | proxy_set_header X-Real-IP $remote_addr; | ||
+ | |||
+ | proxy_pass http://twister; | ||
+ | } | ||
+ | } | ||
+ | |||
+ | ``` | ||
+ | |||
+ | 现在您可以到twister.example.com/index.html 或者 twister.example.com/home.html 但是 twister.example.com不是一个好主意 | ||
+ | |||
+ | ## Apache 代理 | ||
+ | 我想让twister请求更安全一些,所以我重定向http到https了 | ||
+ | |||
+ | ``` | ||
+ | # 重定向从 http 到 https | ||
+ | <VirtualHost *:80> | ||
+ | DocumentRoot /var/www/ | ||
+ | ServerName twister.example.com | ||
+ | <IfModule mod_rewrite.c> | ||
+ | RewriteEngine on | ||
+ | RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 | ||
+ | </IfModule> | ||
+ | |||
+ | CustomLog /var/log/apache2/twister-access.log combined | ||
+ | ErrorLog /var/log/apache2/twister-error.log | ||
+ | </VirtualHost> | ||
+ | |||
+ | # 真实的配置部分 | ||
+ | <VirtualHost *:443> | ||
+ | ServerAdmin webmaster@localhost | ||
+ | # Edit with your dns | ||
+ | ServerName twister.example.com | ||
+ | | ||
+ | # Set DocumentRoot to twister html directory to let apache | ||
+ | # serve static contents | ||
+ | DocumentRoot /path/to/twister-html/ | ||
+ | | ||
+ | # Usage of a custom log path | ||
+ | CustomLog /var/log/apache2/twister-access.log combined | ||
+ | ErrorLog /var/log/apache2/twister-error.log | ||
+ | | ||
+ | # Enable SSL | ||
+ | SSLEngine on | ||
+ | SSLCertificateFile /etc/apache2/ssl/twister.example.com/ssl.crt | ||
+ | SSLCertificateKeyFile /etc/apache2/ssl/twister.example.com/ssl.key | ||
+ | SSLCertificateChainFile /etc/apache2/ssl/chain.crt | ||
+ | |||
+ | # we use url rewriting for proxying | ||
+ | RewriteEngine on | ||
+ | | ||
+ | # redirect / to /index.html if the request is | ||
+ | # a GET request. Call to the API seems to be all POST | ||
+ | RewriteCond %{THE_REQUEST} GET | ||
+ | RewriteRule ^/$ /index.html [L] | ||
+ | | ||
+ | # proxy POST request to / to twister | ||
+ | RewriteCond %{THE_REQUEST} POST | ||
+ | RewriteRule ^/$ http://127.0.0.1:28332/ [P,QSA] | ||
+ | | ||
+ | # Authentication | ||
+ | <Location /> | ||
+ | AuthUserFile /some/secure/path/.htpassword | ||
+ | AuthGroupFile /dev/null | ||
+ | AuthName "Accès sécurisé" | ||
+ | AuthType Basic | ||
+ | <LIMIT GET POST> | ||
+ | Require user twister | ||
+ | </LIMIT> | ||
+ | </Location> | ||
+ | </VirtualHost> | ||
+ | ``` | ||
+ | |||
+ | 现在来制作一个密码文件 (使用 -c 选项来创建文件): | ||
+ | ``` | ||
+ | twister@example:~$ htpasswd /some/secure/path/.htpassword twister | ||
+ | New password: mon_jolie_mot_de_passe | ||
+ | Re-type new password: mon_jolie_mot_de_passe | ||
+ | Adding password for user twister | ||
+ | |||
+ | twister@example:~$ cat /some/secure/path/.htpassword | ||
+ | twister:$apr1$WpQNVebq$y4DyXYs06D2naWaDF0buM0 | ||
+ | ``` | ||
+ | |||
+ | 为了使认证能生效,需要使用和 /some/secure/path/.htpassword 文件以及 ``.twister/twister.conf`` 文件相同的密码。我们还需要增加服务twister并发线程的最大数目,我加到100了,我觉得这也不会增加服务器负担。 | ||
+ | |||
+ | 我的 ``.twister/twister.conf`` : | ||
+ | ``` | ||
+ | twister@example:~/.twister$ cat twister.conf | ||
+ | rpcuser=twister | ||
+ | rpcpassword=mon_jolie_mot_de_passe | ||
+ | rpcthreads=100 | ||
+ | rpcallowip=127.0.0.1 | ||
+ | ``` | ||
+ | </markdown> |