This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
| сервис_http [2021/09/21 16:46] val [Debian/Ubuntu] | сервис_http [2025/10/22 18:04] (current) val [HTTPS Прокси (пример 4)] | ||
|---|---|---|---|
| Line 12: | Line 12: | ||
| ===== Пример HTTP диалога ===== | ===== Пример HTTP диалога ===== | ||
| + | |||
| + | * [[Настройка терминалов]] | ||
| + | |||
| <code> | <code> | ||
| # nc -C ya.ru 80 | # nc -C ya.ru 80 | ||
| Line 30: | Line 33: | ||
| <HTML> | <HTML> | ||
| <HEAD> | <HEAD> | ||
| - | <META HTTP-EQUIV="Refresh" CONTENT="4;URL=http://google.ru"> | + | <META HTTP-EQUIV="Refresh" CONTENT="10;URL=http://specialist.ru"> | 
| <META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=UTF-8"> | <META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=UTF-8"> | ||
| </HEAD> | </HEAD> | ||
| - | <BODY> | + | <BODY text="blue"> | 
| + | <A HREF=https://specialist.ru/> | ||
| + | <H1>Открыть сайт Специалист</H1> | ||
| + | <IMG SRC=https://val.bmstu.ru/unix/Media/logo.gif> | ||
| + | </A> | ||
| <!-- | <!-- | ||
| THis is comment | THis is comment | ||
| --> | --> | ||
| - | <H1>Go to Google</H1> | + | <PRE> | 
| - | <A HREF=http://freebsd.org/> | + | текст | 
| - | <IMG SRC=http://www.freebsd.org/logo/logo-full.png> | + | без авто | 
| - | </A> | + | форматирования | 
| + | </PRE | ||
| </BODY> | </BODY> | ||
| </HTML> | </HTML> | ||
| Line 82: | Line 90: | ||
| ==== CentOS ==== | ==== CentOS ==== | ||
| - | * Сервис Firewall [[Сервис Firewall#CentOS 7]] | + | * Сервис Firewall [[Сервис Firewall#CentOS]] | 
| <code> | <code> | ||
| Line 106: | Line 114: | ||
| </code> | </code> | ||
| + | ==== Изменение порта ==== | ||
| + | |||
| + | * [[https://www.tecmint.com/change-apache-port-in-linux/|How to Change Apache HTTP Port in Linux]] | ||
| ==== Свойство Indexes каталогов ==== | ==== Свойство Indexes каталогов ==== | ||
| Line 189: | Line 200: | ||
| ==== Использование домашних каталогов ==== | ==== Использование домашних каталогов ==== | ||
| - | * [[http://www.corpX.un/~user1/]] | + | * [[http://server.corpX.un/~user1/]] | 
| === Debian/Ubuntu === | === Debian/Ubuntu === | ||
| Line 196: | Line 207: | ||
| root@server:~# service apache2 restart | root@server:~# service apache2 restart | ||
| + | |||
| + | ubuntu24# chmod 755 /home/user1 | ||
| </code> | </code> | ||
| - | |||
| - | |||
| === Debian/Ubuntu=== | === Debian/Ubuntu=== | ||
| Line 531: | Line 542: | ||
| ===== Поддержка протокола HTTPS ===== | ===== Поддержка протокола HTTPS ===== | ||
| + | * [[Letsencrypt Certbot]] | ||
| + | * [[https://stackoverflow.com/questions/31370454/sslcertificatechainfile-is-obsolete|SSLCertificateChainFile is now obsolete, and any intermediate certificates are supposed to be included in the server certificate file]] | ||
| ==== Debian/Ubuntu ==== | ==== Debian/Ubuntu ==== | ||
| <code> | <code> | ||
| Line 553: | Line 566: | ||
| # a2enmod rewrite | # a2enmod rewrite | ||
| - | # service apache2 restart | + | # cat /etc/apache2/sites-available/000-default.conf | 
| - | + | ||
| - | # cat /var/www/html/.htaccess | + | |
| </code><code> | </code><code> | ||
| - | RewriteEngine On | + | <VirtualHost *:80> | 
| - | RewriteCond %{HTTPS} !=on | + | ... | 
| - | RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L] | + | RewriteEngine On | 
| + | RewriteCond %{HTTPS} off | ||
| + | RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} | ||
| + | ... | ||
| + | </code><code> | ||
| + | # service apache2 restart | ||
| </code> | </code> | ||
| - | |||
| ==== FreeBSD ==== | ==== FreeBSD ==== | ||
| <code> | <code> | ||
| Line 803: | Line 818: | ||
| [[http://grolmsnet.de/kerbtut/firefox.html]] | [[http://grolmsnet.de/kerbtut/firefox.html]] | ||
| + | |||
| + | ==== Управление доступом к HTTP серверу с использованием OpenID аутентификации ==== | ||
| + | |||
| + | * [[https://github.com/zmartzone/mod_auth_openidc/wiki/GitLab-OAuth2]] | ||
| + | * [[Инструмент GitLab#Сервер OpenID]] из GitLab | ||
| + | * [[Сервис Keycloak]] | ||
| + | |||
| + | * [[https://www.janua.fr/using-apache2-mod_auth_openidc-module-with-keycloak-openid-connect/|Using apache2 mod_auth_openidc module with Keycloak (OpenID Connect)]] | ||
| + | |||
| + | <code> | ||
| + | gate# apt install libapache2-mod-auth-openidc | ||
| + | </code><code> | ||
| + | # cat /etc/apache2/conf-available/serve-cgi-bin.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | <IfDefine ENABLE_USR_LIB_CGI_BIN> | ||
| + | |||
| + | ## GitLab | ||
| + | OIDCSSLValidateServer Off | ||
| + | OIDCProviderMetadataURL https://server.corpX.un/.well-known/openid-configuration | ||
| + | OIDCRedirectURI http://gate.corpX.un/cgi-bin/test-cgi | ||
| + | OIDCClientID e...............................................4  #Application ID | ||
| + | OIDCClientSecret 7.................................................4  #Secret | ||
| + | OIDCCryptoPassphrase anystring | ||
| + | |||
| + | ## Keycloak | ||
| + | OIDCSSLValidateServer Off | ||
| + | OIDCProviderMetadataURL https://keycloak.corpX.un/realms/corpX/.well-known/openid-configuration | ||
| + | OIDCRedirectURI http://gate.corpX.un/cgi-bin/test-cgi | ||
| + | #OIDCClientID test-cgi | ||
| + | OIDCClientID any-client | ||
| + | OIDCCryptoPassphrase anystring | ||
| + | ... | ||
| + | #Require all granted | ||
| + | AuthType openid-connect | ||
| + | Require valid-user | ||
| + | ... | ||
| + | </code><code> | ||
| + | # a2enmod auth_openidc | ||
| + | </code><code> | ||
| + | Проверка: http://gate.corpX.un/cgi-bin/test-cgi/  !!! Последний / обязательно !!! | ||
| + | </code> | ||
| ===== Протокол WebDAV ===== | ===== Протокол WebDAV ===== | ||
| - | ==== Ubuntu ==== | + | ==== Debian/Ubuntu ==== | 
| * [[https://www.digitalocean.com/community/tutorials/how-to-configure-webdav-access-with-apache-on-ubuntu-14-04|How To Configure WebDAV Access with Apache on Ubuntu 14.04]] | * [[https://www.digitalocean.com/community/tutorials/how-to-configure-webdav-access-with-apache-on-ubuntu-14-04|How To Configure WebDAV Access with Apache on Ubuntu 14.04]] | ||
| Line 819: | Line 876: | ||
| # chown www-data /var/www/share | # chown www-data /var/www/share | ||
| - | # cat /etc/apache2/sites-available/default | + | # cat /etc/apache2/sites-available/000-default.conf | 
| </code><code> | </code><code> | ||
| ... | ... | ||
| Line 838: | Line 895: | ||
| * [[https://mail.bmstu.ru:9100/~val/Mastering%20NGINX%20RUS.pdf]] | * [[https://mail.bmstu.ru:9100/~val/Mastering%20NGINX%20RUS.pdf]] | ||
| + | * [[https://blog.sefdar.ru/nginx-%D0%BF%D0%B5%D1%80%D0%B5%D0%BD%D0%B0%D0%BF%D1%80%D0%B0%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F-proxy_redirect-%D0%B8-redirect/|NGINX перенаправления proxy_redirect и redirect]] | ||
| <code> | <code> | ||
| gate# apt install nginx | gate# apt install nginx | ||
| + | </code> | ||
| + | ==== Прокси "красивого" URL в приложение (пример 1) ==== | ||
| + | <code> | ||
| gate# cat /etc/nginx/sites-available/user1 | gate# cat /etc/nginx/sites-available/user1 | ||
| </code><code> | </code><code> | ||
| Line 851: | Line 911: | ||
| } | } | ||
| } | } | ||
| - | </code><code> | + | </code> | 
| + | === Подключение, тестирование, применение и мониторинг конфигурации === | ||
| + | <code> | ||
| # ln -s /etc/nginx/sites-available/user1 /etc/nginx/sites-enabled/user1 | # ln -s /etc/nginx/sites-available/user1 /etc/nginx/sites-enabled/user1 | ||
| # service nginx configtest | # service nginx configtest | ||
| - | |||
| # tail /var/log/nginx/error.log | # tail /var/log/nginx/error.log | ||
| + | или | ||
| + | # nginx -t #-c /etc/nginx/nginx.conf | ||
| + | или | ||
| + | # nginx -T | ||
| # service nginx restart | # service nginx restart | ||
| + | |||
| + | # tail -f /var/log/nginx/access.log -f /var/log/nginx/error.log | ||
| </code><code> | </code><code> | ||
| gate.isp.un$ wget -O - -q http://server.corpX.un | gate.isp.un$ wget -O - -q http://server.corpX.un | ||
| - | </code><code> | + | </code> | 
| + | |||
| + | ==== Прокси с балансировкой (пример 2) ==== | ||
| + | |||
| + | <code> | ||
| # cat /etc/nginx/sites-available/myapp1 | # cat /etc/nginx/sites-available/myapp1 | ||
| </code><code> | </code><code> | ||
| Line 877: | Line 948: | ||
| } | } | ||
| } | } | ||
| + | </code> | ||
| + | |||
| + | * [[#Подключение, тестирование, применение и мониторинг конфигурации]] | ||
| + | |||
| + | ==== Прокси "красивого" URL в приложение (пример 3) ==== | ||
| + | |||
| + | <code> | ||
| + | # host mail | ||
| + | # host webd | ||
| + | # host www | ||
| + | # host autoconfig | ||
| + | # host corpX.un | ||
| + | |||
| + | ... has address 192.168.X.10 | ||
| + | |||
| + | root@server# cat /var/opt/gitlab/nginx/conf/corpX.conf | ||
| </code><code> | </code><code> | ||
| - | # ln -s /etc/nginx/sites-available/myapp1 /etc/nginx/sites-enabled/myapp1 | + | # upstream app { | 
| + | # server 172.18.0.1; | ||
| + | # server 172.18.0.2; | ||
| + | # server 172.18.0.3; | ||
| + | # } | ||
| + | server { | ||
| + | listen 80; | ||
| + | server_name webd.corpX.un; | ||
| + | |||
| + | location / { | ||
| + | proxy_pass http://192.168.49.2:30111/; | ||
| + | # proxy_pass http://app; | ||
| + | } | ||
| + | } | ||
| + | server { | ||
| + | listen 80; | ||
| + | server_name mail.corpX.un; | ||
| + | return 301 http://server.corpX.un:81/mail; | ||
| + | # return 301 http://gate.corpX.un:81/mail; | ||
| + | } | ||
| + | server { | ||
| + | listen 80; | ||
| + | server_name corpX.un www.corpX.un; | ||
| + | |||
| + | location / { | ||
| + | proxy_pass http://server.corpX.un:81/; | ||
| + | } | ||
| + | } | ||
| + | # server { | ||
| + | # listen 80; | ||
| + | # server_name autoconfig.corpX.un; | ||
| + | # location / { | ||
| + | # proxy_pass http://gate.corpX.un:81/; | ||
| + | # } | ||
| + | # } | ||
| + | </code><code> | ||
| + | # cat /etc/gitlab/gitlab.rb | ||
| + | </code><code> | ||
| + | ... | ||
| + | nginx['custom_nginx_config'] = "include /var/opt/gitlab/nginx/conf/corpX.conf;" | ||
| + | ... | ||
| </code> | </code> | ||
| + | * [[Инструмент GitLab#Проверка конфигурации и перезапуск]] | ||
| + | <code> | ||
| + | root@server# less /var/opt/gitlab/nginx/conf/nginx.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | include /var/opt/gitlab/nginx/conf/corpX.conf; | ||
| + | } | ||
| + | </code><code> | ||
| + | root@server# /opt/gitlab/embedded/sbin/nginx -p /var/opt/gitlab/nginx -t | ||
| + | </code><code> | ||
| + | root@server# gitlab-ctl restart nginx | ||
| + | </code> | ||
| + | |||
| + | ==== HTTPS Прокси (пример 4) ==== | ||
| + | |||
| + | <code> | ||
| + | gate1# cat /etc/nginx/sites-available/gowebd | ||
| + | </code><code> | ||
| + | server { | ||
| + | listen 80; | ||
| + | server_name gowebd.corpX.un; | ||
| + | return 301 https://gowebd.corpX.un$request_uri; | ||
| + | } | ||
| + | |||
| + | server { | ||
| + | listen 443 ssl; | ||
| + | server_name gowebd.corpX.un; | ||
| + | ssl_certificate /root/gowebd.crt; | ||
| + | ssl_certificate_key /root/gowebd.key; | ||
| + | |||
| + | location / { | ||
| + |  | ||
| + | # auth_basic "Restricted area"; | ||
| + | # auth_basic_user_file /etc/nginx/auth.basic; | ||
| + | # # apt install apache2-utils; htpasswd -c /etc/nginx/auth.basic user1 | ||
| + | |||
| + | # proxy_pass http://192.168.X.10:8000; | ||
| + | # proxy_pass http://192.168.100+X.10:NNNNN; | ||
| + | # proxy_pass http://192.168.X.64; | ||
| + | |||
| + | # proxy_http_version 1.1; | ||
| + | |||
| + | # proxy_set_header Host $host; | ||
| + | ## proxy_set_header X-Forwarded-Host $host; | ||
| + | # proxy_set_header X-Forwarded-For $remote_addr; | ||
| + | ## proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| + | |||
| + | # proxy_set_header X-Forwarded-Proto $scheme; | ||
| + | # proxy_set_header X-Real-IP $remote_addr; | ||
| + | # proxy_set_header X-Forwarded-Port $server_port; | ||
| + | } | ||
| + | } | ||
| + | </code> | ||
| + | |||
| + | |||
| + | * [[#Подключение, тестирование, применение и мониторинг конфигурации]] | ||
| + | |||
| + | ===== Нагрузочное тестирование ===== | ||
| + | |||
| + | * [[Сервис INETD]] | ||
| + | |||
| + | ==== curl ==== | ||
| + | |||
| + | * [[Утилита curl#Нагрузочное тестирование]] | ||
| + | |||
| + | ==== wrk ==== | ||
| + | |||
| + | * [[https://github.com/wg/wrk|wrk - a HTTP benchmarking tool]] | ||
| + | |||
| + | ==== vegeta ==== | ||
| + | |||
| + | * [[https://lindevs.com/install-vegeta-on-ubuntu|Install Vegeta on Ubuntu 20.04]] | ||
| + | * [[https://github.com/tsenart/vegeta/releases|github/tsenart/vegeta/releases]] | ||
| + | * [[https://val.bmstu.ru/unix/WWW/vegeta_12.11.0_linux_amd64.tar.gz]] | ||
| + | |||
| + | <code> | ||
| + | external-host# curl http://192.168.X.10:82 | ||
| + | |||
| + | external-host# echo "GET http://192.168.X.10:82" | vegeta attack -duration=20s -rate=200 | vegeta report | ||
| + | |||
| + | server# tail -f /var/log/syslog | ||
| + | ... | ||
| + | Jan 13 06:06:55 server inetd[7962]: 82/tcp server failing (looping), service terminated | ||
| + | ... | ||
| + | </code> | ||
| + | |||
| + | ==== k6 ==== | ||
| + | |||
| + | * [[https://k6.io/open-source/|k6 Open Source An extensible load testing tool built for developer happiness]] | ||
| + | |||