User Tools
сервис_http
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
сервис_http [2024/02/13 16:04] val [Управление доступом к HTTP серверу с использованием OpenID аутентификации] |
сервис_http [2025/03/07 09:31] (current) val [HTTPS Прокси (пример 4)] |
||
|---|---|---|---|
| Line 12: | Line 12: | ||
| ===== Пример HTTP диалога ===== | ===== Пример HTTP диалога ===== | ||
| + | |||
| + | * [[Настройка терминалов]] | ||
| + | |||
| <code> | <code> | ||
| # nc -C ya.ru 80 | # nc -C ya.ru 80 | ||
| Line 87: | Line 90: | ||
| ==== CentOS ==== | ==== CentOS ==== | ||
| - | * Сервис Firewall [[Сервис Firewall#CentOS 7]] | + | * Сервис Firewall [[Сервис Firewall#CentOS]] |
| <code> | <code> | ||
| Line 197: | Line 200: | ||
| ==== Использование домашних каталогов ==== | ==== Использование домашних каталогов ==== | ||
| - | * [[http://www.corpX.un/~user1/]] | + | * [[http://server.corpX.un/~user1/]] |
| === Debian/Ubuntu === | === Debian/Ubuntu === | ||
| Line 204: | Line 207: | ||
| root@server:~# service apache2 restart | root@server:~# service apache2 restart | ||
| + | |||
| + | ubuntu24# chmod 755 /home/user1 | ||
| </code> | </code> | ||
| - | |||
| - | |||
| === Debian/Ubuntu=== | === Debian/Ubuntu=== | ||
| Line 842: | Line 845: | ||
| ## Keycloak | ## Keycloak | ||
| OIDCSSLValidateServer Off | OIDCSSLValidateServer Off | ||
| - | OIDCProviderMetadataURL https://server.corpX.un:8443/realms/corpX/.well-known/openid-configuration | ||
| OIDCProviderMetadataURL https://keycloak.corpX.un/realms/corpX/.well-known/openid-configuration | OIDCProviderMetadataURL https://keycloak.corpX.un/realms/corpX/.well-known/openid-configuration | ||
| OIDCRedirectURI http://gate.corpX.un/cgi-bin/test-cgi | OIDCRedirectURI http://gate.corpX.un/cgi-bin/test-cgi | ||
| Line 861: | Line 863: | ||
| ===== Протокол WebDAV ===== | ===== Протокол WebDAV ===== | ||
| - | ==== Ubuntu ==== | + | ==== Debian/Ubuntu ==== |
| * [[https://www.digitalocean.com/community/tutorials/how-to-configure-webdav-access-with-apache-on-ubuntu-14-04|How To Configure WebDAV Access with Apache on Ubuntu 14.04]] | * [[https://www.digitalocean.com/community/tutorials/how-to-configure-webdav-access-with-apache-on-ubuntu-14-04|How To Configure WebDAV Access with Apache on Ubuntu 14.04]] | ||
| Line 874: | Line 876: | ||
| # chown www-data /var/www/share | # chown www-data /var/www/share | ||
| - | # cat /etc/apache2/sites-available/default | + | # cat /etc/apache2/sites-available/000-default.conf |
| </code><code> | </code><code> | ||
| ... | ... | ||
| Line 909: | Line 911: | ||
| } | } | ||
| } | } | ||
| - | </code><code> | + | </code> |
| + | === Подключение, тестирование, применение и мониторинг конфигурации === | ||
| + | <code> | ||
| # ln -s /etc/nginx/sites-available/user1 /etc/nginx/sites-enabled/user1 | # ln -s /etc/nginx/sites-available/user1 /etc/nginx/sites-enabled/user1 | ||
| # service nginx configtest | # service nginx configtest | ||
| - | |||
| # tail /var/log/nginx/error.log | # tail /var/log/nginx/error.log | ||
| или | или | ||
| - | # nginx -t -c /etc/nginx/nginx.conf | + | # nginx -t #-c /etc/nginx/nginx.conf |
| + | или | ||
| + | # nginx -T | ||
| # service nginx restart | # service nginx restart | ||
| + | |||
| + | # tail -f /var/log/nginx/access.log -f /var/log/nginx/error.log | ||
| </code><code> | </code><code> | ||
| gate.isp.un$ wget -O - -q http://server.corpX.un | gate.isp.un$ wget -O - -q http://server.corpX.un | ||
| Line 939: | Line 946: | ||
| location / { | location / { | ||
| proxy_pass http://myapp1; | proxy_pass http://myapp1; | ||
| - | |||
| - | # proxy_set_header Host $host; | ||
| - | # proxy_set_header X-Forwarded-For $remote_addr; | ||
| - | |||
| } | } | ||
| } | } | ||
| - | </code><code> | ||
| - | # ln -s /etc/nginx/sites-available/myapp1 /etc/nginx/sites-enabled/myapp1 | ||
| </code> | </code> | ||
| + | |||
| + | * [[#Подключение, тестирование, применение и мониторинг конфигурации]] | ||
| ==== Прокси "красивого" URL в приложение (пример 3) ==== | ==== Прокси "красивого" URL в приложение (пример 3) ==== | ||
| Line 962: | Line 965: | ||
| root@server# cat /var/opt/gitlab/nginx/conf/corpX.conf | root@server# cat /var/opt/gitlab/nginx/conf/corpX.conf | ||
| </code><code> | </code><code> | ||
| + | # upstream app { | ||
| + | # server 172.18.0.1; | ||
| + | # server 172.18.0.2; | ||
| + | # server 172.18.0.3; | ||
| + | # } | ||
| server { | server { | ||
| listen 80; | listen 80; | ||
| Line 968: | Line 976: | ||
| location / { | location / { | ||
| proxy_pass http://192.168.49.2:30111/; | proxy_pass http://192.168.49.2:30111/; | ||
| + | # proxy_pass http://app; | ||
| } | } | ||
| } | } | ||
| Line 1010: | Line 1019: | ||
| root@server# gitlab-ctl restart nginx | root@server# gitlab-ctl restart nginx | ||
| </code> | </code> | ||
| + | |||
| + | ==== HTTPS Прокси (пример 4) ==== | ||
| + | |||
| + | <code> | ||
| + | gate1# cat /etc/nginx/sites-available/gowebd | ||
| + | </code><code> | ||
| + | server { | ||
| + | listen 80; | ||
| + | server_name gowebd.corpX.un; | ||
| + | return 301 https://gowebd.corpX.un$request_uri; | ||
| + | } | ||
| + | |||
| + | server { | ||
| + | listen 443 ssl; | ||
| + | server_name gowebd.corpX.un; | ||
| + | ssl_certificate /root/gowebd.crt; | ||
| + | ssl_certificate_key /root/gowebd.key; | ||
| + | |||
| + | location / { | ||
| + | | ||
| + | # auth_basic "Restricted area"; | ||
| + | # auth_basic_user_file /etc/nginx/auth.basic; | ||
| + | # # apt install apache2-utils; htpasswd -c /etc/nginx/auth.basic user1 | ||
| + | |||
| + | # proxy_pass http://192.168.X.10:8000; | ||
| + | # proxy_pass http://192.168.100+X.10:NNNNN; | ||
| + | # proxy_pass http://192.168.X.64; | ||
| + | |||
| + | # proxy_http_version 1.1; | ||
| + | |||
| + | # proxy_set_header Host $host; | ||
| + | # proxy_set_header X-Forwarded-For $remote_addr; | ||
| + | |||
| + | # proxy_set_header X-Forwarded-Proto $scheme; | ||
| + | # proxy_set_header X-Real-IP $remote_addr; | ||
| + | # proxy_set_header X-Forwarded-Port $server_port; | ||
| + | } | ||
| + | } | ||
| + | </code> | ||
| + | |||
| + | |||
| + | * [[#Подключение, тестирование, применение и мониторинг конфигурации]] | ||
| + | |||
| + | ===== Нагрузочное тестирование ===== | ||
| + | |||
| + | * [[Сервис INETD]] | ||
| + | |||
| + | ==== curl ==== | ||
| + | |||
| + | * [[Утилита curl#Нагрузочное тестирование]] | ||
| + | |||
| + | ==== wrk ==== | ||
| + | |||
| + | * [[https://github.com/wg/wrk|wrk - a HTTP benchmarking tool]] | ||
| + | |||
| + | ==== vegeta ==== | ||
| + | |||
| + | * [[https://lindevs.com/install-vegeta-on-ubuntu|Install Vegeta on Ubuntu 20.04]] | ||
| + | * [[https://github.com/tsenart/vegeta/releases|github/tsenart/vegeta/releases]] | ||
| + | * [[https://val.bmstu.ru/unix/WWW/vegeta_12.11.0_linux_amd64.tar.gz]] | ||
| + | |||
| + | <code> | ||
| + | external-host# curl http://192.168.X.10:82 | ||
| + | |||
| + | external-host# echo "GET http://192.168.X.10:82" | vegeta attack -duration=20s -rate=200 | vegeta report | ||
| + | |||
| + | server# tail -f /var/log/syslog | ||
| + | ... | ||
| + | Jan 13 06:06:55 server inetd[7962]: 82/tcp server failing (looping), service terminated | ||
| + | ... | ||
| + | </code> | ||
| + | |||
| + | ==== k6 ==== | ||
| + | |||
| + | * [[https://k6.io/open-source/|k6 Open Source An extensible load testing tool built for developer happiness]] | ||
| + | |||
сервис_http.1707829482.txt.gz · Last modified: 2024/02/13 16:04 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
