This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_http [2020/04/13 10:45] val [Использование домашних каталогов] |
сервис_http [2024/03/14 15:17] val [Прокси с балансировкой (пример 2)] |
||
---|---|---|---|
Line 26: | Line 26: | ||
==== Статический документ ===== | ==== Статический документ ===== | ||
<code> | <code> | ||
- | # cat index.html | + | # cat /var/www/html/index.html |
</code><code> | </code><code> | ||
<HTML> | <HTML> | ||
Line 33: | Line 33: | ||
<META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=UTF-8"> | <META HTTP-EQUIV="Content-Type" CONTENT="text/html;charset=UTF-8"> | ||
</HEAD> | </HEAD> | ||
- | <BODY> | + | <BODY text="blue"> |
<!-- | <!-- | ||
THis is comment | THis is comment | ||
--> | --> | ||
+ | <PRE> | ||
+ | text | ||
+ | as | ||
+ | is | ||
+ | </PRE> | ||
<H1>Go to Google</H1> | <H1>Go to Google</H1> | ||
- | <A HREF=http://freebsd.org/> | + | <A HREF=https://freebsd.org/> |
- | <IMG SRC=http://www.freebsd.org/logo/logo-full.png> | + | <IMG SRC=https://www.freebsd.org/logo/logo-full.png> |
</A> | </A> | ||
</BODY> | </BODY> | ||
Line 46: | Line 51: | ||
==== Форма ==== | ==== Форма ==== | ||
+ | |||
+ | * [[http://server.corpX.un/asterisk/]] | ||
<code> | <code> | ||
Line 104: | Line 111: | ||
</code> | </code> | ||
+ | ==== Изменение порта ==== | ||
+ | |||
+ | * [[https://www.tecmint.com/change-apache-port-in-linux/|How to Change Apache HTTP Port in Linux]] | ||
==== Свойство Indexes каталогов ==== | ==== Свойство Indexes каталогов ==== | ||
Line 196: | Line 206: | ||
</code> | </code> | ||
- | === FreeBSD === | ||
- | <code> | ||
- | [server:~] # cat /usr/local/etc/apache24/httpd.conf | ||
- | </code><code> | ||
- | ... | ||
- | LoadModule userdir_module libexec/apache24/mod_userdir.so | ||
- | ... | ||
- | Include etc/apache24/extra/httpd-userdir.conf | ||
- | ... | ||
- | </code> | ||
- | === Debian/Ubuntu/FreeBSD === | + | === Debian/Ubuntu=== |
<code> | <code> | ||
server# mkdir ~user1/public_html/ | server# mkdir ~user1/public_html/ | ||
Line 222: | Line 222: | ||
* [[http://user1.corpX.un/]] | * [[http://user1.corpX.un/]] | ||
+ | |||
+ | ==== Debian/Ubuntu ==== | ||
+ | |||
+ | <code> | ||
+ | root@server:~# cat /etc/apache2/sites-available/mail.conf | ||
+ | </code><code> | ||
+ | <VirtualHost *:80> | ||
+ | ServerName mail.corpX.un | ||
+ | # ServerAlias www.mail.corpX.un | ||
+ | DocumentRoot /var/lib/roundcube | ||
+ | </VirtualHost> | ||
+ | </code><code> | ||
+ | root@server:~# a2ensite mail | ||
+ | |||
+ | root@server:~# apachectl -t | ||
+ | </code> | ||
+ | |||
+ | <code> | ||
+ | root@server:~# cat /etc/apache2/sites-available/user1.conf | ||
+ | </code><code> | ||
+ | <VirtualHost *:80> | ||
+ | ServerName user1.corpX.un | ||
+ | # ServerAlias www.user1.corpX.un | ||
+ | DocumentRoot /home/user1/public_html | ||
+ | </VirtualHost> | ||
+ | </code><code> | ||
+ | root@server:~# a2ensite user1 | ||
+ | |||
+ | root@server:~# apachectl -t | ||
+ | </code> | ||
==== FreeBSD ==== | ==== FreeBSD ==== | ||
Line 247: | Line 277: | ||
... | ... | ||
</code> | </code> | ||
- | |||
- | ==== Debian/Ubuntu ==== | ||
- | <code> | ||
- | root@server:~# cat /etc/apache2/sites-available/user1.conf | ||
- | </code><code> | ||
- | <VirtualHost *:80> | ||
- | ServerName user1.corpX.un | ||
- | # ServerAlias www.user1.corpX.un | ||
- | DocumentRoot /home/user1/public_html | ||
- | </VirtualHost> | ||
- | </code><code> | ||
- | root@server:~# a2ensite user1 | ||
- | </code> | ||
- | |||
===== Использование директивы Redirect ===== | ===== Использование директивы Redirect ===== | ||
Line 268: | Line 284: | ||
==== Debian/Ubuntu ==== | ==== Debian/Ubuntu ==== | ||
<code> | <code> | ||
- | root@lan:~# cat /etc/apache2/sites-available/default | + | root@lan:~# cat /etc/apache2/sites-available/000-default.conf |
</code><code> | </code><code> | ||
#... | #... | ||
- | Redirect permanent / https://lan.corpX.un/ | + | Redirect permanent / https://www.corpX.un/ |
#... | #... | ||
</code> | </code> | ||
Line 523: | Line 539: | ||
===== Поддержка протокола HTTPS ===== | ===== Поддержка протокола HTTPS ===== | ||
+ | * [[Letsencrypt Certbot]] | ||
+ | * [[https://stackoverflow.com/questions/31370454/sslcertificatechainfile-is-obsolete|SSLCertificateChainFile is now obsolete, and any intermediate certificates are supposed to be included in the server certificate file]] | ||
+ | ==== Debian/Ubuntu ==== | ||
+ | <code> | ||
+ | # a2enmod ssl | ||
+ | |||
+ | # cat /etc/apache2/sites-available/default-ssl* | ||
+ | </code><code> | ||
+ | ... | ||
+ | SSLCertificateFile /root/www.crt | ||
+ | SSLCertificateKeyFile /root/www.key | ||
+ | ... | ||
+ | # SSLProtocol All -SSLv2 -SSLv3 | ||
+ | ... | ||
+ | </code><code> | ||
+ | # a2ensite default-ssl | ||
+ | |||
+ | # service apache2 restart | ||
+ | </code> | ||
+ | |||
+ | ==== Редирект HTTP на HTTPS ==== | ||
+ | <code> | ||
+ | # a2enmod rewrite | ||
+ | |||
+ | # cat /etc/apache2/sites-available/000-default.conf | ||
+ | </code><code> | ||
+ | <VirtualHost *:80> | ||
+ | ... | ||
+ | RewriteEngine On | ||
+ | RewriteCond %{HTTPS} off | ||
+ | RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} | ||
+ | ... | ||
+ | </code><code> | ||
+ | # service apache2 restart | ||
+ | </code> | ||
==== FreeBSD ==== | ==== FreeBSD ==== | ||
<code> | <code> | ||
Line 549: | Line 600: | ||
</code> | </code> | ||
- | ==== Debian/Ubuntu ==== | ||
- | <code> | ||
- | # a2enmod ssl | ||
- | # cat /etc/apache2/sites-available/default-ssl* | ||
- | </code><code> | ||
- | ... | ||
- | SSLCertificateFile /root/www.crt | ||
- | SSLCertificateKeyFile /root/www.key | ||
- | ... | ||
- | # SSLProtocol All -SSLv2 -SSLv3 | ||
- | ... | ||
- | </code><code> | ||
- | # a2ensite default-ssl | ||
- | |||
- | # service apache2 restart | ||
- | </code> | ||
===== Управление доступом к HTTP серверу ===== | ===== Управление доступом к HTTP серверу ===== | ||
Line 580: | Line 615: | ||
... | ... | ||
<Directory /var/www/html> | <Directory /var/www/html> | ||
- | Order Deny,Allow | + | #Order Deny,Allow |
- | Deny from all | + | #Deny from all |
- | Allow from 192.168.X.0/24 | + | #Allow from 192.168.X.0/24 |
- | Allow from 127.0.0.1 | + | #Allow from 127.0.0.1 |
+ | Require ip 127.0.0.1 192.168.X.0/24 | ||
</Directory> | </Directory> | ||
Line 632: | Line 668: | ||
</code><code> | </code><code> | ||
... | ... | ||
- | <Directory /var/www/html/asterisk> | + | <Directory /var/www/html/phoneconf> |
# AllowOverride AuthConfig | # AllowOverride AuthConfig | ||
Line 779: | Line 815: | ||
[[http://grolmsnet.de/kerbtut/firefox.html]] | [[http://grolmsnet.de/kerbtut/firefox.html]] | ||
+ | |||
+ | ==== Управление доступом к HTTP серверу с использованием OpenID аутентификации ==== | ||
+ | |||
+ | * [[https://github.com/zmartzone/mod_auth_openidc/wiki/GitLab-OAuth2]] | ||
+ | * [[Инструмент GitLab#Сервер OpenID]] из GitLab | ||
+ | * [[Сервис Keycloak]] | ||
+ | |||
+ | * [[https://www.janua.fr/using-apache2-mod_auth_openidc-module-with-keycloak-openid-connect/|Using apache2 mod_auth_openidc module with Keycloak (OpenID Connect)]] | ||
+ | |||
+ | <code> | ||
+ | gate# apt install libapache2-mod-auth-openidc | ||
+ | </code><code> | ||
+ | # cat /etc/apache2/conf-available/serve-cgi-bin.conf | ||
+ | </code><code> | ||
+ | ... | ||
+ | <IfDefine ENABLE_USR_LIB_CGI_BIN> | ||
+ | |||
+ | ## GitLab | ||
+ | OIDCSSLValidateServer Off | ||
+ | OIDCProviderMetadataURL https://server.corpX.un/.well-known/openid-configuration | ||
+ | OIDCRedirectURI http://gate.corpX.un/cgi-bin/test-cgi | ||
+ | OIDCClientID e...............................................4 #Application ID | ||
+ | OIDCClientSecret 7.................................................4 #Secret | ||
+ | OIDCCryptoPassphrase anystring | ||
+ | |||
+ | ## Keycloak | ||
+ | OIDCSSLValidateServer Off | ||
+ | OIDCProviderMetadataURL https://keycloak.corpX.un/realms/corpX/.well-known/openid-configuration | ||
+ | OIDCRedirectURI http://gate.corpX.un/cgi-bin/test-cgi | ||
+ | #OIDCClientID test-cgi | ||
+ | OIDCClientID any-client | ||
+ | OIDCCryptoPassphrase anystring | ||
+ | ... | ||
+ | #Require all granted | ||
+ | AuthType openid-connect | ||
+ | Require valid-user | ||
+ | ... | ||
+ | </code><code> | ||
+ | # a2enmod auth_openidc | ||
+ | </code><code> | ||
+ | Проверка: http://gate.corpX.un/cgi-bin/test-cgi/ !!! Последний / обязательно !!! | ||
+ | </code> | ||
===== Протокол WebDAV ===== | ===== Протокол WebDAV ===== | ||
Line 813: | Line 891: | ||
===== NGINX ===== | ===== NGINX ===== | ||
- | * [[https://mail.bmstu.ru:9100/~val@bmstu.ru/Mastering%20NGINX%20RUS.pdf]] | + | * [[https://mail.bmstu.ru:9100/~val/Mastering%20NGINX%20RUS.pdf]] |
+ | * [[https://blog.sefdar.ru/nginx-%D0%BF%D0%B5%D1%80%D0%B5%D0%BD%D0%B0%D0%BF%D1%80%D0%B0%D0%B2%D0%BB%D0%B5%D0%BD%D0%B8%D1%8F-proxy_redirect-%D0%B8-redirect/|NGINX перенаправления proxy_redirect и redirect]] | ||
+ | |||
+ | <code> | ||
+ | gate# apt install nginx | ||
+ | </code> | ||
+ | ==== Прокси "красивого" URL в приложение (пример 1) ==== | ||
+ | <code> | ||
+ | gate# cat /etc/nginx/sites-available/user1 | ||
+ | </code><code> | ||
+ | server { | ||
+ | listen 80; | ||
+ | server_name server.corpX.un corpX.un; | ||
+ | location / { | ||
+ | proxy_pass http://server.corpX.un/~user1/; | ||
+ | } | ||
+ | } | ||
+ | </code> | ||
+ | === Подключение, тестирование, применение и мониторинг конфигурации === | ||
+ | <code> | ||
+ | # ln -s /etc/nginx/sites-available/user1 /etc/nginx/sites-enabled/user1 | ||
+ | |||
+ | # service nginx configtest | ||
+ | # tail /var/log/nginx/error.log | ||
+ | или | ||
+ | # nginx -t #-c /etc/nginx/nginx.conf | ||
+ | или | ||
+ | # nginx -T | ||
+ | |||
+ | # service nginx restart | ||
+ | |||
+ | # tail -f /var/log/nginx/access.log -f /var/log/nginx/error.log | ||
+ | </code><code> | ||
+ | gate.isp.un$ wget -O - -q http://server.corpX.un | ||
+ | </code> | ||
+ | |||
+ | ==== Прокси с балансировкой (пример 2) ==== | ||
+ | |||
+ | <code> | ||
+ | # cat /etc/nginx/sites-available/myapp1 | ||
+ | </code><code> | ||
+ | upstream myapp1 { | ||
+ | server server.corpX.un; | ||
+ | server server2.corpX.un; | ||
+ | } | ||
+ | |||
+ | server { | ||
+ | listen 80; | ||
+ | server_name server.corpX.un corpX.un; | ||
+ | |||
+ | location / { | ||
+ | proxy_pass http://myapp1; | ||
+ | } | ||
+ | } | ||
+ | </code> | ||
+ | |||
+ | * [[#Подключение, тестирование, применение и мониторинг конфигурации]] | ||
+ | |||
+ | ==== Прокси "красивого" URL в приложение (пример 3) ==== | ||
+ | |||
+ | <code> | ||
+ | # host mail | ||
+ | # host webd | ||
+ | # host www | ||
+ | # host autoconfig | ||
+ | # host corpX.un | ||
+ | |||
+ | ... has address 192.168.X.10 | ||
+ | |||
+ | root@server# cat /var/opt/gitlab/nginx/conf/corpX.conf | ||
+ | </code><code> | ||
+ | server { | ||
+ | listen 80; | ||
+ | server_name webd.corpX.un; | ||
+ | |||
+ | location / { | ||
+ | proxy_pass http://192.168.49.2:30111/; | ||
+ | } | ||
+ | } | ||
+ | server { | ||
+ | listen 80; | ||
+ | server_name mail.corpX.un; | ||
+ | return 301 http://server.corpX.un:81/mail; | ||
+ | # return 301 http://gate.corpX.un:81/mail; | ||
+ | } | ||
+ | server { | ||
+ | listen 80; | ||
+ | server_name corpX.un www.corpX.un; | ||
+ | |||
+ | location / { | ||
+ | proxy_pass http://server.corpX.un:81/; | ||
+ | } | ||
+ | } | ||
+ | # server { | ||
+ | # listen 80; | ||
+ | # server_name autoconfig.corpX.un; | ||
+ | # location / { | ||
+ | # proxy_pass http://gate.corpX.un:81/; | ||
+ | # } | ||
+ | # } | ||
+ | </code><code> | ||
+ | # cat /etc/gitlab/gitlab.rb | ||
+ | </code><code> | ||
+ | ... | ||
+ | nginx['custom_nginx_config'] = "include /var/opt/gitlab/nginx/conf/corpX.conf;" | ||
+ | ... | ||
+ | </code> | ||
+ | * [[Инструмент GitLab#Проверка конфигурации и перезапуск]] | ||
+ | <code> | ||
+ | root@server# less /var/opt/gitlab/nginx/conf/nginx.conf | ||
+ | </code><code> | ||
+ | ... | ||
+ | include /var/opt/gitlab/nginx/conf/corpX.conf; | ||
+ | } | ||
+ | </code><code> | ||
+ | root@server# /opt/gitlab/embedded/sbin/nginx -p /var/opt/gitlab/nginx -t | ||
+ | </code><code> | ||
+ | root@server# gitlab-ctl restart nginx | ||
+ | </code> |