Ссылки
1 2 |
https://casaos.zimaspace.com/ https://github.com/IceWhaleTech/CasaOS |
Установка:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
0. Обновляем source.list и ставим пакеты # debian12 vim /etc/apt/sources.list ------------------------- deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware deb http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware deb http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware ------------------------- apt update apt install sudo vim curl qemu-kvm libvirt-daemon-system ovmf virtinst openvswitch-switch bridge-utils rsync openssl 1. Создаем юзера adduser user1 usermod -aG sudo user1 2. Редактируем судоерс, находим блок и редактируем его добавив "user1 ALL=(ALL:ALL) NOPASSWD: ALL" visudo ------ # User privilege specification root ALL=(ALL:ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL user1 ALL=(ALL:ALL) NOPASSWD: ALL ------ 3. Ставим casaos под пользователем user1 su user1 curl -fsSL https://get.casaos.io | sudo bash |
https to http proxy / используем само подписанный сертификат
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 |
0. Ставим nginx apt install nginx Остановим его пока что systemctl stop nginx 1. Генерируем сертификаты, увеличиваем кол-во дней жизни сертификата На все вопросы жмем Enter #openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt openssl req -x509 -nodes -days 10000 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt Генерируем ДХ openssl dhparam -out /etc/nginx/dhparam.pem 4096 2. Приводим конфиг примерно к такому виду vim /etc/nginx/sites-available/default -------------------------------------- # Default server configuration server { listen 555 default_server; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } } #ssl_protocols TLSv1.2; #ssl_prefer_server_ciphers on; ssl_dhparam /etc/nginx/dhparam.pem; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; # Requires nginx >= 1.5.9 ssl_stapling off; # Requires nginx >= 1.3.7 ssl_stapling_verify on; # Requires nginx => 1.3.7 resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; # Disable strict transport security for now. You can uncomment the following # line if you understand the implications. # add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; server { listen 443 ssl; #server_name casaos.b14esh.com; server_name 192.168.15.100; ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; location / { proxy_pass http://192.168.15.100:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 10082 ssl; #server_name b14esh.com; server_name 192.168.15.100; client_max_body_size 32G; client_body_timeout 300s; fastcgi_buffers 64 4K; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; location / { proxy_pass http://192.168.15.100:10081; } } root@hsrv0:/DATA/AppData/nextcloud/var/www/html# vim /etc/nginx/sites-available/default root@hsrv0:/DATA/AppData/nextcloud/var/www/html# systemctl stop nginx root@hsrv0:/DATA/AppData/nextcloud/var/www/html# systemctl start nginx root@hsrv0:/DATA/AppData/nextcloud/var/www/html# cat /etc/nginx/sites-available/default # Default server configuration server { listen 555 default_server; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } } #ssl_protocols TLSv1.2; #ssl_prefer_server_ciphers on; ssl_dhparam /etc/nginx/dhparam.pem; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; # Requires nginx >= 1.5.9 ssl_stapling off; # Requires nginx >= 1.3.7 ssl_stapling_verify on; # Requires nginx => 1.3.7 resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; # Disable strict transport security for now. You can uncomment the following # line if you understand the implications. # add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; server { listen 443 ssl; #server_name casaos.b14esh.com; server_name 192.168.15.100; ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; location / { proxy_pass http://192.168.15.100:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 10082 ssl; #server_name b14esh.com; server_name 192.168.15.100; client_max_body_size 32G; client_body_timeout 300s; fastcgi_buffers 64 4K; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; location / { proxy_pass http://192.168.15.100:10081; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } -------------------------------------- Запускаем nginx systemctl start nginx |
Дополнительные пакеты для casaos
1 |
https://github.com/WisdomSky/CasaOS-Coolstore |