Ссылки
https://casaos.zimaspace.com/ https://github.com/IceWhaleTech/CasaOS
Установка:
0. Обновляем source.list и ставим пакеты # debian12 vim /etc/apt/sources.list ------------------------- deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware deb http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware deb http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware deb-src http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware ------------------------- apt update apt install sudo vim curl qemu-kvm libvirt-daemon-system ovmf virtinst openvswitch-switch bridge-utils rsync openssl 1. Создаем юзера adduser user1 usermod -aG sudo user1 2. Редактируем судоерс, находим блок и редактируем его добавив "user1 ALL=(ALL:ALL) NOPASSWD: ALL" visudo ------ # User privilege specification root ALL=(ALL:ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL user1 ALL=(ALL:ALL) NOPASSWD: ALL ------ 3. Ставим casaos под пользователем user1 su user1 curl -fsSL https://get.casaos.io | sudo bash
https to http proxy / используем само подписанный сертификат
0. Ставим nginx apt install nginx Остановим его пока что systemctl stop nginx 1. Генерируем сертификаты, увеличиваем кол-во дней жизни сертификата На все вопросы жмем Enter #openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt openssl req -x509 -nodes -days 10000 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt Генерируем ДХ openssl dhparam -out /etc/nginx/dhparam.pem 4096 2. Приводим конфиг примерно к такому виду vim /etc/nginx/sites-available/default -------------------------------------- # Default server configuration server { listen 555 default_server; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } } #ssl_protocols TLSv1.2; #ssl_prefer_server_ciphers on; ssl_dhparam /etc/nginx/dhparam.pem; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; # Requires nginx >= 1.5.9 ssl_stapling off; # Requires nginx >= 1.3.7 ssl_stapling_verify on; # Requires nginx => 1.3.7 resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; # Disable strict transport security for now. You can uncomment the following # line if you understand the implications. # add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; server { listen 443 ssl; #server_name casaos.b14esh.com; server_name 192.168.15.100; ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; location / { proxy_pass http://192.168.15.100:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 10082 ssl; #server_name b14esh.com; server_name 192.168.15.100; client_max_body_size 32G; client_body_timeout 300s; fastcgi_buffers 64 4K; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; location / { proxy_pass http://192.168.15.100:10081; } } root@hsrv0:/DATA/AppData/nextcloud/var/www/html# vim /etc/nginx/sites-available/default root@hsrv0:/DATA/AppData/nextcloud/var/www/html# systemctl stop nginx root@hsrv0:/DATA/AppData/nextcloud/var/www/html# systemctl start nginx root@hsrv0:/DATA/AppData/nextcloud/var/www/html# cat /etc/nginx/sites-available/default # Default server configuration server { listen 555 default_server; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } } #ssl_protocols TLSv1.2; #ssl_prefer_server_ciphers on; ssl_dhparam /etc/nginx/dhparam.pem; ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 ssl_session_timeout 10m; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; # Requires nginx >= 1.5.9 ssl_stapling off; # Requires nginx >= 1.3.7 ssl_stapling_verify on; # Requires nginx => 1.3.7 resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; # Disable strict transport security for now. You can uncomment the following # line if you understand the implications. # add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; server { listen 443 ssl; #server_name casaos.b14esh.com; server_name 192.168.15.100; ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; location / { proxy_pass http://192.168.15.100:8080; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } server { listen 10082 ssl; #server_name b14esh.com; server_name 192.168.15.100; client_max_body_size 32G; client_body_timeout 300s; fastcgi_buffers 64 4K; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt; ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key; location / { proxy_pass http://192.168.15.100:10081; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } -------------------------------------- Запускаем nginx systemctl start nginx
Дополнительные пакеты для casaos
https://github.com/WisdomSky/CasaOS-Coolstore