Рубрики
*NIX информация

casaos

Ссылки

https://casaos.zimaspace.com/
https://github.com/IceWhaleTech/CasaOS

Установка:

0. Обновляем source.list и  ставим пакеты

# debian12
vim /etc/apt/sources.list 
-------------------------
deb http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian bookworm main contrib non-free non-free-firmware

deb http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian-security/ bookworm-security main contrib non-free non-free-firmware

deb http://deb.debian.org/debian bookworm-updates main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian bookworm-updates main contrib  non-free non-free-firmware

deb http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
deb-src http://deb.debian.org/debian bookworm-backports main contrib non-free non-free-firmware
-------------------------

apt update
apt install sudo vim curl  qemu-kvm libvirt-daemon-system ovmf  virtinst openvswitch-switch bridge-utils  rsync openssl






1. Создаем юзера
adduser user1
usermod -aG sudo user1

2. Редактируем судоерс, находим блок и редактируем его добавив "user1  ALL=(ALL:ALL) NOPASSWD: ALL"
visudo 
------
# User privilege specification
root    ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL
user1  ALL=(ALL:ALL) NOPASSWD: ALL
------

3. Ставим casaos под пользователем user1 
su user1
curl -fsSL https://get.casaos.io | sudo bash

https to http proxy / используем само подписанный сертификат

0. Ставим nginx
apt install nginx
Остановим его пока что 
systemctl stop nginx

1. Генерируем сертификаты, увеличиваем кол-во дней жизни сертификата
На все вопросы жмем Enter 
#openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
openssl req -x509 -nodes -days 10000 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt

Генерируем ДХ
openssl dhparam -out /etc/nginx/dhparam.pem 4096

2. Приводим конфиг примерно к такому виду
vim /etc/nginx/sites-available/default
--------------------------------------
# Default server configuration
server {
        listen 555 default_server;
        root /var/www/html;
        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }
}

#ssl_protocols TLSv1.2;
#ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout  10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling off; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable strict transport security for now. You can uncomment the following
# line if you understand the implications.
# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";


server {
  listen 443 ssl;
  #server_name casaos.b14esh.com;
  server_name 192.168.15.100;

  ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
  ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

  location / {
    proxy_pass http://192.168.15.100:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}


server {
        listen 10082 ssl;
        #server_name b14esh.com;
        server_name 192.168.15.100;

        client_max_body_size 32G;
        client_body_timeout 300s;
        fastcgi_buffers 64 4K;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

        ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
        ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

        location / {
        proxy_pass http://192.168.15.100:10081;
        }
}
root@hsrv0:/DATA/AppData/nextcloud/var/www/html# vim /etc/nginx/sites-available/default
root@hsrv0:/DATA/AppData/nextcloud/var/www/html# systemctl stop  nginx
root@hsrv0:/DATA/AppData/nextcloud/var/www/html# systemctl start  nginx
root@hsrv0:/DATA/AppData/nextcloud/var/www/html# cat  /etc/nginx/sites-available/default
# Default server configuration
server {
        listen 555 default_server;
        root /var/www/html;
        index index.html index.htm index.nginx-debian.html;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }
}

#ssl_protocols TLSv1.2;
#ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout  10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling off; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable strict transport security for now. You can uncomment the following
# line if you understand the implications.
# add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";


server {
  listen 443 ssl;
  #server_name casaos.b14esh.com;
  server_name 192.168.15.100;

  ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
  ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

  location / {
    proxy_pass http://192.168.15.100:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}


server {
        listen 10082 ssl;
        #server_name b14esh.com;
        server_name 192.168.15.100;

        client_max_body_size 32G;
        client_body_timeout 300s;
        fastcgi_buffers 64 4K;
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

        ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
        ssl_certificate_key /etc/ssl/private/nginx-selfsigned.key;

        location / {
        proxy_pass http://192.168.15.100:10081;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        }
}

--------------------------------------

Запускаем nginx 
systemctl start nginx

Дополнительные пакеты для casaos

https://github.com/WisdomSky/CasaOS-Coolstore